Exam A Flashcards

1
Q

Someone or something forges the sender’s information and pretends to be a legitimate source, for the purpose of gaining access to personal information, acquiring money, spreading malware, or stealing data. If a DNS server has been modified to hand out the IP address of a different server, then it’s ** the IP address of the attacker.

A

Spoofing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Attackers place themselves between two devices (often a web browser and a web server) and intercept or modify communications between the two. The attackers can then collect information as well as impersonate either of the two agents.

A

On-Path

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

When multiple third-parties work together to create a service outage.

A

DDoS (Distributed Denial of Service Attack)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

When a service is unavailable due to the effects of a third-party.

A

DoS Denial of Service

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Threat that seems real but doesn’t actually exist.

A

Hoax

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Method that gathers information without direct interaction with the target system using search engines and social networking sites.

A

Passive Footprinting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Primary protocol used to send data between a web browser and a website. Encrypted in order to increase security data transfer and used for transmitting sensitive data such as login into a bank account, email service or health insurance provider.

A

HTTPS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

When a pen- testing team is given only SOME information.

A

Partially Known environment (Gray Box)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Threat actor motivated by nationalism and tasked with gaining secrets from or disrupting other nations via cyber means.

A

Nation State Threat Actor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Involves splitting and distributing data across different partitions to enhance security and optimize performance.

A

Data partition

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

A system that provides a short term use for data storage.

A

Temporary File System

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Single piece of hardware that combines several functionalities such as printing, scanning, copying, and sometimes faxing into one unit.

A

MFD (Multi-Function Device)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Refers to the network of physical objects or things embedded with sensors, software, and other technologies that enable them to connect and exchange data with other devices and systems over the internet.

A

IoT

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

OS designed to handle and respond to events or data within a strict time constraint.

A

RTOS (Real Time Operating Systems)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Integrated circuit that combines many high level functions of an electronic device onto a single chip instead of using separate components mounted to a motherboard.

A

SoC (System on a Chip)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

international standard for privacy information management. It provides guidelines to establish, implement, maintain, and continually improve a Privacy Information Management System (PIMS).

A

ISO 27701 (International Organization for Standardization)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Set of technologies and practices that enable organizations to collect security threat data and alerts from various sources, automate incident response actions, and orchestrate workflows across different security tools and teams.

A

SOAR (Security Orchestration, Automation, and Response)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

System that manages digital keys and digital certificates that verify authenticity of the entities on a network.

A

PKI (Public Key Infrastructure)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Way of linking different identity management systems together. Allows users from one organization to access resources of another organization without needing separate credentials.I.E. Using your gmail account to log into a different website.

A

Federation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Average time between component failures during operation. Used to predict the time between one failure and the next. Example: best to describe how often the firewall hardware is expected to fail between repairs.

A

MTBF - Mean Time Between Failures

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Maximum acceptable amount of time to restore a system after failure. Time it takes to recover from an outage.

A

RTO - Recovery Time Objective

21
Q

Average time until a component fails and is not repairable. Used primarily for non-repairable systems.

A

MTTF - Mean Time to Failure

22
Q

Attackers target a specific group of individuals by compromising websites that the group is known to frequent.

A

Watering Hole Attack

23
Q

Security solution that helps organizations manage and secure their use of cloud services. Two common functions are visibility into application use and data security policy use.

A

CASB - Cloud Access Security Broker

24
Q

Occurs when two processes occur at similar times, usually with unexpected results

A

Race Condition

25
Q

Method used by attackers to insert malicious code into a running application. Manipulates the library as the attack vector.

A

DLL Injection - Dynamic Link Library

26
Q

Type of controls intended to discourage individuals from performing an unwanted activity by making them aware of the consequences.

A

Deterrent Controls

27
Q

Control alternative measures put in place to meet security requirements when the primary control is not feasible.

A

Compensating Controls

28
Q

Discussion-based session where the security team members meet to discuss their roles and responses during an emergency simulated disaster.

A

Tabletop Exercise

29
Q

Describes the ongoing relationship between between the IT team and business customer.

A

Stakeholder management

30
Q

Security measure for encrypting all data stored in a device.

A

FDE - Full Disk Encryption

31
Q

Provides data protection of a storage device using full-disk encryption in the drive hardware.

A

SED - Self Encrypting Drive

32
Q

Access control system that assigns labels to objects in an operating system.

A

MAC

33
Q

Provides a centralized management system for all mobile devices. From this central control security administrators can set policies for many different types of mobile devices.

A

MDM - Mobile Device Manager

34
Q

A device commonly purchased by the corporation and allows the use of the mobile device for both business and personal use.

A

COPE - Corporately Owned and Personally Enabled

35
Q

Allows an organization to securely separate user data from company data.

A

Containerization

36
Q

Separates the applications from the mobile device.

A

VDI (Virtual Desktop Infrastructure)

37
Q

Test result that fails to detect an issue when one actually exists.

A

False Negative

38
Q

Temporary, time-based code generated by an app on a user’s device. It changes every 30-60 seconds and is used as a second factor in two-factor authentication. This is an additional authentication control.

A

TOPT - Time-Based One-Time Password

39
Q

Physical card with embedded integrated circuits used for secure authentication. Users insert the card into a reader and often enter a PIN to log in.

A

Smart Card

40
Q

Network access control protocol that requires individual user authentication using a username and password (or other credentials). This is like each person having their own unique key to enter a building. Each user must prove their identity with a unique username and password.

A

802.1X

41
Q

Uses a shared password for all users to access the network. Think of this like a shared secret handshake that everyone uses to join a club. Everyone knows the same handshake (password).

A

WPA2-PSK (Wi-Fi Protected Access 2 - Pre-Shared Key)

42
Q

Simplified method for connecting devices to a Wi-fi network using a PIN or a physical button press. This is like pressing a button to get instant access, no unique keys required.

A

WPS (Wi-fi Protected Setup)

43
Q

Refers to the encryption method used by WPA2 (Advanced encryption standard) and ensures that the data transmitted over the network is encrypted and secure but does not specify the authentication method. This is like using a strong lock on the door to keep the building secure, but it doesn’t determine how you prove you should be allowed in.

A

WPA2-AES

44
Q

Command that will display information at the end of a file.

A

tail

45
Q

Command that will retrieve a web page and display it as HTML at the command line.

A

curl

46
Q

Command that can be use to search for a specific string through a file display in html on command line.

A

grep

47
Q

Type of access control model that allows the owner of the resource to control who has access.

A

DAC - Discretionary Access Control

48
Q

Type of access control model that combines many different parameters to determine if a user has access to a resource.

A

ABAC - Attribute-Access Control

49
Q

Type of access control that assigns rights and permissions based on the role of a user. These roles are usually assigned by a group.

A

RBAC - Role-based access control

50
Q

Social engineering attack that asks for personal information through SMS or text.

A

Smishing

51
Q
A