Security+ Flashcards
(298 cards)
1
Q
Phishing
A
Social engineering email trying to spoof users into entering in credentials.
2
Q
Typosquatting
A
Attackers slightly changing the URL to make it look legit.
Ex - www.googe.com instead of www.google.com
3
Q
Pharming
A
Occurs when an attacker redirects one website’s traffic to another
website that is bogus or malicious
4
Q
Vishing
A
(voice phishing) Phone call to you
5
Q
Smishing
A
SMS phishing, text message to you.
6
Q
Spear Phishing
A
targeted phishing with prior reconnaissance done.
7
Q
Impersonation
A
attackers impersonate or make up a story to gain your trust or attention.
Ex. “This is Jim calling from Microsoft Support, we need you to call us because there are issues with your computer”.
8
Q
Dumpster Diving
A
Physical dumpster diving by an attacker, sifting through trash to get information from things that may have been thrown out.
9
Q
Shoulder Surfing
A
Physically looking over someone’s shoulder, looking at your computer and gaining information.
10
Q
Hoax
A
A fake situation that is designed to fool your users into thinking its real.
11
Q
Watering Hole Attacks
A
Attackers target a third party site that you or your users use. They then attack that site, and thus gain access to your information or user’s information.
Ex. Attacking Vanta and redirecting their DNS to a spoofed site
12
Q
Influence Campaigns
A
Attackers advertise online or post propaganda to influence the opinions of others
Ex - Political campaigns involving falsehoods.
13
Q
Tailgating
A
Attacker physically follows you inside the building using your credentials.
14
Q
Invoice Scams
A
Attacker sends an email with a fake invoice to the user who pays invoices.
15
Q
Credential Harvesting
A
Malware software that extracts credentials stored on your local machine and sends them in an email to an attacker.
16
Q
Botnet
A
Group of machines that have the same malware on them. Attackers can execute bulk actions on all machines inside the botnet.
17
Q
Bot
A
Single host in a botnet
18
Q
Virus
A
Needs human intervention to run, can replicate itself
19
Q
Worms
A
No human intervention, uses vulnerabilities in the OS or apps installed to move itself from system to system. Usually resolved via firewall rules, which stops the network transmission to other hosts.
20
Q
Ransomware
A
encryption of data, ransom has to be met in order for data to be decrypted.
21
Q
Crypto-malware
A
Encrypts all data on a machine and only decrypts and restores it using a proper key. This is the underlying technique behind ransomware attacks.
22
Q
Trojan
A
Software that pretends to be something else, you run it and it turns out to be malware. Designed to be non-threatening to standard AV and other common types of defenses.
23
Q
PUP (Potentially Unwanted Program)
A
Not malicious in character but bothersome and hard to remove.
Ex - an add toolbar within your web browser.
24
Q
Backdoor
A
Malware creates a backdoor, or new way of gaining access to your system for easy access in the future. Other malware can use this new backdoor to infect your system, as it now opened a new vulnerability.
25
RAT (Remote Access Trojan)
Remote administration tool, the ultimate backdoor.
26
Rootkit
Rootkits modify files in the kernel of the OS, making it invisible to AV since AV does not detect the kernel as malicious.
27
What makes rootkits so dangerous?
Rootkits focus on stealth and can create an environment on the kernel of the OS which then allows additional malware to run within that environment, undetected.
28
Adware
Malware that installs a ton of advertisements on your computer and are generally difficult to remove.
29
Spyware
Malware that spies on your computer and activity. Often is a trojan horse.
30
Logic Bombs
Waits for a predefined event to happen on a system, then start.
31
Why is it typically hard to triage a logic bomb?
In most cases, logic bombs delete themselves from the system after running - making it hard to trace the route of attack.
32
Hashing
technique used to protect user passwords by converting them into a different form called a hash.
33
What is SHA-256?
A popular hashing algorithm.
34
Hash Function
the algorithm used to hash the plaintext password values.
35
Hash Value
The result of the password going through the hash function. These are very very large in length and are nearly impossible to have duplicates unless the plaintext password is the same.
36
Hash Space
the set of all possible hash values that can be produced by a particular hash function
37
Hash Collision
when two hash values are the same
38
Salting
A unique identifier added to plaintext passwords BEFORE running them through a hash function. This is to differentiate them if multiple users use the same password.
39
Rainbow Tables
Optimized, pre-built table of hash values for common passwords.
40
How are passwords in databases typically kept?
The passwords in databases are typically salted and hashed.
41
Spraying Attack
systematically trying a few commonly used passwords against multiple accounts or targets before stopping to avoid detection.
42
Brute Force
systematically trying all possible combinations of passwords until the correct one is found.
-You can also brute force hashes if an attacker grabs a hash value.
-They can go through a wordlist and put all of them through a hash function until they get a resulting hash value that matches.
43
Dictionary Attack
systematically trying a list of common words, phrases, or passwords from a pre-existing "dictionary."
44
Physical Attacks
Compromised USB devices, cables, etc.
Skimming credit card numbers
45
Adversarial AI
When PII is put into an AI system and attackers interact with the AI system and get the bot or system to give it PII data that was used to train it.
46
Supply Chain Attacks
When a third party vendor is attacked and the attack is then transferred over to you.
Ex - LastPass hacked.
47
Privilege Escalation
Design flaw that allows a normal user to gain access to administrative permissions
48
Cross Site Scripting (XSS)
type of security vulnerability that occurs when a website or web application allows malicious scripts to be injected and executed in users' browsers
49
Stored XSS
On the site itself, anyone who visits the site runs the malicious script.
50
Reflected XSS
User has to visit the site and click a particular section or button to get the malicious script to run.
51
Injection Attack
type of security attack where malicious code is inserted into a computer program or system, causing it to execute unintended commands or actions
Ex. - SQL Injections are very common.
52
Buffer Overflow
a type of security vulnerability that occurs when a program or system writes more data into a buffer (a temporary storage area) than it can handle. This extra data overflows into adjacent memory locations, potentially causing the program to crash or allowing the attacker to execute malicious code.
53
Replay Attacks
an attacker intercepts and maliciously retransmits captured data to deceive a system or gain unauthorized access. In simple terms, a replay attack occurs when an attacker copies and replays previously captured data to trick a system into accepting it as valid.
54
Request Forgeries
an attacker tricks a user's web browser into making an unintended and unauthorized request on their behalf
55
What is an example of a request forgery attack?
Ex - You’re signed into your bank account on one tab and visit a malicious site on another tab. This site runs a script that makes a request related to your bank account and because you are already signed in, the request goes through without you even realizing.
56
Driver Manipulation
Attacks that utilize the drivers built into your OS
57
SSL Stripping
a type of attack where an attacker intercepts communication between a user's web browser and a website, and downgrades the secure HTTPS connection to an insecure HTTP connection.
58
Race Conditions
occur when different parts of a program "race" to use the same thing, and the order they finish in affects the final result.
59
What is an example of a race condition flaw?
You and Jamie wanting to put $50 into the checking account but you both do it at the same time and now you have $100 in the account.
60
Rouge Access Points
Access point that has been added to your network without your authorization.
61
Wireless Evil Twin
Malicious Network with same SSID as your real one
62
Bluejacking
Sending a message to someone else’s device via bluetooth.
63
Bluesnarfing
attackers gain unauthorized access to information on a Bluetooth-enabled device, such as a smartphone or tablet
64
Wireless Disassociation
disruption attacks that disrupts or disconnects wireless network connections between devices.
65
Wireless Jamming
Attackers transmit interference signals that take down a network due to interference.
66
RFID Attack
can do replay attack and spoof the RFID ID, jam the signal between the RFID
67
NFC Attack
can do replay attack and spoof the NFC ID, jam the signal between the NFC
68
Randomizing Cryptography
When the encryption method does not do a good enough job of obscuring the original value.
Ex - “Password” turned into “Passw0rd”. You can still tell the original value.
69
Cryptographic Nonce
a unique and random number used in cryptography to add extra security to communication and prevent replay attacks
70
On-Path Attack
MITM (man in the middle) attack, where an attacker inserts themselves into the communication path between two parties. By doing so, they can intercept and manipulate the data being transmitted between them
71
Address Resolution Protocol (ARP)
a network protocol used to translate or resolve IP addresses to physical or MAC addresses in a local network
72
MAC Cloning
involves creating a duplicate or fake MAC address to impersonate another device on the network
73
MAC Flooding
a technique where a large number of MAC addresses are continuously sent to a network switch, overwhelming its memory capacity.
74
DNS Poisoning
a technique used by attackers to manipulate or corrupt the information in the DNS server's cache.
Ex - An attacker changes the value in the DNS server to a malicious one. Once a user queries the DNS server, they are redirected to the malicious site.
75
Denial of Service (DoS)
attacker overwhelms a target system or network with a flood of excessive requests or data.
76
Malicious Scripts/Scripting
Scripts that can help attackers automate the attack pipeline.
77
Threat Actor
an entity responsible for an event that has a negative impact on a different entity.
78
Insider
Someone on the inside of your organization that is doing something malicious
79
Nation State
Someone from the government that is doing something malicious.
80
Hacktivist
Hacker +Activist
81
Script Kiddie
A beginner who runs pre-made scripts to execute cyber attacks but does not necessarily know what is actually going on.
82
Organized Crime
Professional criminals, motivated by financial gain.
83
Shadow IT
the user working around their internal IT department.
Ex - Someone purchasing their own laptop and working from that instead of a corporate owned one.
84
Attack Vector
a method used by attackers
85
Threat Intelligence
Researching latest threats
86
Open Source Intelligence (OSINT)
Intel from publicly available sources
87
Closed Intelligence
Have to pay cost to a provider for expert level intel on vulnerabilities
88
CVE
Common Vulnerabilities and Exposures
89
Indicators of Compromise (IOC)
An event that indicates an intrusion
Irregular patterns or abnormalities
90
SIEM
Security Information & Event Management
91
SOAR
Security Orchestration Automation & Response
92
How many "color" security teams are typically in an organization? What are the 4 colors?
4 Teams - Red, Blue, Purple, White
93
Red Team
Offensive, attackers
94
Blue Team
Defense, defenders, incident response
95
Purple Team
Both red and blue team, both share information.
96
White Team
Oversees the red and blue teams.
97
Configuration Management
Documenting change of configurations and systems
98
Baseline Configuration
Getting an idea of what your baseline is so you can build and improve off of it
99
Standard Naming Convention
defining a standard naming convention for endpoints, APs, and other points of your system.
100
Data Masking
using asterisk or some form of censorship to protect sensitive data.
101
PII
Personal Identifiable Information
102
Data Encryption
Encrypting data to protect it.
103
Plaintext
data before encryption
104
Ciphertext
data after encryption
105
Data At Rest
Data sitting stationary on a drive, not moving.
106
Data In Motion
Data transmitted over a network
107
Data In Use
Data actively processing in the memory of an OS
108
Tokenization
the process of replacing sensitive data, such as credit card numbers or personal identification information, with unique identification tokens
109
What is a real world example of tokenization?
Used in NFC credit card transactions, your card number never actually gets sent to the merchant.
110
Information Rights Management (IRM) -
a security approach that allows organizations to control and protect sensitive information throughout its lifecycle. With IRM, users can apply specific access permissions, restrictions, and encryption to their documents or files.
111
Data Loss Prevention (DLP)
a security strategy and set of technologies that aim to prevent sensitive data from being lost, leaked, or exposed to unauthorized individuals.
112
Incident Response Plan
plan that executes in the event of an incident.
113
HoneyPot
A fake system that looks enticing for hackers to attack. No real access to your production system.
114
Define the user's role in security in: Infrastructure as a Service (IaaS), such as AWS.
You still have to maintain security in the cloud
115
Define the user's role in security in: Software as a Service (SaaS), like Hi Marley.
3rd party service responsible for security and maintenance.
116
Define the user's role in security in: Platform as a Service (PaaS), such as AWS Elastic Beanstalk.
3rd party provides building blocks for building web applications, security responsibility is shared between the provider and the user.
117
MSSP
Managed Security Service Provider
118
IaaC
Infrastructure as code
119
VM Sprawl
When you do not spin down VMs after they are no longer needed.
120
Authentication Methods
Methods used by an end user to gain access to a system.
121
Kerberos
an authentication method that provides secure and trusted access to network resources. It uses a client-server model to verify the identities of users and services before granting access.
Ex - Like a ticketing system for authentication
122
LDAP
Authentication against a directory service, such as Microsoft AD.
123
Federation
Authentication using a third party site like Google, Facebook, Apple, etc.
124
Attestation
Proving the hardware that is connecting to your network is really yours. This prevents employees from using personal machines.
125
TOTP
Time-based One-Time Password.
126
Biometrics
Touch ID, Face ID, etc. for authentication
127
MFA
Multi-Factor Authentication
128
RAID
Redundant Array of Independent Disks. It is a technology that combines multiple physical hard drives into a single logical unit to improve data storage performance, reliability, and/or capacity. If one drive fails, the other ones can pick up the slack.
129
What are the 4 "somethings" of MFA?
Something you have (Phone, MFA code)
Something you are (Fingerprint, FaceID)
Somewhere you are (Based on geographic location)
Something you can do (Handwriting analysis)
130
Cipher
The algorithm used to encrypt
131
Cryptanalysis
The art of cracking encryption
132
Cryptographic Key
essentially a secret code that enables encryption and decryption processes.
133
Homomorphic Encryption
an advanced cryptographic technique that allows computations to be performed on encrypted data without decrypting it first. In simple terms, it enables computations to be carried out on sensitive data while it remains encrypted, providing privacy and security.
134
Symmetric Encryption
uses a single key to encrypt and decrypt data.
135
Asymmetric Encryption
two or more keys. One to decrypt and one to encrypt.
136
Key Pair
a pair of cryptographic keys that are mathematically related. The pair consists of a public key and a private key, and they work together to provide secure communication and data protection.
137
Digital Signature
cryptographic technique used to verify the authenticity and integrity of digital messages, documents, or software. It provides a way to prove that a particular piece of digital content originated from a specific sender and has not been tampered with.
138
Steganography
a technique used to hide secret or sensitive information within seemingly innocuous or unrelated digital content, such as images, audio files, or text documents. It is the practice of concealing one message within another to prevent detection by unintended recipients.
139
What is a real world example of steganography?
Ex - If a youtube thumbnail has a picture of a giraffe but when you click on the video, it is actually PII.
140
Stream Cipher
a cryptographic algorithm that operates on individual bits or bytes of data, encrypting or decrypting them one at a time in a continuous stream
141
Block Cipher
a type of encryption algorithm that operates on fixed-length blocks of data. It breaks the plaintext into fixed-size blocks and applies a series of encryption steps to each block individually, resulting in corresponding blocks of ciphertext.
142
Cipher Block Chaining (CBC)
a mode of operation used in block ciphers to provide confidentiality and integrity to encrypted data. It is a widely used mode that adds an extra layer of security to the encryption process.
Ex - Works by combining the plaintext blocks with the ciphertext blocks from the previous encryption step. Each plaintext block is XORed (combined with) the previous ciphertext block before being encrypted.
143
Blockchain
digital ledger technology that allows multiple parties to maintain a shared and tamper-proof record of transactions or data
144
Why can't you edit information in a Blockchain?
Each block is “locked” to the previous one, no transaction or event can be changed once put into the blockchain.
145
Endpoint Detection and Response (EDR)
protects endpoints by continuously monitoring and analyzing the behavior of endpoints, providing timely alerts and enabling rapid incident response to keep your devices and data safe.
146
Next Generation Firewall (NGFW)
a type of advanced network security device that combines traditional firewall capabilities with additional features for enhanced protection. It provides a more intelligent and dynamic approach to network security by inspecting network traffic at the application layer, allowing it to identify and block not only basic threats but also more sophisticated attacks.
147
Host-Based Intrusion Detection System (HIDS)
works by analyzing system logs, file integrity, network connections, and other host-related events to identify potential attacks. Lives on the host itself
148
Host-Based Intrusion Prevention System (HIPS)
unlike HIDS, HIPS not only detects and alerts about potential intrusions or security breaches but also takes proactive measures to prevent them. It can actively block or restrict suspicious activities, such as unauthorized access attempts, malware execution, or system configuration changes
149
Boot Integrity
the assurance that the initial startup process of a computer system, known as the boot process, has not been compromised or tampered with
150
Trusted Platform Module (TPM)
a hardware-based security component that provides a secure foundation for security functions. This component is built into the motherboard of the computer.
151
BIOS Secure Boot
Secure boot ensures that nothing on the bootloader has changed or been tampered with from the last time it was booted. If it has, it will not boot the machine.
152
Trusted Boot
This verifies the digital signature of the actual OS Kernel to ensure it has not been changed or tampered with. If it has, the boot will stop.
153
Early Launch Anti-Malware (ELAM)
Checks every installed driver on the machine to ensure it is trusted. If a driver is untrusted, the computer will not load it.
154
Measured Boot
a security feature that checks if the computer's startup process has been changed or tampered with. It keeps a record of the boot components and compares them during each startup to detect any unauthorized modifications
155
Application Security
The process of making sure your web application is secure.
156
Input Validation
a process used to verify and ensure the correctness, integrity, and safety of data entered into an application.
157
Dynamic Analysis (fuzzing)
a software testing technique used to discover vulnerabilities or software defects by feeding unexpected, random, or malformed inputs to an application or system. The goal is to cause the application to behave in different ways.
158
Cookies
small files that websites store on your computer or device to remember information about you
159
HTTP Secure Headers
additional security measures used by web servers to protect websites. They can restrict the type of processes that occur while the website or web application is being used.
160
Code Signing
a security practice used to verify the authenticity and integrity of software or code. It involves digitally signing the code with a unique cryptographic signature to confirm its origin and ensure that it has not been tampered with.
161
Static Application Security Testing (SAST)
a technique used to analyze the source code or software application without executing it. It involves scanning the codebase for potential security vulnerabilities, coding errors, and other issues that could pose a risk to the application's security.
162
Dynamic Application Security Testing (DAST)
technique used to assess the security of a web application by analyzing it while it is running. DAST runs the app in a closed environment and actively tries to attack it.
163
Load Balancing
a technique used to distribute incoming network traffic across multiple servers or resources to ensure optimal performance and prevent overload
164
Network Segmentation
the practice of dividing a computer network into smaller, isolated subnetworks or segments to ensure network security.
165
Virtual Local Area Networks (VLAN)
a technology that allows the creation of logical network segments within a physical network infrastructure. VLANs separate network devices into different broadcast domains, even if they are connected to the same physical network. This ensures you can complete network segmentation while still using the same hardware.
166
Screened Subnet (DMZ)
a network architecture that adds an additional layer of security between an internal network and an external network, such as the internet. It involves creating a separate subnet where publicly accessible services, such as web servers or email servers, are placed. When in this zone, communication is not possible to other aspects of your network.
167
Zero Trust Networking
Traffic flow within the network itself is verified every step of the way to ensure authenticity and trust.
168
Virtual Private Network (VPN)
Encrypted private network.
169
Name the 4 most common types of VPNs
-Site to Site VPN
-Remote Access VPN
-SSL/TLS VPN
-IPSec VPN
170
Site-to-Site VPN
also known as a network-to-network VPN, connects multiple networks located in different physical locations over the internet.
171
Remote Access VPN
enables individual users to securely connect to a private network from a remote location.
172
SSL/TLS VPN
utilizes SSL or TLS protocols to establish a secure connection between a client's web browser and a remote network or application. It provides secure remote access to specific web-based resources without requiring the installation of dedicated VPN client software.
173
IPSec VPN
a protocol suite that provides secure communication over IP networks. It can be implemented in both site-to-site and remote access scenarios,
174
VPN Concentrator
serves as a central point for aggregating and processing VPN connections from various sources.
175
Full Tunnel
all traffic from the client goes through the VPN concentrator.
176
Split Tunnel
some traffic from the client goes through the VPN concentrator.
177
Stateless Firewall
each network packet is inspected and compared against the NACL, regardless of past history.
178
Stateful Firewall
remembers what was allowed previously and uses that information to determine if the traffic should be approved or denied.
179
Web Application Firewall (WAF)
designed to protect web applications from various online threats and attacks. It sits between the web server and the internet, monitoring and filtering the incoming and outgoing web traffic.
180
Network Access Control (NAC)
a security technology that regulates and controls access to a computer network based on the identity and security posture of devices or users
181
Access Control List (ACL)
allow/disallow traffic based on attributes (IP, port, etc.)
182
Proxy Server
All traffic goes through this server, making traffic requests on behalf of users instead of them doing it themselves.
183
Jump Server
A server accessible via VPN or other means. Once accessed, you can “jump” to other servers inside the private network.
184
Security Assertion Markup Language (SAML)
an XML-based standard used for exchanging authentication and authorization information between different systems. It enables Single Sign-On (SSO) functionality, allowing users to authenticate once and access multiple applications or services without the need to provide credentials repeatedly.
185
Open Authorization (OAuth)
an industry-standard protocol used for secure and delegated access to resources on the web. It allows users to grant permission to third-party applications or services to access their protected resources (such as personal data or online accounts) without sharing their login credentials
186
What is a real world example of OAuth?
Ex - Linking your LinkedIn with your Google Account.
187
Role Based Access Control (RBAC)
Access to systems based on your role and functions within the business.
188
Conditional Access
a security measure that allows or denies access to resources based on specific conditions or criteria. It ensures that users can access sensitive information or systems only when certain requirements are met.
189
Privileged Access Management (PAM)
a security practice that focuses on managing and controlling access to privileged accounts or administrative privileges within an organization's IT infrastructure
190
Certificate Authority (CA)
a trusted entity that issues digital certificates to validate the authenticity and integrity of information in electronic transactions
191
Recovery Time Objective (RTO)
the maximum acceptable amount of time a business or system can be offline or non-functional before recovery or restoration is completed
192
Recovery Point Objective (RPO)
represents the maximum acceptable amount of data that can be lost or unrecoverable in the event of a disruption or incident.
193
Functional Recovery Plan (FRP)
a document or strategy outlining the specific steps and procedures required to restore and resume the normal functioning of a system, process, or business function after an incident or disruption
194
Disaster Recovery Plan (DRP)
a structured and documented approach that outlines the steps and procedures to recover and restore critical systems, data, and infrastructure after a major disruption or disaster.
195
What is the difference between FRP and DRP?
DRP focuses on the entire business as a whole while FRP focuses on a specific aspect of the business that may have experienced a disruption or outage.
196
What is the difference between RTO and RPO?
RTO is in regard to time or duration acceptable for an outage.
RPO is in regard to an amount of data lost in an outage that is acceptable. For example, if an RPO is 1 hour - the company would be expected to be able to restore data from a backup at least 1 hour BEFORE the outage happened.
197
Protected Health Information (PHI)
any individually identifiable health information that is collected, stored, or transmitted by healthcare providers
198
Data Minimization
a principle of privacy and data protection that advocates for collecting, processing, and retaining only the minimum amount of personal data necessary for a specific purpose.
199
What tool would help a security analyst identify rouge devices on a network?
Router and switch-based MAC address reporting.
200
What is the hashing algorithm that results in a 128-bit fixed output?
MD-5
201
IP spoofing is involved in what type of attack?
On-path attack
202
Defense in Depth
the concept of layering various network appliances and configurations to create a more secure and defensible architecture
203
What is a popular asymmetric encryption algorithm?
Diffie-Hellman (DH)
204
Chain of Custody
the documented and verifiable trail that tracks the handling, transfer, and storage of digital evidence or sensitive information throughout its lifecycle.
205
Discretionary access control (DAC)
control access to resources based on the discretion of the resource owner
206
Mandatory Access Control (MAC)
enforce strict access controls based on predefined rules and policies
207
Attribute-Based Access Control (ABAC)
control access to resources based on attributes associated with users, objects, and the environment
208
What port is used for HTTPS?
443
209
What port is used for RDP?
3389
210
What port is used for FTP?
21
211
What port is used for LDAP?
389
212
Smurf Attack
uses a single ping with a spoofed source address sent to the broadcast address of a network. This causes every device within the network to receive a single ping, which appears to come from the device with the spoofed source address. Each network device then responds to the spoofed address, causing the victim (whose address was spoofed) to be overwhelmed with the responses to the initial ping.
213
Reverse Proxy
A reverse proxy is positioned at the cloud network edge and directs traffic to cloud services if the contents of that traffic comply with the policy.
214
Which analysis framework provides a graphical depiction of the attacker's approach relative to a kill chain?
The Diamond Model of Intrusion Analysis
215
Mean time between failures (MTBF)
the average time between system breakdowns
216
Mean time to repair (MTTR)
the average time it takes to restore a system or component after a failure
217
Is the "Blowfish" cryptographic algorithm asymmetric or symmetric?
Symmetric
218
Exact Data Match (EDM)
a pattern matching technique that uses a structured database of string values to detect matches.
Ex - A company might have a list of actual social security numbers of its customers. But, since it is not appropriate to load these numbers into a DLP filter, they could use EDM to match the numbers' fingerprints instead based on their format or sequence
219
Cain and Abel
a software program that can be utilized to uncover passwords by various methods such as brute-force attacks
220
John The Ripper
a software program used to test strength of passwords
221
PAP authentication
Password Authentication Protocol - simply username/password, nothing else.
222
CRLF Injection Attack
Carriage Return Line Feed injection is a common vulnerability that can be used to manipulate or abuse applications that handle user-supplied input. It involves injecting special characters, namely the carriage return ('\r') and line feed ('\n') characters, into input fields or parameters.
223
SPI
Sensitive Personal Information - any personal data or information that, if compromised or misused, could lead to harm, identity theft, discrimination, or significant privacy violations for an individual
224
What is used as a measure of biometric performance to rate the system’s ability to correctly authenticate an authorized user by measuring the rate that an unauthorized user is mistakenly permitted access?
False acceptance rate
225
Desktop as a Service (DaaS)
provides a full virtualized desktop environment from within a cloud-based service
226
Rouge Anti-virus
A malware programmed to look like an anti-virus on a user's machine, trick them into thinking their machine is infected and taking actions to stop or prevent the infection
227
What is a proprietary tool used to create forensic disk images without making changes to the original evidence?
FTK Imager
228
FM-200
Common fire extinguisher system used in buildings. Should have them in data centers to prevent a fire from spreading around the building and destroying information.
229
DPO
Data Protection Officer - Ensure that her organization processes the personal data of its staff, customers, providers, or any other individuals (also referred to as data subjects) in compliance with the applicable data protection rules.
230
Polymorphic Virus
virus that alters its binary code to avoid detection by antimalware scanners that rely on signature-based detection. By changing its signature, the virus can avoid detection.
231
What compliance standard affects financial institutions?
GLBA
232
Degaussing
the process of removing or reducing unwanted magnetic fields from an object, such as a magnet or a magnetic storage device like a hard drive.
233
Banner Grabbing
conducted by actively connecting to the server using telnet or netcat and collecting the web server's response. This banner usually contains the server's operating system and the version number of the service (SSH) being run
234
Lessons Learned Report
provides you with the details of the incident, its severity, the remediation method, and, most importantly, how effective your response was
235
Qualitative risk assessment
categorizes things based on the likelihood and impact of a given incident using non-numerical terms, such as high, medium, and low
236
Quantitative risk assessment
provides exact numbers or percentages of risk for each thing
237
What IP address protocol has IPSec built into it?
IPv6
238
Autopsy
a cross-platform, open-source forensic tool suite
239
What is an uncredentialed vulnerability scan?
Its a scan that did not authenticate into anything on the network. This is also known as an outward facing scan, since anything it picked up in results was outside the network.
240
Asymmetric or Symmetric: RSA
Asymmetric
241
Asymmetric or Symmetric: DSA
Asymmetric
242
Asymmetric or Symmetric: ECC
Asymmetric
243
Asymmetric or Symmetric: Diffie-Hellman Key Exchange (DH)
Asymmetric
244
Asymmetric or Symmetric: AES
Symmetric
245
Asymmetric or Symmetric: RC4
Symmetric
246
Asymmetric or Symmetric: DES
Symmetric
247
Asymmetric or Symmetric: PGP
Asymmetric
248
Asymmetric or Symmetric: Blowfish
Symmetric
249
Asymmetric or Symmetric: Twofish
Symmetric
250
Cognitive Password Attack
Uses information from social media to guess the user's password
251
What is considered the weakest wireless network protocol?
Wired equivalent privacy (WEP)
252
Insecure direct object references (IDOR)
a cybersecurity issue that occurs when a web application developer uses an identifier for direct access to an internal implementation object but provides no additional access control and/or authorization checks
Ex - www.google.com/user=andrew.cd
253
Whaling
When an attacker targets C-level executives in the company
254
Hybrid Attack
When you combine two types of password cracking attacks.
For example - Dictionary Attack + Brute Force Attack
255
Which hashing algorithm results in a 160-bit fixed output?
RIPEMD
256
The NTLM hashing algorithm results in how many bits of fixed output?
128
257
Which of the following vulnerabilities involves leveraging access from a single virtual machine to other machines on a hypervisor?
VM Escape
258
What network protocol is required if you are using RADIUS for network authentication?
802.1x
259
UEBA
User and Entity Behavior Analytics , A system that can provide automated identification of suspicious activity
by user
260
CYOD
Choose Your Own Device
261
HSM
Hardware Security Module, An appliance for generating and storing cryptographic keys that is less susceptible to
tampering and insider threats than software-based storage
262
UEFI
Unified Extensible Firmware Interface, A type of system firmware providing support for 64-bit CPU operation
at boot, full GUI and mouse operation at boot, and better boot
security
263
SDLC
Software Development Lifecycle
264
RCE
Remote Code Execution, occurs when an attacker is able to execute or run commands
on a remote computer
265
What type of attack is the exam showing if it displays "1=1"?
SQL Injection
266
Extranet
Specialized type of DMZ that is created for your partner organizations to
access over a wide area network
267
War Dialing
Protect dial-up resources by using the callback feature
268
Honeynet
A group of computers, servers, or networks used to attract an attacker
269
VDI
Virtual Desktop Infrastructure
270
Private Cloud
Using a cloud provider's network, ex - AWS
271
Public Cloud
Using a publicly accessible, widely available online solution, Ex - Google Drive
272
Community Cloud
cloud resources are shared among several different organizations who have common service needs. Ex - GovCloud
273
SECaaS
Security As A Service
274
CASB
Cloud Access Security Broker, Enterprise management software designed to mediate access to cloud services
by users across all types of devices
275
FaaS
Function as a Service (AWS Lambda)
276
CORS Policy
A content delivery network policy that instructs the browser to treat
requests from nominated domains as safe
277
What is CI/CD?
Continuous integration and continuous delivery
278
What ports does RADIUS use on a network?
1812/1813
279
What port does IMAP use on a network?
143
280
What port does POP3 use on a network?
110
281
What port does SMTP use on a network?
25
282
What port does FTP use on a network?
21
283
What port does HTTP use on a network?
80
284
What port is used to access Syslog on a network?
514
285
Ping Flood
An attacker attempts to flood the server by sending too many ping requests.
286
MITB
Man-in-the-Browser
287
What port does Kerberos use on a network?
88
288
What port does VNC use on a network?
5900
289
Privilege Creep
Occurs when a user gets additional permission over time as they rotate through different positions or roles
290
Rubber Hose Attack
Attempt to crack a password by threatening or causing a
person physical harm in order to make them tell you the
password
291
SNMP
Simple Network Management Protocol
292
FIM
File Integrity Monitoring
293
What is the difference between a runbook and a playbook?
Runbook - Step by step tutorial
Playbook - Who is involved, who does what, in responding to incidents.
294
MTD
Maximum Tolerable Downtime - maximum amount of time a business can be down before irreversible damage occurs.
295
HAVA
Help America Vote Act
296
PCI DSS
Payment Card Industry Data Security Standard
297
GDPR
General Data Protection Regulation - no personal data can be collected about a person without informed consent
298
What is the difference between purging data and clearing data?
Purging there is certainty the contents can never be reconstructed after deleted.
