General Flashcards Flashcards by justin davis

What does a digital signature consist of?

Hash & Private Key

How well did you know this?

Not at all

Perfectly

A type of OS characterized by low delay between the execution of tasks required in specific applications, such as in military missile guidance systems or in automotive braking systems, is known as:

RTOS - A Real Time Operating System, commonly known as an RTOS, is a software component that rapidly switches between tasks, giving the impression that multiple programs are being executed at the same time on a single processing core.

How well did you know this?

Not at all

Perfectly

IoT technology designed to provide communication between appliances in a home automation network?

Zigbee

Zigbee Definition - Zigbee is a wireless protocol that allows smart devices to communicate with each other over a Personal Area Network (PAN). Zigbee is used to link smart devices like lights, plugs, and smart locks to a home network.

How well did you know this?

Not at all

Perfectly

A lightly protected subnet (previously known as a DMZ) consisting of publicly available servers placed on the outside of the company’s firewall is called:

Screened subnet

How well did you know this?

Not at all

Perfectly

An asymmetric encryption key designed to be used only for a single session or transaction is known as:

Ephemeral key

How well did you know this?

Not at all

Perfectly

What are the characteristic features of a session key?

1) Used during a single session
2) Symmetric key

How well did you know this?

Not at all

Perfectly

A mathematical operation that is easy and quick to complete, but extremely difficult to reverse.

Trap Door

How well did you know this?

Not at all

Perfectly

A pseudorandom or random sequence of characters used to encrypt the first block of characters in the plaintext block.

used in block ciphers

initialization vector (IV)

How well did you know this?

Not at all

Perfectly

A suite of security extensions for an Internet service that translates domain names into IP addresses is known as:

DNSSEC

How well did you know this?

Not at all

Perfectly

A network protocol for secure file transfer over Secure Shell (SSH) is called:

SFTP

Secure File Transfer Protocol (SFTP) uses SSH and provides a secure way to transfer files between computers.

How well did you know this?

Not at all

Perfectly

Which part of the IPsec protocol suite provides authentication and integrity?

IPSec uses two distinct protocols, Authentication Header (AH) and Encapsulating Security Payload (ESP), which are defined by the IETF. The AH protocol provides a mechanism for authentication only. AH provides data integrity, data origin authentication, and an optional replay protection service.

How well did you know this?

Not at all

Perfectly

POP3 is used for:

Email retrieval

How well did you know this?

Not at all

Perfectly

Which protocol enables secure, real-time delivery of audio and video over an IP network?

SRTP

How well did you know this?

Not at all

Perfectly

The practice of finding vulnerabilities in an application by feeding it incorrect input is called:

Fuzzing

Fuzzing is an application security testing technique that feeds invalid inputs to a software program to expose vulnerabilities.

How well did you know this?

Not at all

Perfectly

What is “code signing?”

Code signing is the process of digitally signing executables and scripts to confirm the software author and guarantee that the code has not been altered or corrupted since it was signed

How well did you know this?

Not at all

Perfectly

What is static code analysis?

a software verification activity that analyzes source code for quality, reliability, and security without executing the code

How well did you know this?

Not at all

Perfectly

What is dynamic code analysis?

Dynamic code analysis is a form of black-box vulnerability scanning that allows software teams to scan running applications and identify vulnerabilities.

How well did you know this?

Not at all

Perfectly

In computer security, a mechanism for safe execution of untested code or untrusted applications is referred to as:

Sandboxing

How well did you know this?

Not at all

Perfectly

In active-active mode, load balancers distribute network traffic across:

All servers

How well did you know this?

Not at all

Perfectly

802.1X is an IEEE standard for implementing:

Port-based NAC

How well did you know this?

Not at all

Perfectly

In the Kerberos-based authentication process, the purpose of the client’s timestamp is to provide countermeasure against:

Replay attacks

How well did you know this?

Not at all

Perfectly

Which protocol ensures the reliability of the Kerberos authentication process?

NTP

Network time Protocol, Port # 123

How well did you know this?

Not at all

Perfectly

What is the function of a C2 server?

C2 = Command-and-Control

Botnet control

How well did you know this?

Not at all

Perfectly

Remapping a domain name to a rogue IP address is an example of what kind of exploit?

DNS poisoning

How well did you know this?

Not at all

Perfectly

In the context of MDM, the isolation of corporate applications and data from other parts of the mobile device is referred to as:

Containerization

The term "Rooting" refers to the capability of gaining administrative access to the operating system and system applications on:

Android devices

Mobile device updates delivered over a wireless connection are known as:

OTA Over The Air

Which of the following answers refers to a trusted third-party service for validating user identity in a federated identity system?

IdP IdP is an acronym for Identity Provider. It's a service that stores and verifies user identity. IdPs are typically cloud-hosted services, and they often work with single sign-on (SSO) providers to authenticate users

Installing mobile apps from websites and app stores other than the official marketplaces is referred to as:

Sideloading

Which technology enables establishing direct communication links between two USB devices?

OTG It stands for USB on-the-go. It allows you to connect multiple mobile devices directly together without using any type of computer.

What is COPE?

COPE (corporate-owned personally enabled) is a business model in which an organization provides its employees with mobile computing devicesand allows the employees to use them as if they were personally owned notebook computers, tablets or smartphones.

Which of the answers listed below refers to an obsolete authentication protocol that sends passwords in cleartext? PAP CHAP EAP MS-CHAP

PAP What is the PAP authentication method? PAP, or password authentication protocol, is a point-to-point protocol (PPP) authentication method that uses passwords to validate users. It is an internet standard (RFC 1334), password-based authentication protocol. Using PAP, data is not encrypted. It is sent to the authentication server as plain text.

Which of the answers listed below refers to an XML-based markup language for exchanging authentication and authorization data? SAML OpenID Connect Shibboleth OAuth

SAML

OAuth is an open standard for:

Authorization

OpenID Connect is a protocol used for:

Authentication

______________ is a remote access authentication protocol that periodically re-authenticates client at random intervals to prevent session hijacking

Challenge Handshake Authentication Protocol (CHAP)

Which digital certificate type allows multiple subdomains to be protected by a single certificate?

Wildcard certificate

A digital certificate which allows multiple domains to be protected by a single certificate is known as:

Subject Alternative Name (SAN) certificate

Which of the answers listed below refers to a method for requesting a digital certificate? CBC CSR CFB CRL

CSR A certificate signing request (CSR) is one of the first steps towards getting your own SSL/TLS certificate. Generated on the same server you plan to install the certificate on, the CSR contains information (e.g. common name, organization, country) the Certificate Authority (CA) will use to create your certificate.

A trusted third-party storage solution providing backup source for cryptographic keys is referred to as:

Key Escrow

In PKI, an account or combination of accounts that can copy a cryptographic key from backup or escrow and restore it to a subject host or user.

Recovery Agent

The practice of connecting to an open port on a remote host to gather more information about its configuration is known as:

Banner Grabbing

The term "___________" refers to the process of verifying authenticity of a newly received digital certificate. Such process involves checking all the certificates in the chain of certificates from a trusted root CA, through any intermediate CAs, down to the certificate issued to the end user. A new certificate can only be trusted if each certificate in that certificate's chain is properly issued and valid.

Certificate chaining

What is the name of a Windows command-line utility that can be used to display TCP/IP configuration settings?

ipconfig

Identifying the type and version of an operating system (or server application) by analyzing its responses to network scans.

Fingerprinting

A Linux command-line command for displaying routing table contents is called:

netstat -r

An anti-malware tool that enables automated analysis of suspicious files in a sandbox environment?

Cuckoo

A Linux command that allows to display the beginning of a file (by default its first 10 lines) is known as:

head

A Linux command that allows to create, view, and concatenate files is called:

cat

Which of the following commands in Linux displays the last part (by default its 10 last lines) of a file? tail read file printf

tail

A Linux command-line command that enables searching files for lines containing a match to a given text pattern is called

grep

Which of the following answers refers to a software library used to implement encrypted connections? SDK DNSSEC OpenSSL DLL

OpenSSL OpenSSL is a cryptographic software library that provides an open source implementation of the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. It's used to make communication over computer networks more secure. OpenSSL provides functions to: Generate private keys Manage certificates Equip client applications with encryption and decryption Perform CSR (Certificate Signing Request) Install SSL certificate

What is the function of the Linux chmod command?

Changes file owner and group permissions The `chmod` command is used to modify this permission so that it can grant or restrict access to directories and files

Which of the following forensic utilities enables the extraction of RAM contents? Memdump WinHex FTK imager Autopsy

Memdump A memory dump is a file that contains all the information that was stored in a device's working memory (RAM) prior to a system failure

A Linux command-line utility that can be used in the forensic process for creating and copying image files is called:

A multi-function disk and binary data editor used for low-level data processing, data recovery, and digital forensics

WinHex WinHex is a commercial disk editor and universal hexadecimal editor (hex editor) used for data recovery and digital forensics.

Which of the following answers refers to a tool for creating forensic images of computer data? diskpart FTK imager fsutil Autops

FTK imager FTK Imager is a free, open-source software tool developed by AccessData for creating disk images. It can create accurate copies of original evidence without making any changes to it

Open-source forensics platform that allows to examine the contents of a hard drive or mobile device and recover evidence from it

autopsy Autopsy is a free, open-source, Windows-based desktop digital forensics tool. It's a cyber forensic tool that can analyze Windows and UNIX file systems, recover deleted files, and show various sectors of uploaded images.

_________ is an open-source penetration testing framework used by security engineers. It's a Ruby-based platform that allows users to write, test, and execute exploit code. The framework contains a suite of tools that can be used to

Metasploit it is an exploitation framework

A globally accessible knowledge base of Adversary Tactics, Techniques, and Procedures (TTPs) based on observations from real-world attacks is known as: MITRE ATT&CK The Diamond Model of Intrusion Analysis Cyber Kill Chai

MITRE ATT&CK

Which of the following answers refers to a methodology framework for intrusion analysis developed by U.S. government intelligence community? MITRE ATT&CK The Diamond Model of Intrusion Analysis Cyber Kill Chain

The Diamond Model of Intrusion Analysis

Which of the following answers refers to a 7-step military model adopted by Lockheed Martin to identify the phases of a cyberattack? MITRE ATT&CK The Diamond Model of Intrusion Analysis Cyber Kill Chain

Cyber Kill Chain

Which of the following answers refers to a U.S. government initiative that provides the details on how to ensure continued performance of essential functions during unexpected events? SLA COOP RPO COPE

COOP Continuity of Operations Planning (COOP) is a set of instructions or procedures that describe how an organization's mission essential functions will be sustained during a disaster event.

Which type of server is used for collecting diagnostic and monitoring data from networked devices? Proxy server UC server Syslog server ICS server

Syslog Server A syslog server is a device on a network that receives, stores, and forwards log messages generated by other devices. Syslog servers can be used to:

Which of the following is a cross-platform log-managing tool? NetFlow rsyslog NXLog sFlow syslog-ng

NXLog NXLog is a multi-platform log collection and centralization tool. It offers log processing features, including log enrichment (parsing, filtering, and conversion) and log forwarding

Which of the following is a Cisco-designed IP traffic collection method that by default does not offer packet sampling? IPFIX NetFlow NXLog sFlow

Netflow NetFlow is a network protocol system created by Cisco that collects and analyzes active IP network traffic. NetFlow is the standard for acquiring IP operational data from IP networks

Which of the following answers refers to a cross-platform IP traffic collection method that takes advantage of packet sampling to optimize bandwidth and hardware resources usage? sFlow NXLog NetFlow IPFIX

sFlow sFlow is a multi-vendor, packet sampling technology used to monitor network devices including routers, switches, host devices and wireless access points. sFlow is an embedded technology – it is implemented through dedicated hardware chips embedded in the router/switch.

An IETF specification that defines how IP flow information is to be formatted and transferred from an exporter to a collector is called: NetFlow IPFIX sFlow NXLog

IPFIX

A _____ playbook is a checklist of actions that can be performed in response to a security incident.

SOAR

In forensic procedures, a chronological record outlining persons in possession of an evidence is referred to as:

Chain of custody

In forensic procedures, a sequence of steps in which different types of evidence should be collected is known as:

Order of volatility

Which memory type provides a CPU with the fastest access to frequently used data?

Cache Memory

A type of file that an OS uses to hold parts of programs and data files that cannot be stored in RAM due to insufficient memory space is called: (Select 2 answers) Swap file Temporary file Pagefile Signature file Archive file

Swap file Page File Swap file - A swap file is a file on your computer's hard drive that is used as virtual memory. It is an extension of the computer's physical memory random-access memory (RAM) and acts as a temporary storage space for data that doesn't fit in the RAM. Pagefile - In storage, a pagefile is a reserved portion of a storage drive that is used as an extension of random access memory for data in RAM that hasn't been used recently. A pagefile can be read from the storage drive as one contiguous chunk of data and thus faster than re-reading data from various original locations.

Which of the following answers refers to an example order of volatility for a typical computer system? Cache memory -> RAM -> Disk files -> Temporary files -> Swap/Pagefile -> Archival media Archival media -> Disk files -> Temporary files -> Swap/Pagefile -> RAM -> Cache memory Cache memory -> RAM -> Swap/Pagefile -> Temporary files -> Disk files -> Archival media Temporary files -> RAM -> Cache memory -> Swap/Pagefile -> Archival media -> Disk files

Cache memory -> RAM -> Swap/Pagefile -> Temporary files -> Disk files -> Archival media

Which certificate attribute describes the computer or machine it belongs to? (Select all that apply.) Company name Common name Subject alternate name Certificate authority name

Common name Subject alternate name The common name (CN) attribute identifies the computer or machine by name, usually a fully qualified domain name (FQDN), such as www.comptia.org. The subject alternate name (SAN) extension field is structured to represent different types of identifiers, including domain names. This is more commonly used as the CN attribute has been deprecated.

The ________ for a software product occurs when a product will no longer be produced or sold. These products are most likely to be replaced by a newer version or model.

(EOL) End of Life

The __________ occurs when a product will no longer be supported by a vendor. Updates and patches will no longer be produced.

(EOS) End of Service

allows a third-party to send unsolicited messages to another device using Bluetooth. The attack in this example did not use Bluetooth as an attack vector.

Bluejacking

separates the control plane of networking devices from the data plane. This allows for more automation and dynamic changes to the infrastructure.

SDN (Software-Defined Networking)

________ is an algorithm used for two devices to create identical shared keys without transferring those keys across the network.

Diffie-Hellman

Auditing software that collects status and configuration information from network devices. Many products are based on the Simple Network Management Protocol (SNMP).

Network Monitor

A solution that provides real-time or near-real-time analysis of security alerts generated by network hardware and applications.

SIEM

What are the three main types of log collection in siem?

Agent Based - with this approach, you must install an agent service on each host. As events occur on the host, logging data is filtered, aggregated, and normalized at the host, then sent to the SIEM server for analysis and storage. Listener/collector - rather than installing an agent, hosts can be configured to push updates to the SIEM server using a protocol such as syslog or SNMP. A process runs on the management server to parse and normalize each log/monitoring source. Sensor - —as well as log data, the SIEM might collect packet captures and traffic flow data from sniffers.

Devising an AI/ML algorithm that can describe or classify the intention expressed in natural language statements.

Sentiment Analysis

All-in-one security appliances and agents that combine the functions of a firewall, malware scanner, intrusion detection, vulnerability scanner, data loss prevention, content filtering, and so on.

UTM

Host or network firewall capable of parsing application layer protocol headers and data (such as HTTP or SMTP) so that sophisticated, content-sensitive ACLs can be developed.

NGFW

An appliance or proxy server that mediates client connections with the Internet by filtering spam and malware and enforcing access restrictions on types of sites visited, time spent, and bandwidth consumed.

SWG

A type of software that reviews system files to ensure that they have not been tampered with

File Integrity Monitoring

A firewall designed specifically to protect software running on web servers and their back-end databases from code injection and DoS attacks.

WAF