Full Test Flashcards

Question 1

Q

What is RipeMD

Answer

A

RACE integrity Primitive Evaluation Message Digest
open source hashing algo
160-320 bit

Question 2

Q

What is BPDU Guard

Answer

A

Bridge Protocol Data Unit
Enhancement to Spanning Tree Protocol
CISCO calls it “port fast”

Question 3

Q

What is EAP TTLS

Answer

A

Extensible Auth Protocol Tunnelled TLS
Used with other protocols
Auth Server needs a certificate
WPA2 enterprise

Question 4

Q

What is VMI?

Answer

A

Virtual Mobile Infrastructure

- Mobile Apps actually run from remote server

Question 5

Q

What is CASB?

Answer

A

Cloud Access Security Broker “Caz-Bee”

- OnPrem or Cloud software that provides visibility, security, compliance, and threat prevention

Question 6

Q

What is conditional access?

Answer

A

Manage access through SaaS

- Condtions like Geography, IP, used device, browser, OS

Question 7

Q

What is PAM?

Answer

A

Privilege Access Managment

- Admins “check out” admin privileges for a set length of time

Question 8

Q

What is NIST SP800-61?

Answer

A

-Computer Security Incident Handling Guide

Question 9

Q

What is ISO 27001?

Answer

A

International Standard for Information Security Management Systems

Question 10

Q

What is ISO 27002?

Answer

A

Code of practice for implementing security controls.

- if ISO 27001 is the “what and why” then 27002 is the “how”

Question 11

Q

What is ISO 27701?

Answer

A

Intl standard for Privacy Information Managment Systems

- Extends 27001 to deal with GDPR

Question 12

Q

What is ISO 31000?

Answer

A

Intl Std for Risk Management

- Generic guidelines

Question 13

Q

What is CSA?

Answer

A

Cloud Security Alliance
Organization dedicated to defining best practices for secure cloud computing
Cloud Control Matrix is the framework

Question 14

Q

What does the Data Steward do?

Answer

A

Oversight or governance role
Responsibility for accuracy, privacy, & security
Applies sensitivity labels
Ensures legal and compliance standards are met

Question 15

Q

What is a Data Controller?

Answer

A

How and why data is used within organization

Question 16

Q

What is a Data Custodian?

Answer

A

Responsible for the safe custody, transport, and storage of data.
IT function more than business function.

Question 17

Q

What is a Data Protection Officer?

Answer

A

Responsible for Overall Data Privacy Policy.
GDPR compliance
All PII/PHI data is handled correctly

Question 18

Q

What is SASL?

Answer

A

Simple Authentication and Security Layer
Used with various auth schemes. Eg.
Kerebos

Question 19

Q

What is SNMPv3?

Answer

A

Simple Network Managment Protocol v 3
Provides CIA for Network Managment
UDP 161

Question 20

Q

What is STP?

Answer

A

Spanning Tree Protocol
Prevents Layer 2 loops
Leaves single active path between nodes
802.1D/802.1Q-2014

Question 21

Q

What is RFC?

Answer

A

Request For Comments
Standard Setting bodies on Internet like Internet Engineering Task Force (IETF)
Shape Internet internal workings since 1969.

Question 22

Q

What is TTP?

Answer

A

Tactics, Techniques, & Procedures

- Codified playbook for individual attackers

Question 23

Q

What is IRM?

Answer

A

Information Rights Management
E-DRM
“remote-control” of documents

Question 24

Q

What is RTO?

Answer

A

Recovery Time Objective
Time after EVENT before normal operations resume
“Acceptable levels” of ops

Question 25

Q

What is WRT?

Answer

A

Work Recovery Time
Verifying all is back to normal
Resume production

Question 26

Q

What is MTD?

Answer

A

Max Tolerable Downtime

- RTO + WRT = MTD

Question 27

Q

What is SIAM?

Answer

A

Service Integration and Management
Integrates multiple Cloud Service Providers
multisourcing

Question 28

Q

What is SDN?

Answer

A

Software Defined Networking
Centrally defined networking through logical means
OpenFlow protocol
Data Plane (packets)
Control Plane (routing process)

Question 29

Q

What is VXLAN?

Answer

A

Virtual Exensible LAN
Layer 2
Scales to 16 million logical networks

Question 30

Q

What is Baseband?

Answer

A

Uses all available BW. 0% or 100%.
1 direction per wire
Ethernet standard BASE
more signals via multiplexing

Question 31

Q

What is SSL VPN?

Answer

A

Secure Socket Layer VPN
Operates in browser
Uses HTTPS TCP/443
“Lightweight”
Good for remote access vice site-to-site

Question 32

Q

What is EAP-FAST?

Answer

A

Extensible Auth Protocol - Flexible Auth via Secure Tunnel
Supplicant and Auth Server share protected secret to mutually auth a tunnel
Replaces LEAP
802.1x protocol

Question 33

Q

What port is Netbios on?

Answer

A

TCP/UDP 137-139

Question 34

Q

What communicates on ports 137-139?

Answer

A

Netbios (TCP/UDP)

Question 35

Q

Define WPA2

Answer

A

Wireless protected access version2
Uses CCMP block cipher
- Counter mode with cipher block chaining
AES encryption
Potential for brute-forcing 4-way handshake
Hash Capture vuln

Question 36

Q

Define Site-to-Site VPN

Answer

A

Uses L2TP (Layer 2 Tunneling Protocol)
- Acts like layer 3
IPSec for encryption (vice SSL VPN)
L2TP uses udp/1701

Question 37

Q

Define WPA3

Answer

A

Wifi Protected Access v. 3
Uses Galois/counter mode
AES encryption (as WPA2)
simultaneous auth of Equals (SAE)
perfect forward secrecy

Question 38

Q

Define Perfect Forward Secrecy?

Answer

A

Changes keys automatically and frequently
Protects PAST communication
ECDHE_RSA

Question 39

Q

What is RAID 6?

Answer

A

RAID = Redundant Array of Independent Disks
Raid 6 is striping with Double Parity
Requires at least 4 disks
2 disks can fail

Question 40

Q

What service uses port 143?

Answer

A

IMAP
Internet Measafe Access Protocol
TCP

Question 41

Q

What port does IMAP use?

Question 42

Q

Define DES?

Answer

A

Digital Encryption Standard
symmetric
64 bit blocks with 56 bit keys
old as fuck

Question 43

Q

Define sdelete?

Answer

A

Windows CLI program

- individual files

Question 44

Q

What is SAST?

Answer

A

Static Application Security Testing
Helps ID flaws like buffer overflow and Database Injection
Doesn’t get everything
Can help check for false positives

Question 45

Q

What service uses port 445?

Answer

A

Server Message Block (SMB)

- TCP

Question 46

Q

What port does SMB use?

Question 47

Q

What service uses port 587?

Answer

A

SMTP w/SSL
TCP
Also TCP/465

Question 48

Q

What ports are used by SMTP w/SSL?

Answer

A

TCP/465

- TCP/587

Question 49

Q

What services use port 161?

Answer

A

SNMP (Simple Network Management Protocol)

- UDP

Question 50

Q

What port does SNMP use?

Question 51

Q

What is WAF?

Answer

A

Web Application Firewall
Layer 7
Applies rules to HTTPS
Recognize SQL injection
Heavy PCI DSS use

Question 52

Q

Define Raid 5

Answer

A

Striping with parity
Requires at least 3 disks
only 1 drive can fail

Question 53

Q

Define RAID 10?

Answer

A

Striped and Mirrored
Requires 4 disks
Up to 2 can fail

Question 54

Q

What are http secure headers?

Answer

A

Instructions to a browser to enforce security settings

- Https only, only allow local scrips, no I-frames allowed, etc

Question 55

Q

What service uses port 993?

Answer

A

IMAP4 ssl

- tcp

Question 56

Q

What port is used by IMAP4 ssl?

Question 57

Q

What is SED?

Answer

A

Self Encrypting Drive
Hardware based
Cleared by overwriting the encryption keys

Question 58

Q

What service uses port 53?

Answer

A

DNS

- tcp/udp

Question 59

Q

What port does DNS use?

Answer

A

tcp/udp/53

Question 60

Q

What service uses port 1433?

Answer

A

SQL server

- tcp

Question 61

Q

What port does SQL server use?

Question 62

Q

What service uses port 514?

Answer

A

Syslog

- udp

Question 63

Q

What port does Syslog use?

Question 64

Q

What service uses port 636?

Answer

A

LDAP w/ssl

- tcp/udp

Answer 59

A

tcp/udp/636

Answer 60

A

Diameter

- tcp

Answer 61

A

Extensible Auth Protocol
Auth framework
Integrates with 802.1x

Answer 62

A

Advanced Encryption Standard
symmetrical
128 through 256 bit

Answer 63

A

PPTP
point to point VPN
tcp/udp

Answer 64

A

tcp/udp 1723

Answer 65

A

International Data Encryption Algorithm

- 64 bit, 128 key

Answer 66

A

FTPS
uses ssl for security
different from S(sh)FTP

Answer 67

A

tcp 989-990

Answer 68

A

POP3 w/ssl

- tcp

Answer 69

A

SMTP w/SSL
tcp
also port 587

Answer 70

A

Simultaneous Auth of Equals
WPA3 characteristic
Diffie-helmann based
everyone has a different session
dragonfly handshake key exchange

Answer 71

A

software validation that the kernel, bootloader, etc has not changed
Early Launch Anti-Malware (ELAM)
verifies OS signature

Answer 72

A

Remote Procedure Call (RPC)

- tcp/udp

Answer 73

A

tcp/udp 135

Answer 74

A

Remote Procedure Call

- allows one system to call a subroutine on another

Answer 75

A

EAP Transport Layer Security
WPA2
all devices need x.509 cert
mutual auth
PKI needed

Answer 76

A

Protected EAP
AS needs a certificate, supplicant doesnt
MS-CHAPv2 (microsoft challenge handshake Auth protocol)
often used with token generator
Cisco, MS, and RSA developed

Answer 77

A

Security Enhanced Android
uses MAC (mandatory access control)
SELinux in Android OS

Answer 78

A

level 4 firewall port

- level 3: ipaddr, cidr, ipv4/6

Answer 79

A

cloud concept

- granular security controls

Answer 80

A

Protect users and devixes regardless of location
goes beyond URL and GET requests
Examines JSON and API calls
instance aware

Answer 81

A

Identity Provider
Who are you? Who vouches?
Authorization as a Service
Single Sign on (sso)
SAML, OAuth, OpenID

Answer 82

A

$ssh-keygen -t $ENCRYPTION$

- ed25519, rsa

Answer 83

A

Challenge Handshake Auth Protocol
encrypted challenge
1. Server sends challenge
2. Client sends PW bas
3. Server compares
4. Ongoing and invisible during session

Answer 84

A

Security Assertion Markup Language
open standard for auth
not good for mobile

Answer 85

A

Auth framework
Determine whar resources can be accessed
Not a protocol
Used w/OPENID
Google, FB, Twitter
“Xapp wants to access your Google acct”

Answer 86

A

Key generation of requested str w proper cipher
Certificate gen - allocate key to user
Distribution - securely xfer to user
Storage
Expiration/Revocation

Answer 87

A

binding of public key with digital signature and other details

Answer 88

A

owner of certificate has control over domain

Answer 89

A

Additional verification checks for certificate owner
Like a bank
Outdated

Answer 90

A

Subject Alternate Name
Extension to an x.509
Allows wildcards
- *.jacklawton.com
  mail. jacklawton.com
  training. jacklawton.com

Answer 91

A

Distinguished Encoding Rules
x.509 cert
binary, not human readable
often used with Java

Answer 92

A

Privacy Enhanced Mail
64-bit (ascii) encoded .der
what you normally get from CA

Answer 93

A

Public Key Cryptography Standard #12
container for multiple certs
also .pfx
used to transfer key pairs
can be password protected

Answer 94

A

Windows x.508 certificate format

- can be binary like .der or ascii like .pem

Answer 95

A

PKCS#7
contains certs but only public key
ascii

Answer 96

A

“Staples” time stamped revocation info to the cert so clients don’t have to contact the CA for revocation info

Answer 97

A

obsolete technique to prevent website impersonation

Answer 98

A

CLI tool that displays tcp/ip connections, routing tables, and other network statistics
$netstat -a = all
$netstat -b = binaries (windows)
$netstat -n = numbers only (no name)

Answer 99

A

show routing tables

- same as $netstat -r

Answer 100

A

toolkit & crypto library for ssl/tls
create x.509 certs, revoke, and sign
hashing protocols for mag digests
en/decryption

Answer 101

A

windows hexadecimal editor
edit disks
clone disls
secure wipe
forensics tool

Answer 102

A

secure and permanent erasure of sensitive data from media to guarantee no residual dara can be recovered even through forensic analysis

Answer 103

A

The process of restoring and returning affected devices back to business environment.
Return to normal
Restore from backup

Answer 104

A

Contain the breach. Sandboxing, disconnection, start redundant systems
Update and patch?

Answer 105

A

Indications an attack is happening
network is vulnscanned
indicators of compromise

Answer 106

A

Establish communication methods. Remembering that normal comms may be compromised
Hardware and software toolkit
Documents, net diagrams, baselines, hashes
Mitigation software
OS images

Answer 107

A

Preparation
Identification and analysis
Isolation, Containment, & Eradication
Recovery
Post event activity

Answer 108

A

Guidelines for Evidence Collection and Archiving
1: Acquisition
2: Analysis
3: Reporting

Answer 109

A

1: CPU registers, CPU Cache
2: Router table, ARP cache, process table, kernel, RAM
3: Temp File Systems
4: Disk drive
5: Remote Logging/Monitoring
6: network topology
7: Archival Media

Answer 110

A

Center for Internet Security Critical Security Controls
Improve Cyber Defense
20 key sections
Scalable to different organization sizes

Answer 111

A

National Institute Standards Techology Risk Management Framework
Federal Agency Requirement
6 stages: Categorize, Select, Implement, Assess, Authorize, Monitor

Answer 112

A

NIST Cybersecurity Framework
voluntary for civilian/commercial orgs
ID, Protect, Detect, Respond, & Recover

Answer 113

A

American Institute of CPAs Auditing Standard Statement on Standards of Attestation Engagements #18 (SSAE18)
SOC2 is Trust Services Criteria
- Firewalls, MFA, Intrusion Detection

Answer 114

A

Annualized Loss Expectancy
ARO x SLE
ARO = Annual Rate of Occurance
SLE = Single Loss Expense

Answer 115

A

Recovery Time Objective
Up and running quickly to service level
Not complete

Answer 116

A

Endpoint Detection & Response
Behavioral analysis, machine learning, process monitoring
Lightweight agent on endpoint
API automated
Root cause analysis

Answer 117

A

Secure Real-Time Transport Protocol
VOIP
AES
HMAC - Hash-based auth code using SHA 1

Answer 118

A

Host-based IDS

- Log files to ID intrusion

Answer 119

A

Password hashing function

- Uses blowfish to do multiple rounds

Answer 120

A

Password-based Key Derivation Function 2

- Part of RSA public key cryptography

Answer 121

A

Encryption scheme that allows operations to be performed on the encrypted data without decryption

Answer 122

A

One bit or byte at a time
high speed, low hardware complexity
symmetric encryption
use IV for randomization

Answer 123

A

Fixed length groups
64 or 128 bit blocks
en/decrypted independently
symmetric

Answer 124

A

Galois/Counter Mode
Combines counter with authentication
Auth is part of block
SSH/TLS

Answer 125

A

Simplest mode of Block Ciphering

- same key for each block

Answer 126

A

Cipher Block Chaining
Each block is XOR with previous
additional randomization
uses IV for 1st block

Answer 127

A

Encrypts successive value of a counter

Answer 128

A

Use STARTTLS to encrypt POP3 or IMAP w SSL

Answer 129

A

FTPS is FTP secure. Uses SSL on port 989 and 990

SFTP is SSH FTP. Uses SSH to send FTP

Answer 130

A

Next Generation Firewall
OSI Layer 7 application
Can allow or disallow features
all data in every packet
Deep packet inspection
Stateful multilayer inspection

Answer 131

A

Cyber Threat Alliance

- Members validate forwarded threat intelligence

Answer 132

A

Security Orchestration Automation and Response

- Automated security that can apply tools automatically at any time without intervention

Answer 133

A

Recovery Point Objective

- Longest time an organization can lose data for

Answer 134

A

Max Tolerable Downtime

- Longest time ops can be down without catastrophic damage

Brainscape's Knowledge GenomeTM

Full Test Flashcards

Brainscape's Knowledge Genome^TM