Essential Knowledge Flashcards

1
Q

OSI Layers

A
Application, 
Presentation, 
Session,
Transport,
Network,
Datalink,
Physical
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which OSI Layer? FTP,HTTP,SMTP

A

Application Layer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which OSI Layer? AFP, NCP, MIME

A

Presentation Layer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which OSI Layer? X.225, SCP, ZIP

A

Session Layer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which OSI Layer? TCP, UDP

A

Transport Layer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which OSI Layer? IP

A

Network Layer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which OSI Layer? ARP, CDP, PPP

A

Data Link Layer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which OSI Layer? USB Standards, Bluetooth

A

Physical Layer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

PDU at the Application, Presentation, Session Layers?

A

Data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

PDU at the Transport Layer?

A

Segment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

PDU at the Network Layer?

A

Packet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

PDU at the Physical Layer?

A

Bit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

OSI Application, Presentation and Session layers map to which layer of the TCP/IP model?

A

Application Layer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

OSI Transport layer maps to which layer of the TCP/IP model?

A

Transport Layer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

OSI Network layer maps to which layer of the TCP/IP model?

A

Internet Layer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

OSI Data Link and Physical layers map to which layer of the TCP/IP model?

A

Network Access Layer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

TCP three-way handshake consists of?

A

SYN, SYN-ACK, and ACK segments

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

A UDP segment structure is called a?

A

Datagram

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

A demilitarized zone or DMZ is also called a?

A

Screened Subnet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

A very restricted zone that strictly controls direct access from uncontrolled zones.

A

Production Network Zone

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

A controlled zone that has little to no heavy restrictions.

A

Intranet Zone

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

A highly secure zone with very strict policies.

A

Management Zone

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

A published standard used by organizations worldwide that provides a way to capture the principal characteristics of a vulnerability and produces a numerical score reflecting its severity. The score can be translated into low, medium, high or critical.

A

Common Vulnerability Scoring System (CVSS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

A method for using specific standards to enable the automated vulnerability management, measurement, and policy compliance evaluation of systems deployed in an organization, including e.g., FISMA compliance.

A

Security Content Automation Protocol (SCAP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Categories of vulnerabilities.

A
Misconfiguration, 
Default Installations, 
Buffer Overflows, 
Missing Patches, Design Flaws, 
Operating System Flaws, 
Application Flaws, 
Open Services, 
Default Passwords
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Example vulnerability management tools

A
Nessus, 
Qualsys, 
GFI Languard, 
Nikto, 
OpenVAS, 
Retina CS
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Triangle model whereby an increase in one angle decreases the other two angles.

A

Security, Functionality and Usability Triangle.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Hack Value

A

Notion used by hackers to express that something is worth doing or is interesting. This is something that hackers often feel intuitively about a problem or solution. An aspect of hack value is performing feats for the sake of showing that they can be done, even if others think it is difficult.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Zero-day attack

A

An attack that exploits vulnerability of an application before it is publicly available and the developer releases a patch for that.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Vulnerability

A

It is an existence of a weakness, design or implementation error that can lead to an unexpected and undesirable event compromising the security of a system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Payload

A

Malicious content that is acted upon and executed by a system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

Daisy-Chaining

A

Process where a hacker gains entry into a computer or network and then uses it to gain access to another.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

Doxing

A

The process of searching for and publishing private information about a target (usually an individual) on the Internet, typically with malicious intent.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

Threat Modeling

A
Consists of: 
Identify Security Objectives, 
Application Overview, 
Decompose Application, Identify Threats and 
Identify Vulnerabilities
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

Enterprise Information Security Architecture (EISA)

A

Collection of requirements and processes that help determine how an organization’s information systems are built and how they work.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

Risk Management Approach

A

Mitigate, Eliminate or Accept

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

Risk Management Phases

A

Risk Identification, Risk Assessment, Risk Treatment, Risk Tracking and Risk Review

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

Security Control categories

A

Physical, Technical and Administrative

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

Security Control types

A

Preventive, detective, and corrective.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

Business Impact Analysis should measure what?

A

Maximum tolerable downtime (MTD) which helps to prioritize the recovery of assets.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

Business Impact Analysis should measure what?

A

An organized process to gauge the potential effects of an interruption to critical business operations as a result of disaster, accident or emergency. For example, part of the BIA can be calculating the Maximum tolerable downtime (MTD) which helps to prioritize the recovery of assets.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

Disaster Recovery Plan

A

Addresses exactly what to do to recover any lost data or services.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

Annualized Loss Expectancy

A

Measurement of the cost of an asset’s value to the organization and the monetary loss that can be expected for an asset due to risk over a one-year period. ALE is the product of the annual rate of occurrence (ARO) and the single loss expectancy (SLE). It is mathematically expressed as ALE = ARO X SLE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

Annualized Loss Expectancy (ALE)

A

Measurement of the cost of an asset’s value to the organization and the monetary loss that can be expected for an asset due to risk over a one-year period. ALE is the product of the annual rate of occurrence (ARO) and the single loss expectancy (SLE). It is mathematically expressed as ALE = ARO X SLE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

Annual Rate of Occurrence (ARO)

A

An estimate of the number of times during a year, a particular asset would be lost or experience downtime.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

Single Loss Expectancy (SLE)

A

The monetary value expressed from the occurrence of a risk on an asset, Mathematically expressed as SLE = asset value (AV) X exposure factor (EF).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

Exposure Factor (EF)

A

Percentage of asset loss. If an Asset’s Value (AV) is reduced by two thirds, the exposure factor is 0.66. If the asset is completely lost, the EF is 1.0.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

User Behavior Analytics (UBA)

A

A process of tracking users behaviors and extrapolating those behaviors in light of malicious activity, attacks, and frauds. There exist behavior-based intrusion detection systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

Security Trinity

A

CIA - Confidentiality, Integrity and Availability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

Confidentiality

A

Measures taken to prevent disclosure of information or data to unauthorized individuals or systems and to ensure the proper disclosure of information to those who are authorized to receive it.

51
Q

Integrity

A

Methods and actions taken to protect the information from unauthorized alteration or revision - whether the data is at rest or in transit. Often ensured through the use of a hashing algorithm.

52
Q

Bit-flipping

A

Cryptographic attack where bits are manipulated in the cipher text to generate a predictable outcome in the plain text once it is decrypted.

53
Q

Availability

A

Communication systems and data being ready for use when legitimate users need them.

54
Q

Authenticity

A

Genuine. For example, a digital signature can be used to guarantee the authenticity of the person sending a message.

55
Q

Rainbow Series

A

Old security standards for DOD systems. Included the Orange Book which contained the Trusted Computer System Evaluation Criteria (TCSEC).

56
Q

TCSEC

A

Old DOD security standard for computers which set basic requirements for testing the effectiveness of computer security controls built into a computer system.

57
Q

Common Criteria for Information Technology Security Evaluation

A

Current DOD standard that replaced TCSEC which provides a way for vendors to make claims about their in-place security by following a set standard of controls and testing methods, resulting in an Evaluation Assurance Level (EAL) (Levels 1 - 7). This criteria is designed to reduce or remove vulnerabilities from a product before it is released.

58
Q

Target of Evaluation (TOE)

A

DOD Common Criteria term for what is being tested.

59
Q

Security Target (ST)

A

DOD Common Criteria term describing the Target of Evaluation (TOE) and security requirements.

60
Q

Protection Profile (PP)

A

DOD Common Criteria term that describes a set of security requirements specifically for the type of products being tested.

61
Q

Access Control

A

Restricting access to a resource in some selective manner.

62
Q

Mandatory Access Control (MAC)

A

A method of access control where security policy is controlled by a security administrator. As such, all access to resource objects is strictly controlled by the operating system based on system administrator configured settings. It is not possible under MAC enforcement for users to change the access control of a resource.
Mandatory Access Control begins with security labels assigned to all resource objects on the system. These security labels contain two pieces of information - a classification (top secret, confidential etc) and a category (which is essentially an indication of the management level, department or project to which the object is available).

63
Q

Discretionary Access Control (DAC)

A

Discretionary Access Control (DAC) allows each user to control access to their own data. DAC is typically the default access control mechanism for most desktop operating systems. Instead of a security label in the case of MAC, each resource object on a DAC based system has an Access Control List (ACL) associated with it. An ACL contains a list of users and groups to which the user has permitted access together with the level of access for each user or group.

64
Q

Security Policy

A

Document describing the security controls implemented in a business to accomplish a goal.

65
Q

Access Control Policy

A

Identifies the resources that need protection and the rules in place to control access to those resources.

66
Q

Information Security Policy

A

Identifies to employees what company systems may be used for, what they cannot be used for, and what the consequences are for breaking the rules.

67
Q

Information Protection Policy

A

Defines information sensitivity levels and who has access to those levels. Also addresses how data is stored, transmitted and destroyed.

68
Q

Password Policy

A

Defines length, complexity, maximum and minimum age and reuse.

69
Q

E-mail Policy

A

Addresses the proper use of the company email systems.

70
Q

Information Audit Policy

A

Defines the framework for auditing security within the organization.

71
Q

Promiscuous Policy

A

A wide open policy.

72
Q

Permissive Policy

A

Blocks only things that are known to be dangerous.

73
Q

Prudent Policy

A

Provides maximum security but allows some potentially and known dangerous services because of business needs.

74
Q

Paranoid Policy

A

Locks everything down.

75
Q

Standards

A

Mandatory rules used to achieve consistency.

76
Q

Baselines

A

Minimum security level necessary.

77
Q

Guidelines

A

Flexible recommended actions in the event there is no standard to follow.

78
Q

Procedures

A

Detailed step by step instructions for accomplishing a task or a goal.

79
Q

Script Kiddie

A

A person uneducated in hacking techniques who simply makes use of freely available tools and techniques on the Internet.

80
Q

Phreaker

A

Someone who manipulates telecommunications systems in order to make free calls.

81
Q

White Hat Hacker

A

The good guys. Ethical hackers. Hired by a customer for the specific goal of testing and improving security or for other defensive purposes. Don’t use their knowledge without prior consent. Also known as security analysts.

82
Q

Black Hat Hacker

A

The bad guys. Crackers. Illegally using their skills for either personal gain or malicious intent. Seek to steal or destroy data and to deny access to resources and systems. Do not ask for permission or consent.

83
Q

Gray Hat Hacker

A

Neither good or bad. Some are curious about hacking and who feel it’s their duty, with or without customer permission, to demonstrate security flaws in systems.

84
Q

Hacktivism

A

Is the use of technology to promote a political agenda or a social change. Is illegal in nature.

85
Q

Suicide Hackers

A

A hacker who is willing to risk everything to pull off a hack.

86
Q

Cyberterrorist

A

Motivated by religious or political beliefs to create fear and large-scale systems disruption.

87
Q

State Sponsored Hacker

A

Employed by a government.

88
Q

Operating System Attack

A

Target the common mistakes made when installing operating systems - accepting and leaving all the defaults.

89
Q

Application Level Attack

A

Attacks on programming code and software logic of an application that has vulnerabilities.

90
Q

Shrink-wrap Code Attack

A

Takes advantage of the built-in code and scripts most off-the-shelf applications come with.

91
Q

Misconfiguration Attack

A

Takes advantage of systems that are on purpose or by accident, not configured appropriately for security.

92
Q

Infowar

A

The use of offensive and defensive techniques to create advantage over your adversary.

93
Q

Phases of Ethical Hacking

A
  1. Reconnaissance
  2. Scanning and Enumeration
  3. Gaining Access
  4. Maintaining Access
  5. Covering Tracks
94
Q

Reconnaissance Phase

A

Steps taken to gather evidence and information on the targets you want to attack. Information gathering can be passive or active in nature.

95
Q

Passive Reconnaissance

A

Gathering information about a target without their knowledge. Examples include social engineering, dumpster diving and network sniffing.

96
Q

Active Reconnaissance

A

Uses tools and techniques that may or may not be discovered by the target.

97
Q

Scanning and Enumeration Phase

A

Taking the information gathered in recon and actively applying tools and techniques to gather more in-depth information on the targets,

98
Q

Gaining Access Phase

A

True attack against a target in order to gain a foothold.

99
Q

Maintaining Access Phase

A

Ensure there is continued access to a compromised system, usually by creating a back door.

100
Q

Zombie

A

Compromised computer systems that can be used to launch further attacks or for further information gathering.

101
Q

Covering Tracks Phase

A

Hackers attempt to conceal their success and avoid detection by security professionals. This could include removing or altering log files, hiding files with hidden attributes or directories, using tunneling protocols, etc.

102
Q

Security Incident and Event Management (SIEM)

A

Helps to perform functions related to a Security Operations Center (SOC) such as identifying, monitoring, recording, auditing, and analyzing security incidents. Example, Splunk.

103
Q

Ethical Hacker

A

Someone who employs the same tools and techniques as a criminal may use with the customer’s full support and approval to help secure a network or a system. They work within the confines of an agreement made between themselves and a customer before any action is taken.

104
Q

Cracker

A

Malicious hacker who is motivated by personal gain or destructive purposes outside the interests of the system owner,

105
Q

Get Out Of Jail Free Card

A

The contract that defines the permission and authorization given to a security professional conducting a Pen Test and defines the confidentiality and the scope.

106
Q

Tiger Team

A

A group of people working to address a specific problem or goal. Ethical hackers are sometimes part of a Tiger Team. In IT, a tiger team is usually composed of skilled hackers who will seek to penetrate a network or other tech environment for the purposes of improving security and closing security loopholes.

107
Q

Penetration Test

A

A clearly defined, full-scale test of the security controls of a system or network in order to identify security risks and vulnerabilities. Has three phases, preparation, assessment and conclusion.

108
Q

PENTEST Preparation Phase

A

Defines the time period during which the Pentest contract is hammered out. The scope of the test, the types of attacks allowed and the individuals assigned to perform the activity are agreed upon.

109
Q

PENTEST Assessment Phase

A

Also known as the security evaluation phase or the conduct phase - the actual assaults on the security controls.

110
Q

PENTEST Conclusion Phase

A

Also known as post-assessment phase - defines the time when final reports are prepared for the customer detailing the findings of the tests and providing recommendations to improve security.

111
Q

Black Box Testing

A

The ethical hacker has no knowledge of the Target of Evaluation (TOE) so as to simulate an outside, unknown attacker. Takes the most time to complete and is the most expensive. It emphasizes outside attack and does not take into account any trusted users on the inside.

112
Q

White Box Testing

A

The ethical hacker has full knowledge of the network, system and infrastructure they are targeting. This facilitates quicker testing and less expensive. Designed to simulate a knowledgeable internal threat such as a disgruntled network admin or other trusted user.

113
Q

Gray Box Testing

A

The ethical hacker has partial knowledge and assumes an insider threat and privilege escalation.

114
Q

Health Insurance Portability and Accountability Act (HIPAA)

A

Addresses privacy standards with regard to medical information. Has five subsections: Electronic Transaction and Code Sets, Privacy Rule, Security Rule, National Identifier Requirements, Enforcement.

115
Q

Sarbanes-Oxley Act

A

Created to make corporate disclosures more accurate and reliable in order to protect the public and investors from shady behavior. Has 11 titles that handle everything from what financials should be reported to protecting against auditor conflicts of interest and enforcement for accountability.

116
Q

Open Source Security Testing Methodology Manual (OSSTMM)

A

Peer-reviewed formalized methodology of security testing and analysis that can provide actionable information to measurably improve your operational security. Defines three types of compliance:
Legislative,
Contractual and
Standards Based.

117
Q

Payment Card Industry Data Security Standard (PCI-DSS)

A

A security standard for organizations handling credit cards, ATM cards and other point-of-sale cards that apply to all entities involved in the payment process. Consists of 12 requirements:

  1. Install and maintain firewall configuration to protect data.
  2. Remove vendor-supplied default passwords and other default security features
  3. Protect stored data
  4. Encrypt transmission of cardholder data
  5. Install, use and update antivirus
  6. Develop secure systems and applications
  7. Use “need to know” as a guideline to restrict access to data
  8. Assign a unique ID to each stakeholder
  9. Restrict any physical access to the data
  10. Monitor all access to data and network resources
  11. Test security procedures and systems regularly
  12. Create and maintain an information security policy
118
Q

Control Objects for Information and Related Technology (COBIT)

A

Created by the Information Systems Audit and Control Association (ISACA) and the IT Governance Institute (ITGI). Is an IT governance framework and supporting toolset that allows managers to bridge the gap between control requirements, technical issues and business risks. COBIT enables clear policy development, good practice, and emphasizes regulatory compliance and helps security architects figure out and plan minimum security requirements for their organizations. Categorizes control objectives into the following domains:

  1. Planning and Organization
  2. Acquisition and Implementation
  3. Delivery and Support
  4. Monitoring and Evaluation
119
Q

ISO/IEC 27001:2013

A

Provides requirements for creating, maintaining and improving organizational Information Security systems.

120
Q

Criminal Law

A

Body of rules and statutes that define conduct prohibited by the government because it threatens and harms public safety and welfare and that establishes punishment to be imposed for the commission of such acts.

121
Q

Civil Law

A

A body of rules that delineates private rights and remedies as well as governs disputes between individuals in such areas as contracts, property, and family law, distinct from criminal law.

122
Q

Common Law

A

Law based on societal customs and recognized and enforced by the judgments and decrees of the court.

123
Q

PDU at the Data Link Layer

A

Frame