Main Flashcards

Question 1

Q

Prepending

Answer

A

Two seperate definitions
1. Making a message appear more trustworthy by adding text before the message. E.g adding [SAFE] to the subject of an email.
2. Url high hijacking technique where the attacker puts text at the beginning of their typosquatted URL https://pprofessormesser.com/

Question 2

Q

Pharming

Answer

A

Similar to phishing but attacking DNS in order to redirect to your malicious site in order to harvest credentals.

Question 3

Q

Pretexting

Answer

A

A fictitious scenario added to a conversation to make a request more believable. Used by attackers in social engineering.

Question 4

Q

Hoaxes

Answer

A

A threat that doesn’t actually exit.
e.g Email chain about fake cyber attack

Question 5

Q

Methods for identifying spam

Answer

A

Allowed list, trusted senders
SMTP standards checking, block emails that don’t meet RFC standards
rDNS, reverse DNS, block email where sender’s domai doesn’t match IP address
Tarpitting, intentionally slow down server conversation
Recipient filtering, block all email not addressed to valid recipient email address

Question 6

Q

Credential harvesting

Answer

A

Grabbing all the credentials stored on a PC, phone, etc

Question 7

Q

Principles of Social Engineering

Answer

A

Authority
Intimidation
Consesus / Social Proof
Scarcity
Urgency
Familiarity / Liking
Trust

Question 8

Q

Types of malware

Answer

A

Virus
Crypto-malware
Ransomware
Worms
Trojan horse
Rootkit
Keylogger
Adware/Spyware
Botnet

Question 9

Q

Virus

Answer

A

Malware that can reproduct itself through file systems or network. Key difference between worms: Virus requires user input to spread, like opening a malicious file

Question 10

Q

Worms

Answer

A

Malware that self-replicates across a network with no user interaction

Question 11

Q

Crypto-malware

Answer

A

Newer generation of ransomware, pay the bad guys for your data back. This is what you think of when you think “ransomware”

Question 12

Q

Ransomware

Answer

A

Malware that attempts to extort money from the target. May or may not encrypt data

Question 13

Q

Trojan horse

Answer

A

Malware that pretends to be something else, e.g Rouge AV

Question 14

Q

Rootkit

Answer

A

Malware that modifies core system files, can be invisible to the operating system and traditonal AV
e.g Malicious kernel drivers

Question 15

Q

Rainbow tables

Answer

A

Optimized pre-built set of hashes

Question 16

Q

Salt

Answer

A

Random data added to password when hashing. Every user gets own random salt. Stops rainbow tables. Slow down brute force process. Same password will create different hashes depending on the salt.

Question 17

Q

Machine learning attacks

Answer

A

Poison the training data
Find ways to evade the AI. E.g Holes in an AI based IPS or IDS

Question 18

Q

Birthday attack

Answer

A

Find a collison through brute force. Generate multiple versions of plaintext to match hashes.

Question 19

Q

Downgrade attack

Answer

A

Attacker forces the system use a worse form of encryption if it is supported.

Question 20

Q

Replay attack

Answer

A

Gather network information with a tap ARP poisoning, malware, or protocol analyzer. Then resend the information collected to the server, maybe it will be accepted as valid.

Question 21

Q

SSRF

Answer

A

Server side request forgery. Attacker tells the web server to do something, and it does it. Caused by bad programming and not checking for who sent the request.

Question 22

Q

Shimming

Answer

A

Code that acts as an adapater for backwards compatibility. Often written by malware developers.

Question 23

Q

Metamohpric Malware

Answer

A

Refactors itself to make it appear different each time. Intelligently redesigns itself.

Question 24

Q

SSL Stripping / HTTP Downgrade

Answer

A

Attacker sits in middle of conversation between victim and server. Attacker essentially has all the encryption keys, so it can decrypt the HTTPs data, giving plaintext. Attacker reads everything, but the victim thinks he’s running HTTPS the entire time.

Question 25

Q

Bluejacking

Answer

A

Sending unsolicited messages to another device via bluetooth

Question 26

Q

Bluesnarfing

Answer

A

Access a bluetooth-enabled device and transfer data
e.g Contact list, calendar, email, pictures, video, etc

Question 27

Q

Cryptographic nonce

Answer

A

Arbitrary number that is used only once in a cryptograhic process. Usually a random or psuedo-random number or a counter. A salt is an example of a nonce.

Question 28

Q

Initalization Vector (IV)

Answer

A

Type of nonce. Used for randomizing an encryption scheme.

Question 29

Q

MAC Flooding

Answer

A

Filling up the MAC table on a switch, forcing ou tthe legitmate MAC addresses. The switch will begin to flood out on all interfaces, turning the switch into a hub. Attacker can then easily capture all network traffic.

Question 30

Q

DNS poisoning

Answer

A

Modify the DNS server, change it so that DNS lookups give the responses that the attacker desires. Can be used to highjack domains, get victims to go to your malicious site, DOS.

Question 31

Q

URL Highjacking Techniques

Answer

A

Typosquatting / brandjacking, takes advantage of poor spelling
Outright mispelling
Typing error
Different phrase in URL
Different top-level domain, e.g .org instead of .com

Question 32

Q

Types of threat actors

Answer

A

Insiders
Nation states
Hackitivst
Script kiddies
Hackers
Shadow IT
Organized crime
Competitors

Question 33

Q

Broad categories of threat intelligence

Answer

A

Open source
Closed/proprietary

Question 34

Q

Threat intelligence sources

Answer

A

Vulnerability databases
Information-sharing centers
Automated indicator sharing (AIS)
Indicators of compromise (IOC)
Predictive analysis
Dark web intelligence
File/code repos
Threat maps

Question 35

Q

Automated Indicator sharing (AIS)

Answer

A

Enables real-time exchange of machine-readable cyber threat indicators through a server/client architecture for communications.

Question 36

Q

TTP

Answer

A

Tactics, techniques, procedures used by adversaries

Question 37

Q

Threat hunting

Answer

A

Find the attacker before they find you

Question 38

Q

Types of vulnerability scans

Answer

A

Non-intrusive
Intrusive
Credentialed
Non-credentialed

Question 39

Q

Syslog

Answer

A

Standard for message logging, needs a lot of disk space, used on central log collector integrated into the SIEM

Question 40

Q

SOAR

Answer

A

Security orchestration, automation, and response

Orchestration - Connect many different tools together
Automation - Handle security tasks automatically
Response - Make changes immediately

Question 41

Q

Pentester’s process

Answer

A

Recon / footprinting
Inital exploitation
Lateral movement
Persistence
Pivoting

Question 42

Q

Security teams

Answer

A

Red team
Blue
Purple - Red and blue working together
White - Refs

Question 43

Q

Baseline configuration

Answer

A

Established reference point for integrity measurement checks.

Question 44

Q

Data masking

Answer

A

Techniques used to obfuscate sensitive data

Question 45

Q

Data states

Answer

A

At rest
In transit - Over network
In use - Ram

Question 46

Q

Tokenization

Answer

A

Replace sensitive data with non-sensitive placeholder

Question 47

Q

IRM

Answer

A

Information Rights Management.

Technology used to limit the scope of what users can do with data. e.g Preventing copy past, screenshotting, printing, etc

Question 48

Q

Site resilliency: Types of sites

Answer

A

Hot - Exact replica
Warm - Between hot and cold
Cold - Electricity, building, not much else

Question 49

Q

DNS Sinkhole

Answer

A

DNS that hands out incorrect IP addresses

Question 50

Q

Types of cloud models

Answer

A

IaaS Infrastructure as a service - Sometimes called hardware as a service
PaaS Platform - Someone else handles the platform you handle development, no servers, no software, no maintenance team, no HVAC
SaaS Software - On demand software, no local installation
XaaS Anything - Broad description of all cloud models

Question 51

Q

0 octal

Question 52

Q

1 octal

Question 53

Q

2 octal

Question 54

Q

3 octal

Question 55

Q

4 octal

Question 56

Q

5 octal

Question 57

Q

6 octal

Question 58

Q

7 octal

Question 59

Q

Data governance

Answer

A

Processes used by an organization to manage, process, and protect data. Used to ensure availability, readability, integrity, and security of data. Also, used to comply with external laws and regulations.

Question 60

Q

HIPAA

Answer

A

Health insurance portability and accountability act. A data governance regulation. Mandates that organizations protect health information.

Question 61

Q

GLBA

Answer

A

Gramm-leach Bliley act. Data governance regulation that requires financial institutions to provide consumers with a privacy notice explaining what information they collect and how it is used.

Question 62

Q

SOX

Answer

A

Sarbanes-oxley act. Data governance regulation that requires that executives take individual responsibility for the accuracy of financial reports.

Question 63

Q

GDPR

Answer

A

General data protection regulation. Data governance regulation that mandates the protection of privacy data for individuals who live in the EU

Question 64

Q

Data retention policy

Answer

A

Specifies how long data is retained and sometimes specifies where it is stored.

Answer 57

A

TCP 21, 22

Answer 58

A

53 tcp for zone transfers
53 udp for name resolution queries

Answer 59

A

Border gateway protocol
Enables exchange of routing information between autonomous systems
TCP 179

Answer 60

A

Uses internet key exchange (IKE) over port 500 UDP

Answer 61

A

TCP 110 unencrypted
TCP 995 encrypted

Answer 62

A

TCP 143 unencrypted
TCP 993 encrypted

Answer 63

A

TCP 25 unencrypted
TCP 587 for email encrypted with tls

Answer 64

A

Active mode: TCP 21 control signals, TCP 20 for data
Passive mode: TCP 21 control signals, random TCP port for data

Answer 65

A

TCP 22
Secure FTP
Inherently secure. Unlike FTPS, which just adds a layer of security with TLS. Both are secure though.
Used by SSH for file transfers. Not FTPS!

Answer 66

A

Lightweight Directory Access Protocol
LDAP TCP 389
LDAPS TCP 636
LDAP specifies the formats and methods used to query directories. Commonly is used to store information for authentication.

Answer 67

A

Secure socket tunneling protocol
Encrypts VPN traffic using tls on port TCP 443

Answer 68

A

Trivial file transfer protocol
UDP 69

Answer 69

A

Ping -t 172.26.5.1, continuous
Ping -c 4 172.26.5.1, 4 times

Answer 70

A

Ipconfig /all
Ipconfig /flushdns, flush dns cache
Ipconfig /displaydns, show dns cache

Answer 71

A

Ifconfig -a, similar to ipconfig /all
Ifconfig eth0, show conf. eth0
Ifconfig eth0 promisc, enable promisc mode, process all traffic
Ifconfig eth0 allmulti, enable multicast mode, process all multicast traffic
Ifconfig eth0 -allmulti, disable multicase mode

Answer 72

A

Ip link show, show interfaces
Ip link set eth0 up, enable eth0
Ip -s link, show network stats

Answer 73

A

Netstat -a, show all tcp udp ports being listened on
Netstat -r, show routing table
Netstat -e, show network stats
Netstat -s, show net stats for specific protocols
Netstat -n, show addresses and ports in numerical order
Netstat -p protocol, show stats on specific protocol
Netstat, show open TCP connections

You can combine options. E.g netstat -anp tcp

Answer 74

A

Windows
tracert google.com, show hops between system and Google
racert -d google.com, don’t resolve IP addresses to host names, makes command faster

Answer 75

A

Linux
Traceroute -n google.com, don’t resolve IPs

Answer 76

A

Sends pings to hops on routes. Computes statistics depending on responses to pings.
Pathping -n google.com

If a hop has 100% packet loss. Chances are it is just blocking icmp. If it really is bad, then all other hops from that point on in the path must also be dropping 100%.

Answer 77

A

Windows and Linux
Arp, help on windows, arp cache linux
Arp -a google.com, show arp cache entry for specified ip
Arp -a, show entire cache on windows

Answer 78

A

Tail -n 15 /var/log/messages, show last 15 lines.
Tail /var/log/messages, show last 10 lines

Answer 79

A

Linux
Add entires to /var/log/syslog

Answer 80

A

Linux
Query linux system logging utility called journald.
Journalctl – since “1 hour ago”, show logs only in journals.
Journalctl –list-boots, show boot logs

Answer 81

A

False acceptance rate
Biometrics

Answer 82

A

False rejection rate
Biometrics

Answer 83

A

Crossover error rate
Point on graph of sensitivity (x), error percentage (y), where FAR and FRR intersect. Increasing or decreasing sensitivity at this point will cause one of the error rates to go up and the other to go down. Lower CER means a better biometric accuracy.

Answer 84

A

Role based access control
Uses roles to manage rights and permissions for users. Roles are often implemented as groups. Think Microsoft security groups.

Admins have complete access
Executives have access to data on any project on server but can’t change server settings
Project managers have full control over their own projects but not any other teams projects
Team members can do work that project managers assign them but have little access outside of it.

Answer 85

A

Rule based access control
Uses rules. Common example is rules in routers and firewalls, which use access control lists to contain and organize the rules. Some rules are static, others might be modified on the spot.

Answer 86

A

Discretionary access control
Objects (files, folders, etc) have an owner, the owner establishes access for the objects. Example is NTFS used in windows, which allows users and administrators to restrict access to files and folders with permissions.

Answer 87

A

Security identifier. Used in windows discretionary access control. Long string of characters used to identify users.

Answer 88

A

Mandatory access control
Uses labels to determine access. Admins assign labels to objects and users. If the labels match, then the user has access. Example SELinux. A lattice chart is used to layout the scheme.

Answer 89

A

Attribute-based access control
Evaluates attributes and grants access based on the value of these attributes. Example, Homer has attributes employee, inspector, nuclear aware. A file server has a share called inspector, that grants access to the folder for any user that has the attributes employee, inspector, nuclear aware.

Many SDNs use ABAC schemes instead of rules on physical routers.

Answer 90

A

Used with traditional access control schemes but adds additional capabilites with if then statements. Policies in conditional access use signals which are similar to attributes in an ABAC scheme. Implemented in Microsoft azure active directory.

Answer 91

A

Hardened server used to access and manage devices in another network with a different security zone.

Answer 92

A

Aka DMZ. Buffered zone between a private network and the internet. Will contain some internet facing servers surrounded by firewalls such that the internal network is protected.

Answer 93

A

Hosts NAT and provides internal clients with private IPs a path to the internet.

Answer 94

A

Doesn’t trust any device by default even if the device was previously verified. Security model based on the principle of Zero trust. Can be implemented by requiring multifactor authentication.

Answer 95

A

Unified threat management
Single solution that combines multiple security controls. An appliance that performs URL filtering, malware inspection, content inspection, DDoS mitigation, etc

Answer 96

A

Managed Service provider. A cloud service provider that provides network connectivity managment, backup and disaster ecovery, growth management and planning

Answer 97

A

Managed Security Service Provider. A cloud service provider for firewall management, patch managemnt, security audits, emergency response.

Answer 98

A

Cloud that’s close to your data. Cloud + IOT = Fog computing. Immeditate data stays local so no latency. No bandwith requirements. Privdate data never leaves - minimizes security concerns. Local decisons made from local data.

Answer 99

A

Scale up, down, out and in as it is required (automatically)

Answer 100

A

Function as a service. Applications are seperated into indvividual, autonomous functions. Remove operating system from the equation. Runs in stateless compute container.

Answer 101

A

Virtual private cloud. Pool of resources created in a public cloud.

Answer 102

A

Software Defined Networking. (Infrastructure as code)

Answer 103

A

Software Defined Visibility. (infrastructure as code)

Answer 104

A

Test - Still in development
QA
Staging - Looks and feels like a production environment
Production

Answer 105

A

Stored procedures

Answer 106

A

Using alternative compiler paths to result in a different binary each time compiled. An exploit for one version of the binary should not affect many others.

Answer 107

A

Code constantly written and merged int ocentral repo everyday.

Answer 108

A

Continuous delivery/deployment. Continuous delivery means automate the testing and release process, cllick and button and deploy the application. Continuous deployment means automatically deploy to production with no human integration or manual checks.

Answer 109

A

Providing network access to thrid parties such as partners, suppliers, customers, etc. A federated network allows authentication between two organization.

Answer 110

A

Prove the hardware is really yours.

Answer 111

A

Time based one time password. Secret key and time of day, no counter.

Answer 112

A

HMAC based one time password. Based on secret key and counter.

Answer 113

A

Fingerprint
Retinal
Iris
Voice recognition
Facial
Gait anlysis
Veins

Answer 114

A

Idebtification, Authetication, authorization, accounting

Answer 115

A

Something you are
Somewhere you are
Something you can do - Handwriting analysis, you’re special
Something you know
Something you have

Answer 116

A

Multipath I/O
RAID
Multiple drives

Answer 117

A

RAID 0 - Striping without parity, high performance, no fault tolerance
RAID 1 - Mirrioring, Duplicates data for fault tolerance but requires twice the disk space
RAID 5 - Striping with parity, Fault tolerant and only requires an additonal disk for redunancy
RAID 0+1, RAID 1+0, RAID 5+1, Multiple raid types, Combine raid methods to increase redundancy

Answer 118

A

Load balancing
NIC teaming

Answer 119

A

UPS
Generator
Dual pwoer supply
PDU - Power distribution unit, provides power to multiple power outlets usually in a rack

Answer 120

A

Full
Incremental - All changes since last incremental
Differential - All changes since last full

Answer 121

A

Network attached storage. Connect to a shared storage device across the network and get file-level access to it.

Answer 122

A

Storage area network. Looks and feels like a local stroage device. Block level access, very efficient reading and writing.

Answer 123

A

High availability

Answer 124

A

System on a chip. Multiple components running on a single chip, common with embedded systems.

Answer 125

A

Field Programmable gate array Integrated circuit that can be configured after manufacturing. Common in firewall logic and routers.

Answer 126

A

Industrial control systems. Like SCADA

Answer 127

A

Real time operating system. OS with a deterministic processing schedule. No time to wait for other processes. Found in industrial equipment, automobiles, and military environments. Extremely sensitive to security issues.

Answer 128

A

Subscriber identity module. SIM card.

Answer 129

A

Form of embedded system communication. Communicate analog signals over a narrow range of frequencies.

Answer 130

A

Form of embedded systems communication. Generally a single cable with digital signal, copper or fiber. Uses all bandwith, utilization either 0% or 100%.

Answer 131

A

Physical seperation between networks.

Answer 132

A

IOT Networking open standard. Alternative to WiFi or bluetooth. Longer distances than bluetooth, less power consumption than WiFi.

Answer 133

A

Algorithm uses to encrypt and/or decrypt

Answer 134

A

Encrypted message

Answer 135

A

Key streching - Larger keys tend to be more secure

Answer 136

A

Homomorphic encryption. Perform calculations on data white it’s encrypted.

Answer 137

A

Symmetric - Doesn’t scale well
Symmetric is faster

Answer 138

A

Eliptic curve cryptography. Asymmetric.

Answer 139

A

Prove message was not changed - Integrity. Prove source of message - Authentication. Make sure signature isn’t fake - Non-repudiation.

Answer 140

A

Perfect forward secrecy. Refers to encryption system that changes the keys used to encrypt and decrypt.

Answer 141

A

Encryption is done one bit or byte at a time. High speed, low hardware complexity. Used with symmetric encryption. Starting state should never be the same twice. Often combined with an IV

Answer 142

A

Initalization vector

Answer 143

A

Encrypt fixed-length groups. Used with symmetric encryption. Different modes of operations. e.g ECB, CBC, CTR, GCM

Answer 144

A

Electronic code block. Block cipher mode of operation. Simplest mode. Each block encrypted with same key, identical plaintext blocks create identical ciphertext blocks.

Answer 145

A

Cipher block chaining. Mode of block cipher operation. Each plaintext block is XORed with the pevious ciphertext block.

Answer 146

A

Counter. Mode of block cipher operation. Block cipher acts like a stream cipher, encrypts successive values of a counter.

Answer 147

A

Galois/Counter mode. Mode of block cipher operation. Combines counter mode with galois authentication. Very efficient encryption and authentication. Commonly used with packetized data such as in TLS.

Answer 148

A

Secure Real-Time transport protocol.
Secure protocol for audio and video traffic.

Answer 149

A

Secure/Multipurpose Internet mail extensions
Public-private key encryption mechanism that allows for the protection of the information within emails. As well as digital signatures for integrity. Requires PKI.

Answer 150

A

Simple Network Management protocol version 3. Secure protcol for managing network devices.

Answer 151

A

Endpoint detection and response. Detecting threats on an endpoint, investigating, and responding.

Answer 152

A

Data loss prevention

Answer 153

A

Trusted platform module. Specification for cryptographic functions. Hardware to help with cryptographic functions.

Answer 154

A

East-west traffic - Traffic between devices in the same data center.
North south traffic - Ingress/egress to an outside device

Answer 155

A

Layer 2 tunneling protocol. Commonly implemented with IPSec. Can be used as a tunneling protocol for VPNs.

Answer 156

A

Authentication header. Member of the IPSec protocol suite.

Answer 157

A

Encapsulating security payload. Member of the IPSec protocol suite.

Answer 158

A

Transport mode. Tunnel mode.

Answer 159

A

Quality of service. Describes process of controlling traffic flows.

Answer 160

A

File integrity monitoring. Some files should never change.

Answer 161

A

Does not keep track of traffic flows.

Answer 162

A

Keeps track of traffic flows. Remembers the “state” of the session.

Answer 163

A

Web application firewall.

Answer 164

A

Corporate owned personally enabled. Device deployment model. Employees free to use device as if it was their personally owned device. But the organization purchases it and owns it.

Answer 165

A

Bring your own device. Device deplyoment model. Employees can being their own mobile device to work and attach them to the network. Employee is responsible for selecting and supporting the device, typically must comply with a BYOD policy when connecting to the network.

Answer 166

A

Choose your own device. Device deplyoment model. Employees selects a device from a list of acceptable devices. Employee purchases and brings the device to work.

Answer 167

A

Hardware security module. High end cryptographic hardware.

Answer 168

A

Sending fake emails from senior executives.

Answer 169

A

Impersonating a trusted colleague or vender to request payment or money transfer,

Answer 170

A

Gathering information about computer systems and their entities.

Answer 171

A

Typically harmless messages that spread through social engineering often using sensational claims and urging users to forward the message to warn others about a fake cyber threat.

Answer 172

A

Attempts to discover which websites a group of people are likely to visit and then infects those websites with malware that can infect the visitors/

Answer 173

A

Hacking public opinion. Often run by nation state actors to divide individuals or persuade them. Frequently performed using social media with lots of fake or bot accounts, and relies on real users to spread the misinformation.

Answer 174

A

Discussing changes to IT infrastructure. Important to use standaridzed naming and numbering conventions in ensure efficient communication during such meetings.

Answer 175

A

Ensures ciphertext is very different from the original plaintext.

Answer 176

A

Ensures that a small change in the plaintext results in a significant change in the ciphertext.

Answer 177

A

Domain Name System Security Extension. Provides a means of validating the information recieved from a DNS server so that it really did come from the server that was requested and that the information was not changed as it went through the network.

Answer 178

A

TCP 989, 990
File transfer protocol secure.
Uses TLS or SSL to encrypt FTP. Unlike SFTP, not inherently secure, just an added layer of security with TLS/SSL.

Answer 179

A

Creating a fake website or communication that closely resembles an authentic one to deceive users.

Answer 180

A

Authority
Scarcity
Familiarity
Intimidation
Consensus
Urgency
Trust

Answer 181

A

Trusted Automated eXchange of Indicator Information.
An open standard that defines a set of services and messages exchanges used to share information. Provides a standard way for organizations to exchange cyber threat information.

Answer 182

A

Structured Threat Information eXpression.
An open standard that indentifies what cyber threat information organizations should share. Provides a common language for addressing a wide range of cyber threat information. STIX data is shared via TAXII.

Answer 183

A

Attacker knows both plaintext and its corresponding ciphertext. He uses this information to determine the encryption/decryption method and perhaps reveal keys. He can then decrypt all messages.

Answer 184

A

Attacker knows the ciphertext but not all of the plaintext, only a “chosen” part of it. He then uses various techniques to attempt to decrypt the chosen part, which will allow him to decrypt all messages.

Answer 185

A

Attacker doesn’t have any information on the plaintext. He must work with the ciphertext only.

Answer 186

A

Attacker floods network with IP address lease requests. DHCP server runs out of IPs.

Answer 187

A

Attacker gains access to resources that would only normally be available to a user of a higher privledge level. Does not necessarily have to be an administrator or root account.

Answer 188

A

Attacker gets administrative or root access to a system via a vulnerability

Answer 189

A

Time of check to time of use attack
Attacker exploits a race condition in order to do somethign malicious with data after the operating system verifies access is allows (time of check) but before the operating system performs a legitmate action (time of use)

Answer 190

A

An AP placed wthin a network without official authorization. Might be used to bypass security and gain access to the network or to sniff traffic. 802.1X authentication can prevent this by requiring users to provide a username, password or other type of authentication before being allowed access to the network.

Answer 191

A

Authentication method for wireless networks. However, it can also be used anywhere an 802.1x server is used. Provides method for two systems to create a secure encryption key called pairwise master key. Systems then use the key to encrypt data between them.

Answer 192

A

Protected EAP
Extra layer of protection for EAP. Encapsulates the EAP conversation in TLS tunnel. Requires certificate on the server but no on the clients.

Answer 193

A

EAP-Flexible Authentication via Secure Tunneling
Built by Cisco. Supports certificates but they are optional.

Answer 194

A

Requires certificates on both the 802.1X server and the clients.

Answer 195

A

EAP-Tunneling TLS
Extension of PEAP that allows systems to use older authentication methods such as PAP. Requires certificate on the 802.1X server but not the clients.

Answer 196

A

Requires users to authenticate when connecting to a wireless AP or plugging into a port. Can be implemented as a RADIUS or Diameter server. Supports usernames and passwords as well as certificates.

Answer 197

A

WPA2 mode. Forces users to authenticate with unique credentials when connecting to the network. Uses an 802.1X server, often implemented as a RADIUS server.

Answer 198

A

Simultaneous authentication of equals. Used in WPA3, variant of dragonfly key exchange which is based on diffie hellman.

Answer 199

A

Creating a federation using 802.1X and RADIUS servers

Answer 200

A

Wi-fi protected setup.
Press a button on the printer to connect to its Hotspot. Enter a pin to connect your phone to the AP.

Answer 201

A

Discover the initialization vector and use it to discover the pre-shared key.

Answer 202

A

Blursnarfing, but the attacker installs a backdoor. Allowing them to listen to comms, send messages, etc remotely from the victims device.

Answer 203

A

IPSEC in tunnel mode
SSL/TLS
L2TP - Layer 2 tunneling protocol

Answer 204

A

Used as a tunneling protocol to encrypt VPN comms. In this mode both the payload and headers of the IP packet are encrypted.

Answer 205

A

Only the payload of the IP packet, not headers. Not used for VPNs usually unless you don’t care about internal IPs being exposed.

Answer 206

A

Encapsulating security payload
Protocol number 50
Encrypts data in IPSec. Includes AH.

Answer 207

A

Authentication header.
Protocol number 51.
Allows hosts in an IPsec communication to authenticate with each other before exchanging data.

Answer 208

A

When connected to the VPN, all traffic regardless of destination will be tunneled through the VPN.

Answer 209

A

Admin determines which specific traffic should be tunneled through the VPN. Perhaps he will restrict it to traffic destined for the internal network only.

Answer 210

A

Uses two VPN servers to act as gateways for two geographically separated networks. The process of accessing resources in the remote network is seemless from the user’s perspective.

Answer 211

A

Allows users to access private networks via a public network. Process is NOT seemless to the user, as the user has to manually connect to the VPN server.

Answer 212

A

The VPN connection is established and maintained always. This opposes an on-demand connection. Can be used with both site to site VPN and direct access VPN.

Answer 213

A

Allows users to connect to the VPN using their web browser. Uses TLS to encrypt the session. Tends to be very resource intensive.

Answer 214

A

Network Access Control
Methods to ensure that devices connecting to a network meet certain predetermined characteristics. NAC will perform host health checks. Possibly via an agent. A VPN server will query the NAC (assuming there is one) and query the client for a health report before allowing the client to connect to the internal network.

Answer 215

A

VPN should ensure that only authorized users access it.
1. PAP - Password Authentication Protocol
2. CHAP - Challenge Handshake Authentication Protocol
3. RADIUS
4. TACACS+

Answer 216

A

Password Authentication Protocol
Used in VPNs for authentication. Used with Point to point protocol (PPP) to authenticate clients. PAP allows users to authenticate with a password or PIN. However, it is sent over the network in cleartext, so it’s not secure.

Answer 217

A

Challenge Handshake Authentication Protocol.
Used by VPNs for authentication. Uses point to point protocol (PPP). CHAP allows users to authenticate with a shared secret. The client hashes the shared secret combining it with a nonce, and then sends it to the server. More secure than PAP because the shared secret is NOT sent in plaintext.

Answer 218

A

Terminal Access Controller Access-Control System Plus
Authentication system that is an alternative to RADIUS. Can be used by VPNs for authentication. Can be used with kerberos. Two essential security benefits over RADIUS: 1. Encrypts the entire authentication process. 2. Uses multiple challenges and responses between the client and the server.

Answer 219

A

Protocols that provide authentication, authorization, and accounting
1. RADIUS
2. TACACS+
3. Diameter

Answer 220

A

Mobile device management
Includes technologies to manage mobile devices.

Answer 221

A

Unified endpoint management
Ensure systems are up to date with patches, AV, and are secured with standard security practices. Can be used to manage mobile devices or any device.

Answer 222

A

Mandatory framework for US federal agencies and organizations that handle federal data.

Six step process
1. Categorize: define the environment
2. Select: pick the appropriate controls
3. Implement: define proper implementation
4. Assess: determine if controls are working
5. Authorize: make a decision to authorize a system
6. Monitor: check for ongoing compliance

Answer 223

A

NIST cybersecurity framework

Framework core
Identify, protect, detect, respond, and recover

Answer 224

A

Information security management

Framework that provides information on infosec management system (ISMS) requirements. Three stage certification process for an organization to become compliant.

Answer 225

A

Information technology security techniques
Complement to ISO 27001. While ISO 27001 identifies requirements to become certified, ISO 27002 provides organizational with be practices guidelines.

Answer 226

A

Privacy information management system (PIMS)
Based on ISO 27001, outlines a framework for managing and protecting PII. Provides organizations with guidance to comply with global privacy standards, such as European General Data Protection Regulation (EU GDPR)

Answer 227

A

Family of standards related to risk management. Provides guidelines that organizations can adopt to manage risk

Answer 228

A

A report that describes an organization’s systems and covers the design effectiveness of security controls on a specific date. Design effectiness refers to how well the security controls address risks but not necessarily how well they work when mitigating risks.

Answer 229

A

Report that describes an organization’s systems and covers security controls’ operational effectiveness over a range of dates, e.g 12 months. Operational effectiveness refers to how well the controls worked when mitigating risks during the range of dates.

Answer 230

A

Risk Management Framework for Information Systems and Organizations

Covers the Risk Management Framework (RMF). Provides organizations a 7 step process to identify and mitigate risks.

Prepare
Categorize information systems
Select security controls
Implement security controls
Assess security controls
Authorize information systems
Monitor security controls

Answer 231

A

Single Loss Expectancy

Cost of any single loss.

Answer 232

A

Annual rate of occurrence

Indicates how many times the loss will occur annually.

Answer 233

A

Annual Loss Expectancy

How much loss is accrued from failures during the entire year.

ALE = SLE * ARO

Answer 234

A

Detailed document listing information about risks. Typically includes risk scores along with recommended security controls to reduce the risk scores.

Answer 235

A

Plots risk on a graph.

Answer 236

A

Recovery Point Objective

Identifies a point in time where data loss is acceptable, refers to databases.

Answer 237

A

Mean Time Between Failures
Provides a measure of a system’s reliability, usually represented in hours.

Answer 238

A

Mean Time To Recover
Identifies the arithmetic mean time it takes to recover a failed system.

Answer 239

A

Business Impact Analysis
Important part or a Business Continuity Plan (BCP). Helps an organization identify critical systems and components that are essential to an organization’s success.

Answer 240

A

Business Continuity Plan
Plan that includes disaster recovery elements that provide steps used to return critical functions to operation after an outage.

Answer 241

A

Recovery Time Objective
Maximum amount of time it can take to restore a system after an outage.

Answer 242

A

Certificate Authority
Issues, manages, validates, and revokes certificates. Can be public like a large organization e.g Symantec or can be a single service running on a server within a private network.

Answer 243

A

First certificate created but the CA that Identifies it. If the root certificate is placed into the trusted root CA store, then all certificates issued by the CA will be trusted.

Answer 244

A

A CA that is created by a root CA to create certificates on the root CA’s behalf.

Answer 245

A

A CA that has certificates issued to it by an intermediate CA. The child CA then gives these certificates to end users and devices.

Answer 246

A

Certificate Signing Request
A request you send to a CA to have the CA create/sign a certificate on your behalf.

Answer 247

A

Registration authority
Assists in the certificate registration process. Sometimes, it is found in large organizations. RA never issues certificates it only assists the registration process.

Answer 248

A

Certificate revocation list
Used by the CA to revoke a certificate before its expiration date.

Answer 249

A

Online certificate status protocol
Allows client to query the CA with the serial number of the certificate. The CA will then respond with an answer of good, revoked, or unknown. Unknown could indicate that the certificate is a forgery.

Answer 250

A

Part of Online Certificate Status Protocol (OCSP). The certificate presenter receives a time stamped OCSP response from the CA signed with a digital signature. The certificate presenter then appends/staples the timestamped OCSP response to the certificate during the TLS Handshake process. Which eliminates the need for clients to query the CA.

Answer 251

A

Security mechanism designed to prevent attackers from impersonating a website using fraudulent certificates. When configured, the web server responds to HTTPS requests with an extra header which includes a list of hashes derviced from valid public keys used by the web site. When clients connect to the web server they recalculate the hashes and then compare the calculated hashes with the ones they have stored from before. If they match then the client knows this is the same web server.

Answer 252

A

Placing a copy of a private key in a safe environment. E.g giving the key to a third party

Answer 253

A

Cannocial Encoding Rules
One of the base formats for certificates. E.g cert.cer

Answer 254

A

Distinguished Encoding Rules
One of the base formats for certificates. E.g cert.der

Answer 255

A

Privacy Enhanced Mail
Certificate format, despite name can be used for anything.

Answer 256

A

Certificate format using PKCS version 7.

Answer 257

A

Certificate format using PKCS version 12.

Answer 258

A

Personal Information Exchange
Certificate format, predecessor to P12.

Answer 259

A

Computer Incient Response Team

Answer 260

A

Holds hostname and IPv6 address, similar to A record but for IPV6

Answer 261

A

Holds hostname and IPv4 address

Answer 262

A

Pointer record
Opposite of an A record. For when client queries DNS with an IP.

Answer 263

A

Mail exchange record
Identifies a mail server used for email. Linked to A or AAAA record of the mail server. When there is more than one mail server, the one with the lowest preference number in the MX record is the primary mail server.

Answer 264

A

Canonical name record
Allows single system to have multiple names associated with a single IP address.

Answer 265

A

Start of authority record
Includes information about the DNS zone and some of its settings which are useful for clients to know. E.g TTL

Answer 266

A

Reconnaissance
Weaponization
Delivery
Exploitation
Installation
C2
Actions on Objectives

Answer 267

A

Adversary
Capabilities
Infrastructure - domain names, email addresses, ips, etc used by the adversary
Victim

Answer 268

A

Adversarial Tactics, Techniques, and Common Knowledge
Knowledge base of tactics and techniques used in real-world attacks.

Brainscape's Knowledge GenomeTM

Main Flashcards

Brainscape's Knowledge Genome^TM