Sec +

Question 1

TPM

Answer 1

Trusted Platform Module

- Chip residing on the motherboard that contains an encryption key

Question 2

AAA

Answer 2

Authentication, Authorization, Accounting

Question 3

Authentication

Answer 3

▪ When a person’s identity is established with proof and confirmed by a system

● Something you know

● Something you are

● Something you have

● Something you do

● Somewhere you are

Question 4

Multipartite virus

Answer 4

Virus that combines boot and program viruses to first attach itself to the boot sector and system files before attacking other files on the computer

Question 5

Polymorphic virus

Answer 5

Advanced version of an encrypted virus that changes itself every time it is executed by altering the decryption module to avoid detection

Question 6

Metamorphic

Answer 6

Virus that is able to rewrite itself entirely before it attempts to infect a file (advanced version of polymorphic virus)

Question 7

Rootkit

Answer 7

Software designed to gain administrative level control over a system without detection § DLL injection is commonly used by rootkits to maintain their persistent control …removal of a rootkit is difficult and the best plan is to reimage the machine

Question 8

DLL Injection

Answer 8

ROOT KIT Malicious code is inserted into a running process on a Windows machine by taking advantage of Dynamic Link Libraries that are loaded at runtime

Question 9

Driver Manipulation

Answer 9

ROOT KIT An attack that relies on compromising the kernel-mode device drivers that operate at a privileged or system level § A shim is placed between two components to intercept calls and redirect them

Question 10

Threat Vector

Answer 10

§ Method used by an attacker to access a victim’s machine

Question 11

Attack Vector

Answer 11

Method used by an attacker to gain access to a victim’s machine in order to infect it with malware

Question 12

Software Firewalls

Answer 12

Personal Firewalls § Software application that protects a single computer from unwanted Internet traffic § Host-based firewalls § Windows Firewall (Windows) § PF and IPFW (OS X) § iptables (Linux)

Question 13

DLP

Answer 13

Data Loss Prevention (DLP)

§ Monitors the data of a system while in use, in transit, or at rest to detect attempts to steal the data § Software or hardware solutions

Question 14

Securing BIOS

Answer 14

Basic Input Output System

§ Firmware that provides the computer instructions for how to accept input and send output § Unified Extensible Firmware Interface (UEFI) § BIOS and UEFI are used interchangeable in this lesson

o 1. Flash the BIOS 
o 2. Use a BIOS password 
o 3. Configure the BIOS boot order 
o 4. Disable the external ports and devices 
o 5. Enable the secure boot option

Question 15

NAS

Answer 15

Network Attached Storage (NAS)

§ Storage devices that connect directly to your organization’s network § NAS systems often implement RAID arrays to ensure high availability

Question 16

SAN

Answer 16

Storage Area Network (SAN)

§ Network designed specifically to perform block storage functions that may consist of NAS devices
§ 1. Use data encryption
§ 2. Use proper authentication
§ 3. Log NAS access

Question 17

SED

Answer 17

Self-Encrypting

DriveStorage device that performs whole disk encryption by using embedded hardware

Question 18

HSM

Answer 18

Hardware Security Module

§ Physical devices that act as a secure cryptoprocessor during the encryption process

Network attached or adaptor card

expensive!

Question 19

BlueJacking

Answer 19

Sending info over bluetooth

Question 20

Blue Snarfing

Answer 20

Taking info over bluetooth

Question 21

MDM

Answer 21

Mobile Device Management

Centralized software solution for remote administration and configuration of mobile devices

o MDM can prevent certain applications from being installed on the device

Question 22

Least Functionality

Answer 22

Process of configuring workstation or server to only provide essential applications and services

Question 23

TOS

Answer 23

Trusted Operating System (TOS)

§ An operating system that meets the requirements set forth by government and has multilevel security 
§ Windows 7 (and newer) 
§ Mac OS X 10.6 (and newer) 
§ FreeBSD (TrustedBSD) 
§ Red Hat Enterprise Server

Question 24

GPO

Answer 24

Group Policy objectives (GPOs) aid in the hardening of the operating system

o Group Policy 
§ A set of rules or policies that can be applied to a set of users or computer accounts within the operating system § Access the Group Policy Editor by opening the Run prompt and enter gpedit 
§ Password complexity 
§ Account lockout policy 
§ Software restrictions 
§ Application restrictions

Question 25

NTFS

Answer 25

New Technology File System is the default file system format for Windows and is more secure because it supports logging, encryption, larger partition sizes, and larger file sizes than FAT32

Question 26

Virtualization Sprawl

Answer 26

§ Occurs when virtual machines are created, used, and deployed without proper management or oversight by the system admins

Question 27

LSO

Answer 27

Locally Shared Object (LSO)

§ Also known as Flash cookies, they are stored in your Windows user profile under the Flash folder inside of your AppData folder

Question 28

SDLC

Answer 28

Software Development Life Cycle

Waterfall- Rigid

Agile - Time-boxed or small increments to allow more adaptivity to change.

Question 29

SEH

Answer 29

Structured Exception Handling (SEH)

§ Provides control over what the application should do when faced with a runtime or syntax error

Question 30

ASLR

Answer 30

Address Space Layout Randomization • Method used by programmers to randomly arrange the different address spaces used by a program or process to prevent buffer overflow exploits

Question 31

XSS

Answer 31

Cross-Site Scripting (XSS)
§ Occurs when an attacker embeds malicious scripting commands on a trusted website

§ Stored/Persistent

• Attempts to get data provided by the attacker to be saved on the web server by the victim

§ Reflected

• Attempts to have a non-persistent effect activated by a victim clicking a link on the site

§ DOM-based

• Attempt to exploit the victim’s web browser

§ Prevent XSS with output encoding and proper input validation

Question 32

XSRV/CSRF

Answer 32

Cross-Site Request Forgery (XSRF/CSRF)

§ Occurs when an attacker forces a user to execute actions on a web server for which they are already authenticated
§ Prevent XSRF with tokens, encryption, XML file scanning, and cookie verification

Question 33

SQL Injection

Answer 33

SQL Injection

§ Attack consisting of the insertion or injection of an SQL query via input data from the client to a web application

Question 34

ACL

Answer 34

Access Control List § An ordered set of rules that a router uses to decide whether to permit or deny traffic based upon given characteristics § IP Spoofing is used to trick a router’s ACL

Question 35

NAC

Answer 35

Network Access Control (NAC)

§ Security technique in which devices are scanned to determine its current state prior to being allowed access onto a given network
§ If a device fails the inspection, it is placed into digital quarantine

IEEE 802.1x standard is used in port-based NAC

Question 36

PBX

Answer 36

Public Branch Exchange (PBX) § Internal phone system used in large organizations

Question 37

QoS

Answer 37

Quality of Service

Question 38

DLP

Answer 38

Data Loss Prevention
§ Systems designed to protect data by conducting content inspection of data being sent out of the network § Also called Information Leak Protection (ILP) or Extrusion Prevention Systems (EPS)
§ DLP is used to ensure your private data remains secure

Question 39

UTM

Answer 39

Unified Threat Management
o Relying on a firewall is not enough
o Unified Threat Management
§ Combination of network security devices and technologies to provide more defense in depth within a single device
§ UTM may include a firewall, NIDS/NIPS, content filter, anti-malware, DLP, and VPN § UTM is also known as a Next Generation Firewall (NGFW)

Question 40

DaaS

Answer 40

Desktop as a Service

Provides a full virtualized desktop environnment from within a cloud-based service. VDI (virtualized Desktop Infrastructure.

Question 41

Hyperconvergence

Answer 41

in Cloud Computing allows providers to fully integrate the storage, network, and servers

Question 42

VDI

Answer 42

Virtual Desktop Infrastructure (VDI) § VDI allows a cloud provider to offer a full desktop operating system to an end user from a centralized server

Question 43

DC

Answer 43

Domain Controller § A server that acts as a central repository of all the user accounts and their associated passwords for the network

Question 44

Well Known Ports

Answer 44

Well-Known Ports § Ports 0 to 1023 are considered well-known and are assigned by the Internet Assigned Numbers Authority (IANA)

Question 45

Registered Ports

Answer 45

Ports 1024 to 49,151 are considered registered and are usually assigned to proprietary protocols

Question 46

Dynamic or Private Ports

Answer 46

Ports 49,152 to 65,535 can be used by any application without being registered with IANA

Question 47

DoS

Answer 47

Denial of Service (DoS) § Term used to describe many different types of attacks which attempt to make a computer or server’s resources unavailable

• Flood Attacks
• Ping of Death
• Teardrop Attack
• Permanent DoS
• Fork Bomb

Question 48

Smurf Attack

Answer 48

§ Attacker sends a ping to subnet broadcast address and devices reply to spoofed IP (victim server), using up bandwidth and processing

Question 49

Fraggle Attack

Answer 49

Attacker sends a UDP echo packet to port 7 (ECHO) and port 19 (CHARGEN) to flood a server with UDP packets SYN Flood

Question 50

SYN Flood

Answer 50

Variant on a Denial of Service (DOS) attack where attacker initiates multiple TCP sessions but never completes the 3-way handshake

Question 51

XMAS Attack

Answer 51

§ A specialized network scan that sets the FIN, PSH, and URG flags set and can cause a device to crash or reboot

Question 52

Ping of Death

Answer 52

An attack that sends an oversized and malformed packet to another computer or server

Question 53

Teardrop Attack

Answer 53

Attack that breaks apart packets into IP fragments, modifies them with overlapping and oversized payloads, and sends them to a victim machine

Question 54

Fork Bomb

Answer 54

Attack that creates a large number of processes to use up the available processing power of a computer

Question 55

Replay Attack

Answer 55

Network-based attack where a valid data transmission is fraudulently or malicious rebroadcast, repeated, or delayed §

Multi-factor authentication can help prevent successful replay attacks

Question 56

PDS

Answer 56

Protected Distribution System (PDS)

§ Secured system of cable management to ensure that the wired network remains free from eavesdropping, tapping, data emanations, and other threats

Question 57

SSID

Answer 57

Service Set Identifier (SSID)

Uniquely identifies the network and is the name of the WAP used by the clients

Disable the SSID broadcast in the exam

Question 58

Rogue Access Point

Answer 58

An unauthorized WAP or Wireless Router that allows access to the secure network

Question 59

WAF

Answer 59

Web Application Firewall

a specific form of application firewall that filters, monitors, and blocks HTTP traffic to and from a web service.

Question 60

Evil Twin

Answer 60

A rogue, counterfeit, and unauthorized WAP with the same SSID as your valid one

Question 61

WEP

Answer 61

Original 802.11 wireless security standard that claims to be as secure as a wired network

WEP’s weakness is its 24-bit IV (Initialization Vector)

Question 62

WPA

Answer 62

WiFi Protected Access

TKIP - authentication
MIC
RC4- encryption

Question 63

WPA2

Answer 63

WiFi Protected Access v2

AES 128-bit key - encryption
CCMP
Integrity checking

Question 64

WPS

Answer 64

WiFi Protected Setup

Automated encryption setup for wireless networks at a push of a button, but is severely flawed and vulnerable

§ Always disable WPS

Question 65

Wireless B, G, N

Answer 65

2.4 GHz signal

Can travel further than 5.0

Question 66

Wireless A, N, AC

Answer 66

5.0 GH signal

Question 67

Wifi Disassociation Attack

Answer 67

Attack that targets an individual client connected to a network, forces it offline by deauthenticating it, and then captures the handshake when it reconnects

Question 68

RFID

Answer 68

Radio Frequency Identification (RFID)

Devices that use a radio frequency signal to transmit identifying information about the device or token holder

RFID can operate from 10 cm to 200 meters depending on the device

Question 69

NFC

Answer 69

Near Field Communication

Allows two devices to transmit information when they are within close range through automated pairing and transmission

NFC devices are operated within 4 cm from each other

Question 70

FAR

Answer 70

False Acceptance Rate (FAR)

Type II

Rate that a system authenticates a user as authorized or valid when they should not have been granted access to the system

Question 71

FRR

Answer 71

False Rejection Rate (FRR)

Type I

Rate that a system denies a user as authorized or valid when they should have been granted access to the system

Question 72

CER

Answer 72

Crossover Error Rate (CER)

An equal error rate (ERR) where the false acceptance rate and false rejection rate are equal

CER measures the effectiveness of a biometric system

Question 73

FM-200

Answer 73

Fire Suppression system using gas

Replaced HALON as a safer alternative

Question 74

STP

Answer 74

Shielded Twisted Pair
d
Layer of shielding inside cable

Question 75

TEMPEST

Answer 75

U.S. Government standards for the level of shielding required in a building to ensure emissions and interference cannot enter or exit the facility

TEMPEST facilities are also resistant to EMPs (electromagnetic pulses)

Question 76

CAN

Answer 76

Controller Area Network

Connects all of a car’s systems together in order for them to communicate effectively

Question 77

TOTP

Answer 77

Time-based One Time Password (TOTP)

• A password is computed from a shared secret and current time

Question 78

HTOP

Answer 78

HMAC-based One Time Password (HOTP)

• A password is computed from a shared secret and is synchronized between the client and the server

Question 79

Context-aware Authentication

Answer 79

Process to check the user’s or system’s attributed or characteristics prior to allowing it to connect

Restrict authentication based on the time of day or location

Question 80

SSO

Answer 80

Single Sign-On (SSO)

A default user profile for each user is created and linked with all of the resources needed

Compromised SSO credentials cause a big breach in security

Question 81

FIdM

Answer 81

Federated Identity Management (FIdM)

A single identity is created for a user and shared with all of the organizations in a federation

• Cross-certification
• Trusted Third party

Uses SAML

Question 82

SAML

Answer 82

Security Assertion Markup Language (SAML)

• Attestation model built upon XML used to share federated identity management information between systems

Standardization of SSO

Question 83

OpenID

Answer 83

• An open standard and decentralized protocol that is used to authenticate users in a federated identity management system
• User logs into an Identity Provider (IP) and uses their account at Relying Parties (RP)
• OpenID is easier to implement than SAML

Google

• SAML is more efficient than OpenID

Question 84

802.1x

Answer 84

Standardized framework used for port-based authentication on wired and wireless networks

RADIUS

TACACS+

§ 802.1x can prevent rogue devices

Question 85

IP

Answer 85

Identity Provider

OpenId users long onto an IP and uses their account at Relying Parties (RP)

Question 86

RP

Answer 86

Relying Parties

OpenId users long onto an IP and uses their account at Relying Parties (RP)

Question 87

EAP

Answer 87

Extensible Authentication Protocol (EAP) §

A framework of of protocols under 802.1x that allows for numerous methods of authentication including passwords, digital certificates, and public key infrastructure

§ EAP-MD5 uses simple passwords for its challenge-authentication
§ EAP-TLS uses digital certificates for mutual authentication
§ EAP-TTLS uses a server-side digital certificate and a client-side password for mutual authentication

Question 88

PEAP

Answer 88

Protected EAP (PEAP)

§ Supports mutual authentication by using server certificates and Microsoft’s Active Directory to authenticate a client’s password

Question 89

Kerberos

Answer 89

An authentication protocol used by Windows to provide for two-way (mutual) authentication using a system of tickets

Port 88

A domain controller can be a single point of failure for Kerberos

Question 90

DAC

Answer 90

Discretionary Access Control (DAC)

• The access control policy is determined by the owner
• DAC is used commonly
• 1. Every object in a system must have an owner
• 2. Each owner determines access rights and permissions for each object

Question 91

MAC

Answer 91

Mandatory Access Control (MAC)

• An access control policy where the computer system determines the access control for an object
• The owner chooses the permissions in DAC but in MAC, the computer does
• MAC relies on security labels being assigned to every user (called a subject) and every file/folder/device or network connection (called an object)
• Data labels create trust levels for all subjects and objects
• To access something, you need to meet the minimum level and have a “need-to-know”
• MAC is implemented through the Rule-based and the Latticebased access control methods

Question 92

RBAC

Answer 92

Role-Based Access Control (RBAC)

• An access model that is controlled by the system (like MAC) but utilizes a set of permissions instead of a single data label to define the permission level
• Power Users is a role-based permission

Question 93

ABAC

Answer 93

Attribute-Based Access Control (ABAC)

• An access model that is dynamic and context-aware using IF-THEN statements
• If Jason is in HR, then give him access to \fileserver\HR

Question 94

UAC

Answer 94

User Account Control (UAC) § A security component in Windows that keeps every user in standard user mode instead of acting like an administrative user

• Only exception is the Administrator account *
  1. Eliminates unnecessary admin-level requests for Windows resources
  2. Reduces risk of malware using admin-level privileges to cause system issues UAC can be disabled from the Control Panel

Question 95

SLE

Answer 95

§ Single Loss Expectancy (SLE)

• Cost associated with the realization of each individualized threat that occurs

SLE = Asset Value x Exposure Factor

Question 96

ARO

Answer 96

Annualized Rate of Occurrence (ARO)

• Number of times per year that a threat is realized

Question 97

ALE

Answer 97

Annualized Loss Expectancy (ALE)

• Expected cost of a realized threat over a given year

ALE = SLE x ARO

Question 98

OVAL

Answer 98

Open Vulnerability and Assessment Language (OVAL)

§ A standard designed to regulate the transfer of secure public information across networks and the Internet utilizing any security tools and services available

§ OVAL is comprised of a language and an interpreter

Question 99

Symmetric Algorithms

Answer 99

Symmetric Algorithms

• DES, 3DES, IDEA, AES, Blowfish, Twofish, RC4, RC5, RC6

Question 100

Asymmetric Algorithms

Answer 100

Asymmetric Algorithms

• Diffie-Hellman, RSA, and ECC

Question 101

DES

Answer 101

Data Encryption Standard (DES)

§ Encryption algorithm which breaks the input into 64-bit blocks and uses transposition and substitution to create ciphertext using an effective key strength of only 56-bits § DES used to be the standard for encryption

Question 102

IDEA

Answer 102

International Data Encryption Algorithm (IDEA)

Symmetric block cipher which uses 64-bit blocks to encrypt plaintext into ciphertext

Question 103

AES

Answer 103

Advanced Encryption Standard (AES)

§ Symmetric block cipher that uses 128-bit, 192-bit, or 256-bit blocks and a matching encryption key size to encrypt plaintext into ciphertext
§ AES is the standard for encrypting sensitive U.S. Government data

Question 104

RC4

Answer 104

Rivest Cipher (RC4)

Symmetric stream cipher using a variable key size from 40-bits to 2048bits that is used in SSL and WEP

Question 105

RSA

Answer 105

RSA (Rivest, Shamir, and Adleman) §

Asymmetric algorithm that relies on the mathematical difficulty of factoring large prime numbers

Question 106

PGP

Answer 106

Pretty Good Privacy o Pretty Good Privacy (PGP)

§ An encryption program used for signing, encrypting, and decrypting emails
§ The IDEA algorithm is used by PGP o Symmetric functions use 128-bit or higher keys and the asymmetric functions use 512-bit to 2048-bit key sizes o GNU Privacy Guard (GPG)
§ A newer and updated version of the PGP encryption suite that uses AES for its symmetric encryption functions § GPG has cross-platform availability

Question 107

PRNG

Answer 107

Pseudo-Random Number Generator (PRNG)

§ A simulated random number stream generated by a computer that is used in cryptography, video games, and more

Question 108

MD5

Answer 108

Message Digest 5 (MD5)

Algorithm that creates a fixed-length 128-bit hash value unique to the input file

Question 109

SHA-1

Answer 109

Secure Hash Algorithm (SHA-1)

Algorithm that creates a fixed-length 160-bit hash value unique to the input file

Question 110

SHA-2

Answer 110

Secure Hash Algorithm (SHA-2)

Family of algorithms that includes SHA-224, SHA-256, SHA-348, and SHA512

Question 111

RIPEMD

Answer 111

RACE Integrity Primitive Evaluation Message Digest (RIPEMD)

An open-source hash algorithm that creates a unique 160-bit, 256-bit, or 320-bit message digest for each input file

Question 112

HMAC

Answer 112

Hash-based Message Authentication Code (HMAC)

Uses a hash algorithm to create a level of assurance as to the integrity and authenticity of a given message or file §

HMAC-MD5
HMAC-SHA1
HMAC-SHA256

Question 113

X.509

Answer 113

X.509

Standard used PKI for digital certificates and contains the owner/user’s information and the certificate authority’s information

Question 114

Wildcard Certificates

Answer 114

Wildcard Certificates

§ Allow all of the subdomains to use the same public key certificate and have it displayed as valid
§ Wildcard certificates are easier to manage

Question 115

SAN

Answer 115

Subject Alternative Name (SAN)

Allows a certificate owner to specify additional domains and IP addresses

to be supported

Question 116

CRL

Answer 116

Certificate Revocation List (CRL)

An online list of digital certificates that the certificate authority has revoked

Question 117

OCSP

Answer 117

Online Certificate Status Protocol (OCSP)

A protocol that allows you to determine the revocation status of a digital certificate using its serial number

Question 118

Public Key Pinning

Answer 118

Public Key Pinning

Allows an HTTPS website to resist impersonation attacks by presenting a set of trusted public keys to the user’s web browser as part of the HTTP header

Question 119

S/MIME

Answer 119

o Secure/Multipurpose Internet Mail Extensions (S/MIME)

§ A standard that provides cryptographic security for electronic messaging
o Authentication
o Integrity
o Non-repudiation

o S/MIME can encrypt emails and their contents …including malware

Question 120

IPSec

Answer 120

IPSec §
Paired with L2TP for VPN

A TCP/IP protocol that authenticates and encrypts IP packets and effectively securing communications between computers and devices using this protocol

IPSec provides confidentiality (encryption), integrity (hashing), and authentication (key exchange)

Question 121

IKE

Answer 121

Internet Key Exchange (IKE)

§ Method used by IPSec to create a secure tunnel by encrypting the connection between authenticated peers

Question 122

AH

Answer 122

Authentication Header (AH)

Protocol used in IPSec that provides integrity and authentication

Question 123

ESP

Answer 123

Encapsulating Security Payload (ESP)

§ Provides integrity, confidentiality, and authenticity of packets by encapsulating and encrypting them
§ Transport Mode
• Host-to-host transport mode only uses encryption of the payload of an IP packet but not its header
• Transport mode is used for transmission between hosts on a private network

Question 124

Policies

Answer 124

Broad and generic

Question 125

Procedures

Answer 125

Specific

Question 126

GLBA

Answer 126

Gramm-Leach-Bliley Act (GLBA) § Affects banks, mortgage companies, loan offices, insurance companies, investment companies, and credit card providers

Question 127

SOX

Answer 127

Sarbanes-Oxley (SOX)

§ Affects publicly-traded U.S. corporations and requires certain accounting methods and financial reporting requirements

Question 128

PCI DSS

Answer 128

Payment Card Industry Data Security Standard (PCI DSS) is a contractual obligation

Question 129

FISMA

Answer 129

Federal Information Security Management (FISMA) Act of 2002

Requires each agency to develop, document, and implement an agencywide information systems security program to protect their data

Question 130

Due Diligence

Answer 130

Due Diligence

Ensuring that IT infrastructure risks are known and managed properly

Question 131

KPA

Answer 131

Known plaintext attack

Question 132

POODLE

Answer 132

The POODLE attack (Padding Oracle on Downgraded Legacy Encryption) exploits a vulnerability in the SSL 3.0 protocol (CVE-2014-3566). This vulnerability lets an attacker eavesdrop on communication encrypted using SSLv3. The vulnerability is no longer present in the Transport Layer Security protocol (TLS), which is the successor to SSL (Secure Socket Layer).

Question 133

Pointer Dereference

Answer 133

an attempt to read a variable that stores a null value

Question 134

HMS

Answer 134

physical computing device that safeguards and manages digital keys, performs encryption and decryption functions for digital signatures, strong authentication and other cryptographic functions. … A hardware security module contains one or more secure cryptoprocessor chips.

Question 135

SRTP

Answer 135

Secure Real time Protocol

Question 136

RPO

Answer 136

Recovery Point Objective
Recovery Point Objective (RPO) is a measure of how frequently you take backups. If a disaster occurs between backups, can you afford to lose five minutes’ worth of data updates? Or five hours? Or a full day? RPO represents how fresh recovered data will be. In practice, the RPO indicates the amount of data (updated or created) that will be lost or need to be reentered after an outage.

Question 137

RTO

Answer 137

Recovery Time Objective (RTO) is the amount of downtime a business can tolerate. In a high-frequency transaction environment, seconds of being offline can represent thousands of dollars in lost revenue, while other systems (such as HR databases) can be down for hours without adversely impacting the business. The RTO answers the question, “How long can it take for our system to recover after we were notified of a business disruption?”