prep Flashcards
(144 cards)
1
Q
Decentralized Governance
A
Decision-making authority distributed throughout the
organization
○ Enables quicker decisions and local responsiveness
2
Q
Risk Tolerance
A
The level of risk an organization is willing to accept without countermeasure
■ Determines the urgency of vulnerability remediation
3
Q
Risk Appetite
A
Willingness to pursue or retain risk
4
Q
RTO
A
Real Time Objective:
○ Maximum acceptable time before severe impact
○ Target time for restoring a business process
Designed for real-time applications that process data without significant delays
Critical for time-sensitive applications like flight navigation and medical equipment
BAD: at buffer overflow protection
5
Q
ECC
A
Elliptic Curve Cryptography
● Efficient and secure, uses algebraic structure of elliptical curves
● Commonly used in mobile devices and low-power computing
● Six times more efficient than RSA for equivalent security
uses Shorter Keys
6
Q
Symmetric
A
Uses the same key for encryption and decryption
private key encryption
7
Q
Asymmetric
A
Uses a pair of keys for encryption and decryption
often called “Public Key Cryptography”
● Public key for encryption
● Private key for decryption
No need for shared keys
8
Q
802.1x Authentication
A
■ Provides port-based authentication for wired and wireless networks
9
Q
Fail-Open
A
Allow traffic to pass during a failure, maintaining connectivity but reducing security
Ex: tunnel traffic
10
Q
Fail-closed
A
Blocks all traffic during a failure, prioritizing security over connectivity
11
Q
Zero-Day Exploits
A
■ Attacks that target previously unknown vulnerabilities
12
Q
WPA
A
Wi-Fi Protected Access
13
Q
Risk Assessments
A
Managerial control
Regularly assess threats and vulnerabilities specific to your organization, and update it with significant changes
14
Q
SASE
A
Secure Access Service Edge
-Cloud-based service integrating security and wide area networking
- Addresses challenges of securing and connecting users and data across distributed locations
15
Q
Port 22
A
SSH
Secure Shell Protocol
16
Q
Layer 4 Firewall
A
Transport Layer
- Provides less granularity for blocking or allowing traffic based on application payload
Concerned with destination IP addresses and port numbers
17
Q
Layer 5 Firewall
A
Session Layer
18
Q
Side Loading
A
Installing apps from unofficial sources bypassing the device’s default app
store
● Can introduce malware; download apps from official sources with strict
review processes
Like a rootkit
19
Q
Layer 7 Firewall
A
Application layer
Make granular decisions about traffic based on application payload
Deals with URLS, HTTP, and specific app functions
20
Q
Logic Bomb
A
Malicious code that’s inserted into a program, and the malicious code will only
execute when certain conditions have been met
21
Q
Code Signing is widely used in which hashing algorithm?
A
RSA
● Supports digital signatures, encryption, and key distribution
22
Q
TOC
A
Time-of-Check
a type of race condition
● Attackers manipulate a resource’s state after it is checked but before it is
used
● For example, overdrawing a bank account due to a time delay between
checking and transferring funds
23
Q
race condition
A
Multiple processes or threads accessing shared resources simultaneously
24
Q
Sanitization
A
Thorough process to make data inaccessible and irretrievable from storage medium using traditional forensic methods
■ Applies to various storage media
Can be Reused
25
Destruction
Goes beyond sanitization, ensures the physical device is unusable
-Recommended methods
● Shredding
● Pulverizing
● Melting
● Incinerating
26
WAF
Web Application Firewall (WAF)
● Focuses on inspecting HTTP traffic
● Prevents common web application attacks like cross-site scripting and SQL injections
27
XSS
■ Cross-Site Scripting (XSS)
● Injects malicious scripts into web pages -- crossing threat actors' site, into legitimate site, and then to the user
28
HIDS
● Host-based IDS (HIDS)
○ Looks at suspicious network traffic going to or from a single or endpoint
29
What is Bluejacking?
Sending unsolicited messages to a Bluetooth device
Often used for pranks or testing vulnerabilities
30
What does Bluesnarfing involve?
Unauthorized access to a device to steal information like contacts, call logs, and text messages
31
What can attackers do with Bluebugging?
Take control of a device's Bluetooth functions, make calls, send messages, or access the internet
32
What type of attack is Bluesmack?
Denial-of-service attack by overwhelming a device with data, causing it to crash or become unresponsive
33
How does BlueBorne spread?
Spreads through the air to infect devices without user interaction
34
End-of-life Vulnerability
No updates or support from the manufacturer
This typically means the product is no longer being sold or serviced, and users may need to seek alternatives.
35
SCADA
Supervisory Control and Data Acquisition
Type of ICS (industrial control system) designed for monitoring and controlling geographically dispersed
industrial processes
■ Common industries like
● Electric power generation, transmission, etc.
Bad: limited security update capabilities
36
Internet of Things (IoT)
Network of physical devices with sensors and connectivity
■ Enables data exchange among connected objects
37
Infrastructure as Code (IaC)
■ sets up infrastructure using code instead of hands on methods
■ Software-driven setup instead of manual configuration
38
What is Risk Tolerance?
An organization or individual’s willingness to deal with uncertainty in pursuit of their goals
Risk Tolerance reflects how much risk one is prepared to accept in order to achieve objectives.
39
What is Risk Appetite?
Willingness to pursue or retain risk
## Footnote
Risk Appetite indicates a more proactive stance towards risk-taking.
40
Shadow IT
IT systems, devices, software, or services managed without explicit organizational approval
41
GDPR
(GeneralDataProtection Regulation)
■ Protects EU citizens' data within EU and EEA borders
■ Compliance required regardless of data location
■ Non-compliance leads to significant fines
42
CSRF
Cross site request forgery
Triggers' actions on different websites without users' consent
43
SIEM
SIEM helps correlate various events and incidents from system logs
44
FIM
File Integrity Monitoring
Monitors critical system files for changes using agents and hash digests, triggering alerts when unauthorized changes occur
45
DLP
data loss prevention
Stop unauthorized data exfiltration
46
SQL Injection
Standard Query Language
- Injection of SQL query through the input form client uses to send data to an application (inserting username)
- databases use SQL
Or '1=1 or '7=7 or etc.
Prevent by using input validation and data sanitization
47
Port 53
DNS - Domain Name System
Resolves domain names into IP addresses
48
Port 443
HTTPS
Secure web traffic through SSL/TLS
49
Port 1443
Microsoft SQL
Organizations restrict or monitor access here to prevent unauthorized database operations
50
Port 21
FTP - File Transfer Protocol
For unencrypted data transfers
Fuck the party - 21 drink 🍸
51
Partition Encryption
Similar to full-disk encryption but it is only applied to a specific partition on the storage device
52
DAC
Discretionary Access Control
● Resource owners specify which users can access their resources
● Access control based on user identity, profile, or role
● Allows resource owners to grant access to specific users
53
RBAC
●Rule-Based Access Control
Uses security rules or access control lists
● Policies can be changed quickly and frequently
● Applied across multiple users on a network segment
54
ABAC
Attribute-Based Access Control
UserAttributes
■ User’s name, role, organization ID, or security clearance
○ Environment Attributes
■ Time of access, data location, and current organization’s
threat level
○ ResourceAttributes
■ File creation date, resource owner, file name, and data
sensitivity
Access decisions are based on the combination of attributes
55
MAC
Mandatory Access Control
● Uses security labels to authorize resource access
● Requires assigning security labels to both users and resources
● Access is granted only if the user's label is equal to or higher than the resource's label
56
INLINE devices
Designed to interact with network traffic actively and can accept, reject, or modify packets
57
Data Custodian
Ensures safety and management of data through its various stages
Ex. 40 Custodes: gets you where you need to go through the stages
58
Data Controller
Determines purposes and means of processing personal data
59
Data Processor
Processes personal data on behalf of data custodian but does not decide purpose
60
Layer 2
Data link layer, deals with frames and MAC addresses. Switches operate here
61
Layer 3
Concerned with routing data and IP addressing
62
Wildcard Certificate
Secures multiple subdomains under a main domain
63
Trapdoor Function
RSA algorithm where encryption is easy to perform using public key, but decryption without private key is challenging
64
What is Endpoint Detection and Response (EDR)?
Continuous monitoring of endpoint devices.
65
What does EDR do?
Identifying, investigating, and preventing cyber threats.
66
Steganography
Used to hide the fact that communication is occurring
Hides secret data within an image, audio, or video file
67
IPsec
Internet Protocol Security
Secures IP communication
Commonly used in remote access VPNs to establish secure encrypted tunnels between endpoint and the network
68
What is Single Sign-On (SSO)?
Single Sign-On (SSO) is an authentication process allowing users to access multiple applications with one set of credentials.
69
What does LDAP stand for?
Lightweight Directory Access Protocol
70
What is the primary use of LDAP?
To access and maintain distributed directory information
71
What type of information can LDAP share?
User information across network resources
72
What does LDAP support for authentication and authorization?
Central repository
73
How can LDAP be secured?
Using LDAPS (LDAP over SSL or StartTLS)
74
What type of data does LDAP store for authorization?
User data like group memberships and roles
75
True or False: LDAP can only be used for local directory access.
False
76
Packet Capture
Has a high storage cost because it records network capture. Valuable for short term investigations
77
What does EAP-MD5 use for remote access authentication?
Simple passwords and the challenge handshake authentication process
## Footnote
EAP-MD5 is a one-way authentication process that does not provide mutual authentication.
78
What type of authentication does EAP-TLS utilize?
Public key infrastructure with a digital certificate installed on both client and server
## Footnote
EAP-TLS supports mutual authentication.
79
What is required on the server for EAP-TTLS?
A digital certificate
## Footnote
The client uses a password for authentication in EAP-TTLS.
80
What does EAP-FAST use instead of a certificate?
Protected access credential
## Footnote
EAP-FAST establishes mutual authentication using this credential.
81
What type of authentication does PEAP support?
Mutual authentication using server certificates
## Footnote
PEAP is designed to enhance security by encapsulating EAP within a secure tunnel.
82
True or False: EAP-MD5 provides mutual authentication.
False
## Footnote
EAP-MD5 is a one-way authentication process.
83
Fill in the blank: EAP-TLS uses ____ authentication.
mutual
## Footnote
EAP-TLS ensures both the client and server authenticate each other.
84
What is the primary difference between EAP-TTLS and EAP-TLS?
EAP-TTLS requires a digital certificate on the server, not on the client
## Footnote
In EAP-TTLS, the client authenticates using a password.
85
What is the main purpose of EAP-FAST?
To establish mutual authentication without using a certificate
## Footnote
EAP-FAST uses protected access credentials for this purpose.
86
Is hashing reversible?
NO
It is irreversible
Once you have corned beef hash, you can't go back
87
Is Tokenization reversible?
YES
It replaces sensitive info with non sensitive placeholder (a token)
88
What is a True Positive?
Real and exploitable vulnerability correctly identified
## Footnote
Indicates successful detection of a legitimate security issue.
89
What is a False Positive?
Incorrectly stated vulnerability
## Footnote
Suggests a vulnerability exists when it does not.
90
What does True Negative mean?
Correctly identifies the absence of a vulnerability
## Footnote
Confirms that no security issues are present.
91
What is a False Negative?
Serious finding – vulnerability exists but remains undetected
## Footnote
Represents a failure to identify a critical security risk.
92
What is the best way to secure a backup account if there is a SSO failure?
PAM- privileged access management. Secure privileged accounts like a backup account
93
Honeytoken
Piece of data or user account intentionally created as a trap for malicious activity. Designed to attract and detect suspicious transactions
94
What is an Acceptable Use Policy (AUP)?
Document that outlines the do's and don'ts for users when interacting with an organization's IT systems and resources
## Footnote
An AUP serves as a guideline for users to understand acceptable behavior regarding IT resources.
95
What does an AUP define?
Acceptable Use Policy
Appropriate and prohibited use of IT systems/resources
## Footnote
This includes guidelines on how users should interact with technology and data.
96
What is the primary aim of an Acceptable Use Policy?
To protect organizations from legal issues and security threats
## Footnote
By outlining acceptable behavior, organizations can mitigate risks associated with misuse of IT resources.
97
Jump server
Or jump box
Secure system that is a controlled entry point for accessing servers. Provide external contractors/admins with access to specific environments such as a test environment
98
Monolithic code
Deploy software in a container environment. These are large and tightly coupled and difficult to break into smaller components
99
Failover Tests
■ Controlled experiment for transitioning from primary to backup components
■ Ensures uninterrupted functionality during disasters
■ Requires more resources and time
■ Validates the effectiveness of disaster recovery plans
■ Can identify and rectify issues in the failover process
100
SAAS
Software as a service
Used to ensure easy deployment of resources within a cloud provider
101
IdP works with what?
SSO - Single Sign On
Ensures users can access multiple applications with one set of credentials
102
OAuth
Open Authentication
Open standard for token-based authentication and authorization
● Allows third-party services to access user account information without
exposing passwords
● Often used in RESTful APIs for secure sharing of user profile data
103
Responsibility Matrix
Contains info about which security controls are implemented with a IaaS (infrastructure as a service)
104
Virtualization
Emulated servers with their own OS virtual machine
105
SAML
(Security Assertion Markup Language)
● Standard for logging users into applications based on sessions in another context
● Redirect users to an identity provider for authentication
● Eliminates the need for services to authenticate users directly
● Decouples services from identity providers, enhancing security and
flexibility
106
Federation
■ Links electronic identities and attributes across multiple identity management systems
■ Enables users to use the same credentials for login across systems managed by different organizations
107
True Positive
Real, exploitable vulnerability correctly identified
108
False Positive
System says vulnerability is there but it actually does not exist
109
Service level of agreement
What you service you can expect from vendor
Incorporates accepted time needed to provide company resources
110
Load Balancer
Classified as high availability in a cloud environment
Distributes workloads across multiple resources
■ Optimizes resource use, throughput, and response time
■ Prevents overloading of any single resource
■ Incoming requests are directed to capable servers
111
True Negative
System correctly identifies there is NO vulnerability present on the system
112
False Negative
Systems fails to identify vulnerability when it does exist
113
What is a Data Controller?
An entity responsible for determining data storage, collection, and usage purposes and methods, as well as ensuring the legality of these processes.
114
What is a Data Steward?
A Data Steward focuses on data quality and metadata, ensuring data is appropriately labeled and classified.
115
Who does a Data Steward often work under?
A Data Steward often works under the data owner.
116
Tokenization
Replaces sensitive data with tokens to protect original data during transfer
Helps with containers
117
Containers
Package applications with only necessary components.
Reduces footprint of operating system
Minimizes # of OS patches needed
118
Playbook
Provides step by step instructions for responding to security incidents
A just in time reference
119
Firewalls are ideal for identifying the destination of...
Command and control (C2) traffic because they log inbound and outbound connections
120
What protects data at rest?
FDE - full disk encryption
Encrypts the entire storage drive, drive is protected even when powered off
121
BIA
Business impact analysis - evaluate potential effects of disruptions to critical business functions
122
Salting
Adding a RANDOM string of characters to a password
Before using a one way transformation algorithm
123
What vulnerability is exploited when an attacker OVERWRITES a register with a malicious address?
Buffer overflow
124
PAM
Privileged Access Management
Best way to secure shared privileged accounts like a backup account, especially in a SSO failure.
Provides strict controls over access to sensitive accounts
125
Hashing
Generates a unique fixed sized value(hash) based on contents of a file or script
126
What is Mean Time to Repair (MTTR)?
Average time to repair a failed component or system.
## Footnote
Indicator of repair speed and downtime minimization.
127
What is Mean Time Between Failures (MTBF)?
Average time between system or component failures.
## Footnote
Measure of reliability.
128
What are Hot Sites?
Hot Sites are up and running continuously, enabling a quick switchover. They require duplicating all infrastructure and data and are expensive, but provide instant availability.
129
What are Warm Sites?
Warm Sites are not fully equipped, but have the fundamentals in place. They can be up and running within a few days and are cheaper than hot sites but with a slight delay.
130
131
What are cold sites?
Cold sites are facilities that are fewer in number compared to warm sites.
132
What is the readiness time for cold sites?
Cold sites may be just an empty building, ready in 1-2 months.
133
What is a key advantage of cold sites?
Cold sites are cost-effective.
134
What is a disadvantage of cold sites?
Cold sites add more recovery time.
135
What is E-Discovery?
E-Discovery is the process of identifying, collecting, and presenting electronically stored information for potential legal proceedings.
136
What does E-Discovery involve?
E-Discovery involves searching, analyzing, and formatting electronic data for litigation.
137
What is a MOA?
Formal, outlines specific responsibilities and roles.
138
What is a MOU?
Less binding, expresses mutual intent without detailed specifics.
139
What is a Master Service Agreement (MSA)?
Covers general terms of engagement across multiple transactions.
## Footnote
Used for recurring client relationships, supplemented by Statements of Work.
140
What is a Statement of Work (SOW)?
Specifies project details, deliverables, timelines, and milestones.
## Footnote
Provides in-depth project-related information.
141
Generator can do what?
Provide contonuous power for extended periods during a power outage as long as it has sufficient fuel
142
UPS
Uninterrupted Power Supply
Uses to bridge short power interruptions. For 15 - 20 minutes
143
IRP
Incident response plan
Useful for detective and corrective activities related to common threats. Outlines steps to be taken if security incident occurs
144
Directory Traversal
Attempts to access files and directories outside the web servers root directory by using sequences like ../ to move up directory tree
