Exam Review 2 Flashcards
What is the main goal of digital forensics?
To collect and protect information relating to an intrusion.
What does RFC 3227 provide guidelines for?
Evidence Collection and Archiving in digital forensics.
What is a legal hold in digital forensics?
A technique to preserve relevant information in preparation for impending litigation.
What is the purpose of capturing video in digital forensics?
To record events and gather information external to the computer and network.
What is important in maintaining a chain of custody for digital evidence?
Controlling evidence to maintain integrity and documenting everyone who contacts the evidence.
What does the term ‘admissibility’ refer to in digital forensics?
The acceptability of data as evidence in a court of law.
How is time offset important in digital forensics?
It helps to accurately interpret the timestamps of data collected from different file systems.
Why are event logs significant in digital forensics?
They document important operating system and application events for future reference.
How are network infrastructure devices secured?
Through configurations like authentication settings, security updates, and access limitations.
What is the standard process for digital forensics?
Acquisition, analysis, and reporting of digital evidence.
Why is operating system hardening important?
To secure the OS through updates, user account management, and network security measures.
What is the purpose of application server hardening?
To secure programming languages and runtime libraries, disable unnecessary services, and apply security patches.
What does the ISO/IEC 27001 framework focus on?
Information Security Management Systems.
What is SSAE SOC 2 Type I/II in security standards?
An auditing standard for evaluating security controls like firewalls and intrusion detection.
What is PCI DSS in security standards?
Payment Card Industry Data Security Standard, a standard for protecting credit card information.
What role do deterrent controls play in security?
They discourage intrusion attempts without directly preventing access.
What are compensating controls in security?
Controls that restore security using alternate means, like re-imaging or backup restoration.
What are corrective controls in security?
Designed to mitigate damage, like IPS blocking attackers or backups for ransomware infection.
How do detective controls function in security?
They identify and record intrusion attempts, like motion detectors and IDS/IPS.
What is the purpose of preventive controls in security?
To physically control access, such as door locks and firewalls.
What are the categories of security controls?
Managerial, operational, and technical controls.
Symmetric Cryptographic Algorithms
Symmetric encryption uses a single shared key for both encryption and decryption. It’s faster than asymmetric encryption, with less overhead.
How to review Sudo Commands?
The specific command to review all sudo commands issued by Terri is not detailed in the study guide.
Power Distribution Units (PDUs)
PDUs provide multiple power outlets, usually in a rack, and often include monitoring and control to manage power capacity and enable/disable individual outlets.
Uninterruptible Power Supply (UPS)
There are different types of UPS, including Offline/Standby, Line-interactive, and On-line/Double-conversion. Features include auto shutdown, battery capacity, and outlets.
What does Cross-Site Scripting, SQL Injection, XML Injection Attacks have in common?
These are enabled due to bad programming and improper handling of input and output.
What makes the Strongest Encryption Key?
Larger keys tend to be more secure. Common symmetric encryption key lengths are 128-bit or larger. Asymmetric encryption uses larger keys, often 3072 bits or larger.
What is an Access Control List?
An ACL involves group/user rights and permissions and can be centrally administered. It’s used for accessing information stored on various media.
What is a hardware root of trust?
It’s the basis of security trust, verifying if data is safely encrypted or if an OS has been infected. Examples include TPM and HSM.
Why is boot integrity important?
It’s important because the boot process is a perfect infection point for rootkits, which run in kernel mode with the same rights as the operating system.
What are some important network protocols?
IPSec (Authentication Header, Encapsulation Security Payload), FTPS, SFTP, and LDAP.
What are the considerations for cipher suites?
Be wary of weak or null encryption (less than 128-bit key sizes), outdated hashes (MD5), and insecure protocols.
What is a Faraday Cage and what is its purpose?
A Faraday Cage blocks electromagnetic fields, discovered by Michael Faraday in 1836. It’s made of conductive material and cancels electromagnetic fields’ effects on the interior.
What are the methods for secure data destruction?
Methods include physically destroying the media, sanitizing the media for reuse, shredding/pulverizing, drilling/hammering, and electromagnetic degaussing.
What is an air gap in the context of network security?
Information about air gaps was not found in the guide.
What are the differences between on-premises and off-premises computing environments?
On-premises involves local hardware and servers in your building, while off-premises/hosted means servers are not in your building and might not run on your hardware.
What is a differential backup?
It starts with a full backup, followed by subsequent backups containing data changed since the last full backup. Restoration requires the full backup and the last differential backup.
Public Key Infrastructure (PKI)
Involves policies, procedures, hardware, software, and people for digital certificates creation, distribution, management, storage, and revocation.
Cryptographic Protocols
Involves confidentiality, authentication, access control, non-repudiation, and integrity. Terms include plaintext, ciphertext, cipher, and cryptanalysis.