SEC+ Flashcards by alec pabon

What are the Two types of commonly referenced network security?

Information Security
Information Systems Security

How well did you know this?

Not at all

Perfectly

What are the The CIA Triad + two?

Confidentiality, Integrity, Availability, + Authentication & Non-repudiation

How well did you know this?

Not at all

Perfectly

What is the AAA of Radius?

Authentication, Accounting, and Authorization

How well did you know this?

Not at all

Perfectly

What measures or mechanisms are put in place to mitigate risks and protect the confidentiality, integrity, and availability of information systems and data?

Security Controls

How well did you know this?

Not at all

Perfectly

What are the four categories that Security Controls are grouped with?

1.Technical
2.Managerial
3.Operational
4.Physical

How well did you know this?

Not at all

Perfectly

What are the six different types of security controls?

1.Preventative
2.Detective
3.Compensation
4.Deterrent
5.Corrective
6.Directive

How well did you know this?

Not at all

Perfectly

What is the security model that operates on the principle that no one, whether inside or outside the organization should be trusted by default?

Zero Trust

How well did you know this?

Not at all

Perfectly

What plane consists of the adaptive identity, threat scope reduction, policy-driven access control, and secured zones?

Control Plane

How well did you know this?

Not at all

Perfectly

What plane is focused on the subject/system, policy engine, policy administrator, and establishing policy enforcement points?

Data Plane

How well did you know this?

Not at all

Perfectly

What is considered a threat in Cyber security?

Anything that can cause harm, loss, damage, or compromise IT systems

How well did you know this?

Not at all

Perfectly

Finding different ways to minimize the likelihood of an outcome occurring and achieving the desired outcomes is referred to as ___________.

Risk Management

How well did you know this?

Not at all

Perfectly

What two conditions must exist at the same time to be considered a RISK?

Threat and Vulnerability

How well did you know this?

Not at all

Perfectly

What element of backup strategy involves making data copies regularly at set intervals?

Frequency

How well did you know this?

Not at all

Perfectly

When a tech company wants to partner with a vendor, what should they look for to verify security is met to their internal cyber security standards?

Evidence of internal audits

How well did you know this?

Not at all

Perfectly

What encryption standard uses one key to encrypt and decrypt?

Symmetric encryption

How well did you know this?

Not at all

Perfectly

Symmetric encryption is also called ______.

Secret Key

How well did you know this?

Not at all

Perfectly

What is a method in cryptography by which cryptographic keys are exchanged between two parties, allowing use of a cryptographic algorithm?

Key exchange

How well did you know this?

Not at all

Perfectly

What encryption standard uses two keys instead of one?

Asymmetric encryption

How well did you know this?

Not at all

Perfectly

What is the process of using a public key from a public/private key pair to encrypt plaintext, and then using the corresponding private key to decrypt the ciphertext?

Asymmetric encryption

How well did you know this?

Not at all

Perfectly

What does DAC stand for?

Discretionary access control

How well did you know this?

Not at all

Perfectly

What is Discretionary access control (DAC)?

is an authorization model where the owner of the resource decides who is allowed to access it.

How well did you know this?

Not at all

Perfectly

What does MAC stand for?

Mandatory Access Control

How well did you know this?

Not at all

Perfectly

What is Mandatory Access Control (MAC) for?

is an authorization model where access to resources is determined by a set of rules defined by a central authority.

How well did you know this?

Not at all

Perfectly

Where is MAC most commonly used?

Large organizations, government and military settings

How well did you know this?

Not at all

Perfectly

What does RBAC stand for?

Role Based Access Control

What is RBAC?

Is an authorization model that assigns permissions to roles, rather than individual users. Ex. Accountants have access to financial docs, but not personal HR docs.

What does ABAC stand for?

Attribute Based Access Control

What is ABAC?

* It determines access through a combination of contexts and system wide attributes. * It sets sets and enforces policies based on characteristics, such as department, location, manager, and time of day.

What asymmetric encryption technique provides a comparable level of security with shorter key lengths, making it efficient for cryptographic operations?

ECC

What is ECC?

A asymmetric encryption technique that is a type of trapdoor function and is efficient with shorter key lengths.

What does ECC stand for?

Elliptic curve cryptography

What does DSA stand for?

Digital Signature Algorithm

What is Digital Signature Algorithm (DSA)?

is an algorithm used for digital signatures, but it doesn't inherently offer the same efficiency in terms of key length as ECC.

What is RSA?

a type of asymmetric encryption, which uses two different but linked keys. Longer keys needed than ECC.

What is Diffie-Hellman (DH) key exchange?

a mathematical method of securely exchanging cryptographic keys over a public channel

Is RSA symmetric or asymmetric

Asymmetric

Is ECC symmetric or asymmetric?

asymmetric

Is DSA symmetric or asymmetric?

asymmetric

What is a method of encrypting or signing data with two different keys and making one of the keys available for anyone to use?

Public Key

When sending an encrypted message to Facebook, a client would use which of the following to ensure only Facebook can decrypt and read the message?

Public Key

What is also known as a secret key?

Private key

What keys should be shared only with the key's generator or parties authorized to decrypt the data?

Private keys

what is Key escrow?

refers to the secure storage of cryptographic keys, ensuring they can be accessed under specific conditions

Can key escrows encrypt or decrypt?

What is a private key used for?

It is kept secret by its holder and is used to decrypt messages that are encrypted with its corresponding public key

What secures multiple subdomains under a main domain but doesn't directly involve message encryption or decryption?

wildcard certificate

What is a function that is easy to perform one way, but has a secret that is required to perform the inverse calculation efficiently?

Trap Door

When considering the RSA algorithm, what best captures its underlying mathematical property used for public key cryptography?

Trap Door

What Encryption standard relies on the trap door function for its efficiency?

RSA encryption

What is a Hash function?

It is a mathematical algorithm that takes a variable number of characters called a ”message”, and converts it into a string with a fixed number of characters called a hash

What feature produced by a SIEM can provide insight into system and process behaviors?

Event Logs

What is a process of understanding and mapping potential threats but doesn't validate vulnerability remediation?

Threat modeling

What vulnerability is present in a situation where a threat actor can manipulate data after it has been verified by an application, but before the application uses it for a specific operation?

Time-of-check (TOC)

What is Time-of-check (TOC)

is a software bug caused by a race condition involving the checking of the state of a part of a system (such as a security credential) and the use of the results of that check.

What is a Race Condition vulnerability?

is a software bug that allows these unexpected results to be exploited by malicious entities.

What vulnerability occurs when an attacker exploits the time gap between the verification of data and its use, potentially leading to unauthorized or malicious activities?

TOC (Time-of-Check)

______ are when a program doesn't release memory that it no longer needs, leading to potential system slowdowns or crashes.

Memory Leaks

What refers to the overuse of system resources, be it CPU time, memory, or others, which can lead to denial of service?

Resource Exhaustion

Which cyber security attacker is likely to accidentally cause harm to the system?

Shadow IT

What is the use of IT-related hardware or software by a department or individual without the knowledge of the IT or security group within the organization?

Shadow IT

Which layer of the OSI model is an network appliance primarily operating at when it focuses on filtering traffic based on source and destination IP addresses, and port numbers?

Layer 4

What does XSS stand for?

Cross Site Scripting (XSS)

What attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites?

XSS

What attack occurs when the amount of data in the buffer exceeds its storage capacity?

Buffer Overflow attack

What is the practice of installing mobile apps on a device that are not from the official app stores?

Sideloading

What are a type of vulnerability that arises when the interaction between users and cloud services through interfaces and APIs is not secure, exposing systems to potential unauthorized access and manipulation of data?

Insecure Interfaces and APIs

What is Port 21? Is it UDP or TCP?

FTP (File Transfer Protocol)- used to transfer files from host to host. TCP

What Port number uses SSH to provide a secure remote terminal access? UDP or TCP?

Port 22, TCP

What Port number uses SCP (Secure Copy Protocol) to provide secure copy functions? TCP or UDP?

Port 22, TCP

What port number provides secure file transfers? TCP or UDP?

Port 22, TCP

What port Provides Insecure remote control of another machine using a text-based environment and is Unencrypted?

Telnet

What port number is telnet? TCP or UDP?

23, TCP

What does port number 25 provide? TCP or UDP?

Provides the ability to send emails over the network. TCP

What port is SMTP?

What port translates domain names into IP addresses? TCP or UDP?

Port 53, Both TCP and UDP

What port does DNS operate under? TCP or UDP?

Port 53

What port is used as a lightweight file transfer method for sending configuration files or network booting of an operating system? TCP or UDP?

Port 69, UDP

What port number is TFTP and what does it stand for?

Trivial File Transfer Protocol, Port 69

What is the Hyper Text Transfer Protocol used for? What port does it use?

Port 80, Insecure web browsing

What port number is used for HTTP? TCP or UDP?

Port 80, TCP

What Port number does Kerberos operate in? UDP or TCP?

Port 88, UDP

What is keberos used for?

It is a network authentication tool

What is POP3 responsible for?

Responsible for retrieving email from a server

What port number does POP3 use? UDP or TCP?,

110, TCP

What does POP3 stand for?

Post Office Protocol Version 3

What protocol is used for accessing new groups?

NNTP (Network News Transfer Protocol)

What port number does Network News Transfer Protocol use and is it TCP or UDP?

Port 119, TCP

Which port facilitates communication between different system processes? TCP or UDP?

Port 135, Both TCP & UDP

What three ports are used in NetBIOS?

137, 138, and 139

What does ports 137, 138, and 139 provide? TCP or UDP?

NetBIOS, a network protocol suite, Both TCP & UDP

Which port allows access to email messages on a server?

Port 143

What does IMAP stand for?

Internet Message Access Protocol

What does port 143 provide? TCP or UDP?

IMAP, TCP

What port does SNMP (Simple Network Management Protocol) work on?

Port 161

What does port 161 provide? TCP or UDP?

SNMP, UDP

What does SNMP (Simple Network Management Protocol) allow the user to do?

Manage network devices

What port would a SNMP Trap use to send its message? TCP or UDP?

Port 162, UDP

What does Port 162 provide and what is it responsible for?

SMNP Trap, sending SNMP Trap messages

What is Port 389 for? TCP or UDP?

LDAP, TCP

What port does the Light Weight Directory Access Protocol use and what is it for?

Port 389, facilitates directory services

What port does secure web browsing use?

443

What type of web browsing protocol usually utilizes the certificate system and provides a lock icon in the search bar if the website is recognized as secure?

HTTPS

Which port provides secure web communication and is it TCP or UDP?

Port 443, TCP

What Port number is used for file and printer sharing over a network? What is it called?

Port 445, SMB Secure Message Block

Secure Message block uses what port number? TCP or UDP?

Port 445, TCP

What provides secure SMTP communication?

SMTPS (SMTP Secure)

What port numbers use SMTPS? UDP or TCP?

465, 587 TCP

What does port 465 and 587 provide?

SMTPS

What is Syslog used for in a cybersecurity environment?

Used for sending Log messages

What port number does SYSlog operate through? TCP or UDP?

514, UDP

What is Port number 514 used for?

Syslog

What is the acronym used for a secure version of LDAP communication sent over SSL/TLS?

LDAPS (LDAP Secure)

What Port number does LDAPS use? TCP or UDP?

Port 636, TCP

What protocol is used for secure email retrieval over TLS/SSL?

IMAPS

What port number does IMAPS utizilize? TCP or UDP?

993, TCP

What is the acronym for "Internet Message Access Protocol over SSL/TLS"?

IMAPS

What is POP3S (POP3 over SSL/TLS) used for?

Used for secure email retrieval

What is the secure version of POP3? TCP or UDP?

POP3S, TCP

What Port number does POP3S utilize?

995

What port number would be used to facilitate communication with Microsoft SQL Server? TCP or UDP?

Port 1433, TCP

RADIUS TCP, used for remote authentication, authorization, and accounting, uses which ports?

1645 and 1646

What protocol is used for remote authentication, authentication, authorization, and accounting? TCP or UDP?

RADIUS TCP, TCP

What protocol is used for authentication and accounting as defined by the internet engineering task force (IETF)? TCP or UDP?

RADIUS UDP, UDP

What Port Number is used by RADIUS UDP?

Ports 1812 and 1813

What protocol uses ports 1812 and 1813?

RADIUS UDP

What protocol allows for remote desktop access?

RDP (Remote Desktop Protocol)

What port does RDP utilize? TCP or UDP?

Port 3389, TCP

What protocol does Port 3389 provide?

RDP

What is used in a secure syslog that uses SSL/TLS to encrypt the IP packets using a certificate before sending them across the IP network to the syslog collector?

Syslog TLS

What does Port number 6514 provide? TCP or UDP?

Syslog TLS, TCP

What port number does Syslog TLS use?

Port 6514

What network security and connectivity framework integrates network security and wide area networking into a cloud-based service?

SASE

What does SASE stand for?

Secure access service edge

What system prioritizes performance, sometimes at the expense of security features like buffer overflow protections, potentially leaving the system susceptible to certain attacks?

RTOS, real-time operating system

When considering user interactions with a web service, what are the security measures that involve the secure creation and transfer of identifiers as well as enforcing inactivity limits to prevent unauthorized access?

Session management

What policy contributes to the practice of defining when an inactive session should end, but does not include the secure transmission and generation of identifiers?

Time Out Policy

An attacker entered a lot of data into the the area of memory in the API that temporarily stores user input. What type of attack was used?

Buffer Overflow

___________ NACs use additional software to authenticate users

Agent based

__________ NACs use network level protocols to authenticate users.

Agentless

What characteristic of a cloud architecture model describes a model that can quickly recover from failures due to adverse conditions?

Resilience

What is a level of uncertainty and impact from risk below which an organization an organization will accept a risk and above which an organization will not accept a risk?

Risk Threshold

What is the amount of loss an investor is prepared to handle while making an investment decision?

Risk Tolerance

What is the term to refer to the specific laws and regulations set by a country's government that dictate how the personal data of its citizens should be collected, stored, and processed?

National legal implications

A network appliance capable of filtering traffic based on URL, HTTP headers, and specific web application functionalities operates at which layer of the OSI model?

Layer 7

A ___________ is an individual or entity that determines the purposes and means of processing personal data.

Data Controller

What mitigation technique can help protect a device from unauthorized network traffic solely by using software that can control network traffic based on predefined rules and policies?

A Host-based Firewall

What term emphasizes the mathematical structure used to scramble data so that only a specific key can unscramble it?

Encryption algorithm

A security analyst wants to implement a system that will selectively block or allow traffic based on the nature of the communication. Which firewall type would be MOST effective for this purpose?

Layer 7 Firewall

What refers to the unique characteristics of an organization's infrastructure that can affect vulnerability assessments and risk analysis?

Environmental Variables

A network protocol developed by Cisco for collecting IP traffic information and monitoring network flow is known as what?

NetFlow

What feature was introduced on Cisco routers around 1996 that provides the ability to collect IP network traffic as it enters or exits an interface?

NetFlow

What protocol superseded NetFlow by providing the same services, but for all network devices as open source instead of the proprietary version offered by Cisco?

IPFIX Internet Protocol Flow Information eXport

What does IaC stand for?

Infrastructure as Code

What is IaC?

is the embedding of consistent, scalable cloud security coverage. helps detect misconfiguration in code early in software development life cycle to prevent vulnerabilities at runtime.

What describes an approach where the foundational systems are set up and overseen using scripts and automated instruments instead of hands-on methods?

IaC

What does RTOS stand for?

Real Time Operating System

What is RTOS mainly used for?

Autmomation of time sensitive machines like automotive vehicle creation machinery

What type of risk sets a specific maximum amount of risk that can be accepted; a financial or quantitative boundary?

Risk Limit

A point at which risk becomes unacceptable or needs action; a decision-making cutoff is known as what?

Risk Threshold

The overall willingness to accept risk in pursuit of objectives is known as?

Risk Tolerance

The degree of risk based on likelihood and impact; used for prioritization and risk assessment is known as what?

Risk Level

What refers to the process of formally validating and verifying certain aspects of a system, process, or set of controls?

Attestation

The admin wants to implement a system that will selectively block or allow traffic based on the nature of the communication. What layer firewall should be used?

Layer 7

What describes a cloud model that can quickly recover from failures due to adverse conditions?

Resilience

What is a Buffer Overflow?

occurs when data exceeds the boundary of a fixed-size buffer and overwrites adjacent memory.

What effects can be caused by a buffer overflow attack?

This can lead to unexpected behavior, crashes, or security vulnerabilities

What is a Memory Leak?

A memory leak occurs when a program allocates memory but fails to release it back to the system after use. This causes the memory to be wasted and unavailable for other processes.

What can lead to increased memory usage, reduced system performance, or application crashes due to failing to release memory resources back to the system after use?

Memory leaks

Periodic evaluations, like ______ _________, are a managerial security control that involves regularly evaluating the threats to systems and networks.

Risk Assessments

What is an example of a managerial security control that the company could implement?

Risk Assessments

What is the process of identifying and fixing security vulnerabilities in software, firmware, and operating systems to prevent potential exploits?

Patching

A network appliance capable of filtering traffic based on URL, HTTP headers, and specific web application functionalities operates at which layer of OSI?

Layer 7

What are the layers of the OSI model?

Physical, data link, network, transport, session, presentation, application

What is needed to complete the authentication process used in WPA2 Personal mode?

Password to generate PMK (Pairwise Master Key)

What is the individual or entity that determines the purposes and means of processing personal data?

Data Controller

What is an individual or entity that processes personal data on behalf of the data controller, without deciding the purposes or means of the processing?

Data Processor

Who is typically responsible for ensuring the safety and maintenance of data assets through its various stages of storage, but doesn't decide on processing methods?

Data Custodian

What term refers to a critical predictive metric that organizations monitor to foresee potential risks and their impact on operations?

Key risk indicators

What are specific variables used within risk assessment processes, not predictive indicators?

Risk parameters

What term emphasizes the mathematical structure used to scramble data so that only a specific key can unscramble it?

Encryption algorithm

What does TCO stand for?

Total cost of ownership

What term not only includes the initial purchase price of the tool but also the ongoing expenses related to maintenance, updates, and other associated costs over its lifecycle?

TCO Total cost of ownership

What term refers to the effectiveness and productivity of operations but doesn't directly address the financial impact of a tool over its lifecycle?

Operational Efficiency

What does CAPEX stand for?

Capital Expenditure

What term pertains to the initial costs to purchase the asset or tool, not the ongoing or total costs throughout its lifecycle?

CAPEX, Capital Expenditure

What term evaluates the profitability or benefit of a particular investment, it doesn't primarily focus on the entire financial impact over a tool's lifecycle?

ROI (Return on Investment)

What does DMARC stand for?

Domain-based Message Authentication, Reporting, and Conformance

What uses the results of DKIM and SPF checks, but on its own, it doesn't cryptographically sign emails?

DMARC

What does DKIM stand for?

DomainKeys Identified Mail

What does SPF stand for?

Sender Policy Framework

What is valuable in identifying which servers are authorized to send emails on behalf of a domain?

SPF (Send Policy Framework)

What standard is for sending emails, but it doesn't inherently provide a cryptographic signing mechanism for email authenticity?

SMTP (Simple Mail Transfer Protocol)

True or False SNMP ensures secure communication among software applications and allows security analysts to monitor these communications.

False

True or False SNMP allows network administrators to monitor network performance, find and solve network problems, and plan for network growth.

True

Which metric specifies whether an attack can be executed solely by the attacker or if it necessitates user involvement to succeed?

User Interaction (UI)

Which metric measures the level of privileges an attacker must have to exploit the vulnerability, not user interaction?

Privileges Required (PR)

What term specifies the context of an exploit, like local or network-based, rather than user involvement?

AV (Attack Vector)

Which metric describes the conditions that must be met for an exploit to work but doesn't revolve around user behavior?

AC (Attack Complexity)

What is a free and open industry standard for assessing the severity of computer system security vulnerabilities?

The Common Vulnerability Scoring System (CVSS)

During a digital investigation, which phase has the goal to obtain data in a way that doesn't alter the original evidence?

acquisition phase

During a digital investigation, which phase is responsible for ensuring the integrity and authenticity of digital evidence?

Chain of Custody

Searching through electronic records to identify relevant emails for a court case is an example of which phase during a digital investigation?

E-discovery

Which of the architecture models involves creating multiple instances of a system to handle increased demand?

Scalability

Which of the architecture models involves ensuring that a system or service responds quickly and efficiently to user requests or inputs?

Responsiveness

Which of the architecture models refers to the simplicity and speed of launching a system or service into production which is an important consideration for designing and deploying applications and systems?

Ease of deployment

What method involves packaging an application and its dependencies into a lightweight and portable unit, which can run on any platform that supports containers?

Containerization

What can improve performance, scalability, and security of applications, but it's main purpose isn't specifically to deal with increasing or decreasing demand?

Containerization

Who is chiefly responsible for determining the purposes and means of processing personal data within an organization?

Data Controller

The _____________ is the entity that determines the purposes, conditions, and means of processing personal data.

Data Controller

A ________ collects and sells data to other organizations, but they do not typically decide the purposes and means of data processing for another organization.

Data Broker

_________ access and use the data but typically don’t decide on its processing purposes and means.

Data users

_________ are responsible for the data's classification and ensuring it meets organizational policies, but they do not typically decide on the purposes and means of data processing.

Data Owners

What is the proactive process of recognizing and recording potential threats that could adversely affect an organization?

Risk identification

________ is an activity that may be part of risk identification but does not encompass the entire scope of identifying a range of potential risks.

Policy review

What is a specific method used within risk identification to determine the weaknesses within an organization's IT infrastructure?

vulnerability assessment

____________ involves the collection and analysis of information about current and potential attacks that threaten the security of an organization but does not directly refer to the broader process of risk identification.

Threat intelligence

____________ attacks occur when an application receives more data than it's allocated to handle, causing the excess data to overflow into adjacent memory locations. This can lead to application crashes or potentially allow an attacker to execute arbitrary code.

Buffer overflow

_______ attacks aim to make a system or network resource unavailable by overwhelming it with traffic. While it can cause system disruptions, it doesn't operate through buffer overflows.

DoS

A _________ is a type of malware that hides itself and other malicious programs from detection and allows an attacker to gain persistent access and control over a system.

rootkit

What type of attack allows the attacker to gain persistent access and control over a system by hiding itself and its other malicious programs from detection?

Rootkit

A ______ is a type of malware that disguises itself as a legitimate or benign program, but performs malicious actions when executed.

Trojan

Malware has installed a hidden program that allows an attacker to remotely execute commands on the infected system. The malicious program has also given the attacker local admin privileges. What type of attack is this?

Rootkit

A user sees a dolphin icon of a program they dont recognize. They click it, grant it permissions by clicking allow, and suddenly malware has taken over the system. What type of attack is this?

Trojan

A ___________ is a report generated at regular intervals, such as weekly, monthly, or quarterly, to keep stakeholders updated on ongoing security metrics, trends, and concerns. A policy review is a periodic assessment of the organization's security policies to ensure they remain current and effective.

Recurring report

A _________________ is a specialized report highlighting current and emerging threats, often sourced from external threat intelligence providers.

threat intelligence briefing

An incident report is a detailed account of a specific security breach or event, outlining what occurred, its impact, and the steps taken in response.

incident report

What type of connections use GSM or CDMA (Code Division Multiple Access) technologies to provide wireless communication between devices and provide connections that are more secure than Wi-Fi or Bluetooth because they use encryption and authentication mechanisms to protect the data?

Cellular

What is the first step in the risk management process that involves determining what potential threats and vulnerabilities exist within an organization's environment?

Risk identification

What are the steps in a risk management process?

Fill this out from notes

Who is the entity that processes personal data on behalf of the data controller?

Data Processor

_________ is an indicator of malicious activity that shows that an attacker or malware has compromised an account and is using it simultaneously with the legitimate user, creating multiple sessions from different locations or devices.

Concurrent session usage

True or False The significance of inventory in managing hardware, software, and data assets effectively.

true

What type of document is used to define the measurements of quality and performance an organization wants from the vendor?

SLA Service Level Agreement

_________ is a comprehensive document that establishes the overall framework for a long-term business relationship between Magnetic Island and the vendor.

MSA Master Service Agreement

What document provides detailed instructions and requirements for specific tasks or projects to be carried out by the vendor?

WO (Work Order) or SOW (Statement of Work)

What outlines the terms of a partnership between two organizations and how they will collaborate on specific projects or initiatives?

MOU (Memorandum of Understanding)

What role involves developing and managing the company's information security program and is also responsible for defining and implementing information security policies and procedures to protect sensitive data and IT systems from cyber threats?

Security Officer

What type of attack does the attacker target multiple accounts by trying a few common passwords across them?

Horizontal Attack

Two different hashing algorithms produce the same output for the same input. What is this called?

A Collision

A ___________ is a type of password attack that involves trying common passwords against multiple accounts, hoping to find a match.

spraying attack

What is used to protect web applications by monitoring, filtering, and blocking HTTP/HTTPS traffic that can exploit any vulnerabilities in the application?

Web Application Firewall (WAF)

What layer of the OSI does a WAF operate in?

Layer 7

What kind of protective measures are based on where the data is stored?

Geographic restrictions

What process is the hiding or camouflaging of information to prevent access to it? Its often hidden in plain sight but encrypted in a way that only one with a key can put the data together in the correct way.

Obfuscation

What benefit does a monolithic application have over micro services?

Singular deployment cadence, Consolidation of data storage. Reduced monitoring endpoints. Access Control is much easier to set up

What are some benefits of micro services?

distribute data storage needs across services instead of a single source allow for independent deployments

What are some downsides to consider with the use of micro services?

increased monitoring endpoints need for access controls to be set for each service.

What standard allows data to be processed without being decrypted, effectively securing data-in-use?

Homomorphic encryption

What type of hackers use automated hacking tools to exploit vulnerabilities instead of having the technical knowledge to do it manually?

Unskilled hackers

What type of penetration testing means that a significant amount of information has been given to the tester?

Known environment

If a penetration tester is given credentials to access the system prior to attempting to gain access, what type of condition would this be known as?

Known Environment

What type of penetration testing requires some reconnaissance, but are given a few details before starting?

Partially known environment

What is the initial phase of a penetration test, where information gathering and data collection occur without directly engaging the target?

reconnaissance

When would you classify an unknown environment in pen-testing?

Means the tester if given zero knowledge or information.

When pen-testing in an unknown environment, what would be the first step?

Reconnaissance

What is the significance of key length in encryption standards?

determines minimum key length to be used

What term refers to the determination of the minimum key length to be used in encryption?

Key Length

What accrues from not maintaining technology devices, such as computers, servers, and applications, at a state where the organization and technology landscape requires them to be?

Technical Debt

What is the term to describe information about data?

Metadata

What type of information is included in metadata?

File's creator, File size, Date and time of last modification

Who is most likely to make unauthorized copies of sensitive data they were initially granted access to for a specific project?

Contractor

What is a simple solution to avoid account compromises?

Long complex passwords

What should be used when a long complex password may not be enough?

MFA

What is the are the steps in digital forensics?

1. Identify 2. Preservation of evidence 3. Analysis 4. Documentation 5. Presentation

What step in digital forensics include finding the evidence and noting where it is stored?

1. Identification

What step in digital forensics includes isolating, securing, and preserving the data?

2. Collection (Preservation)

What step in digital forensics includes drawing conclusions based on the evidence found?

3. Analysis

What step in digital forensics includes creating a record of all the data to recreate the crime scene?

4. Documentation

What step in digital forensics includes summarizing and drawing a conclusion?

5. Presentation

Generating and documenting cryptographic hashes of digital evidence to verify its integrity would be an example of which phase in digital forensics?

Preservation

Performing keyword searches on electronic documents to identify pertinent information would be an example of which phase in digital forensics?

E-Discovery

What is the main danger that comes from Shadow IT?

A larger attack surface

What implementation offers a more flexible access control system that can adjust to changing user behavior?

Adaptive identity

What does SRTP stand for?

Secure Real-time Transport Protocol

Which protocol would provide encryption specifically for voice traffic over IP?

SRTP

What is a technique used in cryptography that adds random data to the input of a hash function to increase security?

Salting

What system allows cybersecurity professionals to talk about vulnerabilities in a consistent manner, ensuring everyone is on the same page?

CVEs

What system evaluates the risk of vulnerabilities and rates them?

CVSS

What system doesn't evaluate or rate risks/vulnerabilties, but does identify them?

CVE

Common Vulnerabilities and Exposures are a standard used for what specifically?

A glossary to classify vulnerabilities.

Common Vulnerability Scoring System is a standard mainly used for what specifically?

Evaluating and Rating risks/vulnerabilities

Why are CVE identifiers important for cybersecurity professionals?

Provides a standardized scoring created by the CVSS

What term refers to a formal examination of an organization's procedures, controls, and operations, ensuring they comply with established guidelines, standards, or regulations?

System/process audit

What leverages publicly available data sources to gather intelligence on targets, providing valuable insights without breaching any laws?

OSINT

What does OSINT stand for?

open source intelligence

What involves identifying, evaluating, and analyzing risks to an organization’s assets and operations, with the aim of implementing measures to control and mitigate those risks?

Risk assessment

What comes hand in hand with employee retention?

Retention of knowledge and expertise

What describes a system that allocates permissions and access based on pre-defined organizational guidelines, strategies, codes, roles, or requirements?

Policy-driven access control

An access control system that gives permissions based on your job title would be referred to as what?

Role Based Access Control

What is the format of a CVE identifier?

Year-CVE Number XXXX-XXXXX

0.0-AV:N/AC:L/PR:N/UI:N represents an example of wht scoring vector?

CVSS

What service combines network security and WAN capabilities in a single cloud-based service, making it an ideal solution for ensuring secure and reliable access to data and applications irrespective of user/device location?

SASE

What does SASE stand for?

Secure access service edge

What does ESP stand for?

Encapsulation security payload

When someone wants to combine network and security services, what should they use?

SASE

What does CSP stand for?

account Configuration Service Provider

Is a Root CSP a highly valuable target?

yes

What does ARO stand for?

Annual Rate of Occurence

What is a quantitative risk analysis metric that represents the expected number of times a specific risk occurs in a year?

ARO

What is the process of substituting a sensitive data element with a non-sensitive equivalent called?

Tokenization

What port number is the MSRPC endpoint mapper?

135

What is steganography?

concealing information within another message or physical object to avoid detection

What ports number is TFTP?

What does NGFW stand for?

Next Gen Firewall

What is a integrated firewall solution that surpasses traditional firewall capabilities?

NGFW

What encryption standard is primarily used for securing data at rest and in transit through symmetric key cryptography?

AES

Which encryption standard is used for hashing to ensure data integrity and authenticity?

SHA Encryption

What does HMAC stand for?

Hash-Based Message Authentication Code

What encryption standard is used for encryption and decryption to protect data confidentiality?

AES

What is used to specify which mail servers are authorized to send emails on behalf of the company's domain?

SPF (Sender Policy Framework)

What verifies email senders by building on the Domain Name System (DNS), DomainKeys Identified Mail (DKIM), and Sender Policy Framework (SPF) protocols?

DMARC (Domain based Message Authentication Reporting and conformance

What protocol is utilized for retrieving emails from a server and isn't designed to specify authorized sending servers for a domain?

IMAP (Internet Message Access Protocol)

What provides validation of the domain name identity associated with a message through cryptographic authentication, but it doesn't dictate authorized servers?

DKIM (Domain-based Key Identified Mail)

What is the concept that the laws of the country in which the data is collected will control the ways in which the data can be used, processed, and stored?

Data Sovereignty

What legislation mandates the implementation of risk assessments, internal controls, and audit procedures for ensuring transparency and accountability in financial reporting in the US?

SOX

A _________ ______ is a type of distributed denial-of-service (DDoS) attack that involves sending requests with spoofed source IP addresses to servers that generate large responses, amplifying the traffic sent to the target server.

Amplified Attack

___ __ _____ _______ is an indicator of malicious activity that shows that an attacker or malware has generated or modified logs outside of the normal schedule or frequency, indicating a possible compromise or tampering.

Out of Cycle Logging

An ______ ______ is a type of network attack that involves intercepting or modifying data in transit between two parties, such as by using a packet sniffer or a proxy server.

On-path attack

A _________ ________ is a type of DDoS attack that involves sending requests with spoofed source IP addresses to servers that redirect the responses to the target server, reflecting the traffic back to it.

reflected attack

The _____ _____ is responsible for making access control decisions based on pre-defined policies and contextual information about the subject/system.

policy engine

The _____ _______ is responsible for defining and managing the access control policies used by the policy engine.

policy administrator

The ____/____ refers to the entity (user or device) that is requesting access to a resource.

subject/system

The _____ _________ _____ is responsible for enforcing the access control decisions made by the policy engine.

policy enforcement point

What monitoring tech is used to gain a comprehensive overview of the health and security status of foundational IT components, including network traffic and interactions between servers?

Network Intrusion Detection System (NIDS)

Analyzing current capabilities of IT infrastructure and forecasting future needs is the essence of ______ _____.

capacity planning

Does NIST suggest Enforcing specific password complexity rules?

Does NIST suggest Blocking common passwords like dictionary words?

yes

Does NIST suggest Allowing users to decide when to change their password?

Yes

Does NIST suggest Disallowing the use of the username within the password?

Yes

The tester possesses complete knowledge of the target environment, including its architecture, design, and source code. It offers a deep dive into the system to unearth vulnerabilities that might remain hidden in other types of tests. What is this test called?

White Box Test

The tester approaches the system from an outsider's perspective, similar to an external attacker with no insight into the system's inner workings. What is this test called?

Black Box Test

They have some information about the system's inner workings but don't have access to all data and documents. This testing approach strikes a balance, offering a view between an insider and an external attacker. What is this test called?

Grey Box Test

In an IoT architecture, which of the following is the MOST critical consideration to secure connected devices from vulnerabilities?

Patch Availability

What term refers to computer systems that are integrated into larger devices?

Embedded Systems

____ __________ is a form of cyberattack that involves registering domain names that are similar to legitimate ones but have spelling errors or variations.

Typosquatting

What does RAT stand for?

Remote Access Trojan

What type of malware can give attackers access to a device's hardware and software, including the webcam?

RAT