Messer test 2 review Flashcards
1
Q
of instances that an event would occur in a year
A
ARO (annualized rate of occurrence)
2
Q
expected cost of all events in a single year
A
ALE (annual loss expectancy)
3
Q
monetary loss if a single event occurs
A
SLE (single loss expectancy)
4
Q
time required to repair a product or system after a failure
A
MTTR (mean time to repair)
5
Q
state what is the SLE, ARO and ALE:
if it costs $1,000 to replace a single laptop and you expect to lose 7 in a year, the ___ for laptop theft is $7,000
A
SLE (single loss expectancy): $1,000 cost of one laptop
ARO (annualized rate of occurrence): 7 laptops in a year
ALE (annual loss expectancy): for laptop theft is $7,000
6
Q
process of gathering info from outside sources, like social media sites and online forums usually for pen test
A
passive scan
7
Q
associated with development life cycle model that focuses on rapid development and constant collaboration
A
agile
8
Q
commonly used to control flow of people through particular area. unlocking one door restricts the other from opening
A
access control vestibule
9
Q
used to block electromagnetic fields, useful in environments where electromagnetic and radio signals are an issue
A
faraday cage
10
Q
physically secure cabled network
A
protected distribution system (PDS)
11
Q
describes relationship with IT and their customers
A
stakeholder management
12
Q
list of everyone who needs to be contacted during an incident
A
communication plan
13
Q
specify the type and amount of data that must be backed up and stored
A
retention policies
14
Q
security control commonly implemented on routers to allow or restrict traffic flows through the network
A
access control list (ACL)
15
Q
method of modifying the source and/or destination IP addresses of network traffic
A
NAT (network address translation)
16
Q
series of security levels (public, private, secret) assigns those levels to EACH object in OS. Users are assigned a security level and only would have access to objects that meet or are below that assigned security level
A
mandatory access control
17
Q
determines access based on a series of system enforced rules
A
rule based AC
18
Q
assigns a user’s permissions based on their role in the organization
A
role based
19
Q
EMI
A
electromagnetic interference
20
Q
high end cryptographic hardware designed for large scale secured storage on the network. usually it’s own server
A
hardware security module (HSM)
21
Q
hardware that is part of computer’s motherboard is designed to assist and protect with cryptographic functions. full disk encryption (FDE) can use burned in ____ keys to verify that the local device hasn’t changed and there are security features in ___ that prevent brute force or dictionary attacks against full disk encryption login crews
A
trusted platform module (TPM)
22
Q
describes how company assets are to be used, especially computers, internal connections and mobile devices
A
acceptable use policy (AUP)
23
Q
preparation, identification, containment, eradication, recovery and lessons learned
A
incident response (IR)
24
Q
systems designed to identify sensitive data transfers. if ___ finds suspicious forwarding of data, ___ can block it
A
data loss prevention (DLP)
25
when 3rd party holds decryption keys for data
key escrow
26
keys transferred between people or systems over network (in band) or outside the normal network communication (out of band)
key exchange
27
provides summary of network traffic application usage and details of network conversations. logs show all conversations from this device to any others in the network
NetFlow
28
true or false: vulnerability scan only identifies known vulnerabilities, it doesn't exploit
true
29
______ uses smaller keys, has smaller storage and transmission requirements. efficient option for mobile devices
elliptic curve cryptography (ECC)
30
_______ used for signing, encrypting, and decrypting texts, e-mails, files, directories, and whole disk partitions and to increase the security of e-mail communications.
has two algorithms: RSA (considered unbreakable, but slow) and Diffie-Hellman
Up to the user to use it correctly
Alternative to S/MIME encryption
pretty good privacy (PGP)
31
--located in the core of the network
*Web security gateway
* URL filter / Content inspection
* Malware inspection
* Spam filter
* CSU/DSU
* Router, Switch
* Firewall
* IDS/IPS
* Bandwidth shaper
* VPN endpoint
unified threat management (UTM)--all in one security compliance
32
HIPS
host based intrusion prevention system
33
Confidentiality agreement / Legal contract – Prevents the use and dissemination of
confidential information
non disclosure agreement (NDA)
34
removes electromagnetic field of storage media and electronics
degaussing
35
places papers into a large washing tank to remove ink, paper broken down into pulp and recycled
pulping
36
does not have access to OS and may not provide method of upgrading system firmware
embedded system
37
DES
data encryption standard
38
used to authenticate devices using Mirosoft's point to point tunneling protocol (PPTP). security issues related to DES (data encryption standard) eliminates ____
MS-CHAP (microsoft challenge handshake authentication protocol)
39
PPTP
point to point tunneling protocol (PPTP)
40
simple network management protocol used to manage servers and infrastructure devices
SNMPv3 (simple network management protocol)
41
protocol needed for 802.1X authentication (4 options)
LDAP, RADIUS, TACAS+ or Kerberos
42
alert of any changes to file
file integrity check
43
protects web based applications from malicious attacks
web application firewall (WAP)
44
associated with moving around the file system of a server
directory traversal
45
created by US intelligence as a way to standardize attack reporting and analysis of intrusions. scientific principles to intrusion analysis: measurements, testability and repeatability.
points: adversary, capability, infrastructure, victim.
diamond model of intrusion
46
knowledgeable of attack types, techniques and mitigation options
MITRE ATT&CK framework
47
standard focuses on the implementation and maintenance of a privacy information management system (PIMS)
ISO 27701
48
focuses on protecting personal data and informational privacy. focuses on collection, use, storage, and disposal. based on ISO 27701
privacy information management system (PIMS)
alternative is ISMS
49
guide to understand, manage and rate risks found in an organization
NIST RMF (national institute of standards and technology risk management framework)
50
identify if a device has been opened
physical tamper seal
51
easy exploit of memory leak
DDoS. unused memory is not properly released, eventually leak uses all available memory, system crashes
52
a private network that only users within an org can access
intranet
53
hides sensitive data by hiding the info or replacing it with non sensitive alternative
obfuscation/data masking
54
encrypted data is drastically different than the plaintext
confusion
55
changing one character of the input will cause many characters to change in the output
diffusion
56
provides user with hardware to get up and running, end user is responsible for the OS, application and ongoing maintenance tasks
IaaS (infrastructure as a service)
57
requires end user purchase, install and maintain application hardware and software
private
58
provides building block of features and requires end user to customize/develop their own application from the available modules
PaaS (platform as a service)
59
1 physical hardware technology that can act like many
virtualization
60
abstract environments that share resources across the network
cloud computing
61
document record of evidence. documents interactions of every person who comes into contact with evidence
chain of custody
62
Use a different encryption key for every session
an encryption method that creates asymmetric encryption key pairs dynamically, uses them for the duration of the session, and then discards them.
perfect forward secrecy (PFS)
63
ensures author of document cannot be disputed
non-repudiation
64
technique preserving important evidence
legal hold
65
port commonly used for server communications
HTTPS 443
66
good for validating iP address of a device but not identifying on path attacks
DNSSEC (domain name system security extensions)
67
message digest algorithm, produces a 128 bit hash, can accidentally create more than one of the same hash
MD5
68
standard method of connecting devices to a wireless network without requiring a PSK or passphrase
WPS (wifi protected setup)
69
older wireless encryption all found to have cryptographic vulnerabilities
WEP (wired equivalent Privacy)
70
standard used for authentication using AAA (authentication, authorization and accounting) services. used in conjunction with LDAP, RADIUS or other auth service
802.1X
71
enhances the PSK (preshared key) authentication process by privately deriving session keys instead of sending the key hashes across the network
WPA3 (wifi protected access 3)
72
password based security protocol that enables 2 devices to establish a connection. used in WPA3 and IEEE 802.11s WLAN mesh networks. dictionary and brute force attacks do not work against it. based on dragonfly. password must match, each user gets their own pairwise transient keys (PTK) comes from 4 way handshake between WLAN client and auth sever
SAE (simultaneous authentication of equals)
73
replaces user data with non sensitive placeholder
tokenization
74
application aware security technology
NGFW (next gen firewall)
75
contract specifies minimum terms for provided service like uptime, response times and other service metrics
service level agreement
76
utility that can read and write data to the network using UDP or TCP. recon tool
Netcat
77
forensics tool view and recover data from storage devices
autopsy
78
third party storage drive imaging tool supports different drive types and encryption methods
FTK (forensic tool kit) Imager
79
an exploitation framework that can use known vulnerabilities to gain access to remote systems. performs pen tests and verifies existence of a vulnerability
metasploit
80
standard format and transfer mechanism for distributing security intelligence between different organization
automated indicator sharing (AIS)
81
mapping of IP addresses to local MAC addresses
address resolution protocol (ARP)
82
summary of hops betwen 2 devices
tracert
83
reverse lookup of the IPv4 address and determine the IP address block owner that may be responsible for this traffic
dig (domain info groper)
84
changes data to remove or replace identifiable info
anonymization
85
limits the amount of collected info to necessary data. usually part of HIPAA and GDPR (general data protection regulation)
minimization
86
allows an attacker to manipulate contents of memory
buffer overflow
87
protocol encrypts data that traverses the VPN
encapsulation security payload (ESP)
88
hash packet data for additional data integrity
authentication header (AH)
89
algorithm for 2 devices to create identical shared keys without transferring those keys across the network
diffie hellman
90
hashing algorithm and does not provide any data encryption. U.S. federal hash standard
SHA-2 (secure hash algorithm)
91
requires communication between client and CA that issued cert. if CA is external to organization, validations checks will communicate across the Internet. certificate holder can verify their own status and avoid client internet traffic by storing the status info on an internal server and "stapling" the ____ status into the SSL/TLS handshake
OCSP (online certificate status protocol)
92
used to increase network bandwidth between switches or devices
port aggregation
93
application crashes and potential denial of service
null pointer dereference
94
used to implement and manage security policies when working in a cloud based environment
CASB (cloud access security broker)
95
mirroring and striping. needs 4 drives and a disk controller
RAID 10
96
striped (segmented logically to different storage devices, no parity, high performance, 2 drives. not fault tolerant
RAID 0
97
3 drives, yes to striping (segmented logically across different storage devices), yes to parity (redundancy check, can restore data completely but doesn't need mirrored copy to do so.
RAID 5
98
maintains a mirror (duplicate of data across multiple drives), 2 disks minimum
RAID 1
99
uses a mobile phone as a communication medium to the internet and does not have any relationships to the apps that reinstalled on the mobile device
tethering
100
updates are commonly provided from the carrier and are not part of mobile app installations
OTA (over the air) updates
101
text messages that prompt to install an app will link to the app store version of the application
MMS install
102
jailbreaking the apple iOS
sideloading
103
focused on obtaining confidential government info or disrupting governmental operations
nation state
104
political statement to make
hacktivist
105
____ PIN was designed to have only 11,000 possible interactions, vulnerable to brute force if nothing against multiple guesses
WPS (wifi protected setup)
106
access and permissions are determined by the owner or originator of the files or resources
discretionary access control (DAC)
107
protocol combo method of centralizing authentication for users. authenticate with account info that is maintained in a centralized database
Routers, switches, firewalls, server authentication, remote VPN access, 802.1X network access. available on almost any server OS
RADIUS (remote authnetication dial in user service)
108
average time expected between outages
MTBF (mean time between failures)
109
time required to repair a product or system after failure
MTTR (mean time to repair)
110
define how much data loss would be acceptable during a recovery
RPO (recovery point objectives)
111
define the minimum objectives required to get up and running to a particular service level
RTO (recovery time objectives
112
control for network health check. allows what devices that can connect to network
NAC (network access/admission control)
113
highly secured device used to access secure areas of another network.
jump server
114
MSP
managed service provider
115
used to modify the source or destination IP address or port number of a network traffic flow
NAT (network address translation)
116
control mechanism for managing rights and permissions in an OS
RBAC (role based access control)
117
used for securing VOIP and media comm across network
SRTP (secure real time transport protocol)
118
uses encrypted comm to manage devices but it is not used for secure file transfers between devices
SNMPv3 (simple network management protocol)
119
vulnerability scanner that can help identify potential exploit vectors
nessus
120
scan for understanding potential exploit vectors of a device. discovers open ports, version of OS
nmap
121
displays connectivity info about device
netstat
122
decode protocol shows exploitation process and details about payloads used during attempt
wireshark
123
process of providing resources when demand increases and scaling down when demand is low
elasticity
124
process of automating the config, maintenance and operation of an application instance
orchestration
125
proving who you are
authentication
126
process assigns users to resource
authorization
127
provides a way to authenticate and authorize between 2 different org
document info regarding a user's session
128
cause users on a wireless network to constantly disconnect
wireless disassociation
129
separates the control plane of networking devices from the data plane. more automation and dynamic changes to infrastructure
SDN (software defined networking)
130
allows integration of many different service providers into a single management system. simplifies application management and deployment process when using separate cloud providers
service integration and management (SIAM)
131
allows comm between separate VMs
VM escape
132
application deployment architecture that uses a self contained group of application code and dependencies. many _____ run on a single system
containerization
133
provides security teams with integration and automation of processes and procedures
SOAR (security orchestration automation and response)
134
describes process of obtaining info from open sources like social media sites, corproate websites, online forums and other publicly available locations
OSINT (open source intelligence)
135
accountable for specific data, often senior officer of org.
data owner
136
responsible for org's data privacy. sets processes and procedures for maintaining the privacy of data
data protection officer (DPO)
137
manages access rights to the data.
data steward
138
often 3rd party that processes data on behalf of the data controller
data processor
139
data moving across network
data in transit
140
data on storage device
at rest
141
data in memory (CPU caches or registers) of a device
in use
142
most volatile first:
CPU registers
routing tables
temporary files
event logs
backup tapes
or:
CPU registers
routing tables
temporary file systems
SSD
true
143
framework for managing, protecting and securing an organization's information assets. based on ISO 27001 standard
road range of security controls, including access control, network security, incident management, and risk management
ISMS (information security management system)
