Practice Test 1 Flashcards
Packets with internal source addresses entering the network
Packets with internal source addresses should never originate from outside the network; block them
Packets with external source addresses leaving the network
Packets with external source addresses should never be found on the internal network; block from leaving the network
Packets with private IP addresses exiting the network
Private IP addresses should never be used on the internet; block from leaving the network
Packets with public IP addresses entering the network
Packets with public IP addresses will routinely be allowed to enter the network
CDN
content distribution network: provides reliable, low-latency, geographically distributed content distribution
Four functions of a forensic disk controller
Write blocking: intercepts write commands sent to the device and prevents them from modifying data on the device. Returning data requested by a read operation. Returning access-significant information from the device. Reporting errors from the device back to the forensic host.
RAID 1
Disk mirroring; requires two physical disks that will contain copies of the same data
TGS
ticket-granting service; receives and validates a TGT from the client, then issues a ticket and session keys to the client
KDC
Key distribution center; does not communicate directly with the client as part of Kerberos
AS
Authentication server forwards the username to the KDC
TGT
ticket-granting ticket; provided by the client to the TGS for validation and in return, receives user’s rights to access the service requested
breach of contract by a vendor to protect sensitive data
civil investigation; contract dispute.
Administrative investigation
for internal purposes and not applicable when a third party is being investigated
Criminal and regulatory investigation
initiated by those with regulatory authority, typically government agencies
Wave pattern motion detectors
Transmit ultrasonic or microwave signals into the monitor area, watching for changes in the returned signals bouncing off objects
Infrared head-based detectors
Watch for unusual heat patterns
Capacitance detectors
Work based upon electromagnetic fields
Stateful packet inspection firewall
Dynamic packet filtering firewalls; track the state of a conversation and allow a response from a remote system based on an internal system being allowed to start the communication
Static packet filtering and circuit-level gateways
Only filter based on source, destination, and ports
Application-level gateway firewalls
Proxy traffic for specific applications
captive portal
provides access control for customers using wifi without provisioning user IDs while also gathering useful contact info
Business devices on open (unencrypted) wireless network
Wireless routers can provide multiple SSIDs. Separate SSID using WPA3 to create a private, secure network that is firewalled or logically separated
Hijacking customer web traffic including usernames and passwords
Open networks are unencrypted; traffic easily sniffable
Guideline
best practices, not mandatory; general, not specific
Clipping
analysis technique that only reports alerts after they exceed a set threshold
RADIUS
common AAA tech used to provide services for dial-up, wireless networks
OAuth
authentication protocol used to allow applications to act on a user’s behalf without sharing the password and is used for web applications
XTACACS; TACACS+
AAA technology; authentication, authorization, and accounting server for wireless network services using Cisco proprietary protocols
Inference
attacker uses several pieces of generic nonsensitive information to determine a specific sensitive value
Salami slicing attack
attacker siphons off minute quantities of money many times to accumulate a large amount of funds
Data diddling attack
attacker alters the contents of a database
Take-Grant protection model
Take rule allows a subject to take the rights belonging to another object
Brute-force attack
attack tries every possible password; password attempts change by one letter at each attempt
Dictionary attack
Uses dictionary words for the attack
Man-in-the-middle or pass-the-hash
attacks would not be visible in an authentication log except as a successful login
Isolation
database transactions operate separately from each other
Atomicity
ensures that if any part of a database transaction fails, the entire transaction must be rolled back as if it never occurred
Consistency
ensures all transactions are consistent with the logical rules of the database, such as having a primary key
Durability
requires that once a transaction is committed to the database it must be preserved
ACID model
database properties; Atomicity, Isolation, Consistency, Durability
Worm
built-in propagation mechanisms that do not require user interaction, scanning for systems containing known vulnerabilities and then exploiting those vulnerabilities to gain access
Viruses and Trojan horses
Require user interaction to spread
Logic bomb
Lie in wait until certain conditions are met, triggering the delivery of their payload
HIPAA
Health Insurance Portability and Accountability Act; US law governing the healthcare sector that does provide for criminal penalties
FERPA
Family Educational Rights and Privacy Act; US law governing educational records that does not provide for criminal penalties
PCI DSS
Payment Card Industry Data Security Standard; industry standard for credit card operations and handling; it is not a law, so violations cannot incur criminal sanctions
SOX
Sarbanes-Oxley Act; governs publicly traded corporations and also provides for criminal penalties
TCP three-way handshake
- SYN (synchronize flagged packet) receives a response with a 2. SYN/ACK (synchronize and acknowledge flagged packet) and is acknowledged by the original sender with a 3. ACK (acknowledge packet)
RST
Used in TCP to reset a connection
PSH
Used to send data immediately
FIN
Used to end a connection
MDM capabilities
Mobile device management: manage device backups, enforce the use of encryption, and remotely wipe the contents of mobile devices
IDaaS
Identity as a service; provides an identity platform as a third party service. Provides integration with cloud services and removes overhead of traditional on-premises identity systems, but creates risk due to third-party control of identity services and reliance on off-site identity infrastructure
ISC2 Code of Ethics
Advance and protect the profession (do not publicly share the exam questions); Act honorably, honestly, justly, responsibly, and legally; Protect society; Provide diligent service to principals
ALE
annualized loss expectancy; the amount of damage the org expects to occur each year as the result of a given risk
Whitelisting
approach to application control; allows users to install only those software packages specifically approved by administrators (tightly controlled)
Denial of service
attack that denies legitimate users authorized access to the system through the use of overwhelming traffic
Compromise
attack where the attacker attempts to gain access to the system
Primary key
unique identifier in a database
PII
personally identifiable information; data that can be used to distinguish or trace that person’s identity and also includes information like their medical, education, financial, and employment information
PHI
personal health information
EDI
electronic data interchange
Proprietary
data used to maintain and organization’s competitive advantage
Public IP address
129.53.44.124; valid public IP address and legitimate destination for traffic leaving a network; 10.8.15.9 and 192.168.109.55 are both private IP addresses that should not be routed to the internet
Result of increasing length of cryptographic key by 8 bits
Increase size of the keyspace; binary keyspaces contain a number of keys equal to 2 raised to the power of the number of bits. 2 to the eighth power is 256, so the keyspace will increase by a factor of 256
Types of data assets disposed by shredding
Traditional office shredding for paper records and credit cards; Industrial shredders for equipment including removable media and hard drives
Risk Mitigation Strategy
Reduces the probability of the risk (encryption reduces probability the data will be successfully stolen)
Risk avoidance
Avoid the risk (delete sensitive files and do not store them)
Risk transference
Purchase cyber-liability insurance
Risk Acceptance
Taking no action on a risk
Sampling
Should be done on a truly randomly to avoid human bias and on a sample of a sufficient size to provide effective coverage of the userbase
Involuntary termination under adverse circumstances
User is being fired and may have a negative and potentially hostile reaction. Important to terminate access immediately upon the user being informed of the termination. Terminating access prior to notification may tip the user off to the termination in advance. Leaving access privileges available after termination poses a risk of malicious insider activity
Application log from an HTTP server
Log file with HTTP requests, evidenced by GET commands
CVSS
Common Vulnerability Scoring System; standardized approach to rating the severity of vulnerabilities
STRIDE and ATT&CK
models used to classify the nature, not the severity, of threats
PASTA
model designed to help with countermeasure selection
Social engineering
Exploits humans to allow attacks to succeed; typically target help-desk employees posing as legitimate employees
Trojans
type of malware
Phishing
targeted attack via electronic communication methods intended to capture passwords or other sensitive data
Whaling
type of phishing aimed at high-profile or important targets
Supply Chain Risk to equipment
Interception and tampering of devices in transit from vendor to organization
Single-level security environment
Classify information systems with the highest classification of information they are ever expected to process
Availability of authentication services is the priority
Identity platform should be hybrid to provide services both in the cloud and on-premises, ensuring service outages due to interrupted links are minimized
On-site authentication service
Would continue to work during an internet outage but would not allow the e-commerce website to authenticate
Cloud authentication service
Would leave the corporate location offline during an outage
Federation
Links identity information between organizations. Federating with a business partner allows identification and authorization to occur between them
Single sign-on
Reduces the number of times a user has to log in but does not facilitate the sharing of identity information
MFA
Multifactor authentication secures authentication but does not help integrate with a third party
SAML
Security Assertion Markup Language (SAML) used to integrate cloud services and provides ability to make authentication and authorization assertions
SPML
Service Provisioning Markup Language (SPML) used to provision users, resources, and services
Rainbow tables
precomputed password hashes to conduct cracking attacks against password files. frustrated by use of salting
Salting
Adds a specified value to the password prior to hashing, making it much more difficult to perform precomputation
Honeypot
decoy computer system used to bait intruders into attacking
Honeynet
a network of multiple honeypots that creates a more sophisticated environment for intruders to explore
Pseudoflaw
False vulnerability in a system that may attract an attacker
Darknet
segment of unused network address space that should have no network activity and may be easily used to monitor for illicit activity
FAR
false acceptance rate; rate at which the system inadvertently admits an unauthorized user
FRR
false rejection rate; rate at which the system inadvertently rejects an authorized user
CER
crossover error rate; point where both the false acceptance rate and the false rejection rate cross; less subject to manipulation and thus the best metric to use for evaluating systems
Steganography
the art of using cryptographic techniques to embed secret messages within other content. algorithms make invisible alterations to files by modifying the least significant bits of the many bits that make up image files
VPN
Virtual Private Network; provide protection in transit
Watermarking
embed information in an image with the intent of protecting intellectual property
JavaScript
interpreted language so the code is not compiled prior to execution; code is human-readable in its final form allowing for inspection of the content
C, C++, Java
compiled languages; compiler produces an executable file that is not human-readable
Shadow passwords in an /etc/passwd file
password field contains x; no password in plaintext, encrypted, or hashed form
EOL
end-of-life date for a product is normally the date the vendor will stop selling a product
EOS
end-of-support; date the vendor will stop supporting the product
Due Care
Principle states that an individual should react in a situation using the same level of care that would be expected from any reasonable person
Due Diligence
Principle is a more specific component of due care that states that an individual assigned a responsibility should exercise due care to complete it accurately and in a timely manner
Least Privilege
Principle states an individual should have the minimum set of permissions necessary to carry out their work
