Enterprise security Flashcards

1
Q

What is an IP schema?

A

An IP address plan or way of standardizing IP addresses, such as the number of subnets or the amount of hosts per subnet, or different IP ranges for different networks or different locations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is a baseline configuration?

A

A baseline for the way application security is handled. The firewall settings, patch levels, or OS version in use.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which security principle would come into play when deciding whether or not you should move data that is stored about customers in another country into your local datacenters in the US?

A

Data sovereignty

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which region of the world is affected by GDPR?

A

The EU.

European union.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

If you receive a receipt after a purchase that shows the card used to make the purchase as “*********0329” which data privacy principle was used?

A

Data masking.

Data masking on your receipt does not necessarily mean that the rest of the card number was not stored elsewhere though.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is data at rest?

A

Data which resides on a storage drive for long term storage, rather than just existing in memory.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is data in transit?

A

Data which is currently in motion across the network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is data in use?

A

Data which is actively processing in the memory.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Is data in use inside of memory typically encrypted?

A

No, it would be very hard to use if it were.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which type of encryption does tokenization typically use?

A

None. tokenization is not encrypting or hashing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is tokenization?

A

Replacing sensitize data with a non-sensitive placeholder, a one time token.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

How would tokenization work while making a purchase with your phone or watch at a store?

A
  1. You register a credit/debit card on your phone using apple pay, etc
  2. The card is registered with the token service center for this company.
  3. The token service company stores a token on your device.
  4. You use your phone at checkout somewhere using NFC.
  5. The token is transmitted over to the payment processing server.
  6. The payment processing server sends the token over to the token service company for validation.
  7. The token service company validates that this token is valid and the account is authorized for this purchase and replies back to the payment processing server saying that it is valid and the purchase is complete.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is IRM?

A

Information rights management(IRM).
Think when you open a MS word document and it says that you can only read the word doc and not edit it.
This can be used in emails and other things as well.
The point is to prevent the way a document is interacted with, such as edits, screenshots, etc.
The goal is to limit attackers abilities with a document to that of the current user they are logged in as.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is an endpoint DLP?

A

A data loss prevention (DLP) that resides on an endpoint device.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What would be the name for a DLP solution that exists between users and the external internet, using no hardware or no software?

A

Cloud based DLP.
This can be used for blocking custom defined data strings from entering or leaving a server or to manage access to certain URLs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What would an email DLP solution look like?

A

It would check every email inbound or outbound.
Inbound: Blocking on certain keywords, identifying spoofing, quarantining emails.
Outbound: Fake wire transfers, w-2 transmissions, employee private information ,etc.

17
Q

Which is newer SSL or TLS?

A

TLS is the replacement for SSL. In fact no one should be using SSL for any reason, and it should be concerning if you are because it is insecure.

18
Q

What is SSL/TLS inspection?

A

SSL/TLS inspection is a way of inspecting outgoing(usually) SSL/TLS traffic.
It extends the trust that your browser has with the certificate authority(CA) and the certificate received, to the inspector in the middle, typically within a firewall or some kind of ssl decryption device.
The device doing the inspection contains its own local CA certificate, just for use internally within your organization, nothing going outbound.
Every user on the network would have this CA certificate existing on the inspecting device as a trusted CA in their browser.
The inspecting device will now act as a proxy, handling all web traffic and sending them to the correct parties, but first decrypting them and inspecting them, but sending the packets unchanged to the necessary parties.

19
Q

How would a WAF be a great way of securing API calls on your network?

A

A WAF(web application firewall) could limit users allowed to send API calls, and furthermore limit which API calls specific users were able to make.

20
Q

Which security event would typically bring into focus following a site resiliency plan?

A

A disaster is called.
It could be days, month, even longer before you are able to use your original datacenter again, and you need a plan in place to shift operations over to a fallback alternate processing site.
Documentation must be made for moving to a disaster alternate site and for coming back to your original datacenter.

21
Q

What is a Hot Site?

A

In disaster recovery, a Hot Site is an exact replica of what we are running in our production enviroment, everything is duplicated. Applications and software are constantly updated so everything is in sync.
This should make for a very easy switch in the event of disaster, effectively flipping a switch and everything should be ready to go at the DR location.

22
Q

What is a cold site?

A

Effectively the opposite of a Hot site. Just a building and nothing else. Doesn’t have any hardware inside, a completely empty building. None of your data or none of your applications. This means that you need to bring the data with you. No people either, you need to bring the personnel to set everything up and maintain it.

23
Q

What is a warm site?

A

Somewhere in the middle between a hot site and a cold site. It contains just enough to get going. Instead of having nothing or everything. There might be some hardware already there.

24
Q

What is a honeynet?

A

Multiple honeypots chained together on a network. Containing more than one source of information.

25
Q

What is a honeyfile?

A

Bait for the honeynet, or honeypot, honeyfiles are the files inside of your trap. An alert will be sent if the file is accessed.
“passwords.txt”

26
Q

What is fake telemetry?

A

Fake telemetry would be an attacker feeding fake information to a machine learning defense system intentionally to trick it into thinking that certain kinds of malicious behavior are actually benign.

27
Q

What is a DNS sinkhole?

A

A DNS sinkhole when used by an organization is a DNS that hands out incorrect IP addresses as a response at its discretion based on what it perceives to be unwanted traffic going out, and logging the results of which users tried to access a malicious/suspicious site, giving your security team a chance to check out what is going on.

Typically integrated in an IDS/IPS or a next generation firewall.

When an attacker uses a DNS sinkhole it can be bad because they are able to redirect users to a malicious attack, or create a DoS because no one is able to get to the legitimate service, although this is less common.