OSSTMM stands for
Open Source Security Testing Methodology Manual
OSSTMM has what structured stages
- Testing
- Analysis
- Measurement
Rav stands for?
Risk Assessment Value
What are the Primary Matrices of the MITRE ATT&CK Framework?
Enterprise Matrix
Mobile Matrix
Industrial COntrol System (ISC) Matrix
Key Components of the MITRE ATT&CK Framework are:
- Reconnaissance
- Resource development
- Initial access
- Execution
- Persistence
- Privilege esclation
- Defense evasion
- Credential access
- Discovery
- Lateral movement
- Collection
- Command and control
- Exfiltration
- Impact
What are the OWASP Top 10:
A01:2021 - Broken Access Control
A02:2021 - Cryptographic Failures
A03:2021 - Injection
A04:2021 - Insure Design
A05:2021 - Security Misconfiguration
A06:2021 - Vunerable and Outdates Components
A07:2021 - Identification and Authentication Failures
A08:2021 - Software and Data Integruity Failures
A09:2021 - Security Logging and Monitoring Failures
A10:2021 - Server-Side REquest Forgery (SSRF)
MASVS stand for
OWASP Mobile Application Security Verification Standard
The Purdue Model is part of what?
Purdue Enterprise Reference Architecture (PERA)
The Purdure Model protects what?
Operational Technologies (OT)
The Purdue Model divides the ICS architecture into how many zones?
6
What are the Purdue Model zones?
Level 4/5 - Enterprise
DMZ
Level 3 - Operation & Control
Level 2 - Control
Level 1 - Process
Level 0 - Process
CREST stands for
Council of Registered Ethical Security Testers
PTES stands for
Penetration Testing Execution Standard.
The steps in the PTES are:
- Pre-engagement interactions
- Threat modeling
- Intelligence gathering
- Vulnerability analysis
- Exploitation
- Post-exploitation
- Reporting
ISSAF stands for
Information System Security Assessment Framework
ISSAF is no longer supported, it has the following phases:
- Planning and Preparation
- Assessment
- Reporting, Clean up and destroy artifacts
DREAD Threat model Framework was made by Microsoft and stand for:
Damage Potential
Reproducibility
Exploitability
Affected users
Discoverability
STRIDE Threat Modeling Framework stands for
Spoofing
Tampering
Repudiation
Information disclosure
Denial of service
Elevation of privilege
STRIDE is used to for
Threat modeling
OCTAVE Threat Modeling Framework stand for:
Operationally critial threat asses and vulnerability evaluation
OCTAVE-S is for
small organisations
OCTAVE Allegro does what
simplifies the risk assessment process
OCTAVE Forte is a
highly adapatable variation
CVE Stands for
common vulnerabilities and exposures
-
Governance, Risk and Compliance23
-
Collaboration & Communication Activities7
-
Testing Frameworks & Methodologies26
-
Reporting and Remediation6
-
Reconnaissance & Enumeration13
-
Applying Enumeration Techniques12
-
Discovering & Analyzing Vulnerabilities13
-
Authentication Attacks14
-
Authentic attacks12
-
Wireless & Social Engineering Attacks18
-
Establishing Persistence29
-
Staging & Data Exfiltration13
-
LP - Exam Questions26
-
Nmap Commands21
-
CompTIA Mastery Course40
-
CompTIA Questions #237
-
THM - Course11
-
Post Exam Material84
-
Udemy Exams44
-
Udemy Videos83
-
Dion Training #242
