Definitions

Question 1

Data steward

Answer 1

The data steward is primarily responsible for data quality. Ensuring the data is collected and stored in a format containing values that comply with applicable laws and regulations.

Question 2

Data custodian

Answer 2

The data custodian handles all data and manages the system on which the data assets are stored.

Question 3

Data Owner

Answer 3

The owner is responsible for labeling the asset and ensuring that it is protected with appropriate controls.

Question 4

Data Processor

Answer 4

The data processor is the entity engaged by the data controller to assist with technical collection, storage, or analysis tasks.

Question 5

Cross-Site Scripting (XSS)

Answer 5

When an attacker uses a web application to ‘send malicious code’ to a different end user.
Occurs when web apps contain ‘reflected input’.
‘Client Side Vulnerability’.

Question 6

Cross-Site Request Forgery (XSRF or CSRF)

Answer 6

‘Exploits trust’ that a user has in a website to ‘execute code’ onto the users computer.

Question 7

What’s the difference between XSS and XSRF

Answer 7

Cross-site scripting (or XSS) allows an attacker to execute arbitrary JavaScript within the browser of a victim user. Cross-site request forgery (or CSRF) allows an attacker to induce a victim user to perform actions that they do not intend to.

Question 8

Dynamic-Link Library (DLL) Injection attack

Answer 8

When malware tries to inject code into the memory process space of a library using a ‘vulnerable/compromised DLL.’

Question 9

Lightweight Directory Access Pool (LDAP) Injection attack

Answer 9

Exploits the weaknesses in LDAP implementations.
Occurs when users ‘input is not properly filtered’.
‘Unauthorized quire’s’.

Question 10

Extensible Markup Language (XML) Injection attack

Answer 10

When users enter values that query XML (known as XPath) with values that take advantage of exploits.
Similar to SQL, but does not have the same ‘access control’ so exploits can return entire documents.

Question 11

List the Events of the Cyber Kill Chain

Answer 11

Reconnaissance
Intrusion
Exploitation
Privilege Escalation
Lateral Movement
Obfuscation
Denial of Service
Exfilitration

RIEPLODE

Question 12

Address Resolution Protocol (ARP) poisoning

Answer 12

To sniff all traffic on a switched network. ARP poisoning occurs when an attacker, with access to the network, redirects an IP address to the MAC address of an unintended computer.

Question 13

List Layers of the OSI Model

Answer 13

1. Physical
2. Data Link
3. Network
4. Transport
5. Session
6. Presentation
7. Application

PLEASE DO NOT THROW SAUSAGE PIZZA AWAY

Question 14

List the Incident Management Framework

Answer 14

1. Detection
2. Response
3. Mitigation
4. Reporting
5. Recovery
6. Remediation
7. Lessons Learned

DRMRRRL

Question 15

A Directory Traversal Attack

Answer 15

Directory traversal (also known as file path traversal) is a web security vulnerability that allows an attacker to read arbitrary files on the server that is running an application. This might include application code and data, credentials for back-end systems, and sensitive operating system files.

Question 16

What’s the difference between Entropy and Ephemeral

Answer 16

Entropy is used to produce random numbers, which in turn are used to produce security keys to protect data. It is a measure of cryptographic unpredictability. A lack of can leave a crypto-system vulnerable and unable to encrypt data securely.

An Ephemeral key is an asymmetric cryptographic key used to create a one-time password when the user wants to authenticate. i.e DUO or Google Authenticator.

Question 17

What’s the difference between a honey-net and a honey-pot?

Answer 17

Honey-pots: singular Honey-net: plural

Honey-nets contain one or more honeypots

Question 18

List the Order of Volatility, from most volatile to least.

Answer 18

1. CPU Cache, Registers
2. Routing Table, ARP Cache, Process Table, Kernel Statistics
3. System memory, RAM
4. Temporary Files
5. Data on Hard Disks
6. Remote Logs
7. Backups

Question 19

List examples of Technical Controls

Answer 19

Firewall Rules, Access Control Lists, Intrusion Prevention Systems, and Encryption

Question 20

List examples of Operational Controls

Answer 20

User Access Reviews, Log Monitoring, and Vulnerability Management

Question 21

List examples of Managerial Controls

Answer 21

Risk/Threat Assessments, Security Planning Exercises, Incorporation of security into the orgs change management, Service Acquisition, and Project Management Practices

Question 22

What is a Supply Chain attack?

Answer 22

An attack that occurs before software or hardware is delivered to an organization.

Question 23

What port does HTTPS run on?

Answer 23

TCP 443

Question 24

What port does HTTP run on?

Answer 24

TCP 80

Question 25

What port does SSH run on?

Answer 25

TCP 22

Question 26

What port does SMTP run on?

Answer 26

TCP 25

Question 27

What port does LDAPS run on?

Answer 27

TCP 636

Question 28

What port is the secure alternative to telnet?

Answer 28

SSH 22

Question 29

What is a Man-in-the-Browser also known as?

Answer 29

An On-Path attack