Full Test Flashcards
What is RipeMD
- RACE integrity Primitive Evaluation Message Digest
- open source hashing algo
160-320 bit
What is BPDU Guard
- Bridge Protocol Data Unit
- Enhancement to Spanning Tree Protocol
- CISCO calls it “port fast”
What is EAP TTLS
- Extensible Auth Protocol Tunnelled TLS
- Used with other protocols
- Auth Server needs a certificate
- WPA2 enterprise
What is VMI?
- Virtual Mobile Infrastructure
- Mobile Apps actually run from remote server
What is CASB?
- Cloud Access Security Broker “Caz-Bee”
- OnPrem or Cloud software that provides visibility, security, compliance, and threat prevention
What is conditional access?
- Manage access through SaaS
- Condtions like Geography, IP, used device, browser, OS
What is PAM?
- Privilege Access Managment
- Admins “check out” admin privileges for a set length of time
What is NIST SP800-61?
-Computer Security Incident Handling Guide
What is ISO 27001?
- International Standard for Information Security Management Systems
What is ISO 27002?
- Code of practice for implementing security controls.
- if ISO 27001 is the “what and why” then 27002 is the “how”
What is ISO 27701?
- Intl standard for Privacy Information Managment Systems
- Extends 27001 to deal with GDPR
What is ISO 31000?
- Intl Std for Risk Management
- Generic guidelines
What is CSA?
- Cloud Security Alliance
- Organization dedicated to defining best practices for secure cloud computing
- Cloud Control Matrix is the framework
What does the Data Steward do?
- Oversight or governance role
- Responsibility for accuracy, privacy, & security
- Applies sensitivity labels
- Ensures legal and compliance standards are met
What is a Data Controller?
- How and why data is used within organization
What is a Data Custodian?
- Responsible for the safe custody, transport, and storage of data.
- IT function more than business function.
What is a Data Protection Officer?
- Responsible for Overall Data Privacy Policy.
- GDPR compliance
- All PII/PHI data is handled correctly
What is SASL?
- Simple Authentication and Security Layer
- Used with various auth schemes. Eg.
Kerebos
What is SNMPv3?
- Simple Network Managment Protocol v 3
- Provides CIA for Network Managment
- UDP 161
What is STP?
- Spanning Tree Protocol
- Prevents Layer 2 loops
- Leaves single active path between nodes
- 802.1D/802.1Q-2014
What is RFC?
- Request For Comments
- Standard Setting bodies on Internet like Internet Engineering Task Force (IETF)
- Shape Internet internal workings since 1969.
What is TTP?
- Tactics, Techniques, & Procedures
- Codified playbook for individual attackers
What is IRM?
- Information Rights Management
- E-DRM
- “remote-control” of documents
What is RTO?
- Recovery Time Objective
- Time after EVENT before normal operations resume
- “Acceptable levels” of ops
What is WRT?
- Work Recovery Time
- Verifying all is back to normal
- Resume production
What is MTD?
- Max Tolerable Downtime
- RTO + WRT = MTD
What is SIAM?
- Service Integration and Management
- Integrates multiple Cloud Service Providers
- multisourcing
What is SDN?
- Software Defined Networking
- Centrally defined networking through logical means
- OpenFlow protocol
- Data Plane (packets)
- Control Plane (routing process)
What is VXLAN?
- Virtual Exensible LAN
- Layer 2
- Scales to 16 million logical networks
What is Baseband?
- Uses all available BW. 0% or 100%.
- 1 direction per wire
- Ethernet standard BASE
- more signals via multiplexing
What is SSL VPN?
- Secure Socket Layer VPN
- Operates in browser
- Uses HTTPS TCP/443
- “Lightweight”
- Good for remote access vice site-to-site
What is EAP-FAST?
- Extensible Auth Protocol - Flexible Auth via Secure Tunnel
- Supplicant and Auth Server share protected secret to mutually auth a tunnel
- Replaces LEAP
- 802.1x protocol
What port is Netbios on?
- TCP/UDP 137-139
What communicates on ports 137-139?
Netbios (TCP/UDP)
Define WPA2
- Wireless protected access version2
- Uses CCMP block cipher
- Counter mode with cipher block chaining
- AES encryption
- Potential for brute-forcing 4-way handshake
- Hash Capture vuln
Define Site-to-Site VPN
- Uses L2TP (Layer 2 Tunneling Protocol)
- Acts like layer 3
- IPSec for encryption (vice SSL VPN)
- L2TP uses udp/1701
Define WPA3
- Wifi Protected Access v. 3
- Uses Galois/counter mode
- AES encryption (as WPA2)
- simultaneous auth of Equals (SAE)
- perfect forward secrecy
Define Perfect Forward Secrecy?
- Changes keys automatically and frequently
- Protects PAST communication
- ECDHE_RSA
What is RAID 6?
- RAID = Redundant Array of Independent Disks
- Raid 6 is striping with Double Parity
- Requires at least 4 disks
- 2 disks can fail
What service uses port 143?
- IMAP
- Internet Measafe Access Protocol
- TCP
What port does IMAP use?
- TCP/143
Define DES?
- Digital Encryption Standard
- symmetric
- 64 bit blocks with 56 bit keys
- old as fuck
Define sdelete?
- Windows CLI program
- individual files
What is SAST?
- Static Application Security Testing
- Helps ID flaws like buffer overflow and Database Injection
- Doesn’t get everything
- Can help check for false positives
What service uses port 445?
- Server Message Block (SMB)
- TCP
What port does SMB use?
- TCP/445
What service uses port 587?
- SMTP w/SSL
- TCP
- Also TCP/465
What ports are used by SMTP w/SSL?
- TCP/465
- TCP/587
What services use port 161?
- SNMP (Simple Network Management Protocol)
- UDP
What port does SNMP use?
- udp/161
What is WAF?
- Web Application Firewall
- Layer 7
- Applies rules to HTTPS
- Recognize SQL injection
- Heavy PCI DSS use
Define Raid 5
- Striping with parity
- Requires at least 3 disks
- only 1 drive can fail
Define RAID 10?
- Striped and Mirrored
- Requires 4 disks
- Up to 2 can fail
What are http secure headers?
- Instructions to a browser to enforce security settings
- Https only, only allow local scrips, no I-frames allowed, etc
What service uses port 993?
- IMAP4 ssl
- tcp
What port is used by IMAP4 ssl?
- tcp/993
What is SED?
- Self Encrypting Drive
- Hardware based
- Cleared by overwriting the encryption keys
What service uses port 53?
- DNS
- tcp/udp
What port does DNS use?
- tcp/udp/53
What service uses port 1433?
- SQL server
- tcp
What port does SQL server use?
- tcp/1433
What service uses port 514?
- Syslog
- udp
What port does Syslog use?
- udp/514
What service uses port 636?
- LDAP w/ssl
- tcp/udp
What port does LDAP w/ssl use?
- tcp/udp/636
What service uses port 3868?
- Diameter
- tcp
What port does DIAMETER use?
- tcp/3868
What is EAP?
- Extensible Auth Protocol
- Auth framework
- Integrates with 802.1x
What is AES?
- Advanced Encryption Standard
- symmetrical
- 128 through 256 bit
What service uses port 1723?
- PPTP
- point to point VPN
- tcp/udp
What port does PPTP use?
- tcp/udp 1723
Define IDEA?
- International Data Encryption Algorithm
- 64 bit, 128 key
What service uses port 989-990?
- FTPS
- uses ssl for security
- different from S(sh)FTP
What port does FTPS use?
- tcp 989-990
What service uses 993?
- POP3 w/ssl
- tcp
What port does POP3 w/ssl use?
- tcp/995
What service uses port 465?
- SMTP w/SSL
- tcp
- also port 587
What is SAE?
- Simultaneous Auth of Equals
- WPA3 characteristic
- Diffie-helmann based
- everyone has a different session
- dragonfly handshake key exchange
What is Trusted Boot?
- software validation that the kernel, bootloader, etc has not changed
- Early Launch Anti-Malware (ELAM)
- verifies OS signature
What service runs on port 135?
- Remote Procedure Call (RPC)
- tcp/udp
What port does Remote Procedure Call use?
- tcp/udp 135
What is RPC?
- Remote Procedure Call
- allows one system to call a subroutine on another
What is EAP TLS?
- EAP Transport Layer Security
- WPA2
- all devices need x.509 cert
- mutual auth
- PKI needed
What is PEAP?
- Protected EAP
- AS needs a certificate, supplicant doesnt
- MS-CHAPv2 (microsoft challenge handshake Auth protocol)
- often used with token generator
- Cisco, MS, and RSA developed
What is SEAndroid?
- Security Enhanced Android
- uses MAC (mandatory access control)
- SELinux in Android OS
What are Cloud Security Groups?
- level 4 firewall port
- level 3: ipaddr, cidr, ipv4/6
What is Instance Awareness?
- cloud concept
- granular security controls
What is a Next-gen Secure Web Gateway?
- Protect users and devixes regardless of location
- goes beyond URL and GET requests
- Examines JSON and API calls
- instance aware
What is IdP?
- Identity Provider
- Who are you? Who vouches?
- Authorization as a Service
- Single Sign on (sso)
- SAML, OAuth, OpenID
Command to create a ssh keypair?
$ssh-keygen -t $ENCRYPTION$
- ed25519, rsa
What is CHAP?
- Challenge Handshake Auth Protocol
- encrypted challenge
1. Server sends challenge
2. Client sends PW bas
3. Server compares
4. Ongoing and invisible during session
What is SAML?
- Security Assertion Markup Language
- open standard for auth
- not good for mobile
What is OAuth?
- Auth framework
- Determine whar resources can be accessed
- Not a protocol
- Used w/OPENID
- Google, FB, Twitter
- “Xapp wants to access your Google acct”
Describe the Key Management Lifcycle
- Key generation of requested str w proper cipher
- Certificate gen - allocate key to user
- Distribution - securely xfer to user
- Storage
- Expiration/Revocation
What is a Public Key Certificate?
- binding of public key with digital signature and other details
Describe a Domain Validation Certificate
- owner of certificate has control over domain
What is an Extended Validation Certificate?
- Additional verification checks for certificate owner
- Like a bank
- Outdated
What is a SAN?
- Subject Alternate Name
- Extension to an x.509
- Allows wildcards
- *.jacklawton.com
mail. jacklawton.com
training. jacklawton.com
- *.jacklawton.com
What is a .der?
- Distinguished Encoding Rules
- x.509 cert
- binary, not human readable
- often used with Java
What is a .pem?
- Privacy Enhanced Mail
- 64-bit (ascii) encoded .der
- what you normally get from CA
What is a .p12?
- Public Key Cryptography Standard #12
- container for multiple certs
- also .pfx
- used to transfer key pairs
- can be password protected
What is a .cer?
- Windows x.508 certificate format
- can be binary like .der or ascii like .pem
What is .p7b?
- PKCS#7
- contains certs but only public key
- ascii
Describe OCSP stapling
- “Staples” time stamped revocation info to the cert so clients don’t have to contact the CA for revocation info
What is pinning?
- obsolete technique to prevent website impersonation
Describe the netstat command
- CLI tool that displays tcp/ip connections, routing tables, and other network statistics
$netstat -a = all
$netstat -b = binaries (windows)
$netstat -n = numbers only (no name)
Describe the routeprint command
- show routing tables
- same as $netstat -r
What is OpenSSL?
- toolkit & crypto library for ssl/tls
- create x.509 certs, revoke, and sign
- hashing protocols for mag digests
- en/decryption
What is winhex?
- windows hexadecimal editor
- edit disks
- clone disls
- secure wipe
- forensics tool
Describe Data Sanitization
- secure and permanent erasure of sensitive data from media to guarantee no residual dara can be recovered even through forensic analysis
Describe the Incident Recovery phase of the Incident Recovery plan?
- The process of restoring and returning affected devices back to business environment.
- Return to normal
- Restore from backup
Describe the isolation and containment phase of the Incident Response Plan?
- Contain the breach. Sandboxing, disconnection, start redundant systems
- Update and patch?
Describe the Identification Phase of Incident Response Plan?
- Indications an attack is happening
- network is vulnscanned
- indicators of compromise
Describe the Preparation phase of the Incident Response Plan?
- Establish communication methods. Remembering that normal comms may be compromised
- Hardware and software toolkit
- Documents, net diagrams, baselines, hashes
- Mitigation software
- OS images
Describe the phases of Incident Response Plan?
- Preparation
- Identification and analysis
- Isolation, Containment, & Eradication
- Recovery
- Post event activity
What is outlined by RFC 3227?
- Guidelines for Evidence Collection and Archiving
1: Acquisition
2: Analysis
3: Reporting
Describe the Order of Volatility
1: CPU registers, CPU Cache
2: Router table, ARP cache, process table, kernel, RAM
3: Temp File Systems
4: Disk drive
5: Remote Logging/Monitoring
6: network topology
7: Archival Media
Describe the CIS CSC?
- Center for Internet Security Critical Security Controls
- Improve Cyber Defense
- 20 key sections
- Scalable to different organization sizes
Describe the NIST RMF?
- National Institute Standards Techology Risk Management Framework
- Federal Agency Requirement
- 6 stages: Categorize, Select, Implement, Assess, Authorize, Monitor
Describe the NIST CSF?
- NIST Cybersecurity Framework
- voluntary for civilian/commercial orgs
- ID, Protect, Detect, Respond, & Recover
Describe the SSAE SOC2 type 1/2?
- American Institute of CPAs Auditing Standard Statement on Standards of Attestation Engagements #18 (SSAE18)
- SOC2 is Trust Services Criteria
- Firewalls, MFA, Intrusion Detection
What is ALE?
- Annualized Loss Expectancy
- ARO x SLE
ARO = Annual Rate of Occurance
SLE = Single Loss Expense
What is RTO?
- Recovery Time Objective
- Up and running quickly to service level
- Not complete
What is EDR?
- Endpoint Detection & Response
- Behavioral analysis, machine learning, process monitoring
- Lightweight agent on endpoint
- API automated
- Root cause analysis
What is SRTP?
- Secure Real-Time Transport Protocol
- VOIP
- AES
- HMAC - Hash-based auth code using SHA 1
What is a HIDS?
- Host-based IDS
- Log files to ID intrusion
What is bcrypt?
- Password hashing function
- Uses blowfish to do multiple rounds
What is PBKDF2?
- Password-based Key Derivation Function 2
- Part of RSA public key cryptography
What is Homomorphic Encryption?
- Encryption scheme that allows operations to be performed on the encrypted data without decryption
What is a Stream Cipher?
- One bit or byte at a time
- high speed, low hardware complexity
- symmetric encryption
- use IV for randomization
What is a Block Cipher?
- Fixed length groups
- 64 or 128 bit blocks
- en/decrypted independently
- symmetric
Describe GCM?
- Galois/Counter Mode
- Combines counter with authentication
- Auth is part of block
- SSH/TLS
What is ECB?
- Simplest mode of Block Ciphering
- same key for each block
Define CBC?
- Cipher Block Chaining
- Each block is XOR with previous
- additional randomization
- uses IV for 1st block
Define Counter Mode?
- Encrypts successive value of a counter
Define POP3 & Secure IMAP
- Use STARTTLS to encrypt POP3 or IMAP w SSL
Elaborate the differences between FTPS and SFTP?
FTPS is FTP secure. Uses SSL on port 989 and 990
SFTP is SSH FTP. Uses SSH to send FTP
What is a NGFW?
- Next Generation Firewall
- OSI Layer 7 application
- Can allow or disallow features
- all data in every packet
- Deep packet inspection
- Stateful multilayer inspection
What is the CTA?
- Cyber Threat Alliance
- Members validate forwarded threat intelligence
Define SOAR
- Security Orchestration Automation and Response
- Automated security that can apply tools automatically at any time without intervention
Define RPO?
- Recovery Point Objective
- Longest time an organization can lose data for
Define MTD?
- Max Tolerable Downtime
- Longest time ops can be down without catastrophic damage
