Chapter 1 Flashcards
(88 cards)
1
Q
Use Case
A
Describes a goal than an organization wants to achieve.
2
Q
Actors
A
A person
3
Q
Precondition
A
Must occur before the process can start
4
Q
Trigger
A
Starts the use case
5
Q
Postcondition
A
Occurs after the actor triggers the process
6
Q
Normal Flow
A
Lists each step in specific order
7
Q
Confidentiality
A
Prevents the unauthorized disclosure of data
8
Q
Encryption
A
Scrambles data to make it unreadable
9
Q
PII
A
Personally Identifiable Information
10
Q
Access Controls
A
Identification, authentication, and authorization.
11
Q
Identification
A
User claimed identity
12
Q
Authentication
A
Users prove their identity
13
Q
Authorization
A
Grant or restrict access to resources after authentication.
14
Q
Steganography
A
Hiding data within data
15
Q
Obfuscation
A
METHOD to attempt to make something unclear or difficult.
16
Q
Integrity
A
Provides assurances that data has not changed.
17
Q
Hashing
A
A number created by an algorithm against data to ensure integrity.
18
Q
Hashing Algorithms
A
Message Digest 5 (MD5), Secure Hash Algorithm (SHA), and Hash-based Message Authentication Code (HMAC)
19
Q
MAC (NIC)
A
Media Access Control
20
Q
MAC (Mandatory)
A
Mandatory Access Control
21
Q
MAC (Message)
A
Message authentication code
22
Q
Digital Signature
A
Provides authentication and non-repudiation
23
Q
Non-repudiation
A
Verifies the user. Non-deniable.
24
Q
Availability
A
Indicates that data and services are available when needed.
25
Redundancy
Adds duplication to critical systems and provide fault tolerance.
26
Fault Tolorance
Allows services to continue without interruption in the case of a fault.
27
Disk redundancies
Fault-tolerant disks, such as RAID-1, RAID-5, and RAID-10.
28
Server redundancies
Failover clusters ensure a service will continue to operate, even if a server fails.
29
Load balancing
Uses multiple servers to support a single service
30
Site redundancies
If a site can no longer function due to a disaster, such as a fire, flood, hurricane, or earthquake, the organization can move critical systems to an alternate site.
31
Risk
is the possibility or likelihood of a threat exploiting a vulnerability resulting in a loss.
Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide . Kindle Edition.
32
Threat
any circumstance or event that has the potential to compromise confidentiality, integrity, or availability.
Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide . Kindle Edition.
33
Vulnerability
is a weakness.
Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide . Kindle Edition.
34
Security Incident
an adverse event or series of events that can negatively affect the confidentiality, integrity, or availability of an organization’s information technology (IT) systems and data.
Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide . Kindle Edition.
35
Risk mitigation
Reduces the changes that a threat will exploit a vulnerability.
36
Control Types
Technical controls, Administrative controls, Phycial controls, Preventive controls, Detective controls, Corrective controls, Deterrent controls, Compensating controls.
37
Administrative Controls
use administrative or management methods.
Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide . Kindle Edition.
38
Physical Controls
refer to controls you can physically touch.
Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide . Kindle Edition.
39
Preventive Controls
attempt to prevent an incident from occurring.
Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide . Kindle Edition.
40
Detective controls
attempt to detect incidents after they have occurred.
Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide . Kindle Edition.
41
Corrective Controls
attempt to reverse the impact of an incident.
Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide . Kindle Edition.
42
Deterrent Controls
attempt to discourage individuals from causing an incident.
Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide . Kindle Edition.
43
Compensating Controls
alternative controls used when a primary control is not feasible.
Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide . Kindle Edition.
44
How Security Controls Are Implemented
Technical, Administrative, Physical.
45
Goals of security controls
Preventive, Detective, Corrective, Deterrent, Compensating.
46
IDSs
Intrusion detection system
47
IPSs
Intrusion prevention system
48
IDSs and IPSs Function
monitor a network or host for intrusions and provide ongoing protection against various threats.
Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide . Kindle Edition.
49
Firewall
Restrict network traffic going in and out of a network.
50
Least Priviledge
that individuals or processes are granted only the privileges they need to perform their assigned tasks or functions, but no more.
Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide . Kindle Edition.
51
Risk Assessments
quantify and qualify risks within an organization so that the organization can focus on the serious risks.
Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide . Kindle Edition.
52
Vulnerability Assessments
attempts to discover current vulnerabilities or weaknesses. When necessary, an organization implements additional controls to reduce the risk from these vulnerabilities.
Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide . Kindle Edition.
53
Penetration Tests
attempting to exploit vulnerabilities.
Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide . Kindle Edition.
54
NIST
National Institute of Standards and Technology
55
Hardening
the practice of making a system or application more secure than its default configuration.
Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide . Kindle Edition.
56
IPS Function
attempts to detect attacks and then modify the environment to block the attack from continuing.
Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide . Kindle Edition.
57
TOTP
Time-based One-Time Password
58
Virtualiztion
allows you to host one or more virtual systems, or virtual machines (VMs), on a single physical system.
Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide . Kindle Edition.
59
Hypervisor
software that creates, runs, and manages the VMs
Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide . Kindle Edition.
60
Type I Hypervisor
run directly on the system hardware.
Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide . Kindle Edition.
61
Type II Hypervisor
run as software within a host operating system.
Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide . Kindle Edition.
62
Application Cell
virtualization or container virtualization runs services or applications within isolated application cells (or containers).
Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide . Kindle Edition.
63
VDI
Virtual Desktop Infrasctructure
64
VDE
Virtual Desktop Environment
65
VM Escape
an attack that allows an attacker to access the host system from within the virtual system.
Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide . Kindle Edition.
66
VM Sprawl
sprawl occurs when an organization has many VMs that aren’t managed properly.
Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide . Kindle Edition.
67
Kali Linux
a free Linux distribution used by many security professionals for penetration testing and security auditing.
Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide . Kindle Edition.
68
Hyper-V
Windows VM Support
69
VMware Workstation Player
Free VM software
70
Oracle VMVirtualBox
Oracle VM software
71
Ping
a basic command used to test connectivity for remote systems.
Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide . Kindle Edition.
72
ipconfig
shows the Transmission Control Protocol/Internet Protocol (TCP/IP) configuration information for a system.
Entered by itself, the command provides basic information about the NIC, such as the IP address, subnet mask, and default gateway.
73
ipconfig /all
This command shows a comprehensive listing of TCP/IP configuration information for each NIC.
Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide . Kindle Edition.
74
ipconfig /displaydns
this command shows the contents of the DNS cache.
Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide . Kindle Edition.
75
ipconfig /flushdns
erase the contents of the DNS cache with this command.
Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide . Kindle Edition.
76
ifconfig
Linux command similar to ipconfig.
77
ifconfig eth0
This command shows the configuration of the first Ethernet interface (NIC) on a Linux system.
Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide . Kindle Edition.
78
ifconfig eth0 promisc
This command enables promiscuous mode on the first Ethernet interface.
Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide . Kindle Edition.
79
ifconfig eth0 allmulti
This command enables multicast mode on the NIC.
Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide . Kindle Edition.
80
netstat
allows you to view statistics for TCP/IP protocols on a system.
Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide . Kindle Edition.
81
ESTABLISHED
The normal state for the data transfer phase of a connection.
82
LISTEN
Indicates the system is waiting for a connection request.
83
CLOSE_WAIT
This indicates the system is waiting for a connection termination request.
Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide . Kindle Edition.
84
TIME_WAIT
This indicates the system is waiting for enough time to pass to be sure the remote system received a TCP-based acknowledgment of the connection.
Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide . Kindle Edition.
85
SYN_SENT
This indicates the system sent a TCP SYN (synchronize) packet as the first part of the SYN, SYN-ACK (synchronize-acknowledge), ACK (acknowledge) handshake process and it is waiting for the SYN-ACK response.
Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide . Kindle Edition.
86
SYN_RECEIVED
This indicates the system sent a TCP SYN-ACK packet after receiving a SYN packet as the first part of the SYN, SYN-ACK, ACK handshake process.
Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide . Kindle Edition.
87
tracert
command lists the routers between two systems.
Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide . Kindle Edition.
88
arp
a command-line tool that is related to the Address Resolution Protocol (ARP)
Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide . Kindle Edition.
