3.0 Implementation Flashcards
1
Q
network communication protocol that enables two computers to communicate (c.f http or hypertext transfer protocol, which is the protocol used to transfer hypertext such as web pages) and share data
And uses port 22
A
SSH Secure Shell
2
Q
A set of specifications for securing electronic mail and a technology that allows you to encrypt your emails. based on asymmetric cryptography to protect your emails from unwanted access.
Now a successor for PEM
A
Secure/Multipurpose Internet Mail Extensions S/MIME
3
Q
The protocol provides encryption, confidentiality, message authentication, and replay protection to your transmitted audio and video traffic
Uses UDP protocol
A
SRTP Secure Real Time Transport Protocol
4
Q
is an open and cross platform protocol used for directory services authentication
uses port 389
A
Lightweight Directory Access Protocol
5
Q
is an open and cross platform protocol used for directory services authentication however its over SSL
uses port 636
A
LDAP Secure
6
Q
standard communication protocol used for the transfer of computer files from a server to a client on a computer
uses port 21 and 20
A
FTP File Transfer Protocol
7
Q
standard communication protocol used for the transfer of computer files from a server to a client or client to server however its add on encryption
Uses port 990
A
FTPS Secure
8
Q
a network protocol for securely accessing, transferring and managing large files and sensitive data and uses ssh
Uses port 22
A
SSH FTP
9
Q
an application-layer protocol for monitoring and managing network devices on a local area network (LAN) or wide area network (WAN)
includes new security features that add support for authentication and encryption of messages as well as protecting packets during transit
Use port 161 and 162
A
simple network management protocol v3
10
Q
What protocol uses port 80?
A
HTTP
11
Q
What protocol uses port 443?
A
HTTPS
12
Q
a group of networking protocols used for setting up secure encrypted connections, such as VPNs, across publicly shared networks
A
IPSec
13
Q
protocol provides data origin authentication, data integrity, and replay protection. However, it does not provide data confidentiality, which means that all of your data is sent in the clear
A
Authentication Header
14
Q
protocol provides data confidentiality, and also optionally provides data origin authentication, data integrity checking, and replay protection
A
ESP encapsulating security payload
15
Q
IPsec mode sets up a secure connection
A
IP Tunnel
16
Q
IPsec Mode only encrypts the data being sent without establishing a secure connection
A
IP Transport mode
17
Q
commonly used message request protocol in the Internet world for transferring messages from an e-mail server to an e-mail client.
uses port 110
A
Post Office Protocol
18
Q
a protocol where email clients to retrieve email messages from a mail server over a TCP/IP connection
uses port 143
A
Internet Message Access Protocol (IMAP)
19
Q
a program designed to detect and remove viruses and other kinds of malicious software from your computer or laptop
A
Anti Virus
20
Q
a type of software program created to protect information technology (IT) systems and individual computers from malicious software
A
anti malware
21
Q
an endpoint security solution that continuously monitors end-user devices to detect and respond to cyber threats like ransomware and malware
A
endpoint detection and response
22
Q
makes sure that users do not send sensitive or critical information outside the corporate network
A
data loss prevention
23
Q
third generation of firewall technology, designed to address advanced security threats at the application level through intelligent, context-aware security features
A
next generation firewall NGFW
24
Q
an approach to security that relies on third-party software tools to identify and prevent malicious activities. prevention systems are typically used to protect endpoint devices
A
Host IPS Intrusion Base Prevention System
25
help organizations to identify threats inside the network perimeter by monitoring host devices for malicious activity that, if left undetected, could lead to serious breaches
Host IDS Intrusion Detection System
26
protects your machine from rootkits and other malware. This type of Boot will check each start up component including the firmware all the way to the boot drivers and it will store this information into the TPM
Measured Boot
27
software integrity measurements are immediately committed to during boot, thus relaxing the traditional requirement for secure storage and reporting.
Boot Attestation
28
attribute is only sent to the server with an encrypted request over the HTTPS protocol
Secure Cookies
29
is a method of computer program debugging that is done by examining the code without executing the program
Static Code Analysis
30
analysis involves running code and examining the outcome, which also entails testing possible execution paths of the code
dynamic code analysis
31
an automated software testing method that injects invalid, malformed, or unexpected inputs into a system to reveal software defects and vulnerabilities
Fuzzing
32
encrypt data as it is written to the disk
Self Encrypting Drives
33
protects the data on your device in the event it is lost or stolen.
Full Disk encryption
34
use full disk hardware encryption technology to secure data stored in them. By encrypting the entire drive, users do not have to worry about their data being accessed if the drive, laptop or mobile device gets stolen or lost
Opal FDE
35
the foundation on which all secure operations of a computing system depend. It contains the keys used for cryptographic functions and enables a secure boot process. It is inherently trusted, and therefore must be secure by design.
Hardware root of trust
36
cryptographic module that enhances computer security and privacy. Protecting data through encryption and decryption, protecting authentication credentials, and proving which software is running on a system are basic functionalities associated with computer security. Feature is.built into the motherboard
trusted platform module
37
a load balancer configuration that distributes their workloads across multiple active servers
Active Active Load Balancer
38
handles the full workload, while a backup server remains on standby, only activating in the event of a failure.
Active Passive Load Balancer
39
specify the manner in which a server load is shared across a server pool
Schedule Load Balancer
40
required to load balance clients requests and to reroute clients in case of failover
Virtual IP Load Balancer
41
boosts performance by configuring a backend server to work efficiently with user requests.
Persistence load balancer
42
the transfer of data packets from server to server within a data center
East-West Traffic
43
provides a secure network for an organization to share information with relevant people outside the organization
Extranet
44
private network contained within an enterprise that is used to securely share company information and computing resources. These can only be accessed by employees only
Intranet
45
a strategic approach to cybersecurity that secures an organization by eliminating implicit trust and continuously validating every stage of a digital interaction
Zero Trust
46
works as an automated service that establishes a connection between the client and the VPN with no user interactions whatsoever
Always on VPN
47
dividing your internet connection between two connections. The public network/open server and the private network. By doing so, enables you to leverage VPN to encrypt confidential data while still having direct access to the internet
spilt Tunnel VPN
48
using your VPN for all your traffic
Full Tunnel VPN
49
VPN connects remote users from any location to a corporate network
Remote VPN
50
VPN connects individual networks to each other
Site to Site VPN
51
communication protocol keeping an internet connection secure and safeguarding any sensitive data that is being sent between two systems
SSL Secure Socket Layer
52
communication protocol keeping an internet connection secure and safeguarding any sensitive data that is being sent between two systems. However the traffic is encrypted and its a successor of SSL
TSL Transport Socket Layer
53
a tunneling protocol used to support virtual private networks (VPNs) or as part of the delivery of services by ISPs
encapsulating the frame inside a User Datagram Protocol (UDP) packet, which in turn is encapsulated inside an IP packet.
layer 2 tunneling protocol
54
performs security checking and authentication on the endpoint device directly, and provides information and assessment results to the NAC server for authentication
NAC Network Access Control Agent
55
are not installed on the clients and are often used to inspect employee-owned mobile devices.
NAC Network Access Control Agentless
56
a solution that provides a secure dedicated alternate access method into an IT network infrastructure to administer connected devices and IT assets without using the corporate LAN
out-of-band management
57
a feature of many managed switches in which the switch intentionally ceases to forward all broadcast traffic if the bandwidth consumed by incoming broadcast frames exceeds a designated threshold
Broadcast Storm Prevention
58
is a data message transmitted across a local area network to detect loops in network topologies. contains information regarding ports, switches, port priority and addresses.
Bridge Protocol Data Unit (BPDU)
59
preventing ports from moving into a forwarding state that would result in a loop opening up in the network
Loop prevention
60
feature ensures that DHCP clients obtain IP addresses only from authorized DHCP servers and this device records mappings between IP addresses and MAC addresses of DHCP clients, preventing DHCP attacks on the network
Dynamic Host Configuration Protocol (DHCP) snooping
61
is a system on a network used to access and manage devices in a separate security zone. This system is secure that you would log into and access another system
Jump server
62
server allows multiple clients to route traffic to an external network. For instance, a business may have a proxy that routes and filters employee traffic to the public Internet
Forward or proxy server
63
sits behind a firewall first and secondly it sits in front of web servers forwards public facing client (e.g. web browser) requests to those web servers
Reverse proxy server
64
detection system is designed to help organisations monitor their cloud, on-premise and hybrid environments for suspicious events that could indicate a compromise. This includes policy violations and port scanning, plus unknown source and destination traffic
network-based intrusion detection system NIDS
65
detection system is designed to help organizations monitor their cloud, on-premise and hybrid environments for suspicious events that could indicate a compromise. This includes policy violations and port scanning, plus unknown source and destination traffic
network-based intrusion detection system NIDS
66
s a network security tool that continuously monitors a network for malicious activity and takes action to prevent it
Network based intrusion prevention system NIPS
67
detection relies on a preprogramed list of known indicators of compromise (IOCs)
Signature Based
68
is a scanning method that looks for malware-like behavior patterns. It is commonly used to detect new or not-yet-known malware
heuristic behavior-detection solution
69
IDSes typically work by taking a baseline of the normal traffic and activity taking place on the network. They can measure the present state of traffic on the network against this baseline in order to detect patterns that are not present in the traffic normally
Anomaly
70
a type of monitoring that is having an IPS off to the side that is receiving information from a switch that is redirecting traffic from other devices on the network. This can be done with a port mirror in the Cisco world that’s called a switch port analyzer or span. Or maybe a physical network tap that’s redirecting that traffic.
Passive Monitoring
71
a type of monitoring that is having the IPS on the network evaluating all traffic that is being sent
Inline monitoring
72
External device that is tamper-resistant hardware devices that secure cryptographic processes by generating, protecting, and managing keys used for encrypting and decrypting data and creating digital signatures and certificates
Hardware Security Module
73
is a piece of code that uses a number of protocols to gather information about your network, such as topology details, configurations, and network statistics
Collector
74
is a device, or service provider, that can consolidate multiple disparate circuits or carrier services into an easy-to-use, easy-to-manage, single circuit.
Network Aggregators
75
protects web applications from a variety of application layer attacks such as cross-site scripting (XSS), SQL injection, and cookie poisoning, among others
Web application Firewall
76
inspect network packets, tracking the state of connections using what is known about the protocols being used in the network connection
Stateful Firewall
77
firewalls do not inspect traffic. firewall also does not examine an entire packet, but instead decides whether the packet satisfies existing security rules. These firewalls require some configuration to arrive at a suitable level of protection
Stateless Firewall
78
an information security term that refers to a single security solution, and usually a single security appliance, that provides multiple security functions at a single point on the network
Unified Threat Management
79
a way to map multiple local private up addresses to a public address one before transferring the information
NAT Network Address Translation
80
the use of a program to screen and/or exclude access to web pages or email deemed objectionable.
content/url filtering firewall
81
a type of firewall that governs traffic to, from, or by an application or service
application firewall
82
firewalls are extra layers of security which can also be used for monitoring and login as well on the client computer
host base firewall
83
is a network security solution designed specifically for environments in which deploying hardware firewalls is difficult or impossible, buts it a virtual components that is being used in public and private cloud environments;
Virtual Firewall
84
a set of technologies that work on a network to guarantee its ability to dependably run high-priority applications and traffic under limited network capacity
Quality of Service
85
is a purpose-built device that passively makes a copy of network data but does not alter the data
port taps
86
Wifi encryption Uses AES (Advanced Encryption system) and CCMP (Cipher Block Chaining Message)
WiFi Protected Access 2
87
utilizes 192-bit security while still using the 802.1X standard to provide a secure wireless network for enterprise use. Meant to replace WPA2
WiFi Protected Access 3
88
a simple counter-based block cipher implementation. Every time a counter-initiated value is encrypted and given as input to XOR with plaintext which results in ciphertext block
counter mode block cipher or CBC-MAC
89
Wireless security that works with WPA3 and authentication is performed with a hash of a generated key that is unique to each authentication. Provides stronger defense against password guessing
simultaneous authentication of equals
90
A protocol used on encrypted networks to provide a secure way to send identifying information to provide network authentication. It supports various authentication methods, including as token cards, smart cards, certificates, one-time passwords and public key encryption.
extensible authentication protocol EAP
91
a protocol that encapsulates the Extensible Authentication Protocol (EAP) within an encrypted and authenticated Transport Layer Security (TLS) tunnel.
would only validate server certificate to establish TLS session, then an additional — potentially insecure — authentication would be performed in the tunnel
Protect EAP
92
an EAP method that enables secure communication between a client and an authentication server by using Transport Layer Security (TLS) to establish a mutually authenticated tunnel
EAP-FAST
93
extensible Authentication Protocol tunnel transport layer security. an extension of EAP sometimes used with 802.1X. It allows systems to use some older authentication methods such as PAP within a TLS tunnel. It requires a certificate on the 802.1X server but not on the client's.
EAP-TTLS
94
What port does FTP uses?
Port 20 and 21
95
What port does DNS uses?
Port 53
96
What port does DHCP uses?
Port 67 and 68
97
What port does RDP uses?
3389
98
offers strong security. This requires both server and client-side digital certificates for establishing a connection
EAP-TLS
99
an extension of EAP sometimes used with 802.1X. It allows systems to use some older authentication methods such as PAP within a TLS tunnel. It requires a certificate on the 802.1X server but not on the client's.
EAP-TTLS
100
IEEE standard for media-level (Layer 2) access control that offers the capability to permit or deny network connectivity based on the identity of the end user or device and enables port-based control using authentication
IEEE 802.1x
101
enables remote access servers to communicate with a central server to authenticate dial-in users and authorize their access to the requested system or service.
RADIUS Remote Authentication Dial-In User Service
102
authentication enables a remote host to authenticate itself by providing a secret key, which is known to both hosts
PSK Pre Shared Key
103
authentication toe uses x. 509 digital certificates for user device authentication. This method uses a RADIUS server for authentication
Enterprise
104
a graphical representation of cyber risk data where the individual values contained in a matrix are represented as colors that connote meaning
Heat map
105
to analyze the wifi connection, collect the data, and identify the problems responsible for a weak Wi-Fi signal. This collect information from different access points and channels within your network and provide a clear overview with visual reports and dashboards
Wi-Fi Analyzer
106
a wireless method of connecting to the Internet over large areas without the need for extensive cabling. Sets up a connection from a single to location to another location
Point to Point connection
107
consists of a central base station that supports several subscriber stations. These offer network access from a single location to multiple locations, permitting them to use the same network resources between them
Point to Multi Point connection
108
MDM Admin can enable this feature once a device is compromise or lost
Remote Wipe
109
setting virtual boundaries and triggering events when these boundaries are crossed by a mobile device on which certain software is installed
Geofencing
110
uses data acquired from user devices to identify or describe the user's actual physical location
Geolocation
111
A MFA method that builds risk assessment capabilities into access decisions by analyzing users' behavior and context, such as which device or network they're logging in from.
Context Aware Authentication
112
the user can artificially categorize different types of data on a mobile device's storage media
Storage Segmentation
113
solutions provide companies with the ability to effectively and scalably monitor and manage their remote endpoint
UEM Unified Endpoint Management
114
software that secures and enables IT control over enterprise applications on end users' corporate and personal smartphones and tablets
MAM Mobile Application Management
115
Android feature prevents apps or processes from accessing data and resources that they are not allowed to.
SEAndroid
Security Enhancements Android
116
installing apps on an iPhone or android without using their approved App Store or software distribution channel
Side loading
117
refers to the ability to download applications, services, and configurations over a mobile or cellular network. used to automatically update firmware, software, and even encryption keys
OTA Over the Air
118
a type of text-based protocol for mobile devices that was designed as a replacement for SMS and MMS messaging
Rich communication Service RCS
119
a standardized specification that allows a device to read data from a USB device without requiring a PC
USB On-The-Go
120
use your existing mobile phone and data plan to share a secure internet connection with another device, typically a laptop or tablet
Tethering
121
you have access to a dedicated device, like a portable Wi-Fi device that's capable of connecting to the closest cellular tower
HotSpot
122
enables mobile phones, cameras, printers, PCs, and gaming devices to create their own Wi-Fi networks without an internet connection
Wifi Direct
123
set of policies in a business that allows employees to use their own devices – phone, laptop, tablet or whatever – to access business applications and data, rather than forcing employees to use company-provided devices for that purpose
Bring your own device BYOD
124
a business model in which an organization provides its employees with mobile computing devices and allows the employees to use them as if they were personally owned notebook computers, tablets or smartphones
Corporate owned personally enabled COPE
125
an employee provisioning model in which an organization allows people to select the mobile devices they would like, usually from a limited number of options
CYOD Choose your own device
126
a security check point between cloud network users and cloud-based applications. They manage and enforce all data security policies and practices, including authentication, authorization, alerts and encryption
Cloud Access Security Broker CASB
127
a new cloud-native solution for providing advanced network protection by inspecting web requests against company policy to ensure malicious applications and websites are blocked and inaccessible
Next-generation secure web gateway
128
process of assigning a 'geo-tag' or adding some 'geographical information' in various 'media' forms such as a digital photograph, video or even in a SMS message
Geo tagging
129
track information such as GPS address, IP address, or user's device to pinpoint users' location and determine whether a behavior was physically possible
Impossible Travel Time
130
cryptographic module that enhances computer security and privacy. Protecting data through encryption and decryption, protecting authentication credentials, and proving which software is running on a system are basic functionalities associated with computer security. Built into the mother board
TPM Trust Platform Module
131
in order to authenticate, the authenticator sends a “challenge” message to the access-requesting party, which responds with a value calculated using a “one-way hash” function that takes as inputs the challenge and the shared secret
CHAP Challenge Handshake Authentication Protocol
132
provides simple password authentication on initial link establishment. It is not a strong authentication method, since passwords are transmitted in clear over the link and there is no protection from repeated attacks during the life of the link
Protection Authentication Protocol
133
Type of federation
is designed to authenticate a user, so providing user identity data to a service
Better than OPENID
Security Assertion Markup Language SAML
134
remote authentication protocol, that will allow a remote access server to communicate with an authentication server in order to validate an user access onto the networking devices.
Commonly used to access to network devices like routers and switches.uses port 49
TACACS+ Terminal Access Controller
Access Control System Plus
135
What port does TACACS+ uses?
Port 49
136
What port does IMAP uses?
Port 143
137
What port does SSH, SCP and SFTP uses?
Port 22
138
What port does telnet use?
Port 23
139
What port doe SMTP use?
Port 25
140
What port does TFTP use?
Port 69
141
What port does Kerberos use?
Port 88
142
What port does POP use?
Port 110
143
What port does SNMP use?
Port 161 and 162
144
What port does SNMP use?
Port 162 and 161
145
What port does syslog use?
Port 514
146
What port does Layer 2 Tunneling Protocol use?
Port 1701
147
What port does Point to point protocol use?
Port 1723
148
open standard for access delegation, commonly used as a way for internet users to grant websites or applications access to their information on other websites but without giving them the passwords
Treated as a authorization protocol than authenticating
OAuth
149
provides great support for native mobile applications running on iOS and Android. allows you to use an existing account to sign in to multiple websites, without needing to create new passwords.
an open authentication protocol that is no longer being used
OpenID
150
security protocol that authenticates service requests between two or more trusted hosts across an untrusted network, like the internet
Uses port 88
Kerberos
151
grant access based on a user's location, role, the time of day, the device being used, the resource in question, and the desired action, i.e., all the attributes necessary to enforce secure authorization dynamically and in real-time
ABAC Attributed Based Access Control
152
security, is a mechanism that restricts system access. It involves setting permissions and privileges base on the user role
Role BAC
153
access controls are preventative – they don't determine access levels for employees. Instead, focusing on the rules associated with the data’s access or restrictions
Rule BAC
154
access control is the principle of restricting access to objects based on the identity of the subject (the user or the group to which the user belongs).
Discretionary Access Control
155
means of restricting access to system resources based on the sensitivity (as represented by a label) of the information contained in the system resource and the formal authorization (i.e., clearance) of users to access information of such sensitivity
Mandatory Access Control
156
It deals with generating, exchanging, storing, using and replacing keys as needed at the user level
Key Management
157
offers an easy-to-use, effective solution to create and store asymmetric key pairs for encrypting or decrypting as well as signing or validating anything that depends on a public key infrastructure
is a an organization that acts to validate identities and bind them to cryptographic key pairs with digital certificates
CA Certificate Authority
158
a certificate that was issued as a dividing layer between the Certificate Authority and the end user's certificate. It serves as a verification device that tells a browser that a certificate was issued on a safe, valid source, the CA's root certificate.
Intermediate Certificate
159
an authority in a network that verifies user requests for a digital certificate and tells the certificate authority (CA) to issue it.
Registration Authority
160
to make it known that a site's digital certificate is not trustworthy. It warns a site's visitors not to access the site, which may be fraudulently impersonating a legitimate site. also protects visitors from man-in-the-middle attacks
CRL Certificate Revocation List
161
These attributes that specify group membership, roles, security clearances or other authorization information associated with the certificate holder.
Certificate Attributes
162
It is a method used by browsers to make sure a security certificate is valid. Web browsers check the status of security certificates with third-party vendors. If the certificate is valid, the connection to HTTPS will continue
OCSP Online Certificate Status Protocol
163
is verification of domain name ownership and control.
Domain Validation
164
additional checks had been done by the certificate authority, and they’ve enabled additional features that would show the name of the certificate owner in the browser bar itself,
Extended Validation
165
a digital certificate file that is created and stored in binary format. It is a binary encoding for the X. 509 certificates and private keys
DER Distinguished Encoding Rules
166
validates the information the CA requires to issue a certificate.
digital certificate applicant to a certificate authority (CA) to request a validation
Certificate signing Request
167
represents the server name protected by the SSL certificate
Common Name
168
specify additional host names (sites, IP addresses, common names, etc.)
Subjective Alternative Name
169
is an Internet standard that provides for secure exchange of electronic mail. employs a range of cryptographic techniques to allow for confidentiality, sender authentication, and message integrity.
Uses RSA, MD2 and MD5 hashing functions
Which is a legacy protocol
Privacy Enhanced Mail
170
the intermediate authority certificate necessary for the trustworthiness of the certificate, and the private key to the certificate
an archive that stores everything you need to deploy a certificate.
Personal Information Exchange
171
used to store X. 509 certificate. Normally used for SSL certification to verify and identify web servers security. The file contains information about certificate owner and public key
CER File or CER certificate
172
an alternate extension for what is generally referred to as a "PFX file. combined format that holds the private key and certificate and is the format most modern signing utilities use
P12
173
Certificate that is encoded in Base64 ASCII encoding
P7
174
Authority allows the root CA to be reached at any time, which allows for a centralized CRL.
Having a centralized CRL means any certificates can be checked against the centralized source
Online Certificate Authority
175
is on completely isolated from the network, providing an extra layer of security
Is sometimes kept completely powered down, providing near complete protection
the hierarchy is dependent on intermediate CAs to sign certificates.
Offline certificate Authority
176
improves the connection speed of the SSL handshake by combining two requests into one. This cuts down on the amount of time it takes to load an encrypted webpage
OCSP Stapling
177
idea of pinning down certain known good certificate. This way, only the known good certificate from a certain CA is associated with the host.
OCSP Pinning
178
storing and providing a mechanism for obtaining copies of private keys associated with encryption certificates, which are necessary for the recovery of encrypted data.
Key Escrow
179
certificate is a public key certificate which can be used with multiple subdomains of one domain.
Wilcard
180
The role of a root certification authority in PKI is it is the trusted root that issues certificates.
In PKI, if Company A trust Company B and Company B trust Company C, then Company A trusts Company C, this is describing a transitive trust.
Trust Model
181
consists of all the certificates needed to certify the subject identified by the end certificate. In practice this includes the end certificate, the certificates of intermediate CAs, and the certificate of a root CA trusted by all parties in the chain.
Certificate Chaining
182
certificate is used in order to digitally sign software in order to verify a trustworthy source
certificates not only verify the source of the software, but also that the integrity of the software has been maintained.
Code signing
183
a certificate that is signed by the same entity that being issued the certificate. The certificate is only as trustworthy as the signing party.
Useful when implemented on a private system, as an attack on the 3rd party CA is not an issue.
Self signing Cert
184
certificates are used to secure an email connection so that it can be encrypted and signed
Email Certificate
185
identifies an individual user in the PKI hierarchy, who should be trusted by some intermediate or root CA.
User Certificate
186
is the certificate of the root CA, and must be self signed. This certificate must be trusted in order to allow all other certificates to be trusted.
root Certificate
