Sec+ Book Flashcards

Question

XSRF

Answer 1

cross site request forgery web application tricks user into performing acts on a site ex. purchasing

Answer 2

Discretionary access control all objects have owners they modify permissions. DAC allows coworkers to share information within a corporate file system

Answer 3

Advanced Encryption. BLOCK CIPHER encrypts in 128 bit blocks. Can use key sizes 128.192. 256

Answer 4

data encryption standard. Used to provide confidentiality, replaced by AES and 3DES

Answer 5

Group of technologies that prevent data loss ex. block usb

Answer 6

Digital Signature Algorithm encrypts hash of a message

Answer 7

Lightweight directory access protocol used to communicate with directories, indentifies objects and query strings using codes

Answer 8

Internet protocol security a suite of protocols used to encrypt data in transit

Answer 9

Internet Message Access Protocol. Store and manage emails on server

Answer 10

Hashed based one message authentication code. A hashing algorithm to verify message of shared key

Answer 11

HMAC Based one time password. one time password combines with a secrete key

Answer 12

Full disk encryption

Answer 13

Remote Authentication Dial In User Service Process central authentication for remote access client

Answer 14

Public Key Infrastructure Group tech used to request, create, manage, store, distribute or revoke digital certificates. Allows two entities privately share symmetric keys without any prior communication

Answer 15

Password Authentication Protcol. Old protocol that used cleartext

Answer 16

Online Certificate Status Protocol Alternative to CRL. Allows entities to query into the CA with the serial number of a certification

Answer 17

New Technology LAN Manager. Protocols that provide CIA in windows systems,128 bits

Answer 18

Network Access Control - System inspects client to observe health

Answer 19

Microsoft Challenge Handshake Authentication Protocol, provides mutual authentication

Answer 20

restricting access to system resources based on the sensitivity (as represented by a label) of the information contained in the system resource and the formal authorization (i.e., clearance) of users to access information of such sensitivity. method of limiting access to resources based on the sensitivity of the information that the resource contains and the authorization of the user to access information with that level of sensitivity. You define the sensitivity of the resource by means of a security label

Answer 21

Remote Access Trojan

Answer 22

Rivest, SHamir, Adleman - AYSEMMETRIC algorithm used to encrypt data and digitally sign transmissions

Answer 23

Security Assertion Markup Language an XML based standard used to exchange authentication IdP gigitally signs request confirming users identity, then this isent to the SP Service Provider to grant access

Answer 24

Security Control and Data Acquisition - system used to control an Industry Control System

Answer 25

(security orchestration, automation and response) is a stack of compatible software programs that enables an organization to collect data about cybersecurity threats and respond to security events with little or no human assistance.

Answer 26

Security Information and Event Management - Security system that attempts to look at security events throughout organization

Answer 27

Simple network management Protocol - monitor and manage network devices

Answer 28

Secure shell - used to encrypt network traffic

Answer 29

Single Sign on - Authentication method where users can access multiple resources on a network using a single sign on

Answer 30

Spinning Tree Protocol - protects switches from looping

Answer 31

Terminal Access Controller Access Control System+ provides central authentication for remote access clients

Answer 32

time based one time password uses a timestamp that expires after a set time

Answer 33

Trusted Platform Module- chip on a motherboard that produces full disk encryption, remote attestation, and a secure boot process

Answer 34

Unified Threat Manager - group of security controls combined in a single solution

Answer 35

one that uses tech to reduce vulnerabilities. encryption, antivirus, IDS, firewalls, least priveldge

Answer 36

user or entity should only have access to the specific data, resources and applications needed to complete a required task.

Answer 37

risk vulnerability assessments, day to day ops, security and awareness training

Answer 38

Prevent security incidents including hardening, user training, guards, account management

Answer 39

attempts to reverse the impact of an incident or problem after its occured, IPS< backups, recover plans

Answer 40

when you cant use the primary control

Answer 41

view stats for TCP/IP Protocols

Answer 42

allows multiple servers to operate on a single physical host

Answer 43

when the number of virtual machines (VMs) on a network reaches a point where administrators can no longer manage them effectively

Answer 44

view and manipluate the ARP cache

Answer 45

the attacker runs code on a VM that allows an operating system running within it to break out and interact directly with the hypervisor

Answer 46

Role Based Access Control - used roles to manage rights and perms for users.

Answer 47

uses rules like a firewall

Answer 48

Attribute based access control uses policies to evaluate attributes and grant access when the system detects a match in the policy. You can also use an ABAC policy to enforce more complex behavior, such as 'users from the Sales department can only edit CRM records during work hours.

Answer 49

quality of the biometric system

Answer 50

percentage of time false rejections occur

Answer 51

credit card sized cards that authenticate using PKI. Certificate based

Answer 52

Authentication protocol using tickets

Answer 53

A metaphor for physicals isolation, indicating that a system or network is completelty isolated from another system/network

Answer 54

Demilitriziaed Zone - provides a layer of security for servers that are accessible from the internet

Answer 55

Protects a web server against web application attacks, usually placed in the DMZ

Answer 56

provides strong port secuirty using port based authentication. Prevents rogue devices form connection to a network by ensuring that only authorized clients can

Answer 57

Server Set Identifier is the name of the wireless network. Disabling ssid broadcast hides a wireless network from casual users

Answer 58

sends information to a device sending unsolicited messages thru the phone.

Answer 59

g takes information from a device unauthorized access from a bluetooth device

Answer 60

Infastrucutre as a service provides hardware resources via cloud. Limit the size of an org's hardware footprint

Answer 61

Platform As A service - provides an easy to configure OS and on demand computing for customers

Answer 62

changes commands on a linux system

Answer 63

attackers modify a sites that a targeted groups visits and infects them with malware

Answer 64

misleads the computer about the actual mac. used for man in the middle attacks

Answer 65

occurs when the hashing algorithm creates the same hash for different passwords

Answer 66

Attacker is able to create a passwords that uses the same has as the actual users password

Answer 67

buffer overflow, SQL Injection, command injection, cross site scripting, XSRF

Answer 68

where the system's substantive behavior is dependent on the sequence or timing of other uncontrollable events, leading to unexpected or inconsistent results

Answer 69

pen testing with zero prior knowledge

Answer 70

pen testing with full knowledge of the enviroment

Answer 71

a command line protocol analyzer.

Answer 72

network scanner run form the command line

Answer 73

used to remotley administer servers. can be used for banner grabbing

Answer 74

identify when service starts and stops

Answer 75

Security Information and Event Management aggregate and correlate logs from multiple sources in a single location. continous monitoring and automated alerting and triggering

Answer 76

Tech controls you can touch

Answer 77

Secure mobile computers and laptops

Answer 78

physical sec control that ensures a computer or network is physically isolated from another computer or network

Answer 79

Recovery Point Object Refers to the amount of data you can afford to lose

Answer 80

Recover Time Object maximum amount of time it should take to restore a system after an outage

Answer 81

Mean Time Before Repair average time between failures

Answer 82

Mean Time To Repair average time it takes to restore a failed system

Answer 83

Discussion based only

Answer 84

Uses the same key to encrypt and decrypt data

Answer 85

used a public and private key to create a matched pair

Answer 86

prevents a party from denying an action

Answer 87

Commonly used stream cipher, symmetric

Answer 88

S/MIME and PGP, both use RSA and certificates

Answer 89

stores cop of private keys used in PKI

Answer 90

use a * for child domains to reduce the admin burden of managing certificates

Answer 91

all sensitive data has been removed from the device

Answer 92

completely removing all remnants of data on a disk by using 1s and 0s to overwrite bits

Answer 93

a very powerful electronic magnet that renders data on a tape and data disk drives unreadable

Answer 94

Acceptable Use Policy proper system usage for users and spells out rules of behavior when accessing systems and networks

Answer 95

Non disclosure Agreement ensure that proprietary data is not shared

Answer 96

Overall responsible for the data

Answer 97

Ensure the company complies with relevant laws to protect private data, PII, PHI

Answer 98

Service Level Agreement agreement between a company and a vendor that stipulated performance expectations such as min uptime and max downtime

Answer 99

handles routine tasks to protect data

Answer 100

cache memory, RAM, paging file, hard drive data, logs stored remote, achrived media

Answer 101

uses a list of known domains/IP addresses belonging to malicious hosts and uses an internal DNS server to create a fake reply.

Answer 102

commonly used with physical access control systems and relies upon RFID devices embedded into a token

Answer 103

Any security measures that are designed to deter or prevent unauthorized access to sensitive information or the systems that contain it Alarm systems, locks, surveillance cameras, identification cards, and security guards

Answer 104

Safeguards and countermeasures used to avoid, detect, counteract, or minimize security risks to our systems and information Smart cards, encryption, access control lists (ACLs), intrusion detection systems, and network authentication

Answer 105

Focused on changing the behavior of people instead of removing the actual risk involved Policies, procedures, security awareness training, contingency planning, and disaster recovery plans. User training is the most cost-effective security control to use

Answer 106

Non-malicious hackers who attempt to break into a company’s systems at their request

Answer 107

Methods of obtaining information about a person or organization through public records, websites, and social media

Answer 108

A model developed by Lockheed Martin that describes the stages by which a threat actor progresses a network intrusion

Answer 109

Advanced version of an encrypted virus that changes itself every time it is executed by altering the decryption module to avoid detection

Answer 110

Malware is placed on a website that you know your potential victims will access ex. diontrainings.com rather than diontraining.com

Answer 111

Occurs when you are able to exploit a design flaw or bug in a system to gain access to resources that a normal user isn’t able to access

Answer 112

Malicious code that has been inserted inside a program and will execute only when certain conditions have been met

Answer 113

A specific string of bytes triggers an alert

Answer 114

Malicious activity is identified as an attack

Answer 115

Legitimate activity is identified as an attack

Answer 116

Legitimate activity is identified as legitimate traffic

Answer 117

Malicious activity is identified as legitimate traffic

Answer 118

Firmware that provides the computer instructions for how to accept input and send output ▪ Unified Extensible Firmware Interface (UEFI) ▪ BIOS and UEFI are used interchangeable in this lesson

Answer 119

Microsoft’s System Center Configuration Management

Answer 120

Storage devices that connect directly to your organization’s network. NAS systems often implement RAID arrays to ensure high availability

Answer 121

A type of system firmware providing support for 64-bit CPU operation at boot, full GUI and mouse operation at boot, and better boot security

Answer 122

A UEFI feature that prevents unwanted processes from executing during the boot operation

Answer 123

Manages the distribution of the physical resources of a host machine (server) to the virtual machines being run (guests)

Answer 124

Layering of security controls is more effective and secure than relying on a single control

Answer 125

Method of accessing unauthorized directories by moving through the directory structure on a remote server

Answer 126

A software vulnerability when the resulting outcome from execution processes is directly dependent on the order and timing of certain events, and those events fail to execute in the order and timing intended by the developer

Answer 127

Attempt to overwhelm the limited switch memory set aside to store the MAC addresses for each port Switches can fail-open when flooded and begin to act like a hub

Answer 128

▪ An ordered set of rules that a router uses to decide whether to permit or deny traffic based upon given characteristics ▪ IP Spoofing is used to trick a router’s ACL

Answer 129

▪ Hosts or servers in the DMZ which are not configured with any services that run on the local network ▪ To configure devices in the DMZ, a jumpbox is utilized

Answer 130

Process of changing an IP address while it transits across a router ▪ sing NAT can help us hide our network IPs

Answer 131

Filters traffic based upon the ports being utilized and type of connection (TCP or UDP)

Answer 132

Firewall installed to protect your server by inspecting traffic being sent to a web application ▪ A WAF can prevent a XSS or SQL injection

Answer 133

A device that acts as a middle man between a device and a remote server

Answer 134

Combination of network security devices and technologies to provide more defense in depth within a single device. UTM may include a firewall, NIDS/NIPS, content filter, anti-malware, DLP, and VPN. UTM is also known as a Next Generation Firewall (NGFW)

Answer 135

VDI allows a cloud provider to offer a full desktop operating system to an end user from a centralized server

Answer 136

Provides all the hardware, operating system, software, and applications needed for a complete service to be delivered

Answer 137

Provides all the hardware, operating system, and backend software needed in order to develop your own software or service

Answer 138

Provides your organization with the hardware and software needed for a specific service to operate

Answer 139

A server that acts as a central repository of all the user accounts and their associated passwords for the network

Answer 140

A specialized type of file server that is used to host files for distribution across the web

Answer 141

▪ A software development method where code updates are tested and committed to a development or build server/code repository rapidly ▪ Continuous integration can test and commit updates multiple times per day ▪ Continuous integration detects and resolves development conflicts early and often

Answer 142

Continuous deployment focuses on automated testing and release of code in order to get it into the production environment more quickly. A software development method where application and platform updates are committed to production rapidly

Answer 143

A software development method where application and platform requirements are frequently tested and validated for immediate availability. Continuous delivery focuses on automated testing of code in order to get it ready for release

Answer 144

An attacker attempts to flood the server by sending too many ICMP echo request packets (which are known as pings)

Answer 145

Attacker sends a ping to subnet broadcast address and devices reply to spoofed IP (victim server), using up bandwidth and processing

Answer 146

Variant on a Denial of Service (DOS) attack where attacker initiates multiple TCP sessions but never completes the 3-way handshake

Answer 147

Attack that causes data to flow through the attacker’s computer where they can intercept or manipulate the data

Answer 148

Occurs when malware is placed on a website that the attacker knows his potential victims will access

Answer 149

Network-based attack where a valid data transmission is fraudulently or malicious rebroadcast, repeated, or delayed

Answer 150

▪ Uniquely identifies the network and is the name of the WAP used by the clients ▪ Disable the SSID broadcast in the exam

Answer 151

A rogue, counterfeit, and unauthorized WAP with the same SSID as your valid one

Answer 152

▪ A secure password-based authentication and password-authenticated key agreement method

Answer 153

802.11i standard to provide better wireless security featuring AES with a 128-bit key, CCMP, and integrity checking ▪ WPA2 is considered the best wireless encryption available

Answer 154

Open == No security or protection provided WEP + IV WPA == TKIP and RC4 WPA2 = CCMP AND AES

Answer 155

HVAC systems may be connected to ICS and SCADA networks

Answer 156

An open standard and decentralized protocol that is used to authenticate users in a federated identity management system ● User logs into an Identity Provider (IP) and uses their account at Relying Parties (RP) ● OpenID is easier to implement than SAML ● SAML is more efficient than OpenID

Answer 157

Attestation model built upon XML used to share federated identity management information between systems

Answer 158

IEEE standard that defines Port-based Network Access Control (PNAC) and is a data link layer authentication technology used to connected devices to a wired or wireless LAN ▪ RADIUS ▪ TACACS+ ▪ 802.1x can prevent rogue devices

Answer 159

A framework of protocols that allows for numerous methods of authentication including passwords, digital certificates, and public key infrastructure

Answer 160

A database used to centralize information about clients and objects on the network Unencrypted Port 389 Encrypted Port 636 Active Directory is Microsoft’s version

Answer 161

Used to provide authentication by using the user’s password to encrypt a challenge string of random numbers

Answer 162

Allows end users to create a tunnel over an untrusted network and connect remotely and securely back into the enterprise network. Client-to-Site VPN or Remote Access VPN

Answer 163

Provides centralized administration of dial-up, VPN, and wireless authentication services for 802.1x and the Extensible Authentication Protocol (EAP)

Answer 164

The access control policy is determined by the owner 1. Every object in a system must have an owner 2. Each owner determines access rights and permissions for each object

Answer 165

An access control policy where the computer system determines the access control for an object. The owner chooses the permissions in DAC but in MAC, the computer does. MAC relies on security labels being assigned to every user (called a subject) and every file/folder/device or network connection (called an object). Data labels create trust levels for all subjects and objects

Answer 166

All access to a resource should be denied by default and only be allowed when explicitly stated

Answer 167

Requires more than one person to conduct a sensitive task or operation

Answer 168

Occurs when users are cycled through various jobs to learn the overall operations better, reduce their boredom, enhance their skill level, and most importantly, increase our security

Answer 169

Program in Linux that is used to change the permissions or rights of a file or folder using a shorthand number system

Answer 170

A strategy that requires stopping the activity that has risk or choosing a less risky alternative

Answer 171

s uses numerical and monetary values to calculate risk

Answer 172

Method where a program attempts to guess the password by using a list of possible passwords

Answer 173

List of precomputed valued used to more quickly break a password since values don’t have to be calculated for each password being guessed. crack the password hashes in a database

Answer 174

A TCP/IP protocol that aids in monitoring network-attached devices and computers. SNMP is incorporated into a network management and monitoring system

Answer 175

An automated version of a playbook that leaves clearly defined interaction points for human analysis

Answer 176

A command line utility used to copy disk images using a bit by bit copying process

Answer 177

A data preview and imaging tool that lets you quickly assess electronic evidence to determine if further analysis with a forensic tool is needed

Answer 178

A command line utility used to dump system memory to the standard output stream by skipping over holes in memory maps

Answer 179

Utility that supports encrypted data transfer between two computers for secure logins, file transfers, or general purpose connections

Answer 180

Utility that displays network connections for Transmission Control Protocol, routing tables, and a number of network interface and network protocol statistics

Answer 181

Risk acceptance: choosing (or not choosing) to take an action that affects risk to the organization Risk appetite: how much risk you can accept.