Security+ Flashcards
Phishing
Social engineering email trying to spoof users into entering in credentials.
Typosquatting
Attackers slightly changing the URL to make it look legit.
Ex - www.googe.com instead of www.google.com
Pharming
Occurs when an attacker redirects one website’s traffic to another
website that is bogus or malicious
Vishing
(voice phishing) Phone call to you
Smishing
SMS phishing, text message to you.
Spear Phishing
targeted phishing with prior reconnaissance done.
Impersonation
attackers impersonate or make up a story to gain your trust or attention.
Ex. “This is Jim calling from Microsoft Support, we need you to call us because there are issues with your computer”.
Dumpster Diving
Physical dumpster diving by an attacker, sifting through trash to get information from things that may have been thrown out.
Shoulder Surfing
Physically looking over someone’s shoulder, looking at your computer and gaining information.
Hoax
A fake situation that is designed to fool your users into thinking its real.
Watering Hole Attacks
Attackers target a third party site that you or your users use. They then attack that site, and thus gain access to your information or user’s information.
Ex. Attacking Vanta and redirecting their DNS to a spoofed site
Influence Campaigns
Attackers advertise online or post propaganda to influence the opinions of others
Ex - Political campaigns involving falsehoods.
Tailgating
Attacker physically follows you inside the building using your credentials.
Invoice Scams
Attacker sends an email with a fake invoice to the user who pays invoices.
Credential Harvesting
Malware software that extracts credentials stored on your local machine and sends them in an email to an attacker.
Botnet
Group of machines that have the same malware on them. Attackers can execute bulk actions on all machines inside the botnet.
Bot
Single host in a botnet
Virus
Needs human intervention to run, can replicate itself
Worms
No human intervention, uses vulnerabilities in the OS or apps installed to move itself from system to system. Usually resolved via firewall rules, which stops the network transmission to other hosts.
Ransomware
encryption of data, ransom has to be met in order for data to be decrypted.
Crypto-malware
Encrypts all data on a machine and only decrypts and restores it using a proper key. This is the underlying technique behind ransomware attacks.
Trojan
Software that pretends to be something else, you run it and it turns out to be malware. Designed to be non-threatening to standard AV and other common types of defenses.
PUP (Potentially Unwanted Program)
Not malicious in character but bothersome and hard to remove.
Ex - an add toolbar within your web browser.
Backdoor
Malware creates a backdoor, or new way of gaining access to your system for easy access in the future. Other malware can use this new backdoor to infect your system, as it now opened a new vulnerability.
RAT (Remote Access Trojan)
Remote administration tool, the ultimate backdoor.
Rootkit
Rootkits modify files in the kernel of the OS, making it invisible to AV since AV does not detect the kernel as malicious.
What makes rootkits so dangerous?
Rootkits focus on stealth and can create an environment on the kernel of the OS which then allows additional malware to run within that environment, undetected.
Adware
Malware that installs a ton of advertisements on your computer and are generally difficult to remove.
Spyware
Malware that spies on your computer and activity. Often is a trojan horse.
Logic Bombs
Waits for a predefined event to happen on a system, then start.
Why is it typically hard to triage a logic bomb?
In most cases, logic bombs delete themselves from the system after running - making it hard to trace the route of attack.
Hashing
technique used to protect user passwords by converting them into a different form called a hash.
What is SHA-256?
A popular hashing algorithm.
Hash Function
the algorithm used to hash the plaintext password values.
Hash Value
The result of the password going through the hash function. These are very very large in length and are nearly impossible to have duplicates unless the plaintext password is the same.
Hash Space
the set of all possible hash values that can be produced by a particular hash function
Hash Collision
when two hash values are the same
Salting
A unique identifier added to plaintext passwords BEFORE running them through a hash function. This is to differentiate them if multiple users use the same password.
Rainbow Tables
Optimized, pre-built table of hash values for common passwords.
How are passwords in databases typically kept?
The passwords in databases are typically salted and hashed.
Spraying Attack
systematically trying a few commonly used passwords against multiple accounts or targets before stopping to avoid detection.
Brute Force
systematically trying all possible combinations of passwords until the correct one is found.
-You can also brute force hashes if an attacker grabs a hash value.
-They can go through a wordlist and put all of them through a hash function until they get a resulting hash value that matches.
Dictionary Attack
systematically trying a list of common words, phrases, or passwords from a pre-existing “dictionary.”
Physical Attacks
Compromised USB devices, cables, etc.
Skimming credit card numbers
Adversarial AI
When PII is put into an AI system and attackers interact with the AI system and get the bot or system to give it PII data that was used to train it.
Supply Chain Attacks
When a third party vendor is attacked and the attack is then transferred over to you.
Ex - LastPass hacked.
Privilege Escalation
Design flaw that allows a normal user to gain access to administrative permissions
Cross Site Scripting (XSS)
type of security vulnerability that occurs when a website or web application allows malicious scripts to be injected and executed in users’ browsers
Stored XSS
On the site itself, anyone who visits the site runs the malicious script.
Reflected XSS
User has to visit the site and click a particular section or button to get the malicious script to run.
Injection Attack
type of security attack where malicious code is inserted into a computer program or system, causing it to execute unintended commands or actions
Ex. - SQL Injections are very common.
Buffer Overflow
a type of security vulnerability that occurs when a program or system writes more data into a buffer (a temporary storage area) than it can handle. This extra data overflows into adjacent memory locations, potentially causing the program to crash or allowing the attacker to execute malicious code.
Replay Attacks
an attacker intercepts and maliciously retransmits captured data to deceive a system or gain unauthorized access. In simple terms, a replay attack occurs when an attacker copies and replays previously captured data to trick a system into accepting it as valid.
Request Forgeries
an attacker tricks a user’s web browser into making an unintended and unauthorized request on their behalf
What is an example of a request forgery attack?
Ex - You’re signed into your bank account on one tab and visit a malicious site on another tab. This site runs a script that makes a request related to your bank account and because you are already signed in, the request goes through without you even realizing.
Driver Manipulation
Attacks that utilize the drivers built into your OS
SSL Stripping
a type of attack where an attacker intercepts communication between a user’s web browser and a website, and downgrades the secure HTTPS connection to an insecure HTTP connection.
Race Conditions
occur when different parts of a program “race” to use the same thing, and the order they finish in affects the final result.
What is an example of a race condition flaw?
You and Jamie wanting to put $50 into the checking account but you both do it at the same time and now you have $100 in the account.
Rouge Access Points
Access point that has been added to your network without your authorization.
Wireless Evil Twin
Malicious Network with same SSID as your real one
Bluejacking
Sending a message to someone else’s device via bluetooth.
Bluesnarfing
attackers gain unauthorized access to information on a Bluetooth-enabled device, such as a smartphone or tablet
Wireless Disassociation
disruption attacks that disrupts or disconnects wireless network connections between devices.
Wireless Jamming
Attackers transmit interference signals that take down a network due to interference.
RFID Attack
can do replay attack and spoof the RFID ID, jam the signal between the RFID
NFC Attack
can do replay attack and spoof the NFC ID, jam the signal between the NFC
Randomizing Cryptography
When the encryption method does not do a good enough job of obscuring the original value.
Ex - “Password” turned into “Passw0rd”. You can still tell the original value.
Cryptographic Nonce
a unique and random number used in cryptography to add extra security to communication and prevent replay attacks
On-Path Attack
MITM (man in the middle) attack, where an attacker inserts themselves into the communication path between two parties. By doing so, they can intercept and manipulate the data being transmitted between them
Address Resolution Protocol (ARP)
a network protocol used to translate or resolve IP addresses to physical or MAC addresses in a local network
MAC Cloning
involves creating a duplicate or fake MAC address to impersonate another device on the network
MAC Flooding
a technique where a large number of MAC addresses are continuously sent to a network switch, overwhelming its memory capacity.
DNS Poisoning
a technique used by attackers to manipulate or corrupt the information in the DNS server’s cache.
Ex - An attacker changes the value in the DNS server to a malicious one. Once a user queries the DNS server, they are redirected to the malicious site.
Denial of Service (DoS)
attacker overwhelms a target system or network with a flood of excessive requests or data.
Malicious Scripts/Scripting
Scripts that can help attackers automate the attack pipeline.
Threat Actor
an entity responsible for an event that has a negative impact on a different entity.
Insider
Someone on the inside of your organization that is doing something malicious
Nation State
Someone from the government that is doing something malicious.
Hacktivist
Hacker +Activist
Script Kiddie
A beginner who runs pre-made scripts to execute cyber attacks but does not necessarily know what is actually going on.
Organized Crime
Professional criminals, motivated by financial gain.
Shadow IT
the user working around their internal IT department.
Ex - Someone purchasing their own laptop and working from that instead of a corporate owned one.
Attack Vector
a method used by attackers
Threat Intelligence
Researching latest threats
Open Source Intelligence (OSINT)
Intel from publicly available sources
Closed Intelligence
Have to pay cost to a provider for expert level intel on vulnerabilities
CVE
Common Vulnerabilities and Exposures
Indicators of Compromise (IOC)
An event that indicates an intrusion
Irregular patterns or abnormalities
SIEM
Security Information & Event Management
SOAR
Security Orchestration Automation & Response
How many “color” security teams are typically in an organization? What are the 4 colors?
4 Teams - Red, Blue, Purple, White
Red Team
Offensive, attackers
Blue Team
Defense, defenders, incident response
Purple Team
Both red and blue team, both share information.
White Team
Oversees the red and blue teams.
Configuration Management
Documenting change of configurations and systems
Baseline Configuration
Getting an idea of what your baseline is so you can build and improve off of it
Standard Naming Convention
defining a standard naming convention for endpoints, APs, and other points of your system.
Data Masking
using asterisk or some form of censorship to protect sensitive data.
PII
Personal Identifiable Information
Data Encryption
Encrypting data to protect it.
Plaintext
data before encryption
Ciphertext
data after encryption
Data At Rest
Data sitting stationary on a drive, not moving.
Data In Motion
Data transmitted over a network
Data In Use
Data actively processing in the memory of an OS
Tokenization
the process of replacing sensitive data, such as credit card numbers or personal identification information, with unique identification tokens
What is a real world example of tokenization?
Used in NFC credit card transactions, your card number never actually gets sent to the merchant.
Information Rights Management (IRM) -
a security approach that allows organizations to control and protect sensitive information throughout its lifecycle. With IRM, users can apply specific access permissions, restrictions, and encryption to their documents or files.
Data Loss Prevention (DLP)
a security strategy and set of technologies that aim to prevent sensitive data from being lost, leaked, or exposed to unauthorized individuals.
Incident Response Plan
plan that executes in the event of an incident.
HoneyPot
A fake system that looks enticing for hackers to attack. No real access to your production system.
Define the user’s role in security in: Infrastructure as a Service (IaaS), such as AWS.
You still have to maintain security in the cloud
Define the user’s role in security in: Software as a Service (SaaS), like Hi Marley.
3rd party service responsible for security and maintenance.
Define the user’s role in security in: Platform as a Service (PaaS), such as AWS Elastic Beanstalk.
3rd party provides building blocks for building web applications, security responsibility is shared between the provider and the user.
MSSP
Managed Security Service Provider
IaaC
Infrastructure as code
VM Sprawl
When you do not spin down VMs after they are no longer needed.
Authentication Methods
Methods used by an end user to gain access to a system.
Kerberos
an authentication method that provides secure and trusted access to network resources. It uses a client-server model to verify the identities of users and services before granting access.
Ex - Like a ticketing system for authentication
LDAP
Authentication against a directory service, such as Microsoft AD.
Federation
Authentication using a third party site like Google, Facebook, Apple, etc.
Attestation
Proving the hardware that is connecting to your network is really yours. This prevents employees from using personal machines.
TOTP
Time-based One-Time Password.
Biometrics
Touch ID, Face ID, etc. for authentication
MFA
Multi-Factor Authentication
RAID
Redundant Array of Independent Disks. It is a technology that combines multiple physical hard drives into a single logical unit to improve data storage performance, reliability, and/or capacity. If one drive fails, the other ones can pick up the slack.
What are the 4 “somethings” of MFA?
Something you have (Phone, MFA code)
Something you are (Fingerprint, FaceID)
Somewhere you are (Based on geographic location)
Something you can do (Handwriting analysis)
Cipher
The algorithm used to encrypt
Cryptanalysis
The art of cracking encryption
Cryptographic Key
essentially a secret code that enables encryption and decryption processes.
Homomorphic Encryption
an advanced cryptographic technique that allows computations to be performed on encrypted data without decrypting it first. In simple terms, it enables computations to be carried out on sensitive data while it remains encrypted, providing privacy and security.
Symmetric Encryption
uses a single key to encrypt and decrypt data.
Asymmetric Encryption
two or more keys. One to decrypt and one to encrypt.
Key Pair
a pair of cryptographic keys that are mathematically related. The pair consists of a public key and a private key, and they work together to provide secure communication and data protection.
Digital Signature
cryptographic technique used to verify the authenticity and integrity of digital messages, documents, or software. It provides a way to prove that a particular piece of digital content originated from a specific sender and has not been tampered with.
Steganography
a technique used to hide secret or sensitive information within seemingly innocuous or unrelated digital content, such as images, audio files, or text documents. It is the practice of concealing one message within another to prevent detection by unintended recipients.
What is a real world example of steganography?
Ex - If a youtube thumbnail has a picture of a giraffe but when you click on the video, it is actually PII.
Stream Cipher
a cryptographic algorithm that operates on individual bits or bytes of data, encrypting or decrypting them one at a time in a continuous stream
Block Cipher
a type of encryption algorithm that operates on fixed-length blocks of data. It breaks the plaintext into fixed-size blocks and applies a series of encryption steps to each block individually, resulting in corresponding blocks of ciphertext.
Cipher Block Chaining (CBC)
a mode of operation used in block ciphers to provide confidentiality and integrity to encrypted data. It is a widely used mode that adds an extra layer of security to the encryption process.
Ex - Works by combining the plaintext blocks with the ciphertext blocks from the previous encryption step. Each plaintext block is XORed (combined with) the previous ciphertext block before being encrypted.
Blockchain
digital ledger technology that allows multiple parties to maintain a shared and tamper-proof record of transactions or data
Why can’t you edit information in a Blockchain?
Each block is “locked” to the previous one, no transaction or event can be changed once put into the blockchain.
Endpoint Detection and Response (EDR)
protects endpoints by continuously monitoring and analyzing the behavior of endpoints, providing timely alerts and enabling rapid incident response to keep your devices and data safe.
Next Generation Firewall (NGFW)
a type of advanced network security device that combines traditional firewall capabilities with additional features for enhanced protection. It provides a more intelligent and dynamic approach to network security by inspecting network traffic at the application layer, allowing it to identify and block not only basic threats but also more sophisticated attacks.
Host-Based Intrusion Detection System (HIDS)
works by analyzing system logs, file integrity, network connections, and other host-related events to identify potential attacks. Lives on the host itself
Host-Based Intrusion Prevention System (HIPS)
unlike HIDS, HIPS not only detects and alerts about potential intrusions or security breaches but also takes proactive measures to prevent them. It can actively block or restrict suspicious activities, such as unauthorized access attempts, malware execution, or system configuration changes
Boot Integrity
the assurance that the initial startup process of a computer system, known as the boot process, has not been compromised or tampered with
Trusted Platform Module (TPM)
a hardware-based security component that provides a secure foundation for security functions. This component is built into the motherboard of the computer.
BIOS Secure Boot
Secure boot ensures that nothing on the bootloader has changed or been tampered with from the last time it was booted. If it has, it will not boot the machine.
Trusted Boot
This verifies the digital signature of the actual OS Kernel to ensure it has not been changed or tampered with. If it has, the boot will stop.
Early Launch Anti-Malware (ELAM)
Checks every installed driver on the machine to ensure it is trusted. If a driver is untrusted, the computer will not load it.
Measured Boot
a security feature that checks if the computer’s startup process has been changed or tampered with. It keeps a record of the boot components and compares them during each startup to detect any unauthorized modifications
Application Security
The process of making sure your web application is secure.
Input Validation
a process used to verify and ensure the correctness, integrity, and safety of data entered into an application.
Dynamic Analysis (fuzzing)
a software testing technique used to discover vulnerabilities or software defects by feeding unexpected, random, or malformed inputs to an application or system. The goal is to cause the application to behave in different ways.
Cookies
small files that websites store on your computer or device to remember information about you
HTTP Secure Headers
additional security measures used by web servers to protect websites. They can restrict the type of processes that occur while the website or web application is being used.
Code Signing
a security practice used to verify the authenticity and integrity of software or code. It involves digitally signing the code with a unique cryptographic signature to confirm its origin and ensure that it has not been tampered with.
Static Application Security Testing (SAST)
a technique used to analyze the source code or software application without executing it. It involves scanning the codebase for potential security vulnerabilities, coding errors, and other issues that could pose a risk to the application’s security.
Dynamic Application Security Testing (DAST)
technique used to assess the security of a web application by analyzing it while it is running. DAST runs the app in a closed environment and actively tries to attack it.
Load Balancing
a technique used to distribute incoming network traffic across multiple servers or resources to ensure optimal performance and prevent overload
Network Segmentation
the practice of dividing a computer network into smaller, isolated subnetworks or segments to ensure network security.
Virtual Local Area Networks (VLAN)
a technology that allows the creation of logical network segments within a physical network infrastructure. VLANs separate network devices into different broadcast domains, even if they are connected to the same physical network. This ensures you can complete network segmentation while still using the same hardware.
Screened Subnet (DMZ)
a network architecture that adds an additional layer of security between an internal network and an external network, such as the internet. It involves creating a separate subnet where publicly accessible services, such as web servers or email servers, are placed. When in this zone, communication is not possible to other aspects of your network.
Zero Trust Networking
Traffic flow within the network itself is verified every step of the way to ensure authenticity and trust.
Virtual Private Network (VPN)
Encrypted private network.
Name the 4 most common types of VPNs
-Site to Site VPN
-Remote Access VPN
-SSL/TLS VPN
-IPSec VPN
Site-to-Site VPN
also known as a network-to-network VPN, connects multiple networks located in different physical locations over the internet.
Remote Access VPN
enables individual users to securely connect to a private network from a remote location.
SSL/TLS VPN
utilizes SSL or TLS protocols to establish a secure connection between a client’s web browser and a remote network or application. It provides secure remote access to specific web-based resources without requiring the installation of dedicated VPN client software.
IPSec VPN
a protocol suite that provides secure communication over IP networks. It can be implemented in both site-to-site and remote access scenarios,
VPN Concentrator
serves as a central point for aggregating and processing VPN connections from various sources.
Full Tunnel
all traffic from the client goes through the VPN concentrator.
Split Tunnel
some traffic from the client goes through the VPN concentrator.
Stateless Firewall
each network packet is inspected and compared against the NACL, regardless of past history.
Stateful Firewall
remembers what was allowed previously and uses that information to determine if the traffic should be approved or denied.
Web Application Firewall (WAF)
designed to protect web applications from various online threats and attacks. It sits between the web server and the internet, monitoring and filtering the incoming and outgoing web traffic.
Network Access Control (NAC)
a security technology that regulates and controls access to a computer network based on the identity and security posture of devices or users
Access Control List (ACL)
allow/disallow traffic based on attributes (IP, port, etc.)
Proxy Server
All traffic goes through this server, making traffic requests on behalf of users instead of them doing it themselves.
Jump Server
A server accessible via VPN or other means. Once accessed, you can “jump” to other servers inside the private network.
Security Assertion Markup Language (SAML)
an XML-based standard used for exchanging authentication and authorization information between different systems. It enables Single Sign-On (SSO) functionality, allowing users to authenticate once and access multiple applications or services without the need to provide credentials repeatedly.
Open Authorization (OAuth)
an industry-standard protocol used for secure and delegated access to resources on the web. It allows users to grant permission to third-party applications or services to access their protected resources (such as personal data or online accounts) without sharing their login credentials
What is a real world example of OAuth?
Ex - Linking your LinkedIn with your Google Account.
Role Based Access Control (RBAC)
Access to systems based on your role and functions within the business.
Conditional Access
a security measure that allows or denies access to resources based on specific conditions or criteria. It ensures that users can access sensitive information or systems only when certain requirements are met.
Privileged Access Management (PAM)
a security practice that focuses on managing and controlling access to privileged accounts or administrative privileges within an organization’s IT infrastructure
Certificate Authority (CA)
a trusted entity that issues digital certificates to validate the authenticity and integrity of information in electronic transactions
Recovery Time Objective (RTO)
the maximum acceptable amount of time a business or system can be offline or non-functional before recovery or restoration is completed
Recovery Point Objective (RPO)
represents the maximum acceptable amount of data that can be lost or unrecoverable in the event of a disruption or incident.
Functional Recovery Plan (FRP)
a document or strategy outlining the specific steps and procedures required to restore and resume the normal functioning of a system, process, or business function after an incident or disruption
Disaster Recovery Plan (DRP)
a structured and documented approach that outlines the steps and procedures to recover and restore critical systems, data, and infrastructure after a major disruption or disaster.
What is the difference between FRP and DRP?
DRP focuses on the entire business as a whole while FRP focuses on a specific aspect of the business that may have experienced a disruption or outage.
What is the difference between RTO and RPO?
RTO is in regard to time or duration acceptable for an outage.
RPO is in regard to an amount of data lost in an outage that is acceptable. For example, if an RPO is 1 hour - the company would be expected to be able to restore data from a backup at least 1 hour BEFORE the outage happened.
Protected Health Information (PHI)
any individually identifiable health information that is collected, stored, or transmitted by healthcare providers
Data Minimization
a principle of privacy and data protection that advocates for collecting, processing, and retaining only the minimum amount of personal data necessary for a specific purpose.
What tool would help a security analyst identify rouge devices on a network?
Router and switch-based MAC address reporting.
What is the hashing algorithm that results in a 128-bit fixed output?
MD-5
IP spoofing is involved in what type of attack?
On-path attack
Defense in Depth
the concept of layering various network appliances and configurations to create a more secure and defensible architecture
What is a popular asymmetric encryption algorithm?
Diffie-Hellman (DH)
Chain of Custody
the documented and verifiable trail that tracks the handling, transfer, and storage of digital evidence or sensitive information throughout its lifecycle.
Discretionary access control (DAC)
control access to resources based on the discretion of the resource owner
Mandatory Access Control (MAC)
enforce strict access controls based on predefined rules and policies
Attribute-Based Access Control (ABAC)
control access to resources based on attributes associated with users, objects, and the environment
What port is used for HTTPS?
443
What port is used for RDP?
3389
What port is used for FTP?
21
What port is used for LDAP?
389
Smurf Attack
uses a single ping with a spoofed source address sent to the broadcast address of a network. This causes every device within the network to receive a single ping, which appears to come from the device with the spoofed source address. Each network device then responds to the spoofed address, causing the victim (whose address was spoofed) to be overwhelmed with the responses to the initial ping.
Reverse Proxy
A reverse proxy is positioned at the cloud network edge and directs traffic to cloud services if the contents of that traffic comply with the policy.
Which analysis framework provides a graphical depiction of the attacker’s approach relative to a kill chain?
The Diamond Model of Intrusion Analysis
Mean time between failures (MTBF)
the average time between system breakdowns
Mean time to repair (MTTR)
the average time it takes to restore a system or component after a failure
Is the “Blowfish” cryptographic algorithm asymmetric or symmetric?
Symmetric
Exact Data Match (EDM)
a pattern matching technique that uses a structured database of string values to detect matches.
Ex - A company might have a list of actual social security numbers of its customers. But, since it is not appropriate to load these numbers into a DLP filter, they could use EDM to match the numbers’ fingerprints instead based on their format or sequence
Cain and Abel
a software program that can be utilized to uncover passwords by various methods such as brute-force attacks
John The Ripper
a software program used to test strength of passwords
PAP authentication
Password Authentication Protocol - simply username/password, nothing else.
CRLF Injection Attack
Carriage Return Line Feed injection is a common vulnerability that can be used to manipulate or abuse applications that handle user-supplied input. It involves injecting special characters, namely the carriage return (‘\r’) and line feed (‘\n’) characters, into input fields or parameters.
SPI
Sensitive Personal Information - any personal data or information that, if compromised or misused, could lead to harm, identity theft, discrimination, or significant privacy violations for an individual
What is used as a measure of biometric performance to rate the system’s ability to correctly authenticate an authorized user by measuring the rate that an unauthorized user is mistakenly permitted access?
False acceptance rate
Desktop as a Service (DaaS)
provides a full virtualized desktop environment from within a cloud-based service
Rouge Anti-virus
A malware programmed to look like an anti-virus on a user’s machine, trick them into thinking their machine is infected and taking actions to stop or prevent the infection
What is a proprietary tool used to create forensic disk images without making changes to the original evidence?
FTK Imager
FM-200
Common fire extinguisher system used in buildings. Should have them in data centers to prevent a fire from spreading around the building and destroying information.
DPO
Data Protection Officer - Ensure that her organization processes the personal data of its staff, customers, providers, or any other individuals (also referred to as data subjects) in compliance with the applicable data protection rules.
Polymorphic Virus
virus that alters its binary code to avoid detection by antimalware scanners that rely on signature-based detection. By changing its signature, the virus can avoid detection.
What compliance standard affects financial institutions?
GLBA
Degaussing
the process of removing or reducing unwanted magnetic fields from an object, such as a magnet or a magnetic storage device like a hard drive.
Banner Grabbing
conducted by actively connecting to the server using telnet or netcat and collecting the web server’s response. This banner usually contains the server’s operating system and the version number of the service (SSH) being run
Lessons Learned Report
provides you with the details of the incident, its severity, the remediation method, and, most importantly, how effective your response was
Qualitative risk assessment
categorizes things based on the likelihood and impact of a given incident using non-numerical terms, such as high, medium, and low
Quantitative risk assessment
provides exact numbers or percentages of risk for each thing
What IP address protocol has IPSec built into it?
IPv6
Autopsy
a cross-platform, open-source forensic tool suite
What is an uncredentialed vulnerability scan?
Its a scan that did not authenticate into anything on the network. This is also known as an outward facing scan, since anything it picked up in results was outside the network.
Asymmetric or Symmetric: RSA
Asymmetric
Asymmetric or Symmetric: DSA
Asymmetric
Asymmetric or Symmetric: ECC
Asymmetric
Asymmetric or Symmetric: Diffie-Hellman Key Exchange (DH)
Asymmetric
Asymmetric or Symmetric: AES
Symmetric
Asymmetric or Symmetric: RC4
Symmetric
Asymmetric or Symmetric: DES
Symmetric
Asymmetric or Symmetric: PGP
Asymmetric
Asymmetric or Symmetric: Blowfish
Symmetric
Asymmetric or Symmetric: Twofish
Symmetric
Cognitive Password Attack
Uses information from social media to guess the user’s password
What is considered the weakest wireless network protocol?
Wired equivalent privacy (WEP)
Insecure direct object references (IDOR)
a cybersecurity issue that occurs when a web application developer uses an identifier for direct access to an internal implementation object but provides no additional access control and/or authorization checks
Ex - www.google.com/user=andrew.cd
Whaling
When an attacker targets C-level executives in the company
Hybrid Attack
When you combine two types of password cracking attacks.
For example - Dictionary Attack + Brute Force Attack
Which hashing algorithm results in a 160-bit fixed output?
RIPEMD
The NTLM hashing algorithm results in how many bits of fixed output?
128
Which of the following vulnerabilities involves leveraging access from a single virtual machine to other machines on a hypervisor?
VM Escape
What network protocol is required if you are using RADIUS for network authentication?
802.1x
UEBA
User and Entity Behavior Analytics , A system that can provide automated identification of suspicious activity
by user
CYOD
Choose Your Own Device
HSM
Hardware Security Module, An appliance for generating and storing cryptographic keys that is less susceptible to
tampering and insider threats than software-based storage
UEFI
Unified Extensible Firmware Interface, A type of system firmware providing support for 64-bit CPU operation
at boot, full GUI and mouse operation at boot, and better boot
security
SDLC
Software Development Lifecycle
RCE
Remote Code Execution, occurs when an attacker is able to execute or run commands
on a remote computer
What type of attack is the exam showing if it displays “1=1”?
SQL Injection
Extranet
Specialized type of DMZ that is created for your partner organizations to
access over a wide area network
War Dialing
Protect dial-up resources by using the callback feature
Honeynet
A group of computers, servers, or networks used to attract an attacker
VDI
Virtual Desktop Infrastructure
Private Cloud
Using a cloud provider’s network, ex - AWS
Public Cloud
Using a publicly accessible, widely available online solution, Ex - Google Drive
Community Cloud
cloud resources are shared among several different organizations who have common service needs. Ex - GovCloud
SECaaS
Security As A Service
CASB
Cloud Access Security Broker, Enterprise management software designed to mediate access to cloud services
by users across all types of devices
FaaS
Function as a Service (AWS Lambda)
CORS Policy
A content delivery network policy that instructs the browser to treat
requests from nominated domains as safe
What is CI/CD?
Continuous integration and continuous delivery
What ports does RADIUS use on a network?
1812/1813
What port does IMAP use on a network?
143
What port does POP3 use on a network?
110
What port does SMTP use on a network?
25
What port does FTP use on a network?
21
What port does HTTP use on a network?
80
What port is used to access Syslog on a network?
514
Ping Flood
An attacker attempts to flood the server by sending too many ping requests.
MITB
Man-in-the-Browser
What port does Kerberos use on a network?
88
What port does VNC use on a network?
5900
Privilege Creep
Occurs when a user gets additional permission over time as they rotate through different positions or roles
Rubber Hose Attack
Attempt to crack a password by threatening or causing a
person physical harm in order to make them tell you the
password
SNMP
Simple Network Management Protocol
FIM
File Integrity Monitoring
What is the difference between a runbook and a playbook?
Runbook - Step by step tutorial
Playbook - Who is involved, who does what, in responding to incidents.
MTD
Maximum Tolerable Downtime - maximum amount of time a business can be down before irreversible damage occurs.
HAVA
Help America Vote Act
PCI DSS
Payment Card Industry Data Security Standard
GDPR
General Data Protection Regulation - no personal data can be collected about a person without informed consent
What is the difference between purging data and clearing data?
Purging there is certainty the contents can never be reconstructed after deleted.