Lesson 1 Flashcards
confidentiality
A cybersecurity objective that ensures unauthorized individuals are not able to gain access to sensitive information.
network access control (NAC)
The collected protocols, policies, and hardware that govern access on a device’s network interconnections.
advanced persistent threat (APT)
A threat actor who gains unauthorized access to a computer network and remains undetected for an extended period.
risk
A probability or threat of damage, injury, liability, loss, or any other negative occurrence that is caused by external or internal vulnerabilities.
threat
An outside force that may exploit a vulnerability.
vulnerability
A weakness in a device, a system, an application, or a process that might allow an attack to occur.
integrity
A cybersecurity objective that ensures there are no unauthorized modifications to information or systems, which can be either intentionally or unintentionally.
availability
A cybersecurity objective that ensures information and systems are accessible to authorized users at all times.
sandboxing
A cybersecurity practice where you run, observe, and analyze and code in a safe and isolated environment on a network, called “sandbox”, that isolates the host machine from the potentially malicious program or unsafe code.
demilitarized zone (DMZ)
A special network zone designed to house systems that receive connections from the outside world
A threat actor who gains unauthorized access to a computer network and remains undetected for an extended period.
advanced persistent threat (APT)
The collected protocols, policies, and hardware that govern access on a device’s network interconnections.
network access control (NAC)
A special network zone designed to house systems that receive connections from the outside world
demilitarized zone (DMZ)
The pentbox cd pentbox-1.8/
is an open-source security suite that houses many security and stability testing-oriented tools for networks and systems.
iptables is a command-line interface that is used
to set up and maintain tables for the Netfilter firewall for IPv4, which is included in the Linux kernel.
web application firewalls (WAFs)
WAFs are specialized firewalls designed to protect against web application attacks, such as SQL injection and cross-site scripting.
Any device that wishes to join an 802.1x authentication must be running an 802.1x
supplicant that can communicate with the authenticator before joining the wireless network.
The Remote Access Dial-In User Service (RADIUS) protocol is an authentication protocol used for communications
between authenticators and the authentication server during the 802.1x authentication process
The red team plays the role of the
attacker and uses reconnaissance and exploitation tools to attempt to gain access to the protected network. The red team’s work is similar to that of the testers during a penetration test.
The blue team is responsible for
securing the targeted environment and keeping the red team out by building, maintaining, and monitoring a comprehensive set of security controls.
The white team
coordinates the exercise and serves as referees, arbitrating disputes between the team, maintaining the technical environment, and monitoring the results.
Operational security controls are practices and procedures that bolster cybersecurity.
A penetration test is an example of operational security control.
Encryption software, network firewalls, and antivirus software are all examples of
technical security controls.
