Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

COMPTIA - Sec+ Textbook > Lesson 9: Installing and Configuring Security Appliances > Flashcards

Lesson 9: Installing and Configuring Security Appliances Flashcards

1
Q

firewall

A
  • one of the longest serving types of network security control
  • principally used to implement security zones, such as intranet, demilitarized zone (DMZ), and the Internet
  • basic function of a firewall is traffic filtering
  • firewalls can protect a whole network (placed inline in the network and inspecting all traffic that passes through)
  • firewalls that protect a single host only (installed on the host and only inspect traffic destined for that host)
  • firewall can control only inbound traffic (ingress) or both inbound and outbound traffic (egress)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

packet filtering

A
  • earliest type of network firewall
  • stateless technique because the firewall examines each packet in isolation and has no record of previous packets
  • stateless means that it does not preserve information about the connection between two hosts
  • configured by specifying a group of rules, called an access control list (ACL)
  • an action can be either to deny (block or drop the packet, and optionally log an event) or to accept (let the pack pass through the firewall)
  • when a packet arrives, the firewall checks it to confirm whether it belongs to an existing connection | if it does not, it applies the ordinary packet filtering rules to determines whether to allow it | once the connection has been allowed, the firewall allows traffic to pass unmonitored, in order to conserve processing effort
  • can inspect the headers of IP packets
  • headers:
  • IP filtering—accepting or denying traffic on the basis of its source and/or destination IP address.
  • Protocol ID/type (TCP, UDP, ICMP, routing protocols, and so on).
  • Port filtering/security—accepting or denying a packet on the basis of source and destination port numbers (TCP or UDP application type).
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

circuit-level stateful inspection firewall

A
  • maintains stateful information about the sessions established between two hosts (including malicious attempts to start a bogus session)
  • information about each session is store in a dynamically updated state table
  • examines the TCP three-way handshake and can detect attempts to open maliciously (a flood guard)
  • monitors packet sequence numbers and can prevent session hijacking attacks
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

application aware firewall

A
  • also known as: application layer gateway, stateful multilayer inspection, or deep packet inspection
  • one that can inspect the contents of packets at the application layer
  • have to be configured with separate filters for each type of traffic (HTTP and HTTPS, SMTP/POP/IMAP, FTP, and so on)
  • very powerful
  • possible to craft DoS attacks against exploitable vulnerabilities in the firewall firmware
  • firewall cannot examine encrypted data packets (unless configured with an SSL inspector)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

appliance firewall

A
  • stand-alone hardware firewall that performs the function of a firewall only
  • a type of network-based firewall and monitors all traffic passing into and out of a network segment
  • could be implemented with routed interfaces or as a layer 2/virtual wire transparent firewall
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

advanced firewall

A
  • likely to be performed by an all-in-one or unified threat management (UTM) security appliance, combining the function of firewall, intrusion detection, malware inspection, and web security gateway (content inspection and URL filtering)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

router firewall

A
  • similar to appliance firewall, except that the functionality is built into the router firmware
  • most SOHO Internet router/modems have this type of firewall functionality
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

application-based firewalls

A
  • Host-based firewall (or personal firewall)—implemented as a software application running on a single host designed to protect that host only.
  • Application firewall—software designed to run on a server to protect a particular application only (a web server firewall, for instance, or a firewall designed to protect an SQL Server® database). This is a type of host-based firewall and would typically be deployed in addition to a network firewall.
  • Network operating system (NOS) firewall—a software-based firewall running under a network server OS, such as Windows® or Linux®. The server would function as a gateway or proxy for a network segment.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

host-based firewalls

A

while they can perform basic packet filtering, host-based firewalls tend to be program-or processed-based; that is, when a program tries to initiate (in the case of outbound) or accept (inbound) a TCP/IP network connection, the firewall prompts the user to block, allow once, or allow always

  • unlike a network firewall, a host-based firewall will usually display an alert to the user when a program is blocked, allowing the user to override the block rule or add an accept rule (if the user has sufficient permissions to reconfigure firewall settings)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

personal firewall

A
  • drawbacks of a personal firewall is that as software it is open to compromise by malware
  • would have no means of determining the integrity of the process
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

web application firewalls

A
  • designed specifically to protect software running on web servers and their backend databases from code injection and DoS attacks
  • use application-aware processing rules to filter traffic
  • can be programmed with signatures of known attacks and use pattern matching to block requests containing suspect code
  • WAF products include:
  • ModSecurity (http://www.modsecurity.org) is an open source (sponsored by Trustwave) WAF for Apache®, Nginx, and IIS.
  • NAXSI (https://github.com/nbs-system/naxsi) is an open source module for the nginx web server software.
  • Imperva (http://www.imperva.com) is a commercial web security offering with a particular focus on data centers. Imperva markets WAF, DDoS, and database security through its SecureSphere appliance.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

proxy server

A
  • works on a store-and-forward model
  • rather than inspecting traffic as it passes through, the proxy deconstructs each packet, performs analysis, then rebuilds the packet and forwards it on (providing it conforms to the rules)
  • more legitimate “man in the middle”
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

web proxy

A
  • web security gateways as usually their primary functions are to prevent viruses or Trojans infecting computers from the Internet, block spam, and restrict web use to authorized sites, acting as a content filter
  • main benefit of proxy server is that client computers connect to a specified point within the perimeter network for web access
  • most web proxy servers provide caching engines, whereby frequently requested web pages are retained on the proxy, negating the need to re-fetch those pages for subsequent requests
  • some proxy servers also pre-fetch pages that are referenced in pages that have been requested
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

multipurpose proxy

A

one configured with filters for multiple protocol types, such as HTTP, FTP, and SMTP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

non-transparent or transparent proxy servers

A
  • non-transparent server means that the client must be configured with the proxy server address and port number to use it. The port on which the proxy server accepts client connections is often configured as port 8080.

• transparent (or forced or intercepting) proxy intercepts client traffic without the client having to be reconfigured. A transparent proxy must be implemented on a switch or router or other inline network appliance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

reverse proxy servers

A
  • provides for protocol-specific inbound traffic
  • can publish applications from the corporate network to the Internet in this way
  • proxy servers can handle encryption/decryption and authentication issues that arise when remote users attempt to connect to corporate servers, reducing overhead on those servers
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

rule-based management

A
  • firewall and other filtering rules are configured on the principle of least access
  • least access is the same as the principle of least privilege; only allow the minimum amount of traffic required for the operation of valid network services and no more
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

tuples

A
  • each rule can specify whether to block or allow traffic based on several parameters, often referred to as tuples
  • think of each rule being like a row in a database, tuples are the columns
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

misconfigured firewall/content filter troubleshooting

A
  • can cause an application or protocol to fail to function correctly | this type of error will usually be easy to identify, as users will report incidents connected with the failure of the data traffic
  • other possible outcome of a badly configured firewall is that packets may be allowed through that should be blocked (more serious outcome because the result is to open the system to security vulnerabilities)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Denial of Service (DOS)

A
  • this type attack is one of a network’s worst fears
  • can be extremely destructive and very difficult to mitigate
  • Denial of Service (DoS) attack causes a service at a given host to fail or to become unavailable to legitimate users
  • DoS attacks focus on overloading a service by using up CPU, system RAM, disk space, or network bandwidth (resource exhaustion)
  • DoS focus on exploiting historical vulnerabilities in the TCP/IP protocol suite (TCP/IP was never designed for security; it assumes that all hosts and networks are trusted)
  • can have severe impacts on service availability, with a consequent effect on the productivity and profitability of a company
  • most bandwidth-directed DoS attacks are distributed (meaning attacks are launched from multiple, compromised computers)
  • an attacker will compromise one or two machines to use as handlers, masters, or herders
  • handlers are used to compromise hundreds or thousands or millions of zombie (agent) PCs with DoS tools (bots) forming a botnet | to compromise a computer, the attacker must install a backdoor application that gives them access to the PC; they can then use the backdoor application to install DoS software and trigger the zombies to launch the attack at the same time
  • might be coordinated between groups of attackers
  • growing evidence that nation states are engaging in cyber warfare, and terrorist groups have also been implicated in DoS attacks on well-known companies and governments institutions; there are also hacker collectives that might target an organization as part of a campaign
  • some types of attacks simply aim to consume network bandwidth, denying it to legitimate and others cause resource exhaustion on the hosts processing requests, consuming CPU cycles and memory (this could potentially crash the host system completely)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

SYN flood attack

A

works by withholding the client’s ACK packet during TCP’s three-way handshake

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Distributed Reflection DoS (DRDoS) or amplification attack

A
  • more powerful TCP SYN flood attack
  • in this attack, the adversary spoofs the victim’s IP address and attempts to open connections with multiple servers | those servers direct their SYN/ACK responses to the victim server
  • amplification attack types:
  • Smurf attack–adversary spoofs the victim’s IP address and pings the broadcast address of a third-party network (one with many hosts; referred to as “amplifying network”)
  • bogus DNS queries–bombard victim network with responses
  • Network Time Protocol–helps server on a network and on the Internet to keep the correct time
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

blackhole

A
  • when a network is faced with a DDoS or similar flooding attack, an ISP can use either an ACL or a blackhole to drop packets for the affected IP address(es)
  • an area of the network that cannot reach any other part of the network
  • blackhole option is preferred, as evaluating each packet in a multi-gigabit stream against ACLs overwhelms the processing resources available
  • makes attack less damaging to the ISP’s other customers
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

sinkhole routing

A
  • another option is to use sinkhole routing so that the traffic flooding a particular IP address is routed to a different network where it can be analyzed
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

load balancer

A
  • distributes client requests across available server nodes in a farm or pool
  • clients use the single name/IP address of the load balancer to connect to the servers in the farm
  • provides fault tolerance
  • if there are multiple servers available in a farm, all addressed by a single name/IP address via a load balancer, then if a single server fails, client requests can be routed to another server in the farm
  • two main types of load balancers:
  • Layer 4 load balancer–early instances of load balancers would base forwarding decisions on IP address and TCP/UDP port values (working at up to layer 4 in the OSI model) | stateless
  • Layer 7 load balancer (content switch)–as web applications have become more complex, modern load balancers need to be able to make forwarding decisions based on application-level data, such as a request for a particular URL or data types like video or audio streaming
  • load balancer features:
    Configurable load—the ability to assign a specific server in the farm for certain types of traffic or a configurable proportion of the traffic.
  • TCP offload—the ability to group HTTP packets from a single client into a collection of packets assigned to a specific server.
  • SSL offload—when you implement SSL/TLS to provide for secure connections, this imposes a load on the web server (or other server). If the load balancer can handle the processing of authentication and encryption/decryption, this reduces the load on the servers in the farm.
  • Caching—as some information on the web servers may remain static, it is desirable for the load balancer to provide a caching mechanism to reduce load on those servers.
  • Prioritization—to filter and manage traffic based on its priority.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Virtual IP (VIP) address

A

each server node or instance needs its own IP address, but externally a load-balanced service is advertised using a VIP

  • one of the most widely used protocols is the Common Access Redundancy Protocol (CARP) | Cisco’s proprietary Gateway Load Balancing Protocol (GLBP)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

scheduling algorithm

A
  • code and metrics that determine which node is selected for processing each incoming request
  • round robin
  • simplest type of scheduling, this means picking the next node
  • other methods include picking the node with fewest connections or best response
  • each method can also be weighted, using administrator set preferences or dynamic load information or both
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

round robin DNS (RRDNS)

A
  • client enters a web server name in a browser and the DNS server responsible for resolving that name to an IP address for client connectivity will return one of several configured addressed, in turn, from amongst a group configured for the purpose
29
Q

Source IP or session affinity

A

layer 4 approach to handling user sessions (meaning when a client establishes a session, it becomes stuck to the node that first accepted the request)

  • an application-layer load balancer can use persistence to keep a client connected to a session
30
Q

clustering technology

A
  • if you need fault tolerance of stateful data, you must implement a clustering technology, whereby data residing on one node (or pool) is made available to another node (or pool) seamlessly and transparently in the vent of a node failure
31
Q

Active/Active (A/A) configurations

A
  • consist of n nodes, all of which are processing concurrently, allows the administrator to use the maximum capacity from the available hardware while all nodes are functional
32
Q

Active/Passive (A/P) configurations

A
  • use a redundant node to failover
  • in an 8-node A/P cluster, the eighth node does not do anything and supports no services (other than those needed to support the cluster itself) until a failover occurs
  • on failover, the redundant node assumes the IP address of the failed node and responsibility for its services
33
Q

intrusion detection system (IDS)

A
  • intrusion detection and prevention systems are mature security technologies, widely deployed to protect company networks
  • IDS means of using software tools to provide real-time analysis of either network traffic or system and application logs
  • IDS similar to anti-virus software, but protects against a broader range of threat
  • network IDS (NIDS) basically a packet sniffer (referred to as a sensor) with an analysis engine to identify malicious traffic and a console to allow configuration of the system
  • basis functionality of a NIDS is to provide passive detection; that ism to log intrusion incidents and to display an alert at the management interface or to email the administrator account
  • NIDS able to identify and log hosts and applications, and detect attack signatures, password guessing attempts, port scans, worms, backdoor applications, malformed packets or sessions, and policy violations (ports or IP addresses that are not permitted, for instance)
  • main disadvantages of NIDS:
    • If an attack is detected, without an effective active response option there can be a significant delay before an administrator is able to put countermeasures in place.
  • Heavy traffic, such as a large number of sessions or high load, may overload the sensor or analysis engine, causing packets to pass through uninspected. A blinding attack is a DoS aimed at the IDS with the intention of generating more incidents than the system can handle. This attack would be run in parallel with the “real” attack.
  • Training and tuning are complex, resulting in high false positive and false negative rates, especially during the initial deployment.
  • Encrypted traffic cannot be analyzed, though often the setup of an encrypted session can be monitored to ensure that it is valid.
34
Q

sensor options

A
  • SPAN (switched port analyzer)/mirror port—this means that the sensor is attached to a specially configured port on the switch that receives copies of frames addressed to nominated access ports (or all the other ports)
  • Passive test access point (TAP)—this is a box with ports for incoming and outgoing network cabling and an inductor or optical splitter that physically copies the signal from the cabling to a monitor port
  • Active TAP—this is a powered device that performs signal regeneration (again, there are copper and fiber variants), which may be necessary in some circumstances
  • TAP will usually output two streams to monitor a full-duplex link (one channel for upstream and one for downstream)
35
Q

Network-Based Intrusion Prevention System (NIPS)

A
  • can provide an active response to any network threats that it matches
36
Q

in-band

A

management channel could use the same network as the link being monitored

37
Q

out-of-band

A
  • offers better security

- might be established using separate cabling and physical switches but a separate VLAN for the management channel

38
Q

security information and event management (SIEM)

A
  • you may also be implementing a complex architecture where the feeds from multiple sensors are aggregated by a security information and event management (SIEM) server and backend database
  • this architecture should use dedicated network links for both security and performance (the link utilization is likely to be very high)
39
Q

host-based IDS (HIDS)

A

captures information from a single host, such as a server, router, or firewall

40
Q

host-based intrusion prevention system (HIPS)

A
  • can act to preserve the system in its intended state
  • means that software can prevent system files from being modified or deleted, prevent services from being stopped, log off unauthorized users, and filter network traffic
41
Q

disadvantages of HIDS/HIPS

A
  • software is installed on the host and, therefore, detectable. This means that it is vulnerable to attack by malware
  • software also consumes CPU, memory, and disk resources on the host.
42
Q

analysis engine

A
  • in both network and host intrusion detection, the analysis engine is the component that scans and interprets the traffic captured by the sensor or agent with the purpose of identifying suspicious traffic
  • determines whether any given event should be classed as an incident (or violation of the security policy or standard)
  • programmed with a set of rules that it uses to drive its decision-making process
43
Q

signature-based detection (or pattern making)

A

means that the engine is loaded with a database of attack patterns or signatures

44
Q

behavioral-based detection (or statistical- or profile-based detection)

A
  • means that the engine is trained to recognize baseline “normal” traffic or events (anything that deviates from this baseline (outside a defined level of tolerance) generates an incident
45
Q

heuristics

A
  • learn from experience

- generate a statistical model of what the baseline looks like

46
Q

anomaly based detection

A
  • anomaly- and behavioral-based detection are taken to mean the same thing
  • anomaly-based detection can also be taken to mean specifically looking for irregularities in use of protocols
47
Q

analytics

A
  • process of reviewing events and incidents that trigger IDS/IPS
  • false positive is where legitimate behavior is identified as an incident
  • false negative is where malicious traffic is not identified
48
Q

IDS/IPS vulnerabilities

A
  • signature detection are that the protection is only as good as the last signature update
  • no protection is provided against threats that cannot be matched in pattern database
49
Q

behavior-based monitoring

A

vulnerabilities are addressed by behavior-based monitoring or behavior-based detection, which can be effective at detecting previously unknown threats

50
Q

anti-virus scanner

A
  • prevention system works by identifying when processes or scripts are executed and intercepting (or hooking) the call to scan the code first
  • if the code matches a signature of known malware or exhibits malware-like behavior that matches a heuristic profile, the scanner will prevent execution and attempt to take the configured action on the host file (clean, quarantine, erase, and so on)
51
Q

Common Malware Enumeration (CME)

A
  • malware will normally be tagged using a vendor proprietary string
  • these identifiers can be used to research the symptoms of and methods used by the malware
52
Q

Unified threat management (UTM)

A
  • refers to a system that centralizes various security controls–firewall, anti-malware, network intrusion prevention, spam filtering, content inspection, etc–into a single appliance
  • UTM security appliances usually include a single console from which you can monitor and manage various defense settings
  • created in response to several difficulties that administrators face in deploying platforms as well as meeting the significant cost requirements
  • help to simplify the security process by being tied to only one vendor and requiring only a single, streamlined application to function
53
Q

File Checksum Integrity Verifier (fciv)

A
  • downloadable Windows utility that can be used as an alternative to certutil
  • can use the -v switch to compare the target with the value stored in a file, add thumbprints to an XML database, and check to see if the hash of a target file matches one stored in the database
54
Q

File integrity monitoring (FIM)

A

software audits key system files to make sure they match the authorized versions

55
Q

Sysinternals

A

suite of tools designed to assist with troubleshooting issues with Windows

56
Q

scvhost

A

look for unrecognized process names, especially names that mimic a legitimate system process or randomly generated names

57
Q

data exfiltration

A
  • unauthorized copying or retrieval of data from a system is referred to as data exfiltration
  • primary means for attackers to retrieve valuable data, such as Personally Identifiable Information (PII) or payment information, often destined for later sale on the black market

mechanisms:

  • Copying the data to removable media or other device with storage, such as USB drive, the memory card in a digital camera, or a smartphone.
  • Using a network protocol, such as HTTP, FTP, SSH, email, or Instant Messaging (IM)/ chat. A sophisticated adversary might use a Remote Access Trojan (RAT) to perform transfer of data over a non-standard network port or a packet crafter to transfer data over a standard port in a non-standard way. The adversary may also use encryption to disguise the data being exfiltrated.
  • By communicating it orally over a telephone, cell phone, or Voice over IP (VoIP) network. Cell phone text messaging is another possibility.
  • Using a picture or video of the data—if text information is converted to an image format it is very difficult for a computer-based detection system to identify the original information from the image data.
58
Q

data loss prevention (DLP)

A

products scan content in structured formats, such as database with a formal access control model or unstructured formats, such as email or word processing documents

solutions consist of following components:

  • Policy server—to configure confidentiality rules and policies, log incidents, and compile reports.
  • Endpoint agents—to enforce policy on client computers, even when they are not connected to the network.
  • Network agents—to scan communications at network borders and interface with web and messaging servers to enforce policy.
59
Q

Data Loss Prevention (DLP) Remediation

A
  • Alert only—the copying is allowed, but the management system records an incident and may alert an administrator.
  • Block—the user is prevented from copying the original file but retains access to it. The user may or may not be alerted to the policy violation, but it will be logged as an incident by the management engine.
  • Quarantine—access to the original file is denied to the user (or possibly any user). This might be accomplished by encrypting the file in place or by moving it to a quarantine area in the file system.
  • Tombstone—the original file is quarantined and replaced with one describing the policy violation and how the user can release it again
60
Q

Information Rights Management (IRM)

A

another example of data protection and information management solutions, Microsoft provides an IRM feature in their Office productivity suite, SharePoint document collaboration services, and Exchange messaging server

61
Q

Rights Management Services (RMS) or cloud-based Azure Information Protection

A
  • technologies provide administrators with the following functionality:
  • Assign file permissions for different document roles, such as author, editor, or reviewer.
  • Restrict printing and forwarding of documents, even when sent as file attachments.
  • Restrict printing and forwarding of email messages.
62
Q

logs

A
  • record both authorized and unauthorized uses of a resource or privilege
  • one of the most valuable sources of security information
  • function both as an audit trail of actions and (if monitored regularly) provide a warning of intrusion attempts
63
Q

log review

A

critical part of security assurance

64
Q

SIEM functions

A
  • aggregate logs from multiple sources
  • correlation, meaning that SIEM software can link individual events or data points (observables) into a meaningful indicator of risk, or Indicator of Compromise (IOC) | correlation can be used to drive an alerting system
  • features collectors or connectors to store and interpret (or parse) the logs from different types of systems (host, firewall, IDS sensor, and so on), and to account for differences between vendor implementations
  • correlation engine: on enterprise networks, this data is likely to be stored on a storage area network (SAN), rather than directly on the SIEM server , as local storage is unlikely to be able to cope with the volume of data will be collected
65
Q

log types

A
  • Event log—records things that occur within an operating system (the System event log in Windows, for instance) or a software application (Windows’ Application log). These logs are used to diagnose errors and performance problems.
  • Audit log—records the use of system privileges, such as creating a user account or modifying a file. Security logging needs to be configured carefully, as over-logging can reduce the effectiveness of auditing by obscuring genuinely important events with thousands of routine notifications and consuming disk resources on the server.
  • Security log—this is another way of describing an audit log. The audit log in Windows Event Viewer is called the Security log.
  • Access log—server applications such as Apache can log each connection or request for a resource. This log is typically called the access log.
66
Q

baseline

A

establishes (in security terms) the expected pattern of operation for a server or network

67
Q

thresholds

A
  • points of reduced or poor performance or change in configuration (compared to the baseline) that generate an administrative alert
  • if a threshold is exceeded (a trigger), some sort of automated alert or alarm notification must take place
  • examples:
  • low disk space; high memory, CPU, or network utilization; server chassis intrusion; failed logins;
68
Q

Write Once, Read Many (WORM) media

A

technology used to mean optical drives, such as CD-R and DVD-R

69
Q

event deduplication

A

some errors may causes hundreds or thousands of identical error messages to spawn, temporarily blinding the reporting mechanisms of SIEM system

COMPTIA - Sec+ Textbook (16 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions