acroynms Flashcards

1
Q

EAP

A

Extensible Authentication Protocol; an authentication framework used in enterprise wireless networks authenticating to a Radius server.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

PEAP

A

A protocol for wireless authentication.

Protected EAP; encapsulates the EAP in a TLS tunnel.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

EAP-TLS

A

Provides authentication for wireless networks

It uses digital certificates for mutual authentication. Both client and server present and validate certificates to authenticate each other.

TLS is used to establish a secure and encrypted communication channel between the client and authentication server.

Not used that much because of the challenges.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

EAP-TTLS

A

A tunneled transport layer, unlike EAP-TLS, it does not require the client to have a certificate. Inside the tunnel the client authentication credentials are exchanged.

the client needs to install extra software.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

TACACS+

A

Terminal Access Controller Access Control System Plus;

A Cisco designed extension that uses TCP traffic for authentication, authorization and accounting services, it provides full packet control.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

CHAP

A

A authentication protocol. Challenge Handshake Authentication Protocol;

uses an encrypted challenge and 3 way handshake to send credentials.

Instead of sending a password, the client proves it’s identity by correctly responding to a challenge.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

RADIUS

A

it relies on a LDAP backend. Remote Authentication Dial In User Service. It can operate TCP or UDP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Kerberos

A

is a secure authentication protocol designed for networked environments.

It enables secure identity verification between clients and services by using symmetric key cryptography.

It uses authentication tickets to grant session keys for service.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

OCSP

A

Online Certificate Status Protocol

protocol used to check the revocation status of an X.509 digital certificate in real-time

It allows clients, such as web browsers, to verify whether a certificate is still valid or has been revoked,

You need the serial number to check if the certificate is invalid.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

RSA

A

Is a public key algorithm, it’s algorithm depends on the computational difficulty inherent in factoring large prime numbers. Commonly used in asymmetric cryptography.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

TPM

A

Trusted Platform Module; data from booting is stored on a TPM hardware chip. The UEFI will hash everything that is in the boot process and store the data in the TPM chip and the logs can be validated remotely. The chip also provides encryption, remote attestation. Ensure devices boot with only trusted hardware.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

HSM

A

Hardware Security Modules; are external devices or plugin cards to manage keys for cryptographic functions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

KMS

A

key management system; used to store keys and certifications as well as managing them.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Symmetric Encryption

A

uses the same shared key to encrypt and decrypt and does not implement non-repudiation. It uses the Diffie-Hellman algorithms

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Asymmetric Encryption

A

each user uses a public and private key which uses the RSA algorithms.

The sender encrypts the message using the recipient’s public key.

Only the recipient, who holds the corresponding private key, can decrypt it.

Decryption:
The recipient uses their private key to decrypt the message.

Digital Signatures:
The sender can use their private key to sign a message.

The recipient verifies the signature using the sender’s public key.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Perfect Forward Secrecy

A

a method for anonymously routing traffic across the internet with layers of encryption.

preventing nodes in the relay chain from reading anything other than the traffic they need to accept or forward.

which ensures that the traffic sent between client and server is secured even if the password has been compromised.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Blockchain

A

a distributed and immutable open public ledger, it creates a datastore that nobody can tamper or destroy it.

If a mistake is made in a ledger, a new transaction must be processed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

SAML

A

Security Assertion Markup Language; xml based standard for exchange authentication and authorization information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

OpenID

A

Users authenticate with a trusted IdP such as Google or Facebook. It’s decentralized.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

EDR

A

endpoint detection and response tools; it is monitoring capabilities on end points using a client software where data can be searchable. It prevents malicious software installs like ransomware. And they also use hashing to match known malicious files.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

HIDS

A

host based detection system; can do what a HIPS does but it cannot take action.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

HIPS

A

host based intrusion prevention system; analyzes traffic before it reaches its final destination – it can take action on the intrusion

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

WPA-2 Personal

A

allow wireless clients to authenticate without a authentication server infrastructure; it uses a pre-shared key. It uses CCMP, Counter Mode Cipher Block Chaining Message Authentication code protocol using AES.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

WPA-2 Enterprise

A

allows wireless clients from large organization to authenticate to a Radius server; each user will have unique credentials.

It uses AES (Advanced Encryption Standard) for data encryption and EAP for authentication.

It uses CCMP, Counter Mode Cipher Block Chaining Message Authentication code

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

WPA3-Personal

A

It is a wireless authentication protocol that uses SAE, Simultaneous Authentication of Equals which replaces pre-shared keys.

Interaction between client and network are validated on both sides.

It also uses Perfect Forward Secrecy, which ensures that the traffic sent between client and server is secured even if the password has been compromised.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

WPA3-Enterprise

A

Next generation WiFi security protocol, it offers an optional AES 192 bit security mode.

It does not use SAE which is Simultaneous authentication of Equals.

It requires EAP-TLS.

Authentication is typically done by a RADIUS server.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

RPO

A

Recovery Point Objectives, a process for recovering from backups, determines how often should backups be taken and thus balance the cost for storage verses the potential for data loss

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

RTO

A

It is a critical metric used to define the maximum acceptable amount of time that a system, application, or process can be unavailable after a disruption before causing significant harm to the organization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

SCADA

A

Supervisory Control and Data Acquisition, large systems that run power and water.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

ICS

A

Industrial Control Systems, broad term for industrial automation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

SPF

A

Sender Policy Framework

is an email authentication protocol designed to prevent email spoofing by allowing domain owners to specify which mail servers are authorized to send emails on their behalf.

v=spf1 ip4:192.0.2.0 ip4:192.0.2.1 include:examplesender.email -all

SPF record is telling the server that ip4:192.0.2.0 and ip4:192.0.2.1 are authorized to send emails on behalf of the domain

include:examplesender.net is an example of the include tag, which tells the server what third-party organizations are authorized to send emails on behalf of the domain.

-all tells the server that addresses not listed in the SPF record are not authorized to send emails and should be rejected.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

DMARC

A

Domain based message authentication reporting and conformance

DMARC is part of an email authentication framework that works alongside SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) to prevent email spoofing and phishing attacks.

It defines how email servers should handle messages that fail authentication checks and provides reporting mechanisms for monitoring email security.

When the email is received, it checks the SPF and DKIM.

DMARC ensures that the “From” domain matches the authenticated domains from SPF and DKIM.

v=DMARC1; p=reject; rua=mailto:dmarc-reports@example.com; ruf=mailto:forensic-reports@example.com; adkim=s; aspf=s;

p=reject: Policy to reject unauthenticated emails.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

Infrared sensor

A

they look for changes in infrared radiation. Heat radiation. Inexpensive, deployed in small rooms

Used in motion detection

temperature measurement

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

Pressure sensor

A

detect a change in pressure. Detects an object being moved.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

Microwave sensor

A

They detect motion through obstacles. They are not heat based and will not capture audio.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

ultrasonic sensor

A

Reflects sound set off by vibration or machinery, used in applications where proximity detection is required.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

key stretching

A

is a technique used to enhance the security of cryptographic keys by increasing the computational effort required to guess or break the key through brute-force attacks.

How Key Stretching Works:

Key stretching typically involves repeatedly applying a cryptographic function (often a hash function) to a key or password, along with a salt (a random value added to the key to ensure uniqueness). This repeated application of the function produces a more robust key.

38
Q

rainbow attack

A

A rainbow attack is a type of cryptographic attack used to crack hashed passwords or other hashed data. It leverages a precomputed table called a rainbow table to reverse cryptographic hash functions more efficiently than brute-force attacks.

To prevent these attacks a method called salting which adds a randomly generated value to each password prior to hashing.

39
Q

TDE

A

Transport database encryption which encrypts the entire database

40
Q

CLE

A

column level encryption which specific columns of tables to be encrypted.

41
Q

record level encryption

A

allows individual records of a database to be encrypted

42
Q

HMAC

A

hash-based message authentication code;

an algorithm that implements partial digital signatures -

it relies on a single shared key which does not provide non-repudiation.

43
Q

zero trust

A

There are no trust boundaries and every action is validated.

Policy engines evaluate policies and uses threat information and other data to determine if access should be granted.

44
Q

version control

A

tracking workload is not a security related issue with version control.

45
Q

What do you need to digitally sign a file?

A

to sign a file, you need to use your own private key, the recipient can then decrypt the message using the sender’s public key.

46
Q

Directive controls

A

What should be done to achieve security objectives. Policies and Procedures are examples of directive controls

47
Q

gap analysis

A

A cyber security profesional reviews the security controls of a company. If there is any case where a control does not meet the company’s objective then its a gap, whereas risk analysis is done as part of risk assessment.

48
Q

tokenization

A

uses randomly generated values that are assigned to replace existing know values.

49
Q

key escrow

A

a third party that stores a protective copy of the key for use in case of an emergency. It’s regulatory compliant

50
Q

watering hole attack

A

The attacker exploits vulnerabilities in legitimate websites that are visited by there intended target.

Malicious code is injected into the site, often in the form of malware or links to a malicious server.

51
Q

What are the common motivation for internal threat actors

A

blackmail, financial gain, ethical reasons

52
Q

domain hijacking

A

occurs when the registration information has changed without owner’s permission whereas dns hijacking inserts false information into a DNS server or man in the middle modifies traffic in transit.

53
Q

What is the difference between phishing and spam

A

Phishing is to acquire data to later use for attacks whereas spam is broad term for unwanted emails.

54
Q

on-path attacks

A

It is known as man in the middle attack. Eavesdropping. Passively monitor communication to steal sensitive information like credentials or financial data.
Actively alter messages.

55
Q

What is Spear phishing

A

Is a targeted and deceptive email or electronic communication attack that aims to trick a specific individual or group into disclosing sensitive information, such as login credentials, financial details, or other confidential data. For example, insurance professionals would be a target group.

56
Q

What is a VM escape vulnerability

A

A VM escape vulnerability is a security flaw that allows an attacker to breach the isolation between a virtual machine (VM) and its host system, potentially gaining unauthorized access to the host operating system or other VMs running on the same hypervisor.

57
Q

Jailbreaking

A

Jailbreaking typically relies on exploiting security flaws in the operating system or bootloader to bypass restrictions.

After exploiting the system, the user gains administrative (root) privileges, allowing full control over the device.

58
Q

Hardware vendor supply chain issues

A

Malware, modified firmware, and lack of availability are common concerns for supply chains but hardware modification remains relatively uncommon.

59
Q

What is a zero day exploit

A

A zero-day exploit refers to a type of cyberattack that takes advantage of a previously unknown vulnerability in software, hardware, or firmware. These vulnerabilities are termed “zero-day” because the software vendor or developer has had zero days to patch or address the issue.

Zero-day exploits are particularly dangerous because they are typically used before the vulnerability is publicly disclosed or fixed, leaving systems and users defenseless.

60
Q

What do ACL do?

A

allow or deny traffic based on the rules that include protocol, IPs, ports whereas VLANs can’t do what ACLs do because VLANS mainly segment traffic.

61
Q

integer overflow

A

Placing larger integer value into a smaller integer variable. There is no such thing as a memory overflow.

62
Q

cryptographic collision attack

A

A cryptographic collision attack is a type of attack against cryptographic hash functions.

63
Q

zero day vulnerability

A

A zero-day vulnerability is a previously unknown security flaw in software, hardware, or firmware that has not been identified or addressed by the vendor or developer.

64
Q

blue snarfing

A

Typically involves accessing data from a Bluetooth device within range.

65
Q

bluejacking

A

Involves sending unsolicited messages to a Bluetooth device within range.

66
Q

What are the three common situations involving race conditions

A

time-of-check, time-of-use, and time-of-evaluation.

67
Q

What is a subject in a zero trust environment

A

users, services, systems, devices

68
Q

What is a policy engine in a zero trust environment

A

Makes policy decisions based on rules to grant, deny, or revoke but the policy administrator takes the action based on the decision.

69
Q

What is the policy administrator in a zero trust environment

A

If the decision is denied, the policy administrator tells the policy enforcement point to end the session.

70
Q

air gapping

A

It literally means air between the server and network – this prevents malware from infecting the backups.

71
Q

How to keep the OS of devices being modified

A

Requiring signed and encrypted firmware for OS updates.

72
Q

How to know if someone’s account is being used when they are not using it.

A

Implement auditing of account usage

73
Q

Do serverless account require a system administrator

A

No, because they considered function-as-a-service. But they can scale up and scale down.

74
Q

What is a microservice?

A

is an architecture that builds apps that provide specific functions using light weight protocols.

75
Q

What is IaC

A

Infrastructure as code is the process of managing and provisioning computers and data centers through scripted code or machine-readable definition files. It’s part of the DevOps process.

76
Q

What is RTOS

A

Commonly used in embedded systems, this is when apps needs to deal with input immediately Using secure firmware will keep it secured.

77
Q

What are the security challenges of an embedded system

A

They are built with limited capabilities as far as cpu is concerned because of the computational power needed for cryptography.

78
Q

Data soverignity

A

data that is stored and collected is subject to that country’s laws.

79
Q

What two connection methods are popular with geofencing?

A

GPS data and data about local Wi-Fi networks are the two commonly used protocols to help geofencing.

80
Q

What is AH in an ipsec for VPN solution

A

Provides authnetication and integrity which protects against data tampering. AH uses hashes and a shared key to insure the integrity of data. It authenticates the packet and header. It does not provide encryption.

81
Q

What is ESP in an IPsec VPN?

A

Encapsulating Security Payload, Operates in transport or tunnel mode. In tunnel mode, it provides integrity and authentication to the entire packet. In transport mode, it only protects the payload of the packet.

82
Q

What is a network tap

A

Copies all network traffic to another location. Allowing traffic visibility w/o a device inline

83
Q

What is a UTM appliance?

A

Unified Threat Management; it can be a firewall, IDS/IPS antivirus/antimalware or content filtering.

84
Q

What is MDM

A

mobile device management

85
Q

What is APT

A

Advanced Persistent Threat. cyberattacks orchestrated by highly skilled adversaries.

86
Q

How to validate emails from email servers?

A

Using a DKIM which uses a public key pair for validation

87
Q
A
88
Q

What are UEBA tools

A

User and entity behavior analytics – is a tool used for behavior based analytics leveraging machine learning.

89
Q

What is the best practice to set the password history in Windows?

A

Password history is intended to prevent password reuse.

90
Q

True or False. Password expiration help reduce the length a time a password could be exposed

A

True.

91
Q

What is fuzzing

A

the process of feeding unexpected data to a program to see how it reacts.

92
Q
A