Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

Domain 7 > Domain 7 Flash Cards > Flashcards

Domain 7 Flash Cards

1
Q

Allowed/Blocked listing

A

allowed or blocked entities, register of entities that are being provided (or blocked) for a particular privilege, service, mobility, access or recognition including web, IP, geo, hardware address, files/programs; entities on the allowed list will be accepted, approved and/or recognized; deprecated AKA whitelist/blacklist; systems also alert IT security personnel an access attempt involves a resource not on a pre-approved list; can also incorporate anti-malware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Alternate site

A

contingency or Continuity of Operations (COOP) site used to assume system or org operations, if the primary site is not available

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Backup

A

copies of files or programs to facilitate recovery

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Baseline

A

total inventory of all of a system’s components (e.g. hardware, software, data, admin controls, documentation, user instruction); types of baselines include enumerated (which are inventory lists, generated by system cateloging, discovery or enumeration), build security (minimal set of securtiy controls for each CI, see below), modification/update/patch baselines (subsets of total system baseline), or configuration baseline (which should include a revision/version identifier associated with each CI)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Bastion host

A

a special-purpose computer on a network specifically designed and configured to withstand attacks; it is typically placed in a demilitarized zone (DMZ) or exposed network segment, and its primary function is to act as a gateway between an internal network and external, potentially untrusted networks (like the internet); key characteristics of a Bastion host include:

Hardened security: minimizing the number of running services and apps which reduces potential attack surfaces
Publically accessible: exposed to the internet or untrusted network, acting as the first point of contact for external users
Logging and monitoring: include extensive logging and monitoring to detect suspicious activity
Limited network access: typically has limited access to the internal network
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Change management

A

A formal, methodical, comprehensive process for requesting, reviewing, and approving changes to the baseline of the IT environment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Clipping

A

one of two main methods of choosing records from a large pool for ruther analysis, clipping uses threshold values to select those records exceeding a predefined threashold (also see sampling)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Configuration management
(CM)

A

A formal, methodical, comprehensive process for establishing a baseline of the IT environment (and each of the assets within that environment).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Configuration Item (CI)

A

aggregation of information system components designated for configuration management and treated as a single entity in the config management process

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Cyber forensics

A

gathering, retaining, analyzing data for investigative purposes, while maintaining the integrity of that data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Disruption

A

unplanned event that causes a system to be inoperable for a length of time

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

DPI (Deep Packet Inspection)

A

a method used by firewalls and other network security devices to examine the data portion (or payload) of packets as they pass through the firewall; DPI goes beyond traditional packet filtering by not only inspecting the header information (such as source/destination IP addresses and port numbers) but also analyzing the content within the packet to identify and respond to security threats

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Egress monitoring

A

monitoring the flow of info out of an org’s boundaries

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Entitlement

A

refers to the privelege granted to users when an account is first provisioned

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Entity

A

any form of a user including hardware device, software daemon, task, processing thread or human, which is attempting to use or access system resources; e.g. endpoint devices are entities that human (or non-human) users use to access a system; should be subject to access control and accounting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Event

A

observable occurance in a network or system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Hackback

A

actions taken by a victim of hacking to compromise the systems of the alleged attacker

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Heuristics

A

method of machine learning which identifies patterns of acceptable activity, so that deviations from the patterns will be identified

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Honeypots/honeynets

A

Machines that exist on the network, but do not contain sensitive or valuable data, and are meant to distract and occupy malicious or unauthorized intruders, as a means of delaying their attempts to access production data/assets.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Incident

A

an event which potentially or actually jeopardizes the CIA of an information system or the info the system processes, stores, transmits

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Indicator

A

technical artifact or observable occurrence suggesting that an attack is imminent, currently underway, or already occured

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Indicators of Compromise (IoC)

A

a signal that an intrusion, malware, or other predefined hostile or hazardous set of events has or is occurring

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Information Security Continuous Monitoring (ICSM)

A

maintaining ongoing awareness of information security, vulnerabilities and threats to support organizational risk management decisions; ongoing monitoring sufficient to ensure and assure effectiveness of security controls

24
Q

Information Sharing and Analysis Center (ISAC)

A

entity or collab created for the purposes of analyzing critical cyber and related info to better understand security problems and interdependencies to ensure CIA

25
Intru sion detection system (IDS)
A solution that monitors the environment and automatically recognizes malicious attempts to gain unauthorized access.
26
Intrusion Prevention System (IPS)
A solution that monitors the environment and automatically takes action when it recognizes malicious attempts to gain unauthorized access.
27
Job rotation
The practice of having personnel become familiar with multiple positions within the organization as a means to reduce single points of failure and to better detect insider threats.
28
Least privilege
The practice of only granting a user the minimal permissions necessary to perform their explicit job function.
29
Log
record of actions/events that have taken place on a system
30
Media
Any object that contains data, bounded media is ethernet, fibre, coax. Unbounded media is wireless.
31
Motion detector types
wave pattern motion detectors transmit ultrasonic or microwave signals into the montored area watching for changes in the returned signals bouncing off objects; infrared heat-based detectors watch for unusual heat patters; capacitance detectors work based on electromagnetic fields
32
mean time between failure (mtbf)
is an estimation of time between the first and any subsequent failures
33
mean time to failure (mttf)
is the expected typical functional lifetime of the device given a specific operating enviornment
34
mean time to repair (mttr)
is the average length of time required to perform a repair on the device
35
Need to know
Primarily associated with organizations that assign clearance levels to all users and classification levels to all assets; restricts users with the same clearance level from sharing information unless they are working on the same effort. Entails compartmentalization.
36
Netflow
data that contains info on the source, destination, and size of all network communications and is routinely saved as a matter of normal activity
37
Parity bits
RAID technique; logical mechanism used to mark striped data; allows recovery of missing drive(s) by pulling data from adjacent drives
38
Patch
An update/fix for an IT asset, it used to fix, remediate a vulnerability.
39
Precursor
signal from events suggesting a possible change of conditions, that may alter the current threat landscape
40
Regression testing
testing of a system to ascertain whether recently approved modifications have changed its performance, or if other approved functions have introduced unauthorized behaviors
41
Request For Change (RFC)
documentation of a proposed change in support of change management activities
42
Root Cause Analysis
principle-based systems approach for the identification of underlying causes associated with a particular risk set or incidents
43
RTBH (Remote Triggered Black Hole)
a network security technique used in conjunction with firewalls and routers to mitigate Distributed Denial of Service (DDoS) attacks or unwanted traffic by dropping malicious or unwanted traffic before it reaches the target network; RTBH works by creating a "black hole route", where packets destined for a specific IP address are discarded or "dropped" by the network equipment, effectively isolating malicious traffic
44
Sandboxing
An isolated test environment that simulates the production environment but will not affect production components/data.
45
Separation of duties
The practice of ensuring that no organizational process can be completed by a single person; forces collusion as a means to reduce insider threats.
46
Striping
RAID technique; writing a data set across multiple drives. Striping
47
Sampling
one of two main methods of choosing records from a large pool for ruther analysis, sampling uses statistical techniques to choose a sample that is representative of the entire pool (also see clipping)
48
System Center Configuration Manager (SCCM)
is a Microsoft systems management software product that provides the capability to manage large groups of computers providing remote control, patch management, software distribution, operating system deployment, and hardware and software inventory
49
Security Incident
Any attempt to undermine the security of an org or violation of a security policy is a security incident
50
Secure Web Gateway (SWG)
a security solution that filters and monitors internet traffic for orgs, ensuring that users can securely access the web while blocking malicious sites, preventing data leaks, and enforcing web browsing policies; while it is not a traditional firewall, it complements firewall functionality by focusing specifically on web traffic security
51
TCP Wrappers
a host-based network access control system used in Unix-like operating systems to filter incoming connections to network services; allows administrators to define which IP addresses or hostnames are allowed or denied access to certain network services, such as SSH, FTP, or SMTP, by controlling access based on incoming TCP connections; TCP Wrappers relies on two config files: /etc/hosts.allow, and /etc/hosts.deny
52
Trusted Computing Base (TCB)
the collection of all hardware, software, and firmware components within an architecture that is specifically responsible for security and the isolation of objects that forms a trusted base TCB is a term that is usually associated with security kernels and the reference monitor a trusted base enforces the security policy a security perimeter is the imaginary boundary that separates the TCB from the rest of the system; TCB components communicate with non-TCB components using trusted paths the reference monitor is the logical part of the TCB that confirms whether a subject has the right to use a resource prior to granting access the security kernel is the collection of the TCB components that implement the functionality of the reference monitor
53
Tuple
tuple usually refers to a collection of values that represent specific attributes of a network connection or packet; these values are used to uniquely identify and manage network flows, as part of a state table or rule set in a firewall; as an example, a 5-tuple is as a bundle of five values that identify a specific connection or network session, which might include the sourced IP address, source port numbers, destination IP address, destination port number, and the specific protocol in use (e.g. TCP UDP)
54
Uninterruptible power supplies (UPS)
Batteries that provide temporary, immediate power during times when utility service is interrupted. ActiveX Data Objects (ADO) Capability
55
View-Based access controls
access control that allows the database to be logically divided into components like records, fields, or groups allowing sensitive data to be hidden from non-authorized users; admins can set up views by user type, allowing only access to assigned views

Domain 7 (2 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions