Full Test Flashcards

1
Q

What is RipeMD

A
  • RACE integrity Primitive Evaluation Message Digest
  • open source hashing algo
    160-320 bit
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is BPDU Guard

A
  • Bridge Protocol Data Unit
  • Enhancement to Spanning Tree Protocol
  • CISCO calls it “port fast”
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is EAP TTLS

A
  • Extensible Auth Protocol Tunnelled TLS
  • Used with other protocols
  • Auth Server needs a certificate
  • WPA2 enterprise
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is VMI?

A
  • Virtual Mobile Infrastructure

- Mobile Apps actually run from remote server

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is CASB?

A
  • Cloud Access Security Broker “Caz-Bee”

- OnPrem or Cloud software that provides visibility, security, compliance, and threat prevention

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is conditional access?

A
  • Manage access through SaaS

- Condtions like Geography, IP, used device, browser, OS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is PAM?

A
  • Privilege Access Managment

- Admins “check out” admin privileges for a set length of time

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is NIST SP800-61?

A

-Computer Security Incident Handling Guide

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is ISO 27001?

A
  • International Standard for Information Security Management Systems
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is ISO 27002?

A
  • Code of practice for implementing security controls.

- if ISO 27001 is the “what and why” then 27002 is the “how”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is ISO 27701?

A
  • Intl standard for Privacy Information Managment Systems

- Extends 27001 to deal with GDPR

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is ISO 31000?

A
  • Intl Std for Risk Management

- Generic guidelines

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is CSA?

A
  • Cloud Security Alliance
  • Organization dedicated to defining best practices for secure cloud computing
  • Cloud Control Matrix is the framework
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What does the Data Steward do?

A
  • Oversight or governance role
  • Responsibility for accuracy, privacy, & security
  • Applies sensitivity labels
  • Ensures legal and compliance standards are met
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is a Data Controller?

A
  • How and why data is used within organization
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is a Data Custodian?

A
  • Responsible for the safe custody, transport, and storage of data.
  • IT function more than business function.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is a Data Protection Officer?

A
  • Responsible for Overall Data Privacy Policy.
  • GDPR compliance
  • All PII/PHI data is handled correctly
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What is SASL?

A
  • Simple Authentication and Security Layer
  • Used with various auth schemes. Eg.
    Kerebos
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What is SNMPv3?

A
  • Simple Network Managment Protocol v 3
  • Provides CIA for Network Managment
  • UDP 161
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What is STP?

A
  • Spanning Tree Protocol
  • Prevents Layer 2 loops
  • Leaves single active path between nodes
  • 802.1D/802.1Q-2014
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What is RFC?

A
  • Request For Comments
  • Standard Setting bodies on Internet like Internet Engineering Task Force (IETF)
  • Shape Internet internal workings since 1969.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What is TTP?

A
  • Tactics, Techniques, & Procedures

- Codified playbook for individual attackers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What is IRM?

A
  • Information Rights Management
  • E-DRM
  • “remote-control” of documents
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

What is RTO?

A
  • Recovery Time Objective
  • Time after EVENT before normal operations resume
  • “Acceptable levels” of ops
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

What is WRT?

A
  • Work Recovery Time
  • Verifying all is back to normal
  • Resume production
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

What is MTD?

A
  • Max Tolerable Downtime

- RTO + WRT = MTD

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

What is SIAM?

A
  • Service Integration and Management
  • Integrates multiple Cloud Service Providers
  • multisourcing
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

What is SDN?

A
  • Software Defined Networking
  • Centrally defined networking through logical means
  • OpenFlow protocol
  • Data Plane (packets)
  • Control Plane (routing process)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

What is VXLAN?

A
  • Virtual Exensible LAN
  • Layer 2
  • Scales to 16 million logical networks
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

What is Baseband?

A
  • Uses all available BW. 0% or 100%.
  • 1 direction per wire
  • Ethernet standard BASE
  • more signals via multiplexing
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

What is SSL VPN?

A
  • Secure Socket Layer VPN
  • Operates in browser
  • Uses HTTPS TCP/443
  • “Lightweight”
  • Good for remote access vice site-to-site
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

What is EAP-FAST?

A
  • Extensible Auth Protocol - Flexible Auth via Secure Tunnel
  • Supplicant and Auth Server share protected secret to mutually auth a tunnel
  • Replaces LEAP
  • 802.1x protocol
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

What port is Netbios on?

A
  • TCP/UDP 137-139
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

What communicates on ports 137-139?

A

Netbios (TCP/UDP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

Define WPA2

A
  • Wireless protected access version2
  • Uses CCMP block cipher
    • Counter mode with cipher block chaining
  • AES encryption
  • Potential for brute-forcing 4-way handshake
  • Hash Capture vuln
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

Define Site-to-Site VPN

A
  • Uses L2TP (Layer 2 Tunneling Protocol)
    • Acts like layer 3
  • IPSec for encryption (vice SSL VPN)
  • L2TP uses udp/1701
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

Define WPA3

A
  • Wifi Protected Access v. 3
  • Uses Galois/counter mode
  • AES encryption (as WPA2)
  • simultaneous auth of Equals (SAE)
  • perfect forward secrecy
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

Define Perfect Forward Secrecy?

A
  • Changes keys automatically and frequently
  • Protects PAST communication
  • ECDHE_RSA
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

What is RAID 6?

A
  • RAID = Redundant Array of Independent Disks
  • Raid 6 is striping with Double Parity
  • Requires at least 4 disks
  • 2 disks can fail
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

What service uses port 143?

A
  • IMAP
  • Internet Measafe Access Protocol
  • TCP
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

What port does IMAP use?

A
  • TCP/143
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

Define DES?

A
  • Digital Encryption Standard
  • symmetric
  • 64 bit blocks with 56 bit keys
  • old as fuck
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

Define sdelete?

A
  • Windows CLI program

- individual files

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

What is SAST?

A
  • Static Application Security Testing
  • Helps ID flaws like buffer overflow and Database Injection
  • Doesn’t get everything
  • Can help check for false positives
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

What service uses port 445?

A
  • Server Message Block (SMB)

- TCP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

What port does SMB use?

A
  • TCP/445
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

What service uses port 587?

A
  • SMTP w/SSL
  • TCP
  • Also TCP/465
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

What ports are used by SMTP w/SSL?

A
  • TCP/465

- TCP/587

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

What services use port 161?

A
  • SNMP (Simple Network Management Protocol)

- UDP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

What port does SNMP use?

A
  • udp/161
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q

What is WAF?

A
  • Web Application Firewall
  • Layer 7
  • Applies rules to HTTPS
  • Recognize SQL injection
  • Heavy PCI DSS use
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q

Define Raid 5

A
  • Striping with parity
  • Requires at least 3 disks
  • only 1 drive can fail
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
53
Q

Define RAID 10?

A
  • Striped and Mirrored
  • Requires 4 disks
  • Up to 2 can fail
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
54
Q

What are http secure headers?

A
  • Instructions to a browser to enforce security settings

- Https only, only allow local scrips, no I-frames allowed, etc

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
55
Q

What service uses port 993?

A
  • IMAP4 ssl

- tcp

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
56
Q

What port is used by IMAP4 ssl?

A
  • tcp/993
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
57
Q

What is SED?

A
  • Self Encrypting Drive
  • Hardware based
  • Cleared by overwriting the encryption keys
58
Q

What service uses port 53?

A
  • DNS

- tcp/udp

59
Q

What port does DNS use?

A
  • tcp/udp/53
60
Q

What service uses port 1433?

A
  • SQL server

- tcp

61
Q

What port does SQL server use?

A
  • tcp/1433
62
Q

What service uses port 514?

A
  • Syslog

- udp

63
Q

What port does Syslog use?

A
  • udp/514
64
Q

What service uses port 636?

A
  • LDAP w/ssl

- tcp/udp

65
Q

What port does LDAP w/ssl use?

A
  • tcp/udp/636
66
Q

What service uses port 3868?

A
  • Diameter

- tcp

67
Q

What port does DIAMETER use?

A
  • tcp/3868
68
Q

What is EAP?

A
  • Extensible Auth Protocol
  • Auth framework
  • Integrates with 802.1x
69
Q

What is AES?

A
  • Advanced Encryption Standard
  • symmetrical
  • 128 through 256 bit
70
Q

What service uses port 1723?

A
  • PPTP
  • point to point VPN
  • tcp/udp
71
Q

What port does PPTP use?

A
  • tcp/udp 1723
72
Q

Define IDEA?

A
  • International Data Encryption Algorithm

- 64 bit, 128 key

73
Q

What service uses port 989-990?

A
  • FTPS
  • uses ssl for security
  • different from S(sh)FTP
74
Q

What port does FTPS use?

A
  • tcp 989-990
75
Q

What service uses 993?

A
  • POP3 w/ssl

- tcp

76
Q

What port does POP3 w/ssl use?

A
  • tcp/995
77
Q

What service uses port 465?

A
  • SMTP w/SSL
  • tcp
  • also port 587
78
Q

What is SAE?

A
  • Simultaneous Auth of Equals
  • WPA3 characteristic
  • Diffie-helmann based
  • everyone has a different session
  • dragonfly handshake key exchange
79
Q

What is Trusted Boot?

A
  • software validation that the kernel, bootloader, etc has not changed
  • Early Launch Anti-Malware (ELAM)
  • verifies OS signature
80
Q

What service runs on port 135?

A
  • Remote Procedure Call (RPC)

- tcp/udp

81
Q

What port does Remote Procedure Call use?

A
  • tcp/udp 135
82
Q

What is RPC?

A
  • Remote Procedure Call

- allows one system to call a subroutine on another

83
Q

What is EAP TLS?

A
  • EAP Transport Layer Security
  • WPA2
  • all devices need x.509 cert
  • mutual auth
  • PKI needed
84
Q

What is PEAP?

A
  • Protected EAP
  • AS needs a certificate, supplicant doesnt
  • MS-CHAPv2 (microsoft challenge handshake Auth protocol)
  • often used with token generator
  • Cisco, MS, and RSA developed
85
Q

What is SEAndroid?

A
  • Security Enhanced Android
  • uses MAC (mandatory access control)
  • SELinux in Android OS
86
Q

What are Cloud Security Groups?

A
  • level 4 firewall port

- level 3: ipaddr, cidr, ipv4/6

87
Q

What is Instance Awareness?

A
  • cloud concept

- granular security controls

88
Q

What is a Next-gen Secure Web Gateway?

A
  • Protect users and devixes regardless of location
  • goes beyond URL and GET requests
  • Examines JSON and API calls
  • instance aware
89
Q

What is IdP?

A
  • Identity Provider
  • Who are you? Who vouches?
  • Authorization as a Service
  • Single Sign on (sso)
  • SAML, OAuth, OpenID
90
Q

Command to create a ssh keypair?

A

$ssh-keygen -t $ENCRYPTION$

- ed25519, rsa

91
Q

What is CHAP?

A
  • Challenge Handshake Auth Protocol
  • encrypted challenge
    1. Server sends challenge
    2. Client sends PW bas
    3. Server compares
    4. Ongoing and invisible during session
92
Q

What is SAML?

A
  • Security Assertion Markup Language
  • open standard for auth
  • not good for mobile
93
Q

What is OAuth?

A
  • Auth framework
  • Determine whar resources can be accessed
  • Not a protocol
  • Used w/OPENID
  • Google, FB, Twitter
  • “Xapp wants to access your Google acct”
94
Q

Describe the Key Management Lifcycle

A
  1. Key generation of requested str w proper cipher
  2. Certificate gen - allocate key to user
  3. Distribution - securely xfer to user
  4. Storage
  5. Expiration/Revocation
95
Q

What is a Public Key Certificate?

A
  • binding of public key with digital signature and other details
96
Q

Describe a Domain Validation Certificate

A
  • owner of certificate has control over domain
97
Q

What is an Extended Validation Certificate?

A
  • Additional verification checks for certificate owner
  • Like a bank
  • Outdated
98
Q

What is a SAN?

A
  • Subject Alternate Name
  • Extension to an x.509
  • Allows wildcards
    • *.jacklawton.com
      mail. jacklawton.com
      training. jacklawton.com
99
Q

What is a .der?

A
  • Distinguished Encoding Rules
  • x.509 cert
  • binary, not human readable
  • often used with Java
100
Q

What is a .pem?

A
  • Privacy Enhanced Mail
  • 64-bit (ascii) encoded .der
  • what you normally get from CA
101
Q

What is a .p12?

A
  • Public Key Cryptography Standard #12
  • container for multiple certs
  • also .pfx
  • used to transfer key pairs
  • can be password protected
102
Q

What is a .cer?

A
  • Windows x.508 certificate format

- can be binary like .der or ascii like .pem

103
Q

What is .p7b?

A
  • PKCS#7
  • contains certs but only public key
  • ascii
104
Q

Describe OCSP stapling

A
  • “Staples” time stamped revocation info to the cert so clients don’t have to contact the CA for revocation info
105
Q

What is pinning?

A
  • obsolete technique to prevent website impersonation
106
Q

Describe the netstat command

A
  • CLI tool that displays tcp/ip connections, routing tables, and other network statistics
    $netstat -a = all
    $netstat -b = binaries (windows)
    $netstat -n = numbers only (no name)
107
Q

Describe the routeprint command

A
  • show routing tables

- same as $netstat -r

108
Q

What is OpenSSL?

A
  • toolkit & crypto library for ssl/tls
  • create x.509 certs, revoke, and sign
  • hashing protocols for mag digests
  • en/decryption
109
Q

What is winhex?

A
  • windows hexadecimal editor
  • edit disks
  • clone disls
  • secure wipe
  • forensics tool
110
Q

Describe Data Sanitization

A
  • secure and permanent erasure of sensitive data from media to guarantee no residual dara can be recovered even through forensic analysis
111
Q

Describe the Incident Recovery phase of the Incident Recovery plan?

A
  • The process of restoring and returning affected devices back to business environment.
  • Return to normal
  • Restore from backup
112
Q

Describe the isolation and containment phase of the Incident Response Plan?

A
  • Contain the breach. Sandboxing, disconnection, start redundant systems
  • Update and patch?
113
Q

Describe the Identification Phase of Incident Response Plan?

A
  • Indications an attack is happening
  • network is vulnscanned
  • indicators of compromise
114
Q

Describe the Preparation phase of the Incident Response Plan?

A
  • Establish communication methods. Remembering that normal comms may be compromised
  • Hardware and software toolkit
  • Documents, net diagrams, baselines, hashes
  • Mitigation software
  • OS images
115
Q

Describe the phases of Incident Response Plan?

A
  1. Preparation
  2. Identification and analysis
  3. Isolation, Containment, & Eradication
  4. Recovery
  5. Post event activity
116
Q

What is outlined by RFC 3227?

A
  • Guidelines for Evidence Collection and Archiving
    1: Acquisition
    2: Analysis
    3: Reporting
117
Q

Describe the Order of Volatility

A

1: CPU registers, CPU Cache
2: Router table, ARP cache, process table, kernel, RAM
3: Temp File Systems
4: Disk drive
5: Remote Logging/Monitoring
6: network topology
7: Archival Media

118
Q

Describe the CIS CSC?

A
  • Center for Internet Security Critical Security Controls
  • Improve Cyber Defense
  • 20 key sections
  • Scalable to different organization sizes
119
Q

Describe the NIST RMF?

A
  • National Institute Standards Techology Risk Management Framework
  • Federal Agency Requirement
  • 6 stages: Categorize, Select, Implement, Assess, Authorize, Monitor
120
Q

Describe the NIST CSF?

A
  • NIST Cybersecurity Framework
  • voluntary for civilian/commercial orgs
  • ID, Protect, Detect, Respond, & Recover
121
Q

Describe the SSAE SOC2 type 1/2?

A
  • American Institute of CPAs Auditing Standard Statement on Standards of Attestation Engagements #18 (SSAE18)
  • SOC2 is Trust Services Criteria
    • Firewalls, MFA, Intrusion Detection
122
Q

What is ALE?

A
  • Annualized Loss Expectancy
  • ARO x SLE
    ARO = Annual Rate of Occurance
    SLE = Single Loss Expense
123
Q

What is RTO?

A
  • Recovery Time Objective
  • Up and running quickly to service level
  • Not complete
124
Q

What is EDR?

A
  • Endpoint Detection & Response
  • Behavioral analysis, machine learning, process monitoring
  • Lightweight agent on endpoint
  • API automated
  • Root cause analysis
125
Q

What is SRTP?

A
  • Secure Real-Time Transport Protocol
  • VOIP
  • AES
  • HMAC - Hash-based auth code using SHA 1
126
Q

What is a HIDS?

A
  • Host-based IDS

- Log files to ID intrusion

127
Q

What is bcrypt?

A
  • Password hashing function

- Uses blowfish to do multiple rounds

128
Q

What is PBKDF2?

A
  • Password-based Key Derivation Function 2

- Part of RSA public key cryptography

129
Q

What is Homomorphic Encryption?

A
  • Encryption scheme that allows operations to be performed on the encrypted data without decryption
130
Q

What is a Stream Cipher?

A
  • One bit or byte at a time
  • high speed, low hardware complexity
  • symmetric encryption
  • use IV for randomization
131
Q

What is a Block Cipher?

A
  • Fixed length groups
  • 64 or 128 bit blocks
  • en/decrypted independently
  • symmetric
132
Q

Describe GCM?

A
  • Galois/Counter Mode
  • Combines counter with authentication
  • Auth is part of block
  • SSH/TLS
133
Q

What is ECB?

A
  • Simplest mode of Block Ciphering

- same key for each block

134
Q

Define CBC?

A
  • Cipher Block Chaining
  • Each block is XOR with previous
  • additional randomization
  • uses IV for 1st block
135
Q

Define Counter Mode?

A
  • Encrypts successive value of a counter
136
Q

Define POP3 & Secure IMAP

A
  • Use STARTTLS to encrypt POP3 or IMAP w SSL
137
Q

Elaborate the differences between FTPS and SFTP?

A

FTPS is FTP secure. Uses SSL on port 989 and 990

SFTP is SSH FTP. Uses SSH to send FTP

138
Q

What is a NGFW?

A
  • Next Generation Firewall
  • OSI Layer 7 application
  • Can allow or disallow features
  • all data in every packet
  • Deep packet inspection
  • Stateful multilayer inspection
139
Q

What is the CTA?

A
  • Cyber Threat Alliance

- Members validate forwarded threat intelligence

140
Q

Define SOAR

A
  • Security Orchestration Automation and Response

- Automated security that can apply tools automatically at any time without intervention

141
Q

Define RPO?

A
  • Recovery Point Objective

- Longest time an organization can lose data for

142
Q

Define MTD?

A
  • Max Tolerable Downtime

- Longest time ops can be down without catastrophic damage