Chapter 7: Security Operations Flashcards
Explain Parol Evidence .
It states that agreements made outside of a written contract are not admissible in court, unless there is evidence of fraud, duress, or a mutual mistake.
Explain Documentary Evidence .
Written items, whether in tangible or electronic form.
Explain Real Evidence .
Physical objects that can be brought into a courtroom.
What’s a pseudoflaw ?
An apparent loophole or trapdoor that has been inserted into an operating system in order to trap unauthorized intruders who access a network.
What’s a Honeynet ?
A decoy network that’s designed to lure hackers away from a main network and into a trap. Honeynets are made up of interconnected honeypots and appear to be authentic networks with valuable resources, systems, and data.
What is NetFlow ?
NetFlow is a network protocol developed by Cisco for collecting IP traffic information and monitoring network flow. By analyzing NetFlow data, you can get a picture of network traffic flow and volume.
What is a forensic disk controller ?
A specialized type of computer hard disk controller made for the purpose of gaining read-only access to computer hard drives without the risk of damaging the drive’s contents.
Explain Meet-in-the-middle attacks.
A known plaintext cryptographic attack against encryption schemes that rely on performing multiple encryption operations in sequence. The MITM attack is the primary reason why Double DES is not used and why a Triple DES key (168-bit) can be brute-forced.
What is Entitlement ?
The initial set of privileges assigned to a new user by default.
What is TOGAF ?
The TOGAF standard is a framework for Enterprise Architecture from The Open Group Architecture Forum.
What is PMBOK ?
Project Management Body of Knowledge, a set of standard terminology and guidelines for project management.
What are SCOM and SCCM ?
System Center Operations Manager & System Center Configuration Manager. SCOM lets administrators deploy, configure, manage, & monitor operations, services, & applications. SCCM can track system inventory, provide remote control, & help administrators maintain system configuration.
What is MTD ?
Maximum Tolerable Downtime.
What is FCRP ?
The Federal Rules of Civil Procedure
What is NIDS ?
Network Intrusion Detection System, a cybersecurity tool that monitors network traffic to identify potential cyber attacks.
