Foundation Flashcards
(22 cards)
What is an endpoint in cybersecurity?
Any device on a network that sends and receives data, like desktops, laptops, or printers.
Why is endpoint security important?
Each endpoint represents a potential vulnerability or attack vector that must be secured.
Give examples of common endpoints in a network.
Windows desktops, Linux machines, network-based printers, personal laptops, etc.
What’s the goal of studying Windows and Linux OS in cybersecurity?
To understand how they work and how to secure them from a cybersecurity perspective.
What two environments are covered in endpoint security training?
The graphical user interface (GUI) and the command line interface (CLI).
What are some key system functions covered in endpoint security training?
Scheduled tasks, running processes, and system logging.
What is a Windows method attackers use to maintain access?
Scheduled tasks.
What is a Linux method attackers use to maintain access?
Cron jobs.
From a defensive standpoint, what should you look for in logs?
Evidence of breaches, rogue processes, or unusual system behavior.
What’s the benefit of learning both offensive and defensive techniques?
It helps you understand how threats work and how to prevent, detect, and respond to them.
How is information presented in these labs?
In small, bite-sized, consumable pieces that focus on one concept at a time.
What becomes the primary focus when shifting from endpoints to networks in cybersecurity?
Communication between endpoints
Why is network data considered more reliable than endpoint data?
It is much harder for adversaries to modify
What is one benefit of passive network monitoring?
It doesn’t impact production systems
What do network protocols help computers and devices do?
Send and receive packets, browse the internet, and support enterprise network operations
What is the ultimate goal of cybersecurity professionals across different roles?
To detect, mitigate, or prevent malicious activity
Why is it overwhelming to examine all possible network or protocol exploits?
There are millions of examples and new methods are constantly being created
What is essential for detecting anomalies in network behavior?
Knowing what normal protocol behavior looks like and spotting deviations
How does protocol knowledge help penetration testers?
It allows them to proactively identify vulnerabilities
Why is knowledge of network security crucial in cybersecurity?
It forms the foundation for success in the field
Why are cybersecurity skills not considered static?
Because new foundational knowledge continues to emerge as threats evolve
