Untitled Deck Flashcards
(258 cards)
1
Q
What are Preventive Controls?
A
Objective: Prevent security incidents from occurring. Examples: Firewalls, Access control mechanisms (e.g., passwords, biometrics), Intrusion prevention systems (IPS), Security policies and procedures.
2
Q
What are Deterrent Controls?
A
Objective: Discourage potential attackers from attempting to compromise a system. Examples: Warning signs, Security awareness training, Visible security measures (e.g., security guards, CCTV).
3
Q
What are Detective Controls?
A
Objective: Detect and alert on security incidents as they occur. Examples: Intrusion detection systems (IDS), Security information and event management (SIEM) systems, Audit logs and monitoring, Surveillance cameras.
4
Q
What are Corrective Controls?
A
Objective: Correct and mitigate the impact of security incidents. Examples: Antivirus and anti-malware software, Backup and recovery procedures, Patch management systems, Incident response plans.
5
Q
What are Compensating Controls?
A
Compensating controls are security measures implemented to provide an alternative method of protecting assets when standard controls are not feasible. Examples: Temporary access restrictions, Alternative authentication mechanisms, Additional monitoring when primary controls are down.
6
Q
What are Directive Controls?
A
Objective: Specify acceptable practices and expected behavior. Examples: Security policies and guidelines, Employee handbooks, Standard operating procedures (SOPs), Codes of conduct.
7
Q
What are the Five Core principles of Information Security (CIANA)?
A
Confidentiality, Integrity, Availability, Non-Repudiation, Authentication.
8
Q
What are the Gap Analysis Steps?
A
Define the scope, Gather data about the current infrastructure, Analyze the data and identify the gaps, Develop a plan to bridge the gap.
9
Q
What is a Honeypot?
A
A honeypot is a decoy system or resource designed to attract and deceive attackers. It appears to be a legitimate part of the network but is isolated and monitored to gather information about attackers’ tactics, techniques, and motives.
10
Q
What is a Honeynet?
A
A honeynet is a network of honeypots that are interconnected to simulate a larger and more realistic environment for attracting and monitoring attackers. It allows organizations to capture and analyze broader attack patterns and behaviors.
11
Q
What is a Honeyfile?
A
A honeyfile is a file or document that is intentionally created and placed in a network to act as bait for attackers. It contains seemingly valuable information that, if accessed or modified, triggers alerts and provides insights into unauthorized access attempts.
12
Q
What is a Honeytoken?
A
A honeytoken is a piece of data or credential that is intentionally placed within an information system to serve as a decoy or indicator of unauthorized access. If a honeytoken is accessed or used, it alerts security teams to potential security breaches.
13
Q
What is Non-Repudiation?
A
A security principle ensuring that a party in a communication cannot deny the authenticity of their signature on a document or the sending of a message that they originated. This is typically achieved through the use of cryptographic methods, such as digital signatures and public key infrastructure (PKI).
14
Q
What are the five factors of Authentication?
A
Knowledge Factor: Something You Know, Possession Factor: Something You Have, Inherence Factor: Something You Are, Behavioral Biometrics: Something You Do, Location Factor: Somewhere You Are.
15
Q
What does PTZ stand for?
A
Pan-Tilt-Zoom.
16
Q
What is FRR?
A
False Rejection Rate - How often a biometric system fails to allow a user access who should have had access.
17
Q
What is a Chiper Lock?
A
A Mechanical locking mechanism that uses a mechanical keypad for entry.
18
Q
What is an Infrared Sensor?
A
IR sensors can be either active or passive. Active IR sensors emit infrared light and measure the reflection, while passive IR sensors detect the infrared light naturally emitted by objects. Used in: Motion Detection, Remote Controls, Thermal Cameras, Temperature sensors.
19
Q
What is a Microwave Sensor?
A
A microwave sensor uses microwave radar to detect objects and motion. These sensors emit microwaves and measure the time it takes for the waves to be reflected back after hitting an object. Used in: Automatic Doors, Speed Radars, Occupancy Sensing, Motion sensors.
20
Q
What is an Ultrasonic Sensor?
A
An ultrasonic sensor uses ultrasonic sound waves to detect objects and measure distances. The sensor emits sound waves at a high frequency and measures the time it takes for the echo to return after hitting an object. Used in: Parking Assistance, Robotics, Industrial Automation.
21
Q
What is Shadow IT?
A
A type of threat actor that creates internal threats involving the use of systems, devices, software, applications, and services that are used within an organization without explicit approval or knowledge of the organization’s IT department.
22
Q
What are the four Security Controls?
A
Detective, Compensating, Directive, Corrective.
23
Q
What is Social Proof?
A
A psychological and social phenomenon where individuals copy the actions of others in an attempt to reflect correct behavior for a given situation. This concept is often exploited in social engineering attacks.
24
Q
What is Typosquatting?
A
‘Typosquatting’ is a form of cyber-attack where malicious actors register domain names that are similar to legitimate websites, often differing by a small typo or misspelling. Example: Real: Facebook.com | Fake: Facebo0k.com.
25
What is a Watering Hole Attack?
A 'watering hole attack' is a type of cyber-attack in which attackers compromise a specific website or set of websites that are frequently visited by a particular group, organization, or industry. The goal is to infect the visitors of these sites with malware.
26
What is Phishing?
Phishing is a cyber-attack where attackers send fraudulent emails or messages pretending to be from reputable sources to trick individuals into revealing sensitive information, such as usernames, passwords, and credit card details.
27
What is Spear Phishing?
Spear phishing is a targeted phishing attack aimed at a specific individual or organization. Attackers gather personal information about their target to craft a highly personalized and convincing email or message to deceive them into revealing sensitive information.
28
What is Whaling?
Whaling is a type of phishing attack that targets high-profile individuals, such as executives or senior management, within an organization. The attacker impersonates a trusted entity to deceive the target into divulging sensitive information or authorizing significant financial transactions.
29
What is Vishing?
Vishing, or voice phishing, involves attackers using phone calls to impersonate legitimate organizations or individuals to trick victims into providing personal information, such as credit card numbers or social security numbers.
30
What is Smishing?
Smishing, or SMS phishing, involves attackers sending fraudulent text messages that appear to come from reputable sources. These messages often contain links or phone numbers that lead to phishing websites or prompt the victim to provide personal information.
31
What is Business Email Compromise (BEC)?
Business Email Compromise (BEC) is a sophisticated phishing attack where attackers spoof or compromise a legitimate business email account to deceive employees, partners, or customers into transferring money or sensitive information. BEC often targets employees with access to company finances or valuable data.
32
What is an Invoice Scam?
A type of social engineering attack where cybercriminals send fraudulent invoices to a business or individual, hoping to trick the recipient into making a payment to the attacker's account.
33
What is Baiting?
'Baiting' is a type of social engineering attack where an attacker entices a victim with a lure, such as a seemingly harmless or appealing object, to trick them into compromising their security.
34
What is Piggybacking?
Piggybacking occurs when an unauthorized person convinces an authorized person to allow them access into the facility.
35
What is Diversion Theft?
Diversion Theft is a tactic used by criminals to distract or divert attention away from a target in order to carry out a theft or other criminal activity.
36
What is a Threat Vector?
A threat vector is the method or avenue by which a threat actor gains access to a target system or network in order to execute an attack.
37
What is an Attack Vector?
An attack vector is the specific technical method or process used by a threat actor to exploit a vulnerability or execute an attack once they have gained access via a threat vector.
38
What is a Boot Sector Virus?
A type of virus that infects the master boot record (MBR) of a hard drive, loaded into memory upon booting to take control of the computer before the operating system is loaded.
39
What is a Macro Virus?
A virus written in the same macro language used for software applications, typically embedded in documents and executed when the document is opened.
40
What is a Program Virus?
A virus that infects executable programs or applications, executing virus code when infected programs run.
41
What is a Multipartite Virus?
A sophisticated virus that can infect multiple parts of a system, making it challenging to remove.
42
What is an Encrypted Virus?
A virus that uses encryption to hide its code from antivirus software, decrypting itself when executed to perform malicious activities.
43
What is a Polymorphic Virus?
Complex file infectors that can create modified versions of itself to avoid detection yet retain the same basic routines after every infection.
44
What is a Metamorphic Virus?
A highly sophisticated virus that can change its own code by translating, editing, and rewriting it.
45
What is Armored Protection?
Techniques used by malware to shield itself from detection and analysis by security researchers and antivirus software.
46
What is Malware?
Any software intentionally designed to cause damage, disrupt operations, steal data, or harm the functionality, security, or privacy of computer systems, networks, or devices.
47
What is a Worm?
A type of standalone malware that replicates itself to spread to other computers without needing to attach to an existing program or file.
48
What is a Trojan?
A type of malware that disguises itself as legitimate software to deceive users into installing it for executing malicious activities.
49
What is a RAT?
A Remote Access Trojan that allows an attacker to gain unauthorized remote access and control over a compromised computer.
50
What is a Botnet?
A network of compromised computers controlled by an attacker to carry out malicious activities.
51
What is a Command and Control (C&C or C2) node?
A server or infrastructure used by attackers to maintain communication and control over compromised systems within a botnet.
52
What is a Rootkit?
A program or a collection of malicious software tools that give a threat actor remote access to and control over a computer or other system.
53
What is a DLL?
Dynamic Link Library is a file in Microsoft Windows containing code and data for use by multiple programs simultaneously to promote code reuse and modularization.
54
What is DLL Injection?
A technique used to insert a malicious Dynamic Link Library (DLL) into the address space of another process to execute arbitrary code within the context of a legitimate application.
55
What is Kernel Mode?
Also known as Supervisor Mode or Ring 0, refers to a privileged mode of execution where the operating system's kernel has unrestricted access to the hardware and system resources.
56
What is a Logic Bomb?
A type of malicious code or software program intentionally inserted into a system to execute a harmful action when certain conditions are met.
57
What is a Keylogger?
A type of malicious software or hardware device designed to record and monitor every keystroke made by a user on a computer or mobile device.
58
What is Impossible Travel?
An activity where a user's account shows login attempts from geographically impossible locations within a short period of time.
59
What is Fileless Malware?
A type of malicious code that operates in a computer's memory, usually in RAM, instead of on the hard drive and utilities such as PowerShell, Windows Management Instrumentation (WMI).
60
What are the classification levels from highest to lowest for the government?
1. Top Secret 2. Secret 3. Confidential 4. Sensitive but Unclassified 5. Unclassified.
61
What technologies would you use to secure data in transit?
IPsec, SSL, TLS.
62
What is PII?
Personally Identifiable Information, a type of regulated data.
63
What is PHI?
Protected Health Information, a type of regulated data.
64
What is PCI?
Payment Card Information, a type of regulated data.
65
What is IP?
Intellectual Property, a type of regulated data.
66
What is Financial Data?
A type of regulated data.
67
What is HIPPA?
Regulation protecting PHI - Protected Health Information.
68
What is GDPR?
General Data Protection Regulation, a comprehensive data protection law enacted by the European Union (EU).
69
What is DLP?
Data Loss Prevention, a set of tools and processes used to ensure that sensitive data is not lost, misused, or accessed by unauthorized users.
70
What is PCI DSS?
Payment Card Industry Data Security Standard, a security standard created by the Payment Card Industry Security Standards Council (PCI SSC).
71
What is Network DLP?
Software or hardware that's placed at the perimeter of a network to detect data in transit and alert the network admin based on conditions set.
72
What is a Cloud Based DLP System?
Secures data stored in and transmitted through cloud services.
73
What is Storage DLP?
Installed on servers and storage systems, such as file servers, databases, and network-attached storage (NAS) devices. To protect data at rest.
74
What is a Data Owner?
Data owners are responsible for the classification, protection, use, and quality of one or more data sets.
75
What is a Data Controller?
Manages the purpose and means by which data is processed.
76
What is a Data Processor?
Works under the data controller to assist in tasks like collecting, storing, or analyzing data. Processes the data on behalf of the data controller.
77
What is a Data Custodian?
Responsible for data accuracy, privacy, security, and compliance. (System admin).
78
What is Symmetric Encryption?
Uses a single key for both encryption and decryption of data. The same key must be securely shared and kept secret between the communicating parties. This method is efficient and faster than asymmetric encryption.
79
What is Asymmetric Encryption?
Uses a pair of keys: a public key and a private key. The public key is used to encrypt the data, while the private key is used to decrypt it. The public key can be shared openly, but the private key must be kept secure.
80
What is a Block Cipher?
An encryption algorithm that divides plaintext into fixed-size blocks, typically 64 or 128 bits, and then encrypts each block individually. The same key is used to encrypt and decrypt each block.
81
What is a Stream Cipher?
An encryption algorithm that encrypts plaintext one bit or byte at a time using a keystream. Unlike block ciphers, which process fixed-size blocks of data, stream ciphers encrypt data continuously, which can provide faster encryption for real-time communications.
82
What is a Digital Signature?
A cryptographic mechanism used to verify the authenticity and integrity of digital messages or documents. It provides assurance that the message or document was created by a known sender (authentication) and has not been altered since it was signed (integrity).
83
What is DH (Diffie-Hellman)?
Diffie Hellman - Asymmetric algorithm commonly used for key exchange inside of VPN tunnels.
84
What are Hashing Algorithms?
MD5 (Message Digest Algorithm 5), SHA-1 (Secure Hash Algorithm 1), SHA-256 (Secure Hash Algorithm 256), SHA-3 (Secure Hash Algorithm 3), RIPEMD (RACE Integrity Primitives Evaluation Message Digest).
85
What is PtH?
Pass the hash (PtH) is a hacking technique used to authenticate to a remote server or service by using the hashed credentials (password hash) instead of the plaintext password. This method bypasses the need to crack or obtain the actual password and can be used to gain unauthorized access to systems.
86
What is a Birthday Attack?
A type of cryptographic attack that exploits the mathematical probability of collisions in hash functions. It is named after the 'birthday paradox.'
87
What is Key Stretching?
A technique used in cryptography to enhance the security of passwords or cryptographic keys by increasing the time and computational effort required to derive the original plaintext from its hashed form. This process makes brute-force attacks and other password cracking techniques more difficult and time-consuming.
88
What is Salting?
A technique used in cryptography to strengthen the security of hashed passwords or other data by adding a random value (known as a salt) to the input before hashing. This random value ensures that even if two users have the same password, their hashed values will differ.
89
What is a Nonce?
Number used once is a cryptographic term referring to a random or semi-random number that is generated for a specific purpose, typically to ensure the freshness and uniqueness of data in cryptographic communications or protocols. Nonces are used to prevent replay attacks and to add randomness to cryptographic operations.
90
What are the Methods to Prevent Hash Related Attacks?
Key Stretching, Salting, Nonce.
91
What are the Hash Attack Methods?
Pass the Hash attack, Birthday Attack.
92
What are Digital Signature Algorithms?
DSS (Digital Signature Standard), RSA (Rivest-Shamir-Adleman), DSA (Digital Signature Algorithm).
93
What is Public Key Infrastructure (PKI)?
A framework of policies, procedures, and technologies used to manage digital certificates and public-key encryption. It provides a secure and reliable way to verify the authenticity of digital entities (such as users, devices, or servers) on a network.
94
What is a Certificate Authority (CA)?
A trusted entity responsible for issuing digital certificates that authenticate the identity of individuals, organizations, servers, or devices in a public key infrastructure (PKI).
95
What are Wildcard Certificates?
Secure a domain and all its subdomains using a single certificate. Example, a wildcard certificate issued for *.example.com would secure www.example.com, mail.example.com, etc.
96
What are SAN Certificates?
Multi-domain certificates secure multiple domains.
97
What is used to manage digital certificates and public-key encryption?
Public Key Infrastructure (PKI) is the framework used to manage digital certificates and public-key encryption. PKI provides the infrastructure for creating, distributing, managing, and revoking digital certificates. It relies on asymmetric cryptography, where a pair of keys (public and private) is used to secure data.
98
What are Wildcard Certificates?
Secure a domain and all its subdomains using a single certificate.
## Footnote
Example: A wildcard certificate issued for *.example.com would secure www.example.com, mail.example.com, etc.
99
What are SAN Certificates?
Multi-domain certificates secure multiple domain names within a single certificate. They are convenient for organizations managing multiple domains or subdomains.
100
What is a Registration Authority (RA)?
Acts as an intermediary between users (or entities) and a Certificate Authority (CA) in a PKI environment.
101
What is a Certificate Revocation List (CRL)?
A list of digital certificates that have been revoked before their scheduled expiration dates.
102
What is the Online Certificate Status Protocol (OCSP)?
An Internet protocol used to obtain the current status of a digital certificate in real-time.
103
What is Public Key Pinning (PKP)?
A security feature that helps prevent attackers from impersonating a server using fraudulent certificates issued by compromised or rogue certificate authorities.
104
What is a Trusted Platform Module (TPM)?
A specialized hardware component designed to provide a secure foundation for various security-related functions in computing devices.
105
What is a Hardware Security Module (HSM)?
A dedicated hardware device or appliance that provides secure storage, management, and use of cryptographic keys and sensitive data.
106
What is Steganography?
The practice of concealing a message, file, image, or video within another message, file, image, or video.
107
What is a Downgrade Attack?
A type of cyber-attack where an attacker deliberately forces a system to use older or less secure versions of itself, weakening its security posture.
108
What is an Ad hoc Risk Assessment?
Conducted on an as-needed basis typically in response to an event that has the potential to introduce new risk and may be repeated.
109
What is a Recurring Risk Assessment?
Risk assessments occurring on a regular basis.
110
What is a One Time Risk Assessment?
Conducted one time for a specific purpose but is never repeated.
111
What is a Continuous Risk Assessment?
Ongoing monitoring and evaluation of risk.
112
What does MTBF stand for?
Mean Time Between Failures: The average time between failures of a system or component during operation.
113
What does RPO stand for?
Recovery Point Objective: The maximum acceptable amount of data loss measured in time.
114
What does RTO stand for?
Recovery Time Objective: The maximum acceptable amount of time to restore a system or process after a disaster or failure.
115
What does MTTR stand for?
Mean Time to Repair: The average time required to repair a system or component and return it to operational status.
116
What is a Risk Register (aka Risk Log)?
A document detailing identified risks including their description, impact, likelihood, and mitigation strategies.
117
What is Risk Tolerance?
The maximum amount of risk an organization is willing to take on.
118
What is Risk Appetite?
An organization's willingness to retain or embrace a certain level of risk to further their goals.
119
What is Qualitative Risk Analysis?
A method of assessing risk based on potential impact and likelihood without assigning a numerical value.
120
What is Quantitative Risk Analysis?
Method of evaluating risk using numerical measurements.
121
What is Exposure Factor (EF)?
Proportion of an asset lost in an event measured as a percentage.
122
What is Single Loss Expectancy (SLE)?
Monetary value expected to be lost in a single event.
## Footnote
Formula: $Asset Value * Exposure Factor% = SLE.
123
What is Annualized Rate of Occurrence (ARO)?
Estimated frequency of a threat occurring over a year.
124
What is Annualized Loss Expectancy (ALE)?
Expected annual loss from a risk.
## Footnote
Formula: SLE * ARO = ALE.
125
Name the 3 types of Risk Appetites.
1. High-Risk
2. Neutral
3. Low-Risk
126
What is Residual Risk?
Level of risk that remains after all risk mitigation efforts have been implemented.
127
What is Risk Reporting?
Communicating information about risk management activities.
128
What is a Service Level Agreement (SLA)?
Standard of service a client can expect from a provider.
129
What is a Memorandum of Agreement (MOA)?
Formal document outlining specific responsibilities and roles of involved parties.
130
What is a Memorandum of Understanding (MOU)?
Outlines a mutual agreement on project goals, often the first step toward collaboration.
131
What is a Master Service Agreement (MSA)?
Blanket agreement covering general terms of engagement between parties across multiple transactions.
132
What is a Statement of Work (SOW)?
Specifies the details of the work to be done.
133
What is a Business Partnership Agreement (BPA)?
Agreement made when two entities pool resources for mutual effort.
134
What is an Acceptable Use Policy (AUP)?
Outlines rules and guidelines for appropriate use of an organization's information systems, network, and resources.
135
What is the Software Development Life Cycle (SDLC)?
Structured process for developing software applications ensuring quality, meeting user requirements, and delivered within time and cost estimates.
136
What is a Centralized Governance Structure?
Decision-making authority and control concentrated at top management levels.
137
What is a Decentralized Governance Structure?
Decision-making authority distributed among various levels and departments within the organization.
138
What is Discretionary Access Control (DAC)?
Allows the owner of a resource to determine access.
139
What is Mandatory Access Control (MAC)?
Regulates access based on organization-set policies without user alteration.
140
What is Role-Based Access Control (RBAC)?
Assigns permissions based on user roles within an organization.
141
What is Zero Trust?
Assumes threats can exist inside and outside the network, requiring authentication for all entities.
142
What is the Data Plane?
Responsible for forwarding and processing traffic in a network.
143
What is the Control Plane?
Manages data plane actions, defines policies and rules like routing tables and session tables.
144
What is Adaptive Identity?
Authentication method adjusting based on factors like location, behavior, and context.
145
What is Threat Scope Reduction?
Decreasing the number of possible entry points into a network.
146
What are Security Zones?
Network segments isolated based on required security levels.
147
What is a Policy Enforcement Point?
Network component enforcing security policies by allowing or blocking traffic based on predefined rules.
148
What is a Policy Decision Point?
A network component that makes authorization decisions based on predefined policies.
149
What is a Policy Administrator?
A role responsible for developing, implementing, and maintaining cybersecurity policies, standards, guidelines, and procedures within an organization.
150
What is Version Control?
Tracks changes to files, systems, or configurations over time, enabling users to revert to previous states and manage modifications.
151
What is Out of Bounds Write?
A software vulnerability where a program writes data beyond allocated memory bounds.
152
What is SQL Injection?
A security vulnerability allowing attackers to execute malicious SQL statements by manipulating input data.
153
What is Cross-Site Scripting (XSS)?
An attack injecting malicious scripts into web pages to execute in the victim's browser.
154
What is Directory Traversal?
A vulnerability enabling access to files outside a web server's root directory by accepting unsanitized user input.
155
What is Side loading?
Downloading applications bypassing official channels like app stores.
156
What is Session Jacking?
An attack where an intruder gains access to a session ID to authenticate as the victim.
157
How can you prevent Session Jacking?
Prevention Methods: Encryption, Salting.
158
What is Corporate Owned, Personally Enabled (COPE)?
A mobile device management strategy where an organization owns devices used by employees.
159
What is Choose Your Own Device (CYOD)?
A policy allowing employees to select approved devices for work purposes.
160
What is Mobile Device Management (MDM)?
Software for managing, securing, and monitoring mobile devices.
161
What is Bring Your Own Device (BYOD)?
A policy permitting employees to use personal devices within an organization.
162
What is Impact Analysis?
A structured approach evaluating the effects of changes, decisions, or events within an organization or system.
163
What is a Backout Plan?
Predefined procedures to reverse changes made during planned activities.
164
What is a Change Advisory Board?
A formal group within an organization responsible for evaluating, prioritizing, approving, and overseeing changes to IT infrastructure, systems, applications, and services.
165
What is Cryptographic Erasure?
Encrypting the data on the storage media and then securely deleting the encryption key.
166
What is Degaussing?
Erasing data by exposing storage media to a strong magnetic field.
167
What is Attestation?
Provides an opinion of a company's security positioning.
168
What is Passive Reconnaissance?
Gathering information about an organization without network interaction.
169
What is Active Reconnaissance?
Actively probing a target network to gather information.
170
List all the classification levels from highest to lowest for Commercial Business.
1. Critical Data
2. Confidential Data
3. Private Data
4. Sensitive Data
5. Public Data
171
What is a Known Environment?
An environment where detailed information about network architecture, systems, and security measures is available to pen-testers.
172
What is a Partially Known Environment?
An environment where some information is available to pen-testers, but gaps exist in understanding.
173
What is Kerberos?
An authentication protocol using tickets to prevent eavesdropping and replay attacks.
174
What is SAML?
An XML-based standard for exchanging authentication and authorization data, focusing on Single Sign-On.
175
What is CVE?
CVE's offer a standardized way to share vulnerability data.
176
What does Sophistication refer to?
The intricacy and advancement of a threat actor's tactics, techniques, and procedures.
177
What does Capability pertain to?
A threat actor's ability to devise new exploits and tools.
178
What is Resource Reuse?
A vulnerability exploiting shared CPU resources to access or modify data between virtual machines.
179
What is Time-of-check (TOC)?
A race condition that occurs when a process checks the state or value of a resource before using it.
180
What is Alerting?
Provides real-time notifications of security incidents and potential threats.
181
What is Virtualization?
Technology creating isolated environments on a single physical device for resource optimization and security.
182
What is Package Monitoring (Vulnerability Management)?
Tracking software package versions and security patches to identify vulnerabilities.
183
What is an Audit Committee?
Internal committee overseeing an organization's internal controls, financial reporting, and compliance processes.
184
What is Homomorphic Encryption?
Allows data to be processed without being decrypted, effectively securing data-in-use.
185
What is SASE?
Secure Access Service Edge: combines network security and WAN capabilities in a cloud-based service.
186
What is Tokenization?
The process of substituting a sensitive data element with a non-sensitive equivalent, referred to as a token.
187
What does TCO stand for?
Total Cost of Ownership includes the initial purchase price of the tool and any ongoing expenses over its lifecycle.
188
What are the three data states?
Data at rest, Data in transit, Data in use.
189
What are Symmetric Encryption Algorithms?
Advanced Encryption Standard (AES), Data Encryption Standard (DES), Triple DES (3DES), Blowfish, RC Cipher Suite.
190
What are Asymmetric Encryption Algorithms?
RSA (Rivest-Shamir-Adleman), ECC (Elliptic Curve Cryptography), DSA (Digital Signature Algorithm).
191
What is the format for a CVE identifier?
Year - ID
## Footnote
Example: 2022-12345.
192
What is Risk Identification?
The process of pinpointing potential threats and vulnerabilities that could harm an organization's information systems and data.
193
What is Federation?
A process that allows for the conveyance of identity and authentication information across a set of networked systems.
194
What is Likelihood in qualitative risk analysis?
Subjectively describes how probable a risk event is, often expressed in terms such as 'low,' 'medium,' or 'high.'
195
What is Journaling?
Writes data to a temporary journal before writing the information to the database.
196
What is End-of-life vulnerability?
Refers to hardware that is no longer supported by the manufacturer, often leading to unpatched and exploitable vulnerabilities.
197
Define S/MIME.
Secure Multipart Internet Message Extensions Leverages email certificates to both sign and encrypt email content.
198
What is a Horizontal password attack?
An attacker targets multiple accounts by trying a few common passwords across them.
199
What is enumeration in the context of hardware, software, and data asset management?
Refers to the practice of assigning unique identifiers, access controls, and attributes to each asset.
200
Define SCAP.
The Security Content Automation Protocol is a method for using specific standards to enable automated vulnerability management.
201
What is the Common Vulnerability Scoring System (CVSS)?
A free and open industry standard for assessing the severity of computer system security vulnerabilities.
202
What is a Workforce multiplier?
The ability to scale and amplify the effectiveness of the security team by combining the efforts of human professionals with automation.
203
What is the Computer Security Act (1987)?
An act that specifically requires federal agencies to develop policies to secure computer systems that process sensitive or confidential information.
204
What is E-discovery?
An essential component of incident response and primarily relates to the collection and handling of electronic data.
205
Is RSA asymmetric, symmetric, or hashing?
RSA (Rivest-Shamir-Adleman) is Asymmetric.
206
Is AES asymmetric, symmetric, or hashing?
AES (Advanced Encryption Standard) is Symmetric.
207
Is ECC asymmetric, symmetric, or hashing?
ECC (Elliptic Curve Cryptography) is Asymmetric.
208
Is DSA asymmetric, symmetric, or hashing?
DSA (Digital Signature Algorithm) is Asymmetric.
209
Is DES asymmetric, symmetric, or hashing?
DES (Data Encryption Standard) is Symmetric.
210
Is 3DES asymmetric, symmetric, or hashing?
3DES (Triple DES) is Symmetric.
211
Is MD5 asymmetric, symmetric, or hashing?
MD5 (Message Digest Algorithm 5) is used for hashing.
212
Are SHA-1, SHA-256, SHA-3 asymmetric, symmetric, or hashing?
SHA (Secure Hash Algorithm) 1, 3, and 256 are used for hashing.
213
Is RIPEMD asymmetric, symmetric, or hashing?
RIPEMD (RACE Integrity Primitives Evaluation Message Digest) is used for hashing.
214
What is Orchestration?
Involves automating the coordination and management of complex processes and tasks.
215
What is a Jump Server?
Server that acts as an intermediary between external networks and internal resources.
216
What is a Disaster Recovery Plan (DRP)?
A plan for recovery after a disaster.
217
What is Chain of custody?
The process of maintaining and documenting the handling of evidence.
218
What is a Serverless framework?
Allows developers to build and run applications without managing servers.
219
What is Threat hunting?
Involves proactively searching for signs of malicious activity within a network or system.
220
What is Tuning?
The process of adjusting alerting thresholds or rules in security systems.
221
What is CVSS?
CVSS provides a standardized way to assign scores to vulnerabilities.
222
What is Geographic dispersion?
Involves placing servers or data centers in different locations.
223
What is a Buffer overflow?
An attacker sends more data to a buffer than it can handle.
224
Define IaC.
Infrastructure as code (IaC) allows for the automated deployment of resources.
225
What is Capacity planning?
Involves assessing the resources needed to maintain business operations.
226
What is a Bastion host?
Hardened server located on the perimeter network.
227
What is File Integrity Monitoring (FIM)?
Tools that monitor and detect changes to files and directories.
228
What is Resilience in Cloud Architecture?
The ability of the system to quickly recover from failures.
229
What is Availability?
Guaranteeing a system will continue to operate regardless of conditions.
230
What is Sender Policy Framework (SPF)?
An email authentication method that verifies that a mail server is authorized to send emails.
231
What is Containment?
The isolation and containment process prevents further damage.
232
What is File Integrity Monitoring (FIM)?
FIM tools monitor and detect changes to files and directories on systems. They generate alerts or notifications when unauthorized changes occur.
233
What does resilience refer to in cloud architecture?
In cloud architecture, resilience refers to the ability of the system to quickly recover from failures.
234
What does availability mean in a system context?
Availability refers to guaranteeing a system will continue to operate so that the system can be used regardless of conditions.
235
Define Sender Policy Framework (SPF).
SPF is an email authentication method that verifies that a mail server is authorized to send emails from a specific domain.
236
What is containment in cybersecurity?
The isolation and containment process prevents malware from spreading and allows the administrator to analyze the operation of the malware without putting any other devices at risk.
237
What is the eradication phase?
The eradication phase is associated with completely removing malware from a system, usually involving removing all data and installing or re-imaging with a known-good operating system.
238
What occurs during the preparation phase?
The preparation process occurs before a security incident is discovered and can include documentation of communication methods, compiling mitigation software, or gathering network and application documentation.
239
What is the recovery phase?
The recovery phase is associated with the recovery of a system after a security incident.
240
What is a secure enclave?
A secure enclave is a protected area for secret information, often implemented as a hardware processor in a device.
241
What are operational controls?
Controls implemented by people instead of systems.
## Footnote
Example: Security guards and awareness training.
242
What are managerial controls?
Administrative controls associated with security design and implementation.
## Footnote
Example: security policies and procedures.
243
What are physical controls?
Used to limit physical access.
## Footnote
Example: Badge readers, fences, bollards, etc.
244
What are technical controls?
Implemented using technical systems.
## Footnote
Example: Operating system controls, firewalls, etc.
245
Define Domain Keys Identified Mail (DKIM).
DKIM is a method of email authentication that helps prevent spammers and other malicious parties from impersonating a legitimate domain.
246
What does DMARC do?
DMARC tells mail servers what to do when DKIM or SPF fail, whether that is marking the failing emails as 'spam', delivering the emails anyway, or dropping the emails altogether.
247
What is a Certificate Authority (CA)?
A trusted entity that issues, signs, and revokes digital certificates that validate the identity of online assets, such as websites, email addresses, and companies.
248
What is a Certificate Signing Request (CSR)?
A CSR is a specially formatted encrypted message sent from a digital certificate applicant to a certificate authority (CA) to validate the information required to issue a certificate.
249
What is Open-Source Intelligence (OSINT)?
OSINT is a method of gathering and analyzing publicly available information to help inform decisions.
250
Define Security Information and Event Management (SIEM).
SIEM is a solution that helps organizations detect, analyze, and respond to security threats before they harm business operations.
251
What is a race condition?
A software bug that occurs when multiple tasks or processes are happening at the same time and the order of operations determines the correctness of the outcome.
252
What is a replay attack?
A network attack where an attacker intercepts and retransmits data that was previously exchanged between two parties.
253
What is out-of-band key exchange?
A way to exchange a private key between two or more parties outside of the internet and current communication channels.
254
CER
Crossover Error Rate -The CER is the point where the FAR crosses over with the FRR. A lower CER indicates that the biometric system is more accurate.
255
FRR
False Rejection Rate - identifies the percentage of times false
rejections occur
256
HOTP
HMAC-based One-Time Password - creates passwords that do not expire until they are used
257
RADIUS
Remote Authentication Dial-In User Service - a centralized networking protocol that authorizes and authenticates users who access a remote network
258
FAR
False Acceptance Rate - identifies the percentage
of times false acceptance occurs
