additional cards Flashcards
1
Q
Credential Service Provider levels, what each level means, what each level provides in terms of confidence
A
Identity Assurance Level 1 (IAL1) – self assertion, lowest
Identity Assurance Level 2 (IAL2) – proof is required, medium
Identity Assurance Level 3 (IAL3) – requires in-person verification, highest
AAL1 – provides some confidence. …
AAL2 – provides high confidence. …
AAL3 – provides very high confidence.
2
Q
HAVAL,invented by 3 people when
A
HAVAL was invented by Yuliang Zheng, Josef Pieprzyk, and Jennifer Seberry in 1992.
3
Q
4th amendment
A
search and seizure
4
Q
CVSS scoring,numbers for low, medium, high and critical
A
CVSS Score Qualitative Rating
0.1 – 3.9 Low
4.0 – 6.9 Medium
7.0 – 8.9 High
9.0 – 10.0 Critical
5
Q
shimmer attack
A
aka skimmer, credit card reader device that collects credit card information
6
Q
most common cause of false positives
A
improper configuration
7
Q
enumerate ram with speed and integrity
static vs dynamic
A
Static RAM (SRAM),
doesn’t need to refresh and is typically faster, 10 ns, 100 X more expensive, used in consumer electronics, cpu’s, hd cache, network cache, scientific devices, automotive devices, keeps memory after power is gone, uses less power, lower capacity, longer data life, lower density, uses transistors, each memory cell stores 1 bit
Dynamic RAM (DRAM)
Synchronous Dynamic RAM (SDRAM)
Single Data Rate Synchronous Dynamic RAM (SDR SDRAM)
Double Data Rate Synchronous Dynamic RAM (DDR SDRAM, DDR2, DDR3, DDR4)
normal ram for computers, slower, uses capacitors, requires power on for memory to be preserved, volatile and requires refreshing, larger capacity, more power, shorter data life, higher density
8
Q
main security control of secure password
A
complexity
9
Q
when deciding on open vs closed source software what is primary concern
A
potential for misuse of the software by malicious actors
10
Q
most important factor to consider when implementing new security protocol
A
level of security provided
11
Q
FIRST step that should be taken to address tampering of a company’s critical systems
A
disconnect affected systems to prevent further damage
12
Q
What is the difference between a risk assessment and a threat assessment
A
A risk assessment is a proactive measure that identifies potential vulnerabilities and the risks associated with them,
threat assessment is a process that identifies and analyzes the current threats to an organization.
13
Q
For an effective risk assessment, which activity would be most critical
A
accurate identification and cataloging of all assets
14
Q
Who would decide our organization’s risk appetite?
A
Risk Management Team
15
Q
database integrity errors, 4 types
A
RUDE
Referential integrity - the logical dependency of a foreign key on a primary key
User-defined integrity - acts as a way to catch errors which domain, referential and entity integrity do not
Domain integrity - series of processes that guarantee the accuracy of pieces of data within a domain
Entity integrity - each row of a table has a unique and non-null primary key value
16
Q
the MOST effective measure for physical security
A
Implementing strict access control policies
17
Q
the MOST commonly used logical addressing scheme
A
IP address
18
Q
the PRIMARY benefit of virtualization
A
Increased flexibility
19
Q
the BEST way to ensure privacy in online transactions
A
using vpn
20
Q
an attacker is using a digraph attack, what is the attacker looking for
A
A specific pattern in the system’s password structure
21
Q
the LEAST essential step in the data lifecycle management process
A
data backup
22
Q
When considering a transition to SESAME, what should be your primary concern
A
resistance to change because kerberos is native to most o/s’s
23
Q
the PRIMARY indicator that a cryptographic failure has occurred
A
the appearance of unusual error messages during communication sessions
24
Q
fastest way to securely access cloud data
A
A private connection over a dedicated line
25
the most important thing to consider when planning for data portability when moving data for a merger
Conducting a thorough data audit to identify any potential vulnerabilities
26
the MOST important requirement for companies to adhere to in order to comply with the EU-US Privacy Shield framework
Providing individuals with clear and concise privacy notices
27
the difference between a root certificate and a self-signed certificate
A root certificate is used to sign other certificates, while a self-signed certificate is used to secure a single website
28
chaos engineering
aka fault injection, or engineering to protect from fault injection
29
data uptime tiers
Uptime per year Downtime per year
Tier I Basic Capacity 99.671% <28.8 hours
Tier II Redundant Capacity Components 99.741% <22 hours
Tier III Concurrently Maintainable" 99.982% <1.6 hours
Tier IV Fault Tolerant" 99.995% <26.3 minutes
30
BEST indicator to use for monitoring key risk areas in an organization
most comprehensive security policy in place
31
PRIMARY indicator of a successful information repository
comprehensive data coverage
32
HIGHEST level of risk for an organization
Reputational damage
33
key differences between a security risk assessment and a security threat assessment
primary focus of security risk assessment - the vulnerabilities
primary focus of threat assessment - the likelihood
A security risk assessment focuses on vulnerabilities and potential impact, while a security threat assessment focuses on likelihood and potential impact
A security risk assessment is a process that involves identifying, evaluating, and prioritizing potential vulnerabilities (i.e., weaknesses that could be exploited) in a system. This is done to gauge the potential impact these vulnerabilities could have if they were exploited.
On the other hand, a security threat assessment focuses on evaluating the likelihood of threats (i.e., potential sources of harm) and the potential impact they could have if they materialized. While both types of assessments consider potential impacts, they differ in their primary focuses: vulnerabilities (for risk assessments) versus threat likelihood (for threat assessments).
34
FIRST step in implementing a pseudorandom number generator?
Selecting the algorithm to use
35
MOST effective physical perimeter security control
Security guards
36
MOST effective way to prevent man-in-the-middle attacks in an IPsec implementation
Digital certificates for authentication
37
zero-day vulnerability
a security flaw in a software or system that is unknown to the software developer or manufacturer and is being exploited by malicious actors before the developer has a chance to create and distribute a patch
38
LEAST effective method for identifying individuals in a network
Knowledge-based authentication
39
the MOST common type of false positive in security systems?
Misinterpreted user behavior
40
most effective in reducing the attack surface of the company's network
Conducting regular security assessments and patching vulnerabilities
41
MOST common cause of security misconfigurations in web applications
Inadequate access controls
42
security framework was initially crafted by a government for domestic use but is now an international standard, which is a set of recommended best practices for optimization of IT services to support business growth, transformation, and change; which focuses on understanding how IT and security need to be integrated with and aligned to the objectives of an organization; and which is often used as a starting point for the crafting of a customized IT security solution within an established infrastructure
ITIL
43
due diligence vs due care
Due diligence is establishing a plan, policy, and process to protect the interests of an organization.
Due care is practicing the individual activities that maintain the security effort.
44
The possibility or likelihood that a threat will exploit a vulnerability to cause harm to an asset and the severity of damage that could result.
Risk
45
Being susceptible to asset loss because of a threat; there is the possibility that a vulnerability can or will be exploited.
Exposure
46
phase of the RMF focuses on determining whether system or common controls based on a determination that the risk to organizational operations and assets, individuals, other organizations, and the nation are reasonable
Authorize
47
BIS, what is it, what does it do in regards to data security
The Bureau of Industry and Security within the Department of Commerce sets regulations on the export of encryption products outside of the United States.
48
COPPA, cut off age
Federal Law - The Children’s Online Privacy Protection Act (COPPA) provides severe penalties for companies that collect information from young children without parental consent. COPPA states that this consent must be obtained from the parents of children younger than the age of 13 before any information is collected (other than basic information required to obtain that consent).
49
Term of a Patent
U.S. patent law provides for an exclusivity period of 20 years beginning at the time a utility patent application is submitted to the Patent and Trademark Office.
50
Confusion occurs when
the relationship between the plaintext and the key is so complicated that an attacker can’t merely continue altering the plaintext and analyzing the resulting ciphertext to determine the key
51
Diffusion occurs when
a change in the plaintext results in multiple changes spread throughout the ciphertext
52
security model has a feature that in theory has one name or label but, when implemented into a solution, takes on the name or label of the security kernel
Trusted Computing Base
53
security models built on machine state
Bell LaPadula
Biba
54
implied meaning of a property of a security model
the opposite of the property, e.g. no read down means read up
55
RTOS
Real Time Operating System, used for embedded devices, minimize latency and delay, storing code in ROM, and optimizing for mission-critical operations
56
goals of NAC (6)
I CRUZE
use Identities to perform access control
confirm Compliance
detect/block Rogue devices,
Updates and security settings,
prevent or reduce Zero-day attacks,
Enforce security policy throughout the network
57
RFC 1087
Ethical use of the internet
referenced specific abuses:
(a) seeks to gain unauthorized access to the resources of the Internet,
(b) disrupts the intended use of the Internet,
(c) wastes resources (people, capacity, computer) through such actions,
(d) destroys the integrity of computer-based information,
and/or
(e) compromises the privacy of users.
58
Configuration control (change management) ensures that changes to software ... are made in accordance with the ... and ... management ...
ensures that changes to software versions are made in accordance with the change and configuration management policies
59
Boyce–Codd
normal form (or BCNF or 3.5NF) is a normal form used in database normalization. It is a slightly stronger version of the third normal form (3NF).
60
MDR, what does it mean, combines ... capabilities with a ... service that reduces the ... on the IT team
managed detection and response (MDR) combines antimalware capabilities with a managed service that reduces the burden on the IT team
61
escaping meta characters, how is it done, prevents what type of attacks
To match the metacharacters literally, i.e. to remove their special meaning, prefix those characters with a \ (backslash) character
used to prevent XSS attacks
62
Most important characteristic for IAM scheme.
Understandable, comprehensible
63
Best group for performing risk analysis.
Process owners
64
device metrics most indicative of DDOS
cpu and network utilization
65
greatest factor that will determine the size of the financial loss from a disaster
Side effects of disaster
66
what makes risk management most effective
new risk detection
67
highest impact feature of RIP
hold down timer
68
specifications is part of what phase in SDLC
analysis
69
feasibility study is in what phase
project planning
70
downtime duration most important metric
RTO
71
most crucial aspect that your new recruits must comprehend
providing diligent and competent services
72
threat modeling performed in what phase of sdlc
design
73
if question doesn't specifically say something about preventing errors or fraud it’s not ... ... ... and is either ... ... ... or ... ... security concepts
it's not segregation of duties and is either need to know or least privilege
74
if question says something about access to information rather than referencing privileges
it's need to know
75
four eyes rule
process or decision must be approved by at least two people, could be independently working
76
if question doesn't reference reviewing logs
it's accountability
77
most critical action of BIA
Prioritizing systems and components based on the Maximum Tolerable Downtime (MTD)
78
who to ask about success of incident handling
internal and external users
79
key characteristic of Clark Wilson model a set of ... and ... used to ensure the ... and ... of data
a set of rules and guidelines used to ensure the security and integrity of data
80
to correct referential integrity issue
Verify data accuracy and completeness
81
list of security administrator responsibilities (7)
DD STIC M
Defending systems against unauthorized access, modification and/or destruction
Developing and updating business continuity and disaster recovery protocols
Scanning and assessing network for vulnerabilities
Training fellow employees in security awareness and procedures
Implementing network security policies, application security, access control and corporate data safeguards
Configuring and supporting security tools such as firewalls, anti-virus software and patch management systems
Monitoring network traffic for unusual activity
82
Best metric of IDS effectiveness
ratio of false positives to false negatives
83
capability table vs ACL
capability lists (table) show what a subject can access and how
while access control lists show who can access an object and how
84
common guest machine escape methods (3)
KVS
Using a Kernel vulnerability to gain root access to the host system
Leveraging a VM escape vulnerability in the hypervisor
Using a Software exploit to bypass security controls
85
Delegated Identity Management (DIM)
site is simply outsourcing its authentication needs to another pre-selected site
86
Due Care vs Due Diligence vs Prudent Person Rule
Due care: refers to the level of care that an individual would reasonably be expected to exercise in a particular situation
Due diligence: the investigative process conducted to assess a business transaction
Prudent Person Rule: a legal concept that typically applies to the management of another's affairs, especially in a fiduciary capacity
87
order of acl's
most specific to least specific, deny all at end
88
lines of defense
1st - typically composed of operational managers and staff who are directly responsible for maintaining control over the day-to-day business activities and processes
2nd - typically includes functions that oversee risk management and compliance with external regulations and internal policies
3rd - usually consists of internal audit functions
89
MOST important indicator of a lack of cloud security architecture and strategy
Unclear roles and responsibilities for security
90
HSM and answer for question regarding best encryption
probably the right answer as it's more secure as it provides an easy way to score key
91
service in regard to domain url's
probably the lowest level domain qualifier even if a sub domain of the main domain name is used, e.g. ftp.research.ibm.com
92
program library controls
can be used to enforce separation of duty
93
best metric to use to assess the results of the Information Security program
evaluating the percentage of control objectives achieved
94
PAT
must be used with NAT, can't be used alone
95
Parkerian Hexad
Confidentiality
Availability
Integrity
Authenticity
Possession or control: a loss of control or possession of information, not involving the breach of confidentiality
Utility: usefulness
96
seeing a number of deficiencies in cryptographic algorithms
is an indication of a need to uprgrade, this would be in the recommendation of a pen tester's report
97
most direct way to ensure that security governance principles are shaping the organization's strategic objectives
policy review process to ensure it matches with security governance principles
98
zero client
most modern way of using VDI as it reduces attack surface area, taking thin client one step further by also not having an o/s
99
how to prevent vlan hopping taking advantage of layer 2
restrict traffic between hosts within the same vlan
100
role based access in regards to differences in access needed for the same organizational roles
can't subtract or add, need to create new roles for differences
101
identification of threats is done at what SDLC phase
requirements gathering
102
advanced threat intelligence services
worth the extra money
103
removing all errors from data sets
probably cost prohibitive
104
last step of installing WAPS
verify there are no rogue devices
105
increasing the capability of a firewalls and the number of blocks in a firewall and it's effect on authorized connections
shouldn't change the authorized connection amount
106
probability of call loss is expressed as (PTSN)
grade of service
107
highest level of security for critical business functions
comprehensive security measures
108
to check for multiple invalid codes
use an edit test
109
primary purpose of server clustering
allow multiple servers to share workload and improve performacne
110
age of vulnerability
not a factor for cvss severity
111
first steps after driving mobile DR site to building
Move the network cables from the building's wiring closet to the network device in the trailer
112
primary principle of scrum framework
empirical process control - Empirical process control is a way of managing work that is based on observation and experimentation. It is a core principle of scrum, and it is what allows scrum teams to be flexible and adaptive in the face of change. In common terms, empirical process control means learning by doing and making adjustments as needed.
113
parallel configuration of security controls
If security controls were implemented in parallel, a threat could pass through a single checkpoint that did not address its particular malicious activity. Serial configurations are very narrow but very deep, whereas parallel configurations are very wide but very shallow
114
in ipsec, what ip protocol is responsible for detecting integrity problems during transmission
Authentication Header (AH) / #51
115
IP6 and PAT
PAT probably not needed as one IP6/64 address (the smallest available to purchase) provides 18 quintillion addresses
116
Ports: 7,19,20,21,22,23,25,37,49,53,67,68,69,88, 109,110,137,143,161,162,179,389,443,514, 515,520,530,543,544,636,860,989,990,993,995,1443,1444,
1701,1719,1723,1723,1812, 1813,2049,3389,3868,5060,5061,8080,8443,8530 8531
tcp only unless noted otherwise
7 - echo (both tcp/udp)
19 - chargen (both tcp/udp)
20 - FTP, data xfer
21 - FTP, ftp command
22 - ssh
23 - telnet
25 - smtp
37 - time (not ntp) (both tcp/udp)
49 - TACACS (both tcp/udp) TACACS+ (tcp only)
53 - DNS (both tcp/udp)
67 - Bootp, DHCP (udp only)
68 - Bootp, DHCP (udp only)
69 - TFTP (udp only)
80 - http (both tcp/udp)
88 - kerberos (both tcp/udp)
109 - pop2
110 - pop3
137 - Netbios (both tcp/udp)
143 - imap
161 - snmp (udp only)
162 - snmp (both tcp/udp)
179 - bgp
389 - ldap
443 - https (both tcp/udp)
514 - syslog (udp only)
515 - LPD
520 - rip (udp only)
530 - rpc (both tcp/udp)
543 - klogin (kerberos)
544 - kshell (kerberos)
587 - encrypted email
636 - ldap over tls
860 - iscsi
989 - ftps over tls (data) (both tcp/udp)
990 - ftps over tls (command) (both tcp/udp)
993 - imap - tls
995 - pop3 - tls
1443 - MSSQL (both tcp/udp) (both tcp/udp)
1434 - MSSQL monitor (both tcp/udp)
1701 - l2f, l2tp (both tcp/udp)(l2tp is udp only)
1719 - H.323 reg (both tcp/udp)
1720 - H.323 call (both tcp/udp)
1723 - PPTP
1812 - RADIUS authentication (both tcp/udp)
1813 - RADIUS accounting (both tcp/udp)
2049 - NFS (both tcp/udp)
3389 - RDP (both tcp/udp)
3868 - diameter
5060 - SIP
5061 - SIP over TLS (both tcp/udp)
8080 - alt http (both tcp/udp)
8443 - alt https
8530 - windows updates (both tcp/udp)
8531 - windows updates (both tcp/udp)
117
IP protocol numbers, 1,2,6,9,17,41,43,44,50,51,58,89,115,132,143
1 - icmp
2 - igmp
6 - tcp
9 - igp
17 - udp
41 - ipv6 encapsulation
43 - ipv6 routing
44 - ipv6 frag header
50 - ESP (ipsec)
51 - AH (ipsec)
58 - ipv6 icmp
89 - OSPF
115 - l2tp
132 - sctp
143 - ethernet ipv6 segment routing
118
database normal forms
1st - In the first normal form each field contains a single value. A field may not contain a set of values or a nested record.
2nd - the key is not finalised as the primary key, so it is called a candidate key
3rd - Every non-trivial functional dependency either begins with a superkey or ends with a prime attribute (can reduce performance)
3.5NF - slightly stronger than 3rd
4th - Every non-trivial multivalued dependency begins with a superkey
4.5NF - slight stronger than 4th
5th - Every join dependency has only superkey components
5+ - stronger than 5th
119
Federated Byzantine Agreement (block chain), created to reach ... among a number of ... nodes in a ... network. Byzantine fault tolerance (BFT) is a concept that aims to ... malicious or defective nodes in a network
created to reach agreement among a number of distributed nodes in a decentralized network. Byzantine fault tolerance (BFT) is a concept that aims to tolerate malicious or defective nodes in a network
120
MOST accurate way to assess the relative risk of a vulnerability within the CWSS
comparing the vulnerability's base score to the maximum base score of all vulnerabilities within the system
121
Access control model that minimizes the involvement with access controls
MAC
122
Echo checking
a communication protocol technique used to ensure that transmitted data is received correctly
123
the MOST loosely coupled storage type
Object storage
124
Terminal controllers
used in environments where terminals (basic input/output devices) need to connect to and communicate with a central computer or server
125
The first action to take after a successful Distributed Denial-Of-Service (DDOS) attack
perform an assessment of our systems to determine their current status
126
Boundary value analysis
a method of software testing where the extreme boundary values are chosen
127
Standards definition
documented techniques or methodologies that are established by expert groups or standards organizations and prescribe lists of security controls
128
At what point is the RTO reached
w;hen the system is back in production
129
Variance-detection tools
analyze patterns in data and identify occurrences that deviate from established norms, which could indicate critical security events or unusual activity
130
MOST secure method of implementing ephemeral computing in a cloud environment
Regularly rotating ephemeral computing resources means that the resources are frequently replaced, which reduces the chances of a security breach
131
ephemeral computing
the practice of creating a virtual computing environment as a need arises and then destroying that environment when the need is met
132
CDN effect on security posture
may reduce the effectiveness due to a larger attack surface
133
encryption alrorithm with highest work factor
RSA
134
inspection (programming) formal review process that involves examining and evaluating code against ... ..., ..., and ...
formal review process that involves examining and evaluating code against predefined criteria, checklists, and standards
135
Asynchronous dynamic OTP
uses a hidden counter to generate the next code
136
Synchronous dynamic OTP
tokens that rely on a counter or timestamp that is synchronized between the token and the authentication server
137
S/KEY OTP uses a ...and a ... function to generate ...
a specific one-time password system that uses a seed and a hash function to generate passwords
138
selecting a number displayed on a smart phone during MFA is how many factors if you notice the data usage being activated, and how many if not
4, 3
139
BEST reason to get help from external resources to work on our Information Security program
can be more cost effective and can have expertise we do not internally
140
highest cost expensive cloud storage
hybrid storage
141
XML Parser - what is it used for, where is it found
Parsed Character Data, aka, what is it
Relational Database handling of Parsed Character Data
bigger problem for the db
XML Parser - function that is part of most browsers that is able to read XML data
PC Data, data read by an XML parser
Most relational databases require PC data
A bigger problem for the relational database is that XML documents are not normalized
142
Federated Idenity Management vs Delegated Identity Management vs SSO
Federated Identity (Federated ID):
Federated identity allows a user to use the same identification credentials to access multiple applications or systems. This means that a user can use their credentials from one trusted identity provider to access various services from different organizations. An example of federated identity is when a user can use their Google or Facebook credentials to log in to various third-party websites or applications.
Single Sign-On (SSO):
Single Sign-On is a system that enables users to securely authenticate with multiple applications and websites by logging in only once. Once authenticated, the user can access all the connected systems without needing to log in again. An example of SSO is when an employee logs in to their company's network and can then access their email, project management tool, and other internal systems without having to enter their credentials again.
Delegated Identity (Delegated ID):
Delegated identity allows a user to grant another application or service access to their identity information without sharing their credentials. This is often done through the use of tokens or permissions granted by the user. An example of delegated identity is when a user grants a third-party app access to their social media profile for the purpose of sharing content or accessing their social graph.
143
Developer access to source code repository
Should be only read and add new code, modify and delete both have the effect of deleting old code (new code should identify the old code it is built on)
144
what layer does encryption occur
layer 6
145
XML Features (6)
AU CASE
Adapts technology advancements
XML supports Unicode
Compatibility with other markup language HTML
Allows XML validation
Supports platform transition (data conversion)
Easy and efficient data sharing
146
java trust store
java key store
trust store: used to store and manage trusted certificates
key store: used to store and manage untrusted certificates
147
microcode and copyright infringement
microcode (a layer of hardware-level instructions) typically does not pertain to copyright infringement issues
148
primary purpose of CCB
ensure that all IT changes are approved by the appropriate departmental representatives
149
PRIMARY advantage of using a tightly coupled architecture in storage
disadvantages (3)
loosely coupled disadvantage and advantages (3)
advantages:
Better performance
disadvantages:
less security
less scalability
higher initial cost and maintenance cost
loosely coupled storage would have the opposite advantages / disadvantages
150
HIPAA compliance should be applied to what
any device that will be used to interact with PII
151
reason to not use OSS, conditional reasons to use (3)
code is not tailored to particular requirements (same as COTS)
OSS code available from trusted and reputable sites such as GitHub may very well be warranted, supported, and updated on a regular basis
152
When SCRUM stops accepting changes
never
153
best practice to handle terminated employee's account
expire it, as expired accounts typically must go through more steps than disabled, or locked
154
CISO should report to
COO or equivalent due to better understanding of business
155
what makes password policies most effective
security awareness training
156
FIM, what is it, primary purposes (3), most important factor of effectiveness
File Integrity Management
detect unauthorized changes to critical files, system configurations, and other important data
Technical capabilities of the system
157
Two person rule
ensures one programmer does not act alone; there is another programmer present and watching who will detect if the first programmer errs or attempts to embed spurious commands, will not be independently working
158
What are each of these methods best suited for:
OCTAVE
PASTA
DREAD
STRIDE
OCATAVE: broad organization wide risk assessment
PASTA: application threat modeling framework
DREAD: classification scheme for categorizing the severity of security threats
STRIDE: risk assessment for software development process
159
First step in divestiture
Announce the divestiture to stakeholders
160
least effective quantitative risk analysis technique
using pen and paper due to the complex calculations involved
161
Monte Carlo simulation
very effective quantitative risk analysis tool
162
scenario analysis
effective method for understanding the impact of different risk events. It involves the use of models to estimate the expected value of a portfolio following a given event or series of events. It can handle complex situations, consider multiple variables simultaneously, and assess the interactions among them. While it may not be as comprehensive as Monte Carlo simulations in terms of handling uncertainties, it's still a very effective tool for risk quantification.
163
most critical action to ensure that your outsourced data is handled securely
Conducting an annual audit of the third-party firm's data handling processes
164
data controller vs data steward
steward: responsible for ensuring the accuracy and quality of data
controller: typically used in the context of data protection laws and refers to the person or entity who determines the purposes and means of processing personal data
165
self-signed certificate
not signed by a public or private CA
cannot be revoked
166
most critical action (process to use and how) to maintain the security of your organization's IT infrastructure
automate the hardware hardening process. Hardware hardening
167
DNS-based Authentication of Named Entities (DANE), what is it, biggest security benefit is protection from ... attacks
a security protocol that allows domain owners to specify which Transport Layer Security (TLS) certificates should be accepted by applications such as web browsers, email clients, and more. One of the biggest security benefits of DANE is its enhanced protection against man-in-the-middle attacks
168
ephemeral ports use
used for client side reply and therefore should not need ingress ACL's on firewalls
169
IPSec tunnel mode and systems with native ipsec support
not needed for systems with native IPSec support
170
IKE and IPSec
used for choosing type of encryption and hashes, ISAKAMP is much simpler and will use defaults
171
AH vs ESP
AH only integrity and authentication
ESP adds confidentiality
172
when moving data to cloud, access controls vs. encryption
access controls trump encryption
173
BEST security measure we could use to prevent data disclosure and data exfiltration in regards to encryption
Use very strong key storage, encryption is only as strong as the key management
174
best protocol to use when you need to authenticate at specific time periods
OIDC
175
SAML used mostly commonly used for...
web-based single sign-on (SSO)
176
JSON web tokens contain what two fields that can be used to authenticate at specific time periods
Issued At Time (IAT) and Expiry Time (EXP) and can be used to authenticate at specific time periods
177
ISO 27002 Assess the ... of the ..., based on ..., which is based on industry ... ...
Assess the effectiveness of the controls, based on BS7799, based on industry best practices
178
Audit report delivered to...
Board of Directors
179
controls to use to ensure that all expected records are processed and that no records are missing
Record counts and hash totals
180
missing data tests help identify ... that are ... but are ...
help identify fields that are required but are blank
181
Limit tests
verify that a data value falls within a predetermined range and can be useful for data validation
182
preparing to handle new incidents does not
prepare for the damage
183
most important step in change management process
Developing a rollback plan in case the update causes any issues
184
MOST likely to be used as a C&C (Command and Control) server in a cyber-attack
use cloud-based virtual machines
185
best metric for measuring the effectiveness of firewalls
number of attacks blocked
186
first step when a compromise is suspected
Verify there was an incident
187
most useful logs when measuring the effectiveness and accountability of a computer security incident response capability (CSIRC)
Activity logs
188
MTD vs AIW
MTD has wider scope, AIW is focused on system specific disruptions
189
CIA triad related to access control models
C
I
A
Confidentiality - MAC
Integrity - RBAC, ABAC
Availability - DAC
190
RBAC can also (2)
enforce separation of duties
prevent authorization creep
191
ABAC aka (2), advantages (3) / disadvantage over RBAC
PBAC - policy based
CBAC - claims based
advantage over rbac - more granular, more secure, more flexible
disadvantages - more time to configure
192
Centralized access control pro's / con's
Pro's:
all systems have same security posture
easier to manage
more secure, only a few people can update
separation of duties
SSO can be used
Con's:
traffic overhead is greater
response time is greater
updates can take longer
requires more stable infrastructure
193
Decentralized access control pro's (4) / con's (5)
Pro's:
traffic overhead is reduced
response time is reduced
updates may be quicker
doesn't require as stable infrastructure
Con's:
all systems may not have same security posture
more difficult to manage
less secure, more people can update
may lack separation of duties
SSO may not be able to be used
194
Hybrid access control centrally ..., but access lists are ... periodically
should ensure ... sites follow security ...
centrally controled, but access lists are pushed periodically
should ensure remote sites follow security posture
195
JIT access control, allows use of ... ... websites without ... new accounts ...
third party ... with home org
what language used
allows use of third party websites without creating new accounts manually
third party confirms with home org
SAML
196
OIDC Authorization
adds ... layer to OAuth2 to verify ...
can use ... or ... to log into many websites
adds ID layer to OAuth2 to verify ID
can use google or facebook to log into many websites
197
Risk Based access control, access decisions based on ... ...
uses 3 things
access decisions based on risk assessment
uses AI, behavioral and contextual analytics
198
in database world relation is another name for...
table
199
forced browsing ... ... attack searching for ... content on a website
brute force attack searching for unlinked content on a website
200
lexical obfuscation
renaming classes, fields, methods etc. replacing the name with identifiers lacking intuitive meaning
201
bridge model aka
aka: trusted third party model
202
processor states relation to isolation
does provide isolation
203
geotagging vs geolocating
geotagging is determining a position of a device by examining content of the data from the device
geolocationg (aka geopositioning) is determining the position of a device presumably by using gps technologies
204
ISO 27001 origination
Bristish Standard 7799
205
safest fire suppression for electrical fire
FE13
206
openID uses what standard as a framework
RFC 6749
207
CYOD
choose your own device
208
COPE
corporate owned personally enabled
209
most cost effective alternate site solution for DRP
mutual assistant agreement (MAA)
210
KDC purpose
acting as a trusted third party authentication server
211
802.11i, specific part
specific part of WPA2 using CCMP to replace TKIP is part of the standard
212
security marking, definition, vs. security labeling
reflects applicable laws, directives, policies, regulations and standards, making it more human readable
vs. security labeling - security labeling enables system based enforcement
213
most crucial log for unlicensed software
network log
214
dilution (intellectual property law)
entity uses a trademarked item as a generic term, kleenex
215
most commonly used biometric
fingerprint scan
216
ip6 address assignment
taking first half of mac address, adding FFFE, then appending last half of mac address
217
best reason to have employees acknowledge policies
protect the company
218
pharming
aka DNS cache poisoning
219
purpose of WS-SecureConversation Web Services specification
create security ... for ... ... exchanges
create security contexts for faster message exchanges
220
structured walk-through test aka
table top exercise
221
OSPF, ... the entire network ... and does not ... ... than distance vector protocols
learns the entire network topology and does not converge slower than distance vector protocols
222
Lipner security architecture model
combines elements of Bell-LaPadula with Biba
223
antivirus has which types of controls (3)
detective, corrective, preventive
224
answering questions about types of controls
list out all 7 categories first and determine what each answer does
225
ARP resolves...
IP add to mac add
226
Common Criteria Security Target
documentation for a system to be tested
227
bluetooth 2.1
offers weak encryption but is not clear text
228
five rules of evidence
authentic
accurate
complete
convincing
admissable
229
most difficult passwords to manage
one-time password
230
transient authentication
something you have
231
combinatorial testing
black box testing that involves using every possible variation of input data
232
pairwise testing, aka, what is it
aka: all-pairs testing, combinatorial (a form of blackbox testing) testing entering input parameters in pairs
233
cryptanalysis most likely to include frequency analysis
ciphertext only
234
firewall layers:
proxy
application
packet filter
stateful
proxy: 5
application: 7
packet filter: 3/4
stateful: 3/4
235
algorithms using discrete logarithms
Diffie Hellman
ElGamal
236
Iinitialization vectors used in what for what
used in symmetric chaining methods to provide random first block
237
IPS devices location
usually inline, not on promiscuous port
238
NIDS devices location
usually on a promiscuous port, not inline
239
NDR location
SPAN port, uses syslog too
240
Agent Smith Attack
application replaced by malware that appears legitimate
241
clickjacking
aka: UI redress attack, attacker tricks users into clicking a transparent image to send them to malicious site or hijack credentials
242
watering hole, what is it, uses what category of attack
attacker targets specific group of users by infecting a specific website (can be infected existing site or a malicious site), typically uses zero day attacks
243
purpose of key escrow
access sensitive data if need arises
244
recovery agent
store keys to secure against lost keys
245
OASIS standards most commonly used by SDN
xacml
246
X.400
set of directory guidelines that has been mostly replaced by smtp
247
international security evaluation method influenced by Orange Book
ITSEC (retired)
248
buffer overflow protection mechanism that forces app to fail immediately if a pointer is freed incorrectly
Heap Metadata Protection
249
xor's the pointer value making it difficult to be overwritten without being detected
Pointer Encoding
250
buffer overflow protection that prevents executable code from executing with data pages
DEP
251
buffer overflow protection that places executables into random memory addresses at boot time (both heap and stack memory)
ASLR
252
RollJam
can be used against newer garage doors
253
keysweeper
sniffs keystrokes from windows wireless keyboards
254
OpenSesame and Brute Force
can be used against older garage doors
255
software testing includes walkthroughs, sanity checks, syntax checks and logical code review
static
256
Network Access Layer (TCP model)
aka: link / physical
257
attempting to login to a site but are redirected to another site
pharming attack, DNS cache poisoning
258
jam signal
CSMA/CA vs.
CSMA/CD
in CA, requires...
requires that receiving devices send acknowledgements
used to signify impending transmission in CA in CD it indicates that two devices are sending at the same time
259
dry pipe vs preaction
dry pipe - filled with compressed air and when fire detected head opens, release of air causes valve to open letting water flow, used to prevent pipe freezes
preaction - has empty pipes until fire is detected, then allows water to fill, until heat triggers second stage to release water, used to prevent accidental discharge of water
260
RSA attack vulnerability
chosen cipher text
261
how to use crl
download and hunt for cert serial no
262
least reliable DRP solution
reciprocal agreement
263
NIST - to maximize number of vulnerabilities detected
use multiple vendors of scanners
264
evaluating an asset to ascertain the amount of vulnerability it means for an org
risk assessment
265
determining cost effectiveness of mitigating potential harm or loss to org
risk mgmt
266
AH / encryption
not used to encrypt data
267
attacker sends several large overlapping IP fragments
teardrop
268
sends ip packet with same destination and source, causes DOS
LAND, local area network denial
269
boundary testing
specific type of negative testing that sends known out of range data
270
negative testing
sending invalid information to see how the app reacts
271
info sec officer reporting
most likely:
CIO
CEO if security is utmost importance
legal if in a strong regulatory environment
least likely:
Audit - conflict of interest
272
primary objective of physical security
protecting safety of personnel
273
pseudonymization vs tokenization
tokenization: token has no meaning of it's own but still can be used to link back to orginal information (cc info)
pseudonymization: artificial identifiers or aliases (patient ID)
274
cvss scores categories affecting each other
base > temporal > enviromental
275
testing / certification of digital forensic equipment
NIST CFTT
276
wireless client mode
prevents clients from communicating with each other
277
incident response phases pnemonic
dirty rotten mean REPublicans RECruit REMarkable losers
278
3 SAML entities
IdP - vouches for subject
SP - providing resource that the subject wants
subject (principal or agent) - attempting to authenticate
279
not mitigated by input validation and sanitization, but what 3 attacks are
XSRF
but, directory traversal, xml injection and XSS are
280
framework that exclusively uses business requirements as central point of comparison
TOGAF
281
internal skimmer
will normally set off tampering alarm
282
external skimmer
most likely to avoid being thwarted by P2PE
