Book Cards (set 3) Flashcards
What provides a detailed breakdown of the work to be performed, the timeline for completion, the expected deliverables, and the agreed-upon compensation?
Statement of Work (SOW)
What signifies that an organization acknowledges its responsibilities and will adhere to the prescribed regulations?
Attestation
How might you recover old data from an encrypted smart card?
A key escrow will have an old copy of the private keys
What agreement type is measured in metrics?
Service Level Agreement (SLA)
Apart from due diligence, what would prevent you from selecting a particular vendor?
Conflicts of interest
What type of pen testing works on a rewards basis?
Bug Bounty
What is your risk strategy if you take no action?
Risk Acceptance
How can you find out who amended a medical record?
Review the audit trail
What is Nessus?
A remote scanning tool that can identify vulnerabilities that hackers can exploit
What looks at payment terms, resolution mechanism disputes, confidentiality clauses, and liability provisions?
A Master Service Agreement
What is an on-path attack?
Name 2 attack type examples.
An interception Attack
Man-in-the-Middle and replay attacks
What type of attack uses a tar.gz file extension?
Remote Access Trojan (RAT)
Code phrases 1=1 and SELECT * are indicative of what kind of attack?
SQL Injection
What log files detail the surfing habits of a user?
DNS Log files
What framework examines the adversary, capabilities, infrastructure, and victim in an attack?
The Diamond Model of Intrusion Analysis
What type of attacks use HTML tags and JavaScript?
Cross Site Scripting (XSS)
How can you tell if a script is JavaScript?
It has a .js file extension
How can you identify which websites an individual has visited?
Check DNS log files
In what type of attack would multiple board members be sent an email asking for their bank details?
Spear Phishing attack
How can a CSP load balance data?
using geographical dispersion
What type of attack redirects you from a legitimate website to a fraudulent one?
Pharming or DNS Poisoning
If you steal someone elses cookie, what type of attack is this?
Session Replay, sometimes know as session hijacking
Why would you use a honeypot?
To attract an attacker and monitor their attack methods
What would happen if a financial institution failed a PCI DSS inspection?
The institution would be issued a regulatory fine
How could an administrator access a network with a VPN?
using a jump server