Full Test Flashcards
What is RipeMD
- RACE integrity Primitive Evaluation Message Digest
- open source hashing algo
160-320 bit
What is BPDU Guard
- Bridge Protocol Data Unit
- Enhancement to Spanning Tree Protocol
- CISCO calls it “port fast”
What is EAP TTLS
- Extensible Auth Protocol Tunnelled TLS
- Used with other protocols
- Auth Server needs a certificate
- WPA2 enterprise
What is VMI?
- Virtual Mobile Infrastructure
- Mobile Apps actually run from remote server
What is CASB?
- Cloud Access Security Broker “Caz-Bee”
- OnPrem or Cloud software that provides visibility, security, compliance, and threat prevention
What is conditional access?
- Manage access through SaaS
- Condtions like Geography, IP, used device, browser, OS
What is PAM?
- Privilege Access Managment
- Admins “check out” admin privileges for a set length of time
What is NIST SP800-61?
-Computer Security Incident Handling Guide
What is ISO 27001?
- International Standard for Information Security Management Systems
What is ISO 27002?
- Code of practice for implementing security controls.
- if ISO 27001 is the “what and why” then 27002 is the “how”
What is ISO 27701?
- Intl standard for Privacy Information Managment Systems
- Extends 27001 to deal with GDPR
What is ISO 31000?
- Intl Std for Risk Management
- Generic guidelines
What is CSA?
- Cloud Security Alliance
- Organization dedicated to defining best practices for secure cloud computing
- Cloud Control Matrix is the framework
What does the Data Steward do?
- Oversight or governance role
- Responsibility for accuracy, privacy, & security
- Applies sensitivity labels
- Ensures legal and compliance standards are met
What is a Data Controller?
- How and why data is used within organization
What is a Data Custodian?
- Responsible for the safe custody, transport, and storage of data.
- IT function more than business function.
What is a Data Protection Officer?
- Responsible for Overall Data Privacy Policy.
- GDPR compliance
- All PII/PHI data is handled correctly
What is SASL?
- Simple Authentication and Security Layer
- Used with various auth schemes. Eg.
Kerebos
What is SNMPv3?
- Simple Network Managment Protocol v 3
- Provides CIA for Network Managment
- UDP 161
What is STP?
- Spanning Tree Protocol
- Prevents Layer 2 loops
- Leaves single active path between nodes
- 802.1D/802.1Q-2014
What is RFC?
- Request For Comments
- Standard Setting bodies on Internet like Internet Engineering Task Force (IETF)
- Shape Internet internal workings since 1969.
What is TTP?
- Tactics, Techniques, & Procedures
- Codified playbook for individual attackers
What is IRM?
- Information Rights Management
- E-DRM
- “remote-control” of documents
What is RTO?
- Recovery Time Objective
- Time after EVENT before normal operations resume
- “Acceptable levels” of ops
What is WRT?
- Work Recovery Time
- Verifying all is back to normal
- Resume production
What is MTD?
- Max Tolerable Downtime
- RTO + WRT = MTD
What is SIAM?
- Service Integration and Management
- Integrates multiple Cloud Service Providers
- multisourcing
What is SDN?
- Software Defined Networking
- Centrally defined networking through logical means
- OpenFlow protocol
- Data Plane (packets)
- Control Plane (routing process)
What is VXLAN?
- Virtual Exensible LAN
- Layer 2
- Scales to 16 million logical networks
What is Baseband?
- Uses all available BW. 0% or 100%.
- 1 direction per wire
- Ethernet standard BASE
- more signals via multiplexing
What is SSL VPN?
- Secure Socket Layer VPN
- Operates in browser
- Uses HTTPS TCP/443
- “Lightweight”
- Good for remote access vice site-to-site
What is EAP-FAST?
- Extensible Auth Protocol - Flexible Auth via Secure Tunnel
- Supplicant and Auth Server share protected secret to mutually auth a tunnel
- Replaces LEAP
- 802.1x protocol
What port is Netbios on?
- TCP/UDP 137-139
What communicates on ports 137-139?
Netbios (TCP/UDP)
Define WPA2
- Wireless protected access version2
- Uses CCMP block cipher
- Counter mode with cipher block chaining
- AES encryption
- Potential for brute-forcing 4-way handshake
- Hash Capture vuln
Define Site-to-Site VPN
- Uses L2TP (Layer 2 Tunneling Protocol)
- Acts like layer 3
- IPSec for encryption (vice SSL VPN)
- L2TP uses udp/1701
Define WPA3
- Wifi Protected Access v. 3
- Uses Galois/counter mode
- AES encryption (as WPA2)
- simultaneous auth of Equals (SAE)
- perfect forward secrecy
Define Perfect Forward Secrecy?
- Changes keys automatically and frequently
- Protects PAST communication
- ECDHE_RSA
What is RAID 6?
- RAID = Redundant Array of Independent Disks
- Raid 6 is striping with Double Parity
- Requires at least 4 disks
- 2 disks can fail
What service uses port 143?
- IMAP
- Internet Measafe Access Protocol
- TCP
What port does IMAP use?
- TCP/143
Define DES?
- Digital Encryption Standard
- symmetric
- 64 bit blocks with 56 bit keys
- old as fuck
Define sdelete?
- Windows CLI program
- individual files
What is SAST?
- Static Application Security Testing
- Helps ID flaws like buffer overflow and Database Injection
- Doesn’t get everything
- Can help check for false positives
What service uses port 445?
- Server Message Block (SMB)
- TCP
What port does SMB use?
- TCP/445
What service uses port 587?
- SMTP w/SSL
- TCP
- Also TCP/465
What ports are used by SMTP w/SSL?
- TCP/465
- TCP/587
What services use port 161?
- SNMP (Simple Network Management Protocol)
- UDP
What port does SNMP use?
- udp/161
What is WAF?
- Web Application Firewall
- Layer 7
- Applies rules to HTTPS
- Recognize SQL injection
- Heavy PCI DSS use
Define Raid 5
- Striping with parity
- Requires at least 3 disks
- only 1 drive can fail
Define RAID 10?
- Striped and Mirrored
- Requires 4 disks
- Up to 2 can fail
What are http secure headers?
- Instructions to a browser to enforce security settings
- Https only, only allow local scrips, no I-frames allowed, etc
What service uses port 993?
- IMAP4 ssl
- tcp
What port is used by IMAP4 ssl?
- tcp/993