D P1-3 II Flashcards
Threat Actors
A. Hacktivist
B. Whistleblower
C. Organized crime
D. Unskilled attacker
Hacktivist: Motivated by political or social causes.
Whistleblower: Insider exposing wrongdoing.
Organized Crime: Professional criminals targeting systems for profit.
Unskilled Attacker: Lacks advanced knowledge, often uses prebuilt tools.
Data Protection
A. Key stretching
B. Data masking
C. Steganography
D. Salting
Key Stretching: Strengthening passwords using algorithms like PBKDF2.
Data Masking: Obscuring data to protect sensitive information.
Steganography: Hiding data within other files.
Salting: Adding random data to passwords before hashing.
Phishing Techniques
A. Brand impersonation
B. Pretexting
C. Typosquatting
D. Phishing
Brand Impersonation: Pretending to be a trusted company.
Pretexting: Crafting a scenario to extract information.
Typosquatting: Using misspelled domains to deceive users.
Phishing: Broad term for fraudulent attempts to obtain sensitive data.
Authentication Methods
A. SSO
B. LEAP
C. MFA
D. PEAP
SSO: Single Sign-On for centralized authentication.
LEAP: Lightweight Extensible Authentication Protocol.
MFA: Multifactor Authentication.
PEAP: Protected Extensible Authentication Protocol.
Infrastructure Components
A. Jump server
B. RADIUS
C. HSM
D. Load balancer
Jump Server: Used as a gateway to secure internal systems.
RADIUS: Remote Authentication Dial-In User Service for centralized authentication.
HSM: Hardware Security Module for managing cryptographic keys.
Load Balancer: Distributes traffic across multiple servers for performance.
Security Technologies
A. NGFW
B. WAF
C. TLS
D. SD-WAN
NGFW: Next-Generation Firewall with advanced filtering capabilities.
WAF: Web Application Firewall for protecting web apps.
TLS: Transport Layer Security for encrypted communication.
SD-WAN: Secure and efficient Wide Area Networking.
Authentication
A. Multifactor authentication
B. Permissions assignment
C. Access management
D. Password complexity
Multifactor Authentication: Using multiple methods to verify identity.
Permissions Assignment: Allocating specific access rights.
Access Management: Controlling user access to resources.
Password Complexity: Requiring strong passwords with various character types.
Social Engineering
A. Typosquatting
B. Phishing
C. Impersonation
D. Vishing
E. Smishing
F. Misinformation
Typosquatting: Registering misspelled domain names to deceive users.
Phishing: Fraudulent attempts to obtain sensitive information.
Impersonation: Pretending to be someone else to gain trust.
Vishing: Phishing conducted over phone calls.
Smishing: Phishing conducted via SMS.
Misinformation: Deliberately spreading false information.
Governance and Compliance
A. Rules of engagement
B. Supply chain analysis
C. Right to audit clause
D. Due diligence
Rules of Engagement: Guidelines for interactions during security activities.
Supply Chain Analysis: Assessing risks in supply chain relationships.
Right to Audit Clause: Contractual right to review a partner’s practices.
Due Diligence: Conducting thorough evaluations before decisions.
Security Modes
A. Active
B. Passive
C. Defensive
D. Offensive
Active: Engaging threats directly.
Passive: Observing without direct interaction.
Defensive: Protecting against attacks.
Offensive: Proactively engaging potential threats.
Acronyms
A. IRP
B. DRP
C. RPO
D. SDLC
IRP: Incident Response Plan.
DRP: Disaster Recovery Plan.
RPO: Recovery Point Objective—defines data loss tolerance.
SDLC: Software Development Life Cycle.
Mobile and System Threats
A. Jailbreaking
B. Memory injection
C. Resource reuse
D. Side loading
Jailbreaking: Removing restrictions on a device to allow unauthorized changes.
Memory Injection: Injecting malicious code into memory to exploit a system.
Resource Reuse: Exploiting residual data from reused resources.
Side Loading: Installing apps from unofficial or unauthorized sources.