SecPlusP4 Flashcards
(346 cards)
1
Q
How does a DNS amplification attack exploit the DNS resolution process?
A
By sending spoofed DNS queries to open DNS servers
2
Q
What is one way to mitigate the impact of DNS responses?
A
Limit the size of DNS responses
3
Q
How can DNS tunneling be used to bypass firewall rules?
A
Encapsulates non-DNS traffic over port 53
4
Q
What is one way to mitigate domain hijacking?
A
Monitor and analyze DNS logs for unusual patterns
5
Q
What is a DNS Zone Transfer Attack?
A
Attempts to obtain an entire DNS zone data copy
6
Q
What can a DNS Zone Transfer Attack expose?
A
Sensitive information about a domain’s network infrastructure
7
Q
What can a Directory Traversal Attack allow access to?
A
Commands, files, and directories that may or may not be connected to the web document root directory
8
Q
What character do Windows systems use as the default directory separator?
A
\
9
Q
What character do Unix-like systems use as the directory separator?
A
/
10
Q
What can directory traversals be used to do?
A
Access any file on a system with the right permissions
11
Q
How can attackers hide directory traversal attempts?
A
Using encoding (%2e%2e%2f represents ../)
12
Q
What is file inclusion vulnerability?
A
A web application vulnerability that allows an attacker to download or upload files
13
Q
What is remote file inclusion?
A
Injecting a remote file into a web app or website
14
Q
What is an example of remote file inclusion?
A
Attacker executing a script with a remote file URL
15
Q
What is local file inclusion?
A
Adding a file to a web app or website that already exists on the server
16
Q
What is an example of local file inclusion?
A
Attacker adding a file to the web app with server file URL
17
Q
What do ../ in logs pertain to?
A
Directory traversals
18
Q
What is a directory traversal attack?
A
Attacker tries to access files outside the target directory
19
Q
How can input validation help prevent directory traversals and file inclusion attacks?
A
Verify and sanitize user input to ensure it conforms to expected formats
20
Q
What is arbitrary code execution?
A
Running an attacker’s code without restrictions
21
Q
What is remote code execution?
A
Executing code remotely, often over the internet
22
Q
What is privilege escalation?
A
Gaining higher-level permissions than originally assigned
23
Q
Why is privilege escalation dangerous?
A
Allows attackers to operate with elevated privileges, such as administrator or root access
24
Q
What is vertical privilege escalation?
A
Going from normal user to higher privilege (e.g., admin or root)
25
What is horizontal privilege escalation?
Accessing or modifying resources at the same level as the attacker
26
Why is understanding privileges crucial for system security?
Applications inherit the permissions of the user running them
27
What is a rootkit?
Malware that conceals its presence by modifying system files
28
What is Ring Zero?
Highest privilege level for the kernel
29
What are Kernel mode rootkits?
More dangerous due to extensive control
30
What are Rings 1 to 3?
User-level components with decreasing privileges
31
Why are Ring Zero rootkits more dangerous?
Extensive control over the kernel
32
What is a kernel mode rootkit?
Rootkit embedded in the kernel with maximum control
33
What is a user mode rootkit?
Rootkit attached to user-level components with administrator-level privileges
34
What is a replay attack?
Malicious re-broadcasting or delaying of valid data transmissions
35
How is a replay attack different from a session hijack?
In a session hijack, the attacker alters real-time data transmission while in a replay attack, the attacker can decide later whether to retransmit the data
36
Where can replay attacks occur?
Banking, email, online shopping, social media, wireless authentication
37
What is a credential replay attack?
Capturing user's login credentials and reusing them for unauthorized access
38
How can replay attacks be prevented?
Use session tokens, implement multi-factor authentication, use security protocols like WPA3
39
What is the purpose of a cookie?
To store information about a user when they visit a website
40
Why must cookies be protected?
They contain client information transmitted across the Internet
41
What are session cookies?
Non-persistent, reside in memory, deleted when browser is closed
42
What are persistent cookies?
Stored in browser cache, deleted by user or expiration date
43
What should be done to cookies that store confidential information?
Encrypt them
44
How can session hijacking attacks occur?
Theft or modification of cookies
45
What is a session prediction attack?
Attacker predicts session token to hijack a session
46
What is the requirement for generating a session token?
Non-predictable algorithm and no session information
47
What is cookie poisoning?
Modifying a cookie to exploit web app vulnerabilities
48
What is an on-path attack?
Attacker positions between hosts to intercept communication
49
What are some methods for On-Path Attacks?
ARP Poisoning, DNS Poisoning, Rogue Wireless Access Point, Rogue Hub or Switch
50
What is ARP Poisoning?
Manipulating ARP tables to redirect network traffic
51
What is DNS Poisoning?
Altering DNS responses to reroute traffic
52
What is a Rogue Wireless Access Point?
Creating a fake wireless access point to intercept traffic
53
What is a Rogue Hub or Switch?
Introducing a malicious hub or switch to capture data on a wired network
54
What is a Replay Attack?
Capturing valid data and replaying it immediately or with a delay
55
What is a relay attack?
Attacker becomes part of conversation
56
What is the role of the attacker in a relay attack?
Serves as a proxy to read or modify communication
57
What is one challenge faced by attackers in relay attacks?
Difficulty in intercepting and crafting communication due to encryption
58
What encryption scheme can pose significant challenges for attackers in relay attacks?
TLS 1.3
59
What is SSL stripping?
An attack that tricks the encryption application into presenting an HTTP connection instead of HTTPS
60
What does SSL stripping enable attackers to do?
Capture unencrypted data when the user believes they are using a secure connection
61
What is a downgrade attack?
An attacker forces a client or server to abandon a higher security mode in favor of a lower security mode
62
What is the scope of downgrade attacks?
Downgrade attacks can be used with various encryption and protection methods, including Wi-Fi and VPNs
63
What situations are vulnerable to a downgrade attack?
Any situation where a client agrees to a lower level of security that is still backward compatible
64
What are injection attacks?
Unspecified
65
What is LDAP?
An open application protocol for accessing and maintaining distributed directory information services
66
What is LDAP Injection?
An application attack that targets web-based applications by fabricating LDAP statements
67
How to protect against LDAP injection?
Use input validation and input sanitization
68
What is command injection?
Executing shell commands via a vulnerable web application
69
What is process injection?
Executing arbitrary code in a separate live process
70
What are some methods of process injection?
Injection through DLLs, Thread Execution Hijacking, Process Hollowing, Process Doppel Ganging, Asynchronous Procedure Calls, Portable Executable Injections
71
How can process injection be mitigated?
Endpoint security solutions, Security Kernel Modules, Least Privilege, Indicators of Compromise
72
What are indicators of compromise?
Forensic data that identify potentially malicious activity
73
What does IoC stand for?
Indicators of Compromise
74
What is account lockouts?
Locking an account due to multiple failed login attempts
75
Why is balancing security with usability crucial when implementing account lockout?
To avoid locking legitimate users out
76
What does concurrent session usage refer to?
Multiple active sessions from a single user account
77
What does blocked content involve?
Attempts to access or download content blocked by security protocols
78
What does blocked content suggest?
User trying to access malicious content or an attacker attempting to steal data
79
What are indicators of impossible travel in account logins?
Geographically distant locations and unreasonably short timeframe
80
What can unusual spikes in resource utilization indicate?
Malware infections or DDoS attacks
81
What is resource inaccessibility in relation to security attacks?
Inability to access files, databases, or network services
82
What does out-of-cycle logging indicate?
Attacker trying to hide activities during off-peak hours
83
What does missing logs suggest?
Logs have been deleted to hide attacker activities
84
What are some examples of published articles or documents that attackers can use to publicly disclose their actions?
Social media, hacker forums, newspaper articles, victim's own website
85
What is the purpose of hardening in security?
Strengthen overall security posture and resilience against cyberattacks
86
What are some measures of hardening?
Apply security patches, configure access controls, disable unnecessary services
87
What are default configurations in security?
System or application settings that are pre-set by the vendor
88
What is the purpose of restricting applications in security?
Prevent unauthorized or malicious software from running
89
What is a method to identify unnecessary services?
System audit or vulnerability scanning
90
What are the risks and consequences of running unnecessary services?
Increased attack surface
91
How can disabling unnecessary services reduce the attack surface?
By reducing potential entry points for attackers
92
What are trusted operating systems?
Operating systems with rigorous security evaluations and certifications
93
What is the role of Group Policies in Windows environments?
Central management and control of user and computer settings
94
What is SELinux?
Security-Enhanced Linux, implementing mandatory access controls for enhanced security
95
What are the different levels of data encryption?
Full-disk, Partition, File, Volume, Database, Record Level Encryption
96
What is the purpose of secure baselines?
Establishing a secure starting point for minimizing security risks
97
Why should default passwords be changed?
To ensure security
98
How often should passwords be rotated?
Every 90 days
99
What should be used to manage passwords?
Password manager
100
What should be done with unneeded ports?
Close them
101
What should be done with enabled ports and protocols?
Audit them
102
What should be used instead of insecure protocols?
Secure versions
103
What should be done with extra open ports?
Close the insecure ones
104
What can be done to restrict applications?
Implement application restrictions
105
What is the goal of least functionality?
To provide only the necessary applications and services
106
Why should unneeded applications be restricted or uninstalled?
To reduce vulnerabilities
107
Why is keeping software up-to-date important for security?
To ensure the latest security patches and fixes are applied
108
What is the challenge with managing software in large networks?
Controlling excessive installations
109
What are secure baseline images used for?
To install new computers
110
What does a secure baseline image include?
OS, minimum required applications, and strict configurations
111
How should secure baseline images be updated?
Based on evolving business needs
112
Why is preventing unauthorized software installation important?
It poses security risks
113
What are application allowlisting and blocklisting used for?
To control which applications can run on a workstation
114
How does application allowlisting work?
Only approved applications are allowed to run
115
What happens to applications not on the approved list in application allowlisting?
They are blocked from running
116
What is a Trusted Operating System (TOS)?
Operating system that enforces stringent security policies
117
What is Evaluation Assurance Level (EAL)?
Security standard for assessing security controls in an OS
118
What is the highest level of assurance?
EAL 7
119
What is mandatory access control?
Access permissions determined by system administrators and enforced by operating system
120
What is security auditing?
Process of monitoring and analyzing computer systems to ensure they are operating securely
121
What is role-based access control?
Access permissions determined by roles assigned to users
122
What is an example of a trusted operating system?
SELinux
123
What does Trusted Solaris offer?
Secure multi-level operations with MAC and detailed system audits
124
How does Trusted OS enhance security?
By using microkernels and minimizing the trusted base
125
What should be considered when choosing an operating system?
Balancing security with usability, performance, and functional requirements
126
What are the two methods of patch management?
Manual and Automated
127
What is a hotfix?
A software patch that solves a security issue and should be applied immediately
128
What is an update?
Provides additional functionality but doesn't usually patch security issues
129
What is a service pack?
Includes all hotfixes and updates since the release of the operating system
130
What are the risks of updates?
They can introduce new vulnerabilities
131
What does effective patch management involve?
Assigning a dedicated team to track vendor security patches
132
What is the importance of establishing automated system-wide patching for OS and applications?
1
133
How can cloud resources be included in patch management?
2
134
What are the categories for prioritizing patches?
2
135
Why is it important to create a test environment for critical patches before production deployment?
1
136
What is the purpose of maintaining comprehensive patching logs?
3
137
How can firmware updates be evaluated, tested, and deployed?
2
138
How can urgent patches be deployed to production?
2
139
What should be done periodically with non-critical patches?
2
140
What is patch management?
Planning, testing, implementing, and auditing of software patches
141
Why is patch management important?
Important for compliance
142
What are the four steps in the patch management process?
Planning, Testing, Implementing, Auditing
143
What is the purpose of planning in patch management?
Creating policies, procedures, and systems to track and verify patch compatibility
144
What is the purpose of testing in patch management?
To prevent the patch from causing additional problems
145
How can patch implementation be done?
Manually or automated
146
Why should large organizations use a central update server?
Centralized control
147
How can mobile devices be patched?
Using an MDM
148
What are patch rings?
Implementing patches group by group
149
What is auditing in patch management?
Scanning network and checking for issues
150
Why should firmware versions be monitored and patched?
To maintain security and stability
151
What are group policies?
Rules and policies for users or computers
152
How can you access the Group Policy Editor?
Enter 'gpedit' in the run prompt.
153
What is the purpose of the local Group Policy Editor?
To create and manage policies within a Windows environment.
154
What are some examples of rules that can be applied using Group Policies?
Password complexity requirements, account lockout policies, software restrictions, application restrictions.
155
What is a security template?
A group of policies that can be loaded through the Group Policy Editor
156
What is the purpose of a security template in corporate environments?
To create security templates with predefined rules based on administrative policies
157
What is a Group Policy Objective (GPO) used for?
To harden the operating system and establish secure baselines
158
What is baselining?
A process of measuring changes in the network, hardware, or software environment
159
How does the Group Policy Editor in Windows be accessed?
By entering 'gpedit' in the run prompt
160
What can be done using the Group Policy Editor?
Create allow or block list rules for application control policies
161
How do you navigate to the App Locker section in the Group Policy Editor?
Navigate to 'Computer Configuration' > 'Windows Settings' > 'Security Settings' > 'Application Control Policies' > 'App Locker'
162
What is the first step in creating an executable rule in App Locker?
Create an executable rule
163
What are the two options to choose from when creating an executable rule?
Choose to allow or deny
164
Who can you select for the rule to apply to?
Select who the rule applies to (e.g., everyone)
165
What are the conditions you can define for the rule in App Locker?
Define the rule based on conditions like publisher, path, or file hash
166
What are the steps to create a rule in Group Policy Editor?
Specify path, Name rule, Create default rules, Deploy policy
167
What are the default allow rules in Group Policy Editor?
Program Files, Windows folder, Administrators
168
What is an example of a deny rule in Group Policy Editor?
Block files in temp directory
169
What does SELinux enforce?
Mandatory Access Control (MAC)
170
What are context-based permissions?
Permission schemes based on properties
171
What are the two main context-based permission schemes in Linux that use MAC?
SELinux and AppArmor
172
What is DAC?
Discretionary Access Control
173
What does DAC allow object owners to do?
Directly control access using tools like 'chown' and 'chmod'
174
What does SELinux rely on for permissions and access control?
MAC
175
What does SELinux enhance?
File system and network security
176
What are the three main contexts in SELinux?
User Context, Role Context, Type Context
177
What is remote work?
Employees work outside the traditional office
178
What is hybrid work?
Combines traditional office work with remote work opportunities
179
What are the security challenges of remote and hybrid work environments?
Increased risk due to lack of physical security controls outside the office, data exposure, weaker network security, cyberattacks, increased risk of device loss or theft
180
What are some measures to address security challenges in remote work?
Establish comprehensive policies, use secure connections like VPN, implement multi-factor authentication, provide cybersecurity training and awareness, encourage reporting of incidents, use company-issued devices, define security measures for BYOD, set up automated backups, choose secure collaboration tools, maintain clear communication
181
What is the recommended method for data access in remote work?
VPN
182
What should be done to enhance security for data access in remote work?
Implement multi-factor authentication
183
What should employees receive to improve their cybersecurity awareness?
Cybersecurity training
184
What should be encouraged in the event of security incidents?
Reporting
185
What is a secure option for device usage in remote work?
Company-issued devices
186
How should personally owned devices be secured?
Define security measures for BYOD
187
What should be done for data protection?
Set up automated backups
188
What should be considered when choosing collaboration tools?
End-to-end encryption and administrative controls
189
What is important for maintaining effective security measures in remote work?
Clear communication with the cybersecurity team
190
How many IP addresses can computers understand?
270
191
How can computers understand 270 https://www.DionTraining.com?
IP addresses
192
How many domains can group policies be used to deploy and manage allowlists and blocklists?
286
193
What allow centralized management of lists?
tory domain controllers
194
What does the Optional Context Level Context describe?
sensitivity level of a file, directory, or process
195
What is the Optional Context Level Context Describes the sensitivity level of a file, directory, or process?
a multi-level security context
196
How many security techniques must you be able to apply to computing resources?
4.5
197
What is the Security Techniques Objectives?
4.1
198
What is the name of the study topic?
Wireless Infrastructure Security
199
What is a Transport method selection?
Wireless Infrastructure Security
200
What impacts network performance and security?
Placement of Wireless Access Points
201
What is crucial for securing wireless networks in organizations?
Wireless Infrastructure Security
202
What standards do WAPs use to connect wireless devices to a wired network?
Wi-Fi standards 300
203
What does WAPs allow wireless devices to connect to a wired network using Wi-Fi standards 300?
Wireless Access Point Placement
204
What is used on higher locations for better coverage?
Mount WAPs
205
What is a site visit to test for radio frequency interference?
301
206
What type of coverage does CompTIA Security+ provide?
Wireless coverage
207
What is SY0-701?
CompTIA Security+
208
What is a useful tool for visualizing the effectiveness of WAP placement and configuration?
Signal leakage
209
What is the name of the device that helps in visualizing the effectiveness of WAP placement and configuration?
Wireless Security Settings
210
What is essential for data confidentiality in wireless networks?
Wireless Encryption
211
What types of services are offered?
Authentication, Authorization, and Accounting
212
What is the terminal Access Controller Access-Control System Plus?
TACACS+
213
What is the purpose of TCP encryption?
enhanced security
214
What is used for enhanced security?
TCP
215
What is used to verify user identity and control network access?
Authentication Protocols
216
How many websites are there for DionTraining?
308
217
What is the name of the web filtering technique?
Agent-Based Web Filtering
218
What type of security is often used by schools, universities, and organizations to ensure safe and educational internet usage?
Email Security
219
What protects email content, accounts, and infrastructure from unauthorized access, loss, or compromise?
Encompasses techniques and protocols
220
What is a protection against email spoofing?
Improved email deliverability
221
Where does a receiving server check if the sender's IP is authorized?
SPF record 310
222
What does SY0-701 mean?
CompTIA Security+
223
What is CompTIA Security+?
SY0-701
224
What is the goal of preventing email spoofing?
Improving email deliverability
225
How many UBA tools can identify potential threats before significant damage occurs?
315
226
What is another example of HTTP vs. SFTP?
HTTPS
227
What often indicate whether a protocol is secure?
Default port numbers
228
What can add a layer of obscurity but not replace robust security measures?
Changing port numbers
229
What layer of security can change port numbers add?
obscurity
230
How many times does the program's scope define?
324
231
What is the definition of security weaknesses?
True
232
What are valuable maps for attackers 330?
Vulnerability reports
233
What can be used to share reports on a need-to-know basis?
Encrypt reports
234
Importance Crucial for maintaining integrity, confidentiality, and availability of information systems Components Alerting (not
Monitoring
235
What type of alerts are there?
True Positive
236
What is a legitimate issue?
False Positive
237
What is the name of the issue that indicates an issue when there isn't one?
True Negative
238
What is the name of the issue that does not exist in the absence of an issue?
False Negative
239
What does False Negative mean?
Correctly recognizes the absence of an issue
240
How many false positives do you want to avoid?
alert fatigue
241
What software tool is used for scanning and analyzing?
Manual Monitoring
242
What type of tools are used for scanning and analyzing?
Software tools
243
What is the overview of monitoring systems, applications, and infrastructure?
Monitoring Resources
244
What is a log Aggregation?
Monitoring Activities
245
What is the name of the report that generates reports on system and network status?
Archiving
246
What does Alert Response and Remediation/Validation do?
historical data
247
What are historical data?
Alert Response and Remediation/Validation
248
What is SIEM?
Security Information and Event Management
249
What tools collects and aggregates log data?
Security Tools
250
What are some sources of data collected from?
Antivirus, DLP systems, NIDS, NIPS, firewalls, Vulnerability scanner
251
How many networks does DionTraining have?
Network performance 334
252
What can indicate potential issues?
Deviations from the baseline
253
What may indicate code problems or resource deficiencies?
Slower response times
254
What does Observe physical and virtual infrastructure, including servers, networks, virtual machines, containers, and cloud services?
Infrastructure Monitoring
255
What can be triggered based on thresholds or anomalies?
alerts
256
What does CompTIA Security+ include?
Vulnerability scanning
257
What is the name of the data that is stored at DionTraining.com?
Incident data 337
258
What is one of the steps that should be taken to manage and resolve issues based on alerts or scans?
Investigating
259
What changes alert parameters to reduce errors, false positives, and improve alert relevance?
Alert Tuning
260
What is SNMP?
Simple Network Management Protocol
261
What types of tools are included in the collection?
free and open-source SIEM tools
262
What is the name of the software that protects systems against malware?
Data from Security Tools
263
What is the name of the CompTIA that Generates malware detection logs, system scans, and updates?
Security+
264
How many logs does DionTraining.com have?
344
265
What are Network Intrusion Detection Systems and NIDS?
Network Intrusion Prevention Systems
266
What is the name of the Simple Network Management Protocol?
SNMP
267
What is the Multi Router Traffic Grapher?
MRTG
268
How many people are detected by SPOG?
350
269
What can security teams monitor the environment for suspicious signs?
Security teams can monitor the environment for suspicious signs like unusual traffic or failed logins
270
What steps can be implemented as software or hardware?
Defining Requirements
271
What are the steps for implementing SPOG Defining Requirements Defining Requirements
Software or hardware
272
How many phases is Containment, Eradication, and Recovery divided into?
three
273
How many phases is Detection and Analysis divided into?
two
274
How many Phases of Incident Response focuses on making systems resilient to attacks by hardening systems?
355
275
How many Phases of Incident Response are Preparation Get an organization ready for future incidents?
Seven Phases of Incident Response
276
What is the name of the computer network that creates policies, procedures, and a communication plan?
CompTIA Security+ (SY0-701)
277
What is the purpose of identifying an effective solution?
Implement and track the solutions
278
What are the lessons learned?
Documents experiences during incidents
279
What is the name of the team that collects formalized information about what happened?
incident response
280
What is the name of the organization that has full-time incident response teams?
IT Support 357
281
What is used to detect threats that haven't been discovered by normal security monitoring?
Proactive cybersecurity technique
282
What do Threat Actors and Activities do?
Create scenarios to understand how attackers might attempt an intrusion
283
What is the purpose of CompTIA Security+?
Threat Hunting Process
284
How many times is the root cause analysis?
359
285
What is the name of the source device?
CompTIA Security+ (SY0-701)
286
What are the data sources for an Incident Investigation?
Dashboards and Automated Reports
287
What do you need to be able to use to support an investigation?
Data Sources
288
What is a Role Foundation for understanding potential entry points?
Identify system vulnerabilities
289
What type of traffic does Firewall Logs detect?
Monitor network traffic
290
How many logs do DionTraining logs detect?
368
291
What is the name of Study Notes?
CompTIA Security+ (SY0-701)
292
Automated responses can include suspending user accounts, blocking IP addresses, and what?
resetting passwords
293
The analysis of the report is essential to confirm what ity of identified vulnerabilities?
Valid
294
What reduces the risk of burnout?
Reduces repetitive and mundane tasks
295
How much does DionTraining reduce staffing needs and optimizes resource allocation?
Cost savings
296
How many times does DionTraining.com have?
381
297
What improves IT and customer support team efficiency?
Automating Support Ticket Management
298
Automating SupportTicket Management Enhances what?
IT and customer support team efficiency
299
What improves customer satisfaction?
Streamlines issue resolution
300
How many steps does Automating Support Ticket Creation take?
Six steps
301
What is the name of the six steps in the ticket creation process?
Automating Support Ticket Creation
302
What reduces the risk of lost or overlooked tickets?
Accelerates response time to user needs
303
What addresses complex or high-priority issues?
Ticket escalation
304
What is Automation Involves using technology to execute repetitive tasks without continuous human intervention?
Automating Onboarding
305
How many support ticket management processes does DionTraining have?
383
306
How many platforms does Automation keep user information synchronized across?
384
307
What are the resources included in Resource Provisioning Software licenses Communication tools Process involves Requirements analysis
Workstations
308
How does Automating Security help prevent?
security vulnerabilities
309
What is the name of the website that automates service access management to prevent unnecessary risks?
386
310
What is the name of the system that manages permissions using Role-based Access Controls?
Automating Permissions Management
311
What is the purpose of managing access rights using Role-based Access Controls?
Automate provisioning and de-provisioning
312
What verifies each check-in and detects problems 387?
Automated build process
313
What ensures software quality after integration?
Automated tests
314
What is CI/CD?
Continuous Delivery
315
What does CD stop short of automatic production deployment?
Automated testing and build processes
316
What is automated only to a certain stage?
Full deployment process
317
What is the purpose of deployment to production environment?
manual business decision
318
How many times does DionTraining.com allow flexibility in timing, market conditions, and stakeholder readiness?
388
319
What takes CI/CD further by automatically deploying code changes to testing and production environments?
Continuous Deployment
320
How many years ago did DionTraining enable software developers to access functions or features of another application programmatically?
389
321
What are APIs used to facilitate communication between different parts of a microservice or service-oriented architecture?
Common communication methods
322
What is the name of the common communication method used by APIs?
REST
323
What types of methods does REST use for interactions?
HTTP methods, status codes, URIs, and MIME types
324
What is used for data transfer?
JSON
325
What protocol is suitable for integration with existing websites?
Lightweight protocol
326
What is a simple Object Access Protocol?
SOAP
327
In what format does SOAP have a structured message format?
XML
328
What is SOAP's structured message format known for?
robustness, additional security features, and transaction compliance
329
What has a structured message format in XML?
SOAP
330
Suitable for what type of web services?
enterprise-level web services
331
What type of requirements do web services have?
regulatory compliance requirements
332
What type of transactions are required for enterprise-level web services?
complex transactions
333
What are the commonly used protocols for API testing?
HTTP and HTTPS 390
334
CURL allows sending data to an API and receiving what type of response?
JSON
335
What is the goal of 5.6?
Security Awareness
336
What is Knowledge and understanding of security threats and mitigation measures Goal Equip individuals to recognize and respond to threats for data protection?
Security Awareness
337
How many passwords does DionTraining.com have?
392
338
What is insider threat from individuals within an organization?
Security risk
339
What are techniques Maintaining situational awareness, avoiding shoulder surfing, eavesdropping?
Social Engineering Attacks
340
What does Organizational mindset prioritize security in daily tasks and decision-making?
Creating a Culture of Security
341
What is essential in addressing insider threats?
Training employees
342
How many items do Discreet investigations to rule out illicit activities, theft, or information selling?
394
343
What do employees under financial stress express financial woes to coworkers?
Financial Struggles
344
What is the name of the person who is responsible for detecting anomalous behavior while respecting employee privacy?
Password Managers
345
What is a specialized tool, plugin, or extension used with web browsers?
Password Manager
346
What are most usernames?
Email addresses
