D P1-3 II Flashcards

1
Q

Threat Actors

A. Hacktivist
B. Whistleblower
C. Organized crime
D. Unskilled attacker

A

Hacktivist: Motivated by political or social causes.

Whistleblower: Insider exposing wrongdoing.

Organized Crime: Professional criminals targeting systems for profit.

Unskilled Attacker: Lacks advanced knowledge, often uses prebuilt tools.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Data Protection

A. Key stretching
B. Data masking
C. Steganography
D. Salting

A

Key Stretching: Strengthening passwords using algorithms like PBKDF2.

Data Masking: Obscuring data to protect sensitive information.

Steganography: Hiding data within other files.

Salting: Adding random data to passwords before hashing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Phishing Techniques

A. Brand impersonation
B. Pretexting
C. Typosquatting
D. Phishing

A

Brand Impersonation: Pretending to be a trusted company.

Pretexting: Crafting a scenario to extract information.

Typosquatting: Using misspelled domains to deceive users.

Phishing: Broad term for fraudulent attempts to obtain sensitive data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Authentication Methods

A. SSO
B. LEAP
C. MFA
D. PEAP

A

SSO: Single Sign-On for centralized authentication.

LEAP: Lightweight Extensible Authentication Protocol.

MFA: Multifactor Authentication.

PEAP: Protected Extensible Authentication Protocol.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Infrastructure Components

A. Jump server
B. RADIUS
C. HSM
D. Load balancer

A

Jump Server: Used as a gateway to secure internal systems.

RADIUS: Remote Authentication Dial-In User Service for centralized authentication.

HSM: Hardware Security Module for managing cryptographic keys.

Load Balancer: Distributes traffic across multiple servers for performance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Security Technologies

A. NGFW
B. WAF
C. TLS
D. SD-WAN

A

NGFW: Next-Generation Firewall with advanced filtering capabilities.

WAF: Web Application Firewall for protecting web apps.

TLS: Transport Layer Security for encrypted communication.

SD-WAN: Secure and efficient Wide Area Networking.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Authentication

A. Multifactor authentication
B. Permissions assignment
C. Access management
D. Password complexity

A

Multifactor Authentication: Using multiple methods to verify identity.

Permissions Assignment: Allocating specific access rights.

Access Management: Controlling user access to resources.

Password Complexity: Requiring strong passwords with various character types.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Social Engineering

A. Typosquatting
B. Phishing
C. Impersonation
D. Vishing
E. Smishing
F. Misinformation

A

Typosquatting: Registering misspelled domain names to deceive users.

Phishing: Fraudulent attempts to obtain sensitive information.

Impersonation: Pretending to be someone else to gain trust.

Vishing: Phishing conducted over phone calls.

Smishing: Phishing conducted via SMS.

Misinformation: Deliberately spreading false information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Governance and Compliance

A. Rules of engagement
B. Supply chain analysis
C. Right to audit clause
D. Due diligence

A

Rules of Engagement: Guidelines for interactions during security activities.

Supply Chain Analysis: Assessing risks in supply chain relationships.

Right to Audit Clause: Contractual right to review a partner’s practices.

Due Diligence: Conducting thorough evaluations before decisions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Security Modes

A. Active
B. Passive
C. Defensive
D. Offensive

A

Active: Engaging threats directly.

Passive: Observing without direct interaction.

Defensive: Protecting against attacks.

Offensive: Proactively engaging potential threats.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Acronyms

A. IRP
B. DRP
C. RPO
D. SDLC

A

IRP: Incident Response Plan.

DRP: Disaster Recovery Plan.

RPO: Recovery Point Objective—defines data loss tolerance.

SDLC: Software Development Life Cycle.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Mobile and System Threats

A. Jailbreaking
B. Memory injection
C. Resource reuse
D. Side loading

A

Jailbreaking: Removing restrictions on a device to allow unauthorized changes.

Memory Injection: Injecting malicious code into memory to exploit a system.

Resource Reuse: Exploiting residual data from reused resources.

Side Loading: Installing apps from unofficial or unauthorized sources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly