Definitions Flashcards

(45 cards)

1
Q

Data Steward

A

Responsible for managing data from a business & stakeholder perspective
- oversight or data governance role within an organization, and is responsible for ensuring the quality and fitness for purpose of the organization’s data assets, including the metadata for those data assets.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Data Custodian

A

Creates and enforces technical controls on day-to-day level

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Data Owner

A

Ultimately responsible for sensitive data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

nmap -sT

A

scan for open TCP ports

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

nmap -sU

A

scan for open UDP ports

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

netstat -a

A

identify listening and non-listening sockets

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

netstat-l

A

list of listening sockets

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

netstat -s

A

displays statistics for each protocol

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

netstat -i

A

displays a table of all network interfaces

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Steps of Risk Assessment

A
  1. Identify assets at risk
  2. Conduct a threat assessment
  3. Analyze Business Impact
  4. Evaluate threat probability
  5. Prioritize risks
  6. Create a mitigation strategy
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Where are network communication security settings configured?

A

Computer policies section of GPO

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Where are internet options set?

A

User policies in GPO

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Block cipher

A

Encrypt fixed-length groups (64 or 128 bit)
-Pad added to short blocks
- Each block encrypted/decrypted independently
- Symmetric encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Stream cipher

A

Encryption is done one bit at a time
- Used w/ symmetric encryption
- IV (initialization vector) added for randomness

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Ephemeral Key

A

Not permanent
- Used for session keys

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

LDAPS

A

Secure Lightweight Directory Access Protocol
- TCP port 636

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

IMAPS

A

Secure Internet Message Access Protocol
- TCP port 993

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

POP3S

A

Secure Post Office Protocol
- TCP port 995

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

MITRE ATT&CK

A

Knowledge base of advisory techniques presented as a matrix for enterprises

20
Q

Cyber Kill Chain

A

Linear, seven-step attach model that defenders use to interrupt the steps and stop the attack

21
Q

Dimond Model of Intrusion Analysis

A

Describes attacks as the pivoting interactions among adversaries, victims, capabilities and infastructure

22
Q

hping

A

Packet crafting utility

23
Q

the Harvester

A

passive reconnaissance
- can gather information like emails, subdomains, hosts, employee names, open ports and banners from different public sources like search engines, PGP key servers, and SHODAN computer database.

24
Q

Domain

A

Collection of network resources

25
Organizational Unit
Logical organization of resources
26
Differential backup
backs up ALL changes since last full backup
27
Incremental backup
backs ups files that have changed since last full or incremental backup - If archive bit is on, data has changed and needs to be backed up - Once data has been backed up, archive bit is reset
28
Order GPOs are applied
1. Local Group Policy 2. GPO linked to site 3. GPO linked to domain 4. GPO lined to OU
29
Digital signature
created by combining hash of data and private encryption key
30
Symmetric encryption algorithms
Blowfish 3DES
31
Asymmetric encryption algorithms
RSA Diffie-Hellman
32
Security Control Categories
Managerial Operational Technical
33
Examples of operational security contorls
configuration management data backups awareness programs
34
Examples of technical security controls
encryption protocols firewall ACLs authentication protocols
35
Security Control types
Preventative Detective Corrective Deterrent Compensating Physical
36
Non-repudiation
Ensures no party can deny that it sent or received a message
37
What security services do cryptographic systems provide?
Confidentiality non-repudiation
38
Reduction (data)
obscuring data by replacing all or part of content *****
39
Data masking
sub false data for real data
40
Tokenization
assigning random surrogate values w/ no mathematical relationship that can be reversed by linking the token back to the original data
41
ISO 27K & 31K 27002
Defines the various security controls in greater detail
42
ISO 27K & 31K 31000
Framework for enterprise risk management
43
ISO 27K & 31K 27001
Details steps to implement a compliant information security management system
44
ISO 27K & 31K 27701
Focuses on personal data and privacy
45
Wireless Encryption Methods (most to least secure)
1. WPA3 - GCMP (Galois/Counter Mode Protocol) 2. WPA3 - CCMP (Counter Mode Cipher Block Chaining Message Authentication Code Protocol ) 3. WPA - CCMP 4. WPA2 - TKIP (Temporal Key Integrity Protocol) 5. WPA - TKIP 6. WEP