Deck 1 Flashcards
What is DAC?
Discretionary access control
What is kismet?
Kismet is an open source wireless sniffer. It can monitor wireless networks and the devices connected to them. As well as create coverage maps based on signal strength.
Where should a WAF be placed?
A Web Application Firewall (WAF) helps protect web applications from common attacks. It needs to sit in front of the web servers to perform its job and should be placed behind the firewall, as it does not replace the firewall
What is AES?
Advanced Encryption Standard (AES), another symmetric algorithm, is the replacement for DES. It can provide three different block sizes: 128, 192, and 256. Each goes through more iterations of computing the algorithm applied to the message.
What is DES?
Digital Encryption Standard (DES), a symmetric algorithm, uses a 64-bit key and divides the message into 64-bit blocks, with 16 rounds of transposition and substitution performed on each block. Replaced by AES
What is IDEA?
International Data Encryption Algorithm (IDEA) is a symmetric block cipher that uses 64-bit blocks. Each block is divided into 16 smaller blocks and then computed several times.
What is AEAD?
Authentication Encryption with Associated Data (AEAD) encrypts data with a symmetric key and generates an authentication tag that can verify the data’s authenticity.
What is a state-based threshold?
State-based thresholds are triggered when a system state changes, such as a firewall beginning a graceful shutdown or starting up after rebooting.
What is a fixed threshold?
Fixed thresholds are based on fixed numeric values or calculations.
What is a historical threshold?
Historical thresholds consider past and present values and are often used to compare different periods.
What is the perimeter network?
Perimeter network is the boundary between an internal network and the external network.
What is an Integer overflow?
An integer overflow occurs if an application tries to store a number that is larger than the size allocated to it. This can cause the number to wrap around or cause unusual behavior.
What is Javasnoop
JavaSnoop is for testing the security of Java applications
What is diStorm3?
The diStorm3 tool is for reverse engineering software
What is Haschat?
Haschat is a password cracking tool
What is a VLAN?
Virtual local area networks (VLANs) are logical subdivisions of a switch that segregate ports from one another as if they were in different LANs. VLANs can also span multiple switches, meaning that devices connected to the switches in different parts of a network can be placed in the same VLAN, regardless of physical location.
What is Port Mirroring?
Port mirroring is the process of replicating data transmitted over one switch port on another port
What is a collision domain?
Collision domains are segments of a network where packets may collide (e.g., an entire network hub or an individual switch port).
What is a broadcast domain?
Broadcast domains are a segment of a network that all receive the same broadcast messages.
What is a hashing collision?
When a hashing algorithm produces the same output from two different inputs
Hashing algorithms are often used for data integrity and authentication. It is important for them to produce different outputs (hash values) given a different input. When two different inputs create the same hash value, cybersecurity professionals call that a collision
What are the 4 ways to handle risk?
The four ways to handle risk are:
• Avoid - Eliminate the risk in some way. For example, an organization may avoid doing something or stop doing something.
• Accept - Accept the risk and proceed anyway. An informed decision has been made to move forward despite the risk.
• Transfer - Transfer the risk to some other organization or person. A common example of transferring risk is purchasing insurance.
• Mitigate - A control(s) is implemented to reduce risk.
What is OWASP?
The Open Web Application Security Project (OWASP) is a group that monitors attacks, specifically web attacks. They seek to provide additional information to those affected by any cyber attacks and maintain a list of the top 10 attacks impacting web applications (the “OWASP Top 10).
What is SCAP?
The Security Content Automation Protocol (SCAP) is maintained by the National Institute of Standards (NIST) and includes specifications that help standardize cybersecurity automation tasks including vulnerability and compliance management.
What is IEC?
The International Electrotechnical Commission (IEC) maintains electronic and electrical engineering standards
What is ISO?
The International Organization for Standardization (ISO) maintains a variety of engineering standards, but not electronic and electrical engineering standards (which are maintained by the IEC).
What is a CDN?
A CDN (content delivery network) is a network of servers that provides content like images, videos, and web pages to help improve website speed and availability
What is SOAR?
SOAR (security orchestration, automation, and response) tools help centralize security management and automate responses.
What is bootstrapping?
In data science and cybersecurity, bootstrapping refers to the process of extrapolating a conclusion based on a data set. Bootstrapping can be useful in helping machine learning algorithms used in tools like SOAR tools to better detect threats and patterns.
What is ISACs?
Information Sharing and Analysis Centers (ISACs) is specifically mentioned in the exam objectives, and it refers to a website that grows “a diverse community of companies that leverage information technology and have in common a commitment to cyber-security.” Its website is at www.it-isac.org.
What is OVAL?
The Open Vulnerability and Assessment Language (OVAL) is used for sharing information about vulnerabilities
What is NIST?
The National Institute of Technology (NIST) focuses on measurements, standards, and research.
What is packet capturing?
Packet capturing is used to capture packets of data on a network for analysis. If the packets are not encrypted, an attacker can learn a lot of sensitive information
What is keylogging?
Keylogging is used to capture sensitive information that a user types on their keyboard.
Does a vulnerability scan capture packets?
No
Rank from most volatile to least
- Cache and registers
- Routing tables, kernel statistics, memory, etc.
- Temporary file systems/swap space
- Data on hard disk
- Remote logging data and monitoring data
- Physical configurations and network topology
- Archival media
What is OCSP?
The Online Certificate Satus Protocol (OCSP) is used to check the revocation status of a digital certificate.
What is SNMP?
The Simple Network Monitoring Protocol (SNMP) is used to monitor and manage network devices.
What is EAP?
Extensible Authentication Protocol (EAP) is a framework for authentication in networks
What is SCAP?
The Security Content Automation Protocol (SCAP) is used to automate security tasks.
What is ESP?
Encapsulating security payload (ESP) provides data confidentiality
What is AH?
Authentication Header (AH) provides data integrity and authentication.
What is ISAKMP?
Internet Security Association and Key Management Protocol (ISAKMP) handles the creation of the security association for the session and exchange keys
What is IKE?
Internet Key Exchange (IKE) is also sometimes referred to as IPsec Key Exchange. It provides the authentication material used to create the keys exchanged by ISAKMP during peer authentication.
What is IPsec?
IPSec is a set of communication rules or protocols for setting up secure connections over a network. Internet Protocol (IP) is the common standard that determines how data travels over the internet. IPSec adds encryption and authentication to make the protocol more secure. For example, it scrambles the data at its source and unscrambles it at its destination. It also authenticates the source of the data.
Explain directory services
Directory services are used to provide organizational information such as users, servers, printers, other resources on a network. LDAP is an example of a directory service protocol.
What is a federation?
A federation is a group of domains with an established trust
What is peering?
Peering is a technique for directly connecting two networks.
