Misc Flashcards
What sanitization technique uses only logical techniques to remove data, such as overwriting a hard drive with a random series of ones and zeroes? Purge or clear?
Clear - applies logical techniques to sanitize data in all user-addressable storage locations for protection against simple non-invasive data recovery techniques.
What solution would be used to identify rogue devices on a wired network?
Router and switch based MAC reporting
What type of access control provides the strongest level of protection?
MAC mandatory access control
What is ARP poisoning?
When attacker exploits the IP address to MAC resolution in a network to steal, modify or redirect frames within the LAN
Explain ARP protocol
Protocol that maps IP address to a physical MAC address
What is AUP?
Acceptable Use Policy - A type of document stipulating rules of behavior to be followed by users of computers, networks, and associated resources
What is the extension for a powershell script file?
.ps1
What is the extension for a Unix based script file?
sh
What is Shadow IT?
software and hardware used within an organization, but outside of the organization’s official IT infrastructure.
What enables running macros in Microsoft Office applications?
VBA
What are the two main vulnerability databases?
NVD (National Vulnerability Database), CVE (Common Vulnerabilities and Exposures)
What is SOAR?
Security orchestration, automation and response - software that automatically responds to security incidents
Security orchestration, automation and response, or
CVSS - Common Vulnerability Scoring System
A type of formal document that describes the specifications for a particular technology is known as:
RFC
dedicated local network consisting of devices providing data access is called:
SAN storage area network
What is trusted foundry?
microprocessor manufacturing utility that is part of a trusted supply chain. Developed by US military
What is ROT?
Root of Trust - used to scan boot metrics and OS files to verify their signatures.
Digital certificate embedded inside processor/firmware
Basically making sure your system trusts it’s components upon boot
What is a TPM?
Trust platform module - specification for hardware based digital certificates, keys, hashed passwords and other platform identification info
Allows for secure boot
What is HSM?
Hardware security module - appliance for generating encryption keys that is less susceptible to tampering and insider threats than software based solutions
Difference between honeypots and honey nets
honeypots deal with a single computer whereas a honeynet deals with a group of computers, servers network etc
What is TPM?
Trusted Platform Module - secure cryptoprocessor, a dedicated microcontroller designed to secure hardware through integrated cryptographic keys
What is a specification for SED’s?
Opal
What is SED?
Self Encrypting Drive - data storage device equipped with hardware-level encryption functionality
What is FDE?
Full Disk Encryption - software technology designed to provide confidentiality for an entire data storage device is known as
Difference between VM sprawl and VM escape?
VM escape occurs when the attacker can access the host system whereas VM sprawl occurs when an organization has many VMs that aren’t managed properly.
What is the primary difference between EAP FAST and PEAP?
EAP Fast uses a protected access credential PAC (shared secret) whereas PEAP uses a digital certificate (on the server side - client does not need certificate)
What is a BPDU Guard?
Bridge Protocol Data Unit Guard - designed to protect against network loops
Which regulatory framework are data retention policies most relevant to?
SOX
What can Dynamic Resource Allocation help mitigate?
DDOS attacks
A cisco proprietary network monitoring protocol?
Netflow
What do captive portals use to authenticate?
802.1x / RADIUS
