3.0 Flashcards

1
Q

LDAP/ LDAPS

A

Lightweight Directory Access Protocol/LDAP Secure
A standard protocol designed to maintain and access “directory services” within a network
Port 389 and 636

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

UTM

A

Unified Threat Management
All-in-one security appliance. When multiple security features or services are combined into a single device within your network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

PKI

A

Public Key Infrastructure
Framework managing digital certificates, encryption keys, and authentication processes, facilitating secure communication and data protection.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

802.1X

A

A standard used in network security that provides port-based authentication (authenticated by a certificate) to devices attempting to connect to a network (NAC). You don’t get access to the network until you authenticate.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

PEAP

A

Protected Extensible Authentication Protocol
An EAP method that uses a secure TLS tunnel. Protects authentication process within an encrypted channel.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

EAP-FAST

A

EAP Flexible Authentication via Secure Tunneling
An EAP method that enables secure communication between a client and an authentication server by using Transport Layer Security (TLS) to establish a mutually authenticated tunnel. Using a secure tunnel without requiring server certificates.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

CASB

A

Cloud access security broker
Placed between cloud service consumers and cloud service providers to monitor all activity and enforces security policies.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

FDE

A

Full disk encryption
A security technology used to encrypt all data stored on a computer’s hard drive or storage device. Encrypt everything on the drive

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

SED

A

Self-encrypting drive
A type of storage device (such as a hard drive or solid-state drive) that includes built-in hardware-based encryption capabilities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Containerization

A

A lightweight virtualization technology that allows applications and their dependencies to be packaged and isolated into containers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

MAC filtering

A

Media access control filtering
A network security technique used to control which devices can connect to a network based on their MAC addresses. Limit access through the physical hardware address.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

MDM

A

Mobile Device Management
A type of software solution that helps organizations manage and secure mobile devices used by employees within their network. Manage company-owned and user-owned mobile devices

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

COPE

A

Corporate-Owned, Personally Enabled
A mobile device management strategy used by organizations to manage company-owned devices while allowing employees some level of personal use.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

VDI/VMI

A

Virtual Desktop Infrastructure/Virtual Mobile Infrastructure
VDI is a technology that allows users to access a desktop environment virtually, rather than having a physical computer at their desk. VMI is similar to VDI but focuses on virtualizing mobile device environments, such as smartphones or tablets.
– The apps are separated from the mobile device
– The data is separated from the mobile device

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

WPA2

A

Wi-Fi Protected Access 2
It’s a security protocol used to protect wireless networks from unauthorized access and data interception.

Employs the Advanced Encryption Standard AES with a 128-bit key.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

WPS

A

Wi-Fi Protected Setup
Wi-Fi Protected Setup (WPS) is a network security standard that was created to simplify the process of connecting devices to a secure wireless network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

RBAC

A

Role-based access control
A method of restricting network access based on the roles of individual users within an organization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

ABAC

A

Attribute-based access control
A more flexible access control model that uses attributes about users, systems, and the environment to make access control decisions. Ex. location, time, and device, as well as username and password.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

DAC

A

Discretionary Access Control
A type of access control where the owner of a resource determines who can access that resource and what permissions they have. DAC, access decisions are based on the discretion of the resource owner, who can grant or revoke access rights to users or groups.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

MAC

A

Mandatory Access Control
Access control scheme uses labels to grant access, controlling data access and preventing unauthorized use.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

VLAN

A

Virtual local area network
A network segmentation technique used to divide a single physical network into multiple logical networks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Measured Boot

A

Ensures boot process integrity by measuring and comparing cryptographic hashes of key components.

Process hashes the subsequent processes and compares the hash values to known good values.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Trusted Boot

A

Establishes a chain of trust during startup, verifying firmware and OS integrity using hardware-based security features like TPM.

Process verifies the digital signature of the OS kernel

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Secure Boot

A

Prevents unauthorized software execution during boot by verifying digital signatures of bootloader and OS components.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
NGFW
Next-generation firewall An advanced network security solution that combines traditional firewall capabilities with additional features such as intrusion prevention, application awareness, and advanced threat detection and mitigation.
26
IPSec
Internet Protocol Security A suite of protocols used to secure and encrypt communication over IP networks. Send information in the layer 3 public internet, but encrypt the data Uses Authentication Header (AH) for integrity and Encapsulation Security Payload (ESP) for encryption.
27
SSL
Secure Sockets Layer It ensures that data exchanged between a web server and a web browser remains confidential, integral, and authenticated. However, it's worth noting that SSL has been largely replaced by its successor, Transport Layer Security (TLS), which offers enhanced security features and improved protocols.
28
CA
Certificate Authority Is the trusted authority that certifies individuals’ identities and creates electronic documents indicating that individuals are who they say they are.
29
TACACS+
Terminal Access Controller Access-Control System Plus A network authentication, authorization, and accounting (AAA) capabilities, a remote authentication protocol, which allows a remote access server to communicate with an authentication server to validate user access onto the network.
30
Kerberos
A network authentication protocol designed to provide secure authentication for client-server applications over a non-secure network, such as the internet. (Ticketing system)
31
TPM
Trusted Platform Module A chip that resides on the motherboard of the device. Provides the operating system with access to keys. Ex. enables hard drive encryption
32
HSM
Hardware Security Module A security device you can add to a system to manage, generate, and securely store cryptographic keys.
33
Proxies
Proxies are servers that act as middlemen between your device (like a computer or phone) and the internet. They help with things like hiding your IP address, filtering content, speeding up web browsing by storing copies of web pages, and balancing internet traffic across multiple servers.
34
SMTP
Simple Mail Transfer Protocol The standard Internet protocol used to transfer e-mail between hosts. Protocol number 25
35
S/MIME
Secure/Multipurpose Internet Mail Extensions A protocol that adds a layer of security to email messages. It provides encryption and digital signatures to ensure the confidentiality, integrity, and authenticity of email communication.
36
DLP
Data Loss Prevention Solutions serve to prevent sensitive data from leaving the network without notice.
37
Boot Attestation
Boot attestation verifies the integrity of a computer's boot process using cryptographic signatures to ensure only trusted software components are loaded, preventing unauthorized alterations.
38
Tokenization
Is the process of substituting a surrogate value, called a token, for a sensitive data element.
39
Salting
Is the process of adding a random element to a value before performing a mathematical operation like hashing.
40
Hashing
A process of converting input data (such as text, files, or passwords) into a fixed-size string of characters using a hash function. Hashing is commonly used for data integrity verification, password storage, digital signatures, and indexing data structures.
41
Static code analysis
Is when the code is examined without being executed.
42
Dynamic code analysis
Analyzes the code during execution.
43
Fuzzing
(or fuzz testing) is a brute force method of addressing input validation issues and vulnerabilities. They have software tools that transmit unexpected and abnormal data to applications to assess their response.
44
Registry
Repository of all information related to configurations. Configuration options for the OS are located in the Registry.
45
Zero Trust
Zero trust network is a network that doesn’t trust any devices by default, even if it was previously verified.
46
NGSWG
Next-Gen Secure Web Gateway A combination of a proxy server and a stateless firewall. Provides proxy services for traffic from clients to Internet sites, such as filtering URLs and scanning for malware.
47
MAM
Mobile Application Management Manages applications on mobile devices. Provision, update, and remove apps.
48
Jump server
A hardened server used to access and manage devices in another network with a different security zone.
49
UEM
Unified Endpoint Management to ensure systems are kept up to date with current patches, have antivirus software installed with up-to-date definitions, and are secured using standard security practices.
50
MDM
Mobile device management Includes the technologies to manage mobile devices with the goal to ensure these devices have security controls in place to keep them secure. Ex. Application management, Full device encryption, Passwords and PINs
51
SAML
Security Assertion Markup Language It is an XML-based, open-standard data format for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider.
52
Key Escrow
A method of storing decryption keys with a trusted third-party. This includes a system by which your private key is kept both by you and by a third party.
53
DNSSEC
Domain Name System Security Extensions Allows for the verification of DNS data and denial of existence and ensures data integrity for DNS. However, it does not offer confidentiality or availability controls.
54
NAT Gateway
Network Address Translation Gateway allows private subnets to communicate with other cloud services and the Internet, but hides the internal network from Internet users.
55
RADIUS
Remote Authentication Dial-In User Service Used to provide AAA for network services, a networking protocol that authorizes and authenticates users who access a remote network.
56
PAP
Password Authentication Protocol is a simple, plain-text password-based authentication protocol used by Point-to-Point Protocol (PPP) to validate users.
57
Resource policies
Identity and access management (IAM) – Who gets access, what they get access to on the cloud This allows your organization to set restrictions, manage the resources, and manage cloud costs
58
WPA3
Wi-Fi Protected Access 3 Released in 2018 to address the weaknesses in WPA2. Uses a much stronger 256-bit Galois/Counter Mode Protocol (GCMP-256) for encryption. There are two versions: WPA3-Personal for home users, and WPA3-Enterprise for corporate users
59
CHAP
Challenge-Handshake Authentication Protocol A more secure version of PAP. Sends an encrypted challenge sent over the network and client has to send a match to be authenticated.
60
OCSP
Online Certificate Status Protocol A protocol used for obtaining the revocation status of a digital certificate in real-time. It allows applications to check if a certificate has been revoked by querying a certificate authority's (CA) OCSP server.
61
CRL
Certificate Revocation List A list of certificates that have been revoked by the certificate authority before their scheduled expiration date. This list is periodically published by the CA.
62
CSR
Certificate Signing Request A block of encoded text that is given to a certificate authority when applying for a digital certificate. It contains information about the entity requesting the certificate and the public key to be included in the certificate.
63
Secure Cookies
Cookies are text files sent with every request to a website. Secure attribute, when set, instructs the browser and server to only transport the cookie over HTTPS channels.
64
Implicit deny
It indicates that all traffic that isn’t explicitly allowed is implicitly denied. The implicit deny rule is the last rule in an ACL.
65
EAP
Extensible Authentication Protocol A framework for transporting authentication protocols, allowing various authentication methods. It's like a system for checking who is allowed to use a network.
66
EAP-TLS
EAP method using TLS for mutual authentication with certificates. Provides high security with client and server certificates.
67
EAP-TTLS
An EAP method that creates a secure tunnel using a server-side certificate and then authenticates the client using another method inside this tunnel. Provides a secure way to authenticate without requiring client-side certificates.
68
Captive portals
Redirect all traffic to a specific portal page, either to gather information or display the page itself. Once users fulfill the portal's requirements, they gain access to the Internet.
69
Broadcast storm prevention
Limit the number of broadcasts per second to avoid flooding attacks
70
Bridge Protocol Data
71
BPDU Guard
Bridge Protocol Data Unit Guard A network security feature that disables a port if it receives a BPDU, preventing potential loops and unauthorized devices from influencing Spanning Tree Protocol (STP) topology.
72
Loop prevention
A network feature that ensures data packets do not circulate endlessly in a network, preventing broadcast storms and network congestion. Spanning Tree Protocol (STP) prevents this from happening by forwarding, listening, or blocking on some ports.
73
Dynamic Host Configuration Protocol (DHCP) snooping
A defensive measure against an attacker that attempts to use a rogue DHCP device.
74
Site survey
Site survey examines the wireless environment to identify potential issues, such as areas with noise or other devices operating on the same frequency bands.
75
WiFi analyzers
Provide a means of determining signal strength and channel interference.
76
Wireless Controller
– Centralized management of wireless access points – Manage system configuration and performance
77
Access point security
– Use strong passwords – Update to the latest firmware
78
IdP
Creates, manages, maintains identity information. Responsible for authenticating identity.
79
SSH keys
Access credentials used by the Secure Shell (SSH) protocol. They function like usernames and passwords, but SSH keys are primarily used for automated processes and services.
80
Shared and generic accounts/credentials
Accounts used by multiple people or for generic purposes, often lacking personalized access controls. These can pose security risks due to the difficulty in tracking individual actions.
81
Service accounts
Special accounts used by applications or services to interact with the operating system or other software. Not intended for direct human use.
82
User accounts
An account on a computer associated with a specific person
83
Guest accounts
Temporary accounts with limited permissions, used to provide access to visitors or short-term users without granting full user privileges.
84
Geofencing
Automatically allow or restrict access when the user is in a particular location
85
Geotagging
Add location metadata to a document or file. Latitude and longitude, distance, time stamps
86
AH
Authentication Header Protocol provides a mechanism for authentication only
87
ESP
Encapsulating Security Payload provides data confidentiality (encryption) and authentication (data integrity, data origin authentication, and replay protection). ESP can be used with confidentiality only, authentication only, or both confidentiality and authentication.
88
EDR
An integrated endpoint security solution that combines: real-time continuous monitoring and collection of endpoint data with rules-based automated response and analysis capabilities.
89
Hypertext Transfer Protocol (HTTP) Headers
Are designed to transfer information between the host and the web server.
90
Manual Code Review
Code is reviewed line by line to ensure that the code is well-written and error free.
91
Hardware root of trust
It verifies that the keys match before the secure boot process takes place
92
Intranet
A private network that is designed to host the information internal to the organization.
93
Extranet
A section of an organization’s network that has been sectioned off to act as an intranet for the private network but also serves information to external business partners or the public Internet. A cross between internet and intranet
94
East-West Traffic
Where traffic moves laterally between servers within a data center. north-south traffic moves outside the data center.
95
L2TP/IPSec
This is the most secure tunneling protocol that can use certificates, Kerberos authentication, or a pre-shared key. L2TP/IPSec provides both a secure tunnel and authentication.
95
Always On mode
a low-latency point-to-point connection between two sites. A tunnel between two gateways that is “always connected”
96
Secure Socket Layer (SSL) VPN
Works with legacy systems and uses SSL certificates for authentication.
97
HTML 5 VPN
Similar to the SSL VPN, as it uses certificates for authentication. easy to set up, and you just need an HTML5-compatible browser such as Opera, Edge, Firefox, or Safari.
98
Agent-Based
Uses installed software agents for detailed, customizable data collection; requires more resources and maintenance.
99
Agentless
Uses remote queries for easy deployment and low resource usage; may offer less detailed data.
100
Out-of-band management
Enable IT to work around problems that may be occurring on the network.
101
Forward proxy
Server that controls requests from clients seeking resources on the internet or an external network.
102
Reverse Proxy
Placed on a screened subnet, performs the authentication and decryption of a secure session to enable it to filter the incoming traffic.
103
Heuristic/behavior based
Creates a baseline of activity to identify normal behavior, and then measures system performance against the baseline to detect abnormal behavior.
104
Signature-based
Uses signatures similar to the signature definitions used by anti-malware software.
105
In-line
NIDS/NIPS placed on or near the firewall as an additional layer of security. (IDS mode)
106
Passive
Traffic does not go through the NIPS/NIDS. Sensors and collectors forward alerts to the NIDS. (IDS mode)
107
Sensors and collectors
Can be placed on a network to alert NIDS of any changes in traffic patterns on the network.
108
Stateless
Watch network traffic and restrict or block packets based on source and destination addresses or other static values. Not 'aware' of traffic patterns or data flows. Typically, faster and perform better under heavier traffic loads.
109
Stateful
Can watch traffic streams from end to end. Are aware of communication paths and can implement various IP security functions such as tunnels and encryption. Better at identifying unauthorized and forged communications.
110
Access control list (ACL)
To allow or deny traffic.
111
Quality of service (QoS)
Ensures that applications have the bandwidth they need to operate by prioritizing traffic based on importance and function.
112
Port spanning/port mirroring
Switch features that duplicate network traffic for monitoring purposes.
113
Port taps
Hardware devices that create a copy of the network traffic.
114
File integrity monitors
detects changes to files that should not be modified
115
CCMP
Counter Mode with Cipher Block Chaining Message Authentication Code Protocol Created to replace WEP and TKIP/WPA uses AES (Advanced Encryption Standard) with a 128-bit key
116
SAE
Simultaneous Authentication of Equals used with WPA3-Personal and replaces the WPA2-PSK Protects against brute-force attacks uses a secure Diffie Hellman handshake, called dragonfly uses perfect forward secrecy, so immune to offline attacks
117
RADIUS Federation
Enables members of one organization to authenticate to another with their normal credentials. Trust is across multiple RADIUS servers across multiple organizations. A federation service where network access is gained using wireless access points (WAPs).
118
SIM
Subscriber Identity Module cards Small computer chips that contain the information about mobile subscription allows the user to connect to a telecommunication provider to make calls, send text messages, or use the Internet.
119
Infrared
The device is purely line-of-sight and has a maximum range of about 1 meter. Can be used to print from your laptop to an infrared printer.
120
Point-to-point
One-to-one connection between the two devices communicating on a network, typically wireless
121
Point-to-multipoint
A WAP connecting to multiple wireless devices
122
Content Management
Stores business data in a secure area of the device in an encrypted format to protect it against attacks.
123
Geolocation
Uses GPS to give the actual location of a mobile device.
124
MicroSD HSM
MicroSD hardware security module A physical device that provides cryptographic features for your computer in a smaller, mobile form factor.
125
SEAndroid
Provides additional access controls (MAC and DAC), security policies and includes policies for configuring the security of these mobile devices. prevents any direct access to the kernel of the Android operating system provides centralized management for policy configuration and device management.
126
Sideloading
Enables installing an application package in .apk format on a mobile device. Useful for developers to run trial of third-party apps, but also allows unauthorized software to be run on a mobile device.
127
Firmware over-the-air (OTA) updates
updates are pushed out periodically by the vendor, ensuring that the mobile device is secure.
128
Multimedia Messaging Service (MMS)
A way to send pictures as attachments, similar to sending SMS messages.
129
Rich Communication Services (RCS)
An enhancement to SMS and is used in Facebook and WhatsApp to send messages so that you can see the read receipts. You can also send pictures and videos.
130
USB OTG
USB On-The-Go Allows USB devices plugged into smartphones and tablets to act as a host for other USB devices.
131
WI-FI direct/ ad hoc
Wi-Fi direct wireless network allows two Wi-Fi devices to connect to each other without requiring a WAP. Ad-hoc is same but it is multipath and can share an internet connection with someone else.
132
Tethering
The process of sharing a mobile device's internet connection with other devices.
133
CYOD
Choose your own device New employee chooses from a list of approved devices.
134
HA across zones
High availability across zones unique physical locations within a region with independent power, network, and cooling
135
Secrets management
Access for application secrets A secret is anything that you want to control access to, such as API keys, passwords, certificates, tokens, or cryptographic keys.
136
Public and Private Subnets (Cloud)
Public - can connect directly to the internet. Private - cannot connect directly to the internet to use for internal resources
137
Security Groups
Use security groups to define permissible network traffic, consisting of rules similar to a firewall ruleset.
138
Dynamic Resource Allocation
This uses virtualization technology to scale the cloud resources up and down as the demand grows or falls.
139
Instance awareness
To prevent VM sprawl and unmanaged VMs. Tools like NIDS/NIPS can help to detect new instances.
140
Container Security
Practices and tools designed to secure containers, which are lightweight, portable, and scalable units for running applications.
141
Virtual private cloud (VPC) endpoint
allows you to create a private connection between your VPC and another cloud service without crossing over the internet.
142
Impossible travel time
Login from distant locations within an impossibly short timeframe.
143
Risky login
Suspicious login attempt based on unusual behavior or patterns.
144
Account Disablement
Account management (the identity lifecycle) ranges from account creation at onboarding to its disablement when a user leaves the company.
145
OAuth
is an open standard for authorization, commonly used as a way for Internet users to log into third party websites using their Microsoft, Google, Facebook, Twitter, One Network etc. accounts without exposing their password.
146
OpenID
is an open standard, It provides decentralized authentication, allowing users to log into multiple unrelated websites with one set of credentials maintained by a third-party service referred to as an OpenID provider.
147
Rule-based access control
applies global rules that apply to all subjects. Rules within this model are sometimes referred to as restrictions or filters.
148
Key management
Management of cryptographic keys in a cryptosystem.
149
Intermediate CA
An Intermediate Certificate Authority is an entity that is subordinate (lower in rank) to the Root CA and is responsible for issuing certificates to end entities or other subordinate CAs.
150
RA
Registration Authority It is an entity responsible for verifying the identities of entities requesting digital certificates before the certificates are issued by a Certificate Authority (CA).
151
CN
Common Name It is a field within a digital certificate that specifies the name of the entity (such as a server, device, or user) to which the certificate is issued. This field is part of the Distinguished Name (DN) in the certificate and is often used to identify the subject of the certificate.
152
SAN
Subject alternative name An extension in a digital certificate that allows additional identities (such as domain names, IP addresses, email addresses) to be associated with the subject of the certificate.
153
Wildcard
Wildcard certificates include an asterisk and period before the domain name. SSL certificates commonly extend encryption to subdomains through the use of wildcards.
154
Domain validation
A Domain-Validated (DV) certificate is an X.509 certificate that proves the ownership of a domain name.
155
Extended validation
A type of SSL/TLS certificate that requires a rigorous verification process by the Certificate Authority (CA) to confirm the legal identity and operational status of the entity requesting the certificate.
156
Stapling
A method used with OCSP, which allows a web server to provide information on the validity of its own certificate. Done by the web server essentially downloading the OCSP response from the certificate vendor in advance and providing it to browsers.
157
Pinning
Certificate Pinning is a security mechanism that associates a host with its expected public key or certificate to mitigate the risk of man-in-the-middle attacks.
158
Trust model
The framework and policies for how entities establish and manage trust relationships within a Public Key Infrastructure (PKI).
159
Certicate chaining
Certificate Chaining is the process of linking certificates together from the end-entity certificate up to the Root CA to establish a chain of trust.