Chapter 4 Difficult Concepts Flashcards

1
Q

Bluejacking

A

sending prank unsolicited messages

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Bluesnarfing

A

unauthorized access to steal information like contacts, call logs etc on a device

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

blue bugging

A

attackers gain full control of a device

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

bluesmack

A

dos

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

blueborne

A

spread through theair to infect devices

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

enhanced open

A

aka opportunistic wireless encryption
provides individualized data encryption even in open networks
protects people in open wifi scenario
used by wpa3

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

SAE

A

A
simultaneous authentication of equals
replaces the 4 way handshake with a diffie hellman key
protects against offline dictionary attacks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Management Frame protection

A

ensures integrity of network management traffic
prevents eavesdropping, forging and tampering with management frames
used by wpa3

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

RADIUS

A

remote authentication dial in user service
offers authentication, authorization and accounting services
widely used for secure access to network resources

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

EAP

A

extensible authentication protocol
authentication frameowkr supporting multiple method

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

EAP FAST

A

T (Extensible Authentication Protocol-Flexible Authentication via Secure
Tunneling)
● Developed by Cisco Systems for secure re-authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Data Owner

A

a senior exec who labels info assets

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Data Controller

A

entity responsibly for storage,
collection and usage

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Data Processor

A

a group or individual hired by the data controller to assit with tasks like data collection and processing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Data Custodian

A

manages systems where data is stored
, enforces encryption, access controls
etc

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Data Steward

A

A
focuses on data quality and metadata ensuring data is appropriately labeled and classifie

17
Q

Certification

A

acts as proof data was properly disposed of

18
Q

Degaussing

A

:
renders storage medium useless
uses magnetic fields to destroy storag

19
Q

storage erase

A

implemented in firmware
of storage devices, now deprecated in favor
of cryptographic erase

20
Q

NIST Special Publicaion 800-88

A

guidelines for media sanitization

21
Q

Threat intelligence feeds

A

collected and disseminated by security researchers

22
Q

EF

A

exposure factor A quantifiable metric to estimate the percentage of asset damageR

23
Q

OpenVAS and Nessus

A

vulnerability scanning tool

24
Q

SNMP/SNMP Manager Agent and Message Types

A

A
Simple Network Management Protocol (SNMP)
An Internet protocol used for collecting information from managed devices on IP
networks and modifying device behavior
Managed devices include the following
● Routers
● Switches
● Firewalls
● Printers
● Servers
● Client device

25
Q

TRAP Granular

A

Sent TRAP messages get a unique object identifier OID) to
distinguish each message as a unique message being
received

26
Q

OID

A

Unique object identifier used to identify variables
for reading or setting via SNMP
● Allows the manager to distinguish individual SNMP
trap messages

27
Q

MIB

A

A
management info base
A hierarchical namespace containing OIDs and their
descriptions
● Describes the structure of device subsystem
management data
● Stores consolidated information received through
SNMP trap

28
Q

Verbose TRAP

A

SNMP traps may be configured to contain all of the information about a given alert or event as a payload

29
Q

oval

A

An SCAP language

30
Q

ARF

A
31
Q

XCCD

A
32
Q

CCE

A
33
Q

CPE

A
34
Q

syslog

A
35
Q

netflox

A
36
Q

sflow

A
37
Q

ipfix

A
38
Q

MD5/SHA256 Checksum

A