Random Stuff I need to learn

Question 1

PAP

Answer 1

Password Authentication Protocol (PAP) - Username and password

Question 2

TCP & UDP

Answer 2

Transmission Control Protocol & User Datagram Protocol
Layer 4

Enables different types of data transmission from a network source to the destination. TCP is more reliable, while UDP prioritizes speed and efficiency

Question 3

ICMP

Answer 3

Internet Control Message Protocol

Error-reporting protocol that network devices such as routers use to generate error messages to the source IP address when network problems prevent delivery of IP packets

Reports on network congestion and reachability. Utilities such as ping and tracert use ICMP as their transport mechanism

NOT a transport protocol

Question 4

Server Clusters

Answer 4

Server clusters include two or more servers working together to offer services

Question 5

NAT

Answer 5

Network Address Translation

Used in routers. Maps multiple local private addresses to a public one before transferring the information

Translate a set of IP addresses to another set of IP addresses

Question 6

RAID 0

Answer 6

Provides data STRIPING across multiple disks to increase performance. Focused on speed and performance. Atleast 2 hard drives

Question 7

RAID 1

Answer 7

Provides redundancy by MIRRORING the data identically to 2 hard drives. Atleast 2 hard drives

Question 8

RAID 5

Answer 8

Provides redundancy by STRIPING data and PARITY data across the disk drives. Requires at least of 3 disk drives

Question 9

RAID 6

Answer 9

Provides redundancy by STRIPING and DOUBLE PARITY data across the disk drives. Requires at least 4 hard disks

Question 10

RAID 10

Answer 10

Creates a striped RAID of two mirrored RAIDs (combines RAID 1 & RAID 0)

Question 11

Bluejacking

Answer 11

The sending of unsolicited messages to Bluetooth enabled devices (sends info)

Question 12

Bluesnarfing

Answer 12

Unauthorized access of info from a wireless device over Bluetooth (takes info)

Question 13

XSS/CSS

Answer 13

Cross-Site Scripting

When malicious code is inserted into the website

Question 14

XSRF/CSRF

Answer 14

Cross-Site Reference Forgery

When an attacker forces a user to execute actions on a web server that they are already authenticated (logged into)

Question 15

Daemons

Answer 15

Computer program that runs as a background process, rather than being under the direct control of an interactive user

Question 16

SCADA

Answer 16

Supervisory Control and Data Acquisition - Type of ICS (Industrial Control System) that manages large-scale, multi-site devices and equipment spread over a geographic region.

Commonly used in manufacturing companies

Question 17

SNMP

Answer 17

Simple Network Management Protocol - A TCP protocol that aids in monitoring network attached devices and computers

Provides info about memory & CPU usage and other device details. Port 161 UDP

Question 18

Data Sovereignty

Answer 18

The legal concept that says data is subject to the laws of the country where it is stored

Applicable laws and regulations based on the physical location of digital data.

Question 19

Legal Hold

Answer 19

Process designed to preserve all relevant information when litigation (lawsuit) is reasonably expected to occur

The legally required implementation of evidence preservation

Question 20

Chain of Custody

Answer 20

Requires evidence to be gathered in a legal manner, documented, and securely stored at all time

The process of handling evidence so that it is admissible in court. Evidence should be labeled, locked away when not in use, and if it is transferred to someone else it needs to be documented who and when.

Chain of custody forms list every person who’s worked with or who has touched the evidence that is a part of an investigation

Question 21

PKI

Answer 21

Public Key Infrastructure

A group of technologies used to request, create, manage, store, distribute, and revoke digital certificates. Allows users to communicate securely without personally knowing one another

Governs the issuance of digital certificates to protect sensitive data, provide unique digital identities for users, devices and applications and secure end-to-end communications

A hierarchy of digital security certificates

Entire system of hardware, software, policies, procedures, and people that is based on asymmetric encryption

Question 22

Logic Bomb

Answer 22

Malicious code that is embedded into a system and may only be activated when certain conditions are met, like timers or system events

Question 23

Smash the Stack

Answer 23

Occurs when an attacker fills up the buffer with NOP so that the return address may hit a NOP and continue on until it finds the attacker’s code to run

Question 24

RPs

Answer 24

Provide services to members of a federation

Question 25

What happens during reconnaissance?

Answer 25

Testers will look for info about an organization such as domain names and email addresses.

Question 26

Retinal scan

Answer 26

Takes several photos of the back of your eye, visualizing your retina, optic disc, and blood vessels

Question 27

Iris Scan

Answer 27

Rely on the matching of patterns on the surface of the eye using near-infrared imaging, and is less intrusive than retinal scanning (the subject can continue to wear glasses, for instance) and much quicker

Much less likely to be affected by diseases

Question 28

IMAP

Answer 28

Internet Message Access Protocol (IMAP) - TCP/IP application protocol that provides a means for a client to ACCESS EMAIL messages stored in a mailbox on a remote server using TCP

Port 143

Question 29

User and entity behavior analytics (UEBA)

Answer 29

System that can provide automated identification of suspicious activity by user accounts and computer hosts

Question 30

Cognitive Password

Answer 30

Form of knowledge-based authentication that requires a user to answer a question, presumably something they intrinsically know, to verify their identity.

If you post a lot of personal info about yourself online, this password type can easily be bypassed

Question 31

DaaS/VDI

Answer 31

Desktop as a Service - provides a full virtualized desktop environment from within a cloud-based service. Also known as VDI (Virtualized Desktop Infrastructure)

Virtualization implementation that separates the personal computing environment from a user’s physical computer

*ShadowPC

Question 32

Pharming

Answer 32

Attack intended to redirect a website’s traffic to another, fake site by installing a malicious program on the computer.

Can be conducted either by changing the hosts file on a victim’s computer or by exploitation of a vulnerability in DNS server software

Occurs when an attacker attempts to obtain personal or private information through domain spoofing or poisoning a DNS server

Question 33

Rogue anti-virus

Answer 33

Form of malicious software and internet fraud that misleads users into believing there is a virus on their computer and to pay money for a fake malware removal tool (that actually introduces malware to the computer)

Question 34

OCSP

Answer 34

Status of certificates…provides validity such as good, revoked

Question 35

Virtual Switch

Answer 35

Software application that allows communication between virtual machines

Question 36

Enumeration

Answer 36

Process of extracting usernames, machine names, network resources, shares, and services from a system

Question 37

CSR (certificate signing request)

Answer 37

What is submitted to the CA (certificate authority) to request a digital certificate

Question 38

ARP

Answer 38

Address Resolution Protocol
Layer 2 protocol used to map MAC addresses to IP addresses

Procedure for mapping a dynamic IP address to a permanent physical machine address in a local area network (LAN)

Protocol that enables network communications to reach a specific device on the network.

Question 39

SIP traffic

Answer 39

Used for initiating, maintaining, and terminating communication sessions that include voice, video and messaging applications

Voice and video..VoIP

Question 40

In Linux, what command shows the first 10 entries in a text-based application log file?

Answer 40

head

Question 41

In Linux, what command shows the last 10 entries in a text-based application log file?

Answer 41

tail

Question 42

Implicit Deny

Answer 42

Traffic is denied the ability to enter or leave the network because there’s no specific rule that allows it

All access to a resource should be denied by default and only allowed when it’s explicitly stated

When a user or group are not granted a specific permission in the security settings of an object, but they are not explicitly denied either

Question 43

Explicit Deny

Answer 43

Traffic is denied the ability to enter or leave the network because there’s an ACL rule the specifically denies it

Question 44

Smurf attack

Answer 44

Uses a single ping with a spoofed source address sent to the broadcast address of a network. This causes every device within the network to receive a single ping, which appears to come from the device with the spoofed source address.

Form of DDoS attack

Question 45

Explicit Allow

Answer 45

Traffic is allowed to enter or leave the network because there’s an ACL rule that specifically allows it

Question 46

Security Logs

Answer 46

Shows auditing entries related to activities such as logon attempts or file access

Logs the events such as successful and unsuccessful user logons to the system

Question 47

Application Logs

Answer 47

Logs the events for the operating system and third-party applications

File that contains info about events that have occurred within a software application

Question 48

Event Log

Answer 48

File containing records of event data

Records events from various sources and stores them

Question 49

Access Log

Answer 49

Contains detailed information about each request made to the serve

Contains a list of each of the files accessed on a server

Question 50

Steganography

Answer 50

Technique of hiding secret data within an ordinary, non-secret, file or message in order to avoid detection;

Question 51

IaaS

Answer 51

Infrastructure as a Service

Model that provides the user with the hardware needed to get up and running, the end user is responsible for the operating system, the application, and any ongoing maintenance tasks

3rd party provides you with infrastructure services, like storage and virtualization, as you need them, via a cloud, through the internet

Allow organizations to manage their business resources — such as their network, servers, and data storage — on the cloud

Focused on moving your servers and computers into the cloud

Question 52

PaaS

Answer 52

Provider hosts the hardware and software on its own infrastructure and delivers this platform to the user as an integrated solution, solution stack, or service through an internet connection.

Provides that platform for software developers to create, allowing them to concentrate on the software itself instead of any external issues

Allow businesses/developers to host, build, and deploy application

Question 53

Saas

Answer 53

Software as a Service

Provides an entire application that is managed by a provider, via a web browser

Question 54

DHCP

Answer 54

Dynamic Host Configuration Protocol

Used to dynamically assign IP addresses

Assigns IP addresses and other configurations to devices when they connect to a network

Port 67

Question 55

FACT: Wifi Channels can be changed

Question 56

Hashes vs Encryption

Answer 56

Hashes provide assurances of messages authenticity and integrity. Hashes ensure original dada hasn’t been changed

Encryption provides confidentiality not integrity

Question 57

Blowfish

Answer 57

Symmetric. Block cipher

Question 58

RC4

Answer 58

Symmetric. Stream cipher

Question 59

MD5

Answer 59

Hashing algorithm, neither symmetric or asymmetric

Question 60

RSA

Answer 60

Asymmetric

Question 61

Wireshark

Answer 61

Open source packet capturing and analysis tool.

Question 62

chmod

Answer 62

Linux command…used to manipulate system permissions

Change/modify file system permissions

Question 63

nmap

Answer 63

Network reconnaissance and assessment tool used to scan hosts for open network service port

Network scanner that discovers hosts and services on a computer network by sending packets and analyzing the responses

Port scanner commonly used for host discovery and service identification

Question 64

nslookup

Answer 64

Name server lookup. Used to troubleshoot DNS problems. Name resolution

Question 65

Proxy Server…4 types?

Answer 65

A device that acts as a middle man between a device and a remote server.

4 types: IP proxy, caching proxy, internet content filter & web security gateway

Helps prevent an attacker from invading a private network and is one of several tools used to build a firewall

A system or router that provides a gateway between users and the internet. Therefore, it helps prevent cyber attackers from entering a private network

Process requests on another network device’s behalf

Question 66

Identity federation

Answer 66

Uses security tokens generated by a trusted identity source to allow access to resources such as websites

Single identity is created for a user and shared with all of the organizations in a federation

System of trust between two parties for the purpose of authenticating users and conveying information needed to authorize their access to resources.

Question 67

Quantitative Risk Analysis

Answer 67

Identifies assets and risks and uses calculations such as ALE (annual loss expectancy) to prioritize and budget funds to manage these risks.

Uses numerical and monetary values to calculate risk

Requires detailed financial data, complex calculations and is time consuming.

Uses exact numbers

Question 68

Qualitive Risk Analysis

Answer 68

One that uses judgment to determine potential losses if an incident occurs. Values cannot be ascertained with precision. They can include damages to reputation or brand image

Subjective and requires expertise on systems and infrastructure. Cheaper and faster

Categorizes things based on the likelihood and impact of a given incident using non-numerical terms, such as high, medium, and low.

Question 69

ALE

Answer 69

Annual Lost Expectancy - Expected cost of a realized threat of a year.
ALE = SLE x ARO

Question 70

ARO

Answer 70

Annual Rate of Occurrence - The likelihood of a failure in a year

Question 71

Kerberos

Answer 71

Authentication protocol that grants tickets to authenticated entities. Port 88

Ticket Based Authentication

Question 72

CHAP

Answer 72

Challenge Handshake Authentication Protocol - Uses shared secret (typically user credentials) known by both ends of a connection. The secret is hashed

Question 73

SOC 2 Type 1

Answer 73

System & Organization Controls reporting (Auditing)

Audits design and implementation of controls at a single point in time. The auditor will review evidence from your systems as it exists at a particular “moment in time”

Assesses the design of security processes at a specific point in time

Question 74

SOC 2 Type 2

Answer 74

System & Organization Controls reporting (Auditing)

Documents operation efficiency of IT systems within a specific time frame

Assesses the design of security processes over time…(6 months)

Question 75

Public Keys

Answer 75

Often used to encrypt user files directly…or to generate file encryption keys, then encrypt files. Keys can be stored in a protected file on a disk or on a smart card

Can be used to encrypt data and verify digital signatures.

Question 76

Private Keys

Answer 76

Can be used to decrypt data and create digital signatures.

Question 77

Session Keys

Answer 77

Generally symmetric, the same key is used for encryption and decryption

Question 78

NIC

Answer 78

Network Interface Cards - Hardware component that allows computer to connect to a network

Question 79

Full Backup

Answer 79

Archives all data even if it hasn’t changes since the last full backup. Requires more storage and time to perform but the restoration is the quickest since its a single backup set

Question 80

Differential Backup

Answer 80

Backs up anything that has changed since the last full backup

Minimize backup time but take longer to restore than full backups

Question 81

Incremental Backup

Answer 81

Starts with a full backup. Backs up anything that has changed since the last full or incremental backup

Minimize backup time but take longer to restore than full backups

Question 82

SYN flood

Answer 82

Variant of a Denial of Service (DOS) attack where the attacker initiates multiple TCP sessions but never completes the 3-way handshake. This uses up resources on the server since it cannot complete the handshake and keeps resources reserved for the attacker’s computer while it awaits the handshake’s completion

Question 83

What are the 7 Layers of the OSI Model?

Answer 83

Conceptual framework used to describe the functions of a networking system

Bottom 1. Physical Please
2. Data Link Do
3. Network Not
4. Transport Throw
5. Session Sausage
6. Presentation Pizza
Top 7. Application Away

All People Seem To Need Data Processing

Question 84

Host Base firewalls

Answer 84

Monitors traffic coming into and leaving a computer

Protects a single computer form unwanted internet traffic

Question 85

Linux cat command

Answer 85

Used to view contents of text files

Used to concatenate (join) files and print on the standard output
catfile1.txt

Question 86

Linux chmod command

Answer 86

Used to manipulate Linux file system permissions

Used to change/modify file system permissions

Question 87

Linux grep commmand

Answer 87

Line filtering.
Searches a file for a particular pattern of characters, and displays all lines that contain that pattern

Used to print lines that match patterns.

Question 88

head command

Answer 88

Used to display beginning lines from a text file

Question 89

IP header

Answer 89

Header information at the beginning of an Internet Protocol (IP) packet

Contains the source IP address and the TTL (time-to-live) value

Question 90

BTU value

Answer 90

British Thermal Units

Measures thermal energy (heat).

Your server room AC must be able to displace the BTUs generated by your computing equipment; otherwise, the server room will be much too warm for your equipment.

Question 91

BitLocker

Answer 91

Windows software that allows you to encrypt files

Question 92

tcpdump

Answer 92

Linux command line tool

Used to capture network traffic

Command line tool that allows you to capture and analyze network traffic going through your system

Question 93

P2P Network

Answer 93

Peer-to-Peer Network

Network created whenever two or more devices/computers are connected and share the same resources

Vulnerable to Trojans and spyware

Question 94

dd command

Answer 94

Linux command that can be used to create an exact copy of a disk volume, while leaving the original disk volume intact

Command line utility used to copy disk images using a bit by bit copying process

Question 95

nslookup

Answer 95

Used to test DNS server connectivity and name resolution

Question 96

SMTP

Answer 96

Used to send email over internet
Port 25

Question 97

SSID

Answer 97

Service Set Identifier.
The name of a wireless network

*When not broadcasted the wireless network is not visible when you’re scanning for wireless networks

Question 98

Business Impact Analysis (BIA)

Answer 98

Studies the impact that an incident presents to a business.

Question 99

PowerShell

Answer 99

A cross-platform task automation and configuration management framework

Uses a verb-noun type of syntax and is used by network administrators to manage computers

“Get-Service | Where{$_.status –eq “Running”}”

taskautomation and configuration management program

Question 100

SNMP

Answer 100

Simple Network Management Protocol
Industry standard for managing and monitoring printers, servers, workstations, routers, switches, IP phones, and so on

A TCP protocol that aids in monitoring network attached devices and computers

Port 161

Question 101

SNMPv3

Answer 101

Simple Network Management Protocol version 3

Provides Encryption and interity functionality

Exchanges management data…port 161

Question 102

SMTP

Answer 102

Simple Mail Transfer Protocol - transmits Internet e-mail messages to other SMTP hosts and can be configured to encrypt the transmission.

Port 25

Question 103

Fuzzing

Answer 103

Sample/random data is passed to the application to test its security and functionality

Question 104

A5

Answer 104

Symmetric. Stream Cipher

Question 105

Layer 1 (OSI Model)

Answer 105

Physical layer -Responsible for the physical cable or wireless connection between network nodes

Question 106

Layer 2 (OSI Model)

Answer 106

Data Link Layer - provides node-to-node data transfer (between two directly connected nodes), and also handles error correction from the physical layer.

Media Access Control (MAC) layer and the Logical Link Control (LLC) layer. In the networking world, most switches operate at Layer 2

Question 107

Layer 3 (OSI Model)

Answer 107

Network Layer - Responsible for packet forwarding, including routing through different routers. You might know that your Boston computer wants to connect to a server in California, but there are millions of different paths to take. Routers at this layer help do this efficiently

Deals with IP addresses and routing

Question 108

Layer 4 (OSI Model)

Answer 108

Transfer layer -deals with the coordination of the data transfer between end systems and hosts. How much data to send, at what rate, where it goes, etc

Deals with TCP and UDP details including port numbers,

Question 109

Layer 5 (OSI Model)

Answer 109

Session layer - creates communication channels, called sessions, between devices. Responsible for opening sessions, ensuring they remain open and functional while data is being transferred, and closing them when communication ends

When 2 computers or other networked devices need to speak with one another, a session needs to be created. Functions at this layer involve setup, coordination (how long should a system wait for a response) and termination between the applications at each end of the session

Question 110

Layer 6 (OSI Model)

Answer 110

Presentation layer - prepares data for the application layer. Defines how 2 devices should encode, encrypt, and compress data so it is received correctly on the other end

Presents data for the application or the network.
Example of this is encryption and decryption of data for secure transmission

Question 111

Layer 7 (OSI Model)

Answer 111

Application layer - specific functionality, such as a web browser connecting to a specific URL.

Layer that is the “closest to the end user”. It receives info directly from users and displays incoming data to the user.

Used by end-user software such as web browsers and email clients. Provides protocols that allow software to send and receive info and present meaningful data to users.

Application layer protocols are the HTTP, FTP, POP, SMTP, & DNS

Question 112

Symmetric Encryption

Answer 112

When the same key is used to encrypt and decrypt

Shared key

Question 113

Asymmetric Encryption

Answer 113

Uses one key to encrypt and a second key to decrypt.

2 Seperate Keys

Question 114

DLP

Answer 114

Data Loss Prevention - Monitors the data of a system while in use, in transit, or at rest to detect attempts to steal the data.
Can used to help identify insider threats

Can ensure blaock and monitor data transfers to unauthorized locations. Ensures that private data stays private

Question 115

TLS

Answer 115

Transport Layer Security - Network security protocol commonly used to secure web application connections using HTTPS

Cryptographic protocol designed to provide communications security over a computer network

Port 443

Question 116

Exploit

Answer 116

Takes advantage of a vulnerability

Question 117

DRP

Answer 117

Disaster Recovery Plan

Question 118

DHCP

Answer 118

Dynamic Host Configuration Protocol - Used to dynamically assign IP addresses. It will also assign subnet masks, default gateways, etc.

Automatically provides and assigns IP addresses, default gateways and other network parameters to client devices

Port 67

Question 119

Host-based firewalls

Answer 119

Firewall on a host computer. Monitors traffic going through the host network

Can protect the remote users’ computers from network attacks originating from their internet connection

Question 120

Attack Surface

Answer 120

An aspect of your software application that’s vulnerable for an attacker to exploit

Ex. Open port, or a running network service

Question 121

Virtual Private Cloud (VPC)

Answer 121

Can run a public facing application but still maintain a private back end with servers that aren’t publicly accessible

Question 122

Network Access Translation (NAT)

Answer 122

Designed for IP address conservation. It enables private IP networks that use unregistered IP addresses to connect to the Internet.

Used in routers to translate private internal IP addresses to routable public addresses

Conserves the number of public addresses used within an organization

Question 123

Runbook

Answer 123

Part of SOAR. Set of rules that can be largely automated

Question 124

Playbook

Answer 124

Part of SOAR. Lists step-by-step actions that need to occur within the SOAR process. Actions are typically performed by humans

Question 125

SSH

Answer 125

Secure Shell, Port 22. Provides encrypted remote access channel to a host system

Encrypted Tunnel

Question 126

DNS

Answer 126

Domain Name Service, Port 53.

Question 127

HTTPS

Answer 127

Provides encrypted web connection to the router

Secure web communication using SSL/TLS

Port 443

Question 128

CIS Controls

Answer 128

Center for Internet Security. AKA Top 20 controls. Top 20 control groups

Question 129

Job Rotation

Answer 129

Ensures that no employee retains the same amount of access control for a responsibility for more than a given period

Question 130

Serparation of Duties

Answer 130

Policy that ensures that one single individual isn’t tasked with high-security and high-risk responsibilities.

Critical responsibilities are separated between several users to prevent corruption and errors.

Question 131

IPFIX

Answer 131

IP Flow Information Export

Common representation of flow data and a standard means of communicating, as required for transmitting traffic flow information over a network for collection

Groups traffic into flows to then send on to a centralized collection point. IPFIX is based on NetFlow v9.

Question 132

Link-Level Security

Answer 132

Authenticates the actual communications link before data transmission begins. Data encryption can also be performed in this mode after the link is authenticated.

Question 133

CRL

Answer 133

Certificate Revocation Lists - Where revoked certificate serial numbers are stored

Question 134

Embedded Systems

Answer 134

Include gaming systems, printers, appliances, in-vehicle systems, medical devices, cameras, home automation, and HVAC (heating, ventilating, and air conditioning) controls that are network enabled, and sometimes Internet connected, for remote access

Combination of computer hardware and software designed for a specific function. Embedded systems may also function within a larger system

Question 135

Blockchains

Answer 135

Publicly accessible ledgers that record online transactions, based on peer-to-peer technology.

A party initiates a block, which is then verified by all the distributed systems and added to the chain (or rejected if not verified). Difficult to cheat the system. Generally, the larger the blockchain, the safer

Question 136

Protocol analyzer

Answer 136

Sometimes called sniffers…capture network traffic allowing administrators to view and analyze individual packets

to examine the network packets sent from the web server to the database server. Through detailed analysis, you can discover which of the requests is sending malformed data and thus causing your database server to crash.

Question 137

RTO

Answer 137

Recovery Time Objectives - Maximum amount of time that is considered tolerable for a service/function to be unavailable

Represents the amount of time it takes to identify that there is a problem and then perform recovery the

Timeframe following a disaster that an individual IT system may remain offline

Question 138

RPO

Answer 138

Recovery Point Objectives - Maximum acceptable amount of lost data because of an outage

The amount of data loss that a system can sustain, measured in time.

*An RPO of 24 hours means that the data can be recovered (from a backup copy) to a point not more than 24 hours before the database was infected

Question 139

MTBF

Answer 139

Mean Time Between Failures - Average length of time a specific device is expected to work until it fails

Question 140

MTTR

Answer 140

Mean Time To Repair - The average length of time from the moment a component fails until it is repaired

Question 141

Vitualization

Answer 141

The creation of a virtual version of something, such as an operating system (OS), a server, a storage device or network resources. Uses software that simulates hardware functionality to create a virtual system

*You can run different websites on a separate virtual machine (VM) running on the same hardware platform. You can run several VMs on one system, and each VM is isolated from the others, thus preventing security issues with one website from affecting other websites

Question 142

Cain and Abel (AKA Cain)

Answer 142

Password cracking tool

Question 143

Ping/Ping Sweep

Answer 143

Ping command is used to ping a single host device to identify its existence…Ping Sweep helps to ping multiple IP addresses simultaneously

Can show which network clients are active and responding to requests

Question 144

SPF

Answer 144

Sender Policy Framework (SPF) - an email authentication method designed to detect forging sender addresses during email delivery

Question 145

IP Fragmentation

Answer 145

Common form of DDos Attacks

Question 146

Microsoft Endpoint Configuration Manager (MECM)

Answer 146

Microsoft Endpoint Configuration Manager (MECM) - provides remote control patch management, software distribution, operating system deployment, network access protection, and hardward/software inventory.

Question 147

SYN flood attack (DoS)

Answer 147

Repeatedly sends initial connection request (SYN) packets…the attacker is able to overwhelm all available ports on a targeted server machine, causing the targeted device to be overwhelmed

Question 148

Reverse Proxy

Answer 148

Server that sits in front of one or more web servers intercepting requests from clients

Sits in front of an origin server and ensures that no client ever communicates directly with that origin server

Accepts a request from a client, forwards the request to another one of many other servers, and returns the results from the server that actually processed the request to the client as if the proxy server had processed the request itself.

Reverse Proxy: //www.cloudflare.com/img/learning/cdn/glossary/reverse-proxy/reverse-proxy-flow.svg

Proxy (Forward): https://www.cloudflare.com/img/learning/cdn/glossary/reverse-proxy/forward-proxy-flow.svg

Question 149

Web Proxy (Forward Proxy)

Answer 149

Server that sits in front of a group of client machines. When those computers make requests to sites and services on the Internet, the proxy server intercepts those requests and then communicates with web servers on behalf of those clients, like a middleman

Sits in front of a user and acts as a mediator between users and the web servers they access. User’s request goes through the forward proxy first and then reaches the web page. Once the data from the internet is retrieved, it is sent to the proxy server, redirecting it back to the requester. *From the perspective of the internet server, the request is made by the proxy server itself and not the user

Reverse Proxy: //www.cloudflare.com/img/learning/cdn/glossary/reverse-proxy/reverse-proxy-flow.svg

Proxy (Forward): https://www.cloudflare.com/img/learning/cdn/glossary/reverse-proxy/forward-proxy-flow.svg

Question 150

FISMA

Answer 150

Federal Information Security Management Act - United States federal law that defines a comprehensive framework to protect government information, operations, and assets against natural or human-made threats. FISMA requires that government agencies and other organizations that operate systems on behalf of government agencies comply with security standard

Question 151

Multipartite Virus

Answer 151

Virus that combines boot and program viruses. First attaches to the boot sector and system files before attacking other files on the
computer

Question 152

Polymorphic Virus

Answer 152

Advanced version of an encrypted virus that changes itself every time it is executed by altering the decryption module to avoid detection

Changes PART of its code but retains one part of its code that remains the same to stay undetected

Question 153

Metamorphic Virus

Answer 153

Virus that is able to rewrite itself entirely before it attempts to infect a file
(advanced version of polymorphic virus)

Completely re-writes its code so that each newly propagated version of itself no longer matches its previous iteration to remain undetected

Question 154

SAML (Security Assertion Markup Language)

Answer 154

Security Assertion Markup Language - An open standard for exchanging authentication and authorization data between parties between an identity provider and a service provider

Question 155

OpenID Connect

Answer 155

Simple identity layer on top of the OAuth 2.0 protocol

Question 156

What are the private IP addresses?*

Answer 156

Private IP addresses are either 10.x.x.x, 172.16-31.x.x, or 192.168.x.x.

Question 157

Heuristic Analysis

Answer 157

Method employed by many computer anti-virus programs designed to detect previously unknown computer viruses and new variants of viruses already in the wild

Detects viruses by examining code for suspicious properties. Designed to spot unknown new viruses and modified versions of existing threats

Determines whether several observed data points constitute an indicator and whether related indicators make up an incident depending on a good understanding of the relationship between the observed indicators

Question 158

Netflow

Answer 158

Flow analysis tool. Does not capture the full packet capture of data as it crosses the network sensor but captures metadata and statistics about the network traffic.

Metadata can highlight trends and patterns in the traffic generated by the malicious user, such as the volume of data sent and received

Question 159

FERPA

Answer 159

Family Educational Rights and Privacy Act - Requires educational institutions implement security and privacy controls for student educational records

School, Students

Question 160

SOX

Answer 160

Sarbanes-Oxley Act - Affects publicly traded U.S. corporations and requires certain accounting methods and financial reporting requirements

Dictates requirements for storing and retaining documents relating to an organization’s financial and business operations, including the type of documents to be stored and their retention periods

Question 161

Banner Grabbing

Answer 161

Conducted by actively connecting to the server using telnet or netcat and collecting the web server’s response. Banner usually contains the server’s operating system and the version number of the service being run.

Question 162

Purging a device vs Clearing a device?

Answer 162

Purging includes methods that eliminate information from being feasibly recovered even in a lab environment. Ex: performing a cryptographic erasure (CE) would sanitize and purge the drives’ data without harming the drives themselves.

Clearing drives leaves the possibility that some tools would allow data recovery

Question 163

Hping

Answer 163

Assembles and sends custom ICMP, UDP, or TCP packets and then displays any replies. It was inspired by the ping command but offered far more control over the probes sent. It also has a handy traceroute mode and supports IP fragmentation.

Hping is useful when trying to traceroute/ping/probe hosts behind a firewall that blocks attempts using the standard utilities.

Question 164

VLAN

Answer 164

Virtual Land Area Network - logically separate network that is created using switching technology

Subnetwork that can group together collections of devices on separate physical local area networks (LANs)

Enables a group of devices available in multiple networks to be combined into one logical network

*Typically need a router

Question 165

GPO

Answer 165

Microsoft’s Group Policy Object (GPO) is a collection of Group Policy settings that defines what a system will look like and how it will behave for a defined group of users.

Efficient way to deploy system configuration settings across many Window’s devices

Question 166

APTs

Answer 166

Advanced Persistant Threats - highly sophisticated nation-state threat actor that quietly gathers information from compromised systems and can lay in waiting for several months during an ongoing attack

Question 167

Dynamic Code Analysis

Answer 167

Involves running code and examining the outcome, which also entails testing possible execution paths of the code

The process of testing and evaluating a program — while software is running

Question 168

PAP

Answer 168

Password Authentication Protocol (PAP) - Username and password

Question 169

What happens during recc

Question 170

What happens during recc

Question 171

What happens during recc

Question 172

What happens during recc