4.0 Security Operations Flashcards
Q: What is MDM (Mobile Device Management)?
A: Software that manages and secures mobile devices used in an organization.
Q: What should you always do with default credentials?
A: Change them immediately — they are a major security risk.
Q: What is WPA2 vulnerable to?
A: PSK brute force via the 4-way handshake.
Q: What is WPA3 with GCMP?
A: Uses AES and GCMP for stronger encryption and MIC for integrity.
Q: What is SAE (Simultaneous Authentication of Equals)?
A: A Diffie-Hellman-based key exchange used in WPA3, replacing the 4-way handshake.
Q: What is the Dragonfly Handshake?
A: WPA3’s mutual authentication method using SAE — no pre-shared hash sent.
Q: What is the AAA framework?
A: Authentication, Authorization, and Accounting — tracks user identity and actions.
Q: What are secure cookies?
A: Cookies sent over HTTPS that are marked as secure and HttpOnly.
Q: What is SAST (Static Application Security Testing)?
A: Analyzes source code for security flaws without running it.
Q: What is fuzzing?
A: Sending random inputs to an app to find crashes or unexpected behavior.
Q: What is code signing?
A: Using digital signatures to verify code integrity and authenticity.
Q: What is degaussing?
A: Using a magnetic field to wipe data from storage media.
Q: What is media sanitization?
A: Removing sensitive data before reuse or disposal.
Q: What is CVE?
A: Common Vulnerabilities and Exposures — catalog of known security flaws.
Q: What is SIEM?
A: Security Information and Event Management — collects, analyzes, and alerts on security logs.
Q: What is SCAP?
A: Security Content Automation Protocol — standardizes security tool output and benchmarks.
Q: What is SNMP?
A: Simple Network Management Protocol — gathers network stats via polling or traps.
Q: What is NetFlow?
A: A protocol for collecting IP traffic data across a network.
Q: What is Active Directory?
A: A Microsoft service for managing users, groups, and devices in a network.
Q: What is SELinux?
A: Security-enhanced Linux — uses Mandatory Access Control (MAC) for stricter permissions.
Q: What are examples of insecure vs secure protocols?
Telnet → SSH
HTTP → HTTPS
FTP → SFTP
IMAP → IMAPS
Q: What is SPF (Sender Policy Framework)?
A: Email authentication method that specifies allowed sending mail servers.
Q: What is DKIM (DomainKeys Identified Mail)?
A: Uses digital signatures to validate email content integrity.
Q: What is DMARC?
A: Defines how to handle emails failing SPF or DKIM checks.
Q: What is FIM (File Integrity Monitoring)?
A: Detects changes to files by comparing them to a known-good baseline.
Q: What is SFC (System File Checker)?
A: Windows tool that scans and restores corrupted system files.
Q: What is EDR (Endpoint Detection & Response)?
A: Detects and investigates suspicious behavior on endpoints.
Q: What is XDR (Extended Detection & Response)?
A: Expands EDR across multiple systems with deeper insights and threat detection.
Q: What is IAM?
A: Identity and Access Management — defines who users are and what they can access.
Q: What is LDAP?
A: A protocol based on X.500 used for accessing directory services.
Q: What is OAuth + OpenID Connect?
A: OAuth handles authorization; OpenID handles authentication (SSO).
Q: What is SAML?
A: Used for third-party web-based authentication via tokens.
Q: What are the types of access control?
MAC: Access based on labels
DAC: Owner decides access
ABAC: Access based on attributes like time, location
Q: What is NIST’s role in incident response?
A: Provides guidelines for handling and recovering from security incidents.
Q: What is the chain of custody?
A: Documentation showing who handled evidence and when.
Q: What are log files used for?
A: Recording system events (e.g., blocked traffic, app crashes).
Q: What types of logs are important for security?
A: Application, OS, network, IPS/IDS, endpoint, metadata.
