Chapter 1 & 2: Security Fundamentals and Risk Management Flashcards
Which standards organization publishes the 802.X series of networking standards
Institute of Electrical and Electronics Engineers (IEEE)
Which standards organization developed many common internet protocols and issues RFCs on protocols/protocol updates?
Internet Engineering Task Force (IETF)
Which standards organization is international, creates standards for information technology and security standards and practices, and developed the OSI network model?
International Organization for Standardization (ISO)
Which standards organization is a UN agency, allocates radio spectrum, coordinates satellite orbits, and promotes global technical standards related to networking and communication (H.264 MPEG, X.509 digital certificates)
International Telecommunication Union (ITU)
Which standards organization is a US government agency which develops and supports standards used by other government organizations? Their standards are often used by other organizations with similar technology needs.
National Institute of Standards and Technology (NIST)
Which standards organization is a US signals intelligence agency involved in information gathering, codebreaking and codemaking. They have roles in DES, AES, and SHA.
National Security Agency (NSA)
Which standards organization further the state of web application security and provides guidelines, articles, software tools, and others.
Open Web Application Security Project (OWASP)
Which standards organization develops and maintains interoperable standards for the WWW?
World Wide Web Consortium (W3C)
Which security controls involve organizational policies and training. They include: password policies employee screening training procedures compliance with legal regulations
Managerial
Which security controls are enforced by technology. They include:
firewalls
authentication systems
encryption protocols
Technical
Which security controls are accomplished through employee activities and the execution of policies. They include:
backup management
security assessments
incident response
Operational
Which security controls are accomplished through locks fences video surveillance security guards
Physical
Which control is designed to close a gap in an existing control structure?
Preventative
Which control is designed to detect an active threat and record as evidence
Detective
Which control is designed to minimize the harm caused by a security breach and to prevent recurrence?
Corrective
Which control discourages attack or intrusion
Deterrent
What is a federal law designed to protect investors from fraudulent corporate accounting practices? It primarily applies to publicly traded companies and public accounting firms that do business in the US and primarily regulates the preservation, auditing and disclosure of financial records and related communications.
Sarbanes-Oxley Act of 2002 (SOX)
Which act applies to all federal agencies and requires every agency to develop, document, and implement an information security and protection program, and provides guidelines for doing so?
Federal Information Security Management Act (FISMA)
What is a federal law designed to protect health insurance coverage, protects the privacy of patient records, defines PHI, and regulates how it can be used or disclosed.
Health Insurance Portability and Accountability Act (HIPAA)
What is a federal privacy law that governs access to educational records, requires that adult student or the parents of minor students have access to their records, and limits how those records can be shared with others?
Family Educational Rights and Privacy Act (FERPA)
What act protects the customers of financial institutions by setting minimum standards for financial institutions to safeguard clients and customers personnel information.
Gramm-Leach-Bliley Act (GBLA)
What is an EU law governing all individual data relating to EU residents which addresses security, privacy, and export of data.
General Data Protection Regulation (GDPR)
What are shared rules developed by the world’s major credit card companies and administered by the PCI council. They regulate how payment information must be stored, processed, and transmitted, and requires vulnerability scanning.
Payment Card Industry Data Security Standard (PCI DSS)
What governance framework is a series of documents defining security standards, policies, and procedures for the US government
NIST 800 series
Which framework is defined by SP 800-27 using controls in SP 800-53 and uses a six-step cyclical process to identify and manage risks. This framework is mandatory for US government agencies.
NIST Risk Management Framework (RMF)
Which framework contains voluntary guidelines for private sector organizations in the US, particularly in critical infrastructure. It focuses on standard guidelines and language for cybersecurity, and is based on industry standards and best practices, but does not contain detailed risk-management procedures, so it should be used in conjunction with RMF.
NIST Cybersecurity Framework (CSF)
Which framework is a series of broad risk-management framework guidelines containing information security guidelines for all sorts of organizations.
ISO 27000
Which framework is a broad risk-managment framework that applies to all aspects of organizational risks and their effects on business goals. It is meant to be used in conjunction with ISO 27000, and is more focused on organizational leadership.
ISO 31000
Which framework includes 20 best practice guidelines for general cybersecurity, initially developed by SANS. Each guideline defines a type of action you can use to reduce security vulnerabilities, and it maps to the NIST CSF, making it a useful tool towards implementing that framework.
Center for Internet Security Critical Security Controls for Effective Cyber Defense (CIS CSC)
Which framework is focused on cloud security?
Cloud Security Alliance Cloud Controls Matrix (CSA CCM)
Which framework is an auditing standard published by the American Institute for Certified Public Accountant (AICPA). It Ensures accurate, complete and fair financial reporting with a focus on operational controls on information system.
Statement on Standards for Attestation Engagements.
Which TCP/IP tool display a variety of network information, including active connections, routing tables and traffic statistics?
netstat
Which TCP/IP tool displays the IPv4 ARP cache?
arp
Which TCP/IP tool performs a DNS lookup and displays the IP address of a given hostname?
nslookup
Which TCP/IP tool is a more powerful alternative to nslookup and is particularly useful for zone transfers.
dig
Which TCP/IP tool is used in Windows and is similar to tracert
pathping
Which 2 attack tools make arbitrary network connections?
netcat and ncat
Which attack tool is a packet crafting utility that can be used for enumeration and exploitation
hping
Which attack tool is normally used for secure remote access, but can also create proxy connection to obscure the attackers network location
SSH
Which attack tools is a focused proxy application
proxychains
Which attack tool is a command-line tool that can transfer data using various protocols. Can be used to upload malicious code or download sensitive files.
curl
Which attack tool can replay, or resend, network traffic captured by another tool such as tcpdump or Wireshark
tcpreplay
Which attack tool is a port scanner designed for penetration testing?
scanless
Medusa, Hydra, Hashcat, John the Ripper, Cain & Abel and patator are all examples of what?
Password cracking tools
Which 2 exploitation frameworks are used for general purpose exploits
Metasploit and core impact
Which exploitation framework is focused on web applications
w3af
Which exploitation framework targets local address resolution protocols
Responder
How long it takes for a newly installed device to fail is referred to as what?
Mean time to failure (MTTF)
How long it takes to repair a serviceable device is referred to as what?
Mean time to repair (MTTR)
The average uptime between failures is referred to as what?
Mean time between failures (MTBF)
What is calculated by MTBF + MTTR
Mean time between service incidents (MTBSI)
Which type of scan is most likely to cause disruptions?
non-credentialed intrusive scan
What is a program that monitors and analyzes
network traffic, detecting bottlenecks and
problems. Also known as protocol analyzer.
sniffer