2.1 Defense In Depth Flashcards

1
Q

The principle that system protections need to be layered and deployed across a wide range of controls. It involves the CIA triad and risk assessment.

A

Defense in depth

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

These three things comprise the CIA triad

A

Confidentiality, integrity, availability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is the “secure by design” concept?

A

The concept that security of the application is not an afterthought but a prerequisite for each building block of the solution.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

This is considered the foundation of defense in depth

A

Filtering

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

These are four examples of network filtering

A

Firewalls, anti-DDoS, proxy servers, mail relays

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

These are two examples of host filtering

A

Anti-malware, application control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

A way of filtering that will allow only approved applications to run

A

Application control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Intermediate systems that handle requests to resources on behalf of other systems. They also tend to perform some kind of content filtering.

A

Proxy servers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

The four approaches to defense in depth

A

Uniform protection, protected enclaves, information centric, threat vector analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

This DiD approach involves segmenting your network, involving VLANs and filtering traffic between sections of the network.

A

Protected enclaves

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Also known as port isolation this is a technique in computer networking where a VLAN contains switch ports that are restricted so that they can only communicate with a given uplink.

A

Private VLAN

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

DiD approach where your organization uses multiple layers to access confidential information.

A

Information centric

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

DiD approach where we prevent a threat from “crossing the bridge” or using a vector. Such as disabling USB drives.

A

Vector oriented

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

This model is a compliment to DiD. Every request regardless if it comes from inside or outside the network must be authenticated and authorized.

A

Zero trust model

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Enables you to dynamically change access based upon conditions and points that are accumulated.

A

Zero trust, variable trust

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

IAAA

A

Identification, authentication, authorization, accountability

17
Q

The discipline of establishing a known baseline condition and then managing that condition. Ideally based on reputed established standards.

A

Configuration management

18
Q

Tracking logging and validating every change.

A

Change control

19
Q

The four general methods for cracking passwords

A

Dictionary attack, hybrid attack, brute Force attack, pre-computation attack

20
Q

Three authentication factors

A

Something you know, something you have, something you are

21
Q

These are based on an irreversible hash function. Transforms the input to a fixed length output called a digest.

A

Key derivation function KDF

22
Q

an additional input for the kdf, a random string of characters added to the password before hashing. This is stored next to the password.

A

Salt

23
Q

An additional input for kdf, a random string of characters added to the password before hashing. It is stored in a secure location locally. Unique per application.

A

Pepper

24
Q

A list of hashed passwords available online, either cracked or not cracked.

A

Password dump

25
Q

Generally a number of hashing iterations. Intended to slow down brute Force attacks.

A

Difficulty factor

26
Q

The fastest method for cracking passwords. It tests all the words and a dictionary or word file against password hashes.

A

Dictionary attack

27
Q

This builds on the dictionary attack method by adding numerals and symbols to dictionary words.

A

Hybrid attack

28
Q

The most powerful password cracking method. It will always succeed no matter how complex, it’s just a matter of time.

A

Brute Force attack

29
Q

Password cracking attack where hashes are pre-computed of possible passwords and stored in a rainbow table, saving CPU time.

A

Pre-computation attack

30
Q

A file containing pre-computed password hash values

A

Rainbow table

31
Q

The process of calculating hashes that is split up over large amounts of processing units or CPU cores

A

Data parallelism

32
Q

This refers to limiting a password cracking attack to a certain password structure or password policy. For example minimum of eight characters with complexity, etc.

A

Masking

33
Q

A method of authentication which access is only granted after being presented with more than one authenticator.

A

Multifactor authentication

34
Q

Term for using the context of a request to determine the required authentication level.

A

Adaptive authentication

35
Q

Data in the /etc/passwd file that contains user data such as full names, addresses, phone numbers, and more.

A

GECOS data

36
Q

A consensus document of 20 crucial controls designed to begin the process of establishing a prioritized baseline of information security measures and controls.

A

CIS controls

37
Q

This is the most effective security control that you can deploy today. only the trusted and expected executables can execute on a system, and no others. Allow list of software.

A

Application control