Dion Test 1

Question 1

3DES

Answer 1

Symmetric

Question 2

DLP

Answer 2

Data Loss Protection - Prevents data loss. Software solution that detects and prevents sensitive information from being stored on unauthorized systems or transmitted over unauthorized networks

Question 3

Aircrack-ng

Answer 3

Suite of wireless security assessment and exploitation tools that includes monitoring, attacking, testing, and cracking of wireless networks. Includes packet capture and export of the data collected as a text file or pcap file

Collects wireless packet data

Question 4

Autopsy

Answer 4

Cross-platform, open-source forensic tool suite

Digital forensics platform

Question 5

BeEF

Answer 5

Browser Exploitation Framework - Penetration testing tool that focuses on the web browser

Question 6

Brute Force Attack

Answer 6

Focuses on trying multiple passwords for a single user

Question 7

Chain of custody forms list…

Answer 7

Everybody who has worked with or who has touched the evidence that’s part of the investigation. These forms record every action taken by each individual in possession of the evidence

Question 8

tracert (trace route)

Answer 8

Networking diagnostic command for displaying possible routes and measuring transit delays of packets across an IP network

Used to determine the path traffic takes from one device to another

Shows how many hops, Uses ICMP

Displays the route of packets and timing between point A and point B. It’s very useful to help an administrator understand where along a route potential delays are arising

Question 9

SQL Injection

Answer 9

Code injection technique used to attack data-driven applications.

Takes advantage of code vulnerabilities on website

Technique that exploits vulnerabilities in a target website’s SQL-based application software by injecting malicious SQL statements or by exploiting incorrect input

If you see “1=1 or 9=9, !=0”…its SQL Injection

Question 10

Command injection

Answer 10

An attack where the goal is to execute arbitrary (random) commands on the host operating system via a vulnerable application

Question 11

COSO (Committee of Sponsoring Organizations of the Treadway Commission)

Answer 11

Guides governance-related topics, including fraud, controls, finance, and ethics

Question 12

Cryptographic Erase (CE)

Answer 12

Sanitizes a self-encrypting drive by erasing the media encryption key and then reimaging the drive.

Question 13

CYOD

Answer 13

Choose Your Own Device

Question 14

Data Custodian

Answer 14

Responsible for the safe custody, transport, storage of the data and implementation of business rules. Determines who has access to data

Question 15

Data Owner

Answer 15

A senior executive role with ultimate responsibility for maintaining the confidentiality, integrity, and availability of the information asset…Should not be an IT person

Covers activities such as making sure there are definitions in place, action is taken on data quality issues and Data Quality Reporting

Person accountable for the classification, protection, use, and quality of one or more data sets within an organization

Question 16

DPO (Data Protection Officer)

Answer 16

Ensures that the organization processes the personal data of its staff, customers, providers, or any other individuals in compliance with the applicable data protection rules

Ensure that a company is complying with laws

Organization’s GDPR focal point and possesses
expert knowledge of data protection law and practices

Question 17

Data Steward

Answer 17

Works for data owner and makes sure the data is appropriately labeled and classified…focused on the quality of the data

Question 18

Data Wiping/Clearing

Answer 18

Data wiping/clearing occurs by using a software tool to overwrite the data on a hard drive to destroy all electronic data on a hard disk or other media. Keeps hard drive reusable

Data wiping may be performed with a 1x, 7x, or 35x overwriting, with a higher number of times being more secure. This allows the hard drive to remain functional and allows for hardware reuse

Question 19

FACT: The database server is part of a critical production network

Question 20

dd tool

Answer 20

Linux command Line tool
Can create forensic images (not a proprietary tool because it’s open-source).

Primary purpose is to convert and copy files

Question 21

Degaussing

Answer 21

Involves demagnetizing a hard drive to erase its stored data. You cannot reuse a hard drive once it has been degaussed. Magnets

Degaussing is Purging

Question 22

Dereferencing

Answer 22

Software vulnerability that occurs when the code attempts to remove the relationship between a pointer and the thing it points to

Question 23

DES

Answer 23

Data Encryption Standard - Symmtreic key algorithm for the encryption of digital data. Short key length of 56 bits

Question 24

Diffie–Hellman

Answer 24

Key exchange. Method of securely exchanging cryptographic keys over a public channel

Question 25

Directory traversal/Path Traversal

Answer 25

HTTP/web attack that allows attackers to access restricted directories and execute commands outside of the web server’s root directory

If you see “../” = most likely directory traversal

Occurs when attacker is able to read files on the web server outside of the directory of the website on remote server

Question 26

Disk Management

Answer 26

Utility in Windows that enables you to perform advanced storage tasks

Question 27

DSA

Answer 27

Digital Signature Algorithm - Asymmetric. Used for digital signature and its verification. Doesn’t perform encryption

Question 28

HIPAA

Answer 28

Federal law that required the creation of national standards to protect sensitive patient health info from being disclosed without the patient’s consent or knowledge

Question 29

EDM (Exact Data Match)

Answer 29

Pattern matching technique that uses a structured database of string values to detect matches

Question 30

ECC

Answer 30

Elliptical curve cryptography - is a public key encryption. Asymmetric

Question 31

FACT: MAC Address Reporting can help identify rougue devices

Question 32

FERPA

Answer 32

Family Educational Rights and Privacy Act - United States law that governs the access to educational info and records by public entities such as potential employers, publicly funded educational institutions, and foreign governments

Question 33

FM-200

Answer 33

Non-flammable gas used for fire suppression

Question 34

FTK Imager

Answer 34

Proprietary tool that can create perfect copies or forensic images of computer data without making changes to the original evidence. Identical in every way to the original

Question 35

GLBA (Gramm-Leach-Bliley Act)

Answer 35

Requires financial institutions to explain their info sharing practices to their customers and safeguard sensitive data.

Guidelines for banks

Question 36

GPG

Answer 36

GNU Privacy Guard - Asymmetric. Security tool for encrypting files.

Question 37

AES

Answer 37

Advanced Encryption Standard - symmetric-key algorithm for encrypting digital data
Block cipher

Question 38

Hypervisor

Answer 38

Also known as a virtual machine monitor - a process that creates and runs virtual machines

Allows one host computer to support multiple guest VMs by virtually sharing its resources, like memory and processing.

Question 39

IdP

Answer 39

Identity Provider - Provides the validation of the user’s identity

Verifies user’s identity

Question 40

IDS

Answer 40

Intrusion Detection System - Logs and detects malicious activity but does not block them.

Question 41

MD5 hash

Answer 41

Can validate file integrity has not been compromised during the download

Hash=data integrity

Question 42

IOC (Indicators of Compromise)

Answer 42

Artifact observed on a network or in an operating system that, with high confidence, indicates a computer intrusion.

Something found on network that shows how computer was attacked

Question 43

ipconfig

Answer 43

Command line tool that displays all current TCP/IP network configuration values on a given system

Used on Windows to troubleshoot network issues and gives you info about your current network configuration and it has the ability to renew your Ip addresses and DNS cache

Question 44

PGP

Answer 44

Pretty Good Privacy -Asymmetric

Used to secure email communicates like S/MIME

Question 45

IPS

Answer 45

Intrusion Prevention System - network security that detects and prevents identified threats.

Continuously monitors your network, looking for possible malicious incidents, and capturing info about them

Question 46

John the Ripper

Answer 46

Password cracking software tool

Question 47

journalctl

Answer 47

Command line tool for viewing logs collected by systemd.

The systemd-journald service is responsible for systemd’s log collection, and it retrieves messages from the kernel, systemd services, and other sources

grep using the -e further filter the results

Question 48

Jumpbox/Jumpbox system

Answer 48

System on a network used to access and manage devices in a separate security zone…creates network segmentation

Jumpbox system is a hardened and monitored device that spans two dissimilar security zones and provides a controlled means of access between them.

Question 49

Keylogger

Answer 49

Software or hardware. Records keystrokes

Question 50

LDAPS

Answer 50

Lightweight Directory Access Protocol - Client server model for mutual authentication. Used to enable access to a directory of resources (workstations, users, information, etc.) Port 389

Used to store information about authentication such as passwords & usernames or other info about devices and users

Question 51

Line Conditioner

Answer 51

Device that adjusts voltages in under-voltage and overvoltage conditions to maintain a 120 V output

Question 52

Lockheed Martin cyber kill chain

Answer 52

Provides a general life cycle description of how attacks occur…7 steps (does not deal with the specifics of how to mitigate them)

Traces the stages of a cyber-attack, identifies vulnerabilities and helps security teams stop the attack at every stage of the chain

Question 53

Mac Filtering

Answer 53

Blocks traffic coming from certain known machines or devices. Router uses the MAC address of a computer or device on the network to identify it and block or permit the access.

Traffic coming in from a specified MAC address will be filtered depending upon the policy.

Question 54

Mantrap

Answer 54

Physical control that prevents multiple people from passing through a door at the same time.

Ex:Subway turnstiles

Question 55

Memdump

Answer 55

Command line tool

Process of taking (dumping) all information content in RAM and storing it. Helps software developers diagnose, identify and resolve the problem that led to application or system failure

Question 56

Metasploit

Answer 56

Computer security project that provides info about security vulnerabilities and aids in penetration testing and IDS signature development

Penetration testing software

Exploitation framework platform that can be used to craft and execute exploits against targets. Contains a variety of tools and serve as a “Swiss Army knife” of exploitation…one-stop shop for hackers and security professionals alike. Metasploit is one of the leading exploitation frameworks available

Question 57

MITRE ATT&CK

Answer 57

MITRE Adversarial Tactics, Techniques, and Common Knowledge.

Guideline for classifying and describing cyberattacks and intrusions based on real world observations

Classifies and describes cyberattacks based on real world observations

Question 58

nbtstat

Answer 58

NetBIOS over TCP/IP - Command line tool used for diagnosing or troubleshooting NetBIOS name issues

Question 59

Nessus

Answer 59

Vulnerability scanner

Question 60

Netcat

Answer 60

Used to create a reverse shell from a victimized machine back to an attacker

Question 61

netstat

Answer 61

Command line tool. Generates displays that show network status and protocol statistics. You can display the status of TCP and UDP endpoints in table format, routing table info, and interface info

Question 62

Nmap

Answer 62

Port scanner

Question 63

NTLM

Answer 63

128-bit fixed output. Windows New Technology LAN Manager (NTLM) - a suite of security protocols offered by Microsoft to authenticate users’ identity and protect the integrity and confidentiality of their activity

Question 64

OpenIOC

Answer 64

Open Indicators of Compromise. Contains in depth of research on APTs (does not integrate the detection and mitigation strategy)

Open framework meant for sharing threat intelligence information in a machine readable format

Question 65

Password spraying

Answer 65

Focuses on attempting only one or two passwords per user.

Takes a large number of usernames and loops them with a single password

Question 66

PCI DSS

Answer 66

Payment Card Industry (PCI) Data Security Standard (DSS) - An information security standard developed to enhance cardholder data security for organizations that store, process or transmit credit card data

Question 67

Port 21

Answer 67

FTP

Question 68

Port 389

Answer 68

LDAP

Question 69

Port 443

Answer 69

HTTPS

Question 70

PDU (Power Distribution Unit)

Answer 70

A device designed to provide power to devices that require power, and may or may not support remote monitoring and access.

Question 71

Processor Cache

Answer 71

Volatile and changes the most frequently…more than RAM

Question 72

Proxy Server

Answer 72

Server application/device that acts as an mediator/middle man between a device and remote server

Processes requests on a client’s behalf

4 types : IP proxy, Caching Proxy, Internet Content Filter, & Web security gateway

Question 73

Purging

Answer 73

Involves removing sensitive data from a hard drive using the device’s internal electronics or an outside source such as a degausser, or by using a cryptographic erase function if the drive supports one

Act of removing data in a way that can’t be reconstructed using any known forensic techniques

Degaussing is purging

Question 74

Race Conditions

Answer 74

Occur when the outcome from execution processes is directly dependent on the order and timing of certain events

Two operations (typically one is malicous, one is legit) are happening at the same time and compete for which one will be executed first

Question 75

RAM

Answer 75

Random Access Memory - temporary storage on a computer

Can quickly change or be overwritten…info stored in RAM is lost when power is removed from the computer

Question 76

RC4

Answer 76

Symmetric. Stream cipher

Question 77

Reimage

Answer 77

Process of installing a new operating system on a machine

Question 78

RIPEMD

Answer 78

Family of cryptographic hash functions.160-bit fixed output

Question 79

RP

Answer 79

Relying Party - Resource host

Question 80

RSA

Answer 80

RSA - asymmetric cryptography algorithm

Question 81

SAML

Answer 81

Security Assertion Markup Language - Allows an identity provider (IdP) to authenticate users and then pass an authentication token to another application known as a service provider (SP)

Often used with SOAP

Solution for providing single sign-on (SSO) and federated identity management. It allows a service provider (SP) to establish a trust relationship with an identity provider (IdP) so that the SP can trust the identity of a user (the principal) without the user having to authenticate directly with the SP.

Question 82

Secure erase (SE)

Answer 82

Used to perform the sanitization of flash-based devices (such as SSDs or USB devices) when cryptographic erase is not available

Question 83

SHA-2

Answer 83

256-bit fixed output. Cryptographic hash functions designed by the United States National Security Agency (NSA)

Question 84

SOX (Sarbanes-Oxley Act)

Answer 84

Federal law created to help protect shareholders, employees, and the public from accounting errors and fraudulent financial practices.

Question 85

SP

Answer 85

Service Provider

Question 86

Sensitive Personal Information (SPI)

Answer 86

Sensitive Personal Information - Doesn’t identify an individual but is information that is private or could potentially harm the individual should it be made public

Info about an individual’s race or ethnic origin, opinions, & beliefs

Ex: Full name, Social Security Number, driver’s license, financial information, and medical records

Question 87

Stuxnet Attack

Answer 87

Was a multi-part worm that traveled on USB sticks and spread through Microsoft Windows computers

USB/Removable Media

Question 88

Surge Protector

Answer 88

Defends against possible voltage spikes that could damage your electronics, appliances, or equipment.

Question 89

Swap files

Answer 89

Temporary files on a hard disk used as virtual memory

Question 90

Syslog

Answer 90

System Logging Protocol uses port 514.
A way network devices can use a standard message format to communicate with a logging server.

Designed specifically to make it easy to monitor network devices. Standard for sending and receiving notification messages in a particular format from various network devices

Standard network-based logging protocol…Centralizes all syslog messages from network devices

Question 91

Diamond Model of Intrusion Analysis

Answer 91

Model to describe cyber attacks. Contains 4 parts - adversary, infrastructure, capability, and target. It gives analysts a comprehensive view of cyber attacks. Graphical representation of an attacker’s behavior

Question 92

Tokenization

Answer 92

When all or part of data in a field is replaced with a randomly generated token. Token is stored with the original value on a token server or token vault, separate from the production database

This is an example of a deidentification control

Question 93

Twofish

Answer 93

Symmetric key block cipher with a block size of 128 bits and key sizes up to 256 bits

Question 94

VPN

Answer 94

Virtual Private Network - encrypted connection over the Internet from a device to a network

Not typically included in an endpoint security suite

Remote access capability to connect a trusted device over an untrusted network back to the corporate network

Question 95

What does “set type=ns” do in the nslookup command?

Answer 95

tells nslookup only reports information on name servers

nslookup command is used to query the Domain Name System to obtain the mapping between a domain name and an IP address or to view other DNS records

Question 96

What should be done FIRST after forensically imaging a hard drive for evidence in an investigation?

Answer 96

Create a hash digest of the source drive and destination image file to ensure they match

Hash=data integrity

Question 97

Wildcard Certificate

Answer 97

Public key certificate that can be used with multiple subdomains of a domain. Saves money & reduces the management burden of managing multiple certificates, one for each subdomain.

Ex: A single wildcard certificate for *.diontraining.com will secure all these domains (www.diontraining.com, mail.diontraining.com, ftp.diontraining.com, etc.).

Question 98

XSRF/CSRF

Answer 98

Cross-Site Reference Forgery - Forces authenticated users to submit a request to a Web application against which they are currently authenticated/logged in

Question 99

Zero-fill (Sanatizing method)

Answer 99

Relies on overwriting a storage device by setting all bits to the value of zero