Incorrect Domains

Question 1

Worms

Answer 1

“Replicate” and “Spread”

.12

Question 2

Fileless Scripts

Answer 2

executing malicious activity while legit programs run.

Memory based not file based

1.2

Question 3

Logic Bomb

Answer 3

if discovered its already too late

1.2

Question 4

Rootkit

Answer 4

• Distributed privilege access for a remote user which gives them admin privileges

1.2

Question 5

Rainbow Table

Answer 5

Rebuilt set of hashes used to crack a password

1.3

Question 6

Salting

Answer 6

adding additional random data to the password to prevent rainbow table

1.3

Question 7

Skimming

Answer 7

attaching a fake scanner to a POS system

1.4

Question 8

Criminal Syndicates

Answer 8

Financial backing and a structure threat conducted over a long period of time

1.5

Question 9

Shadow IT

Answer 9

The use of IT, devices and sopftware without explicit IT department approval, often done with good intentions

1.5

Question 10

Adversaries

Answer 10

government funded agencies

1.7

Question 11

Bulletins

Answer 11

released by vendors or private companies

1.7

Question 12

False Negative

Answer 12

When there is a vulnerability, but the scanner does not detect it

1.8

Question 13

Credentialed scan

Answer 13

spots vulnerabilities like non expiring passwords

1.8

Question 14

True Positive

Answer 14

results of the system scan agree with the manual inspection

1.8

Question 15

non credentialed scan

Answer 15

Lower privileges than a credentialed scan. find missing patches and some protocol vulnerabilities

1.8

Question 16

Intrusive Scan

Answer 16

try to exploit vulnerability and should be done in a sandbox

1.8

Question 17

SIEM

Answer 17

Security Information Event Management

provides real time monitoring, analysis, correlation and notification of potential attacks

Built in log collector like syslog
1.8

Question 18

SOAR

Answer 18

centralized alert and response automation with threat specific playbooks

1.8

Question 19

Dashboard

Answer 19

SIEM typically includes a dashboard and collects reports that can be reviewed regularly to ensure that the polices have been enforced and the environment is compliant

1.8

Question 20

UEBA

Answer 20

User Entity Behavior Analysis

based on the interaction of the user that focuses on their identity data that they would normally access on a normal day

Tracks devices that the user normally uses and the servers that they normally visit

1.8

Question 21

Pivoting

Answer 21

a compromised system is used to attack another system on the same network

1.8

Question 22

IaaS

Answer 22

Cloud Service Provider responsible for

• Virtualization
• Servers
• Storage
• Networking

Ex. Azure Virutal Machines

2.2 Summarize Virtualization and Cloud Computing Concepts

Question 23

PaaS

Answer 23

Cloud Service Provider responsible for

• Virtualization
• Servers
• Storage
• Networking
• OS
• Middleware
• Runtime

Customer is responsible for deployment and management of apps

CSP manages provisioning of configuration, hardware, and OS

Ex. Azure SQL database, API management

2.2 Summarize Virtualization and Cloud Computing Concepts

Question 24

SaaS

Answer 24

Cloud Service Provider responsible for

• Virtualization
• Servers
• Storage
• Networking
• OS
• Middleware
• Runtime

Customer just configures features. Limited shared responsibility for Applications and Data

CSP responsible for management, operation, and service availability

Office365, SalesForce

2.2 Summarize Virtualization and Cloud Computing Concepts

Question 25

Containerization

Answer 25

a lightweight, granular and portable way to package applications for multiple platforms

2.2 Summarize Virtualization and Cloud Computing Concepts

Question 26

IaC

Answer 26

Infrastructure as Code

management of infrastructure (networks, VM, load balancers and topology) described in code

Used in conjunction with continuous integration and continuous delivery

2.2 Summarize Virtualization and Cloud Computing Concepts

Question 27

SDN

Answer 27

Sofware Defined Networks

Network controlled using software. Separating the control plane from the data plane opens up security challenges that can include a DoS or Man in the middle attack

2.2 Summarize Virtualization and Cloud Computing Concepts

Question 28

Smart Card

Answer 28

a credit card sized token that contains a certificate and is used for authentication in conjuction with a pin

2.4 Summarize authentication and authorization design concepts

Question 29

Attestation

Answer 29

the process of confirming the device is an approved device compliant with the company policies. Remote attestation involves checks that occur on a local device and are reported to a verification server (as with an MDM solution)

2.4 Summarize authentication and authorization design concepts

Question 30

Directory Services

Answer 30

used to store and manage information about objects, such as user accounts, mail accounts and information on resources. LDAP is a common one

2.4 Summarize authentication and authorization design concepts

Question 31

Federation

Answer 31

collection of domains that have established trust

2.4 Summarize authentication and authorization design concepts

Question 32

something you have

Answer 32

trusted device

Question 32

Something you know

Answer 32

pin or password

Question 33

something you are

Answer 33

biometric

Question 34

RADIUS

Answer 34

uses UDP and ecnrypts the password only

2.4 Summarize authentication and authorization design concepts

Question 35

TACACS+

Answer 35

Uses TCP and encrypts the entire password

2.4 Summarize authentication and authorization design concepts

Question 36

RAID Levels

Answer 36

increases performance of data storage with two or more drives working in Parallel

RAID 0 - striping
RAID 1 - mirroring
RAID 5 - striping with parity
RAID 6 - striping with double parity
RAID 10 - combining mirroring and striping

2.5 Implement Security Resilience

Question 37

Load Balancers

Answer 37

balances traffic across multiple servers, often used for web traffic

2.5 Implement Security Resilience

Question 38

Storage Area Network (SAN)

Answer 38

hardware device that contains large number of disks, such as SSDs, usually isolated from the LAN

2.5 Implement Security Resilience

Question 39

RTO

Answer 39

Maximum amount of time that a process or service is allowed to be down

2.5 Implement Security Resilience

Question 40

RPO

Answer 40

Point of last known good data prior to an outage that is used to recover systems. Time that can pass before loss exceeds maximum tolerance

2.5 Implement Security Resilience

Question 41

Non Repudiation

Answer 41

The sender cannot deny sending the message

2.8 basics of cryptographic concepts

Question 42

Hashing

Answer 42

one way function that scrambles plain text to produce a unique message. No way to reverse if properly designed

Verify of digital signature
generate random numbers

2.8 basics of cryptographic concepts

Question 43

Steganography

Answer 43

A computer file, message, image or video is concealed with another file, message or video. attacker may hide info this way to exfiltrate data

2.8 basics of cryptographic concepts

Question 44

ECC

Answer 44

Elliptic Curve Cryptograpghy

small, fast key that is used for mobile device encryption

Lower power devices often uses ECC

2.8 basics of cryptographic concepts

Question 45

Low Latency

Answer 45

Encryption and decryption should not take a long time.

Specialized encyrption hardware is a common answer in this scenario

2.8 basics of cryptographic concepts

Answer 46

3.1 Implement Secure Protocols

Question 47

IPsec

Answer 47

Secure VPN session between two hosts

Question 48

SSL/TLS and HTTPS

Answer 48

Secure data in transit, secure web browsing
Port 443

Question 49

LDAPS

Answer 49

Secure directory services information

Port 636

Question 50

Remote Desktop Protocol

Answer 50

Secure Remote Access

Port 3389

Question 51

Endpoint Detection and Response (EDR)

Answer 51

integrated endpoint security that combines real time continuous monitoring and collects endpoint data with automated responses

Question 52

Next Gen Firewalls (NGFW)

Answer 52

Deep packet inspection firewall that adds application-level inspection intrusion prevention, and brings intelligence from outside the firewall

3.1 Implement Secure Protocols

Question 53

Unified Extensible Firmware Interface (UEFI)

Answer 53

modern version of BIOS that is more secure and needed for a secure boot of the OS

Question 54

Measured Boot

Answer 54

all components from the firmware, apps, and software are measured and information is stored in a log file. The log file is on the TPM chip on the motherboard

Question 55

CCMP

Answer 55

Counter Mode with Cipher Block Chaining Message Authentication Protocol

Replaced WEP and TKIP/WPA, now used with WPA2

uses AES Encryption with a 128-bit key

Question 56

WPA3

Answer 56

uses much stronger 256 bit GCMP for encryption

Question 56

Simultaneous Authentication of Equals (SAE)

Answer 56

Used with 802.11 authentication method

Used with wpa3 personal and replaced wpa2-PSK

immune to offline attacks and protects against brute force attacks

Question 56

EAP

Answer 56

An authentication framework that allows for new technology to be compatible with existing wireless or point to point connection tech

Question 56

802.1x and RADIUS Federation

Answer 56

enables members of one org to authenticate to another with their normal credentials. Trust across multiple raid servers. WAP forwards the devices wireless device credentials to the RADIUS server for authentication

Question 57

Captive Portals

Answer 57

Wifi redirects users to a webpage when they connect to SSID. User provides additional validation of identity, normally through email or social identity

Question 58

Site Survey

Answer 58

walking around with a portable wireless device, taking note of signal strength and mapping it

Question 59

WAP Placement

Answer 59

Want minimal overlap with other WAPS to maximize coverage

Question 60

Geofencing

Answer 60

Geofencing prevents mobile devices from being removed from the company’s premises

Question 61

Geotracking

Answer 61

will tell you the location of a stolen device

Question 62

Sideloading

Answer 62

allows unauthorized software to be run on a mobile device

Question 63

Rooting and Jailbreaking

Answer 63

remove the vendor restrictions and allow unsupported software to be installed

Question 64

OCSP

Answer 64

offers a faster way to check a certificate status

Question 65

Code Signing

Answer 65

when code is distributed, users can trust that it was actually produced by the claimed sender

Question 66

Pinning

Answer 66

method designed to mitigate the use of fraudulent certs

Question 67

Key Escrow

Answer 67

Addresses the possibility that a cryptographic key may be lost

Question 68

Nslookup

Answer 68

verifies the IP address of ahostname in the DNS Sever database

set type= command change the type of records it searches for

Question 69

nmap

Answer 69

network mapper, good for banner grabbing

Question 70

Hping

Answer 70

packet generator and anayzer used for auditing firewalls and networks

Question 71

Netstat

Answer 71

used to see established connecitons, listening ports, and running services

Question 72

NetFlow

Answer 72

monitors network traffic and helps identify patterns in the network traffic

Question 73

DLP

Answer 73

policy based protection of sensitive data, based on labels or pattern matches

Question 73

NAC

Answer 73

Network Access Control

User is authenticated and device checked to confirm patched and complaint before granted access

Question 74

Containing the incident comes before finding the root cause and full remediation

Question 74

Air gap

Answer 74

eliminated all network connectivity and protects the network from an attack

Question 75

Chain of Custody

Answer 75

Tracks the movement of evidence through collection. Documents each person who handled the evidence

Question 76

Order of Volatility

Answer 76

CPU Cache, ARP cache, Data Flows, RAM, Swapfile or pagefile, hard drive

Question 76

GLBA act

Answer 76

services of banks lenders and insurance

Question 77

CSA CCM

Answer 77

Helps potential customers measure the overall risk of a csp

Question 78

Risk Acceptance

Answer 78

Do nothing, accept the risk

Question 79

Risk Appetite/ Risk Tolerance

Answer 79

amount of risk willing to accept

Question 79

Risk Avoidance

Answer 79

cost of mitigating or accepting are higher than the benefits of the service

Question 80

Heat Map

Answer 80

shows the severity of the situation

Question 81

Single Loss Expectancy

Answer 81

How much would it cost if it happened one time

Question 82

Annualize Rate of Occurrence (ARO)

Answer 82

How many times does it happen in one year?

Question 83

Annualized Loss Expentancy (ALE)

Answer 83

How much will you lose per year

Question 84

Single Point of Failure

Answer 84

any non-redundant part of a system that if unavailable, would cause the entire system to fail

Question 85

RPO

Answer 85

age of data that must be recovered from backup storage for normal operation to resume

Question 86

RTO

Answer 86

the duration of time and a service level within which a bvsuiness process must be restored after a disaster to avoid consequences

Question 87

Business Impact Analysis (BIA)

Answer 87

looks at the fiancial loss follwoing a disaster

Question 88

Business Continuity Plan (BCP)

Answer 88

overall org plan for how to continue business. MTTR and MTBF

Question 89

Disaster Recovery Plan (DRP)

Answer 89

the plan for recovering from an IT disaster and having the infastructure back in operation

Question 90

MTTR

Answer 90

time determination for how long it will take for a piece of IT to be repaired and back online

Question 91

MTBF

Answer 91

how long a piece of infrastructure will continue to work before it fails

Question 92

DNS blackholing

Answer 92

a process that uses a list of known domains/IP addresses belonging to malicious hosts and uses an internal DNS server to create a fake reply

Question 93

signature kinetics scan

Answer 93

measures the action of a user when signing their name and compares it against a known-good example or baseline

Question 94

Reverse Proxy

Answer 94

proxy server that appears to any client to be an ordinary web server, but in reality merely acts as an intermediary that forwards the client’s requests to one or more ordinary web servers.

Directing traffic to internal services if the contents of the traffic comply with the policy