Complete Study Material Flashcards

Question 1

Q

Typosquatting

Answer

A

relies on mistakes such as typos made by Internet users when inputting a website address into a web browser

Question 2

Q

Pretexting

Answer

A

Pretexting is a type of social engineering attack that involves a situation, or pretext, created by an attacker in order to lure a victim into a vulnerable situation

Question 3

Q

Pharming

Answer

A

Pharming is a more advanced method that manipulates DNS records, redirecting users to fake websites without their knowledge

Question 4

Q

Watering Hole Attack

Answer

A

a targeted attack designed to compromise users within a specific industry or group of users by infecting websites they typically visit and luring them to a malicious site

Question 5

Q

Influence Campaigns

Answer

A

a large-scale campaign launched by a threat actor, or group of threat actors, with a lot of power (like a hacktivist group, nation-state actor, or terrorist group) that seeks to shift public opinion

Question 6

Q

Worms

Answer

A

A worm can self-replicate and spread to other computers

Question 7

Q

Trojan

Answer

A

a type of malware that downloads onto a computer disguised as a legitimate program

Question 8

Q

Rootkit

Answer

A

A rootkit is malicious software code that provides bad actors with “root” access to an endpoint device kernel or core system files

Question 9

Q

Virus

Answer

A

A computer virus is a type of malicious software, or malware, that spreads between computers and causes damage to data and software

Question 10

Q

Backdoor

Answer

A

a means of bypassing an organization’s existing security systems

Question 11

Q

RAT

Answer

A

malware that can control a computer using desktop sharing and other administrative functions

Question 12

Q

Logic Bomb

Answer

A

A logic bomb is malware that installs and operates silently until a certain
event occurs

Question 13

Q

Password Spray

Answer

A

Password attack in which the same password is attempted across many accounts

Question 14

Q

Brute Force

Answer

A

Password attack in which many passwords are attempted against an account to eventually gain access

Question 15

Q

Rainbow Tables

Answer

A

Pre-built set of hashes. Requires different tables for different hashing methods

Question 16

Q

Salt

Answer

A

Random data added to a password when hashing. Prevents the success of rainbow tables and significantly slows down brute force attacks

Question 17

Q

Dictionary Attack

Answer

A

Password attacks where a “dictionary” or list of common words are used to guess an account’s password. Some password crackers can substitute letters for numbers and special characters (3/E, 1/!, A/@)

Question 18

Q

Hash Collision

Answer

A

Occurs when two entirely unique input values have the same hash

Question 19

Q

Downgrade Attack

Answer

A

Forces the system to downgrade their security measures, such as rolling back to vulnerable or un-patched versions.

Question 20

Q

Birthday Attack

Answer

A

An example of a hash collision

Question 21

Q

Mitigating Privilege Escalation

Answer

A

Patch vulnerabilities quickly, update security software, only allow data execution is certain areas, and randomize address space layout

Question 22

Q

XSS

Answer

A

Cross-Site Scripting is a vulnerability found on web-based application, which allows an attacker to run scripts in a user input (such as text field) to obtain credentials, session IDs, cookies, etc.

Non-persistent (reflected) vs. Persistent (stored)

Question 23

Q

SQL Injection

Answer

A

SQL Injection is an attack which allows the attacker to input SQL code into a text field to interact with the data stored in the SQL database. Input validation misconfiguration is typically the cause.

Question 24

Q

Buffer Overflow

Answer

A

When a section of memory is able to spill over and overwrite another section of memory.

Question 25

Q

DLL Injection

Answer

A

Dynamic Link Library Injection copies a DLL into an existing/valid process, causing the process to execute with the DLL

Question 26

Q

Replay Attack

Answer

A

An attacker with access to raw network data is able to copy traffic and “replay” the data across the network to appear as someone else

Pass the hash is an example of a Replay Attack, where an attacker may be listening in on an authentication between a client and server and capture the hash, and pretend to be the user by sending the server those authentication details.

Question 27

Q

Server Side Request Forgery (SSRF)

Answer

A

Attacker finds a vulnerable web application and is able to send requests to the web server, causing it to perform the request on behalf of the attacker

Question 28

Q

Cross-Site Request Forgery (CSRF)

Answer

A

Takes advantage of the trust that a website has with the browser, allowing for an attacker to send requests to a web server on a victim’s behalf.

Often requires victim to perform an action such as clicking a link to pass on the forged request

Question 29

Q

Shimming

Answer

A

Shimming is inserting code into a system library or API

Question 30

Q

Refactoring

Answer

A

Refactoring code is the process of rewriting the internal processing of the code, without changing its external behavior

Question 31

Q

SSL Stripping / HTTP Downgrade

Answer

A

a type of cyber attack in which hackers downgrade a web connection from the more secure HTTPS to the less secure HTTP. This makes all communications unencrypted and sets the stage for a man-in-the-middle attack

Question 32

Q

SSL & TLS

Answer

A

Transport Layer Security (TLS) is the upgraded version of SSL that fixes existing SSL vulnerabilities. TLS authenticates more efficiently and continues to support encrypted communication channels

Question 33

Q

Race Condition

Answer

A

A race condition is an undesirable situation that occurs when a device or system attempts to perform two or more operations at the same time

Question 34

Q

Memory Vulnerabilities

Answer

A

Examples of Memory Vulnerabilities include Memory Leaks, NULL Pointer dereference, and Integer Overflow

Question 35

Q

Memory Leak

Answer

A

A memory leak occurs when a process allocates memory from the paged or nonpaged pools, but doesn’t free the memory. As a result, these limited pools of memory are depleted over time, causing Windows to slow down. If memory is completely depleted, failures may result

Question 36

Q

NULL Pointer Dereference

Answer

A

A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit

Question 37

Q

Integer Overflow

Answer

A

An integer overflow occurs when you attempt to store inside an integer variable a value that is larger than the maximum value the variable can hold

Question 38

Q

Directory Traversal

Answer

A

A directory traversal is an HTTP attack that allows attackers to gain access to restricted files

Question 39

Q

Improper Error Handling

Answer

A

Improper handling of errors can introduce a variety of security problems for a web site. The most common problem is when detailed internal error messages such as stack traces, database dumps, and error codes are displayed to the user (hacker)

Question 40

Q

Improper Input Handling

Answer

A

Improper input handling is one of the most common weaknesses identified across applications today. Poorly handled input is a leading cause behind critical vulnerabilities that exist in systems and applications

Question 41

Q

Resource Exhaustion

Answer

A

It’s a type of attack that uses up the available resources on a device so that the application or the service that’s being used by it is no longer accessible by others

Question 42

Q

Rogue Access Points

Answer

A

a wireless access point plugged into an organization’s network that the security team does not know exists

Question 43

Q

Evil Twin

Answer

A

An evil twin attack is a cyberattack that works by tricking users into connecting to a fake Wi-Fi access point

Question 44

Q

Bluejacking

Answer

A

Bluejacking is when an attacker sends unsolicited messages to a victim’s Bluetooth-enabled device

Question 45

Q

Bluesnarfing

Answer

A

accessing data through an unauthorized wireless connection

Question 46

Q

RF Jamming

Answer

A

RF Jamming, or Radio Frequency Jamming, is the concept of blocking a wireless device from communicating with other devices or a wireless

Question 47

Q

Interference

Answer

A

Unintentional jamming

Question 48

Q

RFID Attacks

Answer

A

RFID tags can be counterfeited, spoofed, sniffed, and even carry viruses that infect RFID readers and their associated networks

Question 49

Q

Near Field Communication (NFC)

Answer

A

Builds on RFID to enable two-way wireless communication. Similar vulnerabilities as RFID

Question 50

Q

Cryptographic nonce

Answer

A

A nonce is an arbitrary number used only once in a cryptographic communication, in the spirit of a nonce word. They are often random or pseudo-random numbers used in live data transmission to protect against replay attacks

Question 51

Q

Initialization Vector (IV)

Answer

A

An initialization vector (IV) is an arbitrary number that can be used with a secret key for data encryption to foil cyber attacks

Question 52

Q

On-Path Attacks

Answer

A

An on-path attack is an attacker that sits in the middle between two stations and is able to intercept, and in some cases, change that information that’s being sent interactively across the network

Question 53

Q

Media Access Control (MAC) Flooding

Answer

A

In a typical MAC Flooding attack, the attacker sends Ethernet Frames in a huge number. When sending many Ethernet Frames to the switch, these frames will have various sender addresses. The intention of the attacker is consuming the memory of the switch that is used to store the MAC address table. The MAC addresses of legitimate users will be pushed out of the MAC Table

Question 54

Q

Media Access Control (MAC) Cloning

Answer

A

MAC Cloning is the act of changing or impersonating the MAC address of a network interface card to match the MAC address of an authorized device on the network

Question 55

Q

DNS Poisoning

Answer

A

Domain Name System (DNS) poisoning happens when fake information is entered into the cache of a domain name server, resulting in DNS queries producing an incorrect reply, sending users to the wrong website

Question 56

Q

Domain Hijacking

Answer

A

Domain hijacking is the act of changing the registration of a domain name without the permission of the original owner

Question 57

Q

URL Hijacking

Answer

A

Another term for Typosquatting, which takes advantage of a user’s ability to enter typos when navigating to a website

Question 58

Q

Threat Actor Types

Answer

A

Threat actor types include Insiders, Nation States, Hacktivists, Script Kiddies, Organized Crime, Competitors, and Hackers

Question 59

Q

Insiders

Answer

A

An employee with extensive internal resources and knowledge of vulnerable systems

Question 60

Q

Nation States

Answer

A

Government-funded entities with various political and economic motives

Question 61

Q

Hacktivists

Answer

A

groups of criminals who unite to carry out cyber attacks in support of political causes

Question 62

Q

Script Kiddies

Answer

A

novice hackers who use existing scripts and software to carry out cyberattacks

Question 63

Q

Organized Crime

Answer

A

Well-funded professional criminals with sophisticated knowledge, typically motivated by money.

Question 64

Q

Competitors

Answer

A

Motives include espionage, harming competitor reputation, stealing customer data and financial information

Answer 65

A

he collection and analysis of data gathered from open sources (covert sources and publicly available information; PAI) to produce actionable intelligence

Answer 66

A

A zero-day exploit is a cyberattack vector that takes advantage of an unknown or unaddressed security flaw

Answer 67

A

Used to describe the access/knowledge granted to an attacker during Pentest

Answer 68

A

This involves gathering information about the target without direct interaction, such as OSINT or other publicly available data

Answer 69

A

the process of using tools and techniques, such as performing a ping sweep or using the traceroute command, to gather information on a target

Answer 70

A

Data Masking techniques include substituting, shuffling, encrypting data

Answer 71

A

The data is on a storage device

Answer 72

A

Data transmitted over the network

Answer 73

A

Data is actively processing in memory and almost always decrypted

Answer 74

A

Replace sensitive data with a non-sensitive placeholder. Common with credit card processing

Answer 75

A

The concept of controlling how data is used; restrict data access to unauthorized persons

Answer 76

A

Helps protect web applications by filtering and monitoring HTTP traffic between a web application and the Internet

Answer 77

A

A hot site is a DR location that is set up and ready to go – that is, one can arrive and continue to work immediately.

Answer 78

A

a cold site is essentially available space with little, if anything, set up in it. When you arrive at a cold backup site, you need to set up the equipment, make all connections, load the software, etc

Answer 79

A

a facility where equipment is available and set up for you, but you must load or restore your latest data to the system

Answer 80

A

a mechanism aimed at protecting users by intercepting DNS request attempting to connect to known malicious or unwanted domains and returning a false, or rather controlled IP address

Answer 81

A

Cloud models include Public, Community, Private, and Hybrid deployments

Answer 82

A

Available to everyone over the internet

Answer 83

A

Resources shared by several organizations

Answer 84

A

Your own virtualized local data center

Answer 85

A

Combination of Public & Private

Answer 86

A

Computing on demand with massive data storage capacity. Often fast implementation with smaller startup costs. Could come with limited bandwidth/latency issues and is difficult to protect data

Answer 87

A

Cloud that’s closed to your data, commonly referred to as an extension of the cloud. Data is processed locally, minimizing security concerns

Answer 88

A

Processing data on an edge server close to the user, oftentimes processing the data on the device itself

Answer 89

A

the ability of a system to adapt and manage resources according to workload requirements

Answer 90

A

Containerization is a type of virtualization in which all the components of an application are bundled into a single container image and can be run in isolated user space on the same shared operating system

Answer 91

A

the hosting of desktop environments on a central server. It is a form of desktop virtualization, as the specific desktop images run within virtual machines (VMs) and are delivered to end clients over a network

Answer 92

A

an approach to networking that uses software-based controllers or application programming interfaces (APIs) to communicate with underlying hardware infrastructure and direct traffic on a network

Answer 93

A

Network visibility made available through security devices

Answer 94

A

Interconnected digital business networks with the ability to transparently send data and messages between parties, such that all the networks function as one network

Answer 95

A

Providing proof of something

Answer 96

A

a string of dynamic digits of code, whose change is based on time

Answer 97

A

an event-based OTP where the moving factor in each code is based on a counter

Answer 98

A

FAR occurs when we accept a user whom we should actually have rejected

Answer 99

A

FRR is the problem of rejecting a legitimate user when we should have accepted him

Answer 100

A

describes the point where the False Reject Rate (FRR) and False Accept Rate (FAR) are equal

Answer 101

A

authentication, authorization, and accounting. AAA is a framework for intelligently controlling access to computer resources, enforcing policies, auditing usage, and providing the information necessary to bill for services

Answer 102

A

RAID (redundant array of independent disks) is a way of storing the same data in different places to provide increased speed, fault tolerance, and redundancy. Multiple disks/drives working in parallel.

Answer 103

A

Striping without parity - Great performance, but is not fault-tolerant. If one drive fails, all data in RAID 0 is lost. Requires two drives

Answer 104

A

Mirroring - Great r/w speed. In the event of a drive failure, data does not have to be rebuilt, just copied to the replacement drive from the still-functional mirror drive. Requires two drives

Answer 105

A

Striping with parity. RAID 5 is the most common secure RAID level, ideal for mission critical storage. If a drive fails, you have access to all data even while failed drive is being replaced. Requires 3+ drives

Answer 106

A

Combines characteristics of RAID 1 and RAID 0. If something goes wrong with one of the disks, the rebuild time is very fast. Half of storage capactity goes to mirroring, so this is expensive redundancy.

Answer 107

A

Network Interface Card (NIC) teaming is a common technique of grouping physical network adapters to improve performance and redundancy. NIC teaming maintains a connection to multiple physical switches but uses a single IP address. This ensures readily available load balancing and instant fault tolerance

Answer 108

A

a device that provides backup power to electrical systems during power outages or fluctuations. It helps to ensure uninterrupted operation and protect sensitive equipment from potential damage

Answer 109

A

a device with multiple power outlets that provides electrical protection and distributes power to IT equipment within a rack

Answer 110

A

A full backup is the most complete type of backup where you clone all the selected data

Answer 111

A

The first backup in an incremental backup is a full backup. The succeeding backups will only store changes that were made to the previous backup

Answer 112

A

This type of backup involves backing up data that was created or changed since the last full backup

Answer 113

A

High availability (HA) is the ability of a system to operate continuously without failing for a designated period of time

Answer 114

A

Embedded system that has multiple components running on a single chip. Limited off the shelf security options.

Answer 115

A

Smart devices, wearable technology, facility automation sensors for heating and cooling, lighting, etc.

Answer 116

A

Integrated circuit that’s configured after manufacturing, often programmed in the field. Problems don’t require hardware replacements

Answer 117

A

Large-scale multi-site systems. PCs manage facilities and equipment. No access from outside

Answer 118

A

All-in-one devices such as printers, scanners, fax machines. Logs stored on the local device.

Answer 119

A

Deterministic processing schedule. Commonly used in industrial equipment, automobiles, and military environments

Answer 120

A

Communication of analog signals over narrow range of frequencies, used for longer distance communication by IoT devices

Answer 121

A

Generally a single cable with digital signal, either 0 or 100% utilization of bandwidth.

Answer 122

A

5th Generation cellular networking with significant impact to IoT devices, allowing larger data transfers, faster monitoring and additional processing

Answer 123

A

A mesh conductive metal cage used to block electromagnetic fields

Answer 124

A

Also known as a DMZ, this sits between the internal network and public internet, providing public access to select public resources

Answer 125

A

Allows power supply but rejects data transfer

Answer 126

A

Term used to describe a physical separation between networks

Answer 127

A

Aisles at a data center used to control air flow to optimize cooling and conserve energy

Answer 128

A

the destruction of the data on a data storage device by removing its magnetism

Answer 129

A

Process of removing ink from paper, breaking the paper down into pulp, and re-using the recycled paper.

Answer 130

A

Taking an input password and running it through a hashing algorithm multiple times. “Hashing the hash”.

Answer 131

A

the conversion of data into ciphertext that can be analyzed and worked with as if it were still in its original form.

Answer 132

A

Use curves instead of large prime numbers. Uses smaller keys and requires less data transmission and storage. Great for allowing asymmetric encryption capabilities on IoT and mobile devices

Answer 133

A

An encryption system that changes the keys used to encrypt and decrypt information frequently and automatically

Answer 134

A

the practice of representing information within another message or physical object, such as hiding data in an image.

Answer 135

A

Encypts and stores 1 byte of plain-text at a time. High speed, low complexity. Used commonly in symmetric encryption. Often combines keys with an Initialization Vector

Answer 136

A

Encrypts/stores a block of bits at a time, typically 64 or 128-bits. Padding added to fill incomplete blocks.

Answer 137

A

The simplest encryption mode, using a single encryption key for every block in the series.

Answer 138

A

Another encryption method, where each block is XORed with previous ciphertext block, adding additional randomization. Initialization Vector added to first block prior to encryption. Each subsequent block uses the previous ciphertext as the IV.

Answer 139

A

Distributed ledger used to keep track of a particular event.

Process begins with a transaction, which is copied to each device participating in the blockchain. Once verified, it’s added into the existing block of transactions. Hashing is used with each transaction. The hash is then added to the block, which allows for validation that nothing has changed, and the block is added to the chain of existing blocks, available for all participating nodes.

Answer 140

A

Secure Real-time Transport Protocol (SRTP) is a network protocol for delivering audio and video over IP networks (VOIP). Utilizes a broad range of UDP ports.

Answer 141

A

Simple Network Time Protocol (SNTP) is an Internet Protocol (IP) used to synchronize the clocks of networks of computers. SNTP is over port 123.

Answer 142

A

A set of specifications for securing electronic mail. S/MIME is based upon the widely used MIME standard and describes a protocol for adding cryptographic security services through MIME encapsulation of digitally signed and encrypted objects

Answer 143

A

SMTP is used for email transmissions over port 25. SMTPS (SMTP Secure) provides encryption and is over port 587.

Answer 144

A

a set of communication rules or protocols for setting up secure connections over a network utilizing encryption and authentication

Answer 145

A

The IPSec component that provides integrity through hashing the packet. The AH gets added to the data being sent across the network.

Answer 146

A

The IPSec component that provides encryption functionality. Adds ESP headers and trailers to the data

Answer 147

A

Uses SSL to encrypt information sent over FTP. FTP is over port 20 and 21.

Answer 148

A

RDP enables users to remotely connect to their desktop computers from another device over port 3389.

Answer 149

A

Uses SSH to encrypt information sent over FTP client. SFTP utilizes SSH using port 22.

Answer 150

A

Protocol used to access a centralized directory. LDAPS is a non-standard version of LDAP using SSL for encryption. LDAP is over port 389 and 636

Answer 151

A

Security features added to DNS protocol. Allows validation of information received from a DNS server through the use of digital signatures.

Answer 152

A

Provides secure access to devices by authenticating and encrypting data packets over the network. SNMP is over port 161 and 162.

Answer 153

A

A security appliance that processes network traffic and applies rules to block potentially dangerous traffic. Allows for IPS, deep packet inspection, and application control, in addition to features provided by standard firewalls.

Answer 154

A

Assuring the integrity of a platform by demonstrating that the boot process starts from a trusted combination of hardware and software and continues until the operating system has fully booted and applications are running

Answer 155

A

This is a feature of the Unified Extensible Firmware Interface (UEFI) that helps ensure that only trusted software is loaded during the boot process. It prevents the loading of malware or unauthorized operating systems during the boot sequence.

Answer 156

A

Trusted Boot is a broader term that encompasses the concept of using trusted hardware and software components to ensure the integrity of the boot process. This can include technologies such as Secure Boot and Measured Boot, as well as the use of hardware-based security features like TPMs

Answer 157

A

Measured Boot is a feature that creates a record, or measurement, of the boot process. This record is then stored in a trusted location such as a Trusted Platform Module (TPM). By comparing this measurement with a known good measurement, it’s possible to detect any unauthorized changes to the boot process

Answer 158

A

an automated software testing method that injects invalid, malformed, or unexpected inputs into a system to reveal software defects and vulnerabilities

Answer 159

A

a testing methodology that analyzes source code to find security vulnerabilities that make your organization’s applications susceptible to attack

Answer 160

A

Full-disk encryption (FDE) is a security method for protecting sensitive data at the hardware level by encrypting all data on a disk drive

Answer 161

A

All of the data written to the storage medium is encrypted by the disk drive before being written and decrypted by the disk drive when it is read

Answer 162

A

refers to network traffic that occurs within an organization’s internal network

Answer 163

A

network traffic that enters or exits an organization’s internal network

Answer 164

A

A hardware device that creates and helps to manage multiple VPN connections remotely by creating safe tunnels on a large scale

Answer 165

A

This means that every data packet, whether browsing a website, accessing emails, or streaming media, is encrypted and passed through the VPN before reaching its final destination on the internet

Answer 166

A

only specific traffic is sent through the VPN tunnel, while the rest of the traffic is directly routed to the internet without passing through the VPN server

Answer 167

A

Sends original IP Header with the data, but the data is surrounded by an IPSec Header and Trailer. IP Header remains in the clear.

Answer 168

A

IP Header and Data are both encrypted. The original IP Header and Data are surrounded an IPSec Headers and Trailer, and a new IP header will be used to send across the network.

Answer 169

A

Also known as Spanning Tree Protocol (STP), this prevents loops and selects the best LAN path, providing redundancy of a link were to fail.

Answer 170

A

MAC address filtering allows you to block traffic coming from certain known machines or devices

Answer 171

A

Unified threat management (UTM) refers to when multiple security features or services are combined into a single device within your network. Using UTM, your network’s users are protected with several different features, including antivirus, content filtering, email and web filtering, anti-spam, and more

Answer 172

A

A proxy server is an intermediary server that retrieves data from an Internet source, such as a webpage, on behalf of a user. Protects the client

Answer 173

A

A server that sits in front of one or more web servers to intercept and inspect incoming client requests before forwarding them to the web server. Protects the server

Answer 174

A

a physical computing device that safeguards and manages secrets (most importantly digital keys), performs encryption and decryption functions for digital signatures, strong authentication and other cryptographic functions

Answer 175

A

a secure computer that spans two or more networks, allowing users to connect to it from one network, and then “jump“ to another network

Answer 176

A

Earliest security protocol used for securing wireless networks. No longer used due to vulnerabilities.

Answer 177

A

Wireless security protocol developed to solve the problems with WEP. Utilizes TKIP (Temporal Key Integrity Protocol) to dynamically change keys. TKIP has vulnerabilities of it’s own.

Answer 178

A

Wireless security protocol designed to improve upon WPA. Requires stronger encryption method AES, strong enough to resist brute-force attacks.

Answer 179

A

WPA2-PSK stands for Wi-Fi Protected Access 2 – Pre-Shared Key. It uses the same passphrase for all devices.

Answer 180

A

key exchange protocol designed to establish a shared secret between two devices and securing the key exchange process as part of the WPA3 security standard.

Answer 181

A

Diffie–Hellman key exchange establishes a shared secret between two parties that can be used for secret communication for exchanging data over a public network

Answer 182

A

a network authentication protocol that requires client authentication for access to a network. The clients identity is determined based on the credentials or certificate they provide, which is validated by an authentication server using the RADIUS protocol.

Answer 183

A

WPA3 introduces the “Simultaneous Authentication of Equals” (SAE) or Dragonfly protocol

Answer 184

A

A feature designed to make the process of connecting to a secure wireless network from a computer or other device easier

Answer 185

A

a framework for providing authentication that allows for the use of many different authentication methods for secure network access technologies - Generally 4 Common versions - LEAP, FAST, PEAP, and EAP-TLS.

Answer 186

A

a version of EAP that enables mutual authentication between a client and an authentication server via a secure tunnel. Does not require use of certificates.

Answer 187

A

version of EAP that enables mutual authentication between a client and authentication server. Authentication server utilizes digital certificates to provide authentication, whereas the client provides standard credentials.

Answer 188

A

version of EAP that enables mutual authentication between a client and authentication server through the use of digital certificates on both sides.

Answer 189

A

a widely used authentication protocol primarily used for securing remote access connections in Virtual Private Networks (VPNs). MSCHAPv2 is used to verify the identity of a user or device trying to establish a connection to a network or a remote server

Answer 190

A

Mobile device management (MDM) is the administration of mobile devices, such as smartphones, tablet computers, and laptops

Answer 191

A

Gaining access to the operating system to install custom firmware. Provides uncontrolled access

Answer 192

A

the linking of a computer or other device to a smartphone in order to connect to the internet

Answer 193

A

Corporate owned devices given to users that they can also use for personal use

Answer 194

A

ensure regulatory compliance and data protection, govern cloud usage across devices and cloud applications, and protect against threats

Answer 195

A

secure web gateways are a mix of tools specifically designed to protect users and their devices while browsing the internet beyond examining URLs and GET requests

Answer 196

A

a physical or embedded security technology (microcontroller) that resides on a computer’s motherboard or in its processor. TPMs use cryptography to help securely store essential and critical information on PCs to enable platform authentication

Answer 197

A

an identity checking protocol that periodically re-authenticates the user during an online session

Answer 198

A

Terminal Access Controller Access-Control System, is a network protocol that was developed by Cisco and controls user access to devices like routers, NAS, and switches, separating authentication and allowing fine-grained access control

Answer 199

A

Kerberos is a computer network security protocol that authenticates service requests between two or more trusted hosts across an untrusted network, like the internet. Enables SSO

Answer 200

A

an open standard that allows you to use one set of credentials to log into many different websites

Answer 201

A

a widely adopted authorization framework that allows you to consent to an application interacting with another on your behalf without having to reveal your password

Answer 202

A

A means of restricting access to system resources based on the sensitivity (as represented by a label) of the information

Answer 203

A

A means of providing access to an object at the discretion of the owner.

Answer 204

A

restricts network access based on a person’s role within an organization

Answer 205

A

an authorization model that evaluates attributes (or characteristics), rather than roles, to determine access

Answer 206

A

used to manage access to locations, databases and devices according to a set of predetermined rules and permissions that do not account for the individual’s role within the organization

Answer 207

A

The set of hardware, software, policies, processes, and procedures required to create, manage, distribute, use, store, and revoke digital certificates and public-keys

Answer 208

A

A digital certificate is a file or electronic password that proves the authenticity of a device, server, or user through the use of cryptography and the public key infrastructure (PKI)

Answer 209

A

a trusted entity that issues Secure Sockets Layer (SSL) certificates after the registration authority has authorized the requestor’s ability to do so.

Answer 210

A

A trusted entity that establishes and vouches for the identity and authorization of a client requesting a certificate, proving they allowed to request certificates for the domain in question.

Answer 211

A

provides a mechanism, as a supplement to checking against a periodic certificate revocation list (CRL), to obtain timely information regarding the revocation status of a certificate

Answer 212

A

a list of digital certificates that have been revoked by the CA (Certificate Authority) before their scheduled expiration date

Answer 213

A

The public key certificate that identifies the root CA. The root certificate issues other certificates. Access to the root certificate allows for the creation of any trusted certificate.

Answer 214

A

Base64 encoded DER certificate, generally the format provided by CAs, readable in ASCII format.

Answer 215

A

Container format - can be used to store many X.509 certificates in a single .p12 or .pfx file. Often used to transfer a private and public key pair.

Answer 216

A

Certificate format designed to transfer syntax. Binary format (not human readable).

Answer 217

A

OCSP status is “stapled” into the SSL/TLS handshake

Answer 218

A

You can “pin” the expected certificate or public key to an application. If the expected key doesn’t match, the application can device what to do in response (shut down, etc).

Answer 219

A

Third-party holds the decryption/private keys. Often a legitimate business arrangement.

Answer 220

A

Single CA issues certs to intermediate CAs.

Answer 221

A

Decentralized alternative to traditional PKI. Trust unknown certificates based on others who have verified and established relationship with them

Answer 222

A

List all the certs between server and root CA. Any certificate between the SSL certificate and the root certificate is an intermediate certificate.

Answer 223

A

Determine the route a packet takes to a destination. Used to identify where a network issue may lie

Answer 224

A

Lookup information from DNS servers, such as IP addresses

Answer 225

A

combines ping and traceroute commands. First phase runs a traceroute to build a map, then measures round trip time and packet loss at each hop.

Answer 226

A

Returns network statistics, such as active connections and binaries

Answer 227

A

allows you to listen on a port, transfer data, scan ports and send data to a port

Answer 228

A

Network Mapper, used to discover information about network devices, such as open ports, services, versions, OS, etc.

Answer 229

A

views the local ARP table. The ARP table associates an IP address to a MAC address.

Answer 230

A

request or send data over a URL

Answer 231

A

Allows you to run port scans sourced from a separate host. Essentially a port scan proxy, hiding your true source IP

Answer 232

A

Enumerate DNS information to find host names, view services, etc.

Answer 233

A

Industry leader in vulnerability scanning. Used to identify known vulnerabilities and offers extensive reporting.

Answer 234

A

A sandbox solution for malware testing in a safe environment. Offers reporting on network traffic, memory analysis, and API calls.

Answer 235

A

Used to gather OSINT, can scrape information from Google or Bing to find things like associated IP addresses, list of people from LinkedIN, email contacts

Answer 236

A

Suite that combines many recon tools into a single framework, including dnsenum, metasploit, nmap, theHarvester, and more

Answer 237

A

command to view the first x lines of a file

Answer 238

A

command used to view the last x lines in a file

Answer 239

A

command used to copy file contents to the screen or to another file

Answer 240

A

command to find text in a file (essentially CTL-F within a file)

Answer 241

A

command to change mode of a file system object, r/w/x

-rwxrw-r– would signify the owner of the file has r/w/x permissions, the group would have r/w, and everyone else would have r

Answer 242

A

command used to manually add entries to a system log

Answer 243

A

A toolkit and crypto library for SSL/TLS, used to build certificates and manage SSL/TLS communication

Answer 244

A

A suite of packet replay utilities that can be used to replay and edit packet captures

Answer 245

A

Captures packets from the commandline and displays packets on the screen, can write output to a file. CLI version of wireshark.

Answer 246

A

Graphical version of tcpdump. Used to analyze packets and view traffic patterns

Answer 247

A

command used to create a disk image or copy of a drive, or restore from an image

Answer 248

A

command used to copy information in system memory

Answer 249

A

A universal hexadecimal editor used to edit disks, files, RAM. Offers disk cloning and secure wipe capabilities

Answer 250

A

Forensic drive imaging tool

Answer 251

A

Perform digital forensics of hard drives to view and recover data.

Answer 252

A

Very common exploitation framework used to attack known vulnerabilities and build custom attacks

Answer 253

A

Well known exploitation framework

Answer 254

A

The recovery phase of the incident response process.

Answer 255

A

Preparation, Detection & Analysis, Containment, Eradication, Recovery, Post-Incident Activities

Answer 256

A

Talk through the drill’s logistics and steps that would be taken. “What would we do”

Answer 257

A

Testing performed with an actual simulated event

Answer 258

A

One step further than a Tabletop - Test processes and procedures prior to an event to identify faults and missing steps

Answer 259

A

Framework used to identify and understand actions of an attacker, as well as security techniques to mitigate them.

Answer 260

A

Model used to document and better understand an intrusion. Identify relationship between the Adversary, Capability, Victim, and Infrastructure.

Answer 261

A

Recon - Weaponization - Delivery - Exploit - Installation - C&C - Actions on objectives

Answer 262

A

Operating system logs, file system information, and can include security events

Answer 263

A

Logs specific to an application

Answer 264

A

Logs containing information related to blocked/allowed traffic flows, exploit attempts, blocked URL categories, and DNS sinkhole traffic. Typically created by IPS, firewalls, and proxies.

Answer 265

A

Logs related to web server access, exploit attempts and server activity such as startup and shudown

Answer 266

A

Logs related to DNS queries - includes IP address of the request, can identify queries to known bad sites, and log results of those queries (blocked/allowed)

Answer 267

A

Logs related to accounts logging into a system, success/failures, & source IP. Can be used to identify brute force activity.

Answer 268

A

Dump files store all contents of memory associated with an application or process

Answer 269

A

Method of gathering network stats from switches, routers, etc. Consolidated onto a NetFlow server and analyzed from a management console.

Answer 270

A

Newer version of NetFlow. Provides flexibility on what data is collected

Answer 271

A

Embedded in switches/routers to capture a portion of network traffic

Answer 272

A

Data that describes other data sources. Example - Email headers

Answer 273

A

Ask the question - how long does data stick around? Most volatile data includes CPU registers/cache > Router Table/ARP cache, process table, kernel statistics, memory > Temp File systems > Disk

Answer 274

A

A point-in-time system image, typically in relation to Virtual Machines.

Answer 275

A

Digital items left behind. Commonly found in logs, flash memory, cache files, recycle bins

Answer 276

A

Designed to mitigate damage. Think backups and IPS.

Answer 277

A

Doesn’t prevent, but may discourage intrusion. Think warning signs/login banners.

Answer 278

A

Doesn’t prevent an attack, but provides restoration through other means. Think re-imaging, hot sites, or backups.

Answer 279

A

Fences, locks, etc.

Answer 280

A

European Union regulation on information privacy in the European Union

Answer 281

A

Standard for protecting credit cards

Answer 282

A

6 steps to risk management. Categorize > Select > Implement > Assess > Authorize > Monitor

Answer 283

A

Identify, Protect, Detect, Respond, and Recover

Answer 284

A

Standard for information security management systems

Answer 285

A

Code of practice for information security controls

Answer 286

A

Focuses on privacy information management systems

Answer 287

A

Standards for risk management practices

Answer 288

A

Non-profit organization focusing cloud security

Answer 289

A

Controls are mapped to standards, best practices, and regulations to follow in the cloud.

Answer 290

A

Audit will test controls at a particular date and time

Answer 291

A

Audit will test controls over a period of 6+ months

Answer 292

A

Defines how technologies should be used

Answer 293

A

Confidentiality agreement that limits information that can legally be shared to ensure privacy

Answer 294

A

People rotate job roles, creating less of an opportunity for someone to take advantage of a security issue

Answer 295

A

No single person has all the knowledge/details

Answer 296

A

Two people must be present in-person to perform a business function

Answer 297

A

Sets a minimum set of service terms, such as uptime or response time

Answer 298

A

Informal letter of intent/expectations, not a signed legal contract.

Answer 299

A

Provides a way for a company to evaluate and assess the quality of the process used in measurement systems.

Answer 300

A

When a manufacturer stops selling a product. End of Service Life refers to when support ends patches and updates are no longer provided.

Answer 301

A

Risk that exists in the absence of security controls

Answer 302

A

Inherent Risk combined with effectiveness of security controls.

Answer 303

A

Describes the likelihood of a risk occurring

Answer 304

A

How much money is lost if a single event were to occur

Answer 305

A

Calculated by multiplying ARO x SLE

Answer 306

A

Describes how long it takes to get back up and running to a certain service level

Answer 307

A

Predict time between outages

Answer 308

A

Time required to fix an issue

Answer 309

A

Data that can be tied back to an individual, such as name, address, biometric information, telephone number

Answer 310

A

Health records associated with an individual. Health status, insurance details, payments, etc.

Answer 311

A

Manages the purpose and means by which personal data is processed

Answer 312

A

Processes data on behalf of the data controller (often a third party or different group)

Answer 313

A

Responsible for data accuracy, privacy and security.

Answer 314

A

Responsible for the organization’s overall data privacy policies.

Answer 315

A

Session ID (often stored in cookies) is stolen by an attacker and is able to pose as the victim without username or passwords.

Prevent this by use of End to End encryption

Answer 316

A

Outsourcing equipment/hardware. You’re still responsible for the management of data and the OS/application running on the equipment

Answer 317

A

Middle ground of IaaS and SaaS. Provides a platform, including hardware and OS for you to develop your own application.

Answer 318

A

On-demand software. Everything is managed and configured by the provider.

Answer 319

A

A broad description of any service delivered over the internet.

Answer 320

A

Block cipher mode that acts like a stream cipher. Utilizes a incremental counter to create each block of ciphertext.

Answer 321

A

Combines Counter Mode (CTR) with Galois authentication. Commonly used in wireless connections and IPSEC.

Brainscape's Knowledge GenomeTM

Complete Study Material Flashcards

Brainscape's Knowledge Genome^TM