Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Cyber Security > Course 2 > Flashcards

Course 2 Flashcards

1
Q

What is the 1st CISSP domain?

A

Security and risk management domain - It deals with identifying and documenting security goals and objectives.
Deals with the disaster recovery process.
Deals with Compliance and regulations.
It is also responsible for creating risk management processes. It will find the best frameworks to manage security risks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is the 2nd CISSP domain?

A

Asset security domain - This domain deals with the physical and digital security of assets.
Also deals with storing, maintaining, and disposing of assets securely once they are no longer needed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is the 3rd CISSP domain?

A

Security Architecture and Engineering - It is a domain that deals with data security by ensuring the best tools, processes, and controls are implemented to manage risks, threats, and vulnerabilities.
It focuses on the following -

  • Least privilege
  • Separation of duties
  • Fail securely
  • Zero trust
  • Trust but verify
  • Defense in depth
  • keep security simple
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

what is 4th CISSP domain?

A

Communication and network security - Deals with the security of wireless communication and physical network security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is 5th CISSP domain?

A

IAM - Identity and Access management
The main principle of IAM domain -

Identity, Authentication, Authorization and Accounting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is 6th CISSP domain?

A

Security assessment and testing - This deals with assessing the current security controls and standards and processes and making sure that they are doing the task that they are implemented for.
It also deals with the security auditing part.
Penetration testers belong to this team.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is 7th CISSP domain?

A

Security operations - This deals with the security incidents as they happen.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is 8th CISSP domain?

A

Application development security - Focuses on using secure coding practices while developing applications.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is a threat?

A

It is something that can negatively impact an organizational asset.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is risk?

A

Risk is something that can impact the CIA of an asset.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are the 3 types of web?

A

Surface web, Deep web, Dark web

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are the First 3 steps involved in NIST RMF (Risk Management Framework)?

A
  1. Prepare - prepare for the activities to protect organization from risk, threats and vulnerabilities. Find the risks, threats and vulnerabilities and look for the controls to protect from them.
  2. Categorize - Finds out the different ways to manage these risks, threats and vulnerabilities
  3. Stelect -
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are the last 4 steps involved in NIST RMF (Risk Management Framework)?

A
  1. Implement -
  2. Assess -
  3. Authorize -
  4. Monitor -
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is Proxy logon vulnerability?

A

It was a vulnerability in the Microsoft Exchange server in which threat actors could complete the authentication from proxy server to gain unauthorized access to the exchange server.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is Zerologon vulnerability?

A

It was a vulnerability in Microsoft Netlogon authentication protocol in which the threat actor exploited the 4-way handshake process and in which the end threat actor was able to add an encryption key with all zeros so that name is Zerologon vulnerability.

This attack can be deployed remotely.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is Log4shell vulnerability?

A

It allowed attackers to run Java code on someone else computer or leak sensitive information. It does this by enabling a remote attacker to take control of devices connected to the internet and run malicious code.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is PetitPotam vulnerability?

A

It was kind of man in the middle attack. It affects Windows New Technology LAN Manager (NTLM).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What is Server side request forgery vulnerability?

A

It allows attackers to manipulate a server-side application into accessing and updating backend resources . It can also allow attackers to steal data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What is the Cyber Threat framework?

A

It is a framework that was created to provide a common language to share or discuss security-related information among security professionals.

It makes the analyzing and sharing information more easy.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What is NIST Cyber Security framework and its components?

A

It is a voluntary framework that organizations can follow to mage risks, threats, and vulnerabilities in their assets and data.

There are 5 components in Cyber Security Framework -

  1. Identify - Identify all the risks, vulnerabilities. Identify what are the security goals of the organization and compliance expectations.
  2. Implement - Implement the standards, processes, and controls to manage security risks.
  3. Detect - Detect any security incidents and improve monitoring capabilities to increase the speed and efficiency of detections.
  4. Respond - Respond to the incident. Contain the attack, find the root cause of the attack, and neutralize the attack.
  5. Recover - The process of returning affected systems back to normal operation.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What OWASP stands for and what it is?

A

OWASP stands for Open Web Application Security Project. It provides guidelines to minimize the security risks on organization assets.

Sometimes it is also known as Open Worldwide Application System Project

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What are OWASP security principles?

A
  1. Minimize the attack surface area - It refers to all the potential vulnerabilities that a threat actor can exploit.
  2. Principle of least privilege
  3. Defense in depth -
  4. Separation of duties
  5. Keep security simple
  6. Fix security issues correctly - This means when some security incident occurs, identify the root cause, contain the impact, identify vulnerability, and conduct tests to ensure that remediation is successful.
  7. Fail securely
  8. Establish secure defaults
  9. Avoid security by Obscurity - The security of systems should not only rely on keeping details hidden. For example - keeping the source code of applications a secret.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What are security audits?

A

It is the process of reviewing security processes, standards and controls to ensure that they are performing or working as expected (doing the work that they are supposed to do)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

What are the common elements of internal security audits?

A
  1. Establish the scope and goals of the security audit. Scope includes the process of finding all assets, people, policies, procedures, and technologies that need to be audited.
  2. Conduct the risk assessment. Find out the vulnerabilities in the assets that we have defined in the scoping process.
  3. Conduct the control assessment of controls that have been implemented to protect the assets defined in the scope.
  4. Communicating results to stakeholders.99
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

What are the 3 common sources of security logs and explain them?

A
  1. Firewall logs - These are the records of attempted incoming and established connections coming from the internet and the record of connections that are going out to the internet.
  2. Network logs - these are the records of all the computers and devices that connect or disconnect from the network. It is also the record of all the connections between devices and services like database services.
  3. Server logs - it is the record of events that happen of devices that provide services like web server, email server etc.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

What are cloud-native and cloud-hosted applications?

A

Cloud-hosted - Cloud-hosted applications are migrated to Cloud and these applications are unable to take full benefits of Cloud architecture.

Cloud-native - these applications are built in the cloud and can utilize the full power of cloud architecture.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

What is SOAR?

A

SOAR - SOAR stands for Security Orchestration Automation Response. It is the collection of tools, applications, and workflows that uses automation to respond to security threats.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

What are the different types of SIEM tools?

A
  1. Self-hosted - The SIEM tools that the organization hosts by itself are called Self-hosted SIEM tools. The organization is responsible for installing, configuring and maintaining SIEM tools.
  2. Could hosted - The one that is hosted by some Cloud provider like Splunk Cloud or Google Chronicle.
  3. Hybrid -
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

What is Suricata?

A

It is an open-source tool that can collect and analyze the network traffic and look for any suspicious code or activity and generate network logs for security professionals to view.

It is widely used in the Public and private sectors.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

What are the different dashboards in Splunk SIEM tools?

A
  1. Security posture dashboard -
  2. Executive summary dashboard -
  3. Incident review dashboard -
  4. Risk Analysis Dashboard -
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

What are the different dashboards in Chronicle SIEM tools?

A
  1. Enterprise Insights dashboard -
  2. Data Ingestion and Health dashboard -
  3. IOC (Indicator of Compromise) dashboard -
  4. Main Dashboard -
  5. Rule Detection Dashboard -
  6. User Sign-in overview dashboard -
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

What are playbooks?

A

These are the documents that tell the steps we need to perform in a particular situation. For example - in case of a security incident.

Playbooks are developed based on the goals outlined in an organization’s business continuity plan.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

What is the role of playbooks?

A

Playbooks provide security analysts with a consistent list of actions in a prescribed way.
Playbooks clarify which tools should be used tp respond to security incidents.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

What is Security Incident response?

A

It is the process of quickly identifying some attack, containing the attack/damage, and correcting the effects of the security breach.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

What are the 6 phases of security incident response?

A
  1. Preparation - It involves preparing for potential attacks/ risks and telling everyone about their responsibilities if any security incident occurs.
  2. Detection and Analysis - Detecting and making sure that there is an ongoing attack.
  3. Containment -
  4. Eradication and Recovery
  5. Post-incident activity - Documenting the security incident. Finding the root cause of the attack. Reporting the security incident to senior leadership.
  6. Coordination - It involves reporting incidents and sharing information based on the organization’s established standards.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

Define the fields of an ethernet frame.

A

Preamble - 7 bytes
SFD - Start Frame Delimiter - 1 Byte - It is always 10101011
Destination address - 6 Bytes
Source address - 6 bytes
Type or Length - 2 Bytes
Data - up to 1500 Bytes
FCS - Frame Check Sequence - 4 Bytes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

What is IP identification field in IP header and what is its size?

A

IPID is an IP identification field that is 16 bits in length. It is used to re-associate the fragmented packets of a packet (They will have the same IPID).
For example - if some network path’s PDU is smaller than the size of the packet, this packet will need to be fragmented. And the fragmented packets can be re-associated with the help of IPID.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

What is the average size of an IP header?

A

it’s size is 20 Bytes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

What is Cloud Computing?

A

It is the practice of using servers, devices and network services in the cloud (on the internet) instead of using / having them in our local network.
Cloud service providers provide these services.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

In what ways CSPs provide their services?

A

CSP can provide service in 3 different ways -

  1. Software as a Service
  2. Infrastructure as a Service
  3. Platform as a service - If I want to sell my Software to the public for a fee but I don’t have the means to serve it to the public, I can PaaS.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

What are the 3 main benefits of using Could services?

A

Reliability, Scalability, and decreased cost.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

What does ICMP do?

A

ICMP protocol works at the Internet layer of the TCP/IP model. It is used to convey the status of IP packets to its sender if it is discarded by some router in its way or if a packet reaches its TTL, or if a packet takes a different route in the network.
There are different kinds of ICMP packets for conveying different kinds of information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

What is the maximum allowable size of a packet?

A

1500 Bytes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

What are the 3 main categories of Internet protocols?

A

Communication protocol - For example - TCP, HTTP, SFTP etc
Management protocol - SNMP, ICMP, DHCP
Security protocols - HTTPS, TLS/SSL, etc

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

What port number is used by SSH protocol and what encryption algorithm does it use?

A

SSH uses TCP port 22 and it uses AES (Advanced encryption standard) algorithm.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

Describe POP3 protocol.

A

POP is Post Office Protocol that is used to fetch emails from the email server.
It works at the application layer.
Unencrypted emails in POP use TCP/UDP port number 110 and encrypted emails use TCP/UDP port 995 over TLS/SSL protocol.
Using POP, before we can read a message in our email client, it has to be downloaded first.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

Describe IMAP.

A

IMAP is Internet message access Protocol that is also used to fetch emails from the email server. It works at application layer.
Unencrypted emails in IMAP use TCP/UDP port number 143 and encrypted emails use TCP/UDP port 993 over TLS/SSL protocol.
Using IMAP, email client can only download the header of emails to present it to the users. It doesn’t need to download the whole email at once for reading.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

Describe SMTP - Simple Mail Transfer Protocol.

A

For encrypted messages, it uses TCP port 587

49
Q

Describe SMTP - Simple Mail Transfer Protocol.

A

SMTP is used to send emails to the recipient email server. It works with MTP - Message Transfer Protocol, that helps to get the DNS queries and get the IP address of recipient server.

50
Q

Define WPA?

A

WPA is Wireless Protected Access. It is a wireless security protocol.
It uses TKIP (Temporal Key Integrity Protocol) protocol with an RC4 encryption algorithm (Stream Cipher).
This protocol is prone to KRACK attacks. KRACK is Key Reinstallation attack.

Note - Wifi password is not the actual key that is used to encrypt individual data packets. Wifi password is known as passphrase.

50
Q

Describe SMTP - Simple Mail Transfer Protocol.

A

SMTP is used to send emails to the recipient email server. It works with MTA - Message Transfer Agent, which helps to get the DNS queries and get the IP address of the recipient server.

Unencrypted emails in IMAP use TCP/UDP port number 25 and encrypted emails use TCP/UDP port 587 over TLS/SSL protocol.

SMTP helps to filter out Spam by regulating how many emails a source can send at a time.

51
Q

What is Diffie-Hellman key exchange method?

A

It is a method for securely exchanging shared keys over the public medium (unsecured medium).
It uses the concept of public-private keys to share the pre-shared key.

52
Q

What is Cipher?

A

It is the encrypted version of some clear data.

53
Q

Describe SMTP - Simple Mail Transfer Protocol.

A

SMTP is used to send emails to the recipient email server. It works with MTA - Message Transfer Agent, which helps to get the DNS queries and get the IP address of the recipient server.

Unencrypted emails in IMAP use TCP/UDP port number 25 and encrypted emails use TCP/UDP port 587 over TLS/SSL protocol.

SMTP helps to filter out Spam by regulating how many emails a source can send at a time.

54
Q

Define WPA.

A
55
Q

Describe SMTP - Simple Mail Transfer Protocol.

A

SMTP is used to send emails to the recipient email server. It works with MTA - Message Transfer Agent, which helps to get the DNS queries and get the IP address of the recipient server.

Unencrypted emails in IMAP use TCP/UDP port number 25 and encrypted emails use TCP/UDP port 587 over TLS/SSL protocol.

SMTP helps to filter out Spam by regulating how many emails a source can send at a time.

56
Q

Describe SMTP - Simple Mail Transfer Protocol.

A

SMTP is used to send emails to the recipient email server. It works with MTA - Message Transfer Agent, which helps to get the DNS queries and get the IP address of the recipient server.

Unencrypted emails in IMAP use TCP/UDP port number 25 and encrypted emails use TCP/UDP port 587 over TLS/SSL protocol.

SMTP helps to filter out Spam by regulating how many emails a source can send at a time.

57
Q

In WPA2 how does encryption/session keys are generated?

A

The individual session keys to encrypt the data packets are derived from Pairwise Master Key.

This Pairwise Master Key is derived from creating a hash of a combination of SSID and the passphrase.

If the Passphrase is stolen, individual session keys can be decrypted. That is why WPA 2 doesn’t provide Forward Secrecy.

58
Q

Define WPA2.

A

WPA2 uses CCMP (Counter mode cipher block chain message authentication code protocol) protocol with AES encryption.
It uses 128 bit encryption keys.

For client authentication, it uses 4-way handshake process. It also uses MIC - Message integrity check.

This 4-way handshake process is prone to KRACK (Key reinstallation attack) attack. It is also prone to other brute force attacks and dictionary attacks.

During 4-way handshake, the hash of (Passphrase + some other value) travels through the wireless medium. So some threat actor can sniff the 4 way handshake and get the hashed values and try to guess the passphrase using dictionary attack.

59
Q

What is Dictionary attack.

A

It is an password-guessing attack.
In a Dictionary attack, the threat actor tries to guess the Passphrase. He/she might try to guess it against commonly used passwords or stolen passwords that are available on the internet.

60
Q

Define WPA3.

A

WAP3 uses GCMP protocol with AES encryption. It supports a key length of 128 bits in WPA3-personal mode and 192 bits in WPA3-enterprise mode.
It is not prone to KRACK attack (Key reinstallation attack) as it replaces 4 way-handshake process of Pre-shared key exchange with SAE (Simultaneous authentication of equals).
It also provides forward secrecy (if the passphrase is stolen or found by a threat actor, it cannot be used to crack the keys of data packets with which it was encrypted)
It also supports OWE (Opportunistic Wireless Encryption)

61
Q

Describe SMTP - Simple Mail Transfer Protocol.

A

SMTP is used to send emails to the recipient email server. It works with MTA - Message Transfer Agent, which helps to get the DNS queries and get the IP address of the recipient server.

Unencrypted emails in IMAP use TCP/UDP port number 25 and encrypted emails use TCP/UDP port 587 over TLS/SSL protocol.

SMTP helps to filter out Spam by regulating how many emails a source can send at a time.

61
Q

What are different kind of Firewalls?

A

Stateful firewalls - These firewalls keep track of active connections through them. They can block traffic based on its suspicious nature.

Stateless connections - These firewalls block traffic based on pre-configured rules based on allowed port numbers, IP address, or MAC address etc.

NGFW - Next generation firewalls are better than stateful or Stateless. These firewalls can perform deep packet inspection, detect any suspicious traffic and block it.

62
Q

What does VPNs provide/do? Give me some example of VPN protocols.

A

VPNs provide encapsulation and encryption and they can securely connect our devices to the remote private network over the internet.

Example of VPN protocols -
1. IPsec - It cane be very complex to configure. Mostly it is used for Site to Site VPNs. Supported by most OS.
2. Wireguard - Wireguard is a new protocol as compared to IPsec. It is faster than IPsec and easier to configure. It also provides advanced encryption.

63
Q

What are proxy servers and its main types?

A

Proxy servers forward the clients requests to their destinations after hiding their IP address.

There can be forward proxy server and reverse proxy server.

Forward Proxy server - This is a server that forwards the client requests. It can provide caching services, inspect traffic, and block traffic based on certain criteria (for example - blocking the download of Zip files from the internet or from a certain site).

Reverse proxy server - It takes requests from the internet for some kind of server. It might provide load balancing, filtering etc

64
Q

What is SD-WAN?

A

Software-defined WAN - It is a virtual WAN service that allows organizations to securely connect users to applications across multiple locations and over large geographical distances.

65
Q

What is a network interception attack?

A

In a network interception attack, the attacker intercepts the traffic that is in transit and analyses it to steal valuable information or alter information in the packets. They might add malware in the data as well.

66
Q

What are backdoor attacks?

A

A Backdoor is a way in which someone can gain access to a system or network by bypassing the normal access controls. The programmers and admins usually install backdoors in their applications or networks for troubleshooting purposes or performing administrative tasks.

An attacker can also install a backdoor once they have compromised a system or network to maintain their access for a prolonged time.

67
Q

What is Denial Of Service attacks - DOS?

A

In a DOS attack, the attacker targets a network or server and floods it with network traffic.

68
Q

What are different kind of DOS attacks?

A

DDOS - Distributed denial of service - DOS attack comes from different sources that are located at different geographical locations.

SYN flood - The threat attacker keeps on sending the SYN TCP connection request to the server until it is overwhelmed by these requests. The attacker does not reply with ACK packet in return to SYN-ACK from server.

Ping of Death - A humungous ICMP packet is sent to the target

ICMP flood attack - In this attack, the threat actor sends overwhelming ICMP requests to the target.

69
Q

Give me some example of some network protocol analyzers.

A

Solar Winds Netflow traffic analyzer
ManageEngine OpManager
Azuree network watcher
Wireshark
TCP dump - it is a command line network protocol analyzer that is pre-installed in Unix systems. We can capture and analyze network traffic with it.

70
Q

What is Botnet?

A

A Botnet is a collection of devices that are infected with some kind of malware called a bot and these devices are controlled by a threat actor using Command and Control server.

71
Q

What is IP spoofing?

A

In IP spoofing, the threat actor spoofs the IP address of some authorized system to gain unauthorized access to a network.

Some examples of Spoofing attacks -
- On-Path attacks
- Replay attacks
- Smurf attacks

72
Q

What are On-path attacks?

A

On-Path attack - In this attack, an attacker placed themselves in the middle of an authorized connection and intercepts or alters the data in transit.

73
Q

What is a replay attack?

A

It is an attack in which the attacker will intercept the traffic in transit with 2 things in mind. Either the threat actor will delay the intercepted packet or it will try to use it at some later time (for example - attacker might try to replay authentication frames)

74
Q

What does an HTTP/1.1 504 Gateway Time-out (text/html) error message mean?

A

This is an error message that we get from the gateway server when it does not receive any response from the web server to a client’s request for some webpage.
So in this case, this error is sent back to the requesting browser.

75
Q

What does [RST, ACK] error message from a browser mean?

A

This error message is sent to the client browser by the web server when server is not ready to establish a connection with the client browse. It will send back [reset, ACK] error.
Client browser will display a connection timeout error message.

76
Q

What does security hardening mean?

A

It is the process of strengthening a system to reduce its vulnerability and its attack surface area.

77
Q

Give some examples of different ways for Operating System hardening.

A
  • OS updates and patches
  • MFA
  • Removal of unwanted software
  • Ensure strong password policy
  • OS/ system disposal in the secure way

Also note that new OS updates should be added to the baseline configuration / or baseline image.

78
Q

What is baseline configuration?

A

It is a documented set of specifications within a system that is used as a basis for future builds, releases and updates.

79
Q

What is simple brute force attack?

A

It is is an attack in which threat actor tries to guess the user password

80
Q

What is a dictionary attack?

A

An attack in which the attacker tries to guess the password using commonly used passwords and stolen passwords from previous breaches.

81
Q

What is a Sandbox environment?

A

It is a type of testing environment that allows you to execute software or programs separate from your network.

82
Q

Give examples of tasks that are performed for network hardening.

A
  • Firewall rule maintenance - It involves checking and updating security configurations in Firewall
  • Network log analysis
  • patch updates
  • Server backups
  • filtering of firewalls
  • Network access privileges
  • Encryption
83
Q

What is IDS?

A

it is a device or application that monitors network or system traffic and based on any anomaly or attack/malware signature, it will send alerts to the system admin or security analyst.

It is always placed behind the firewall. This is done to reduce noise in IDS alerts, also referred to as false positives.

84
Q

What are some Security hardening tasks tools?

A
  1. Baseline configuration
  2. Configuration checks
  3. Disabling unused ports
  4. Encryption using the latest standards
  5. Firewall maintenance
  6. Hardware and Software disposal
  7. MFA
  8. Network Access privileges
  9. Network Log Analysis
  10. Password policies
  11. Patch updates
  12. Penetration test
  13. Port filtering
  14. Removing or disabling unused applications and services
  15. Server and Data storage backups
85
Q

What is the main different between traditional network hardening and cloud network hardening?

A

It is the use of server baseline image for all server instances stored in the cloud.

86
Q

Is BIOS scanned by an anti virus program?

A

It is not usually scanned by an anti-virus program.

87
Q

What are the some of the benefits of using a VM- Virtual Machine?

A
  1. Efficiency - it is easy to work with VMs. We can change from one virtual machine to another very easily.
  2. Security / Sandbox - VMs provide security. VMs provide isolated environment.
  3. Managing VMs is easy as it is done from a single application called Hypervisor.
88
Q

Give me an example of a pre-built hypervisor for Linux machines.

A

KVM - Kernel-based virtual machine

89
Q

What is FHS - File System Hierarchy Standard?

A

It is a Linux component that is responsible for managing the file system or organizing the data in Linux.

90
Q

Define Package manager.

A

Package manager is a tool in Linux that is used to manage, install, or remove applications from a Linux OS.

There are different kinds of package managers based on the Distros that are available -

  1. dpkg - this is the package manager for Distros that are derived from Debian. It manages files that has .deb extension.
  2. Red hat package manager is a package manager for Distros derived from Red Hat Linux Distributions. It deals with files that has .rpm extension.
91
Q

Give me the name of Linux parent distributions.

A
  1. Debian - Unix, Kali Linux, Parrot
  2. Red Hat - CentOS
  3. Slackware - SUSE
92
Q

Give me some example of penetration testing tools for Kali Linux.

A

Metasploit - Metasploit can be used to look for and exploit vulnerabilities on machines

Burp suite - it is another tool that helps to test for weaknesses in web applications

John the Ripper - A tool used to guess passwords.

93
Q

Give me some example of digital forensic tool in Kali Linux.

A

tcpdum -
Wireshark -
Autopsy - it is a tool that can scan/ analyze hard drives and smartphones.

94
Q

What is a package?

A

It is a piece of software that can be combined with other packages to form an application. Some packages may be large enough to form application on their own.

95
Q

Give me example of command line package manager tools in Linux.

A

apt - Advanced Package Tool - it is a command line package manager tool for Debian-derived Distros.

YUM - Yellow Dog Updater Modified - It is a command line package management tool for Red Hat based Distros.

96
Q

How do we use apt in Linux.

A

To install applications -> sudo apt install APPLICATION_NAME

To remove application -> sudo apt remove APPLICATION_NAME

To list all installed applications -> apt list –installed

97
Q

What commands can be use to read a file in Linux?

A

cat - we can use this command to read the entire file at once.

head - by default, we can use this command to read the first 10 lines of the file at once.
Ex - > head -n FILE_NAME

tail - it is give us the last 10 lines of a file

less - it will show us one page at a time

98
Q

What command can we use to print the current working directory?

A

pwd - print working director.

99
Q

What do we use ls command for and what are its different options?

A

ls -> We can use it for listing all the files and directories in a folder path

ls -a -> It will also list hidden files

ls -l -> It will show us the permissions of files and folders in a directory path

100
Q

Give me some examples of standard FHS directory.

A

FHS - File system Hierarchy standard -

/home
/etc - stores configuration files
/bin
/tmp
/mnt - It stands for mount. It stores media such as USB drives and hard drives

We can use (man hier) command to learn more about the FHS and its standard directories.

101
Q

What is the use of (grep) command in Linux?

A

It is used to search for strings in files.
Syntax ->
grep STRING FILE_NAME

ls /home/mandy/reports | grep users -> It will search for “users” string in the name of the files and folders given by ls /home/mandy/reports

102
Q

What is find command used for?

A

We can use it to find files and directories at a specific path based on a specific criteria -

Based on -
- contain a specific string in the name
- are a certain file size
- were last modified within a certain time frame

find /home/analyst/projects -name “log

-name states a case sensitive name and -iname states a name that is not case sensitive

-mtime - this option is used to find the files and directories last modified within a certain time frame.

find /home/analyst/projects -mtime -3 -> modified within last 3 days

Note -> -name, -mtime are the 2 options of command “find”

103
Q

What commands can we use to create or remove directories in Linux?

A

mkdir
rmdir

rm - to remove files (be careful with this command as it can remove files that is not empty)

touch - to create empty file

104
Q

What command can we use to remove or copy a file in Linux?

A

mv
cp

105
Q

what are some examples of text editors in Linux?

A

nano
Vim
Emacs

106
Q

Standard output re-direction in Linux.

A

echo “overwite it” > permissions.txt

107
Q

What command can we use to change permission in Linux?

A

chmod -

chmod u+r,g=r,o+x test.txt

108
Q

What is useradd command and what are its different options?

A

This command is used to add users into Linux system.

Syntax -> useradd mandy

Additional commands / options used with (useradd) ->
-g -> to set a default group for this new user account
-G -> to add user to additional groups or secondary groups

useradd -g security mandy

109
Q

What is (usermod) command and what are its different options?

A

This command modifies the existing user accounts.

-d -> changes the users home directory
-l -> changes the users log-in name
-L -> locks the user account

sudo usermod -a -G marketing fgarcia -> used to add this user to an additional group

110
Q

What command can we use to delete a user account in Linux?

A

userdel - we can use this command to delete a use from Linux.

This command doesn’t delete the files in the users home directory unless you use (-r) option.

111
Q

What command can we use to change the ownership of a file in Linux?

A

sudo chown fgarcia access.txt

sudo chown :security access.txt

112
Q

Why do we have different CISSP domains? What is their need?

A

The CISSP domains have been created to remove any security gaps in an organization’s security posture. By diving the security work into different domains, a better security posture can be implemented at each domain.

113
Q

What is the purpose of internal security audits?

A
  • To correct any compliance issues
  • To assess security controls
  • To identify organizational risk
114
Q

Who normally defines the scope and goals of the security auditing process?

A

Compliance Officer and the senior Security engineer.
Security analysts usually are tasked to do the risk assessment and control assessment.

115
Q

What are the different options to get help in Linux?

A

man, whatis

apropos - searches the manual page descriptions for a specified string.
Example -

apropos -a change password

116
Q
A

Cyber Security (5 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions