Complete Study Material Flashcards

Question

DLL Injection

Answer 1

Dynamic Link Library Injection copies a DLL into an existing/valid process, causing the process to execute with the DLL

Answer 2

An attacker with access to raw network data is able to copy traffic and "replay" the data across the network to appear as someone else Pass the hash is an example of a Replay Attack, where an attacker may be listening in on an authentication between a client and server and capture the hash, and pretend to be the user by sending the server those authentication details.

Answer 3

Attacker finds a vulnerable web application and is able to send requests to the web server, causing it to perform the request on behalf of the attacker

Answer 4

Takes advantage of the trust that a website has with the browser, allowing for an attacker to send requests to a web server on a victim's behalf. Often requires victim to perform an action such as clicking a link to pass on the forged request

Answer 5

Shimming is inserting code into a system library or API

Answer 6

Refactoring code is the process of rewriting the internal processing of the code, without changing its external behavior

Answer 7

a type of cyber attack in which hackers downgrade a web connection from the more secure HTTPS to the less secure HTTP. This makes all communications unencrypted and sets the stage for a man-in-the-middle attack

Answer 8

Transport Layer Security (TLS) is the upgraded version of SSL that fixes existing SSL vulnerabilities. TLS authenticates more efficiently and continues to support encrypted communication channels

Answer 9

A race condition is an undesirable situation that occurs when a device or system attempts to perform two or more operations at the same time

Answer 10

Examples of Memory Vulnerabilities include Memory Leaks, NULL Pointer dereference, and Integer Overflow

Answer 11

A memory leak occurs when a process allocates memory from the paged or nonpaged pools, but doesn't free the memory. As a result, these limited pools of memory are depleted over time, causing Windows to slow down. If memory is completely depleted, failures may result

Answer 12

A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit

Answer 13

An integer overflow occurs when you attempt to store inside an integer variable a value that is larger than the maximum value the variable can hold

Answer 14

A directory traversal is an HTTP attack that allows attackers to gain access to restricted files

Answer 15

Improper handling of errors can introduce a variety of security problems for a web site. The most common problem is when detailed internal error messages such as stack traces, database dumps, and error codes are displayed to the user (hacker)

Answer 16

Improper input handling is one of the most common weaknesses identified across applications today. Poorly handled input is a leading cause behind critical vulnerabilities that exist in systems and applications

Answer 17

It's a type of attack that uses up the available resources on a device so that the application or the service that's being used by it is no longer accessible by others

Answer 18

a wireless access point plugged into an organization's network that the security team does not know exists

Answer 19

An evil twin attack is a cyberattack that works by tricking users into connecting to a fake Wi-Fi access point

Answer 20

Bluejacking is when an attacker sends unsolicited messages to a victim's Bluetooth-enabled device

Answer 21

accessing data through an unauthorized wireless connection

Answer 22

RF Jamming, or Radio Frequency Jamming, is the concept of blocking a wireless device from communicating with other devices or a wireless

Answer 23

Unintentional jamming

Answer 24

RFID tags can be counterfeited, spoofed, sniffed, and even carry viruses that infect RFID readers and their associated networks

Answer 25

Builds on RFID to enable two-way wireless communication. Similar vulnerabilities as RFID

Answer 26

A nonce is an arbitrary number used only once in a cryptographic communication, in the spirit of a nonce word. They are often random or pseudo-random numbers used in live data transmission to protect against replay attacks

Answer 27

An initialization vector (IV) is an arbitrary number that can be used with a secret key for data encryption to foil cyber attacks

Answer 28

An on-path attack is an attacker that sits in the middle between two stations and is able to intercept, and in some cases, change that information that’s being sent interactively across the network

Answer 29

In a typical MAC Flooding attack, the attacker sends Ethernet Frames in a huge number. When sending many Ethernet Frames to the switch, these frames will have various sender addresses. The intention of the attacker is consuming the memory of the switch that is used to store the MAC address table. The MAC addresses of legitimate users will be pushed out of the MAC Table

Answer 30

MAC Cloning is the act of changing or impersonating the MAC address of a network interface card to match the MAC address of an authorized device on the network

Answer 31

Domain Name System (DNS) poisoning happens when fake information is entered into the cache of a domain name server, resulting in DNS queries producing an incorrect reply, sending users to the wrong website

Answer 32

Domain hijacking is the act of changing the registration of a domain name without the permission of the original owner

Answer 33

Another term for Typosquatting, which takes advantage of a user's ability to enter typos when navigating to a website

Answer 34

Threat actor types include Insiders, Nation States, Hacktivists, Script Kiddies, Organized Crime, Competitors, and Hackers

Answer 35

An employee with extensive internal resources and knowledge of vulnerable systems

Answer 36

Government-funded entities with various political and economic motives

Answer 37

groups of criminals who unite to carry out cyber attacks in support of political causes

Answer 38

novice hackers who use existing scripts and software to carry out cyberattacks

Answer 39

Well-funded professional criminals with sophisticated knowledge, typically motivated by money.

Answer 40

Motives include espionage, harming competitor reputation, stealing customer data and financial information

Answer 41

he collection and analysis of data gathered from open sources (covert sources and publicly available information; PAI) to produce actionable intelligence

Answer 42

A zero-day exploit is a cyberattack vector that takes advantage of an unknown or unaddressed security flaw

Answer 43

Used to describe the access/knowledge granted to an attacker during Pentest

Answer 44

This involves gathering information about the target without direct interaction, such as OSINT or other publicly available data

Answer 45

the process of using tools and techniques, such as performing a ping sweep or using the traceroute command, to gather information on a target

Answer 46

Data Masking techniques include substituting, shuffling, encrypting data

Answer 47

The data is on a storage device

Answer 48

Data transmitted over the network

Answer 49

Data is actively processing in memory and almost always decrypted

Answer 50

Replace sensitive data with a non-sensitive placeholder. Common with credit card processing

Answer 51

The concept of controlling how data is used; restrict data access to unauthorized persons

Answer 52

Helps protect web applications by filtering and monitoring HTTP traffic between a web application and the Internet

Answer 53

A hot site is a DR location that is set up and ready to go -- that is, one can arrive and continue to work immediately.

Answer 54

a cold site is essentially available space with little, if anything, set up in it. When you arrive at a cold backup site, you need to set up the equipment, make all connections, load the software, etc

Answer 55

a facility where equipment is available and set up for you, but you must load or restore your latest data to the system

Answer 56

a mechanism aimed at protecting users by intercepting DNS request attempting to connect to known malicious or unwanted domains and returning a false, or rather controlled IP address

Answer 57

Cloud models include Public, Community, Private, and Hybrid deployments

Answer 58

Available to everyone over the internet

Answer 59

Resources shared by several organizations

Answer 60

Your own virtualized local data center

Answer 61

Combination of Public & Private

Answer 62

Computing on demand with massive data storage capacity. Often fast implementation with smaller startup costs. Could come with limited bandwidth/latency issues and is difficult to protect data

Answer 63

Cloud that's closed to your data, commonly referred to as an extension of the cloud. Data is processed locally, minimizing security concerns

Answer 64

Processing data on an edge server close to the user, oftentimes processing the data on the device itself

Answer 65

the ability of a system to adapt and manage resources according to workload requirements

Answer 66

Containerization is a type of virtualization in which all the components of an application are bundled into a single container image and can be run in isolated user space on the same shared operating system

Answer 67

the hosting of desktop environments on a central server. It is a form of desktop virtualization, as the specific desktop images run within virtual machines (VMs) and are delivered to end clients over a network

Answer 68

an approach to networking that uses software-based controllers or application programming interfaces (APIs) to communicate with underlying hardware infrastructure and direct traffic on a network

Answer 69

Network visibility made available through security devices

Answer 70

Interconnected digital business networks with the ability to transparently send data and messages between parties, such that all the networks function as one network

Answer 71

Providing proof of something

Answer 72

a string of dynamic digits of code, whose change is based on time

Answer 73

an event-based OTP where the moving factor in each code is based on a counter

Answer 74

FAR occurs when we accept a user whom we should actually have rejected

Answer 75

FRR is the problem of rejecting a legitimate user when we should have accepted him

Answer 76

describes the point where the False Reject Rate (FRR) and False Accept Rate (FAR) are equal

Answer 77

authentication, authorization, and accounting. AAA is a framework for intelligently controlling access to computer resources, enforcing policies, auditing usage, and providing the information necessary to bill for services

Answer 78

RAID (redundant array of independent disks) is a way of storing the same data in different places to provide increased speed, fault tolerance, and redundancy. Multiple disks/drives working in parallel.

Answer 79

Striping without parity - Great performance, but is not fault-tolerant. If one drive fails, all data in RAID 0 is lost. Requires two drives

Answer 80

Mirroring - Great r/w speed. In the event of a drive failure, data does not have to be rebuilt, just copied to the replacement drive from the still-functional mirror drive. Requires two drives

Answer 81

Striping with parity. RAID 5 is the most common secure RAID level, ideal for mission critical storage. If a drive fails, you have access to all data even while failed drive is being replaced. Requires 3+ drives

Answer 82

Combines characteristics of RAID 1 and RAID 0. If something goes wrong with one of the disks, the rebuild time is very fast. Half of storage capactity goes to mirroring, so this is expensive redundancy.

Answer 83

Network Interface Card (NIC) teaming is a common technique of grouping physical network adapters to improve performance and redundancy. NIC teaming maintains a connection to multiple physical switches but uses a single IP address. This ensures readily available load balancing and instant fault tolerance

Answer 84

a device that provides backup power to electrical systems during power outages or fluctuations. It helps to ensure uninterrupted operation and protect sensitive equipment from potential damage

Answer 85

a device with multiple power outlets that provides electrical protection and distributes power to IT equipment within a rack

Answer 86

A full backup is the most complete type of backup where you clone all the selected data

Answer 87

The first backup in an incremental backup is a full backup. The succeeding backups will only store changes that were made to the previous backup

Answer 88

This type of backup involves backing up data that was created or changed since the last full backup

Answer 89

High availability (HA) is the ability of a system to operate continuously without failing for a designated period of time

Answer 90

Embedded system that has multiple components running on a single chip. Limited off the shelf security options.

Answer 91

Smart devices, wearable technology, facility automation sensors for heating and cooling, lighting, etc.

Answer 92

Integrated circuit that's configured after manufacturing, often programmed in the field. Problems don't require hardware replacements

Answer 93

Large-scale multi-site systems. PCs manage facilities and equipment. No access from outside

Answer 94

All-in-one devices such as printers, scanners, fax machines. Logs stored on the local device.

Answer 95

Deterministic processing schedule. Commonly used in industrial equipment, automobiles, and military environments

Answer 96

Communication of analog signals over narrow range of frequencies, used for longer distance communication by IoT devices

Answer 97

Generally a single cable with digital signal, either 0 or 100% utilization of bandwidth.

Answer 98

5th Generation cellular networking with significant impact to IoT devices, allowing larger data transfers, faster monitoring and additional processing

Answer 99

A mesh conductive metal cage used to block electromagnetic fields

Answer 100

Also known as a DMZ, this sits between the internal network and public internet, providing public access to select public resources

Answer 101

Allows power supply but rejects data transfer

Answer 102

Term used to describe a physical separation between networks

Answer 103

Aisles at a data center used to control air flow to optimize cooling and conserve energy

Answer 104

the destruction of the data on a data storage device by removing its magnetism

Answer 105

Process of removing ink from paper, breaking the paper down into pulp, and re-using the recycled paper.

Answer 106

Taking an input password and running it through a hashing algorithm multiple times. "Hashing the hash".

Answer 107

the conversion of data into ciphertext that can be analyzed and worked with as if it were still in its original form.

Answer 108

Use curves instead of large prime numbers. Uses smaller keys and requires less data transmission and storage. Great for allowing asymmetric encryption capabilities on IoT and mobile devices

Answer 109

An encryption system that changes the keys used to encrypt and decrypt information frequently and automatically

Answer 110

the practice of representing information within another message or physical object, such as hiding data in an image.

Answer 111

Encypts and stores 1 byte of plain-text at a time. High speed, low complexity. Used commonly in symmetric encryption. Often combines keys with an Initialization Vector

Answer 112

Encrypts/stores a block of bits at a time, typically 64 or 128-bits. Padding added to fill incomplete blocks.

Answer 113

The simplest encryption mode, using a single encryption key for every block in the series.

Answer 114

Another encryption method, where each block is XORed with previous ciphertext block, adding additional randomization. Initialization Vector added to first block prior to encryption. Each subsequent block uses the previous ciphertext as the IV.

Answer 115

Distributed ledger used to keep track of a particular event. Process begins with a transaction, which is copied to each device participating in the blockchain. Once verified, it's added into the existing block of transactions. Hashing is used with each transaction. The hash is then added to the block, which allows for validation that nothing has changed, and the block is added to the chain of existing blocks, available for all participating nodes.

Answer 116

Secure Real-time Transport Protocol (SRTP) is a network protocol for delivering audio and video over IP networks (VOIP). Utilizes a broad range of UDP ports.

Answer 117

Simple Network Time Protocol (SNTP) is an Internet Protocol (IP) used to synchronize the clocks of networks of computers. SNTP is over port 123.

Answer 118

A set of specifications for securing electronic mail. S/MIME is based upon the widely used MIME standard and describes a protocol for adding cryptographic security services through MIME encapsulation of digitally signed and encrypted objects

Answer 119

SMTP is used for email transmissions over port 25. SMTPS (SMTP Secure) provides encryption and is over port 587.

Answer 120

a set of communication rules or protocols for setting up secure connections over a network utilizing encryption and authentication

Answer 121

The IPSec component that provides integrity through hashing the packet. The AH gets added to the data being sent across the network.

Answer 122

The IPSec component that provides encryption functionality. Adds ESP headers and trailers to the data

Answer 123

Uses SSL to encrypt information sent over FTP. FTP is over port 20 and 21.

Answer 124

RDP enables users to remotely connect to their desktop computers from another device over port 3389.

Answer 125

Uses SSH to encrypt information sent over FTP client. SFTP utilizes SSH using port 22.

Answer 126

Protocol used to access a centralized directory. LDAPS is a non-standard version of LDAP using SSL for encryption. LDAP is over port 389 and 636

Answer 127

Security features added to DNS protocol. Allows validation of information received from a DNS server through the use of digital signatures.

Answer 128

Provides secure access to devices by authenticating and encrypting data packets over the network. SNMP is over port 161 and 162.

Answer 129

A security appliance that processes network traffic and applies rules to block potentially dangerous traffic. Allows for IPS, deep packet inspection, and application control, in addition to features provided by standard firewalls.

Answer 130

Assuring the integrity of a platform by demonstrating that the boot process starts from a trusted combination of hardware and software and continues until the operating system has fully booted and applications are running

Answer 131

This is a feature of the Unified Extensible Firmware Interface (UEFI) that helps ensure that only trusted software is loaded during the boot process. It prevents the loading of malware or unauthorized operating systems during the boot sequence.

Answer 132

Trusted Boot is a broader term that encompasses the concept of using trusted hardware and software components to ensure the integrity of the boot process. This can include technologies such as Secure Boot and Measured Boot, as well as the use of hardware-based security features like TPMs

Answer 133

Measured Boot is a feature that creates a record, or measurement, of the boot process. This record is then stored in a trusted location such as a Trusted Platform Module (TPM). By comparing this measurement with a known good measurement, it's possible to detect any unauthorized changes to the boot process

Answer 134

an automated software testing method that injects invalid, malformed, or unexpected inputs into a system to reveal software defects and vulnerabilities

Answer 135

a testing methodology that analyzes source code to find security vulnerabilities that make your organization's applications susceptible to attack

Answer 136

Full-disk encryption (FDE) is a security method for protecting sensitive data at the hardware level by encrypting all data on a disk drive

Answer 137

All of the data written to the storage medium is encrypted by the disk drive before being written and decrypted by the disk drive when it is read

Answer 138

refers to network traffic that occurs within an organization's internal network

Answer 139

network traffic that enters or exits an organization's internal network

Answer 140

A hardware device that creates and helps to manage multiple VPN connections remotely by creating safe tunnels on a large scale

Answer 141

This means that every data packet, whether browsing a website, accessing emails, or streaming media, is encrypted and passed through the VPN before reaching its final destination on the internet

Answer 142

only specific traffic is sent through the VPN tunnel, while the rest of the traffic is directly routed to the internet without passing through the VPN server

Answer 143

Sends original IP Header with the data, but the data is surrounded by an IPSec Header and Trailer. IP Header remains in the clear.

Answer 144

IP Header and Data are both encrypted. The original IP Header and Data are surrounded an IPSec Headers and Trailer, and a new IP header will be used to send across the network.

Answer 145

Also known as Spanning Tree Protocol (STP), this prevents loops and selects the best LAN path, providing redundancy of a link were to fail.

Answer 146

MAC address filtering allows you to block traffic coming from certain known machines or devices

Answer 147

Unified threat management (UTM) refers to when multiple security features or services are combined into a single device within your network. Using UTM, your network’s users are protected with several different features, including antivirus, content filtering, email and web filtering, anti-spam, and more

Answer 148

A proxy server is an intermediary server that retrieves data from an Internet source, such as a webpage, on behalf of a user. Protects the client

Answer 149

A server that sits in front of one or more web servers to intercept and inspect incoming client requests before forwarding them to the web server. Protects the server

Answer 150

a physical computing device that safeguards and manages secrets (most importantly digital keys), performs encryption and decryption functions for digital signatures, strong authentication and other cryptographic functions

Answer 151

a secure computer that spans two or more networks, allowing users to connect to it from one network, and then “jump“ to another network

Answer 152

Earliest security protocol used for securing wireless networks. No longer used due to vulnerabilities.

Answer 153

Wireless security protocol developed to solve the problems with WEP. Utilizes TKIP (Temporal Key Integrity Protocol) to dynamically change keys. TKIP has vulnerabilities of it's own.

Answer 154

Wireless security protocol designed to improve upon WPA. Requires stronger encryption method AES, strong enough to resist brute-force attacks.

Answer 155

WPA2-PSK stands for Wi-Fi Protected Access 2 – Pre-Shared Key. It uses the same passphrase for all devices.

Answer 156

key exchange protocol designed to establish a shared secret between two devices and securing the key exchange process as part of the WPA3 security standard.

Answer 157

Diffie–Hellman key exchange establishes a shared secret between two parties that can be used for secret communication for exchanging data over a public network

Answer 158

a network authentication protocol that requires client authentication for access to a network. The clients identity is determined based on the credentials or certificate they provide, which is validated by an authentication server using the RADIUS protocol.

Answer 159

WPA3 introduces the "Simultaneous Authentication of Equals" (SAE) or Dragonfly protocol

Answer 160

A feature designed to make the process of connecting to a secure wireless network from a computer or other device easier

Answer 161

a framework for providing authentication that allows for the use of many different authentication methods for secure network access technologies - Generally 4 Common versions - LEAP, FAST, PEAP, and EAP-TLS.

Answer 162

a version of EAP that enables mutual authentication between a client and an authentication server via a secure tunnel. Does not require use of certificates.

Answer 163

version of EAP that enables mutual authentication between a client and authentication server. Authentication server utilizes digital certificates to provide authentication, whereas the client provides standard credentials.

Answer 164

version of EAP that enables mutual authentication between a client and authentication server through the use of digital certificates on both sides.

Answer 165

a widely used authentication protocol primarily used for securing remote access connections in Virtual Private Networks (VPNs). MSCHAPv2 is used to verify the identity of a user or device trying to establish a connection to a network or a remote server

Answer 166

Mobile device management (MDM) is the administration of mobile devices, such as smartphones, tablet computers, and laptops

Answer 167

Gaining access to the operating system to install custom firmware. Provides uncontrolled access

Answer 168

the linking of a computer or other device to a smartphone in order to connect to the internet

Answer 169

Corporate owned devices given to users that they can also use for personal use

Answer 170

ensure regulatory compliance and data protection, govern cloud usage across devices and cloud applications, and protect against threats

Answer 171

secure web gateways are a mix of tools specifically designed to protect users and their devices while browsing the internet beyond examining URLs and GET requests

Answer 172

a physical or embedded security technology (microcontroller) that resides on a computer's motherboard or in its processor. TPMs use cryptography to help securely store essential and critical information on PCs to enable platform authentication

Answer 173

an identity checking protocol that periodically re-authenticates the user during an online session

Answer 174

Terminal Access Controller Access-Control System, is a network protocol that was developed by Cisco and controls user access to devices like routers, NAS, and switches, separating authentication and allowing fine-grained access control

Answer 175

Kerberos is a computer network security protocol that authenticates service requests between two or more trusted hosts across an untrusted network, like the internet. Enables SSO

Answer 176

an open standard that allows you to use one set of credentials to log into many different websites

Answer 177

a widely adopted authorization framework that allows you to consent to an application interacting with another on your behalf without having to reveal your password

Answer 178

A means of restricting access to system resources based on the sensitivity (as represented by a label) of the information

Answer 179

A means of providing access to an object at the discretion of the owner.

Answer 180

restricts network access based on a person's role within an organization

Answer 181

an authorization model that evaluates attributes (or characteristics), rather than roles, to determine access

Answer 182

used to manage access to locations, databases and devices according to a set of predetermined rules and permissions that do not account for the individual's role within the organization

Answer 183

The set of hardware, software, policies, processes, and procedures required to create, manage, distribute, use, store, and revoke digital certificates and public-keys

Answer 184

A digital certificate is a file or electronic password that proves the authenticity of a device, server, or user through the use of cryptography and the public key infrastructure (PKI)

Answer 185

a trusted entity that issues Secure Sockets Layer (SSL) certificates after the registration authority has authorized the requestor's ability to do so.

Answer 186

A trusted entity that establishes and vouches for the identity and authorization of a client requesting a certificate, proving they allowed to request certificates for the domain in question.

Answer 187

provides a mechanism, as a supplement to checking against a periodic certificate revocation list (CRL), to obtain timely information regarding the revocation status of a certificate

Answer 188

a list of digital certificates that have been revoked by the CA (Certificate Authority) before their scheduled expiration date

Answer 189

The public key certificate that identifies the root CA. The root certificate issues other certificates. Access to the root certificate allows for the creation of any trusted certificate.

Answer 190

Base64 encoded DER certificate, generally the format provided by CAs, readable in ASCII format.

Answer 191

Container format - can be used to store many X.509 certificates in a single .p12 or .pfx file. Often used to transfer a private and public key pair.

Answer 192

Certificate format designed to transfer syntax. Binary format (not human readable).

Answer 193

OCSP status is "stapled" into the SSL/TLS handshake

Answer 194

You can "pin" the expected certificate or public key to an application. If the expected key doesn't match, the application can device what to do in response (shut down, etc).

Answer 195

Third-party holds the decryption/private keys. Often a legitimate business arrangement.

Answer 196

Single CA issues certs to intermediate CAs.

Answer 197

Decentralized alternative to traditional PKI. Trust unknown certificates based on others who have verified and established relationship with them

Answer 198

List all the certs between server and root CA. Any certificate between the SSL certificate and the root certificate is an intermediate certificate.

Answer 199

Determine the route a packet takes to a destination. Used to identify where a network issue may lie

Answer 200

Lookup information from DNS servers, such as IP addresses

Answer 201

combines ping and traceroute commands. First phase runs a traceroute to build a map, then measures round trip time and packet loss at each hop.

Answer 202

Returns network statistics, such as active connections and binaries

Answer 203

allows you to listen on a port, transfer data, scan ports and send data to a port

Answer 204

Network Mapper, used to discover information about network devices, such as open ports, services, versions, OS, etc.

Answer 205

views the local ARP table. The ARP table associates an IP address to a MAC address.

Answer 206

request or send data over a URL

Answer 207

Allows you to run port scans sourced from a separate host. Essentially a port scan proxy, hiding your true source IP

Answer 208

Enumerate DNS information to find host names, view services, etc.

Answer 209

Industry leader in vulnerability scanning. Used to identify known vulnerabilities and offers extensive reporting.

Answer 210

A sandbox solution for malware testing in a safe environment. Offers reporting on network traffic, memory analysis, and API calls.

Answer 211

Used to gather OSINT, can scrape information from Google or Bing to find things like associated IP addresses, list of people from LinkedIN, email contacts

Answer 212

Suite that combines many recon tools into a single framework, including dnsenum, metasploit, nmap, theHarvester, and more

Answer 213

command to view the first x lines of a file

Answer 214

command used to view the last x lines in a file

Answer 215

command used to copy file contents to the screen or to another file

Answer 216

command to find text in a file (essentially CTL-F within a file)

Answer 217

command to change mode of a file system object, r/w/x -rwxrw-r-- would signify the owner of the file has r/w/x permissions, the group would have r/w, and everyone else would have r

Answer 218

command used to manually add entries to a system log

Answer 219

A toolkit and crypto library for SSL/TLS, used to build certificates and manage SSL/TLS communication

Answer 220

A suite of packet replay utilities that can be used to replay and edit packet captures

Answer 221

Captures packets from the commandline and displays packets on the screen, can write output to a file. CLI version of wireshark.

Answer 222

Graphical version of tcpdump. Used to analyze packets and view traffic patterns

Answer 223

command used to create a disk image or copy of a drive, or restore from an image

Answer 224

command used to copy information in system memory

Answer 225

A universal hexadecimal editor used to edit disks, files, RAM. Offers disk cloning and secure wipe capabilities

Answer 226

Forensic drive imaging tool

Answer 227

Perform digital forensics of hard drives to view and recover data.

Answer 228

Very common exploitation framework used to attack known vulnerabilities and build custom attacks

Answer 229

Well known exploitation framework

Answer 230

The recovery phase of the incident response process.

Answer 231

Preparation, Detection & Analysis, Containment, Eradication, Recovery, Post-Incident Activities

Answer 232

Talk through the drill's logistics and steps that would be taken. "What would we do"

Answer 233

Testing performed with an actual simulated event

Answer 234

One step further than a Tabletop - Test processes and procedures prior to an event to identify faults and missing steps

Answer 235

Framework used to identify and understand actions of an attacker, as well as security techniques to mitigate them.

Answer 236

Model used to document and better understand an intrusion. Identify relationship between the Adversary, Capability, Victim, and Infrastructure.

Answer 237

Recon - Weaponization - Delivery - Exploit - Installation - C&C - Actions on objectives

Answer 238

Operating system logs, file system information, and can include security events

Answer 239

Logs specific to an application

Answer 240

Logs containing information related to blocked/allowed traffic flows, exploit attempts, blocked URL categories, and DNS sinkhole traffic. Typically created by IPS, firewalls, and proxies.

Answer 241

Logs related to web server access, exploit attempts and server activity such as startup and shudown

Answer 242

Logs related to DNS queries - includes IP address of the request, can identify queries to known bad sites, and log results of those queries (blocked/allowed)

Answer 243

Logs related to accounts logging into a system, success/failures, & source IP. Can be used to identify brute force activity.

Answer 244

Dump files store all contents of memory associated with an application or process

Answer 245

Method of gathering network stats from switches, routers, etc. Consolidated onto a NetFlow server and analyzed from a management console.

Answer 246

Newer version of NetFlow. Provides flexibility on what data is collected

Answer 247

Embedded in switches/routers to capture a portion of network traffic

Answer 248

Data that describes other data sources. Example - Email headers

Answer 249

Ask the question - how long does data stick around? Most volatile data includes CPU registers/cache > Router Table/ARP cache, process table, kernel statistics, memory > Temp File systems > Disk

Answer 250

A point-in-time system image, typically in relation to Virtual Machines.

Answer 251

Digital items left behind. Commonly found in logs, flash memory, cache files, recycle bins

Answer 252

Designed to mitigate damage. Think backups and IPS.

Answer 253

Doesn't prevent, but may discourage intrusion. Think warning signs/login banners.

Answer 254

Doesn't prevent an attack, but provides restoration through other means. Think re-imaging, hot sites, or backups.

Answer 255

Fences, locks, etc.

Answer 256

European Union regulation on information privacy in the European Union

Answer 257

Standard for protecting credit cards

Answer 258

6 steps to risk management. Categorize > Select > Implement > Assess > Authorize > Monitor

Answer 259

Identify, Protect, Detect, Respond, and Recover

Answer 260

Standard for information security management systems

Answer 261

Code of practice for information security controls

Answer 262

Focuses on privacy information management systems

Answer 263

Standards for risk management practices

Answer 264

Non-profit organization focusing cloud security

Answer 265

Controls are mapped to standards, best practices, and regulations to follow in the cloud.

Answer 266

Audit will test controls at a particular date and time

Answer 267

Audit will test controls over a period of 6+ months

Answer 268

Defines how technologies should be used

Answer 269

Confidentiality agreement that limits information that can legally be shared to ensure privacy

Answer 270

People rotate job roles, creating less of an opportunity for someone to take advantage of a security issue

Answer 271

No single person has all the knowledge/details

Answer 272

Two people must be present in-person to perform a business function

Answer 273

Sets a minimum set of service terms, such as uptime or response time

Answer 274

Informal letter of intent/expectations, not a signed legal contract.

Answer 275

Provides a way for a company to evaluate and assess the quality of the process used in measurement systems.

Answer 276

When a manufacturer stops selling a product. End of Service Life refers to when support ends patches and updates are no longer provided.

Answer 277

Risk that exists in the absence of security controls

Answer 278

Inherent Risk combined with effectiveness of security controls.

Answer 279

Describes the likelihood of a risk occurring

Answer 280

How much money is lost if a single event were to occur

Answer 281

Calculated by multiplying ARO x SLE

Answer 282

Describes how long it takes to get back up and running to a certain service level

Answer 283

Predict time between outages

Answer 284

Time required to fix an issue

Answer 285

Data that can be tied back to an individual, such as name, address, biometric information, telephone number

Answer 286

Health records associated with an individual. Health status, insurance details, payments, etc.

Answer 287

Manages the purpose and means by which personal data is processed

Answer 288

Processes data on behalf of the data controller (often a third party or different group)

Answer 289

Responsible for data accuracy, privacy and security.

Answer 290

Responsible for the organization's overall data privacy policies.

Answer 291

Session ID (often stored in cookies) is stolen by an attacker and is able to pose as the victim without username or passwords. Prevent this by use of End to End encryption

Answer 292

Outsourcing equipment/hardware. You're still responsible for the management of data and the OS/application running on the equipment

Answer 293

Middle ground of IaaS and SaaS. Provides a platform, including hardware and OS for you to develop your own application.

Answer 294

On-demand software. Everything is managed and configured by the provider.

Answer 295

A broad description of any service delivered over the internet.

Answer 296

Block cipher mode that acts like a stream cipher. Utilizes a incremental counter to create each block of ciphertext.

Answer 297

Combines Counter Mode (CTR) with Galois authentication. Commonly used in wireless connections and IPSEC.

Complete Study Material Flashcards

(324 cards)