Various Concepts Flashcards
(124 cards)
1
Q
software based client that monitors data in use on a computer and can stop file transfers or alert admins of the transfers base on a set of rules or policies.
A
Endpoint dlp
2
Q
software or hardware solution installed on the perimeter of the network to protect data in transit.
A
Network dlp
3
Q
software stored on servers in a data center to protect data at rest.
A
Storage dlp
4
Q
Software to protect data being stored in cloud services, usually a SaaS solution.
A
Cloud dlp
5
Q
UEBA
A
User and Entity Behavior Analytics
6
Q
SCCM
A
System Center Configuration Management - Microsoft software management system for admin device management.
7
Q
trusted program to ensure that microprocessors in the supply chain are secure and is overseen by the Department of Defense
A
Trusted Foundry Program
8
Q
process of ensuring that hardware is procured tamper free from a trusted supplier.
A
Hardware Source Authenticity
9
Q
cryptographic module embedded within a computer system that can endorse trusted execution and can attest to boot settings and metrics
A
Root of Trust - ROT
10
Q
PUF
A
Physically Unclonable Function - anti tamper mechanism used inside systems (ROT policies).
11
Q
UEFI feature that prevents unwanted process from executing during the boot process.
A
Secure Boot
12
Q
UEFI feature that gathers secure metrics to validate the boot processes in an attestation report.
A
Measured Boot
13
Q
A claim that the data presented is valid by digitally signing it using a TPM’s private key.
A
Attestation
14
Q
A means for software or firmware to permanently alter the state of a transistor on a computer chip.
A
eFuse
15
Q
an update digitally signed by the vendor.
A
Trusted Firmware Update
16
Q
low-level CPU changes and instructions that ensure secure processing and are built into the microprocessor.
A
Processor Security Extensions
17
Q
AMD chip PSEs
A
- SME Secure Memory Encryption
- SEV Secure Encrypted Virtualization
18
Q
Intel chip PSEs
A
- TXT Trusted Execution Technology
- SGX Software Guard Extensions
19
Q
extensions that allow a trusted process to create an encrypted container for sensitive data.
A
Secure Enclave
20
Q
operations that should only be performed once or not at all.
A
Atomic Execution
21
Q
key signature of a directory traversal attack
A
../../ or dot dot slash and %255
22
Q
key signature of a SQL attack
A
’ or 1 = 1
23
Q
occurs when an attacker is able to execute run commands physically on a victim computer
A
Arbitrary Code Execution
24
Q
occurs when an attacker is able to execute run commands on a victim computer remotely
A
RCE Remote Code Execution
25
occurs when an attacker fills up the buffer with NOP (nonoperation instruction) so that the return address may hit a NOP and continue until it finds the attacker’s code to run
smash the stack
26
User’s web browser is exploited by the attacker, usually by a compromised web server
XSS
27
The web page is exploited the user’s browser. User is already authenticated, then the attacker uses that trust to exploit the web site.
XSRF
28
Hosts or servers located in the DMZ that do not have any services configured to run on the local network.
Bastion Hosts
29
secures the network by keeping the machines behind it anonymous while web surfing. Uses NAT.
IP Proxy
30
Attempts to serve clients content itself without contacting the remote server.
Caching Proxy
31
Used to prevent devices from connecting to prohibited websites and other content.
Internet Content Filter
32
A go between device that scans for viruses, filters content, and performs dlp functions.
Web Secure Gateway WSG
33
Low upfront cloud storage solutions, but exorbitant fees to move the data from the cloud to another provider or on prem solution due to bandwidth and storage costs to transfer the large amounts of data
Vendor Lockin
34
Security appliance set up at the client network edge to forward traffic to the cloud network if the content complies with the policies.
Forward Proxy: Users can evade forward proxies.
35
A security appliance set up at the cloud network edge that forwards content if it complies with policy. Cloud provider must support this to work.
Reverse Proxy
36
FAAS
Function as a Service
37
A software architecture that runs functions within virtualized containers at runtime instead of on dedicated servers.
Serverless
38
AWS storage containers
Buckets
39
Microsoft azure storage containers
Blobs
40
CORS
Cross Origin Resource Sharing. A network policy that allows the browser to treat content from nominated domains as safe.
41
DoS attack which attempts to send more packets to a device/server than it can handle.
Flood Attack
42
A flood/dos attack using ICMP pings.
Ping of Death
43
attacker sends a ping to a subnet broadcast address and the devices reply to a spoofed ip address (victim’s server) using bandwidth and power.
Smurf Attack
44
flood attack using udp packets to flood the target device.
Fraggle Attack
45
DOS attack where the attacker initiates multiple TCP sessions but does not complete the three way handshake. Flood Guards are used to prevent these attacks.
SYN FLOOD
46
a network scan attack that sets the FIN, PSH, and URG flags that can cause a system to crash.
XMAS Attack
47
breaks apart packets into IP fragments and modifies them with oversized payloads and sends them to a victim machine.
Teardrop Attack
48
exploits a security flaw to permanently break a device by reflashing its firmware.
Permanent DOS attack
49
attack that creates a large number of resources to use up the available processing power of the device
Fork Bomb
50
If A=B=C, then A=C: If any trusted network is compromised, all trusted networks are also.
Transitive attack
51
name resolution info is modified in the DNS server’s cache
DNS Poisoning
52
DNS attack where the attacker requests copies of the DNS info (server names, ip info) to their system for future attacks
Unauthorized Zone transfer
53
DNS attack where the attacker modifies the host file to have the client bypass the dns server and redirects to a malicious site.
Altered Host File
54
occurs when an attacker redirects one website’s traffic to another bogus/malicious website.
Pharming
55
exploits the process in how dns names are registered and prevents domain names from being registered.
Domain Name Kiting
56
Key differences between WEP, WPA, WPA2, and open networks
: open=no security. WEP = weak IV, WPA = TKIP and RC4, WPA2 = CCMP and AES,
57
key components of the two WPA3 modes
WPA3(Enterprise Mode) AES-256 W/SHA-384 hash (Personal Mode) CCMP128 key and uses PFS instead of PSK
58
Class A Fire Suppression base, use, and symbol
Water, ordinary combustibles, and green triangle w/A
59
Class B Fire Suppression base, use, and symbol
Dry chemical or CO2, flammable gasses and liquids, red square withB
60
Class C Fire Suppression base, use, and symbol
CO2, electrical fires, blue circle w/C
61
Class D Fire Suppression base, use, and symbol
dry powder blend, combustible metals, yellow pentagon w/a D
62
Class K Fire Suppression base, use, and symbol
Potassium based, cooking oils and animal fats, black hexagon with a K
63
Location of HVAC hot and cold isles.
Cold isles front of rack, hot isles at rear of rack
64
shielding installed around an entire room to prevent electromagnetic energy from entering or exiting the area.
Faraday Cage
65
U.S. Government standards for the level of shielding required in a building to ensure emissions and interference cannot enter or exit the facility.
Tempest
66
CAN
Controller Area Network – a digital serial data communications network used in vehicles.
67
OBD-2
Onboard Diagnostics module – external interface for CAN networks
68
describe 3 CAN vulnerabilities
Attach the exploit to the OBD-2, exploit over onboard cellular, or over onboard wifi
69
Main difference between SoC and FPGA
SoC cant be changed, FPGA can be changed as needed.
70
Digital serial data connections used in operation technology networks to link PLCs
Fieldbus
71
input and output controls on a PLC that allow a user to configure and monitor the system.
HMI Human Machine Interface
72
software that catalogs and aggregates data from multiple sources within an ICS
Data Historian
73
Key difference between ICS and SCADA
ICS = single location, SCADA multi point of a geographical region.
74
communications protocol used in operational technology networks
Modbus
75
4 key controls for mitigating vulnerabilities in specialized systems (ISC & SCADA):
1. Establish admin control by recruiting staff w/relevant expertise.
2. Implemint minimum links by disconnecting unnecessary services, protocols, etc.
3. Develop and test a patch management program for OT networks.
4. Perform regular audits of logical and physical access to these systems.
76
BAS
Building Automation System
77
utilizes a web of trust between organizations where each one certifies others in the federation. Not efficient for large network of organizations.
Cross-Certification authentication
78
Organizations authorize based on a single third-party organization. More efficient.
Trusted Third Party(bridge model)
79
Users log in to an Identity Provider(IP) and uses their account at Relying Parties (RP). Largest is google.
Open ID
80
IEEE Standardized framework used for port based authentication for both wired and wireless networks.
802.1x
81
application layer protocol for accessing and modifying directory services. Used in MS AD.
LDAP
82
what is the supplicant in the 802.1x process
pc, client, etc.
83
The device through which the supplicant is attempting to access the network(switches, vpn concentrators, etc.). 802.1x process
Authenticator
84
The centralized device that performs the authentication (RADIAUS, TACACS, etc. servers) . 802.1x
authentication server
85
A standardized framework of protocols that allows for many methods of authentication including passwords, PKI, and digital certificates.
EAP
86
uses simple passwords, CHAP for authentication, and a 1 way process.
EAP MD5
87
uses PKI and digital certificates for mutual authentication (2 way).
EAP TLS
88
requires server-side digital certificates and a client-side password for mutual authentication.
EAP TTLS
89
uses protected access credentials (a security credential generated by the server that holds information specific to a peer) instead of digital certificates for mutual authentication.
EAP FAST
90
uses server certificates and MS Active Directory databases to authenticate a client’s password.
PEAP
91
Cisco’s proprietary authentication protocol requiring Cisco based networks.
LEAP
92
Cross platform version of RDP(MS only) for remote user GUI access.
Virtual Network Computing (VNC)
93
specialized hardware device that allows for hundreds of simultaneous vpn connections from remote devices.
vpn concentrator
94
a remote worker’s machine diverts internal traffic(file transer, email, etc.) over a vpn and external traffic over their own internet connection.
Split tunneling
95
Cisco’s proprietary version of RADIUS and is not available for cross platform use..
TACACS+
96
attack that intercepts API calls between the browser process and its DLLs.
MITB Man in the Browser
97
brute force attack where stolen names and passwords are tried against multiple websites.
Credential Stuffing
98
software vulnerability where the authentication mechanism allows an attacker to gain entry.
Broken Authentication
99
the access control policy is determined by the owner.
DAC
100
the computer systems determine the access control policies for an object. Military, top secret, secret, etc. Lattice and Rule based are MAC models.
MAC
101
uses a set of permissions instead of labels in MAC.
RBAC - Role Based
102
if/then access control. If Jason is in HR, then give access to HR files.
Attribute based
103
requires more than one person to conduct a sensitive task or operation.
Separation of Duties
104
ADUC
Active Directory Users and Computers
105
3 Types of Linux user permissions
U = owners, G = groups, and O or A = all users.
106
used to change permissions or rights of a file of folder system in linux.
chmod change mode
107
Linux numeric value for R,W, and X
: 4(R) = read, 2(W)= write, 1(X) = Execute. (binary values) Add to combine, 6=rw, 3 = wx, etc.
108
occurs when permissions are passed to a subfolder from the parent through inheritance.
Propagation
109
Two most popular password crackers
Cain and Able & John the Ripper
110
Attack method where a program attempts to guess a password by using a list of possible passwords.
Dictionary attack
111
Attack method where a program attempts to try every possible combination until the password has been compromised.
Brute Force Attack
112
attack method that compares a precomputed encrypted password to a value in a lookup table.
Cryptanalysis Attack
113
A list of precomputed values (hashes) to more quickly break a password.
Rainbow table
114
network traffic is analyzed to discover predetermined attack patterns.
Signature-based monitoring
115
network traffic is analyzed to discover traffic that is outside of an established baseline.
Anomaly-based monitoring
116
network traffic is analyzed to discover data that does not match previous network activity, applications, etc.
Behavior-based monitoring
117
Windows program for performance monitoring.
perfmon.exe (perfmon in cmd will load)
118
2 Protocol analyzer modes
Promiscuous and Non-Promiscuous modes
119
Network adaptor captures all traffic on the network regardless of the MAC address on the frames carrying them.
Promiscuous Mode
120
Network adaptor only captures traffic directly addressed to itself.
Non-promiscuous mode
121
Data files that contain the accounting and audit trail for actions performed by a user on the computer or network.
Logs
122
Logs the events such as successful and unsuccessful user logons to the system.
Security Logs
123
Logs the events such as a system shutdown or driver failure.
System Logs
124
Logs the events for the operating system and third party applications.
Application Logs
