CySA+ Study for PASS Certification Exam !!! Flashcards
??? : check characteristics of each packet against firewall rules w/o any additional intelligence.
??? : go beyond packet filters and maintain info about state of each connection passing through firewall.
Packet Filtering Firewalls / Stateful Inspection Firewall
??? : do contextual information about users, applications, and business processes.
??? : protect against web app attacks like SQL injection and cross-site scripting.
NGFW’s / WAF’s
acts as secure transition point between one network and another network, providing a trusted path between the two networks. Can connect to ??? by SSH or RDP, not directly to either network; use strong multifactor authentication as well.
Jump Box
feed false info to malicious software that works on its way to enterprise network, when compromised system attempts to obtain info from ??? server about its command and control server the ??? server detects suspicious request and instead of responding w/correct answer, it responds with IP address of sinkhole system designed to detect and remediate botnet-infected system.
DNS sinkholes
??? : allows admins to define groups of security settings once and then apply those settings to either all systems or group of systems based on role.
??? : security software should report status to centralized management system that allows security admins to monitor the entire enterprise from single location.
??? : admins set all security permissions and users cant modify those permissions.
??? : owner of file or resource controls permissions on resource an can delegate them at their discretion.
GPO / Endpoint / MAC / DAC
???
Timing : when will the test take place? Will technology staff be informed of the test?
Scope : are there any systems, networks, personnel, or business processes off-limits to the testers?
Authorization : who is authorizing the test to take place? What should testers do if they are confronted by an employee or other person who notices their suspicious activity?
Planning a Penetration Test
???
testers conduct recon and gather as much info as possible about targeted network, systems, users, and applications. may be conducting reviews of publicly available material, performing port scans of systems, using network vulnerability scanners and web app testers to search for vulnerabilities, etc …
Conducting Discovery
???
during attack phase testers wish to bypass org.’s security controls and gain access to sys’s and app’s run by org. In this process attackers use info gathered during discovery phase to gain initial access to system, once in, they wish to escalate access until complete admin priv. is gained, then scan extra systems on network, install extra pen testing tools doing this on repeat until test time is done.
Executing a Penetration Test
???
at end of test, testers prepare detailed report of access they gained and vulnerabilities they exploited to gain access, contain results of various tests that can be shared with sys admin’s for remediation of issues.
Communicating Penetration Test Results
White Team : coordinates exercise and serves as referees, handling disputes between teams, maintaining technical environment and monitoring the results.
Compiled Languages : Java, C/C++
info
