Dion Review Flashcards

1
Q

Isolation

A

Isolation is a mitigation technique that can help prevent malware from spreading from one system or process to another by limiting their interaction and communication. Isolation involves sandboxing or simply disconnecting an infected system. This prevents potentially malicious programs or scripts from accessing the rest of the system or network. Isolation is most important when malware is on the system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Data Controller

A

A Data Controller USES the data

Example: HR Department, which collects employee information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Exposure Factor

A

The exposure factor is an estimate of the potential damage to an asset if a given threat exploits a vulnerability, and it is not directly connected to the asset’s total value or frequency of threat events. An exposure factor of 100% suggests that a security incident or threat event would render the asset entirely unusable or worthless. Exposure factor is usually expressed as a percentage representing the portion of the asset’s value likely to be lost in an incident.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Threat Scope Reduction

A

Threat scope reduction refers to the proactive steps and strategies taken to reduce the potential areas of attack within a system or network. By limiting the avenues that attackers can exploit, organizations can more effectively secure their assets.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Chain of Custody

A

Chain of Custody is the process of securing and preserving evidence related to a security incident for potential use in legal proceedings. When handling digital evidence, it is crucial to maintain a clear and documented Chain of Custody. This ensures that the evidence is collected, stored, and transferred in a way that maintains its integrity and authenticity, making it admissible and reliable in legal proceedings.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Infrastructure Diversification

A

Diversifying infrastructure ensures that organizations are not overly reliant on a single data center, network, or platform. By distributing their assets and systems across multiple locations or platforms, they can significantly reduce the risk of total service disruption if one component fails.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Risk Identification

A

Risk identification is the proactive process of recognizing and recording potential threats that could adversely affect an organization.

Threat intelligence involves the collection and analysis of information about current and potential attacks that threaten the security of an organization but does not directly refer to the broader process of risk identification.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Attribute-Based Access Control (ABAC)

A

In an ABAC system, access permissions are dynamically evaluated based on various user attributes, such as job role, department, location, and time of access. The system combines these attributes to make access control decisions, allowing for more fine-grained and context-aware access control.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Security Content Automation Protocol (SCAP)

A

The Security Content Automation Protocol (SCAP) is a set of specifications that standardize the format and nomenclature for communicating security configuration information and software flaws. SCAP is a checklist that helps enterprises improve their cybersecurity posture.

Its main functionality lies in strengthening the security of systems via a standardized approach to maintaining system security, aiding in automating the process of detecting vulnerabilities, managing configurations, and maintaining compliance with regulatory standards.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Client-Based Software

A

Client-based software is software that runs on the user’s computer and requires installation and configuration. It may have vulnerabilities that can be exploited by attackers if not updated or patched regularly.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Agentless Software

A

Agentless software is software that does not require installation or configuration on the user’s computer. It runs on a remote server and communicates with the user’s computer via a web browser or other interface.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Time-of-Use (TOU)

A

A Time-of-use (TOU) vulnerability arises when there’s an opportunity for an attacker to manipulate a resource after its creation but before its use by an application.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Service-Level Agreement (SLA)

A

The Service-Level Agreement (SLA) is the document that precisely defines the agreed-upon service levels and performance metrics that the vendor is expected to meet. It outlines the specific services to be provided, performance expectations, response times, and remedies for not meeting the agreed-upon levels.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Detection Phase of Incident Response Plan

A

Identifying and classifying incidents based on severity and impact is typically part of the “Detection” phase of the incident response process. It involves recognizing that an incident has occurred and understanding its potential implications.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Preparation Phase of Incident Response Plan

A

The Preparation phase in the incident response process involves activities such as developing an incident response plan, defining roles and responsibilities of the incident response team, and conducting regular training and drills. These preparations ensure that the organization is ready to respond effectively and efficiently to any potential security incidents.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Enumeration (Hardware/Software/Data Management)

A

In the context of hardware, software, and data asset management, enumeration refers to a comprehensive process that involves assigning unique identifiers, access controls, and attributes to each asset. This practice aims to establish granular control over access permissions, ensuring that only authorized users can interact with the assets. Enumeration plays a crucial role in maintaining the confidentiality, integrity, and availability of data by preventing unauthorized access and facilitating proper resource management.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Horizontal Password Attack

A

In a horizontal password attack, an attacker targets multiple accounts by trying a few common passwords across them. It’s a method to bypass account lockout policies that would trigger if too many failed attempts are made on a single account.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What type of wireless connection is best for ensuring reliable and secure communications between multiple branch offices?

A

Cellular connections are the best choice for secure and reliable communication between branch offices.
Cellular connections use GSM (Global System for Mobile Communications) or CDMA (Code Division Multiple Access) technologies to provide wireless communication between devices. Cellular connections are more secure than Wi-Fi or Bluetooth because they use encryption and authentication mechanisms to protect the data. Cellular connections also have a high bandwidth and can support a large number of devices at a time.

Bluetooth connections are not designed for long-distance communication. Bluetooth connections use short-range radio waves to connect devices within a few meters of each other. Bluetooth connections also have a low bandwidth and can only support a small number of devices at a time.

Satellite connections have higher latency and lower bandwidth than cellular connections. Satellite connections use orbiting satellites to transmit data, which can cause delays and signal loss due to atmospheric conditions and interference. Satellite connections also have a high cost and require specialized equipment to access them.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Security Officer

A

The security officer, also known as the Chief Information Security Officer (CISO) or Information Security Manager, is a senior-level role responsible for leading and overseeing the organization’s information security program. They are tasked with defining, implementing, and enforcing information security policies and procedures throughout the organization. The security officer collaborates with various stakeholders, including management, IT teams, and compliance personnel, to ensure that security measures align with the organization’s objectives and industry best practices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Control Plane (Zero Trust Model)

A

The Control Plane within the Zero Trust model is fundamentally responsible for deciding on access based on policies and threats, which is a dynamic and multifaceted task. While it does consider user behavior as part of its decision-making process, employing security decisions based on user behavior is only one aspect of its function.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Federation

A

A federated network is a network model in which a number of separate networks or locations share resources (such as network services and gateways) via a central management framework that enforces consistent configuration and policies. By employing federation, companies can leverage single sign-on across multiple domains or organizations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Extended Detection and Response (XDR)

A

Implementing XDR gives the ability to integrate and correlate security data from various sources, such as endpoints, network, and cloud environments. By doing so, XDR can detect and respond to sophisticated, multi-vector cyber threats more effectively. While XDR may contribute to enforcing security policies, its primary role is to detect and respond to multi-vector cyber threats across the IT environment. While some XDR solutions may include features for software updates and patch management, the primary focus of XDR is not on updating and patching software on endpoints. XDR’s primary purpose is to enhance threat detection and response capabilities. One of the main advantages of EDRs is that they provide real-time monitoring and reporting of attacks.

XDR works best in situations where company security data is spread across a number of applications and tools.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Golden Image

A

A golden image is a template for a virtual machine, virtual desktop, server or hard disk drive. A golden image ensures consistency and saves time by providing a standardized configuration for each VM deployed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Concurrent Session Usage

A

Concurrent session usage is an indicator of malicious activity that shows that an attacker or malware has compromised an account and is using it simultaneously with the legitimate user, creating multiple sessions from different locations or devices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

What is the purpose of internal and external compliance reporting?

A

External compliance reporting is crafted to meet mandatory disclosures and inform external stakeholders such as regulators and shareholders about the company’s compliance status at a high level. Internal compliance reporting is designed to give detailed insights to internal stakeholders like executives and security analysts, assisting in strategic planning and operational improvements.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Total Cost of Ownership (TCO)

A

The TCO (Total Cost of Ownership) not only includes the initial purchase price of the tool but also the ongoing expenses related to maintenance, updates, and other associated costs over its lifecycle.

While ROI (Return on Investment) evaluates the profitability or benefit of a particular investment, it doesn’t primarily focus on the entire financial impact over a tool’s lifecycle.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

DKIM (Domain Keys Identified Mail)

A

Implementing DKIM enables organizations to sign emails originating from their domain cryptographically. This allows receivers to verify that an email claiming to be from the domain genuinely is.

28
Q

Sender Policy Framework (SPF)

A

SPF (Sender Policy Framework) is valuable in identifying which servers are authorized to send emails on behalf of a domain.

29
Q

Data Custodian

A

A Data Custodian is an entity responsible for managing the system where the data is stored and preserving the data. The data custodian would be unlikely to be analyzing data.

Example: IT department

30
Q

Data Processor

A

A Data Processor is an entity that processes personal data on behalf of the data controller.

Example: The HR department (controller) offloads their payroll data to a third party company (processor)

31
Q

UI (CVSS)

A

The UI (User Interaction) metric specifies whether an attack can be executed solely by the attacker or if it necessitates user involvement to succeed.

32
Q

PR (CVSS)

A

The Privileges Required (PR) metric measures the level of privileges an attacker must have to exploit the vulnerability.

33
Q

False Positive

A

A False Positive is a security alert that incorrectly identifies a legitimate action as a potential threat.

Additionally, a False Positive refers to a situation where a legitimate action is mistakenly identified as a threat and may lead to unnecessary alarms and investigation efforts.

34
Q

Sophistication

A

Sophistication refers to the intricacy and advancement of a threat actor’s tactics, techniques, and procedures. More sophisticated threat actor groups possess customized attack tools and have access to skilled personnel, such as strategists and hackers.

Capability pertains to a threat actor’s ability to devise new exploits and tools, but it doesn’t necessarily denote the intricacy/complexity of their methods.

35
Q

Data Owner

A

A Data Owner is an entity that actually owns the data.
They are accountable for compliance with the organization’s strategic objectives.

Example: CEO, board of directors, company president

36
Q

Adaptive Identity

A

Adaptive Identity allows for more flexible and dynamic access control by using contextual data to make dynamic access control decisions. For example, the system might grant access to a sensitive resource based on the user’s location or the time of day.

37
Q

Resource Reuse (Virtualization)

A

Resource Reuse in the context of Virtualization is a type of vulnerability that involves accessing or modifying data or communications from other virtual machines by exploiting the shared CPU between them. It can allow an attacker to execute malicious code or commands on other virtual machines.

38
Q

Known Environment Penetration Test

A

Penetration testing in a known environment means that a significant amount of information has been given to the tester. This can include passwords, usernames, and other information.

39
Q

What is the most important security implication when splitting a large application into microservices?

A

As applications are broken down into microservices, each service might need specific access controls, potentially complicating the permissions landscape.

40
Q

What piece of information about a file is not typically included in its metadata?

A

Metadata does NOT normally include the file’s extension.

41
Q

Why is employee retention good for the security of an organization?

A

Employee retention means that the organization can retain experienced staff who have gained valuable institutional knowledge and expertise in managing security automation and orchestration.

42
Q

ECC

A

ECC (Elliptic Curve Cryptography) is a form of public key cryptography based on the algebraic structure of elliptic curves over finite fields primarily used for digital signatures and key exchanges.

43
Q

Screen-locking Ransomware

A

Screen-locking Ransomware intimidates users by locking them out of their device and displaying threatening messages.

Some indicators for this type of ransomware include messages suggesting that a computer was locked by the police or computers being replaced with shell program that makes it appear as if files are inaccessible.

44
Q

What is the main danger that comes from Shadow IT?

A

Shadow IT can introduce security risks because the unauthorized system or device may provide attackers with a way to gain access to an otherwise secure system.

45
Q

What is the format for a CVE identifier?

A

A CVE identifier follows a format of “CVE” followed by a year and a sequence of numbers. An example of a valid CVE identifier is:

CVE-2022-12345

46
Q

SRTP

A

SRTP (Secure Real-time Transport Protocol) provides encryption, message authentication, and integrity for voice communications over IP (VoIP). It’s designed to protect Real-time Transport Protocol (RTP) and RTP Control Protocol (RTCP) traffic.

47
Q

Side Loading

A

Side Loading is the process of installing applications on a mobile device from sources other than the official app store (a website), which can allow unauthorized applications to be installed.

48
Q

Homomorphic Encryption

A

Homomorphic Encryption allows data to be processed without being decrypted, effectively securing data-in-use. Computations can be performed on the encrypted data directly, and the results, when decrypted, match as if the operations were done on the plaintext.

49
Q

What are the implications of using the CSP root account for daily logon activity?

A

Using the root user for daily cloud tasks is a high-risk practice because it gives complete control over all resources in the cloud account, making it a lucrative target for attackers.

50
Q

Continuous Risk Assessment

A

Continuous Risk Assessment involves ongoing and real-time monitoring of risks as part of the organization’s daily operations. It aims to quickly identify and address emerging risks. While it is beneficial, it may not specifically involve periodic assessments at regular intervals.

51
Q

Infrastructure Monitoring

A

Infrastructure Monitoring is focused on ensuring the foundational IT components, like servers, data centers, and networking equipment, are both functional and secure.

This is different from Systems Monitoring which evaluates the hardware, operating systems, and the essential services that applications run on but not the broader foundational structures of IT.

52
Q

SASE

A

SASE (Secure Access Service Edge) combines network security and WAN capabilities in a single cloud-based service, making it an ideal solution for ensuring secure and reliable access to data and applications irrespective of user/device location.

53
Q

What term refers to the expected frequency of occurrence of a specific risk within a given time frame?

A

Probability refers to the expected frequency of occurrence of a specific risk within a given time frame.

Likelihood is a qualitative term used to express the chance of a risk occurring, typically described in terms of low, medium, or high.

54
Q

Which email security technique specifically utilizes email certificates to authenticate and safeguard email content?

A

S/MIME (Secure Multipart Internet Message Extensions) leverages email certificates to both sign and encrypt email content, ensuring both authenticity and confidentiality.

55
Q

End-of-Life Vulnerability

A

End-of-life refers to hardware that is no longer supported by the manufacturer, often leading to unpatched and exploitable vulnerabilities.

Legacy hardware denotes older systems or components still in use, which can be vulnerable, but doesn’t necessarily mean they are unsupported or at their end-of-life.

56
Q

What is “Acquisition” in the context of incident response?

A

Acquisition involves identifying and gathering evidence related to the security incident. This may include collecting logs from affected systems, taking disk images, or other procedures to catalogue everything that may be used as evidence in a court proceeding.

57
Q

Does Continuous Integration slow down or speed up the development process?

A

In fact, continuous integration speeds up the development process. By integrating the work often, problems are discovered early and can be fixed immediately, preventing them from slowing down the project in the later stages. The practice of making frequent commits and running automated tests means that errors are detected sooner.

58
Q

What is the best tool for agentless security monitoring/alerting?

A

SIEM tools are essential for consolidating and analyzing logs and alerts from various sources within an environment. These tools are known for their agentless capabilities, where they can collect and process logs without needing a dedicated agent on the source system, providing flexibility in diverse infrastructure setups.

While an IDS can detect malicious activities, it typically requires agents or sensors to capture traffic or system activities.

59
Q

Probability vs. Likelihood

A

Probability is a quantitative measure, usually expressed as a number between 0 and 1, or as a percentage, indicating the statistical likelihood of a risk event.

Likelihood is used in qualitative risk analysis to subjectively describe how probable a risk event is, often expressed in terms such as “low,” “medium,” or “high.” Likelihood also ties the likelihood to a specific time frame, unlike probability.

60
Q

Which US act requires federal agencies to develop security policies for computer systems that process confidential information?

A

Computer Security Act (1987)

61
Q

Hardening

A

Hardening techniques are techniques that can help you reduce the exposure of systems and devices to potential attacks by disabling unused features and services. Hardening techniques involve removing unnecessary features and services, changing default settings, and applying security configurations to systems and devices.

Hardening techniques do not typically involve installing endpoint protection software.

62
Q

What happens when a file is quarantined during an alert response?

A

When a file is quarantined, it is isolated, ensuring the user, or possibly any user, cannot access it. This can be achieved by encrypting the file or moving it to a designated quarantine zone in the file system.

63
Q

Are complexity rules a good method of enforcing password security?

A

In the past, complexity rules were seen as a useful way to improve password management. However, in current NIST guidelines, complexity rules are seen as counter-productive. Users are more likely to write down complex passwords because they are difficult to remember. Letting users create long, strong passwords that they can remember is a better practice.

64
Q

What is the purpose of an integrated penetration test?

A

Integrated penetration tests are intended to gauge the success of an organization’s security training.

Integrated tests provide a comprehensive evaluation, covering various security domains from physical infrastructure to software applications and network configurations, ensuring a multi-faceted approach to uncovering potential vulnerabilities.

65
Q

Workforce Multiplier

A

The workforce multiplier refers to the ability to scale and amplify the effectiveness of the security team by combining the efforts of human professionals with automation and orchestration. This combination allows the organization to handle a larger volume of security tasks and incidents, thus enhancing their security capabilities.

66
Q

Degaussing

A

Degaussing exposes hard disks to powerful electromagnets, disrupting data storage patterns. However, not all types of drives, like SSDs and optical media, can be degaussed, limiting its applicability.

67
Q

Trusted Platform Module (TPM)

A

TPM is a hardware-based storage system that contains keys, digital certificates, hashed passwords, and many other types of information used for authentication.

It is typically embedded on device motherboards or CPUs that use Windows operating systems.