SY0-701: 2.0 (Threats, Vulnerabilities, and Mitigations) Flashcards
(213 cards)
1
Q
Vulnerability (2.3)
A
Any weakness in the system design or implementation (software bugs, misconfigures software. improperly protected network devices, missing security patches, lack of physical security)
2
Q
Threat Actor Attributes (2.1)
A
Specific characteristics or properties that define and differentiate various threat actors from one another
3
Q
Threat Actor (2.1)
A
Individual or entity responsible for incidents that impact security and data protection
4
Q
Threat Actor Types (2.1)
A
Unskilled Attackers- baby hackers
Hacktivists- driven by cause
Organized Crime- driven by money
Nation-State Actors- cyber warfare/espionage
Insider Threats- revenge or accidental
5
Q
Unskilled Attacker (2.1)
A
AKA Script Kiddie
Runs scripts w/ no knowledge of how it works
6
Q
Hacktivist (2.1)
A
Individuals or groups that use their technical skills to promote a cause or drive a social change instead of for personal gain
7
Q
Organized Crime (2.1)
A
Sophisticated and well-structured entities that leverage resources and technical skills for illicit gain
8
Q
Nation-State Actor (2.1)
A
Highly trained and often funded by nation states/governments
9
Q
Insider Threat (2.1)
A
Cybersecurity threats that originate from within an organization (malicious or accidental)
10
Q
Threat Actor Motivations (2.1)
A
Data exfiltration
Espionage
Service disruption
Blackmail
Financial gain
Philosophical/political beliefs
Ethical
Revenge
Disruption/chaos
War
11
Q
Threat Actor Attributes (2.1)
A
Internal / External
Resources / Funding (tools, skills, personnel)
Level of sophistication / Capability (technical skill, coimplexity of tools, ability to evade detection)
12
Q
False Flag Attack (2.1)
A
Attack that is orchestrated in such a way that it appears to originate from a different source or group (popular style w/ nation-state groups)
13
Q
APT (2.1)
A
Advanced Persistent Threat- Prolonged and targeted cyber attack in which an intruder gains unauthorized access to a network and remains undetected for an extended period of time while trying to steal data or monitor network activities rather than cause immediate damage
14
Q
Shadow IT (2.1)
A
The use of information technology systems, devices, software, applications, and services without explicit organizational approval
15
Q
Threat Vector (2.2)
A
Method used by an attacker to access a victim’s machine (e.g. a vulnerability; messages, images, files, etc.)
16
Q
Attack Surface (2.2)
A
Encompasses all the various points where an unauthorized user can try to enter data to or extract data from an environment
17
Q
BlueBorne (2.2)
A
Set of vulnerabilities in Bluetooth technology that can allow an attacker to take over devices or spread malware
18
Q
BlueSmack (2.2)
A
Type of DOS attack that targets Bluetooth-enabled devices by sending a specially crafted Logical Link Control and Adaptation Protocol packet to a target device
19
Q
Forms of Impersonation (2.2)
A
Impersonation
Brand Impersonation
Typosquatting
Watering Hole Attacks
20
Q
Brand Impersonation (2.2)
A
Specific form of impersonation where an attacker pretends to represent a legitimate company or brand
21
Q
Impersonation (2.2)
A
An attack where an adversary assumes the identity of another person to gain unauthorized access to resources or steal sensitive data
22
Q
Typosquatting (2.2)
A
A form of cyber attack where an attacker registers a domain name that is similar to a popular website but contains some kind of common typographical errors
23
Q
Watering Hole Attacks (2.2)
A
Targeted form of cyber attack where attackers compromise a specific website or service that their target is known to use
24
Q
Pretexting (2.2)
A
Technique where an attacker provides some information that seems true in an attempt to get the victim to provide more information
25
Phishing Attack Types (2.2)
Phishing
Vishing
Smishing
Whaling
Spear Phishing
Business Email Compromise
26
Phishing (2.2)
Fraudulent attack using deceptive emails from trusted sources to trick individuals into disclosing personal information like passwords and credit card numbers
27
Vishing (2.2)
Voice Phishing- Phone-based attack in which the attacker deceives victims into divulging personal or financial information
28
Smishing (2.2)
SMS Phishing- Attack that uses text messages to deceive individuals into sharing their personal information
29
Whaling (2.2)
Form of spear phishing that targets high-profile individuals, like CEOs or CFOs
30
Spear Phishing (2.2)
Phishing with a more tightly focused group of individuals or organizations
31
Business Email Compromise (BEC) (2.2)
Advanced phishing attack that leverages internal email accounts within a company to manipulate employees into carrying out malicious actions for the attacker
32
Identity Theft (2.2)
When attackers tries to fully assume the identity of their victim
33
Identity Fraud (2.2)
e.g. Attacker takes the victims credit card number and makes charges
34
Scam (2.2)
A fraudulent or deceptive act or operation
35
Invoice Scam (2.2)
A scam in which a person is tricked into paying for a fake invoice for a service or product that they did not order
36
Misinformation (2.2)
Inaccurate information shared unintentionally
37
Disinformation (2.2)
Intentional spread of false information to deceive or mislead
38
Attack Vector (2.4)
A means by which an attacker gains access to a computer to infect the system with malware
39
Malware (2.4)
Malicious Software (Viruses, trojans, worms, etc.)
40
Virus (2.4)
Malicious code that's run on a machine without the user's knowledge
*requires user actions to reproduce and spread
41
Virus Types (2.4)
Boot Sector
Macro
Program
Multipartite
Encrypted
Polymorphic
Metamorphic
Stealth
Armored
Hoax
42
Boot Sector Virus (2.4)
Stored in the first sector of a hard drive and loaded into memory upon boot up
43
Macro Virus (2.4)
Allows virus to be embedded w/i another document (Word Doc, Spreadsheet, etc.)
44
Program Virus (2.4)
Infect an executable or application file
45
Multipartite Virus (2.4)
Combination of a boot sector virus and program virus; first attaches itself to the boot sector and system files before attacking other files
46
Encrypted Virus (2.4)
Uses cipher to encrypt its contents in an attempt to hide from antivirus
47
Polymorphic Virus (2.4)
Advanced version of an encrypted virus; changes itself every time it is executed by altering the decryption module in an attempt to hide from antivirus
48
Metamorphic Virus (2.4)
Advanced version of Polymorphic Virus; is able to rewrite itself entirely before it attempts to infect a file
49
Stealth Virus (2.4)
A way viruses protect themselves
50
Armored Virus (2.4)
Has a layer of protection to confuse a program or person analyzing it
51
Hoax Virus (2.4)
Tricks user into infecting their own machine; ""Your machine has been infected"" messages; user gets the virus if they follow instructions; form of social engineering
52
Worm (2.4)
Malicious software that is able to replicate and spread without any user interaction; cause disruption to normal network traffic and computing activities
53
Trojan (2.4)
Malicious software which is disguised as harmless or desirable software; will usually provide desirable function as well as malicious one
54
RAT (2.4)
Remote Access Trojan: trojan which gives attacker remote access to machine; most common type of trojan
55
Ransomware (2.4)
Encrypts users files and provides instructions for payment to decrypt files
56
Spyware (2.4)
Secretly gathers information about user w/o their consent; may include keylogger
57
Adware (2.4)
Type of spyware which displays ads based on info collected while collecting data w/o consent
58
Grayware (2.4)
Also known as Jokeware; Causes improper system behavior w/o serious consequences (eg crazymouse)
59
Botnet (2.4)
Network of compromised computers or devices controlled remotely by malicious actors; Allows attacker to use the devices processing power, memory etc. for nefarious purposes
60
Zombie (2.4)
A compromised computer or device that is part of a botnet and used to perform tasks using remote commands
61
Command and Control Node (2.4)
AKA C2 Node- Responsible for managing and coordinating the activities of other nodes or devices within a network
62
Rootkit (2.4)
Designed to gain administrative level control on computer system w/o being detected; typically uses method called DLL Injection or Driver Manipulation
63
DLL Injection (2.4)
Malicious code is inserted into a running process on a Windows machine by taking advantage of Dynamic Link Libraries which are loaded at runtime
64
Driver Manipulation (2.4)
Compromises the kernel-mode device drivers which operate at a privileged or system level
65
Shim (2.4)
Code placed between two components to intercept calls and redirect them; similar concept as man in the middle
66
Spam (2.4)
Abuse of electronic messaging systems; usually email, texts, etc.; usually just annoying but can be dangerous if malicious code is embedded in messages
67
CAN-SPAM Act of 2003 (2.4)
Controlling the Assault of Non-solicited Pornography And Marketing; 1st national standards for sending commercial emails
68
Spim (2.4)
Spam over instant messaging; text messages, chat rooms, etc.
69
Backdoor (2.4)
Used to bypass the normal security and authentication functions
70
Easter Egg (2.4)
Unsecure coding practice that was used by programmers to provide a joke or a gag gift to the users
71
Logic Bomb (2.4)
Malicious code that's inserted into a program and will only execute when certain conditions have been met
72
Keylogger (2.4)
Piece of software or hardware that records every single keystroke that is made on a computer or mobile device
73
Fileless Malware (2.4)
Used to create a process in the system memory without relying on the local file system on the infected host
74
Dropper (2.4)
Initiates or runs other malware forms within a payload on an infected host
75
Downloader (2.4)
Retrieves additional tools post the initial infection facilitated by a dropper
76
Shellcode (2.4)
Encompasses lightweight code meant to execute an exploit on a given target
77
Concealment (2.4)
Used to help the threat actor prolong unauthorized access to a system by hiding tracks, erasing log files, and hiding any evidence of malicious activities
78
Living of the Land (2.4)
A strategy adopted by many APTs and criminal organizations
The threat actors try to exploit the standard system tools to perform intrusions
79
Indications of Malware Attacks (2.4)
Account lockout
Concurrent session usage
Blocked content
Impossible travel
Resource consumption
Resource inaccessibility
Out-of-cycle logging
Missing logs
Published or documented attacks
80
Account lockout (2.4)
User's unable to access accounts due to login attempts
81
Concurrent session usage (2.4)
User's having multiple concurrent/simultaneous sessions
82
Blocked content (2.4)
Increase in blocked content notices from security tools
83
Impossible travel (2.4)
User's account is accessed from two different geographic locations in an impossible amount of time
84
Resource consumption (2.4)
System slowdowns for unidentified reasons
85
Resource inaccessibility (2.4)
Inability to access resources such as files or systems
86
Out-of-cycle logging (2.4)
Log files generated at odd hours
87
Missing logs (2.4)
Log files missing/deleted; time gap in logs
88
Published or documented attacks (2.4)
If a report is published stating your organization has been attacked
89
Common Sign of Phishing Attempt (2.2)
Generic greetings
Spelling and grammar mistakes
Spoofed email addresses
Urgency
Unusual requests
Mismatched URLs
Strange email addresses
90
Cryptographic Attacks (2.4)
Techniques and strategies that adversaries employ to exploit vulnerabilities in cryptographic systems with the intent to compromise the confidentiality, integrity, or authenticity of data
91
Downgrade Attack (2.4)
aka Version Rollback Attack- Cryptographic attack which aims to force a system into using a weaker or older cryptographic standard or protocol than what it's currently utilizing
92
Quantum Computing (2.3)
A computer that uses quantum mechanics to generate and manipulate quantum bits (qubits) in order to access enormous processing powers
93
Collision Attack (2.4)
Aims to find two different inputs that produce the same hash output
94
Quantum Communications (2.3)
A communications network that relies on qubits made of photons to send multiple combinations of ones and zeros simultaneously which results in tamper resistant and extremely fast communications
95
Qubit (2.3)
A quantum bit composed of electrons or photons that can represent numerous combinations of ones and zeros at the same time through superposition
96
Post-Quantum Cryptography (2.3)
A new kind of cryptographic algorithm that can be implemented using todays classical computers but is also impervious to attacks from future quantum computers
97
Post-Quantum Cryptographic Algorithms (2.3)
CRYSTALS-Dilithium - Recommended by NIST for digital signatures
FALCON
SPHINCS+ - Focuses on hashing
98
Brute Force Attacks (2.6)
Involves trying every possible combination of characters until the correct password is found
Mitigated against by:
Increasing complexity
Increasing length
Limiting number of login attempts
Using multifactor authentication
Using CAPTCHAS
99
Dictionary Attack (2.6)
Using a list of commonly used passwords and trying them all
Mitigated against by:
Increasing complexity
Increasing length
Limiting number of login attempts
Using multifactor authentication
Using CAPTCHAS
100
Password Spraying (2.6)
A form of brute force attack that involves trying a small number of commonly user passwords against a large number of usernames or accounts
Mitigated against by:
Using unique passwords
Using multifactor authentication
101
Hybrid Attack (2.6)
Blends brute force and dictionary techniques by using common passwords with variations, such as adding numbers or special characters
102
Hardware Vulnerabilities (2.3)
Security flaws or weaknesses inherent in a devices physical components or design that can be exploited to compromise the integrity, confidentiality, or availability of the system and its data
103
Firmware (2.3)
Specialized form of software stored on hardware device, like a router or a smart thermostat, that provides low-level control for the devices specific hardware
104
End-of-Life Systems (2.3)
Refers to hardware or software products that have reached the end of their life cycle; vendors no longer providing support
105
Legacy Systems (2.3)
Outdated computing software, hardware, or technologies that have been largely superseded by newer and more efficient alternatives
106
Unsupported Systems (2.3)
Hardware or software products that no longer receive official technical support, security updates, or patches from their respective vendors or developers
107
Unpatched System (2.3)
Device, application, or piece of software that has not been updated with the latest security patches so that it remains vulnerable to known exploits and attacks
108
Hardware Misconfiguration (2.3)
Occurs when a devices settings, parameters, or options are not optimally set up, and this can cause vulnerabilities to exist, a decrease in performance, or unintended behavior of devices or systems
109
Hardening (2.3)
Involves tightening the security of a system
110
Patching (2.3)
Involves the regular updating of the software, firmware, and applications with the latest security patches
111
Decommissioning (2.3)
Means that the system is retired and removed from the network
112
Isolation (2.3)
Used to limit the potential damage that might occur from a potential security breach
113
Segmentation (2.3)
Used to divide the network into segments
114
Configuration Enforcement (2.3)
Used to ensure that all devices and systems adhere to a standard secure configuration
115
Bluetooth (2.3)
Wireless technology standard used for exchanging data between fixed and mobile devices over short distances without the need for an Internet connection
116
Insecure Device Pairing (2.3)
Occurs when Bluetooth devices establish a connection without proper authentication
117
Device Spoofing (2.3)
Occurs when an attacker impersonates a device to trick a user into connecting
118
On-Path Attack (2.3)
Exploits Bluetooth protocol vulnerabilities to intercept and alter communications between devices without either party being aware
119
Bluejacking (2.3)
Attacker sends unsolicited messages to a Bluetooth enabled device to test the vulnerability of the device
120
Bluesnarfing (2.3)
Attacker obtains unauthorized access to a device using Bluetooth connection oftentimes to steal data such as contacts, call logs, and/or text messages
121
Bluesmack (2.3)
Bluetooth attack which focuses on a denial of service by sending a large amount of data
122
Blueborne (2.3)
An attack which is sent wirelessly and can affect numerous devices within seconds without requiring user intervention
123
Bluetooth Attack Prevention (2.3)
Keep Bluetooth off when not in use
Ensure devices are set to non-discoverable
Regularly update firmware
Only allow pairing between known/trusted devices
Use unique PINs or passkeys
Be cautious of unsolicited connection requests
Use encryption for sensitive data transfers
124
Sideloading (2.3)
The practice of installing applications on a device from unofficial sources which actually bypasses devices default app store
125
Jailbreaking / Rooting (2.3)
Process that gives users escalated privileges on the devices and allows users to circumvent the built-in security measures provided by the devices
126
MDM (2.3)
Mobile Device Management- used to conduct patching of the devices by pushing any necessary updates to the devices to ensure that they are always equipped with the latest security patches
127
Zero-Day Vulnerability (2.3)
Any vulnerability that's discovered or exploited before the vendor can issue a patch for it
128
Zero-Day Exploit (2.3)
Any unknown exploit that exposes a previously unknown vulnerability in the software or hardware
129
Data Exfiltration (2.3)
Unauthorized data transfers from within an organization to an external location
130
Malicious Updates (2.3)
Occurs when an attacker has been able to craft a malicious update to a well-known and trusted program in order to compromise the systems of the programs end users
131
Code Injection (2.3)
The insertion of code through a data input form from a client to an application
132
SQL (2.3)
Structured Query Language- used to search, input, update, and delete data from a database
133
XML (2.3)
Extensible Markup Language- Used by web applications for authentication, authorization, and other types of data exchange
134
XML Bomb (2.3)
Billion Laughs Attack- XML encodes entities that expand to exponential sizes, consuming memory on the host and potentially crashing it
135
XXE Attack (2.3)
XML External Entity- An attack that embeds a request for a local resource
136
XSS (2.3)
Cross Site Scripting- Injects a malicious script into a trusted site to compromise the sites visitors
137
Persistent XSS (2.3)
Persistent Cross Site Scripting- Allows an attacker to insert code into the backend database used by that trusted website
138
DOM XSS (2.3)
Document Object Model Cross Site Scripting- Exploits the client-side scripts to modify the content and layout of the web page
139
Session Management (2.3)
Enables web applications to uniquely identify a user across several different actions and requests
140
Cookie (2.3)
Text file used to store information about a user when they visit a website
Non-Persistent: Known as a session cookie, which resides in memory and is used for a very short period of time; when session concludes cookie is deleted
Persistent: Store in the browser cache until either deleted by a user or expired
141
Session Hijacking (2.3)
Type of spoofing attack where the attacker disconnects a host and then replaces it with his or her own machine by spoofing the original host IP
142
Session Prediction Attacks (2.3)
Type of spoofing attack where the attacker attempts to predict the session token in order to hijack the session
143
XSRF (2.3)
Cross-Site Request Forgery- Malicious script is used to exploit a session started on another site within the same web browser
144
Buffer Overflow (2.3)
Occurs when data exceeds allocated memory, potentially enabling unauthorized access or code execution
145
Buffer (2.3)
A temporary storage area where a program stores its data
146
Race Condition (2.3)
Software vulnerability where the outcome depends on the timing of events not matching the developers intended order
Typically occur outside the normally logged processes on a computer making them difficult to detect
147
Dereferencing (2.3)
Software vulnerability that occurs when the code attempts to remove the relationship between a pointer and the thing that pointer was pointing to in the memory
148
Dirty Cow (2.3)
Popular 2016 exploit showcasing a race condition exploitation
149
COW (2.3)
Copy On Write
150
TOC (2.3)
Time Of Check- Type of race condition where an attacker can alter a system resource after an application checks its state but before the operation is performed
151
TOU (2.3)
Time Of Use- Type of race condition that occurs when an attacker can change the state of a system resource between the time it is checked and the time it is used
152
TOE (2.3)
Time Of Evaluation- Type of race condition that involves the manipulation of data or resources during the time window when a system is making a decision or evaluation
153
Mutex (2.3)
Mutually exclusive flag that acts as a gatekeeper to a section of code so that only one thread can be processed at a time
154
Deadlock (2.3)
Occurs when a lock remains in place because the process its waiting for is terminated, crashes, or doesn't finish properly, despite the processing being complete
155
Flood Attack (2.4)
Specialized type of DoS attack which attempts to send more packets to a single server or host
156
Ping Flood (2.4)
A variety of flood attack in which a server is sent with too many pings (ping = ICMP echo but exam refers to it as a ping)
157
SYN Flood (2.4)
A variety of a flood attack where an attacker will initiate multiple TCP sessions but never complete the three-way handshake
158
PDoS (2.4)
Permanent Denial of Service- An attack whi9ch exploits a security flaw by re-flashing a firmware, permanently breaking the networking device
159
Fork Bomb (2.4)
A large number of processes is created to use up a computers available processing power
160
DNS Amplification Attack (2.4)
Specialized DDoS attack where the attacker overloads a target system with DNS response traffic by exploiting the DNS resolution process
161
Blackhole / Sinkhole (2.4)
Method of fighting a DDoS attack by identifying attacking IP addresses and routing all their traffic to a non-existent server (this is a temporary solution since attackers can just change their IP address)
162
Elastic Cloud Infrastructure (2.4)
Scales up as server requirements increase which can ride out a DDoS attack but costs money due to scaling up
163
DNS (2.4)
Domain Name Systems- Responsible for translating human-friendly domain names into IP addresses that computers can understand
164
DNS Cache Poisoning (2.4)
aka DNS Spoofing- Involves corrupting the DNS resolver with false information
165
DNSSEC (2.4)
Domain Name System Security extensions- adds a digital signature to the organizations DNS data; combats DNS Cache Poisoning
166
DNS Tunneling (2.4)
Uses DNS protocol over port 53 to encase non-DNS traffic, trying to evade firewall rules for commands control or data exfiltration
167
Domain Hijacking (2.4)
Altering a domain names registration without the original registrants consent
168
DNS Zone Transfer Attack (2.4)
The attacker mimics an authorized system to request an obtain the entire DNS zone data for a domain
169
Directory Traversal (2.4)
A type of injection attack that allows access to commands, files, and directories, either connected to web document root directory or not (e.g. ../../../../)
170
../ encoded is...
%2e%2e%2f (%2e = "." ; %2f = "/")
171
File Inclusion (2.4)
Allows an attacker to either download files from an arbitrary location or upload an executable or script file to open a backdoor
172
Remote File Inclusion (2.4)
Occurs when an attacker tries to execute a script to inject a remote file
173
Local File Inclusion (2.4)
Occurs when an attacker tries to add a file that already exists
174
Arbitrary Code Execution (2.4)
A vulnerability that allows an attacker to run a code or module that exploits a vulnerability
175
Remote Code Execution (2.4)
A type of arbitrary code execution that allows an attacker to transmit code from a remote host
176
Privilege Escalation (2.4)
Occurs when a user accesses or modifies specific resource that they are not entitles to normally access
Vertical Privilege Escalation- From normal level user to higher level (e.g. regular user to root)
Horizontal Privilege Escalation- From one user to another of generally the same level (e.g. from sales user to HR user)
177
Rootkit (2.4)
A class of malware that modifies system files, often at the kernel level, to conceal its presence
Kernel Mode and User Mode
178
Replay Attack (2.4)
Type of network-based attack that involves maliciously repeating or delaying valid data transmissions (e.g. attacker records banking login session and plays it back at a later time to log in as you)
179
Session Hijacking (2.4)
A type of spoofing attack where the host is disconnected and replaced by the attacker; a lot of times this is done by stealing session cookies
180
Session Tokens (2.4)
Unique data pieces that prevent session replay by attackers
181
Session Management (2.4)
A fundamental security component that enables web applications to identify a user
182
Session Prediction (2.4)
An attacker attempts to predict the session token to hijack that session
183
Cookie Poisoning (2.4)
Modifying the contents of a cookie to be sent to a clients browser and exploit the vulnerabilities in an application
184
On-Path Attack (2.4)
aka Interception Attack- An attack where the attacker puts the workstation logically between two hosts during the communication
185
Relay Attack (2.4)
Occurs when attackers insert themselves in between two hosts and become part of the conversation
186
SSL Stripping (2.4)
Tricking the encryption application with an HTTP connection instead of an HTTPS connection
187
Downgrade Attack (2.4)
Occurs when an attacker attempts to have a client or server abandon its higher security mode
188
LDAP Injection (2.4)
Lightweight Directory Access Protocol Injection- An attack in which LDAP statements, typically created by user input, are fabricated
189
Command Injection (2.4)
A threat actor is able to execute arbitrary shell commands via a vulnerable web application
190
Process Injection (2.4)
A method of executing arbitrary code in the address space of a separate live process
191
IoC (2.4)
Indicators of Compromise- Data pieces that detect potential malicious activity on a network or system
Account lockouts (multiple failed login attempts)
Concurrent session usage (one user w/ multiple sessionts)
Blocked content (users attempting to download content w/o proper privileges)
Impossible travel (users logs on from US and an hour later from India)
Resource consumption
Resource inaccessibility (inablility to access resources such as a database)
Out-of-cycle logging (logs show entries during hours when office is closed)
Articles or documents on security breach sites
Missing logs
192
Least Functionality (2.5)
A process of configuring a workstation or server with only essential applications and services for the user
193
Allowlisting (2.5)
A security measure that permits only approved applications to run on an operating system; this is more secure than blocklisting since everything is denied by default but is more difficult to set up
194
Blocklisting (2.5)
Entails preventing listed applications from running, allowing all others to execute; less secure than allowlisting but easier to set up
195
Services (2.5)
Background applications that operate within the OS, executing a range of tasks; unnecessary services should be disabled
196
Command Line syntax to stop service (Windows) (2.5)
sc stop [service name] (sc = service controls or...
net stop [service name]
197
Command Line syntax to stop service (Mac/Linux) (2.5)
top (displays running processes with their associated pid's
kill pid [process id of process to kill] (pid = process ID)
198
TOS (2.5)
Trusted Operating System- Designed to provide a secure computing environment by enforcing stringent security policies that usually rely on mandatory access controls
199
Integrity-178B (2.5)
POSIX-based operating system that is designed for embedded system use
200
EAL (2.5)
Evaluation Assurance- Based on a set of predefined security standard and Certification from the Common Criteria for Information Technology Security Evaluation; has levels (1-7) e.g. Integrity-178B EAL level 6; highest level is 7
Most user based OS's (Linux, Mac, Windows) are EAL level 4 or 4+ meaning they were carefully designed, tested and reviewed, and offer good security assurance
201
MAC (reference TOS) (2.5)
Mandatory Access Control- Access permissions are determined by a policy defined by the system administrators and enforced by the operating system
202
Trusted Solaris (2.5)
Offers secure, multi-level operations with MAC, detailed system audits, and data/process compartmentalization
203
Hotfix (2.5)
A software patch that solves a security issue and should be applied immediately after being tested in a lab environment
204
Update (2.5)
Provides a system with additional functionality but does not usually provide any patching of security related issues
205
Service Pack (2.5)
Includes all the hotfixes and updates since the release of the operating system
206
Effective Patch Management Program (2.5)
1. Assign a dedicated team to track vendor security patches
2. Establish automated system-wide patching for OS and applications
3. Include cloud resources in the patch management
4. Categorize patches as urgent, important, or non-critical for prioritization
5. Create a test environment to verify critical patches before production deployment
6. Maintain comprehensive patching logs for program evaluation and monitoring
7. Establish a process for evaluating, testing, and deploying firmware updates
8. Develop a technical process for deploying approved urgent patches to production
9. Periodically assess non-critical patches for combined rollout
207
Patch Management (2.5)
Planning, testing, implementing, and auditing of software patches
208
Patch Management Steps (2.5)
1. Planning- Create policies, procedures, and systems to track and very patch compatibility
2. Testing
3. Implementation
4. Auditing
209
Patch Management software (2.5)
Microsoft Endpoint Manager
Cisco UCS Manager
210
Data Encryption (2.5)
Process of converting data into a secret code to prevent unauthorized access
211
Types of Data Encryption (2.5)
Full Disk Encryption- Encrypts an entire hard disk (Bitlocker / FileVault)
Partition- Encrypts a specified partition (VeraCrypt)
File- Encrypts an individual file (GNU Privacy Guard aka GPG)
Volume- Encrypts a specified volume (VeraCrypt)
Database- Encrypts an entire database
Record- Encrypts specific record in a database
212
GPG (2.5)
GNU Privacy Guard- Provides cryptographic privacy and authentication for data communication
213
TDE (2.5)
SQL Server Transparent Data Encryption- Auto-encrypts the entire database without needing application changes, as the system handles encryption and decryption
