Updated - INFO 310 FINAL Flashcards
(215 cards)
1
Q
Protection of Assets, Prevention Detection, and Recovery
A
Goal of Cybersecurity
2
Q
confidentiality, Integrity, Availability.
A
CIA
3
Q
the concealment of information or resources
A
Confidentiality (CIA)
4
Q
the trustworthiness of data or resources
A
Integrity (CIA)
5
Q
the ability to use information or resources
A
Availability (CIA)
6
Q
Deception, Disruption, Disclosure, Usurpation
A
Categories of Threats
7
Q
The acceptance of false data
A
Deception (Category of threat)
8
Q
the interruption or prevention of correct operation
A
Disruption (Category of threat)
9
Q
The unauthorized access to information
A
Disclosure (Category of threat)
10
Q
the unauthorized control of some part of a system
A
Usurpation (Category of threat)
11
Q
the unauthorized interception of information, is a form of disclosure
A
Snooping or eavesdropping (Type of threat)
12
Q
an unauthorized change of information is a form of usurpation, deception, and disclosure.
A
Modification or alteration (Type of threat)
13
Q
an impersonation of one entity by another, is a form of both deception and usurpation.
A
Masquerading or spoofing (Type of threat)
14
Q
a false denial that an entity sent (or created) something, is a form of deception.
A
Repudiation of origin
15
Q
a false denial that an entity received some information or mes- sage, is a form of deception
A
Denial of receipt
16
Q
a temporary inhibition of a service, is a form of usurpation, al- though it can play a supporting role in deception.
A
Delay
17
Q
a long-term inhibition of service, is a form of usurpation often also used as a mechanism of deception.
A
Denial of service
18
Q
Asset, Threat, Vulnerability, Risk
A
The Core of Cybersecurity
19
Q
People, property, and information of value
A
Asset
20
Q
Anything that can exploit a vulnerability, intentionally or acciden- tally, and obtain, damage, or destroy an asset.
A
Threat
21
Q
Weaknesses or gaps in a security program that can be exploited by threats to gain unauthorized access to an asset.
A
Vulnerability
22
Q
The potential for loss, damage or destruction of an asset as a result of a threat exploiting a vulnerability.
A
Risk
23
Q
Asset + Threat + Vulnerability = Risk.
A
Formula for calculating risk
24
Q
Any cipher based on substitution, using multiple substitution alphabets.
A
Polyalphabetic Ciphers
25
message wrapped around a rod of a certain size then can be read.
Scytale Encryption
26
A method of encryption by which the positions held by units of plaintext [...] are shifted according to a regular system, so that the ciphertext constitutes a permutation of the plaintext.
Transposition Ciphers
27
The study of the frequency of letters or groups of letters in a ciphertext. The method is used as an aid to breaking classical ciphers.
Frequency Analysis
28
s the art or better yet, science, of skillfully maneuvering human beings to take action in some aspect of their lives.
Social Engineering
29
The practice of sending emails appearing to be from reputable sources with the goal of influencing or gaining personal information.
Phishing (SE)
30
The practice of eliciting information or attempting to influence action via the telephone, may include such tools as phone spoofing.
Vishing (SE)
31
The practice of pretexting as another person with the goal of obtaining information or access to a person, company, or computer system
Impersonation (SE)
32
· Ensures Authentication · Ensures Non-Repudiation · Ensures Confidentiality · Ensures Integrity
Properties of encryption
33
Uses a single key for both encryption and decryption
Secret Key Cryptography (SKC) (AKA Symmetric Encryption)
34
Uses one key for encryption and another for decryption
Public Key Cryptography (PKC) (AKA Asymmetric Encryption)
35
Uses a mathematical transformation to create a digital fingerprint or message digest
Hash Functions (AKA Checksum)
36
Physical, Link, Network, Transport, and Application
The Layers of the Internet Protocol Model
37
Wire, open air, optic fibers
Physical layer IPM
38
Ethernet, Wifi, 4G
Link layer IPM
39
Internet protocol, inter control ICMP (nter Control Messaging Protocol)
Network layer IPM
40
Transmission Control Protocol (TCP) User Datagram Protocol (UDP)
Transport Layer (IPM)
41
Email > Simple Mail Transfer Protocol (SMTP) - Websites
>
HyperText Transfer Protocol (HTTP) -
File Sharing
>
File Transfer Protocol (FTP)
>
Server Message Block (smb)
Application Layer IPM
42
public domain on the internet. Created by Internet Service Providers (ISP) to connect to other ISPs around the world. Creates the internet.
Public IP
43
private to a Local Area Network (LAN). They are assigned in a LAN by the Dynamic Host Configuration Protocol (DHCP).
Private IP
44
it is a unique identifier. It has two components: the network address and the host address. A subnet mask then sep- arates the IP address into network and host addresses.
Internet Protocol (IP) Address
45
the process of verifying that an individual, entity or website is who it claims to be. This in the context of web applications is commonly performed by submitting a username or ID and one or more items of private information that only a given user should know
Authentication
46
An attestation of identity, qualification, competence, or authority issued to an individual by a third party
Credential
47
sequence of network HTTP request and response transactions associated to the same user. [...] provide the ability to establish variables - such as access rights and localization settings - which will apply to each and every interaction a user has with the web application for the duration of the session.
Web Session
48
is almost exclusively in Javascript (JS) runs with an interpreter. Makes web pages come alive. Credential information is stored and sent from the client
Client side code
49
Server side services listen for a request and then respond to that request part of the N-tier application design
Server Side
50
Presentation, logic, data
N-Tier Application
51
Translates data in to something the user can understand
Presentation tier
52
Coordinates the application, processes commands makes logical decisions and evaluations and performs calculations. Provides communication between the presentation and data tier
Logic Tier
53
Information is stored and retrieved from a database, datastore or filesystem. Provides information back to the logic tier
Data Tier
54
does nothing except provide a pathway for the electrical signals to travel along
Hub
55
are the connectivity points of an Ethernet network that forward data only to the port that connects to the destination device. It does this by learning the MAC address of the devices attached to it, and then by matching the destination MAC address in the data it receives.
Switch
56
ill normally create, add, or divide on the Network Layer as they are normally IP-based devices.Receives a packet of data, it reads the header of the packet to define the destination address
Router
57
use the wireless infrastructure network mode to provide a connection point between WLANs and a wired Ethernet LAN.
Wireless Access Point
58
Encrypted Connection over the internet from a device to a network
Virtual Private Network (VPN)
59
A networking device, either hardware or software based, that controls access to your organization's network.
Firewall
60
implemented through software applications to monitor and control network traffic between a computer or a network of computers and the internet or other networks- Use network operating systems such as Linux/Unix, Windows Servers and Mac OS Servers
Software Firewalls
61
Dedicated network device Many routers and WAPs have this functionality built in
Hardware Firewalls
62
a 32-bit number that masks an IP address, and divides the IP address into network address and host address. network bits to all "1"s and setting host bits to all "0"s
Subnet Mask
63
allocates and manages IP addresses on the internet. is a set of Internet protocol (IP) standards that is used to create unique identifiers for networks and individual devices.
Classless inter-domain routing (CIDR)
64
A dictionary of CVE attempting to standardize across the industry
CVE - Common Vulnerabilities and Exposures
65
Maintain accurate inventory of assets Define and set stan- dards>Maintain awareness and detect new vulnerabilities>Reme- diate or mitigate identified vulnerabilities >Continuously monitor IT environment
Goals of Vulnerability Management Program (4)
66
Apply Patches -
Update configurations -
Deactivate unnecessary services and channels
Remediation
67
reducing, lessening, or minimizing the severity, impact, or likelihood of potential threats, risks, or vulnerabilities- Compensating Network Controls - Procedural or Physical Controls
Mitigation
68
tend to lack motivation and rely on script created by more ad- vanced hackers. They utilize easy to use software to do things such as port scanning. Blue hats are "vindictive " - these.
Script Kiddies
69
newbie hackers. Unlike script kiddies, these hackers have the drive to become a more advanced hacker
Green Hat
70
malicious hacker who hacks for personal gain, typically financial
Black Hat
71
Use their skills in order to help individuals, businesses and gov- ernment.
White Hat/Ethical Hackers
72
: shifts between ethical and non-ethical hacking practices
Grey Hat
73
Digital vigilantes working to right a perceived wrong in the world
Hacktivists:
74
government employees who attempt to acquire classified informa- tion about other governments
Nation State Hackers (AKA APT)
75
: a disgruntled employee or corporate spy
Malicious Insider
76
1) Provide training 2)Define security requirements 3)Define met- rics and compliance reporting 4) Perform threat modeling 5) Establish design requirementsà6) Define and use cryptography standards 7)Manage the security risk of using 3rd party compo- nentsà8) Use approved tools 9) Perform SAST 10) Perform DAST 11)Perform penetration testing 12) Establish a standard incident response process
Microsoft secure development lifecycle 12 parts
77
Thesepermissions grants the right to read the contents of the file and read the permissions of a directory.
permission Read (r)
78
Implies the ability to change the contents of a file. Or create new files in a directory
Permission write(w)
79
the right to execute the files if they are programs. Regarding directories, it allows you to enter any directories and access files
Permission Execute (x)
80
exploiting a bug or design flaw to gain elevated access to re- sources that are normally protected from a user or application
Privilege escalation
81
o a lower level privilege user accesses functions or content revised for higher privilege users or applications
Vertical privilege escalation
82
o a normal user accesses functions or content reserved for other normal users
Horizontal privilege escalation
83
Type of permissions that only allow a person to have the permis- sions necessary to complete their role. For example, an employ will only be given permissions needed to complete their job. Pre- vents lower level employees from accessing additional information that is not relevant to them
Role Based Access Controls
84
a process by which potential threats, such as structural vulnera- bilities or the absence of appropriate safeguards, can be identi- fied, enumerated, and mitigations can be prioritized. This is about finding problems should be done early in the development.
Threat Modeling
85
lists all of the assets and considers how attacker could threaten them
Asset based approach (TM)
86
Talking about human threat agents can make the threat seem real
Modeling Attacker
87
models that focus on software being built or system being de- ployed
Software model
88
any place where entities of different privilege interact. Threats tend to cluster around these.
Trust boundary
89
follows the flows of data often ideal for threat modeling
Dataflow Diagrams (DFD) (Software model)
90
This model is fairly complex if starting from scratch likely can be adapted
Unified modeling language (UML) (Software model)
91
o represent flows between various participants; each lane edge is labeled to identify a participant; each message is represented by a line between participants.
Swim line diagrams (Software model)
92
represents the various states a system could be in and the tran- sitions between those states.
state diagram (Software model)
93
STRIDE: A well accepted approach to thinking of threats when threat modeling: List what each acronym stands for:
Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of privilege.
94
Pretending to be someone or something other than yourself. This VIOLATES AUTHENTICATION.
spoofing
95
Modification of something on a disk in memory or network. This VIOLATES INTEGRITY
Tampering
96
claiming that you did not do something VIOLATES NONREPUDI- ATION
Repudiation
97
Absorbing the resources needed to provide a service. VIOLATES AVAILABILITY.
Denial of Service
98
providing information to someone not authorized to see it VIO- LATES CONFIDENTALLITY
Information Disclosure
99
Allowing someone to do something they are not authorized to do. Violates AUTHORIZATION
elevation of privilege
100
SQL, Network file system NFS, Standard messaging block (SMB), Rsyslog
Data tier languages and Protocols List
101
- A language used in programming and designed to manage data held in databases. PORTS: 3306 (MySQL/MariaDB)>5432 Postgres>1433 MS SQL
Structured Query Language - SQL
102
Distributed file system protocol runs on port: 2249
Network file system (NFS)
103
o A network protocol for shared access to files printers and serial ports (445 or 139)
Standard messaging block (SMB)
104
A utility for sending logs to remote log systems
Rsyslog
105
Minimize attack surface, Principle of least privilege, Encryption, Tokenization, Federation
Protecting Data (5 rules)
106
Implement physical, Network, logistical controls on data.
Minimizing attack surface
107
access to data should be controlled by permissions that are veri- fied before allowing users to access the data.
Principle of least privilege
108
prevents data visibility in the event of unauthorized access or theft
Encryption
109
Substituting sensitive data with non-sensitive equivalent. This is then used to map back to the data
Tokenization
110
A type of meta-database file system that is geographically de- centralized and transparently maps multiple databases in to one single one.
Federation
111
o Categories: provide organizational structure o Specialty Areas: subgroups of categories containing cybersecu- rity work.
o Work Roles: the most detailed grouping of cybersecurity related work which includes KSAs and tasks for the role.
o Knowledge, skills and abilities: The skills required to perform a work role.
o Task - specific task assigned to the work role
NICE: National Initiative for Cybersecurity Education (parts and what they do
112
Open Web Application Security Project
OWASP
113
Top ten critical security risks to applications A1: Injection A2: Bro- ken authentication A3: Sensitive data exposure A4: XML External Entities A5: Broken access control A6: Security misconfiguration A7: Cross Site Scripting (XSS) A8: Insecure deserialization A9: Vulnerable components A10: Insufficient logging and monitoring.
OWASP TOP 10: list them
114
Injection of a string in to a query in order to modify a response: attacker sends hostile data in to an interpreter How does it work: There are flaws in the code that when a specific string is injected do something different than they were meant to do.
SQLi
115
requires keeping data separate from commands and queries. Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid."o Never Insert Untrusted Data Except in Allowed Locations o HTML Escape Before Inserting Untrusted Data into HTML Ele- ment Content
o Use a trusted library"
SQLi mitigation (3 parts)
116
A type of application attack where the attacker takes advantage of scripting and input validation vulnerabilities in an interactive website to attack legitimate users.
XSS - Cross Site Scripting
117
The application or API includes invalidated or un-escaped user input as HTML output.
Reflected XSS:
118
The application or API stores unsanitized user input that can be viewed at a later date.
Stored XSS
119
JavaScript frameworks, single-page applications, and APIs that dynamically include attacker-controllable data to a page are vul- nerable to this XSS attack.
DOM XSS
120
Escaping untrusted HTTP request data based on the context in the HTML output, Using frameworks that automatically escape XSS by design, such as the latest Ruby on Rails and React JS.
XSS mitigation
121
the analysis of computer software that is performed WITHOUT executing programs.
Static Application Security Testing (SAST):
122
the analysis of computer programs DURING their execution. It does not require the source code and therefore detects vulnera- bilities by performing attacks itself.
Dynamic Application Security Testing (DAST)
123
operated solely for a single organization
Private: cloud infrastructure
124
services are rendered over a network that is open for public use
Public cloud infrastructure
125
a composition of public cloud and private environment
Hybrid cloud
126
refers to online services that provide high-level APIs used to deref- erence various low-level details of underlying network infrastruc- ture like physical computing resources,location, data partitioning, scaling, security, backup etc.
Infrastructure as a service
127
consumer does not manage or control the underlying cloud infra- structure. This includes the network, servers, operating systems or storage. The user does control the deployed applications and possible the configuration settings for the application hosting en- vironment.
Platform as a service
128
the applications are accessible via a thin client interface such as a web browser or program interface. The consumer does not manage or control the underlying cloud infrastructure, including network, servers, operating systems, storage and even individual application capabilities.
Software as a Service (SaaS)
129
These primarily contain computer security-related information
Networking Security Logs
130
contains system events and audit records
Operating System logs
131
contains application level events or audit information
Application logs
132
typically hidden within another seemingly innocuous program. It can create copies of itself and insert them into other programs and files to perform a harmful action. Uncommon today and comprises less than 10% of all malware
Viruses
133
It's distinctive trait is that it is self-replicating and can spread without user action.
Worms
134
Masquerades as a legitimate program but contains malicious code. It requires the user to execute the corrupted/malicious file. Typically spread via social engineering
Trojan Horse
135
Most these programs are trojans, which means they must be spread through social engineering of some sort. Once the user executes the corrupted/malicious file, it looks for and encrypts the users' files. The hacker then holds the files as hostage in exchange for a ransom. Can be prevented by creating a good backup. According to studies, about 25% of victims choose to pay the ransom while 30% do not get their files unlocked
Ransomware
136
if you get infected with this, you're basically ****ed. These allow the hacker to have "root" privilege and create/edit/delete files as they please. They can conceal themselves from anti-mal- ware systems and are very difficult to detect. This is because "root" privilege is greater than that of the victim/user. They are extraordinarily hard to create and only the most advanced attacks utilize them. Tech companies are very proactive about patching vulnerabilities that are susceptible to a these.
Rootkit
137
a method of bypassing normal authentication procedures, typically over a connection to a network such as the internet. It allows the hacker to spy, invisibly, on the victims activities. May be installed by Trojan horses, worms, implants or "other methods".
Backdoor
138
attempts to expose the victim to unwanted and potentially ma- licious advertising. Common ____ programs may re-direct a user's browser searches to a copycat page that contains promo- tions for other products
Adware
139
a logical collection of internet-connected devices whose security has been compromised and control ceded to a third party. Each compromised device is known as "bot". They are rented out by cyber criminals as commodities for a variety of purposes (such as a DDoS attack)
Botnet
140
many viruses have a "signature", or a recognizable series of ones and zeros. These anti-virus programs work by spotting these signatures and stopping the files before they can cause damage
Signature Based Detection
141
monitors system processes to determine if a program is attempt- ing to engage in malicious behavior against the operating system
Behavior Based Detection
142
the most common first step, works by moving the malicious file into a protected area on the hard drive. This area is separate from any other file that could activate the malicious software
Quarantining Removal
143
aims to stop the initialization and spread of the virus during the start up process
Startup Detection/Removal
144
Operating system ____ ____ provides administrators with a known working point to which they can restore the settings back to.
Restore points
145
Asymmetric cryptography requires that both the encoder and decoder have a shared key? T/F
FALSE
146
Masquerading is a form of both deception and disruption. T/F
FALSE
147
AES is an algorithm for which type of encryption?
Symmetric Key Encryption
148
Select the one that best describes Asymmetric cryptography :- Requires a secured channel to exchange a shared key. - Securely generates a shared key between two parties over an insecure channel. - Has been superseded by elliptical curve based encryption. - Leverages the same key to encrypt and decrypt data.
Securely generates a shared key between two parties over an insecure channel.
149
What algorithm is considered a secure hash today?
SHA3-512
150
Diffe-Hellman and RSA are algorithms for which type of encryption?
Asymmetric Key Encryption
151
The polyalphabetic cipher is intended to prevent frequency analysis? T/F
TRUE
152
The Vigenère cipher is an example of what?
A polyalphabetic cipher
153
A 404 HTTP response indicates that the URL requested is not found on the server. T/F
TRUE
154
[_______] translates more readily memorized domain names to the numerical IP addresses.
Domain Name System
155
Which protocols are not part of the application layer? 1- TCP (Transmission Control Protocol) 2 - SMTP (Simple Mail Transfer Protocol) 3 - HTTP (HyperText Transfer Protocol) 4 - ICMP (ping)
1 and 4
156
A 5XX HTTP response status indicates an error occurred on the server. T/F
TRUE
157
The network ID for IP address 172.35.16.12 with a subnet mask of 255.255.255.0 is:
172.35.16.0
158
What would you type into a command prompt in order to view the IP address of your computer (Windows or Linux is acceptable)?
ipconfig
159
[______] is a process by which a server maintains the state of an entity interacting with it.
Session Management
160
[_____] data is a combination of structured and unstructured data and requires mapping or advanced tools to derive information.
Big
161
The process of verifying that an individual, entity, or website is who it claims to be.
Authentication
162
When the secure flag is set on a cookie, JavaScript cannot access the cookie.T/F
FALSE
163
[_______] is a sequence of network HTTP request and response transactions associated to the same user.
A Web session
164
Any inactive data that is stored physically in any digital form is called [________].
Data at Rest
165
The [___________] coordinates the application, processes commands, makes logical decisions and evaluations, and performs calculations.Correct!
Logic Tier
166
Compute the Network ID and Host ID for the IP address 192.168.1.55 with a subnet mask of 255.255.255.0.
Network ID: 192.168.1.0Host ID: 0.0.0.55
167
Which binary is computated under the 1's of the subnet mask?
Network ID
168
Which binary is computated under the 0's of the subnet mask?
Host ID
169
This type of malware masquerades as a legitimate program but contains malicious instructions.
Trojan
170
This type of malware has the distinctive trait that it's self-replicating without required interaction.
Worm
171
The two broad techniques for detecting malware are ____ -based and ___ -based.
signature behavior
172
The most common first step in malware removal and recovery is:
quarantining
173
The type of malware that provides a method of bypassing normal authentication procedures, usually over a connection to a network such as the Internet, is called a:
backdoor
174
The process of learning more about the assets that you can access including the network, computers, applications, and their versions is called:
footprinting
175
When a social engineer uses a lie with a made-up story to go along with it in order to gain trust, it is called:
pretexting
176
The practice of sending emails appearing to be from reputable sources with the goal of influencing or gaining personal information is called:
phishing
177
[________] use their skills in order to help individuals, businesses, and government.
ethical hackers
178
Government employees attempting to acquire classified information about other governments are often known as [__________]
Advanced Persistent Threats
179
The four forms of valid credentials are :
What you know, what you have, what you are, and where you are.
180
What cipher should an developer select for symmetric encryption?
AES
181
This type of response status indicates a client-side error response from the server.
4XX
182
This type of response status indicates a server side error response from the server.
5XX
183
192.168.0.35 is an example of this type of IP address.
IPv4
184
Which protocols are NOT part of the Application layer (select all that apply)?1. FTP (File Transfer Protocol) 2. ICMP (ping) 3. SMTP (Simple Mail Transfer Protocol) 4. HTTP (HyperText Transfer Protocol ) 5. TCP(Transmission Control Protocol ) 6. IP (Internet Protocol)
56
185
The polyalphabetic cipher is intended to prevent frequency analysis? T/F
TRUE
186
What are the domains within the field of cybersecurity?
Operational Security, Network Security, Application Security, End-user Education, Information Security
187
The host ID for IP Address 172.35.16.12 with a subnet mask of 255.255.255.0 is :
0.0.0.12
188
a method, tool, or procedure for enforcing a security policy is called a:
security mechanism
189
[_____] is any sequence of one or more symbols given meaning by specific act(s) of interpretation.
data
190
The [___________] coordinates the application, processes commands makes logical decisions and evaluations and performs calculations.
logic tier
191
Weaknesses or gaps in a security program that can be exploited by threats to gain unauthorized access to an asset are called a :
vulnerability
192
Web session management commonly uses a session identifier stored in a [_________] sent from the client to the server.
cookie
193
Permission validation and web session security occurs in the
logic tier
194
Encryption can provide four properties
confidentiality, integrity, authentication, non-repudiation
195
What is the five high-level functions described in the NIST Cybersecurity Framework core?
Identify
Protect
Detect
Respond
Recover
196
What are types of input for assessing an NIST CSF subcategory?
Maturity Level
Primary Threat
Likelihood of Threat Occurrence
Impact of Threat Occurrence
197
The NIST is a government agency that stands for National Information on Standards and Technology. T/F
FALSE: National Institute of Standards and Technology
198
Core, tiers, and [_________] are the three main components for the NIST Cybersecurity Framework.
profile
199
An IG1 enterprise’s biggest challenge to implementing security would be:
Limited IT department
200
The CIS CSCs and the NIST CSF are incompatible frameworks. T/F
FALSE
201
According to CIS Control 8, Implementation Group 3 should implement all security controls implemented by Group 2. T/F
TRUE
202
[BLANK] is completely addressing the root cause of a vulnerability by applying a patch, updating a configuration or deactivating an unnecessary service.
Remediation
203
Why is logging important? 1. Sometimes, logging records are the only evidence of a successful attack.
2. Logging plays a significant role in preventing attacks from occurring.
3. If properly instructed, logging can provide the time and place of every event that has occurred in your network or system.
4. Log records create an easy way to understand the scope of a breach without the need for reporting or filtering.
134
204
The last step of incident response is recovery. T/F
FALSE
205
The three main categories of logs are:
Networking Security, Operating System, and Application.
206
The Principle of [___________] states: A user, process, or program must be able to access only the information and resources that are necessary for its legitimate purpose.
Least Privilage
207
The first step of incident response is preparation. T/F
TRUE
208
The name of the dictionary used to serve as a common baseline standard for weakness identification, mitigation, and prevention efforts is:
Common Weakness Enumeration
209
The name of the 501(c)(3) organization that has a mission to make software security visible so that individuals and organizations are able to make informed decisions is:
Open Web Application Security Project
210
The name of the security weakness that matches the definition below: The lack of verification of proper access to the requested object (AKA OWASP 2021 A01)
Broken Access Control
211
What generic cybersecurity technique do we use to ensure the confidentiality of data in transit and at rest?
Encryption
212
Which of the following are OWASP design principles (select all that apply): 1. Minimize attack surface area
2. Keep security simple
3. Avoid security by obscurity
4. Use default settings
5. Principle of Least Privilege
6. Trust services
1, 2, 3, 5
213
What methodology is used in preventing attacks in SQL injection?
Parameterized Queries
214
When a secure flag is set on a cookie, JS cannot access the cookie? T/F
FALSE
215
What are the five core parameters of log management?
collection, storage, search, correlation, and output
