Lessons 15-19

Question 1

Asset

Answer 1

An asset is any device, data or other components of value to an organization

Question 2

Owners-

Answer 2

are responsible for decisions related to classification, and access control, as well as oversight of protection mechanisms.

Question 3

Custodians

Answer 3

are responsible for implementing, managing, and monitoring controls

Question 4

Network mapping

Answer 4

used to create physical and logical diagrams. Popular network mapping tools include Solarwinds, Spiceworks, ManageEngine, and Nmap.

Question 5

Network Enumeration

Answer 5

discover and document devices and characteristics. DumpSec and Nessus.

Question 6

End-of-sale

Answer 6

when the product, service, or subscription, is no longer for sale.

Question 7

End-of-life & End-of-support

Answer 7

1. when the product, service, or subscription is deemed obsolete. Once obsolete the product is not sold, improved, or maintained.
2. the last date to receive service and support. After this date, updates are no longer available.

Question 8

Fixed lifecycle-

Answer 8

products with defined dates at the time of release.

Question 9

Continuous (modern) lifecycle-

Answer 9

products with continuous support and servicing. Generally, customers must take the latest update to remain supported.

Question 10

ARCHIVING

Answer 10

The process of securely storing original, unmodified files for later potential retrieval

Question 11

LEGAL HOLD

Answer 11

Is the requirement of an organization to preserve all forms of relevant information when litigation, audit, or government investigation is anticipated.

Question 12

DATA REMANENCE

Answer 12

Refers to the residual traces of data that remain on a storage medium even after attempts have been made to erase or delete the information.

Question 13

TRIM

Answer 13

is a command used by OS to inform solid state drives which blocks of data are no longer in use. When TRIM is executed, the SSD may immediately erase the associated data, reducing the likelihood of remanence

Question 14

DATA SANITIZATION

Answer 14

Aka disk wiping- is a clearing technique that overwrites all addressable storage and indexing locations multiple times.

Question 15

Shredding (shearing), Pulverizing, Pulping, Burning

Answer 15

1. physically breaking media into pieces
2. reducing media to dust
3. chemically altering media
4. incinerating media

Question 16

CERTIFICATE OF DESTRUCTION

Answer 16

Is issued by the commercial services upon the destruction of media
Certificates should include at minimum: date of destruction, description of media(including serial number), method of destruction, witnesses, company name and address with contact information.

Question 17

Exposure-

Answer 17

a system of software configuration issue, or lack of control that could contribute to a successful exploit or compromise.

Question 18

BUG BOUNTY PROGRAM

Answer 18

Aka A vulnerability rewards program (VRP) is an incentive program that compensates individuals for identifying and reporting vulnerabilities or bugs
Open bug bounty program- offered by hundreds of companies like Google, Microsoft, and Facebook
Closed bug program- invitation only.

Question 19

CVE PROGRAM

Answer 19

Is an international, community-driven effort to catalog hardware and software vulnerabilities for public access.
A CVE is a standardized identifier for a given vulnerability or exposure.

Question 20

COMMON VULNERABILITY SCORING SYSTEM
CVSS

Answer 20

CVSS is an open frame for communicating the characteristics and severity of hardware and software vulnerabilities.
There 5 ratings: none, low, medium, high, and critical

Question 21

VULNERABILITY SCANNING

Answer 21

The automated activity that relies on a database of known vulnerabilities such as CVE/NVD, designed to identify vulnerabilities in the target environment

Question 22

Vulnerability assessment-

Answer 22

identify host attributes and known common vulnerabilities and exposures CVE. find the report.

Question 23

Penetration testing

Answer 23

evaluate the security of a target by identifying and providing proof of concept of flaws and vulnerabilities or by performing compromise exploitation. Find then exploit then report.

Question 24

PATCH MANAGEMENT

Answer 24

The process of identifying, acquiring, installing, and verifying patches (updates)

Question 25

Dynamic application security testing - DAST

Answer 25

a type of security testing that analyzes a running application to find vulnerabilities by simulating attacks.

Question 26

AUDIT AND EVENT LOGS

Answer 26

Are a chronological record of events and actions

Question 27

SYSLOG

Answer 27

System logging protocol is a standard protocol used to send system log or event messages to a Syslog server.
* Syslog is used to collect logs from different devices to store in a central location for monitoring and review

Question 28

SIEM-

Answer 28

security information and event management is an automation tool for real-time data capture event correlation analysis, and reporting

Question 29

TIP

Answer 29

threat intelligence platform is an automation tool that combines multiple threat intelligence feeds and integrates with existing SIEM solutions

Question 30

UEBA

Answer 30

User and Entity Behavior Analytics is an automation tool that models the behavior of humans and machines to identify normal and abnormal behavior

Question 31

SOAR

Answer 31

security orchestration automation, and response is an automation tool that responds to the alerts, triages the data, and takes remediation steps

Question 32

Orchestration

Answer 32

he integration of disparate tools and platforms for an automated response.

Question 33

SIMPLE NETWORK MANAGEMENT PROTOCOL (SNMP)

Answer 33

Is a widely used network management protocol that allows administrators to monitor and manage network devices.

Question 34

SNMP agents

Answer 34

software modules installed on managed devices. They collect and store information about the device’s performance and respond to queries from SNMP management systems.

Question 35

SNMP managers

Answer 35

send SNMP queries to agents to retrieve information and can also issue configuration commands to the device

Question 36

NETFLOW

Answer 36

A network protocol developed by Cisco Systems that allows the collection and analysis of network traffic data.

Question 37

IPFIX-

Answer 37

is an industry-standard protocol based on NetFlow v9 that provides a vendor-agnostic format

Question 38

cve- Common Vulnerabilities and Exposures

Answer 38

is a database of publicly known cybersecurity vulnerabilities and exposures. Each vulnerability is assigned a unique identifier, making it easier for organizations to share and reference security issues consistently.

Question 39

CCE (Common Configuration Enumeration)

Answer 39

a standard that provides unique identifiers for system configuration settings to help organizations manage and assess their security configurations.

Question 40

CPE (Common Platform Enumeration

Answer 40

is a standardized method of naming and identifying software applications, operating systems, and hardware devices.

Question 41

CVSS (Common Vulnerability Scoring System)

Answer 41

is a standardized framework for rating the severity of security vulnerabilities. It provides a numerical score from 0 to 10, with higher scores indicating more severe vulnerabilities, helping organizations prioritize their responses to security issues.

Question 42

OVAL (Open Vulnerability and Assessment Language)

Answer 42

is a standardized language used to describe and share information about the security vulnerabilities and configuration issues of computer systems. It helps automate the assessment, reporting, and remediation of these security issues.

Question 43

IDS/IPS-

Answer 43

analyze and monitor for suspicious traffic. IPS can deny traffic access

Question 44

DLP

Answer 44

detect and prevent unauthorized transfer and exfiltration of data.

Question 45

NAC

Answer 45

enforce endpoint access privileges based on pre-admission and post-admission policies

Question 46

Web filters

Answer 46

enforce restrictions to websites based on predefined criteria

Question 47

EDR/XDR

Answer 47

advanced integrated platforms that monitor, report on, and respond to security threats.

Question 48

Browser extensions (client-side)

Answer 48

plugins or addons used on individual devices to filter internet access. Small-scale use.

Question 49

INTERNET PROTOCOL IP

Answer 49

A set of rules for routing and addressing packets of data- it is the language of the internet

Question 50

IP convergence

Answer 50

is the use of the IP as the standard transport for transmitting all information

Question 51

Extensibility-

Answer 51

is additional functionality or the modification of existing functionality without altering the original structure or data flow.

Question 52

Open standard

Answer 52

a standard that is publicly available and can be freely adopted and extended.

Question 53

Address Resolution Protocol ARP

Answer 53

IP address to MAC address mapping. IPv6 uses a neighbor discovery protocol

Question 54

Internet Control Messaging Protocol ICMP

Answer 54

Error control and troubleshooting (ping, tracert)

Question 55

Internet Group Management Protocol IGMP

Answer 55

Multicasting IPv6 uses multicast listener discovery

Question 56

Transmission Control Protocol TCP

Answer 56

3-way handshake connection- delivery

Question 57

User Datagram Protocol UDP

Answer 57

Connectionless delivery

Question 58

IPv4

Answer 58

deployed in 1981, was the first publicly used version (i-3 was experimental) of 32-bit address in dotted decimal form, IP address scarcity, and limited security options.

Question 59

IPv6-

Answer 59

deployed in 1999 (adoption phase)
128-bit address in hexadecimal form
2^128 addresses (340 trillion trillion trillion)
Integrated IPsec
Stateful and stateless auto-configuration capabilities
Scans less effective because of the largest address space
Sniffing is more difficult because of mandated IPSec

Question 60

QUALITY OF SERVICE QoS

Answer 60

Is a feature of network devices which prioritizes traffic
Controls and manages network resources by setting priorities for specific types of data on the network

Question 61

APPLICATION LAYER PORTS

Answer 61

*The path of communication from the transport layer to the application layer is through a port
*Port- is an identifier for an application whining a computer
*Applications listen for connections on a port dedicated to that service
*A port is associated with either UDP or TCP
65,535 available ports are broken into 3 ranges
*Ports 1-1,203- assigned by the Internet Assigned Number Authority (IANA) well-known ports
*Ports 1,024-49,151 can be registered with IANA
*Ports 49,151-65,535- ary dynamic or private ports

Question 62

Some Common Ports

Answer 62

1. Port 20/21: FTP (File Transfer Protocol) - Used for transferring files.
2. Port 22: SSH (Secure Shell) - Used for secure remote login and command execution.
3. Port 23: Telnet - Used for unencrypted text communications.
4. Port 25: SMTP (Simple Mail Transfer Protocol) - Used for sending emails.
5. Port 53: DNS (Domain Name System) - Used for resolving domain names to IP addresses.
6. Port 80: HTTP (HyperText Transfer Protocol) - Used for web traffic.
7. Port 110: POP3 (Post Office Protocol 3) - Used for retrieving emails.
8. Port 143: IMAP (Internet Message Access Protocol) - Used for retrieving emails with more features than POP3.
9. Port 443: HTTPS (HTTP Secure) - Used for secure web traffic.
10. Port 3389: RDP (Remote Desktop Protocol) - Used for remote desktop access.

Question 63

secure protocol

Answer 63

is to ensure confidentiality, integrity, authentication, nonrepudiation, or any combination thereof.

Question 64

SECURE COMMUNICATIONS AND MANAGEMENT PROTOCOLS

Answer 64

HTTPS (80)- HTTP + TLS
FTPS (989,990)- FTP + TLS
Secure SHell (22)- secure channel between a local and remote device. Telnet replacement
SFTP (22)- Secure file transport packaged with SSH
SRTP (5601)- Used for securely sending audio and video messages over IP networks
S/MIME- Used to send digitally signed and encrypted email messages
DNSSec (53)- an extension to the DNS protocol that enables origin authentication, authenticated denial of existence, and data integrity.

Question 65

SECURE EMAIL COMMUNICATIONS

Answer 65

Refers to the use of various measures and protocols to protect the confidentiality, integrity, and authenticity or email messages exchanged between parties.

Question 66

SPF- sender policy framework-

Answer 66

email authentication method designed to prevent email spoofing and protect against forged or unauthorized use of domain names in email messages.

Question 67

DKIM- DomainKeys Identified mail-

Answer 67

an email authentication method designed to verify the authenticity and integrity of email messages.

Question 68

DMARC- Domain-based message authentication, reporting, and conformance

Answer 68

an email authentication protocol that helps protect against email spoofing and phishing attacks.

Question 69

SPF Record-

Answer 69

The domain owner creates an SPF record and publishes it in the DNS settings of their domain. The SPF record contains information about the authorized email servers that are allowed to send emails on behalf of the domain.

Question 70

Server-to server encryption

Answer 70

establishes an encrypted connection to protect the email data in transit between the senders and recipient servers.

Question 71

End-to-end encryption-

Answer 71

ensures that the email message is encrypted on the sender’s device and can only be decrypted by the intended recipient. This means that not even the email service provider has access to the decrypted content.

Question 72

TLS-

Answer 72

transport layer security is a cryptographic protocol used to encrypt communication between email servers during transmission.

Question 73

S/MIME-

Answer 73

Secure/Multipurpose internet mail extensions is a standard for secure email messaging that provides encryption and digital signatures.

Question 74

WINDOWS GROUP POLICY

Answer 74

Provides centralized management and configuration of OS, applications, and users settings in a Microsoft Windows Active Directory environment.

Question 75

Group policy object GPO

Answer 75

a group of settings. They can be associated with single or numerous active directory containers, including sites, domains, or organizational units (OUs)

Question 76

Group policy management console GPMC

Answer 76

snap-in provides a single administrative tool for managing group policy across the enterprise

Question 77

SECURITY-ENHANCED LINUX (SELinux )

Answer 77

Is the Linux kernel access control security module
Created by the US national security agency NSA and Red Hat. This security module is available for most Linux distributions but is mainly used on RHEL and Fedora
SELinux operates on the principle of least privilege. By default, everything is denied and the policy is written that gives each element of the system only the permissions it needs to function

Question 78

Targeted policy

Answer 78

the most common type of policy is targeted policy where only selected processes are protected.

Question 79

Strict policy

Answer 79

the more stringent policy where all processes are protected.

Question 80

Enforcing-

Answer 80

the default and most secure SELinux mode, SELinux enforces the access control policies and does not allow users to override them.

Question 81

Permissive

Answer 81

SELinux does not enforce the policies but logs events when a user or process attempts to access a resource blocked off by the policies. This enables monitoring for potential issues

Question 82

IDENTITY AND ACCESS MANAGEMENT

Answer 82

IAM is a business process of enabling the right individuals to access the right resources at the right times and for the right reasons.

Question 83

Provisioning & Deprovisioning

Answer 83

1. the process of creating and managing digital identities
2. the process of removing and deleting digital identities

Question 84

onboarding

Answer 84

Account creation requests, User agreements are signed (NDA/AUP), user accounts are created, and group/role memberships are established.
Credentials then assigned
Orientation and training

Question 85

Authorization

Answer 85

Authorization is granted by data/resource owners or a “need to know” is established
Rights and permissions are assigned by the custodian
User training

Question 86

Change Requests

Answer 86

User accounts are audited
User access is audited
Change requests submitted based on personnel requirements
Change requests are audited
Security education, training and awareness (SETA)

Question 87

Termination/ offboarding

Answer 87

Termination tasks include reclaiming physical assets and access control assets, and removing/disabling accounts and access.
Reassigning file and folder permissions and ownership
Users should be reminded of any agreements that extend beyond employment.

Question 88

Authorization creep

Answer 88

the accumulation of unnecessary rights and permissions over time

Question 89

SINGLE SIGN-ON SSO

Answer 89

Users can access multiple applications within the same organization or domain using a single set of credentials.

Question 90

Federated identity

Answer 90

It enables users to access applications or platforms across multiple enterprise domains (that are apart of a federated configuration) using a single set of credentials (portable identity)

Question 91

FEDERATED IDENTITY MANAGEMENT

Answer 91

FIM refers to the process and technologies involved in managing user identities, access rights, and permissions across federated systems.

Question 92

SAML - security assertion markup language

Answer 92

An XML-based open standard for exchanging authentication and authorization data between a SP and an IdP

Question 93

Authorization server API/ resource

Answer 93

the server that authenticated the user and issued an access token to the resource server.

Question 94

OAUTH 2.0

Answer 94

An open standard protocol and framework designed to provide secure, delegated access to resources without sharing credentials

Question 95

BIOMETRICS

Answer 95

Physical or behavioral human characteristics that can be used to digitally identify a person

Question 96

PHYSIOLOGICAL MARKERS AND BEHAVIORAL TRAITS

Answer 96

1. Fingerprint- a unique pattern of finger ridges.
2. Retinal- unique structure of capillaries that supply the retina with blood
3. Iris- unique color and iris patterns
4. Vein- unique vein pattern in palm and fingers
5. Facial- based on facial features
6. Voiceprint- unique vocal attributes
7. Handwriting- analysis of speed, shape, and stroke of the pen
8. Gait- walking traits such as step length, width, speed, and angle

Question 97

ACCESS CONTROL

Answer 97

Is a security process that enables organizations to manage who is authorized to access data and resources and what they are allowed to do

Question 98

Physical access control

Answer 98

focuses on facilities, equipment, devices, and paper

Question 99

Logical access control

Answer 99

focuses on systems, applications, and data

Question 100

Rights

Answer 100

are entitlements granted to users that determine their level of control and access within a system: change system time, create a user, install software.

Question 101

Permissions

Answer 101

specific authorizations and define what a user can do with specific files or system resources: read, write, delta, modify

Question 102

Dual control

Answer 102

requires more than one subject or key to complete a specific task.

Question 103

Separation of duties

Answer 103

implies breaking a task into separate processes, so no one subject is in complete control or has overriding decision-making power.

Question 104

Subjects

Answer 104

are active entities, generally in the form of a person, process, or device that causes information to flow among objects, or changes the system. State.

Question 105

Objects

Answer 105

passive entities(resource) that contain or receive information or instructions
Authorization can be static(hard-coded) or dynamic (influenced by situational factors)

Question 106

Role-based (RBAC)-

Answer 106

access is based on the subject’s assigned roles.

Question 107

Mandatory (MAC)

Answer 107

MAC access is based on the relationship between subject clearance( and need to know), and object classification level

Question 108

Attribute- based (ABAC)

Answer 108

access is determined by a combination of attributes.
* Is a logical access control model that controls access to objects by evaluation rules against the attributes of the subject and object, operations, and the environment

Question 109

Discretionary (DAC)

Answer 109

determined by the data owner

Question 110

PRIVILEGED ACCOUNTS

Answer 110

Is any account that provides rights and permission above and beyond those of non-privileged (standard) accounts

Question 111

Standing privileged

Answer 111

is defined as accounts that have persistent privileged access 24x7x365

Question 112

ZERO-STANDING PRIVILEGE (ZSP)

Answer 112

Aims to minimize the standing privileges granted to users or accounts within a system
In practice, ZSP means continuous reauthentication (explicit validation), and granting to authorized users the privileged access they need for the minimum time and only the minimum rights that they need (least privilege)

Question 113

Administrator-

Answer 113

generally have the highest level of access and control over an OS, device, application, database, or network

Question 114

Root/sudo

Answer 114

have complete control over the UNIX/LINUX systems

Question 115

PRIVILEGED ACCESS MANAGEMENT (PAM)

Answer 115

A set of practices, technologies, and policies designed to manage and secure privileged accounts and access to critical systems and sensitive data within an organization

Question 116

Just-in-time privileged access-

Answer 116

is provided only for a limited duration and specific tasks

Question 117

Privileged elevation and delegation

Answer 117

mechanisms for granting temporary or restricted privileges to non-privileged users when needed, reducing the dependency on persistent privileged accounts