General Knowledge

Question 1

nslookup

Answer 1

Command Line Tool used to query DNS. Map an IP address to a Domain name.

*obtain Domain Names
*IP address mapping details
*DNS records

Question 2

Dig

Answer 2

Linux Command Line Tool similar to NSlookup

Question 3

nmap

Answer 3

Command Line Tool used to analyze the Network for all open/ closed ports.

Question 4

Active Directory

Answer 4

Active Directory (AD) is Microsoft’s proprietary directory service. It runs on Windows Server and enables administrators to manage permissions and access to network resources. Active Directory stores data as objects. A centralized Database.

Objects:
*Resources (Printers)
*Users (Groups)
*Computers

Question 5

Domain Services (AD)

Answer 5

Active Directory Domain Services (AD DS). This is the main service of AD which stores directory information and handles the interaction of the User with the Domain. It controls which users have access to each resource or Group Policy.

Question 6

Domain Controller

Answer 6

A domain controller is a SERVER that responds to authentication requests and verifies users on computer networks. The primary function of domain controllers is to authenticate and validate users on a network, including group policies, user credentials, and computer names to determine and validate user access. A domain controller, is simply a server running Active Directory that authenticates users and devices. Multiple domain controllers can be deployed within a domain to provide fault tolerance and load balancing.

*OS (Windows or Linux)
*LDAP
*Network Time Service (NTP)
*Network Authentication Protocol (Kerberos)

Question 7

DNS

Answer 7

Domain Name System. The Phonebook of the Internet that connects Web Browsers with Website. Humans access information online through domain names, like nytimes.com or espn.com. Web browsers interact through Internet Protocol (IP) addresses. DNS translates domain names to IP addresses so browsers can load Internet resources.

Question 8

NTP

Answer 8

Network Time Protocol. An internet protocol used to synchronize with computer clock time sources in a network. It belongs to and is one of the oldest parts of the TCP/IP suite.

Question 9

NTPD

Answer 9

Network Time Protocol Daemon. An Operating System Program that maintains the System Time in synchronization with Time Servers using the NTP.

Question 10

Group Policy

Answer 10

Group Policy is a feature of Active Directory that allows administrators to define and enforce settings and configurations for users and computers within a domain. Group Policy settings can control security policies, software deployment, desktop configurations, and more.

Question 11

Virtual Machine

Answer 11

A virtual machine (VM) is a digital version of a physical computer. Virtual machine software can run programs and operating systems, store data, connect to networks, and do other computing functions, and requires maintenance such as updates and system monitoring. The only difference is that it resides inside a computer. There can be multiple virtual machines that reside inside one physical computer.

Question 12

Hypervisor

Answer 12

Also known as a Virtual Machine Monitor (VMM) - is a software that creates and runs the virtualization. It allows multiple operating systems (OS) to run simultaneously on the same hardware, each within its own isolated virtual environment.

Type 1 (Bare Metal) - runs directly on the Physical Hardware of the Host system.
Type 2 (Hosted) - runs on top of an existing OS, known as the Host OS.

Hypervisors play a crucial role in virtualization technology, enabling organizations to achieve better resource utilization, scalability, flexibility, and cost savings by consolidating multiple workloads onto a single physical server infrastructure. They are widely used in data centers, cloud computing environments, and desktop virtualization solutions.

Question 13

Email Flow

Answer 13

1 - Bob composes Message via Email Client
2 - Sends Email
3 - Client connects to Email Server (SMTP)Data is routed through Network Connection
4 - SMTP receives Email and relays data to Recipient Email server
5 - Susan email server receives Email data and processes spam filtering, virus scanning, recipient validation
6 - Email is delivered to mailbox or mail queue
7 - Email client downloads Email from Server
8 - Susan reads Email message

Question 14

Risk Tolerance

Answer 14

Risk tolerance refers to an individual’s or entity’s willingness and ability to endure fluctuations in the value of their investments or to accept the potential loss of capital in pursuit of higher returns.

Risk tolerance refers to the general level of risk the firm is WILLING TO ACCEPT, not the precise financial impact threshold for action.

Question 15

Encryption Algorithm

Answer 15

An encryption algorithm provides a structured method for converting plaintext into ciphertext. A good algorithm ensures data remains confidential and secure from unauthorized access.

*Confidential

Question 16

Digital Signatures

Answer 16

Digital signatures validate the authenticity and integrity of a message or document, ensuring it hasn’t been tampered with since being signed.

*Integrity

Question 17

Cipher Block

Answer 17

Refers to a fixed-size portion of data that an encryption algorithm processes. (Encryption Algorithm)

Question 18

Hash Function

Answer 18

A hash function takes input and returns a fixed-size string, typically used for verifying data integrity, but it does not encrypt data for the purpose of confidentiality.

*Integrity

Question 19

Endpoint Protection

Answer 19

Includes installing Antivirus, Anti-malware, and firewall software on systems or devices. This software helps protect systems and devices from known vulnerabilities.

Question 20

Patching

Answer 20

Patching is a mitigation technique that can help prevent exploitation of known vulnerabilities on systems and devices by updating them with the latest security fixes and enhancements. Patching involves applying patches or updates to all software and systems, not just those that provide host security like firewalls.

Question 21

Least Privilege

Answer 21

Least privilege is a mitigation technique that limits users to the level of access and privilege they need to do their work. This can limit the extent of an attack by limiting the attacker’s access and privilege to those of the compromised user. Least privilege involves applying predefined rules and permissions, such as roles, groups, and functions and enforcing the rules and permissions through mechanisms such as passwords, tokens, and biometrics.

*Applicable to Users, not Applications

Question 22

End to End Encrypted Email

Answer 22

Implementation of end-to-end encrypted email ensures emails are decipherable only by the intended recipient, safeguarding sensitive content.

Question 23

Host Based Firewall

Answer 23

Host-based firewall is a hardening technique that can help protect a system or device from unauthorized or malicious network traffic. Host-based firewalls by use software to filter and control incoming and outgoing network traffic by using predefined rules and policies. The policies and rules are based on criteria such as source and destination IP address, port number, protocol. Host-based firewall involves installing software on a system or device.

Question 24

Encryption

Answer 24

Encryption is a mitigation technique that involves using mathematical algorithms to transform data into an unreadable format. Encryption can protect data from unauthorized access or modification, as only those who have the secret key or algorithm can decrypt the data. Encryption will not stop data from entering a host machine.

Question 25

Host-based Intrusion Prevention System (HIPS)

Answer 25

a hardening technique that can help prevent attacks from occurring. It is software that is installed on a system or device to detect and prevent unauthorized actions like file modifications and registry changes. A HIPS may include a firewall, but will contain other features as well.

Question 26

Application Allow

Answer 26

Application allow list is a technique that can help enforce compliance with security standards and policies on a system or network by using a list of approved applications that are allowed to run and blocking all other applications that may violate the standards or policies. Application allow list involves using a list of applications that have been verified and authorized by the system or network administrator, and blocking all other applications that may not meet the security requirements or expectations of the system or network.

Question 27

Risk Threshold

Answer 27

Financial impact figure is an example of a risk threshold, as it is the specific point at which the company must act to mitigate risk. (Specific Amount $)

Question 28

Due Diligence

Answer 28

Due diligence includes assessing the vendor's security practices and confirming that they meet the organization's security requirements and standards. Due diligence in the vendor selection process involves evaluating the financial stability and reliability of the vendor to ensure they are capable of fulfilling their obligations. Due diligence involves examining the vendors' security practices and ensuring that they comply with a company's own practices.

Question 29

OAuth (Open Authorization)

Answer 29

An open standard for token-based authentication and authorization on the internet. It allows users to grant third-party applications limited access to their resources without sharing their credentials directly. OAuth is widely used for enabling secure access to APIs (Application Programming Interfaces) and web services. Implementing a central OAuth authorization server is the best approach for secure and standardized access to user account data. The authorization server acts as an intermediary between the user and the third-party application, handling user authentication and issuing access tokens to authorized applications. By using OAuth, the user can grant limited access to their account data without sharing credentials directly.

Question 30

Decentralized Governance

Answer 30

Decision-making is distributed among various departments or sectors, promoting responsiveness and specialization.

Question 31

Signature Based Detection

Answer 31

Signature-based detection relies on a database of known threat patterns. Therefore, it might not recognize or stop new threats or zero-day exploits because their signatures aren't in the database yet. Signature-based detection relies on predefined patterns of known threats. Signature-based detection doesn't encrypt traffic. Instead, it matches traffic patterns against known threat signatures.

Question 32

Risk Owner

Answer 32

The term "Risk Owner" refers to the individual or entity within an organization that has the primary responsibility for managing and mitigating a specific risk. This individual or entity is accountable for identifying, assessing, monitoring, and controlling the risk to ensure that it remains within acceptable levels.

Question 33

Infrastructure as code (IaC)

Answer 33

Allows infrastructure to be provisioned and managed using code, making it easier to manage, replicate, and scale. Infrastructure as Code (IaC) is an approach to managing and provisioning computing infrastructure through machine-readable files rather than physical hardware configuration or interactive configuration tools. In essence, IaC allows infrastructure environments to be defined, managed, and deployed using code, which can then be version-controlled, tested, and automated.

Question 34

Port 1433

Answer 34

Default port for Microsoft SQL Server. Organizations typically restrict or monitor access to this port to prevent unauthorized database operations.

Question 35

Domain Name System (DNS)

Answer 35

Uses Port 53 for resolving domain names into IP addresses.

Question 36

Port 443

Answer 36

Used for secure web traffic through SSL/TLS.

Question 37

File Transfer Protocol (FTP)

Answer 37

Uses port 21 for unencrypted data transfers.

Question 38

Layer 4 (Transport Layer)

Answer 38

Layer 4, or the transport layer, deals with protocols like TCP and UDP and is concerned with port numbers and connection-oriented communication. Network appliances operating at this layer filter and manage traffic based on source and destination IP addresses, as well as port numbers.

Question 39

Layer 3 (Network Layer)

Answer 39

Layer 3, the network layer, is primarily focused on routing data and IP addressing. Devices at this layer, like routers, aren't primarily concerned with port numbers.

Question 40

Layer 2 (Data Link)

Answer 40

Layer 2, the data link layer, deals with frames and MAC addresses. Switches typically operate at this layer.

Question 41

Layer 5 (Session)

Answer 41

Layer 5, the session layer, establishes, maintains, and terminates connections between applications on different devices.

Question 42

Evidence of Internal Audits

Answer 42

Evidence of Internal Audits showcases a vendor's proactive approach to maintaining and enhancing their security measures. Such audits are conducted internally and reflect a rigorous self-assessment of security practices, vulnerabilities, and control mechanisms. By reviewing these, a company can gain insights into the vendor's commitment to security, how they address potential weaknesses, and their overall cybersecurity health.

Question 43

Inline

Answer 43

Inline devices are designed to interact with network traffic actively and can take actions such as accepting, rejecting, or modifying packets, making them the optimal choice for this scenario.