Chapter 1: Fundamentals of SecurityExam Objectives✓ Types of attacks✓ Physical security✓ Authentication and authorization✓ Data protectionOne of the m
1048 Understanding Physical Securityroom is a hacker cannot boot off a bootable CD-ROM, which could bypass the OS entirely. After a hacker bypasses th
Book IXChapter 1Fundamentals of Security1049Understanding Physical Security ✦ Secure server placement. Lock your servers in a room for which only a se
1050 Understanding Authentication and Authorization Figure 1-5: A lockdown cable is used to secure computer equipment to a desk. Remembering ways to
Book IXChapter 1Fundamentals of Security1051Understanding Authentication and Authorizationthe user account database — which has a list of the username
1052 Understanding Authentication and Authorizationthe access token or one of the groups contained in the access token are also contained in the permi
Book IXChapter 1Fundamentals of Security1053Understanding Authentication and Authorizationcard reader that is connected to a computer, and then you en
1054 Methods of Securing Transmissions Figure 1-8: Using permissions to authorize which users are allowed to access the resource. In Figure 1-8, you c
Book IXChapter 1Fundamentals of Security1055Methods of Securing TransmissionsMost Internet protocols, such as HTTP, send information in cleartext, and
1056 Do Not Forget about Data Protectionencrypt and decrypt network traffic. Because of the configuration, it is an unlikely solution for a Web site b
Book IXChapter 1Fundamentals of Security1057Do Not Forget about Data ProtectionHard drive destructionDestroying data that resides on a computer hard d
1040 Identifying Types of Attacksdata into the site to manipulate your database server into executing the code that the hacker wants to execute — and
1058 Do Not Forget about Data ProtectionBackup reviewYou can find out more about backups in Book VII, Chapter 3, but for the exam, here are some of th
Book IXChapter 1Fundamentals of Security1059Do Not Forget about Data Protectionduring an incremental backup, because the backup process clears the arc
1060 Do Not Forget about Data Protectionby writing the data at the same time to two different disks, essentially taking less time to read or write to
Book IXChapter 1Fundamentals of Security1061Do Not Forget about Data ProtectionCompliance and classificationPart of securing your computing environmen
1062 Getting an A+ Data classification is assigned to the information based on the value of the information to the organization. Each classification
Fundamentals of SecurityPrep Test 1 What type of attack involves the hacker tricking a user through social contact?A ❍ Password attackB ❍ Eavesdrop
Fundamentals of Security 6 Which of the following are forms of biometrics? (Select all that apply.)A ❑ Fingerprint scanB ❑ Smart cardC ❑ Username
Fundamentals of SecurityAnswers 1 D. Social engineering is a type of hack that involves contacting victims through phone or e-mail and tricking them i
1066Book IX: Securing Systems49_487389-bk09ch01.indd 106649_487389-bk09ch01.indd 1066 9/10/09 11:03 PM9/10/09 11:03 PM
Book IXChapter 1Fundamentals of Security1041Identifying Types of Attacksthat a social engineering attack would be successful if the company does not e
1042 Identifying Types of Attacks ✦ One text file contains the most popular user accounts found on net-works, such as administrator, admin, and root.
Book IXChapter 1Fundamentals of Security1043Identifying Types of Attacks To protect against password attacks, users should use strong passwords, whic
1044 Identifying Types of Attacks 2. All systems that were pinged reply to the modified source address — an unsuspecting victim. 3. The victim’s syste
Book IXChapter 1Fundamentals of Security1045Identifying Types of AttacksMan-in-the-middleA man-in-the-middle attack involves the hacker monitoring net
1046 Identifying Types of Attacks To protect against wireless attacks you should implement encryption proto-cols such as WPA2 and use an authenticatio
Book IXChapter 1Fundamentals of Security1047Understanding Physical Security Figure 1-3: Using NetBus to control a user’s computer. WormA worm is a vir
Commenti su questo manuale