Deck2 Flashcards

1
Q

The process through which data generated in the ongoing use of information systems is collected, processed, analyzed, and disseminated to provide insights into the security status of those systems

A

Security Intelligence

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Structured Threat Information eXpression (STIX)

A

A standard terminology for IoCs and ways of indicating relationships between them that is included as part of the OASIS Cyber Threat Intelligence (CTI) framework STIX is expressed in JavaScript Object Notation (JSON) format that consists of
attribute: value pairs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Trusted Automated eXchange of Indicator Information (TAXII)

A

A protocol for supplying codified information to automate incident detection and
analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

OpenIOC

A

A framework by Mandiant that uses XML-formatted files for supplying codified information to automate incident detection and analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Malware Information Sharing Project (MISP)

A

MISP provides a server platform for cyber threat intelligence sharing, a
proprietary format, supports OpenIOC definitions, and can import and export STIX over TAXII

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

whois

A

A public listing of all registered domains and their registered administrators

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Switched Port Analyzer (SPAN)

A

Allows for the copying of ingress and/or egress communications from one or more switch ports to another

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Domain Generation Algorithm (DGA)

A

A method used by malware to evade blacklists by generating domain names for
C&C networks dynamically

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

The principle method used with HTTP and is used to retrieve a resource

A

GET

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Used to send data to the server for processing by the requested resource

A

POST

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Creates or replaces the requested resource

A

PUT

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Used to remove the requested resource

A

DELET

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Retrieves the headers for a resource only and ignores the body

A

HEAD

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

200

A

Indicates a successful GET or POST request (OK)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

3xx

A

Any code in this range indicates that a redirect has occurred by the server

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

4xx

A

Any code in this range indicates an error in the client request

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

403

A

Indicates that a request did not have sufficient permissions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

404

A

Indicates that a request did not have sufficient permissions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

5xx

A

Any code in this range indicates a server-side issue

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Percent Encoding

A

A mechanism to encode 8-bit characters that have specific meaning in the context of URLs, also known as URL encoding

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Firewall logs can provide you with four types of useful security data

A

Connections that are permitted or denied
Port and protocol usage in the network
Bandwidth utilization with the duration and volume of usage
An audit log of the address translations (NAT/PAT) that occurred

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Reverse Proxy

A

A type of proxy server that protects servers from direct contact
with client requests

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Sysinternals

A

A suite of tools designed to assist with troubleshooting issues with Windows, and
many of the tools are suited to investigating security issues

22
Q

Manages low-level Windows functions and it is normal to see several of these
running
(as long as they are launched from %SystemRoot%\System32 and have no parent)

A

Client Server Runtime SubSystem (csrss.exe)

23
Manages drivers and services and should only have a single instance running as a process
WININIT (wininit.exe)
23
Hosts nonboot drivers and background services, this process should only have one instance of services.exe running as a child of wininit.exe, with other service processes showing a child of services.exe or svchost.exe
Services.exe
23
Handles authentication and authorization services for the system, and should have a single instance running as a child of wininit.exe
Local Security Authority SubSystem (lsass.exe)
24
Manages access to the user desktop and should have only one instance for each user session with the Desktop Window Manager (dwm.exe) as a child process in modern versions of Windows
WINLOGON (winlogon.exe)
25
Sets up the shell (typically explorer.exe) and then quits, so you should only see this process briefly after log-on
USERINIT (userinit.exe)
26
This is the typical user shell, launched with the user’s account privileges rather than SYSTEM’s, and is likely to be the parent for all processes started by the logged-on user
Explorer (explorer.exe)
27
DNS record identifying hosts authorized to send mail for the domain with only one being allowed per domain
Sender Policy Framework (SPF)
28
Provides a cryptographic authentication mechanism for mail utilizing a public key published as a DNS record
DomainKeys Identified Mail (DKIM)
29
Domain-Based Message Authentication, Reporting, and Conformance (DMARC)
A framework for ensuring proper application of SPF and DKIM utilizing a policy published as a DNS record DMARC can use either SPF or DKIM or both
30
SMTP Log Analysis
SMTP logs are typically formatted in request/response fashion o Time of request/response o Address of recipient o Size of message o Status code
30
Secure/Multipurpose Internet Mail Extensions (S/MIME)
An email encryption standard that adds digital signatures and public key cryptography to traditional MIME communications
31
File Transfer Protocol
21 (FTP)
32
Secure Shell/FTP over SSH
22 (SSH/SFTP)
33
Telnet – an unsecure remote administration interface
23 (TELNET)
34
Simple Mail Transfer Protocol
25 (SMTP)
35
Domain Name System uses TCP for zone transfers
53 (DNS)
36
Post Office Protocol is a legacy mailbox access protocol
110 (POP3)
37
NetBIOS Session Service supports Windows File Sharing with pre-Windows 2000 version hosts
139 (NETBIOS-SSN)
38
Internet Mail Access Protocol
143 (IMAP)
39
Server Message Block
445
40
Post Office Protocol Secure
995 (POP3S)
41
MySQL database connection
3306 (MySQL)
42
Remote Desktop Protocol
3389 (RDP)
43
Domain Name System uses UDP for DNS queries
53 (DNS)
44
Trivial File Transfer Protocol
69 (TFTP)
44
Dynamic Host Configuration Protocol (DHCP)
67/68
45
Network Time Protocol
123
46
NetBIOS
137/138/139
47
Server port for a syslog daemon
514 (SYSLOG)
48
A software development model that focuses on iterative and incremental development to account for evolving requirements and expectations
Agile Method
49
A software development model where the phases of the SDLC cascade so that each phase will start only when all tasks identified in the previous phase are complete
Waterfall Method