Lynda Notes 2

Question 1

Anomaly Analysis

Answer 1

Looks for data points that stand out from the rest of the data as clear outliers (AKA Heuristic Analysis)

Question 2

Trend Analysis

Answer 2

Looks for historical data over time

Question 3

Behavioral Analysis

Answer 3

Looks at the user behavior to detect suspicious or unusual user activity, Signatures or Heuristic Analysis could be used for this

Question 4

Availability Analysis

Answer 4

Provides uptime information

Question 5

Data Loss Prevention (DLP)

Answer 5

Technology solutions that search systems and monitor networks for sensitive information that is unsecured and provide the ability to remove the information, block the transmission, or encrypt the stored data.

Question 6

Host-based DLP

Answer 6

Uses software agents installed on a single system

Question 7

Network-based DLP

Answer 7

Scans network transmissions for sensitive information

Question 8

Two DLP Mechanisms of Action

Answer 8

1. Pattern Matching

2. Watermarking (Electronic tagging)

Question 9

Watermarking

Answer 9

Electronic tags are used to identify sensitive information

Question 10

Network Access Control (NAC)

Answer 10

Intercepts network traffic coming from unknown devices and verifies that the system and user are authorized before allowing further communication. Uses 802.1x Authentication

Question 11

Supplicant

Answer 11

Special piece of software that performs all of the NAC-related tasks on behalf of the user and system

Question 12

NAC Roles

Answer 12

1. User and Device Authentication
2. Role based access (provides access to networks where needed)
3. Posture Checking (Makes sure the device meets security requirements)

Question 13

NAC Posture Checking

Answer 13

1. Verifying Antivirus software present
2. Validating current signatures
3. Ensuring proper firewall settings
4. Verifying presence of security patches

Question 14

Quarantine network

Answer 14

Where NAC places a device that does not pass the Posture Check

Question 15

Three types of NAC

Answer 15

1. Persistent Agent - Time consuming - NAC is permanently installed on endpoint devices
2. Dissolvable Agent - NAC software downloaded from a portal for temporary endpoint use - removed once the NAC process is complete.
3. Agentless - NAC systems that don’t require installation of agent

Question 16

Mail Gateway Actions

Answer 16

1. Allows a message to be sent
2. Block or quarantine a message
3. Tag the message with a warning to the recipient is suspicious
4. Encrypt the message

Question 17

Mail Gateway Filtering

Answer 17

1. Text Analysis
2. Signature Detection
3. URL Filtering

Question 18

Steganography

Answer 18

Hiding information within other information

Question 19

tcpdump

Answer 19

Open-Source command line packet sniffing tool

Question 20

Two most commonly used packet sniffers (Protocol Analyzers)

Answer 20

Wireshark and tcpdump

Question 21

Most common network mapping tool

Answer 21

nMap

Question 22

Metasploit

Answer 22

Most common exploitation framework - uses modular plugins

Question 23

ICMP

Answer 23

Internet Control Message Protocol

Question 24

ARP

Answer 24

Address Resolution Protocol - Translates IP addresses at the network layer and MAC addresses at the Ethernet layer. (Only works on local networks)

Question 25

netstat

Answer 25

Shows connections active on a system (ss on Linux systems is the equivalent)

Question 26

nc command

Answer 26

Opens raw network connections on Mac and Linux. You can send and receive raw text on a network connection

Question 27

dig

Answer 27

Command used to perform domain lookups on Mac and Linux systems (nslookup is the equivalent on Windows)

Question 28

nslookup

Answer 28

Performs DNS lookups on Windows systems

Question 29

Whois

Answer 29

Discovers ownership information about domains and IP addresses

Question 30

Reverse Whois

Answer 30

Discovers domains associated with a name or email address

Question 31

CER (Canonical Encoding Rules)

Answer 31

Files are stored as ASCII files

Question 32

DER (Distinguished Encoding Rules)

Answer 32

Files are stored as binary files

Question 33

Difference between an HSM and TPM

Answer 33

HSMs (Hardware Security Module) is a removable or external device, TPMs (Trusted Platform Module) is an embedded chip in the motherboard. TPMs cannot be added at a later date.

Question 34

Similarities of an HSM and TPM

Answer 34

Both HSM and TPM provide secure encryption capabilities by storing and using RSA keys.

Question 35

HSA (Hardware Security Module)

Answer 35

Removable or external device that can generate, store , and manage RSA keys used in asymmetric encryption. Server-based applications use an HSM to protect keys