MIS 460 FINAL EXAM STUDY GUIDE

Exam 1:

Be able to match the OSI layer number with its name. Describe the function of each of
the 7 layers and what devices operate at each layer, if any.

Understand what data are called at each layer of the OSI model.

All People Seem To Need Data Processing

- Application
- Presentation
- Session
- Transport - Segments
- Network - Packets
- Data Link - Frames
- Physical - Bits

Some (Daft) People Fear Birthdays

- Segment
- Datagram
- Packet
- Frame
- Bits

Understand differences between switches, routers, and hubs, and indicate the layer at
which they operate and why.

- Switch: connect computers == in the data link layer == bc they utilize MAC addresses in
network cards to communicate
- Routers: connect networks == in the Networking layer == because they use packets
- Hub operates at physical layer == only understands binary

Be able to explain, at a high level, how DNS works.

- Domain Name Server – resolves IP to hostname.

o Ipconfig /displaydns

Understand IP address attributes (subnet mask, default gateway, internal/private vs.

external/public).

Differentiate switch, hub, router, firewall.

Explain what ipconfig, tracert, nslookup, and ping do.

- ipconfig: Displays the IP configuration details of the network interfaces on a computer,

including IP address, subnet mask, and gateway.
- tracert: Traces the route packets take from your computer to a destination host,
showing each hop along the way.
- nslookup: Queries DNS servers to retrieve the IP address or domain name associated
with a given hostname.
- ping: Sends ICMP Echo Request packets to a target host to check network connectivity
and measure round-trip time

Compare and contrast UDP and TCP.

Identify the localhost (IPv4 and IPv6).

Advantages and disadvantages of IPv4 and IPv6.

- The primary advantage of IPv6 compared to IPv4 is support for more IP addresses

Be able to identify the masking portion of a subnet (both decimal and binary).

Identify a subnet mask (in decimal and in binary).

Identify the host ID and network ID portion of an IP address given its subnet mask.

-
Be able to identify IPv4 address classes and their default subnet masks.

Differentiate a managed from an unmanaged switch.

At a high level, explain the TCP handshake.

Be able to explain a port, identify the common port numbers used (not the huge list), and
the protocols that use those ports.

Common port numbers and what services typically use them.

- Port 80/443 – HTTP/HTTPS

- Port 53 – DNS
- Port 20, 21 – FTP
- Port 110 - POP3
- Port 3389 – RDP
- Port 23 - Telnet
 - Port 143 – IMAP
- Port 25 – SMTP

Differentiate well‐known ports, registered ports, and dynamic/private ports.

Explain the difference between inbound ports and outbound ports.

Describe the function and purpose of a DHCP server.

Differentiate bits from bytes.

Describe and explain the purpose of a MAC address.

What is the purpose of a firewall? At a high level, how do they work?

Identify and explain the types of malware.

Be able to explain the difference between UDP and TCP, including the data terms for each.

Understand CIAAAN (Confidentiality, Integrity, Availability, Authenticity,

Accountability, and Non-repudiation).

- Confidentiality: Information kept private and secure

- Integrity: data not modified, deleted, or added
- Availability: making sure that the data is accessible to the people that are
authorized
- Authenticity: making sure that the people and systems are who they say they are
- Accountability: making sure that what actions are performed by who
- Non-repudiation: assuring the identities of the parties in a transaction

Be able to explain types of cyber threats and cyber groups.

Understand how to assess risk.

Describe and explain NAT, why it’s useful and how it works.

Describe ARP and its purpose.

Exam 2:

How hashing differs from encryption.

- Hashing is a one way process that is nonreversible and is used for secure
storage of data or passwords
- Encryption: Is a way of encrypting plain text that can then be reversed to the
original message, used for transferring credit card info or communication
Backups - Full, Differential, and Incremental

- Full Backup – All files irrespective of changes

- Differential – All changes since last full Backup
- Incremental Backup – All changes since the last backup occurred

Understand how SYN attacks work.

- An Attacker sends a SYN Request and the server responds with a SYN-ACK. The
Attacker never sends their ACK. This is a Ddos attack as the attacker sends so
many unclosed SYN that the server becomes exhausted and can not operate.

Explain what a DMZ is and its purpose.

- Demilitarized zone is an area behind one firewall but with more firewalls behind
it so it has some protection but not as much. You do not want FTP HTTP inside
your company but in the DMZ area

Describe the Fraud Triangle.

- Pressure – Finances, Personal, Work related

- Opportunity – High level in the org or lack of internal controls
- Rationalize – Justify or validate your reason

Describe dictionary attacks

- Attackers attempt to crack passwords or encryption keys by systematically

attempting all possible matches from a precompiled list of likely values, such as
common words, phrases, or passwords.

Physical access: mantraps, keycard access, biometrics

- Mantrap: is an entry to a building where two or more locking doors are present it
acts as a buffer for between an untrusted area and a trusted area.
- Key card Access: Requirement of an electronic card system to allow entry into
an area. Tracks who enters a building and only one person present at a time.
- Biometrics: Use a unique physical characteristic to verify identity. Highly secure
but a more capital intensive security.

Differentiate job rotation from separation of duties

- Job Rotation: Having other employees be able to and take over the role of a
fellow employee for a period of time. Creates security that company is not
dependent on any one employee and creates accountability
 - Separation of Duties: Requiring multiple employees to be involved in the process
of one action like writing a check.

Describe open relay servers (email)

Type I/II Errors, FRR and FAR

1. Type I (False rejection rate): a legitimate user is incorrectly denied access

2. Type II (False acceptance rate): an unauthorized user is incorrectly granted access

• Symmetric vs Asymmetric algorithms (why use one vs. the other, how they
differ)
o symmetric - uses the same key for encryption and decryption; faster but
more risk
o asymmetric - public key for encryption and public key for decryption; slower
but better security
• How to mitigate SQL injection attacks
o input validation: sanitizing user inputs to remove malicious code:
parameterized queries: using placeholders to separate data from commands
o least privilege: limiting database user accounts to only the necessary
permissions
• How to use the Vigenere cipher
• Describe the importance of the port ranges and how they are typically used
o Below 1024 - essential network functions
o 1024-49151 - registered (loosely) ports.
o 49152-65535 - cannot be registered and are generally designated for private
use
• Differentiate MTTF from MTBF from MTTR
o 1. Mean Time To Failure: average time before a non-repairable device fails:
Hard Drive Disk
o 2. Mean Time Between Failures: average time between failures of a
repairable device: phone battery
o 3. Mean Time To Recover/Repair: average time take to restore or replace a
failed system: average time for a screen repair is 1 hour
• Differentiate IDS’s from IPS’s
o Intrusion Detection System: passively monitors network traffic for suspicious
activity, alerting administrators
o Intrusion Prevention System: actively monitors traffic and takes action to
block or mitigate threats in real-time
 • Describe when to use MTTF vs MTBF
o MTBF when items can be repaired, MTTF when items cannot be repaired
• Differentiate RTO from RPO 1. Recovery Time Objective - Maximum amount of
time allowed to restore a system after an outage 2. Recovery Point Objective:
point and time where data loss is acceptable (how far back is your backup
required to be)

• Understand how to calculate MTTR (what are the components that comprise
MTTR) Something you have, something you are,
o MTTR: detection + diagnosis + repair + verification
o MTTR = Total Downtime / Number of Incidents

transpositional vs. substitutionary ciphers vs. code

- Transpositional: rearranges the character or bits of the plaintext without altering

them and the focuses on the order
- Substitutionary: Replaces a character with a new character based on a
predefined substitution rule.
- Code: substitutes entire words or phrases with predetermined representation
rather than encrypting individual character or bits.

Purpose of the enigma machine

- A machine used in world war 2 to encrypt and decrypt messages. Had multiple
rotors with 26 positions and a plugboard that allowed for swapping individual
letters. Used to Encrypts messages by Germany in WW2
• Identify hashes

• Describe the different types of scans

o Reconnaissance Scanning – Hacker trying to get info on a target before
attempting the attack
o Passive Scanning – Checking websites, discussion boards old job postings,
social media, etc.
o Active Scanning:
▪ Port Scanning: Attempting to contact each network port on a target
system to see which ones are open
▪ Ping Scanning: Send a single ICMP echo request from the source to
the destination device. A response from an active device return an
echo reply
▪ Connect Scan: Fully connect to the target Ip address and port (does a
complete TCP Handshake. Most reliable but will be detected
▪ Syn Scan: Sends a syn request to the target to gather info about open
ports without TCP handshake occurring
• Require Root
• Open – SYN/ACK was received
• Closed – RST packet received (reset)
• Filtered – no response or ICMP unreachable because of
firewall
▪ Fin Scan – Sends a FIN packet to a target
• If the port is open no response if it is closed a RST is received
 o Can bypass firewall detection
• Calculate risk using EF, AV SLE, ALE, etc.
o Not Hard
• Identify symmetric key systems

• Describe a countermeasure and its costs

• Purpose and high-level understanding of HIDS (host intrusion detection
systems) understand at a very high level where these apply: HIPAA, PCI-DSS,
FERPA, Sarbanes-Oxley, GDPR
o HIDS: monitor and analyze activities on individual devices like servers or
work stations to detect malicious activity or potential security breaches and
notify administrators.
o HIPPA – Law requiring Medical records of individual people be very private
o PCI-DSS – Credit card payment information standard for all vendors
o FERPA – Law requiring education info can not be publicly shared
o Sarbanes Oxley – Law requiring Financial transparency and accountability in
publicly traded companies
o GDPR – EU personnel data protection Laws
• CVEs - what are they and how are they useful to cybersecurity professionals
- Common Vulnerabilities and Exposures: Identifier for publicly known cyber risk
professionals can be more aware of the risk that exists.
• Public and private key infrastructure as it relates to digital signatures and encryption
o Public Key can be shared with anyone and is used to encrypt data or verify
a signature
▪ Asymmetric encryption – Message is encrypted with a public key
and then must be decrypted with a private key
 o Private Key: Kept secret by the owner it is used to decrypt data that may
have been encrypted with same key.
▪ Value really lies in making sure the key is kept secret

Firewall Rules

- Decides if the traffic coming in is either unacceptable or unacceptable

Firewall Throughput

- The maximum amount of data a fire wall can handle at a time. Firewalls must be
able to handle a lot of data so there are no significant latency issues.

Software vs. Hardware Firewalls

Software: Installed on an individual device, is cheaper, Dependent on the Host

System resources, Protects the individual device, suitable for small scale

Hardware: A standalone physical device, more expensive, Dedicated Hardware no

dependency, Protects an entire network, Better suited for Enterprise environments.

Use of two firewalls in a single network

- Provides a DMZ where you can isolate the public facing servers behind one wall
but an internal system protected by a second fire wall

Firewall VPN support

- Secure remote connections by encrypting traffic between remote users and the
network.
- Site-to-Site VPN: Secures communication between two networks.
- Client-to-Site VPN: Allows remote users to connect securely to the network

Firewall Rules and how they're applied

Firewall Direction of traffic (egress, ingress)

- Ingress: Traffic entering; rules applied protect the internal from the external
- Egress: Traffic leaving the network; rules applied to prevent the internal from
accessing dangerous external content

Firewall Black holing

- The firewall drops traffic from a specific IP address or ranges without responding
effectively making the source disappear to the attacker
 - Prevents a DDoS attack by dropping malicious traffic
- It directs traffic to a null orute or unreachable destination.

Exam 3:

• Describe a rainbow table.

• A precomputed table for reversing hashed passwords. It maps common
passwords to their hash values so hackers can attempt to avoid brute
force.
• This is mitigated by salting
• Explain the purpose and operation of Metasploit.
• Is a software that can be used for penetration testing and exploiting
vulnerabilities in a system; It offers a large database of known exploits and
payloads. The user selects a target finds a vulnerability and uses the correct
payload to get that exploit.
• Describe the purpose of each of the tools used in our labs.
• Fucked
• Describe the principle of least permission
• A User, System, Application should have the least amount of access
possible to perform their necessary function. This reduces risk of accidental
or malicious misuse of permissions.
• Differentiate white, gray, and black box testing
• White Box – The tester has full knowledge of the systems internal workings
• Gray Box – The tester has partial knowledge typically a mox of internal and
user level knowledge
• Black Box – The tester has no knowledge of internal systems and test is
solely from and external level
• Understand what is meant by an “attack surface” and how to mitigate it
• Attack Surface – Sum of all points where an unauthorized user can try to enter
or extract data from: hardware, software, API
• Mitigation strategies include: Access controls, Thorough Security Testing,
Minimizing unnecessary features and services
• Describe the purpose of separation of duties
• Ensures that critical task are divided among multiple individuals to prevent
fraud errors and misuse of power. Helps act as a buffer to prevent fraud.
• Given a specific situation, apply the correct tool to accomplish the stated objective
• Fucked
• hahhahhahah
• Understand the purpose and scope of Nessus and Burp Suite.
• Nessus – A vulnerability scanner used to identify security issues in systems,
networks, and applications. It detects misconfigurations, missing patches,
and exploitable vulnerabilities.
• Burp Suite – A tool primarily used for web application security testing. It
helps identify vulnerabilities like SQL injection, XSS, and insecure
 authentication mechanisms. Its features include interception proxies,
vulnerability scanners, and manual testing utilities.
• Differentiate the surface, deep, and dark web
• Surface Web – Everyday things; Yahoo, Google, Reddit, Etc.
• Deep Web – Content or Data that cannot be indexed by conventional search
engines. This can hold Data that feeds the surface Web (Google Scholar data
held here).
• Dark Web – The encrypted network that exists between Tor servers and their
clients
• Understand, at a high level, how the Dark Web works
• Falls under Accountability as you are acting with Anonymity
• It is accessed through Tor using an entry point a middle relay and an exit
relay The points do not communicate to each other so the person is not
known.