Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

S+_1 > D1 > Flashcards

D1 Flashcards

(113 cards)

Start Studying
1
Q

Describe risk owner

A
  • overseeing the security measures.
  • Regular review of security protocols
  • and responding to any breaches or vulnerabilities that may arise
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

System that will selectively block or allow traffic based on the nature of the communication.
- Layer 4 Firewall
- VPN
- 802.1x
- Layer 7 Firewall

A

Layer 7 Firewall

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which layer do traditional firewalls operate at

A

Layer 4

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

PAKE

A

Password Authenticated Key Exchange:
method in which parties, based only on their knowledge of a shared password, establish a cryptographic key using an exchange of messages, such that an unauthorized party cannot participate in the method and is constrained as much as possible from brute-force guessing the password.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

PMK

A

Pairwise Master Key:
Generated from passphrase by WPA2-PSK to encrypt communication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

SAE

A

Simultaneous Authentication of Equals:
Replaces 4-wat handshake with different hillman agreement. protects against offline dictionary attacks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Dragonfly

A

authentication process used in WPA3, designed to be more secure than WPA2, and it’s based on the Simultaneous Authentication of Equals (SAE) protocol

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

SD-WAN

A

Software Designed Wide Area Network:
Provides centralized network management, flexible routing and traffic management capabilities. Can be hosted cloud or on-premise

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

SASE

A

Secure Access Service Edge
Cloud-based service integrating security and wide area networking

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

AH

A

Authentication Header:
Protocol component of IPSec which offers packet integrity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Environmental Variables

A

Characteristics of org’s infrastructure that can affect vulnerability assessment and risk analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

SCADA security concerns

A

Not receive regular updates, making them susceptible to vulnerabilities over time

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

After remedying vulnerability, how to ensure steps were successful:
- rescanning
- patch management
- reviewing event logs
- threat modeling

A

Reviewing event logs: can be used to validate whether a vulnerability has been adequately addressed or is still causing issues

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Policy-based access control

A

Part of Zero Trust. User access and permissions are set based on organizational policies, roles or requirements, ensuring users have access that aligns with their job functions or responsibilities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Role-Bases Access Control

A

Permissions assigned based on predefined roles in an org.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

NGFW

A

Next-gen Firewall:
Incorporate advanced features like intrusion prevention, application awareness and deep packet inspection.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Stateful firewall

A

Keeps track of state of active connections and decides on packet allowance based on the context of traffic

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Proxy firewall

A

Intermediary for requests from users seeking resources from other servers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Packet-filtering Firewall

A

Layer 3. network security device that inspects incoming and outgoing network packets based on predefined rules, typically based on IP addresses, ports, and protocols, to allow or block traffic

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

SPF

A

Sender Policy Framework:
Helps prevent email spoofing by enabling domain owners to define which servers can send emails on their behalf

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

DMARC

A

Domain-based Message Authentication, Reporting and Conformance:
Utilizes results from DKIM and SPF checks to determine the action to take with non-conforming messages

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

DKIM

A

Domain Keys Identified Mail:
Provides method to validate the domain name identity associated with a message through crypto authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

RPO

A

Recovery Point Objective:
Maximum acceptable data loss, measured in time

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

MTBF

A

Mean Time Between Failure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
RTO
Recovery Time Objective: Target amount of time to restore IT and business activities post-disaster, focusing on downtime
26
SLA
Service Level Agreement: Details agreed-upon level of service between provider and client.
27
Zero Trust Control Plane
Making determinations on access requests, by referencing policies, verifying the identity of the requestor and considering potential risks
28
Zero Trust Data Plane
Manages transmission of data
29
LDAP
Lightweight Directory Access Protocol: Used to access directory systems over IP networks
30
EAP
Extensible Authentication Protocol: Provides a standard interface for integrating multiple authentication methods
31
WPA3
WIFI protected access 3: Security protocol designed for securing wireless networks. Includes authentication mechanism
32
RADIUS
Remote authentication dial-in user service: Protocol for carrying authentication authorization and configuration information between network access server and central server
33
Registration Aurhority
Processes requests for digital signatures. Have be used by a Certificate Authority but doesn't issue certificates
34
Federation
Allows different orgs to share digital identities enabling SSO across them
35
Centralized access management
???
36
AUP
Acceptable Use Policy: Rules and guidelines for the appropriate and acceptable use of an org's IT resources
37
MTA
Mail Transfer Agent: Responsible for transferring and routing emails between servers
38
Salting
Add random data to the input of a has function to increase security
39
Key Stretching
Repeated hashing of password to make it more random and longer that it originally appeared
40
Risk appetite
Amount of risk an organization is willing to take on to achieve its strategic objectives
41
Risk tolerance
Org's predetermined level of acceptable risk exposure. Extent to which an org is willing to tolerate potential risks before taking action to mitigate or avoid them
42
Exposure Factor
Calculation that determines the amount of value that is lost if an event takes place.
43
Content categorization
Systematically classifies websites based on their overall theme, making it easier to block unsuitable or irrelevant categories of web content
44
While browsing and accessing link to 3rd party site, receive a message stating access to this URL was denied. Which of these best describes the action experienced: - blocked content - firewall rejection - Content filtering - Malicious URL
Blocked content
45
EF
Exposure Factor: Fraction of asset value that is at risk in the event of a security incident
46
SLE
Single Loss Expectancy: Cost of single occurrence of a risk event
47
HCL
Hardware Compatible List???: List of hardware compatible with specific software or OS
48
Tokenization
Substitute sensitive data element with a non-sensitive one
49
Steganography
Hide a file within a file
50
Sophistication (Hacking)
Level of intricacy and advancement of threat actor's methods
51
Capability (Hacking)
Threat actor's proficiency in devising nere exploit techniques and tools.
52
MOU
Memorandum of Understanding: Formal agreement that outlines their mutual understanding and intentions to collaborate
53
BPA
Business Partnership Agreement: Contractual agreement that outlines collective efforts, roles and responsibilities in a specific business venture or partnership
54
MSA
Master Service Agreement: Comprehensive contract that sets forth the general terms and conditions that will govern multiple future engagements between the parties
55
Identity Proofing
Confirming authenticity of an individual's claimed identity through various verification methods
56
Data processor
Tasked with handling personal data in accordance with the controller's direction and must secure the data as per established standards
57
Data Owner
Senior exec responsible for labeling info assets and ensuring they are protected with appropriate controls
58
Data controller
Entity responsible for determining data storage, collection and usage purposes and methods, as well as ensuring the legatily of these processes
59
Data steward
Focuses on data quality and metadata, ensuring data is appropriately labeled and classified often working under data owner
60
Data custodian
Responsible for managing the systems on which data assets are stored, including enforcing access controls, encryption and backup measures
61
Privacy Officer
Oversees privacy related data such as PII, sensitive personal information (SPI, protected health information (PHI)
62
PII
Personal Identifiable Info:
63
SPI
Sensitive Personal Data loop
64
PHI
Personal Health Data
65
UTM
Unified Threat Management: Combines multiple security functions in a single device ● Functions include firewall, intrusion prevention, antivirus, and more ● Reduces the number of devices ● Are a single point of failure ● UTMs use separate individual engine ○ NGFW uses a single engine
66
SED
Self-Encrypting Drive
67
MAC
Mandatory Access Control: Access control system that assigns labels to objects in an OS
68
CASB
Cloud Access Security Broker: Solution for administering and managing security policies in the cloud
69
EF
Exposure Factor: Proportion of asset lost in an event
70
SLE
Single Loss Expectancy: Monetary value expected to be lost in single event Asset value x EF
71
ARO
Annualized Rate of Occurrence: Estimated freq of threat occurrence within a year
72
ALE
Annualized Lost Expectancy: SLE x ARO
73
CHIPS
Funding to boost semiconductor research and manufacturing in USA
74
DES (crypto)
Symmetric, small key
75
3DES
Assymetric. Encrypt, decrypt, encrypt, tripling key
76
IDEA
Symmetric, used in PGP
77
AES
Symmetric. Defacto
78
Blowfish
Symmetric
79
Twofish
Symmetric
80
RC Cipher Suite
Symmetric: RC4: stream cipher (SSL) RC5, RC6: block cipher
81
Diffie-Hellman
Assymetric, key exchange, key distribution
82
RSA
Assymetric
83
ECC
Assymetric, mobile devices, 6x more efficient ECDH: Diffie-Hellman ECDHE: DH Ephemeris ECDSA: public key crypto
84
MD5
Hashing, weak
85
SHA
1, 2, 3 (120 rounds)
86
RIPEMD
Hashing
87
HMAC
Hash-based Message Authentication Code Check integrity, paired with other hashing.
88
Telnet port
23, tcp
89
SQL port
1433
90
RDP port
3389
91
FTP port
21, tcp
92
Smtp
25, tcp
93
DNS port
53, tcp/udp
94
TFTP port
69, udp
95
Kerberos
88, udp
96
POP3 port
110, tcp
97
Nntp port
119, tcp
98
Rpc
135, tcp/rdp
99
NetBIOS ports
137, 138, 139, tcp/udp
100
IMAP port
143, tcp
101
SNMP port
161, udp
102
SNMP traps port
162, udp
103
LDAP port
389, tcp
104
SMB port
445, tcp
105
Smtp-s ports
465, 587, tcp
106
Syslog port
514, udp
107
Ldap-s
636, tcp
108
Imap-s port
993, tcp
109
Pop3-s port
995, tcp
110
Radius port
1645, 1646, tcp
111
Radius udp ports
1812, 1813, udp
112
RDP port
3389, tcp
113
Syslog-s
6514, tcp

S+_1 (1 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions