Domain 4

Question 1

SELlinux

Answer 1

Security-Enhanced Linux (SELinux) is a robust security mechanism that operates at the core of many Linux distributions

Question 2

Netflow

Answer 2

NetFlow (a technology initially developed by Cisco) has since evolved into the IP Flow Information Export (IPFIX) IETF standard, making it accessible beyond Cisco environments. NetFlow defines traffic flows based on shared characteristics, known as keys, and groups them into flow labels

Question 3

SNMP

Answer 3

The SNMP is a widely used protocol used for network management. It operates with a key component known as the Management Information Base (MIB), which is essentially a database of network information

port 161

Question 4

Data lose prevention

Answer 4

DLP is an outbound network tool whose role is to prevent PII and sensitive data from leaving the network by email or removable devices.

Question 5

Agent based collection

Answer 5

uses software agents on individual devices or endpoints within a network.

Question 6

agentless collection

Answer 6

as the name suggests, operates without the need for specialized agent deployment on endpoints.

Question 7

SCAP

Answer 7

SCAP is a framework that enables compatible vulnerability scanners to assess whether a computer adheres to a predefined configuration baseline.

Question 8

False negative

Answer 8

A false negative means that there is a vulnerability that has already been patched, but the scanner does not detect it.

Question 9

Isolation duration

Answer 9

Isolation duration determines how long a system should remain in quarantine based on the severity of the alert and the steps taken for remediation.

Question 10

SNMP agent

Answer 10

SNMP agents are software modules or processes running on network devices, such as routers, switches, servers, and even IoT devices.

Question 11

SNMP Traps

Answer 11

SNMP traps are asynchronous notifications sent by SNMP agents to SNMP managers without a prior request

Question 12

MITRE attack framework

Answer 12

MITRE is a US government-sponsored company whose aim is to help prevent cyberattacks.

Question 13

Cyber Kill Chain

Answer 13

Originally developed by Lockheed Martin as a military model designed to identify the steps of an enemy attack, the Cyber Kill Chain (formerly Kill Chain) has since been adapted to build a framework to support cybersecurity teams’ awareness of potential cyberattacks. This framework allows them to trace each step of an attack, granting increasing clarity with the completion of each of the following stages:

Question 14

Reconnaissance

Answer 14

Calling employees, sending emails, social engineering, dumpster diving

Question 15

Soar

Answer 15

SOAR is an automated tool that integrates all of your security processes and tools in a central location

Question 16

MITRE

Answer 16

MITRE is a US government-sponsored company whose aim is to help prevent cyberattacks.

Question 17

Diamond Model of Intrusion Analysis

Answer 17

This model is a framework for gathering intelligence on network intrusion attacks and comprises four key elements: adversary, capabilities, infrastructure, and victims,

Question 18

Diamond model

Answer 18

Adversary: This is the threat actor group. The MITRE ATT&CK framework can be used to identify who they are and what attacks they use.
Capabilities: This refers to the exploit an adversary develops to carry out their attack. These are also laid out in the MITRE ATT&CK model.
Infrastructure: This is the path or means by which the attacker can get to the victim. This could be via USB, email, IP address, or remote access.

Victim: This is the person targeted by the adversary.

Question 19

E-discovery

Answer 19

E-Discovery, the abbreviated form of electronic discovery, is the process of gathering and searching all forms of electronic data such as emails, documents, databases, and various other digital artifacts—all potential pieces of the puzzle crucial as legal evidence.

Question 20

Eradication

Answer 20

Eliminating the root causes of incidents

Question 21

Packet capture

Answer 21

Packets are the data that runs up and down our network. By capturing packets, cybersecurity administrators can analyze what is happening on the organization’s network.

Question 22

Baseline creation

Answer 22

is a technique that involves establishing a record of normal network traffic patterns.

Question 23

RSA SecurID

Answer 23

RSA SecurID is a renowned hardware token that produces a time-sensitive code, which aids in user authentication.

Question 24

Google authenticator

Answer 24

Google Authenticator is a software token that generates dynamic, time-based codes, serving as a secondary authentication measure.

Question 25

Tokens

Answer 25

Tokens utilize cryptographic utilities as secure containers for confidential data (typically incorporating elements such as digital signatures or randomly generated character strings) to authenticate and authorize users securely.

Question 26

Single sign on

Answer 26

Single Sign-On (SSO) is an authentication process that allows users to access multiple applications or services with a single set of credentials.

Question 27

Open Authorization (OAuth)

Answer 27

OAuth is an open standard for access delegation that is commonly used for internet-based authentication using tokens.

Question 28

Saml

Answer 28

SAML is an XML-based standard used to exchange authentication and authorization data between third parties.

Question 29

Kerberos

Answer 29

Kerberos authentication uses TGTs to obtain service tickets to provide access to network resources without users needing to re-enter credentials.

Question 30

Federation

Answer 30

Federation services allow identity information to be shared across organizations and IT systems, normally for authentication purposes

Question 31

Stateless firewalls when to use

Answer 31

Best suited when you need to inspect application traffic and permit or block based on application behavior, a stateful firewall knows the size and format of each type of network packet

Question 32

Stateless firewalls

Answer 32

Analyzes data deeply, making informed decisions; can prevent DDoS attacks

Question 33

Stateless firewalls

Answer 33

Basic packet filtering by only checking whether packets are permitted

Question 34

Stateful firewalls when to use

Answer 34

Use when you want to keep things straightforward, such as allowing or blocking packets without a deep-level analysis of the data in the packets

Question 36

Active devices

Answer 36

Active devices are a proactive force within your network security arsenal. They actively intervene and act when potential threats are detected. These devices can block or mitigate threats in real time, helping to maintain the integrity and security of your network.

Question 37

Proxy server

Answer 37

A proxy server is a server that acts as an intermediary between clients seeking resources on the internet or an external network. It serves as a go-between, making requests on behalf of clients while ensuring that external servers do not have direct knowledge of the requesting host.

Question 38

Proxy server

Answer 38

A proxy server is a server that acts as an intermediary between clients seeking resources on the internet or an external network. It serves as a go-between, making requests on behalf of clients while ensuring that external servers do not have direct knowledge of the requesting host.

Question 39

Adware

Answer 39

: Secretly monitors and collects user information.

Question 40

fiduciary duty

Answer 40

A fiduciary duty is the legal responsibility to act solely in the best interest of another party.

Question 41

data custodian

Answer 41

The data custodian is responsible for the secure storage of data in compliance with data privacy regulations such as GDPR, ISO 27701, or HIPAA. The data custodian protects the data by ensuring it is encrypted, stored, and backed up. They implement the organization’s data retention policy and archive data that is outside of the legal data retention regulations.