Module 1: Essential Knowledge Flashcards
Level 1 - OSI
Physical
Level 2 - OSI
Data Link
Level 3 - OSI
Network
Level 4 - OSI
Transport
Level 5 - OSI
Session
Level 6 - OSI
Presentation
Level 7 - OSI
Application
Level 1 - PDU
Bits
Level 2 - PDU
Frame
Level 3 - PDU
Packet
Level 4 - PDU
Segment
Level 5 PDU -
Data
Level 6 - PDU
Data
Level 7 - PDU
Data
Level 1 - TCP/IP
Application
Level 2 - TCP/IP
Transport
Level 3 - TCP/IP
Internet/Network
Level 4 - TCP/IP
Network Access/ Interface
TCP/IP Handshake
Ack
Syn Ack
Ack
1st Stage - Hacking
Reconnaissance
2nd Stage - Hacking
Scanning + Enumeration
3rd Stage - Hacking
Gaining Access
4th Stage - Hacking
Maintaining Access
5th Stage - Hacking
Covering Tracks
2 Types of Access Control
MAC & DAC
Security Triangle?
Security, Functionality & Usability
1st Stage of Risk Management
Risk Identification
2nd Stage of Risk Management
Risk Assessment
3rd Stage of Risk Management
Risk Treatment
4th Stage of Risk Management
Risk Tracking
5th Stage of Risk Management
Risk Review
3 types of security controls
- Physical
- Technical
- Administrative
3 other types of security controls
- Preventative
- Detective
- Corrective
What is BIA
Business Impact Analysis
What is MTD
Maximum Tolerable Downtime
What is BCP
Business Continuity Plan
What is DRP
Disaster Recovery Plan
3 Pillars of IT security
Confidentiality, Integrity, Availablility
Stage 1 of Pen Testing
Preparation Phase
Stage 2 of Pen Testing
Assessment Phase
Stage 3 of Pen Testing
Conclusion Phase
What is Black Box Testing
The pen tester has NO knowledge of the ToE. Simulates an outside attacker
What is White Box Testing
Opposite of Black Box Testing
What is Grey Box Testing
similar to white box testing, but the Ethical Hacker mimics that of an insider. The goal is to get privilege escalation.