Test Prep April 2 Flashcards
(127 cards)
1
Q
SRTP
A
Secure Real Time Transport Protocol: This encrypts communication with AES
2
Q
NTPsec
A
Secure Network Time Protocol
3
Q
S/MIME
A
Secure multipurpose internet mail extensions: Requires a public key infrastructure
4
Q
Secure POP3
A
Uses STARTTLS to encrypt with SSL
5
Q
IMAP
A
Uses SSL to encrypt email messages
6
Q
SSL
A
Secure Sockets Layer
7
Q
TLS
A
Transport Layer Security: Uses HTTPS
8
Q
HTTPS
A
HTTP over TLS: Uses Private key encryption
9
Q
IPsec
A
Internet Protocol Security: Security for OSI Layer 3, encryption and packet signing; uses authentication header
10
Q
FTPS
A
File Transfer protocol secure: FTP over SSL
11
Q
SFTP
A
SSH file transfer protocol
12
Q
LDAP
A
Lightweight Directory Access Protocol: Protocol for reading and writing directories over an IP network
13
Q
SASL
A
Simple authentication and security layer
14
Q
SSH
A
Secure Shell: encrypted terminal communication replaces telnet and FTP
15
Q
DNS
A
Domain Name System: Easy to poison a DNS
16
Q
SNMPv3
A
Simple network management protocol version 3: Has encrypted data, verifies the source
17
Q
DHCP
A
Dynamic Host configuration protocol: This assigns IP addresses to the devices on the network, no secure version of this
18
Q
NAT
A
Network Address Translation
19
Q
Stateless Firewall
A
Not secure! Does not keep track of traffic flows, each packet is individually examined, this needs two separate rules, one for outside to inside and another from inside to outside
20
Q
Stateful Firewall
A
Much more secure! They remember the state of the session, only need a single rule. everything within a valid flow is allowed
21
Q
UTM
A
Unified threat management device: Web security gateway, spam filter, malware inspection etc.
22
Q
NGFW
A
Next generation firewall: Every packet must be analyzed and categorized before a security decision is made
23
Q
WAF
A
Web application firewall: Applies rules to HTTP/HTTPS conversations This is used with the PCI DSS (payment card industry data security standard)
24
Q
Passive footprinting
A
Gather information that will not be seen by the victim. Needs to happen over open source. Can do this through social media, web site etc.
25
Wardriving/warflying
Combine wifi monitoring and a GPS, search from a car, plane or drone.
26
Active footprinting
Actively sending info into the network to gain more information. ping scans, port scans etc.
27
Malicious actor
a person you are trying to protect your data from
28
APT
Advanced persistent threat
29
Nation State
These are governments, commonly an APT
30
hacktivist
often associated to a social or political agenda, specific hacks, no financial gain
31
organized crime
motivated by money, very sophisticated
32
Order of volatility
How long does data stick around: Most volatile - Least: CPU, Memory, temporary file systems, Disk, Remote logging, Network topology, archive media
33
RAM
Random access memory: Changes constantly, memory dump; grab everything in the RAM
34
Swap
An area of the storage device to store RAM when memory is depleted
35
snapshot
original image is the full backup, each snapshot is incremented from the last
36
cache
A temporary storage area and is designed to speed up performance of an OS
37
Embedded systems
hardware and software designed for a specific function
38
SoC
System on a chip: multiple components running on a single chip, difficult to upgrade hardware
39
FPGA
Field programmable gate array: An integrated circuit that can be configured after manufacturing, common on routers and firewalls
40
SCADA/ICS
Supervisory control and data acquisition system: Large scale, multi site industrial control system. Often found within manufacturing, not connected to the internet
41
VOIP
Voice over internet protocol: Each device is a computer
42
MFD
Multifunction devices: everything you need in one single device (example a printer)
43
RTOS
Real time operating system: designed to work on a specific schedule, no time to wait for other processes (example automobiles) no security in place usually
44
CIS
Center for internet security: Used to Design to improve the security posture in your organization and has 20 different controls
45
NIST CSF
Cybersecurity framework: Used for commercial cyber framework. 1. Framework core, framework implemetation tiers and framework profile
46
ISO/IEC 27001
Standard for information security management systems
47
ISO/IEC 27002
Code of practice for security controls
48
ISO/IEC 27701
Privacy information management systems
49
ISO 31000
International standards for risk management practices
50
SSAE SOC 2 Type I/II
These are for the auditing of accounting. SOC2 is the audit documentation
51
Type I audit
Tests controls in place at a particular time
52
Type II audit
Tests controls over a period of at least six months
53
CSA
Cloud security alliance: not for profit organization for cloud security controls
54
CCM
Cloud control matrix: Cloud specific security controls
55
PII
Personally identifiable information: Credit card info, social security numbers etc
56
Containment
Every application is running on its own sandbox and is running independently
57
SOAR
Security orchestration, automation and response: Integrate third party tools and data sources
58
runbooks
Linear checklist of steps to perform step by step approach to automation
59
playbook
Conditional steps to follow, a broad process lots of steps in one
60
Federation
Allow someone to authenticate to your network using credentials that are stored by a third party.
61
Attestation
This proves the hardware is really yours.
62
SMS
Short message service: Login can be sent via SMS to a phone number to provide username and password
63
TOTP
Time based one time password algorithm: The random number for login will be available for a certain amount of time and then after that time the number will change.
64
HOTP
HMAC based one time password algorithm: A number you would use one time to authenticate and never use that number again.
65
EAP
Extensible authentication protocol: A standard framework for authentication usually integrates with 802.1x
66
802.1x
Port based network access control used with RADIUS, LDAP etc.
67
Supplicant
This is the client that is connecting to the network
68
Authenticator
This is the device that provides access to the network
69
Authentication Server
this validates the username and password
70
EAP-FAST
EAP flexible authentication via secure tunneling: Authentication server and supplicant are able to transfer info over a secure tunnel
71
PAC
Protected access credential: Supplicant receives the shared secret
72
PEAP
Protected extensible authentication protocol: This uses TLS tunnel to share information using a digital certificate and is only on the server.
73
MSCHAPv2
Microsoft challenge handshake authentication protocol
74
GTC
Generic token card
75
EAP-TLS
Transport Layer Security: Strong security, requires digital certificates on all devices. TLS tunnel is built after the certificates are done
76
EAP-TTLS
Tunneled transport layer security: can tunnel other protocols within a TLS tunnel. Only needs a single digital certificate
77
RADIUS Federation
Members of one organization can authenticate to the network of another organization, uses 802.1x to authenticate
78
CASB
Cloud access security broker: Help enforce security policies that were already created. Operates on; visibility, compliance, threat prevention and data security
79
Application configurations
This is the most common security concern with the cloud
80
SWG
Next-Gen secure web gateway: Provides security with all users across all devices in any location. Can allow or deny certain activities
81
non-credentialed scan
The scanner cannot login to the remote device
82
CVE
Common vulnerabilities and exposures
83
CVSS
Common vulnerability scoring system
84
nmap
This is a port scanner to see open and closed ports
85
FDE
Full Disk encryption: Encrypt everything on the drive
86
SED
Self encrypting drive: Hardware based full disk encryption, no OS software needed
87
MAC
Mandatory Access Control: Requires you to have separate security clearance levels and assign documents and users to those clearances
88
DAC
Discretionary access control: You create an object and you assign rights and permissions to it
89
RBAC
Role Based Access Control: You have rights and permissions based on the role you have
90
ABAC
Attribute Based access control: Access may be granted based on many different criteria
91
Rule Based Access control
The System admin makes the rules for all the users.
92
PAM
Privileged access management: A centralized way to manage access for admins
93
Traceroute
A tool to determine the route a packet takes to a destination. Windows use ICMP echo requests. Linux allows you to specify the protocol used
94
nslookup
This is a tool to determine the ip addresses on the network
95
dig
domain information groper: More advanced version of nslookup
96
ipconfig
This will determine the ip configuration of devices
97
pathping
combines ping and traceroute, will run a traceroute to an ip address to determine what routes may be between your device and the device your pinging.
98
netstat
showing us what ip addresses are communicating to our device and what ip addresses our device is connecting to.
99
arp
address resolution protocol: determines mac addresses based on the current ip address
100
COPE
Corporate owned, personally enabled: Used as both a corporate and personal device, everything is controlled by the organization
101
VDI/VMI
Virtual desktop infrastructure: The apps are separated from the mobile device, the data is separated
102
Preventive control
examples are locks and security guards
103
Detective control
identifies the intrusion but does not stop it
104
Corrective control
similar to an IPS
105
RADIUS
Remote authentication dial in service: This is an authentication protocol
106
TACACS
Terminal access controller: Remote authentication protocol usually with CISCO
107
Kerboros
A type of authentication system that uses single sign on. the client and server authenticate, usually used with microsoft
108
VPN Concentrator
the device that encrypts data and sending it out on the network and then decrypting anything it receives
109
HTML5 VPNs
Hypertext markup language version 5 supports API interfaces and web cryptography
110
Full tunnel
everything that is being transmitted by the remote user is sent to the vpn concentrator on the other side and determines where that data goes
111
Split tunnel
some info from the user can go through the tunnel and other info does not have to go through the tunnel
112
L2TP
Layer 2 tunneling protocol: Site to site VPN's use this. These are commonly uses with IPsec networks
113
IPsec
Internet protocol security: Security for OSI layer 3, connecting site to site communication uses this. Commonly used for the internet.
114
Tunnel mode
this will protect the ip info and the data. both are encrypted with ipsec
115
AH
authentication header: Hash of the packet and a shared key and SHA-2 is commonly used
116
ESP
Encapsulation security payload: Most ipsec uses this, this encrypts and authenticates the tunneling data using SHA-2 and AES for encryption
117
Jump server
Allows us to access internal devices by a private connection on the inside.
118
HSM
Hardware security module: A server to manage and control keys within your environment.
119
ARO
Annual rate of occurrence: Describes the likelyhood of an event occuring
120
SLE
Single loss expectancy: How much money will we loose for an event occuring
121
ALE
Annualized loss expectancy: ARO x SLE
122
Transit gateway
This is essentially a router within the cloud where all the virtual private clouds can connect to.
123
elasticity
the process of providing resources when demand increases and
scaling down when the demand is low.
124
jump server
jump server is a highly secured device commonly used to access secure
areas of another network.
125
UPS
Uninterruptable power supply: can provide backup power
when the main power source is unavailable
126
Incident Response
PICERL: Preperation, identification, containment, eradication, recovery and lessons learned
127
Key Escrow
Safely storing private keys
