General Knowledge Flashcards

1
Q

nslookup

A

Command Line Tool used to query DNS. Map an IP address to a Domain name.

*obtain Domain Names
*IP address mapping details
*DNS records

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Dig

A

Linux Command Line Tool similar to NSlookup

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

nmap

A

Command Line Tool used to analyze the Network for all open/ closed ports.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Active Directory

A

Active Directory (AD) is Microsoft’s proprietary directory service. It runs on Windows Server and enables administrators to manage permissions and access to network resources. Active Directory stores data as objects. A centralized Database.

Objects:
*Resources (Printers)
*Users (Groups)
*Computers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Domain Services (AD)

A

Active Directory Domain Services (AD DS). This is the main service of AD which stores directory information and handles the interaction of the User with the Domain. It controls which users have access to each resource or Group Policy.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Domain Controller

A

A domain controller is a SERVER that responds to authentication requests and verifies users on computer networks. The primary function of domain controllers is to authenticate and validate users on a network, including group policies, user credentials, and computer names to determine and validate user access. A domain controller, is simply a server running Active Directory that authenticates users and devices. Multiple domain controllers can be deployed within a domain to provide fault tolerance and load balancing.

*OS (Windows or Linux)
*LDAP
*Network Time Service (NTP)
*Network Authentication Protocol (Kerberos)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

DNS

A

Domain Name System. The Phonebook of the Internet that connects Web Browsers with Website. Humans access information online through domain names, like nytimes.com or espn.com. Web browsers interact through Internet Protocol (IP) addresses. DNS translates domain names to IP addresses so browsers can load Internet resources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

NTP

A

Network Time Protocol. An internet protocol used to synchronize with computer clock time sources in a network. It belongs to and is one of the oldest parts of the TCP/IP suite.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

NTPD

A

Network Time Protocol Daemon. An Operating System Program that maintains the System Time in synchronization with Time Servers using the NTP.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Group Policy

A

Group Policy is a feature of Active Directory that allows administrators to define and enforce settings and configurations for users and computers within a domain. Group Policy settings can control security policies, software deployment, desktop configurations, and more.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Virtual Machine

A

A virtual machine (VM) is a digital version of a physical computer. Virtual machine software can run programs and operating systems, store data, connect to networks, and do other computing functions, and requires maintenance such as updates and system monitoring. The only difference is that it resides inside a computer. There can be multiple virtual machines that reside inside one physical computer.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Hypervisor

A

Also known as a Virtual Machine Monitor (VMM) - is a software that creates and runs the virtualization. It allows multiple operating systems (OS) to run simultaneously on the same hardware, each within its own isolated virtual environment.

Type 1 (Bare Metal) - runs directly on the Physical Hardware of the Host system.
Type 2 (Hosted) - runs on top of an existing OS, known as the Host OS.

Hypervisors play a crucial role in virtualization technology, enabling organizations to achieve better resource utilization, scalability, flexibility, and cost savings by consolidating multiple workloads onto a single physical server infrastructure. They are widely used in data centers, cloud computing environments, and desktop virtualization solutions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Email Flow

A

1 - Bob composes Message via Email Client
2 - Sends Email
3 - Client connects to Email Server (SMTP)Data is routed through Network Connection
4 - SMTP receives Email and relays data to Recipient Email server
5 - Susan email server receives Email data and processes spam filtering, virus scanning, recipient validation
6 - Email is delivered to mailbox or mail queue
7 - Email client downloads Email from Server
8 - Susan reads Email message

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Risk Tolerance

A

Risk tolerance refers to an individual’s or entity’s willingness and ability to endure fluctuations in the value of their investments or to accept the potential loss of capital in pursuit of higher returns.

Risk tolerance refers to the general level of risk the firm is WILLING TO ACCEPT, not the precise financial impact threshold for action.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Encryption Algorithm

A

An encryption algorithm provides a structured method for converting plaintext into ciphertext. A good algorithm ensures data remains confidential and secure from unauthorized access.

*Confidential

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Digital Signatures

A

Digital signatures validate the authenticity and integrity of a message or document, ensuring it hasn’t been tampered with since being signed.

*Integrity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Cipher Block

A

Refers to a fixed-size portion of data that an encryption algorithm processes. (Encryption Algorithm)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Hash Function

A

A hash function takes input and returns a fixed-size string, typically used for verifying data integrity, but it does not encrypt data for the purpose of confidentiality.

*Integrity

19
Q

Endpoint Protection

A

Includes installing Antivirus, Anti-malware, and firewall software on systems or devices. This software helps protect systems and devices from known vulnerabilities.

20
Q

Patching

A

Patching is a mitigation technique that can help prevent exploitation of known vulnerabilities on systems and devices by updating them with the latest security fixes and enhancements. Patching involves applying patches or updates to all software and systems, not just those that provide host security like firewalls.

21
Q

Least Privilege

A

Least privilege is a mitigation technique that limits users to the level of access and privilege they need to do their work. This can limit the extent of an attack by limiting the attacker’s access and privilege to those of the compromised user. Least privilege involves applying predefined rules and permissions, such as roles, groups, and functions and enforcing the rules and permissions through mechanisms such as passwords, tokens, and biometrics.

*Applicable to Users, not Applications

22
Q

End to End Encrypted Email

A

Implementation of end-to-end encrypted email ensures emails are decipherable only by the intended recipient, safeguarding sensitive content.

23
Q

Host Based Firewall

A

Host-based firewall is a hardening technique that can help protect a system or device from unauthorized or malicious network traffic. Host-based firewalls by use software to filter and control incoming and outgoing network traffic by using predefined rules and policies. The policies and rules are based on criteria such as source and destination IP address, port number, protocol. Host-based firewall involves installing software on a system or device.

24
Q

Encryption

A

Encryption is a mitigation technique that involves using mathematical algorithms to transform data into an unreadable format. Encryption can protect data from unauthorized access or modification, as only those who have the secret key or algorithm can decrypt the data. Encryption will not stop data from entering a host machine.

25
Q

Host-based Intrusion Prevention System (HIPS)

A

a hardening technique that can help prevent attacks from occurring. It is software that is installed on a system or device to detect and prevent unauthorized actions like file modifications and registry changes. A HIPS may include a firewall, but will contain other features as well.

26
Q

Application Allow

A

Application allow list is a technique that can help enforce compliance with security standards and policies on a system or network by using a list of approved applications that are allowed to run and blocking all other applications that may violate the standards or policies. Application allow list involves using a list of applications that have been verified and authorized by the system or network administrator, and blocking all other applications that may not meet the security requirements or expectations of the system or network.

27
Q

Risk Threshold

A

Financial impact figure is an example of a risk threshold, as it is the specific point at which the company must act to mitigate risk. (Specific Amount $)

28
Q

Due Diligence

A

Due diligence includes assessing the vendor’s security practices and confirming that they meet the organization’s security requirements and standards. Due diligence in the vendor selection process involves evaluating the financial stability and reliability of the vendor to ensure they are capable of fulfilling their obligations. Due diligence involves examining the vendors’ security practices and ensuring that they comply with a company’s own practices.

29
Q

OAuth (Open Authorization)

A

An open standard for token-based authentication and authorization on the internet. It allows users to grant third-party applications limited access to their resources without sharing their credentials directly. OAuth is widely used for enabling secure access to APIs (Application Programming Interfaces) and web services. Implementing a central OAuth authorization server is the best approach for secure and standardized access to user account data. The authorization server acts as an intermediary between the user and the third-party application, handling user authentication and issuing access tokens to authorized applications. By using OAuth, the user can grant limited access to their account data without sharing credentials directly.

30
Q

Decentralized Governance

A

Decision-making is distributed among various departments or sectors, promoting responsiveness and specialization.

31
Q

Signature Based Detection

A

Signature-based detection relies on a database of known threat patterns. Therefore, it might not recognize or stop new threats or zero-day exploits because their signatures aren’t in the database yet. Signature-based detection relies on predefined patterns of known threats. Signature-based detection doesn’t encrypt traffic. Instead, it matches traffic patterns against known threat signatures.

32
Q

Risk Owner

A

The term “Risk Owner” refers to the individual or entity within an organization that has the primary responsibility for managing and mitigating a specific risk. This individual or entity is accountable for identifying, assessing, monitoring, and controlling the risk to ensure that it remains within acceptable levels.

33
Q

Infrastructure as code (IaC)

A

Allows infrastructure to be provisioned and managed using code, making it easier to manage, replicate, and scale. Infrastructure as Code (IaC) is an approach to managing and provisioning computing infrastructure through machine-readable files rather than physical hardware configuration or interactive configuration tools. In essence, IaC allows infrastructure environments to be defined, managed, and deployed using code, which can then be version-controlled, tested, and automated.

34
Q

Port 1433

A

Default port for Microsoft SQL Server. Organizations typically restrict or monitor access to this port to prevent unauthorized database operations.

35
Q

Domain Name System (DNS)

A

Uses Port 53 for resolving domain names into IP addresses.

36
Q

Port 443

A

Used for secure web traffic through SSL/TLS.

37
Q

File Transfer Protocol (FTP)

A

Uses port 21 for unencrypted data transfers.

38
Q

Layer 4 (Transport Layer)

A

Layer 4, or the transport layer, deals with protocols like TCP and UDP and is concerned with port numbers and connection-oriented communication. Network appliances operating at this layer filter and manage traffic based on source and destination IP addresses, as well as port numbers.

39
Q

Layer 3 (Network Layer)

A

Layer 3, the network layer, is primarily focused on routing data and IP addressing. Devices at this layer, like routers, aren’t primarily concerned with port numbers.

40
Q

Layer 2 (Data Link)

A

Layer 2, the data link layer, deals with frames and MAC addresses. Switches typically operate at this layer.

41
Q

Layer 5 (Session)

A

Layer 5, the session layer, establishes, maintains, and terminates connections between applications on different devices.

42
Q

Evidence of Internal Audits

A

Evidence of Internal Audits showcases a vendor’s proactive approach to maintaining and enhancing their security measures. Such audits are conducted internally and reflect a rigorous self-assessment of security practices, vulnerabilities, and control mechanisms. By reviewing these, a company can gain insights into the vendor’s commitment to security, how they address potential weaknesses, and their overall cybersecurity health.

43
Q

Inline

A

Inline devices are designed to interact with network traffic actively and can take actions such as accepting, rejecting, or modifying packets, making them the optimal choice for this scenario.