Security + Flashcards
-Social engineering/spoofing
-done by email, text etc, URL
-can spot by spelling, fonts, graphics
Vishing
Phishing
Impersonation
Spear fishing
Phishing
Ñame 2 types of typosquatting
URL hijacking- https://professor messier.com instead of messer
Prepending- https://pprofessor messer.com
Guy squatting with a gun held up to someone to change a URL
“Hi we’re calling from Visa about an auto payment and need your credentials” is an example of what?”
Pretexting
Phishing
Impersonation
Spear phishing
Pretexting, lying to get info
Wolf of Wall Street him teaching script scene
Redirect a legit website to a bogus site, poisoned dns server or client vulnerabilities
Pharming
Phishing is harvesting large groups of people
False, pharming
Phishing collects access credentials
Anti malware is great for detecting pharming
False, everything appears legit to the user
Type of phishing: Caller ID spoofing, fake security or bank updates, done over phone
Vishing
Fish on phone with fingers in v shape
Type of phishing done by text, spoofing and forwards links to ask for personal information
Smishing
“Yeah we smushed”
Gather information on a victim, digital footprint. Understands security posture and focuses on key systems
Reconnaissance
A renaissance knight with a scroll asking people questions
An attacker builds this through social media, where you work, your bank, family/friends
Pretext
Targeted phishing with inside information that includes whaling
Spear phishing
Never click a link in an email, type it out to see if it is legit
True
Attacker pretending to be someone, using details from reconnaissance, May pretend to be higher rank, May try to throw technical details or act like a buddy
Impersonation
When Donny Burger gives you a fake name you go with it!
Seen with vishing
Victims don’t realize it is happening (hacking the human) Getting info from victim
Pretexting
Impersonation
Spoofing
Eliciting information
Eliciting information
An e ice cream cone that each time you press to lick, a new fact about you is presented
Identity being used by someone not you. Includes: credit card, bank, lone and govt benefits fraud
Impersonation
Social engineering
Identity fraud
Pharming
Identity fraud
Important information thrown out with the trash that can be gathered for an attack and is typically done at the end of the month
Dumpster diving
Control I put by being aware of your surroundings, use privacy filters, keeping monitors away from windows and hallways are ways to prevent this
Shoulder surfing
Blacks a screen unless you are sitting directly in front of a monitor
Privacy filter
A threat that doesn’t actually exist, often through email and is attempting to get money but not through an electric means. Not a virus but can waste almost as much time
Computer hoax
Spoofing
Pharming
Dumpster diving
Computer Hoax
Stephen a bamboozled, run a muck
Consider source, cross reference, spam filters and if it sounds too good to be true are ways to what?
De-hoaxing
Eliciting information
Adware
Rdns
De-hoaxing
Detective Hoch
Determines which website the victim group to uses by infecting third party sites with site vulnerability/email attachments to infect all visitors who go to that site and gain access to your network
Watering hole attack
Ex. Infecting a site you know people visit so every time they visit then malicious JavaScript files are downloaded to your computer
Defense in depth, firewalls and IPS, antivirus/anti malware signature updates are best methods to prevent what kind of attack?
Spraying
Watering hole
Man in the middle
Crypto malware
Watering hole attack
Unsolicited messages by emails, forums etc by phishing attempts
Spam
Over IM is SPIM
Used to identify spam,only receives email from trustee sender and SMTP blocks anything that doesn’t follow RFC standards
Allowed list
Recipient filtering
ACL
rDNS
Allowed list
Used to identify spam, block email where the sender’s domain doesn’t match the ip address
rDNS, reverse DNS
Tarpitting blocks all email not addressed to a valid recipient email address
Used to identify spam,
False, intentionally slow down the server conversation
Recipient filtering will block all email not addressed to a valid recipient email address
An unsolicited email is stopped here and can be either onsite or cloud based
Mail gateway
Swaying public opinion on political and social issues, enabled through social media to amplify, used to divide and includes advertising
Hacking the human
Cyber warfare
Hybrid warfare
Hacking public opinion
Hacking public opinion
Ex. Creating fake users to post about things until real users voice sane opinion and goes viral
Attack an entity with tech, influencing foreign elections, fake news
Hacking public opinion
Hybrid warfare
Social engineering
Cyber warfare
Cyber warfare
Militaries trying to influence people with the internet in order to have elected officials benefit them
Cyber warfare
Hybrid warfare
Social engineering
Hacking the human
Hybrid warfare
Tailgating
Using an authorized person to gain unauthorized access to a building.
Prevent this with policy for visitors, one scan per person, and man traps
Tailgating
Attacker sends a fake invoice to who pays the bills for a company
Invoice scam
Attacker collecting login password through your computer on web browsers, windows cred manager
Theharvester
Password file
Credential harvesting
Collisions
Credential harvesting
Name 4 social engineering principles
Authority
Intimidation
Consensus
Scarcity
Urgency
Familiarity
Trust
Social engineering principle that convinces based on what’s normally expected, “your co worker Jill did this last week for me” is familiarity/liking
False, Consensus/social proof
Social engineering principle, someone you know, we have common friends is Familiarity/liking
True
Social engineering May involve multiple organizations, may be in person or electronic
True
Malicious software, gathers your information through keystrokes, can turn computer into a zombie, trick you through advertising and can download virus/worms to encrypt your data
Malware
Name 4 types of malware
Virus
Crypto malware
Ransomware
Worms
Trojan horse
Rootkit
Keylogger
Adware/spyware
Botnet
A worm takes advantage of a vulnerability, then installs malicious software that includes a remote access back door and later installs a bot is how you get what harmful thing to your computer?
Malware process
Don’t click email links or web page pop ups
Keep OS up to date
Check applications publisher
Prevents what?
Malware
Persistent XSS attack
Non Persistent XSS attack
Botnets
Malware
Malware that can reproduce itself through file systems or the network after you execute a program, can be invisible and spread from just running a program
Virus
This needs its signature file updated
Anti-virus
Program virus is OS and browser based
False, script virus
Program virus is part of the application
Common virus in Microsoft office is boot sector virus
False, macro virus
Boot sector is in your storage
What kind of virus infection process is this:
1. User clicks on malicious website link
2. Website exploits flash/Java/windows vulnerability
3. Launches power shell, downloads payload in RAM
4. Runs PS scripts, executables in memory, exfiltrates data, damage files
5. Adds an auto start to registry
Server side forgery request
Session hijacking
Fileless virus
Watering hole attack
Fileless virus
Malware that self replicated, you don’t have to do anything, self propagates and spreads quickly
Worms
Firewalls and IDS/IPS can get rid of worms
False, they can mitigate/prevent but can’t do much once the work is inside
This virus avoids anti virus detection by not downloading to a file, it operates in memory but is never installed in a file or application
Fileless virus
Attackers locking you out of your laptop and will let you back in if you pay
Ransomware
Malware encrypts your data files and you must pay attacker to get decryption key, untraceable payment system
Crypto malware
Have an offline backup
Keep os/applications up to date by patching vulnerabilities and additional security
Keep anti malware and antivirus signature up to date
Prevent what attack?
Ransomware
Crypto malware
Rootkit
Botnets
Ransomware
Trojan horse
Software pretending to be something else to take over your computer
PUP (potentially Unwanted program)
This is identified by antivirus which shows potentially undesirable software and often installed with other software. Overly aggressive tool bar, back up utility that displays ads, browser search engine hijacker
Placed on computer through malware to avoid going through rigorous process. Other malware can get through this also. Some software even comes with this
Back door
Ultimate back door for administrative control of a device. Malware installs the server/service/host and connects with client software. Control a device with key logging, screen record, copy files, more malware embedded
RAT (Remote Access Control)
Don’t run unknown software
Keep anti virus signature up to date
Always have a back up
Prevents against what?
Watering hole attack
Session hijacking
RAT and Trojan
Crypto ware
RAT and Trojan
Modifies core system files, can’t see in task manager/os/antivirus, takes over control of administrator functions
Rootkit
This rootkit malware is famous for cleaning out bank accounts combined with
Rootkit types, Zeus/zbot
Necurs (kernel level driver) to not be able to delete zbot and have total control
Anti malware scans, use a remover specifically for this, secure boot for security in bios finds and removes what?
RAM
Rootkit
Storage
RAT
Rootkit
Computer is full of pop ups that cause performance issues. Can be installed accidentally but you need to be carful of software that claims it removes this
Pup
Crypto malware
Adware
Machine learning
Adware
Malware that monitors you and your surfing habits. Can capture keystrokes or trick you into installing fake security software
Adware
Key logger
Malware
Spyware
Spyware
Money for What you see, your computer time and bandwidth, and your bank account are reasons for these attacks
Adware and spyware
Maintain anti virus signature
Always know what you are installing
Having a backup
Run scans (malware bytes)
Protect against what?
Fileless virus
adware/spyware
Rootkit
Watering hole attack
Adware/spyware
A system admin has determined that a spoofed email originated in another country. Which of the following most likely provided this information?
Netflow
Syslog
Metadata
IPPFIX
SFlow
Metadata - data that describes other data sources
HSM, DLP, jump server, Collector
•access protected network from external connection
•backup and manage certificates for all company web servers
•gather stats for long term network monitoring
•block network traffic with private info
•Jump server- access protected network from external connection
•HSM- backup and manage certificates for all company web servers
•Collector- gather stats for long term network monitoring
•DLP-block network traffic with private info
Which describes best the time required to fix an issue during an outage?
RTO
MTTR
EULA
MTBF
RPO
MTTR
Which would best transfer data to a siem?
IPSec
Syslog
HTTPS
Ssh
SFTP
Syslog
Which of the following is best way to direct individuals through a specific area?
Motion detection
CCTV
Bollard
Protected distribution
Industrial camouflage
Bollard- prevent access
Which would provide management of both mobile and non mobile devices?
MDM
MAM
SNMP
UEM
HSM
UEM Unified endpoint management
Evolution of MDM
Server admin at bank notices a decrease in number of visitors to its website. Research shows users being directed to a different ip address than the banks server. What attack is this?
Disassociation
DDOS
Buffer Overflow
DNS poisoning
Dns poisoning
Group of Infected computers that relay spam, proxy network traffic and computing tasks. Botnets can be rented is what kind of attack?
DDOS
Prevent initial infection with os/application patches, Update anti malware signature, identify infection with on demand scans/network monitoring
Are ways to stop what?
Man in the middle
Botnets
XSS attack
SQL injection
Botnets
Block at firewall, identify at workstation with a host based firewall of host based IPS to prevent what?
Command and control (C&C)
Waits for a predefined event. Time/date or a used event will trigger this. Difficult to identify and disappear after it is done
Logic bomb
Have Formal change control to identify when a procedure is not followed, use electronic monitoring with alert for changes and HID’s, constant auditing with an admin authorizing and circumventing existing systems prevents what attack?
Adware
RAT
Fileless Virus
Logic bomb
Preventing a logic bomb
Difficult to recognize and each is unique with no predefined signatures.
If you store a password here anyone with access to the password file or database has every credential
Plain text
Book covering up because it’s naked
Represent Data as a fixed length string of text with different inputs for different passwords, impossible to recover original message from digest, common way to store passwords
Hashing a password
Different across operating systems and applications, different hash algorithms
Rainbow dictionary
Brute force hashing
Password file
Salting
Password file
Attack an account with 3 or more common passwords and if it doesn’t work then move on to the next account in order to not be locked out is what attack?
Spraying attack
Obtain a list of users and hashes then calculate password has and compare to a stored hash. Large computational resource requirement is what attack?
Pass the hash
Brute force the hash
Rainbow table
Replay attack
Brute force the hash
Rainbow tables
Pre built set of hashes
Random data added to a password when hashing. Each user gets their own and rainbow tables won’t work against this. Each user gets a different random hash
Salting
Has additional electronics inside and your OS identified it as Human Interface Device like a keyboard/mouse and once connected it downloads and installs malicious software is a malicious flash drive
False, malicious USB
Malicious flash drive acts like a HID and loads malware in documents/pdf’s, infect computer after a reboot or act as an Ethernet adapter to act as a wireless gateway or redirect internet traffic
Stealing credit card information during a normal transaction by copying credit card or with a small camera is
skimming
Card cloning
Get card details from skimmer, create a duplicate with same magnetic strip (chip can’t clone)
Cloned gift cards are common
Computers identify patterns in data, face recognition for analyzing, use it to stop spam, recommend products
Evasion attack
RDNS
API attack
Machine learning
Machine learning
Attackers send modified training data that causes AI to behave incorrectly
Poisoning training data
Machine learning
Evasión attack
Rdns
Poisoning training data
AI is only as good as the training, AI can be fooled, can release real world confidential information
Evasión attacks
Machine learning
Cryptographic attack
Adware
Evasión attacks
cross check and verify training data, retrain with new/better data, train AI with possible poisoning to secure what?
Learning algorithms
AI
Hacking the human
Hybrid warfare
Learning algorithms
contains many moving parts and attackers can infect different parts without supervision. One exploit can affect this
Supply chain
Cryptographic attacks
Botnets
DDOS
Supply chain
Can you trust server/router/firewall/software, use small supplier base for tighter control of vendor, strict controls over policies and procedures, security implemented in overall designs is security for what?
Logic bomb
Supply chain
Cryptographic attack
Evasión attack
Supply chain
Cloud based security puts security burden on the client with data center security and infrastructure costs
False, on premise security
Cloud based is centralized and costs less with no dedicated hardware or data center but a 3rd party handles everything
Customize your security posture with full control in house, on-site local IT security team, this team maintains uptime and availability with system checks, security changes for this takes time is what type of security?
On premise security
Data in a secure environment but 3rd party May have access to it, manage large scale security with auto signature and security updates, limited downtime with fault tolerance, scalable security options
Security in the cloud
Many shortcomings for this attack and the main issue attackers go after is the implementation. Attacker looking for the key is what?
Cryptographic attacks
Same hash value for 2 different plaintext’s. Find a collision through brute force. Attacker generates multiple versions of plaintext to match hashes
Persistent XSS attack
Birthday attack
Brute force hashing
Botnets
Birthday attack
Protect yourself with large hash output
Kelbys plain “happy birthday” text to me
Collisions
Hash digests are supposed to be unique, different input data should never create same hash
Force a system to downgrade their security is what attack
Downgrade attack
Gain higher level access to a system through a bug or exploiting vulnerability, need to get these holes closed up quickly,
Eliciting information
Privilege escalation
Worm
Rootkit
Privilege escalation
Horizontal privilege escalation- user a can use user b resources
Patch quickly, update antivirus/block known vulnerabilities, data execution prevention with only data in executable areas, address space layout randomize to prevent a buffer overrun at known memory address mitigates what?
LDAP injection
Collisions
Code injection
Privilege escalation
Privilege escalation
Browser security flaws with information from one site shared to another, common web application develop errors and takes advantage of the trust a user has for a site, malware that uses JavaScript
Server side request forgery
XSS attack
Watering hole attack
DLL injection
Cross site scripting/XSS
Bad person puts bad code into a website and when you visit it bad things happen to your computer. Like a diary for friends that someone writes mean things in
Website allows scripts to run in user input like a search box, attacker emails link that takes advantage of vulnerability and runs a script that sends credentials to attacker,script embedded in url in victim’s browser, attacker uses credentials to steal victim’s information
Non persistent (reflected) XSS attack
A sneaky person tricks a website to having something on the web page it shouldn’t when people visit. Like a mirror that shows cute animals but a fairy instead changes it to show toys
Attacker posts a message to social network with malicious payload, everyone/all viewers gets payload, social networking this can spread quickly with everyone having it posted to page and can propagate further
Botnets
Non Persistent XSS attack
Persistent XSS attack
Session hijacking
Persistent (stored) XSS attack
A notebook with a message that appears nice but when you open it is mean.
Be careful with untrusted links, disable JS or control with an extension, keep browser applications updated to avoid vulnerabilities, validate input and don’t allow users to add their own scripts to an input field protects against what?
Watering hole attack
Server side forgery request
XSS
Birthday attack
Protecting against XSS
Xz wow
Adding your own information into a data stream, enabled from bad programming with the application should be able to handle input and output, user for many different data types
Code injection
SQL injection
Most common relational database management system language, modifies these requests and application should not allow this
XML injection
Set of rules for data transfer and storage, modifies these requests that a good application will validate
SAN/NAS (acronyms for storage)
Agreeing to XXX site rules
Created by telephone companies and now used by everyone,modify these requests to manipulate application results
LDAP injection
Windows library containing code and data and many applications can use this library, have an application run a program and run as part of the target process
DLL injection
Dill pickle on the window, wieners on the glass
Sneaky friend adds special tools to a programs room without program knowing and can change how the program works
Overwriting of memory, spills into other memory areas, attackers look for openings so developers need to blind check, not simple and it takes time to avoid crashing/do what you want, should be repeatable so a system is compromised to gain access to a system or make an application do what they want
Buffer overflows
XML injection
Memory leak
Fileless virus
Buffer overflow
A glass with too much milk spills, computer has place to store information but if too much a sneaky person can grab it outside of the cup when it spills
Useful information sent over network, access to raw data through network tap/arp poisoning/malware on victim computer, replay data to appear as someone else, not on path attack or need work station is what type of attack?
Replay attack
Avoid this with a salt to use a session ID with the password hash to create a unique authentication hash each time
Server side forgery
Cross site scripting
Passing the hash
Replay attack
Replay attack
What is this a process for? 1. Client authenticate with username and hashed password 2. During authentication the attacker captures username and password hash 3. Attacker sends his own authentication request using the captured credentials
Pass the hash
Information gathering through wire shark, exploits with cross scripting, modify headers and cookies with cookie managers is what?
Cookies and session ID’s
Cross site request
Header manipulation
Pass the hash
Header manipulation
Encrypt end to end so they can’t see session ID, additional load on web server (https) force https, encrypt end to somewhere to avoid capture over local wireless network, still in clear and use personal vpn to prevent what attack?
Server side request forgery
Cross site scripting
Session hijacking
Replay attack
Prevent session hijacking
Information stored on computer by browser and used for tracking personalization, only a risk if someone gets access to them, privacy risk, maintain multiple sessions
Browser cookies and session ID’s
Process for what? 1. Victim authenticates to server 2. Server provides session ID to client 3. Attacker intercepts session ID and uses it to access the server with the victim’s credentials
Session hijacking
Common and legit, html directs these from your browser, most unauthenticated requests
Cross site requests
Website pages consist of code on each side of the Client and server
True
server side performs requests from the client-html, PHP, transfer money from one account to another, post video on YouTube
True
Client side renders page on screen, html/JavaScript
One click attack/session riding takes advantage of trust web app has for user like browser and made with your co sent, significant web applications develop oversight with anti forgery or cryptographic tokens
Cross site forgery
What is this the process for? 1. Attacker creates funds transfer request 2. Request is sent as a hyperlink to a user who may already be logged into the bank website 3. Visitor clicks link and unknowingly sends transfer request to bank website 4. Bank validates transfer and sends funds to attacker
Cross site request forgery
Attacker finds vulnerable web application by sending requests to web server and it performs on behalf of attacker
Server side request forgery SSRF
This is caused by bad programming, never trust user input, server should validate input and responses, rare but can be critical vulnerabilities
Session hijacking
Header manipulation
Cross site scripture forgery
Server side request forgery
Server side request forgery
Waiting, not trusting your server with food
What is this the process for 1. Attacker sends request that controls a web application 2. Web server sends request to another service such as cloud file storage 3. Cloud storage sends response to web server 4. Web server forwards response to attacker
Server side request forgery
Antivirus is good at identifying known attacks by checking signature and blocking, although there are still ways to infect and hide is what term?
Malware hide and go seek
Interaction between hardware and OS that trusted but security issues
FaaS
Azure
Driver
Hypervisor
Driver
Shimming
Filling in space between 2 objects, windows has its own and is backwards compatible, malware authors write their own
Refactoring
Metamorphic malware where it is a different program each time it’s downloaded, adds NOP instructions/loops pointless strings, can intelligent redesign itself by changing app flow
Difficult to match with signature based detection
Difficult to do but Combines on path attack with downgrade attack, sits in middle and modify victim and web server messages, victim sees nothing but browser is not encrypted
SSL stripping/HTTP downgrade
Strips S from HTTPS
Programming conundrum, time of check to time of use attack (TOCTOU) something happening between check and use
Race condition
2 trains trying to get to station at once. A computer having the same function happens at the same time and causing issues
Unused memory not properly released, slowly grows in size, eventually uses all memory, system crashes
Memory leak
Programming technique that references a portion of memory, application crash/debug/DoS
NULL pointer dereference
Integer overflow
Large number into smaller sized space, shouldn’t be able to manipulate memory this way
users shouldn’t be able to browse windows folder, won’t stop user from browsing past web sever root and takes advantage of badly written code, Read files from web server that are outside of website file directory
Directory traversal
Messages should be just informational enough, network information/memory dump/stack traces/database dumps
Improper error handling
Improper header handling
Birthday attack
SSL stripping/HTTP downgrade
Improper error handling
All input should be considered malicious, allowing invalid input can be devastating is what kind of handling?
Improper input handling
Attackers look for vulnerabilities by exposing sensitive data/DoS/intercepted communication/privileged access
API attacks
Special DoS only require a device and lie bandwidth, zip bomb
Resource exhaustion
Evasión attack
Logic bomb
DLL injection
Resource exhaustion
Bluejacking is access to a blue tooth device and data, if you know file or picture or video you can download without authentication
False, Bluesnarfing
Bluejacking is sending of unsolicited messages to another device
802.11w
Protects against disassociation/de authentication attacks
Prevent wireless communications with decrease the signal to noise ratio at receiving device, can be intentional or caused by microwave or lights
Reactive jamming
Code injection
Replay attack
Radio frequency jamming
Radio frequency jamming
Constant random bits or frames sent at random times, needs to be close to do this,
Nfc
RFID
Wireless jamming
Jitter
Wireless jamming
Only sending signals when the attacker sees someone is trying to communicate on the network
DLL injection
DDOS jamming
Reactive jamming
Computer hoax
Reactive jamming
Fox hunting
Finding source of jamming signal
Access badges/inventory/pet id that uses radio energy for bidirectional communication
RFID (radio frequency identification)
Data capture through replay attack, spoof the reader, DOS signal jamming, decrypt communication is what attack?
RFID attack
Nfc attack
Reactive jamming
Radio frequency jamming
RFID attack
Running the 800 in track (tracking and 800 is a lot)
2 way wireless communication, used for payment systems and helps with blue tooth pairing, an access token/security card with short range encryption is what?
, NFC (near field communication)
Remote capture, frequency jamming/DoS, replay/on path attack, loss of device are security concerns for what?
NFC
RFID
DDOS
rDns
Nfc
Arbitrary, pseudo number used once that can’t be reasonably guessed for login process and helps to avoid a replay attack
Cryptographic nonce
Type of nonce that randomizes encryption scheme, used in encryption ciphers, WEP and some SSL implementations
Nonce
Hash
Salt
Initialization vectors
Initialization Vectors
Malware/Trojan does all the proxy work and the malware in your browser waits for you to login to your bank and other sites and steal your money/information is what kind of attack?
Spyware
On path browser attack
RAT
Logic bomb
On path browser attack
Attacker sending traffic with different source MAC addresses to force out legit MAC addresses on the table. This makes the switch a hub that will repeat information to all devices connected to it
MAC flooding
Acces to domain registration(determines dns names/ip addresses) to control traffic flows is what attack?
domain hijacking
Internet tracking your security posture, if bad can cause email rejections and errors that appear when someone tries to go to the website that tell them the website is not safe to access
Domain hijacking
Domain reputation
Domain registration
SQL injection
Domain reputation
Makes an application break or work harder, can be identified by anti virus, over use a cloud resource like cpu is what attack?
Application DoS
Hardware and software for industrial equipment, electric grid goes, offline, plant shuts down etc
RFID
Operational tech DoS
NFC
DDOS
Operational tech DoS
Shell Script is the Command line for windows system admins, extends command line functions, attacked through system admin/active domain admin/file share access
False, Windows powershell
She’ll script is unix/Linux
General purpose scripting language, popular, used for cloud orchestration for application instances, attacks happen in infrastructure of routers, servers, switches
Python
Macros
Automatic functions with application or os, can create security vulnerabilities, all they need is the user to open the file
Automatic processes within windows application, powerful programming language, run arbitrary code in document with CVE-2010-0815/MS10-031
Visual Basic for applications (VBA)
Entity responsible for an event that has an impact on the safety of another entity
Threat actor or malicious actor
An attacker in the network and undetected, constant attacks is an example of this
Advanced persistent threat
71 days in US
Script kiddies
Runs premade scripts without Knowledge of what’s really happening
When people at work use apps or software they’re not supposed to use
Script kiddies
Birthday attack
Shadow IT
Code injection
Shadow IT
Method a computer hacker tries to get into a computer system or network, a lot of work goes into finding these vulnerabilities
Attack vector
What type of attack vector do we lock data centers for, they try to modify OS, attack keylogger for passwords, transfer files or DoS?
Direct access
This attack vector modifies access point config, rogue/evil twin
Direct access
Removable media
Email
Wireless
Wireless
Biggest attack vector, phishing, social engineering
Cloud
Email
Removable
Wireless
This attack vector tampers with infrastructure or manufacturing process with malware
Cloud
Supply chain
Social media
Removable
Supply chain
Which attack vector is publicly facing applications and services with security misconfiguration, brute force/orchestration/DoS attacks?
Cloud media
Social media is fake friends, user profiling for information on you
What attack vector gets around fire wall, has malicious software on usb flash, Data exfiltration and allows usb to act as keyboards?
Removable media
Open source intelligence makes decisions to best prevent hackers and attackers
False, threat intelligence
OSINT is publicly available through discussion groups/internet
Threat intelligence services, compiled threat information, constant threat monitoring
Closed/proprietary intelligence
Who’s line is it prop scene with Wayne Brady triple threat
Public/private sharing center
Includes the CTA where members upload threat intelligence with scores on how severe, sharing of cyber threat information
Intelligence industry standard for sharing threat data that includes STIX and TAXI
AIS, Automated indicator sharing
describes cyber threat info, includes motivations/response information
CIST
NIST
STIX
TAXII
STIX
TAXII securely shares STIX data
Event that shows an intrusion, unusual amount of activity/file hash values change/uncommon login patterns
IOC
Analyze large amounts of data to find suspicious patterns, identifies dns queries/location/traffic pattern behavior, early warning system, machine learning
Dark web intelligence
AIS
Predictive analysis
Threat map
Predictive analysis
identifies attacks and trends and file/code repository shows what the hackers are building, see what code accidentally releases
Threat map
Sharing center
AIS
Code reuse
Threat map
They know the product better than anyone and know the problems/vulnerabilities
Threat research
Vendor websites
Local industry groups
Vulnerability feeds
Vendor websites
Vulnerability feeds, conferences, academic journals request for comments , local industry groups, threat feeds and social media are great for threat research
True
These proactively look for threats by searching data and networks, look for what adversaries are doing
TTP (tactics, technique, and procedures)
No Security, anyone can access, change or take anything from. Computer or a file or folder. Increasingly common with cloud storage
Open permissions
Zero day attack
Unsecured root accounts
Default settings
Open permissions
When the Most powerful key for your computer system that allows you to control and make big changes is not locked. Can be by a MIs configuration
Weak encryption
Unsecured root account
Open port
Default settings
Unsecured root accounts
Most common encryption issue
AES
3DES
SSL
TLS
TLS
Takes advantage of default configurations/IoT devices, cameras, routers, garage door openers etc
Unsecured root account
Weak encryption
Mirái Botnet
Insecure protocol
Mirai botnet
Hardware and software from a 3rd party can contain malware
True
For outsourced code development make sure the development systems should be isolated, test encryption and check for back doors
True
Intelligence fusion
Overwhelming amount of data/types, split into security operation/security intelligence/threat response teams, fuse data together with diverse datasets
Logs/sensors/intrusion detection/internet events, focus on predictive and user behavior analytics
Threat hunting
Intelligence fusion
Fusing the data
Cybersecurity maneuvers
Fusing the data
Moving firewalls and is, firewall rule/block ip address, delete malicious software, automated maneuvers
Fusing data
Cybersecurity maneuvers
Intelligence fusion
Threat hunting
Cybersecurity maneuvers
Threat hunting
Find attacker before they find you, intelligence data is reactive
Minimally invasive, port scans, identify systems and devices, detects insider threats is what?
Vulnerability scanning
gathers information and doesn’t try to exploit a vulnerability is what type of scan?
Non intrusive
intrusive scan isTrying out a vulnerability to see if it works
is not having password what kind of scan?
Non credentialed
A credentialed scan is when a normal user emulates an insider attack
Having a key to a house and non is looking at house from outside. Credentialed is more effective because you can see inside house
Application scans are desktop/mobile scans
web application scans are for software on a web server
This scans misconfigured firewalls, open ports, vulnerable devices
Systems scan
Application scan
Web application scan
Network scan
Network scan
A vulnerability that is identified but doesn’t actually exist is a false negative
False, false positive
False negative is a vulnerability exists but you didn’t detect it
Includes data inputs for authentication attempts/vpn/firewall session logs/denied outbound traffic/network utilization and packet captures of network packets/critical alert/capturing everything is data for what?
Siem data
detects insider threats/identify target attacks/catches what DLP and Siem systems might miss
user and entity behavior analytics (UEB)
Sentiment analysis is public discourse correlated to real world behavior/hate you they hack you/social media as barometer
Soar
Security, orchestration, automation and response
Automate routine/tedious/time intensive activities
Rules of engagement
Defines purpose, scope and penetration test parameters. Includes: IP address ranges, emergency contacts, handling sensitive information, in/out of scope devices
Try to break into system, can cause DoS/data loss, buffer overflows/gain privilege escalation, password brute force, social engineering, injections
Risk
Soar
Threat actor
Exploiting vulnerabilities
Exploiting vulnerabilities
Getting into network is difficult but inside of network is relatively unprotected
Lateral movement
Rules of engagement
Pentest aftermath
Threat actor
Lateral movement
Initial exploitation, lateral movements, persistence (setting up a way to get back in with a back door, pivot is the process for what?
Pentesting
Getting access to one system that allows you to get access to others
Initialization vector
Pivot
Persistence
Lateral movement
Pivot
Friends ross
Leave network in original state, remove binaries or temp files, remove back doors, delete user accounts created is what?
Sandbox
Pentest aftermath
Quarantine
Order of volatility
pentest aftermath
Cat
On a Linux server, combine the contents of both files to a single document would be what command?
Which provides a framework for better understanding techniques which may be used by a potential attacker?
Mitre att&ck
Cyber kill chain
Osi
Ieee
Diamond model
Mitre att&ck
Which is categorized as an operational security control?
Security policy
Firewall
Hot site
Warning sign
Security guard
Security guard
A network admin has identified a device sending a large amount of traffic to an external ip address. The computer is powered on, but the user is on vacation. Which is most like reason for this traffic?
Botnet
Logic bomb
MAC spoofing
Skimming
Botnet
A package delivery receipt includes signature of receiving party. Which describes signature on receipt?
Something you are
Something you have
Something you can do
Something you are
Something you know
Something you can do
A user digitally signs all email messages sent to external recipients. Which of the following would be used to provide this functionality?
SaaS
IPSec
Ldaps
S/mime
SRTP
S/mime
Security engineer runs monthly vulnerability scan. Scan doesn’t list any vulnerabilities for windows servers, but a significant vulnerability was announced last week and no servers are patched yet. Which best describes?
Exploit
Credentialed
Zero day attack
False negative
False negative
is monitoring packets on network through ping scans, port scans, os scans and looks at nmap. People are able to see reconnaissance
Active footprinting
passive footprinting is utilizing open sources such as social media, Reddit, and corporate websites to learn information
Red team is offensive attacking, blue team is defensive protecting security, purple team is red and blue collaborating and white team manages the interactions between red and blue teams
True
These should be performed often, check against well documented baselines and if failed would require immediate correction
Integrity measurement check
Standardized naming/numbering for cables and devices in your environment so everyone knows where equipment is located in data center/rack.
Standard naming conventions
Ex for devices asset tag names/numbers, networks have port labeling, user account names
Ip schema
Knowing what ip addresses are used at what locations. Ranges, subnets, hosts per subnet, reserved addresses
Data is on a storage drive, network and in a CPU. It is protected by encryption and has different permissions for users
True
Data that resides in a country is subject to the laws of that country
Data masking
Data in use
Data at rest
Data sovereignty
Data sovereignty
Data masking
Hide some of original data with obfuscation, protects PII. Last 4 digits on a receipt for credit card but the rest not shown
Original information is plain text, encrypted form is ciphertext
True data encryption
changing one character of the input and many characters change of the output
diffusion,
Confusion is the encrypted data is drastically different than the plain text
Data at wha, encrypts entire data, applies permissions with ACL’s and authorized users and is on a storage device
Data at rest
Data in use is data over network without much protection, includes network based protection, need to provide transport encryption like TLS or IPSec
False, data in transit
Data in use is actively processing in memory. Data is always decrypted and attackers take straight from RAM
Replace sensitive data with a non sensitive place holder. Storing a ssn number as a different number. Common with credit card
Tokenization
IRM information rights management
Limits the scope of what someone can do with a document
Examines everything going into and out of a device
Endpoint dlp
Located between users and the internet , block custom defined data strings, prevent file transfers to cloud storage, block virus/malware
Cloud based dlp
Data in Motion is on your network and data at rest is on your server
True
Views information within encrypted data to see if anything malicious is in it. Has to be specially configured and done with your device trusting browser
Tls inspection
IPSec
Dlp endpoint
DLL injection
Tls inspection
TLS encryption works if Browser checks a web servers certificate was signed by a trusted CA
True
It’s a special list of things that a computer or a program can do. Instead of going into the computer and telling it exactly what to do, you can use this just like you use the menu at a restaurant, to ask the computer to do specific tasks. This tells the computer how to do those tasks, and it gives you back the results, just like a waiter brings you the food you ordered from the menu.
API
Authentication to legitimate users, authorization for users to have limited roles, and uses a WAF for security
CPU
Vulnerabilities
Syslog
API
API
Multiple honey pots is called what?
honey net
Bait for honeynet is called honeyfiles
True
Trying to get machine to think malware is actually something good through machine learning so it won’t be able to identify it
Fake telemetry
Dns that gives out incorrect ip addresses, attacker can redirect to malicious site, can also redirect malicious domains to being ip addresses which is good, can integrate with firewalls
Dns sinkhole
You only handle development is software as a service
False, PaaS
Broad description of cloud models, services delivered over the internet, IT function changed into service
Xaas anything as a service
Handle aspects of tech for clients, can be cloud service provider, provides network connect management/disaster recovery/growth management, can focus on IT security
MSP managed service provider
Latency with cloud too far away, limited bandwidth, difficult to protect data and requires internet connectivity are issues for which type of computing?
Cloud
Edge
Fog
Network
Cloud, massive data storage and instant computing power
30 billion IoT devices, processes data locally/on the device, storage, no latency or network requirements, does not need cloud to process data is fog computing
False, Edge computing
Fog is cloud + IoT to extend cloud
What type of computing has no latency because data is local, no bandwidth requirements, minimizes security concerns, and provides long term analysis
Cloud
Fog
Edge
Network
Fog
Applications run on a remote server, VDI/DaaS instead of physical devices, only local devices are KB/mouse/screen
Thin client, minimal OS on client but needs big network connectivity
Runs many different OS on the same hardware, each app has its own OS
Virtualization
Isolated process in a sandbox, apps can’t interact with each other, uses host kernel and secure separation between applications
Container
One big application that does everything, contains all decision making process/code challenges
Monolithic
API
is the glue for micro services, built in containment, outage containment and scalable
Serverless architecture where apps split into individual functions, ran in a stateless computer container, managed by third party and May only run for 1 event
Function as a Service
Transit gateway, pool of resources created in a public cloud, many are created, cloud router, on different subjects and connected through vpn
Azure
FaaS
SIAM
VPC
Virtual private cloud
Azure
specifies which resources can be provisioned and amazon specifies resources/permitted actions-list users, allow api access from ip address range
Service integration and management
Many different service providers (multi sourcing) integrates diverse providers
Directly programmable, agile to make changes dynamically, centrally managed with open standards, no human intervention
Software defined networking, control and data plane
Needs to see data to secure it, devices include: NGF/WAF/Siem, encapsulates data with VXLAN/TLS, monitor application traffic with real time traffic flow, can control traffic flow via api is what?
Software Defined Visibility
I’m virtualization you have built too many servers/networks and firewalls, can’t tell which VM’s are for which apps
VM Sprawl
VM escape protection
Breaking out of VM and interact with host operating system or hardware, huge exploit because control virtual network
A sandbox is an isolated testing environment
True
Dismantling and removing an application instance is de provisioning and provisioning is deploying an app (web server, database server etc)
True
elasticity
increases or decreases available resources as the workload changes
Scalability increases workload in a given infrastructure
SQL databases with client sending detailed requests for data, limit client interactions is what?
Stored procedures
Memory management
Code reuse
Dead code
Stored procedures
Cryptographic nonce is Taking perfectly readable code and turning it into nonsense. True or False
False, obfuscation
Code reuse is when the results aren’t used anywhere else in the application
False, dead code
Code reuse is using old code to build new applications, watch for security risks
Helps protect against malicious users, attackers may not use your interface is what type of validation point?
Input
Server side
Client side
Version control
Server side, checks occur on server
What Validation point has end user app make validation decisions, filter legit input from users, provide additional speed
Input
Server side
Client side
Version control
Client side, use both server and client but server is more important
Extend functionality of a programming language
Third party libraries
A windows 10 exploit affects all windows 10 users unless the computers are running different software/applications with uniques binaries. What is the name of this preventive measure
Software diversity
Constantly written code that is merged into the central repository many times a day, need to document security baselines
Continuous delivery
Continuous deployment
Continuous Integration
Continuous scripting
CI
Which Continuous is more automation, auto deploy to production, no manual checks
continuous deployment
Continuous delivery automated testing and release processes, click button and deploy application
All usernames and passwords of a organizations database, authentication requests reference this, Kerberos or ldap
Attestation
SMS
Federation
Directory services
Directory services
Provide network access to others, partners/suppliers/customers etc, must establish trust
Federation
Attestation
Prove that hardware is yours , remote has operational report to verification server
This is authentication to a specialized app on mobile device
Push notification
Login factor sent to phone with predefined phone number is SMS and
True or false, Authentication apps are pseudo random token generators, physical or software token generators
True
Secret key and time of day, key configured ahead of time with time stamp
Time based one time password algorithm
HOTP one time password
Once a session with one login attempt, includes: HMAC algorithm (keyed hash) token based (hash different each time) hardware/software tokens
You can authenticate with both phone calls giving you a code and smart cards and a static code such as a pin or a password/phrase
True
False rejection rate is the likelihood that an unauthorized user will be accepted, not sensitive enough
False, false acceptance rate
False rejection rate is likelihood that an authorized user will be rejected, too sensitive
Defines overall accuracy of a biometric system, rate at which FAR and FRR are equal, adjust sensitivity to equalize both values is what?
True, Crossover Error Rate
Authorization is proving who you say you are with a password and other factors
False, authentication
Authorization is the accesses you have based on your identification and authentication
Internal monitoring and management, need internal expertise, external access must be granted and managed is what authentication?
Cloud
On premise
Multi factor
Biometric
On premise
What authentication factor is completing a series of patterns?
Something you do
Something you know
Something you have
Something you are
Something you know
Multiple links in network in case a link fails
RAID
Geographic dispersal
Load balancing
Multipath I/O
Multipath I/O
Ex. multiple fibre channels with multiple switches in case of failure
Raiders 0 is no fault tolerance
True
NICs talk to each other broadcasts
False,
Multicast
Ups is a short term backup power supply and a generator is long term
True
Hot swappable
Replace a faulty power supply without powering down
Provide multiple power outlets (in a rack)
Include monitoring and control by managing power capacity and enable or disable indv outlets
PDU
duplicates data from one data center to another
Use SAN-SAN
This includes redundancy by maintaining one VM and replicate all others (one big file) maintain copies anywhere
VM replication
Cloud storage is faster than on premise
False, cloud is always slower than local
All files changes since the last full back up
Full
Incremental
Differential
Non authoritative
Differential,
Incremental is all files changed since last incremental backup
Incremental is the fastest back up
True
A copy is an exact duplicate of a systemat one point in time
True
A disk is sequential storage, easy to ship and store, 100gb
False, magnetic tape
Disk is faster and deduplicate/compress
Run os from removable media, portable
Non persistence
Live boot media
Diversity
Order of restoration
Love boot media
What should be restored first?
Application
Server
Hardware
Database
Database
All cryptography is temporary
True, additional CA’s can provide additional protection
Embedded systems
Hardware and software designed for a specific function like digital watch, medical imaging system etc
Multiple components running on a single chip
System on a chip
Small form factor
Integrated circuit that can be configured after manufacturing. Common in infrastructure (firewall, routers)
FPGA
Cellular networking that runs at 10Gbits per second
5G
Uses to provide information to a cellular network provider from IoT devices, contains mobile details and embedded systems
5G
Subscriber Identity Module
Narrowband
Zigbee
SIM
Communicates analog signals over a slim range of frequencies, conserves frequency over long distance
5G
Subscriber Identity Module
Narrowband
Zigbee
Narrowband, used with IoT devices and SCADA
Single cable with a digital signal, bidirectional
Baseband
Subscriber Identity Module
Narrowband
Zigbee
Baseband
100base-to, 1000base-t, 10gbase-t
IoT networking, IEEE 802.15.4 PAN, alt. To WiFi and Bluetooth(less power consumption)
Zigbee
Embedded systems are not usually ran on a fully capable computer, they have limited features/communication (low cost)
True
Raspberry pie etc
What is a common constraint of embedded systems?
Power
CPU
RAM
Network
Power, cpu and network
Embedded systems commonly use authentication for security
False, typically none
Concealing an important facility in plain sight, blends into local environment
Industrial camouflage
Chemical fire you would use what to stop?
DuPont FM-200 (halon)
Site surveys, damage assessments you would use this
Proximity reader
Bollard
Faraday cage
Drone
Drone
Blocks electromagnetic fields, microwave oven inside
Faraday cage
Physically secure cabled network, protect cables/fiver and data, can’t cut the cables
PDS
Dual power
PDU
Hot swappable
PDS
Protected distribution system
Physical separation between networks, in shared environments; stock markets, SCADA, airplanes etc have these for protection
Air gap
Remove magnetic field, destroys drive data and renders drive unusable
Degaussing
Wiping data is is removing it from an existing data store
False, purge
Wipe is unrecoverable removal of data in a storage device, to be able to reuse on another system
What are added to encrypt a text?
Key
Cypher is the algorithm used to encrypt
Already built in and generates hashes from passwords
Key stretching library
Cryptographic key
Homomorphic encryption
Public/private sharing
Key stretching library
Used to secure IoT devices with limited power/CPU,
LW Crypt
Homomorphic encryption
Perform calculations while data is encrypted, directly on encrypted data, can only decrypt with price key
Single key to encrypt/decrypt data, if it gets out you need another key, secret key algorithm, doesn’t scale well
Symmetric encryption
Public key cryptography with 2 or more keys (public/private) need both to encrypt/decrypt. Both mathematically related
Asymmetric encryption
Key generation
combines a large random (prime) number with a key generation program to create a private and public key
Elliptic curve cryptography
Instead of numbers these use smaller keys than large prime numbers, smaller storage, perfect for phones
These can be a digital signature; authentication, non repudiation and integrity
Hashes
Verifies a downloadable file, compares downloaded file hash with the posted hash value
Collision
Practical hashing
Salt
Elliptical curve
Practical hashing
Digital signature does what
Proves message not changed (integrity)
Verify signature (non repudiation)
Sign with private key
Verify with public key
All the above
Don’t send the symmetric key over net, uses phone or in person is in band key exchange
False, out of band
In band is on network with additional encryption, use asymmetric to deliver symmetric key
Session keys are permanent
False, they are ephemeral (temporary) and need to be changed often
You can decrypt a web servers data if you have the private key and capture traffics. SPOF. Use this to change the method of key exchange
Pfs,
Uses elliptic curve or diffie helman for ephemeral key exchange
Steganography
is security through obscurity
Name 3 types of steganography
-embed messages in tcp packets
-place in image
-invisible watermarks
-digital audio files
-sequence of images
0’s and 1’s and combos of them used to search large data bases
Steganography
Post quantum cryptography
NTRU
Quantum superposition
Quantum superposition
Crypto system not vulnerable to quantum computing. Instead of using prime numbers it uses closest vector problem.
NTRU
random stream Quibits (key) across quantum network, if both keys are identical then it wasn’t viewed during transmission, someone seeing it would modify data stream and keys not be the same
QKD
Stream cyphers are mostly used with asymmetric encryption
False, symmetric
Block cyphers
What are symmetric encryption that are often 64 or 128 bit and each bit is encrypted or decrypted separately
Simplest encryption mode, each block encrypted with same key
ECB
Each plaintext block is XORed with previous cipher text. First block is IV and adds randoms
CBC
CTR
Acts as a stream cipher, encrypts successive values
Galois/ Counter Mode
Encryption with authentication, part of block mode, efficient without latency, used in packet used data;IPSec, tls etc
A block chain is a distributed ledger that keeps track of transactions, replicates to anyone
True
Low Power devices/low latency need larger symmetric key sizes and use ECC for asymmetric encryption
False, use smaller key sizes
High resiliency needs larger key sizes
Match these to the below; integrity, authentication, non repudiation
Validate content with hashes
Password hashing
digital signature
Integrity- Validate content with hashes
Auth-Password hashing
Non repudiated-digital signature
Public key encryption and digital signing of mail content
S/MIME
SRTP
NTPsec
HMAC
S/MIME
FTPS is SSH file over FTP
False, FTP over SSL
SFTP is SSH file over FTP
SASL
Provides authentication using many different methods is
Users access of data and applications is what?
endpoint
DLP is preventing data being lost
Kernel
This has complete control of OS
Specification for cryptographic functions used by apps within os, random number generator, versatile memory
TPM
This verifies a boot loader with a signed trustee certificate or digital signature
Hardware module
Trusted Boot
Boot integrity
Secure boot
Secure boot
Bootlisder verifies digital signature of os kernel, kernel verifies other components, then checks every driver if trusted
Hardware module
Trusted Platform Module
Trusted Boot
Secure boot
Trust boot
Remote Attestation
Device provides operational report to a verification server
Sending random input to an application; robustness testing, fault injecting, negative testing
Fuzzing
Secure cookies
Salting
Hashing
Fuzzing (dynamic analysis)
These prevent XSS attacks, add to web server configuration, only allow local script sites
Fuzzing
Secure cookies
Salting
HTTP secure headers
HTTP secure headers
Decisions in os, application hash, certificates, path and network zones are examples of what?
Fuzzing
Allow lists
Salting
HTTP secure headers
Allowed lists
Help identify security flaws, can automate finding a hidden vulnerability in a source code
Static application security testing
Registry
Primary configuration database for windows
Encryption for this prevents access to application database files
Disk
FDE, SED, Opal storage specification
-Hardware based full disk encryption, no OS
-encrypt everything on drive, bit locker
Full disk encryption- encrypt everything on drive, bit locker
-Self encryption drive-Hardware based full disk encryption, no OS
Opal Storage- 
send to server with lowest use
Weighted round Robin
Round Robin
Dynamic round round robin
Active/active load balancing
Dynamic round Robin
Round Robin, Each server is selected in turn
Weighted round Robin prioritizes a server
extranet
Private network for partners/ vendors, suppliers, needs additional authentication is what?
Intranet is private network for internal use only, vpn access only
North/south traffic is the ingress/egress to an outside device, internal web server inside data center communicating to an external web server
True,
East to west is traffic flow in a data centers, 2 web servers inside same data center communicating to each other
Encryption/decryption access device, used with client software built into os, many deployment options
Concentrator
Language commonly in web browsers, includes api and web cryptography, create vpn tunnel without a separate vpn application
HTML5 vpn
Everything sent from remote user is sent to vpn concentrator and the concentrator decides where the data goes
Split
Full
Site to site
L2TP
Full
Always on, firewall acts as vpn concentrator between remote user and corporate resources
L2TP
Site to site
Full
Split
Site to site
Connecting sites over a layer 3 network as if they were connected at layer 2, implemented with IPSec
Site to site
Full
L2TP
Split
L2TP
IPsec
Security for layer 3, authentication and encryption for every packet, confidentiality and integrity
Transport mode encrypts both the data and IP header
False, tunnel mode
Use this if you only care about integrity of data, hash of packet and shared key, prevent replay attack
ESP
AH
L2TP
IPSec
AH,
ESP encrypts and authenticates, more common to use, combined with AH for the integrity
802.1D
Prevents switching loops
BPDU guard
,
This bypasses listening and learning states, spanning tree control protocol, work stations don’t send these
Ip tracking on layer 2 device, switch is a firewall for tus, switch watches these conversations, filters invalid information
DHCP snooping
Descruces process of controlling traffic flows, many methods is
QoS
No NAT, no ARP, IPSec built in for ipv4 security
False, ipv6 security
Port redirection, software based and limited functionality
Port mirror
These limit the number of broadcasts per second, can also control multicast and unicast traffic, managed by values
Switches
STP
BPDU guard
NGFW
Switches, managed
Filter traffic by port number or application, encrypt traffic between vpn sites, layer 3 device, incorporating NAT
WAF
Network based firewall
Stateless firewall
NGFW
Network based
Application layer, all data is in every packet, each packet analyzed
State full firewall
Network based firewall
Stateless firewall
NGFW
NGFW
Applies rules to https, allows or denies based on input, used for payment cards, sQl injection
WAF
Network based firewall
Stateless firewall
NGFW
WAF
Firewall ACL’s are from top to bottom
True, also includes implicit deny
True or false, Opening source firewalls include application controls and high speed hardware
False, proprietary
Open source is traditionally firewall function
Appliance provide faster throughput for firewall then host based
True,
Host based can view non encrypted data
This access control is Connecting internal network to the internet, mostly with firewalls, access control is inside or outside and trying to reach resources/access can be through location or user groups etc
Edge
integrated with Active Directory and makes health checks during login and log off is what?
Agentless nac
dissolvable agents- Not Installing permanent software, performs posture assessment and terminates when done
These are useful fit caching information, access control, url filtering and content scanning
Proxies
Internal proxy commonly to protect and control user access to the internet
Application proxy
Forward proxy
Reverse proxy
Open proxy
Forward proxy
Inbound traffic from Internet to your internal service
Application proxy
Forward proxy
Reverse proxy
Open proxy
Reverse proxy
3rd party uncontrolled proxy, significant security concern, used to circumvent existing security controls
Application proxy
Forward proxy
Reverse proxy
Open proxy
Open proxy
Connects an ips, redirects traffic by examining a copy of traffic. Does this through port mirror or network tap, does not block, just prevents
In band response
Passive monitoring
In line monitoring
Out of band response
Passive monitoring
Out of band response
Malicious traffic is identified, limits traffic , iPs sends tcp reset frame to disable traffic flow and prevent anymore malicious traffic
Ips sits physically in-line, all traffic goes through it first, prevents any malicious traffic from getting into netwok, drops bad traffic
In band response
High end cryptographic hardware, secures storage, offloads cpu overhead from other devices, used in large environments with clusters and redundant power
Hardware Security module
Access secure network zones, highly secured device, ssh/tunnel/vpn to this, security concern
Jump server
This is Proprietary consoles (firewall, ips) siem consoles (Syslog servers) aimed include correlation engine to compare diverse sensor data
Collector
WPA2-CCMP
Data confidentiality with aes, message integrity with cbc-mac
WPA3 PSK has a brute force problem
False, WPA2 PSK
WPA changes PSK to include mutual authentication, creates shared session key that isn’t shared over the network, no hashes/handshakes is now in WPA3 for SAE
True
Diffie Hellman derive key exchange with authentication component, everyone uses different session key, even with PSK is SAE
True, dragon fly handshake
This security mode authenticates users individually with an authentication server (radius) is WPA-PSK
False, WPA3 enterprise/802.1x
Allows for easy set up of mobile device through pin configured on access point entered on phone/push button on access point
Eap
PEAP
WPS
EAP-FAST
WPS
Authentication framework, many ways to authenticate based on RFC standard, integrates with 802.1x.
Eap
PSK is used in conjunction with access to to a database, radius/ldap/TACACS
False, 802.1x (port based network access control)
Authentication server and supplicant share a protected access credential (pac) (shared secret) needs radius server, authenticates over tls. *makes sure supplicant and authenticator can communicate in a tunnel
Eap-fast
PEAP
Eap
Captive portal
Eap-fast
Encapsulates eap in a tls tunnel, user authenticates with MSCHAPv2, user can authenticate with GTC. Uses digital certificates for authentication
Eap-fast
PEAP
Eap
Captive portal
PEAP
Requires digital certificate in AS and other devices. Uses mutual auth in order for a tls tunnel. Required PKI and legacy devices may not be able to use
Eap-fast
PEAP
Eap
Eap tls
Eap tls
Radius federation is members of an organization can authentication to network of another organization, uses 802.1x (NAC)
True
Supplicant- the client
authenticator- device that provide access authentication server- validates client credential
True
Eap-ttls
Supports other authentication protocols in a tls tunnel, needs one digital certificate on AS, used by all is what?
For wireless packet analysis, you can’t hear everything on the network if you are transmitting data
True
Configures, updates, and maintain all access points in an infrastructure
Controller
ESSID
802.1x
Eap-tls
Controller
Connections to buildings are point to multi point
False, point to point
Multi point is full connectivity between nodes
WiFi is WAN
Blue tooth is PAN- high speed communication over short distance
WiFi is LAN
DOS/frequency jamming, remote capture, stolen device, replay attack or man in the middle are common attacks against what?
RFC
NFC
Bluetooth
GPS
NFC
Mobile device management
Manage company owned and user owned mobile devices
Secure access to data, protect data from outsiders, file sharing and viewing, DLP for mobile devices
Mobile content management
Context aware auth
Authentication that combines multiple contexts; ip address, gps, other devices, emerging tech, what devices you frequent etc
Separate enterprise mobile apps and data, creates a virtual area for company data with limited sharing. Storage segments the data is what?
Containerization
Shrinks PCI express, security; key generation, digital signatures, authentication, secure storage
MicroSD HSM
Provision, update and remove apps, creates enterprise catalog, monitor application use, remote wipe
MicroSD
UEM
MAM
SEAndroid
Mobile application management
Addresses broad scope of system security for Linux/kernel/user space/policy configuration
MicroSD
UEM
MAM
SEAndroid
SEAndroid
Move from user assigned control to object labels and minimum user access
SEAndroid
manages android deployments
Applications can be used across different platforms by using this
MicroSD
UEM
MAM
SEAndroid
UEM
Rooting (android)/jailbreaking (Apple)
Install custom firmware, uncontrolled access, side load apps. You don’t need access to os
Company buys device, used as corporate and personal device, org has full control of device
Corporate owned personally enabled
Apps/data separate from mobile device, centralized app development, data separate from device
Corporate owned
VDI/VMI
COPE
CYOD
Virtual desktop infrastructure
Company owns device and is not for personal use use is CYOD
False, corporate owned
CYOD is similar to COPE but you choose your device
HA across zones are Availability zones, isolated locations with cloud region, independent power, build apps to be highly available, load balancers
True
This allows different os and applications to communicate across platforms, validates security controls
Integration/auditing
resource policies- Identity access management, map job functions to roles, provide access to cloud resources, centralize user accounts
API keys, password, certificates, difficulty to manage, authorize access to this, manage access control policy, provide audit trail
Secrets management
Resource policies
HA across zones
Integration
Secret management
Iam, bucket policies, globally blacking public access, don’t put data in cloud unless it needs to be there are examples of what?
Resource policies
Permissions
Replication
Cloud storage
Permission
Data already encrypted when sent to the cloud and performed by the application is client side encryption
True,
Server side encryption encrypts data in cloud and is encrypted when stored on a disk
is micro service architecture that view’s special api queries and monitors incoming/outgoing data
API inspection and integration
Manages computing resources such launchers/removesa vm or container, allocates resources
Iaas
Security groups
Virtual private cloud endpoint
Container security
Iaas
Dynamic resource allocation
Provisioned resources when needed, scaled up or down, ongoing monitoring
Instance awareness
Granular security controls, identifies specific data flows, files shares and defines set policies, denies certain uploads
Allows private cloud subnets to communicate to other cloud services, does not need internet connectivity
Virtual private cloud endpoint
Bugs, Insufficient security controls, Mia configurations are security issues for what?
Virtualization
Cloud computing
Container
Man I. The middle
Container
