Sec 701 - General Terms

Question 1

RADIUS

Answer 1

Remote Authentication Dial-In User Service - Networking protocol that authorizes & authenticates users who access a remote network.

Question 2

NIDS

Answer 2

Network Intrusion Detection System - Inspects network traffic at the packet level to identify threat. ALERTS ONLY

Question 3

HIPS

Answer 3

Host Intrusion Prevention System - Blocks malicious activities on a host machine

Question 4

IoC

Answer 4

Indicators of Compromise - High network activity, changes to file hashes, irregular international traffic, account lockouts, etc.

Question 5

SOAR

Answer 5

Security Orchestration Automation Response - Allows incidents to be responded to immediately through automation. SIEM but with automated response

Question 6

AIS

Answer 6

Automated Indicator Sharing - Machine-readable threats communicated between private and public sectors

Question 7

NVD

Answer 7

National Vulnerability Database - Government repository based on vulnerability management data

Question 8

TAXII

Answer 8

Transport mechanism for STIX (Encrypted through HTTPS)

Question 9

STIX

Answer 9

Programming language for conveying data about CS threats in a way that can be understood by humans and machines

Question 10

CIA

Answer 10

Confidentiality, Integrity, Availability - Fundamentals of security

Question 11

WMI

Answer 11

Windows Management Instrumentation - Standardized & flexible way to manage windows computers.

Question 12

DLP

Answer 12

Data Loss Prevention - Detects & prevents data breaches

Question 13

SIEM

Answer 13

Security Information & Event Manager - Helps organizations detect, analyze, and respond to threats. ALERTS ONLY

Question 14

PCI Compliance

Answer 14

Payment Card Industry - Mandates how credit card information is stored on computer networks

Question 15

PHP

Answer 15

Hypertext Pre-processor - General purpose scripting language geared toward web development. VULNERABLE

Question 16

SMB

Answer 16

Server Message Block - Communication protocol between NODES used to share files, serial ports, misc communications.

Question 17

RFC

Answer 17

Request for Comments - Formal documents that describes the specifications for a particular technology

Question 18

Technical Controls

Answer 18

Controls implemented using systems (Firewalls, antivirus)

Question 19

Managerial Controls

Answer 19

Administrative controls associated with security design & implementation. (Security policies, standard operating procedures)

Question 20

Operational Controls

Answer 20

Controls implemented by people instead of systems (Security guards, awareness programs)

Question 21

Physical Controls

Answer 21

Physical security (Guard shacks, fences, badge readers, etc.)

Question 22

Preventative Control Type

Answer 22

Block access to a resource (Firewalls, guard shacks, etc)

Question 23

Deterrent Control Type

Answer 23

Discourage an intrusion (Warning signs, threats of demotions, front desk)

Question 24

Detective Control Type

Answer 24

Identify & log intrusion attempts (Syslogs, login reports, motion detectors)

Question 25

Corrective Control Type

Answer 25

Apply a control after an event has been detected (Restoring from backups, contact law enforcement, policies created)

Question 26

Compensating Control Type

Answer 26

Control using other means - may be temporary (Firewall blocks a specific app instead of patching, simultaneous guard duties, generator used after power outage.)

Question 27

Directive Control Type

Answer 27

Direct a subject towards a security compliance

Question 28

Non-repudiation

Answer 28

Cannot deny what you’ve said. Digital signature adds non-repudiation, others can see signature. Proves integrity.

Question 29

AAA

Answer 29

Authentication, Authorization, and Accounting

Question 30

Authentication

Answer 30

Prove who you are - Password & MFA

Question 31

Authorization

Answer 31

Based on identification & authentication, what access do you have?

Question 32

Accounting

Answer 32

Login time, data sent & received, logout time

Question 33

CA

Answer 33

Certificate Authority - Entity that stores, signs, and issues digital certificates.

Question 34

Gap Analysis

Answer 34

Where you are compared to where you want to be with security protocols and procedures

Question 35

NIST

Answer 35

National Institute of Standards and Technology - Understand and REDUCE companies cybersecurity risk and protect their networks and data

Question 36

ISO

Answer 36

Standard to IMPROVE an organization’s information security management system

Question 37

Planes of Operation

Answer 37

Data Plane, Control Plane

Question 38

Data Plane

Answer 38

Routers, switches, firewall (Process frames, packets, network data)

Question 39

Control Plane

Answer 39

Policies, rules (Manages actions of data plane, how a packet should be forwarded, routing tables, etc.)

Question 40

Honey Pots

Answer 40

Attractive target for an attacker, alerts IT when tripped

Question 41

Honeynets

Answer 41

A real network that includes multiple devices, alerts & sometimes traps an attacker

Question 42

Honeytokens

Answer 42

Tracks the malicious actors once tripped

Question 43

Allow List

Answer 43

Nothing runs UNLESS APPROVED - very restrictive

Question 44

Deny List

Answer 44

Nothing on the deny list can be executed - allow everything else

Question 45

PKI

Answer 45

Public Key Infrastructure - Binding of public keys to people or devices

Question 46

Symmetric Encryption

Answer 46

SINGLE shared key, encrypt & decrypt done with same key. Does not scale well but very fast.

Question 47

Asymmetric Encryption

Answer 47

Two or more mathematically related keys. Private & public keys are used

Question 48

Private Key

Answer 48

Asymmetric encryption - only you have access to this key. You receive an email sent to you using your public key, use your private key to decrypt the message.

Question 49

Public Key

Answer 49

Asymmetric encryption - Everyone has access to this key, used to encrypt messages being sent to someone & they use their private key to decrypt the message.

Question 50

VPN

Answer 50

Encrypts all data transmitted over the network, forms a tunnel to a target. Client-based uses SSL/TLS, Site-to-site uses IPsec

Question 51

Key Stretching

Answer 51

Make a weak key stronger (hash a password then has the hash of the password, etc)

Question 52

Out of Band Key Exchange

Answer 52

Do NOT use internet to exchange. Call, courier, or in-person exchange

Question 53

In Band Key Exchange

Answer 53

On the network, use asymmetric encryption to deliver a symmetric key

Question 54

TPM

Answer 54

Trusted Platform Module - Cryptography hardware on a device (micro-controller) on a motherboard. Bitlocker can utilize this unique hash to create encrypted keys to protect hardware from unwanted changes.

Question 55

Tokenization

Answer 55

Replace sensitive data with a non-sensitive placeholder. Original data & token are not mathematically related

Question 56

Rainbow Table

Answer 56

Common passwords and their respective hashes that can be used to match with user accounts if a malicious actor gets access to usernames and hashed passwords.

Question 57

X.509

Answer 57

Standard format of certificates - easy readability and standard for digital certs

Question 58

Root of Trust

Answer 58

I trust this site, so you should also trust this site because I do.

Question 59

HSM

Answer 59

Hardware Security Module - Physical computing device that safeguards and manages secrets (most importantly digital keys), performs encryption and decryption functions for digital signatures

Question 60

TOCTOU

Answer 60

Attack type. Something may happen between the check of variables and the change of variables. Gaps in this can allow an attacker to time a change perfectly so between the change and the check, there is a discrepancy between what is and what should be. (The what is, is beneficial to the attacker. Ex. Having more money than they should.)

Question 61

XSS attack

Answer 61

Cross Site Scripting - Takes advantage of trust a user has for a site.
Attacker sends malicious script in email/SMS/etc, clicks link to legit site, malicious script sends important info (username, password) to the attacker in plaintext.

Question 62

AUP

Answer 62

Acceptable Use Policy - Agreement between a user and the computer administrator that addresses all of the rights, privileges, and rules that users must adhere to when using computer resources.

Question 63

TACACS+

Answer 63

Terminal Access Controller Access-Control System - Popular provider of AAA

Question 64

PKI

Answer 64

Public Key Infrastructure - System of processes, technologies, and policies that allows you to encrypt and sign data

Question 65

BIA

Answer 65

Business Impact Analysis - Process used by organizations to assess and evaluate the potential impact of disruptive incidents or disasters on their critical business functions and operations