Random Stuff I need to learn Flashcards

Question

What happens during reconnaissance?

Answer 1

Testers will look for info about an organization such as domain names and email addresses.

Answer 2

Takes several photos of the back of your eye, visualizing your retina, optic disc, and blood vessels

Answer 3

Rely on the matching of patterns on the surface of the eye using near-infrared imaging, and is less intrusive than retinal scanning (the subject can continue to wear glasses, for instance) and much quicker Much less likely to be affected by diseases

Answer 4

Internet Message Access Protocol (IMAP) - TCP/IP application protocol that provides a means for a client to ACCESS EMAIL messages stored in a mailbox on a remote server using TCP Port 143

Answer 5

System that can provide automated identification of suspicious activity by user accounts and computer hosts

Answer 6

Form of knowledge-based authentication that requires a user to answer a question, presumably something they intrinsically know, to verify their identity. If you post a lot of personal info about yourself online, this password type can easily be bypassed

Answer 7

Desktop as a Service - provides a full virtualized desktop environment from within a cloud-based service. Also known as VDI (Virtualized Desktop Infrastructure) Virtualization implementation that separates the personal computing environment from a user's physical computer *ShadowPC

Answer 8

Attack intended to redirect a website's traffic to another, fake site by installing a malicious program on the computer. Can be conducted either by changing the hosts file on a victim's computer or by exploitation of a vulnerability in DNS server software Occurs when an attacker attempts to obtain personal or private information through domain spoofing or poisoning a DNS server

Answer 9

Form of malicious software and internet fraud that misleads users into believing there is a virus on their computer and to pay money for a fake malware removal tool (that actually introduces malware to the computer)

Answer 10

Status of certificates...provides validity such as good, revoked

Answer 11

Software application that allows communication between virtual machines

Answer 12

Process of extracting usernames, machine names, network resources, shares, and services from a system

Answer 13

What is submitted to the CA (certificate authority) to request a digital certificate

Answer 14

Address Resolution Protocol Layer 2 protocol used to map MAC addresses to IP addresses Procedure for mapping a dynamic IP address to a permanent physical machine address in a local area network (LAN) Protocol that enables network communications to reach a specific device on the network.

Answer 15

Used for initiating, maintaining, and terminating communication sessions that include voice, video and messaging applications Voice and video..VoIP

Answer 16

Traffic is denied the ability to enter or leave the network because there's no specific rule that allows it All access to a resource should be denied by default and only allowed when it's explicitly stated When a user or group are not granted a specific permission in the security settings of an object, but they are not explicitly denied either

Answer 17

Traffic is denied the ability to enter or leave the network because there's an ACL rule the specifically denies it

Answer 18

Uses a single ping with a spoofed source address sent to the broadcast address of a network. This causes every device within the network to receive a single ping, which appears to come from the device with the spoofed source address. Form of DDoS attack

Answer 19

Traffic is allowed to enter or leave the network because there's an ACL rule that specifically allows it

Answer 20

Shows auditing entries related to activities such as logon attempts or file access Logs the events such as successful and unsuccessful user logons to the system

Answer 21

Logs the events for the operating system and third-party applications File that contains info about events that have occurred within a software application

Answer 22

File containing records of event data Records events from various sources and stores them

Answer 23

Contains detailed information about each request made to the serve Contains a list of each of the files accessed on a server

Answer 24

Technique of hiding secret data within an ordinary, non-secret, file or message in order to avoid detection;

Answer 25

Infrastructure as a Service Model that provides the user with the hardware needed to get up and running, the end user is responsible for the operating system, the application, and any ongoing maintenance tasks 3rd party provides you with infrastructure services, like storage and virtualization, as you need them, via a cloud, through the internet Allow organizations to manage their business resources — such as their network, servers, and data storage — on the cloud Focused on moving your servers and computers into the cloud

Answer 26

Provider hosts the hardware and software on its own infrastructure and delivers this platform to the user as an integrated solution, solution stack, or service through an internet connection. Provides that platform for software developers to create, allowing them to concentrate on the software itself instead of any external issues Allow businesses/developers to host, build, and deploy application

Answer 27

Software as a Service Provides an entire application that is managed by a provider, via a web browser

Answer 28

Dynamic Host Configuration Protocol Used to dynamically assign IP addresses Assigns IP addresses and other configurations to devices when they connect to a network Port 67

Answer 29

Hashes provide assurances of messages authenticity and integrity. Hashes ensure original dada hasn't been changed Encryption provides confidentiality not integrity

Answer 30

Symmetric. Block cipher

Answer 31

Symmetric. Stream cipher

Answer 32

Hashing algorithm, neither symmetric or asymmetric

Answer 33

Asymmetric

Answer 34

Open source packet capturing and analysis tool.

Answer 35

Linux command...used to manipulate system permissions Change/modify file system permissions

Answer 36

Network reconnaissance and assessment tool used to scan hosts for open network service port Network scanner that discovers hosts and services on a computer network by sending packets and analyzing the responses Port scanner commonly used for host discovery and service identification

Answer 37

Name server lookup. Used to troubleshoot DNS problems. Name resolution

Answer 38

A device that acts as a middle man between a device and a remote server. 4 types: IP proxy, caching proxy, internet content filter & web security gateway Helps prevent an attacker from invading a private network and is one of several tools used to build a firewall A system or router that provides a gateway between users and the internet. Therefore, it helps prevent cyber attackers from entering a private network Process requests on another network device’s behalf

Answer 39

Uses security tokens generated by a trusted identity source to allow access to resources such as websites Single identity is created for a user and shared with all of the organizations in a federation System of trust between two parties for the purpose of authenticating users and conveying information needed to authorize their access to resources.

Answer 40

Identifies assets and risks and uses calculations such as ALE (annual loss expectancy) to prioritize and budget funds to manage these risks. Uses numerical and monetary values to calculate risk Requires detailed financial data, complex calculations and is time consuming. Uses exact numbers

Answer 41

One that uses judgment to determine potential losses if an incident occurs. Values cannot be ascertained with precision. They can include damages to reputation or brand image Subjective and requires expertise on systems and infrastructure. Cheaper and faster Categorizes things based on the likelihood and impact of a given incident using non-numerical terms, such as high, medium, and low.

Answer 42

Annual Lost Expectancy - Expected cost of a realized threat of a year. ALE = SLE x ARO

Answer 43

Annual Rate of Occurrence - The likelihood of a failure in a year

Answer 44

Authentication protocol that grants tickets to authenticated entities. Port 88 Ticket Based Authentication

Answer 45

Challenge Handshake Authentication Protocol - Uses shared secret (typically user credentials) known by both ends of a connection. The secret is hashed

Answer 46

System & Organization Controls reporting (Auditing) Audits design and implementation of controls at a single point in time. The auditor will review evidence from your systems as it exists at a particular “moment in time” Assesses the design of security processes at a specific point in time

Answer 47

System & Organization Controls reporting (Auditing) Documents operation efficiency of IT systems within a specific time frame Assesses the design of security processes over time…(6 months)

Answer 48

Often used to encrypt user files directly...or to generate file encryption keys, then encrypt files. Keys can be stored in a protected file on a disk or on a smart card Can be used to encrypt data and verify digital signatures.

Answer 49

Can be used to decrypt data and create digital signatures.

Answer 50

Generally symmetric, the same key is used for encryption and decryption

Answer 51

Network Interface Cards - Hardware component that allows computer to connect to a network

Answer 52

Archives all data even if it hasn't changes since the last full backup. Requires more storage and time to perform but the restoration is the quickest since its a single backup set

Answer 53

Backs up anything that has changed since the last full backup Minimize backup time but take longer to restore than full backups

Answer 54

Starts with a full backup. Backs up anything that has changed since the last full or incremental backup Minimize backup time but take longer to restore than full backups

Answer 55

Variant of a Denial of Service (DOS) attack where the attacker initiates multiple TCP sessions but never completes the 3-way handshake. This uses up resources on the server since it cannot complete the handshake and keeps resources reserved for the attacker’s computer while it awaits the handshake's completion

Answer 56

Conceptual framework used to describe the functions of a networking system Bottom 1. Physical Please 2. Data Link Do 3. Network Not 4. Transport Throw 5. Session Sausage 6. Presentation Pizza Top 7. Application Away All People Seem To Need Data Processing

Answer 57

Monitors traffic coming into and leaving a computer Protects a single computer form unwanted internet traffic

Answer 58

Used to view contents of text files Used to concatenate (join) files and print on the standard output catfile1.txt

Answer 59

Used to manipulate Linux file system permissions Used to change/modify file system permissions

Answer 60

Line filtering. Searches a file for a particular pattern of characters, and displays all lines that contain that pattern Used to print lines that match patterns.

Answer 61

Used to display beginning lines from a text file

Answer 62

Header information at the beginning of an Internet Protocol (IP) packet Contains the source IP address and the TTL (time-to-live) value

Answer 63

British Thermal Units Measures thermal energy (heat). Your server room AC must be able to displace the BTUs generated by your computing equipment; otherwise, the server room will be much too warm for your equipment.

Answer 64

Windows software that allows you to encrypt files

Answer 65

Linux command line tool Used to capture network traffic Command line tool that allows you to capture and analyze network traffic going through your system

Answer 66

Peer-to-Peer Network Network created whenever two or more devices/computers are connected and share the same resources Vulnerable to Trojans and spyware

Answer 67

Linux command that can be used to create an exact copy of a disk volume, while leaving the original disk volume intact Command line utility used to copy disk images using a bit by bit copying process

Answer 68

Used to test DNS server connectivity and name resolution

Answer 69

Used to send email over internet Port 25

Answer 70

Service Set Identifier. The name of a wireless network *When not broadcasted the wireless network is not visible when you’re scanning for wireless networks

Answer 71

Studies the impact that an incident presents to a business.

Answer 72

A cross-platform task automation and configuration management framework Uses a verb-noun type of syntax and is used by network administrators to manage computers "Get-Service | Where{$_.status –eq "Running"}" taskautomation and configuration management program

Answer 73

Simple Network Management Protocol Industry standard for managing and monitoring printers, servers, workstations, routers, switches, IP phones, and so on A TCP protocol that aids in monitoring network attached devices and computers Port 161

Answer 74

Simple Network Management Protocol version 3 Provides Encryption and interity functionality Exchanges management data…port 161

Answer 75

Simple Mail Transfer Protocol - transmits Internet e-mail messages to other SMTP hosts and can be configured to encrypt the transmission. Port 25

Answer 76

Sample/random data is passed to the application to test its security and functionality

Answer 77

Symmetric. Stream Cipher

Answer 78

Physical layer -Responsible for the physical cable or wireless connection between network nodes

Answer 79

Data Link Layer - provides node-to-node data transfer (between two directly connected nodes), and also handles error correction from the physical layer. Media Access Control (MAC) layer and the Logical Link Control (LLC) layer. In the networking world, most switches operate at Layer 2

Answer 80

Network Layer - Responsible for packet forwarding, including routing through different routers. You might know that your Boston computer wants to connect to a server in California, but there are millions of different paths to take. Routers at this layer help do this efficiently Deals with IP addresses and routing

Answer 81

Transfer layer -deals with the coordination of the data transfer between end systems and hosts. How much data to send, at what rate, where it goes, etc Deals with TCP and UDP details including port numbers,

Answer 82

Session layer - creates communication channels, called sessions, between devices. Responsible for opening sessions, ensuring they remain open and functional while data is being transferred, and closing them when communication ends When 2 computers or other networked devices need to speak with one another, a session needs to be created. Functions at this layer involve setup, coordination (how long should a system wait for a response) and termination between the applications at each end of the session

Answer 83

Presentation layer - prepares data for the application layer. Defines how 2 devices should encode, encrypt, and compress data so it is received correctly on the other end Presents data for the application or the network. Example of this is encryption and decryption of data for secure transmission

Answer 84

Application layer - specific functionality, such as a web browser connecting to a specific URL. Layer that is the “closest to the end user”. It receives info directly from users and displays incoming data to the user. Used by end-user software such as web browsers and email clients. Provides protocols that allow software to send and receive info and present meaningful data to users. Application layer protocols are the HTTP, FTP, POP, SMTP, & DNS

Answer 85

When the same key is used to encrypt and decrypt Shared key

Answer 86

Uses one key to encrypt and a second key to decrypt. 2 Seperate Keys

Answer 87

Data Loss Prevention - Monitors the data of a system while in use, in transit, or at rest to detect attempts to steal the data. Can used to help identify insider threats Can ensure blaock and monitor data transfers to unauthorized locations. Ensures that private data stays private

Answer 88

Transport Layer Security - Network security protocol commonly used to secure web application connections using HTTPS Cryptographic protocol designed to provide communications security over a computer network Port 443

Answer 89

Takes advantage of a vulnerability

Answer 90

Disaster Recovery Plan

Answer 91

Dynamic Host Configuration Protocol - Used to dynamically assign IP addresses. It will also assign subnet masks, default gateways, etc. Automatically provides and assigns IP addresses, default gateways and other network parameters to client devices Port 67

Answer 92

Firewall on a host computer. Monitors traffic going through the host network Can protect the remote users' computers from network attacks originating from their internet connection

Answer 93

An aspect of your software application that's vulnerable for an attacker to exploit Ex. Open port, or a running network service

Answer 94

Can run a public facing application but still maintain a private back end with servers that aren't publicly accessible

Answer 95

Designed for IP address conservation. It enables private IP networks that use unregistered IP addresses to connect to the Internet. Used in routers to translate private internal IP addresses to routable public addresses Conserves the number of public addresses used within an organization

Answer 96

Part of SOAR. Set of rules that can be largely automated

Answer 97

Part of SOAR. Lists step-by-step actions that need to occur within the SOAR process. Actions are typically performed by humans

Answer 98

Secure Shell, Port 22. Provides encrypted remote access channel to a host system Encrypted Tunnel

Answer 99

Domain Name Service, Port 53.

Answer 100

Provides encrypted web connection to the router Secure web communication using SSL/TLS Port 443

Answer 101

Center for Internet Security. AKA Top 20 controls. Top 20 control groups

Answer 102

Ensures that no employee retains the same amount of access control for a responsibility for more than a given period

Answer 103

Policy that ensures that one single individual isn’t tasked with high-security and high-risk responsibilities. Critical responsibilities are separated between several users to prevent corruption and errors.

Answer 104

IP Flow Information Export Common representation of flow data and a standard means of communicating, as required for transmitting traffic flow information over a network for collection Groups traffic into flows to then send on to a centralized collection point. IPFIX is based on NetFlow v9.

Answer 105

Authenticates the actual communications link before data transmission begins. Data encryption can also be performed in this mode after the link is authenticated.

Answer 106

Certificate Revocation Lists - Where revoked certificate serial numbers are stored

Answer 107

Include gaming systems, printers, appliances, in-vehicle systems, medical devices, cameras, home automation, and HVAC (heating, ventilating, and air conditioning) controls that are network enabled, and sometimes Internet connected, for remote access Combination of computer hardware and software designed for a specific function. Embedded systems may also function within a larger system

Answer 108

Publicly accessible ledgers that record online transactions, based on peer-to-peer technology. A party initiates a block, which is then verified by all the distributed systems and added to the chain (or rejected if not verified). Difficult to cheat the system. Generally, the larger the blockchain, the safer

Answer 109

Sometimes called sniffers...capture network traffic allowing administrators to view and analyze individual packets to examine the network packets sent from the web server to the database server. Through detailed analysis, you can discover which of the requests is sending malformed data and thus causing your database server to crash.

Answer 110

Recovery Time Objectives - Maximum amount of time that is considered tolerable for a service/function to be unavailable Represents the amount of time it takes to identify that there is a problem and then perform recovery the Timeframe following a disaster that an individual IT system may remain offline

Answer 111

Recovery Point Objectives - Maximum acceptable amount of lost data because of an outage The amount of data loss that a system can sustain, measured in time. *An RPO of 24 hours means that the data can be recovered (from a backup copy) to a point not more than 24 hours before the database was infected

Answer 112

Mean Time Between Failures - Average length of time a specific device is expected to work until it fails

Answer 113

Mean Time To Repair - The average length of time from the moment a component fails until it is repaired

Answer 114

The creation of a virtual version of something, such as an operating system (OS), a server, a storage device or network resources. Uses software that simulates hardware functionality to create a virtual system *You can run different websites on a separate virtual machine (VM) running on the same hardware platform. You can run several VMs on one system, and each VM is isolated from the others, thus preventing security issues with one website from affecting other websites

Answer 115

Password cracking tool

Answer 116

Ping command is used to ping a single host device to identify its existence...Ping Sweep helps to ping multiple IP addresses simultaneously Can show which network clients are active and responding to requests

Answer 117

Sender Policy Framework (SPF) - an email authentication method designed to detect forging sender addresses during email delivery

Answer 118

Common form of DDos Attacks

Answer 119

Microsoft Endpoint Configuration Manager (MECM) - provides remote control patch management, software distribution, operating system deployment, network access protection, and hardward/software inventory.

Answer 120

Repeatedly sends initial connection request (SYN) packets...the attacker is able to overwhelm all available ports on a targeted server machine, causing the targeted device to be overwhelmed

Answer 121

Server that sits in front of one or more web servers intercepting requests from clients Sits in front of an origin server and ensures that no client ever communicates directly with that origin server Accepts a request from a client, forwards the request to another one of many other servers, and returns the results from the server that actually processed the request to the client as if the proxy server had processed the request itself. Reverse Proxy: //www.cloudflare.com/img/learning/cdn/glossary/reverse-proxy/reverse-proxy-flow.svg Proxy (Forward): https://www.cloudflare.com/img/learning/cdn/glossary/reverse-proxy/forward-proxy-flow.svg

Answer 122

Server that sits in front of a group of client machines. When those computers make requests to sites and services on the Internet, the proxy server intercepts those requests and then communicates with web servers on behalf of those clients, like a middleman Sits in front of a user and acts as a mediator between users and the web servers they access. User’s request goes through the forward proxy first and then reaches the web page. Once the data from the internet is retrieved, it is sent to the proxy server, redirecting it back to the requester. *From the perspective of the internet server, the request is made by the proxy server itself and not the user Reverse Proxy: //www.cloudflare.com/img/learning/cdn/glossary/reverse-proxy/reverse-proxy-flow.svg Proxy (Forward): https://www.cloudflare.com/img/learning/cdn/glossary/reverse-proxy/forward-proxy-flow.svg

Answer 123

Federal Information Security Management Act - United States federal law that defines a comprehensive framework to protect government information, operations, and assets against natural or human-made threats. FISMA requires that government agencies and other organizations that operate systems on behalf of government agencies comply with security standard

Answer 124

Virus that combines boot and program viruses. First attaches to the boot sector and system files before attacking other files on the computer

Answer 125

Advanced version of an encrypted virus that changes itself every time it is executed by altering the decryption module to avoid detection Changes PART of its code but retains one part of its code that remains the same to stay undetected

Answer 126

Virus that is able to rewrite itself entirely before it attempts to infect a file (advanced version of polymorphic virus) Completely re-writes its code so that each newly propagated version of itself no longer matches its previous iteration to remain undetected

Answer 127

Security Assertion Markup Language - An open standard for exchanging authentication and authorization data between parties between an identity provider and a service provider

Answer 128

Simple identity layer on top of the OAuth 2.0 protocol

Answer 129

Private IP addresses are either 10.x.x.x, 172.16-31.x.x, or 192.168.x.x.

Answer 130

Method employed by many computer anti-virus programs designed to detect previously unknown computer viruses and new variants of viruses already in the wild Detects viruses by examining code for suspicious properties. Designed to spot unknown new viruses and modified versions of existing threats Determines whether several observed data points constitute an indicator and whether related indicators make up an incident depending on a good understanding of the relationship between the observed indicators

Answer 131

Flow analysis tool. Does not capture the full packet capture of data as it crosses the network sensor but captures metadata and statistics about the network traffic. Metadata can highlight trends and patterns in the traffic generated by the malicious user, such as the volume of data sent and received

Answer 132

Family Educational Rights and Privacy Act - Requires educational institutions implement security and privacy controls for student educational records School, Students

Answer 133

Sarbanes-Oxley Act - Affects publicly traded U.S. corporations and requires certain accounting methods and financial reporting requirements Dictates requirements for storing and retaining documents relating to an organization's financial and business operations, including the type of documents to be stored and their retention periods

Answer 134

Conducted by actively connecting to the server using telnet or netcat and collecting the web server's response. Banner usually contains the server's operating system and the version number of the service being run.

Answer 135

Purging includes methods that eliminate information from being feasibly recovered even in a lab environment. Ex: performing a cryptographic erasure (CE) would sanitize and purge the drives' data without harming the drives themselves. Clearing drives leaves the possibility that some tools would allow data recovery

Answer 136

Assembles and sends custom ICMP, UDP, or TCP packets and then displays any replies. It was inspired by the ping command but offered far more control over the probes sent. It also has a handy traceroute mode and supports IP fragmentation. Hping is useful when trying to traceroute/ping/probe hosts behind a firewall that blocks attempts using the standard utilities.

Answer 137

Virtual Land Area Network - logically separate network that is created using switching technology Subnetwork that can group together collections of devices on separate physical local area networks (LANs) Enables a group of devices available in multiple networks to be combined into one logical network *Typically need a router

Answer 138

Microsoft's Group Policy Object (GPO) is a collection of Group Policy settings that defines what a system will look like and how it will behave for a defined group of users. Efficient way to deploy system configuration settings across many Window's devices

Answer 139

Advanced Persistant Threats - highly sophisticated nation-state threat actor that quietly gathers information from compromised systems and can lay in waiting for several months during an ongoing attack

Answer 140

Involves running code and examining the outcome, which also entails testing possible execution paths of the code The process of testing and evaluating a program — while software is running

Answer 141

Password Authentication Protocol (PAP) - Username and password