Security + Flashcards
-Social engineering/spoofing
-done by email, text etc, URL
-can spot by spelling, fonts, graphics
Vishing
Phishing
Impersonation
Spear fishing
Phishing
Ñame 2 types of typosquatting
URL hijacking- https://professor messier.com instead of messer
Prepending- https://pprofessor messer.com
Guy squatting with a gun held up to someone to change a URL
“Hi we’re calling from Visa about an auto payment and need your credentials” is an example of what?”
Pretexting
Phishing
Impersonation
Spear phishing
Pretexting, lying to get info
Wolf of Wall Street him teaching script scene
Redirect a legit website to a bogus site, poisoned dns server or client vulnerabilities
Pharming
Phishing is harvesting large groups of people
False, pharming
Phishing collects access credentials
Anti malware is great for detecting pharming
False, everything appears legit to the user
Type of phishing: Caller ID spoofing, fake security or bank updates, done over phone
Vishing
Fish on phone with fingers in v shape
Type of phishing done by text, spoofing and forwards links to ask for personal information
Smishing
“Yeah we smushed”
Gather information on a victim, digital footprint. Understands security posture and focuses on key systems
Reconnaissance
A renaissance knight with a scroll asking people questions
An attacker builds this through social media, where you work, your bank, family/friends
Pretext
Targeted phishing with inside information that includes whaling
Spear phishing
Never click a link in an email, type it out to see if it is legit
True
Attacker pretending to be someone, using details from reconnaissance, May pretend to be higher rank, May try to throw technical details or act like a buddy
Impersonation
When Donny Burger gives you a fake name you go with it!
Seen with vishing
Victims don’t realize it is happening (hacking the human) Getting info from victim
Pretexting
Impersonation
Spoofing
Eliciting information
Eliciting information
An e ice cream cone that each time you press to lick, a new fact about you is presented
Identity being used by someone not you. Includes: credit card, bank, lone and govt benefits fraud
Impersonation
Social engineering
Identity fraud
Pharming
Identity fraud
Important information thrown out with the trash that can be gathered for an attack and is typically done at the end of the month
Dumpster diving
Control I put by being aware of your surroundings, use privacy filters, keeping monitors away from windows and hallways are ways to prevent this
Shoulder surfing
Blacks a screen unless you are sitting directly in front of a monitor
Privacy filter
A threat that doesn’t actually exist, often through email and is attempting to get money but not through an electric means. Not a virus but can waste almost as much time
Computer hoax
Spoofing
Pharming
Dumpster diving
Computer Hoax
Stephen a bamboozled, run a muck
Consider source, cross reference, spam filters and if it sounds too good to be true are ways to what?
De-hoaxing
Eliciting information
Adware
Rdns
De-hoaxing
Detective Hoch
Determines which website the victim group to uses by infecting third party sites with site vulnerability/email attachments to infect all visitors who go to that site and gain access to your network
Watering hole attack
Ex. Infecting a site you know people visit so every time they visit then malicious JavaScript files are downloaded to your computer
Defense in depth, firewalls and IPS, antivirus/anti malware signature updates are best methods to prevent what kind of attack?
Spraying
Watering hole
Man in the middle
Crypto malware
Watering hole attack
Unsolicited messages by emails, forums etc by phishing attempts
Spam
Over IM is SPIM
Used to identify spam,only receives email from trustee sender and SMTP blocks anything that doesn’t follow RFC standards
Allowed list
Recipient filtering
ACL
rDNS
Allowed list
Used to identify spam, block email where the sender’s domain doesn’t match the ip address
rDNS, reverse DNS
Tarpitting blocks all email not addressed to a valid recipient email address
Used to identify spam,
False, intentionally slow down the server conversation
Recipient filtering will block all email not addressed to a valid recipient email address
An unsolicited email is stopped here and can be either onsite or cloud based
Mail gateway
Swaying public opinion on political and social issues, enabled through social media to amplify, used to divide and includes advertising
Hacking the human
Cyber warfare
Hybrid warfare
Hacking public opinion
Hacking public opinion
Ex. Creating fake users to post about things until real users voice sane opinion and goes viral
Attack an entity with tech, influencing foreign elections, fake news
Hacking public opinion
Hybrid warfare
Social engineering
Cyber warfare
Cyber warfare
Militaries trying to influence people with the internet in order to have elected officials benefit them
Cyber warfare
Hybrid warfare
Social engineering
Hacking the human
Hybrid warfare
Tailgating
Using an authorized person to gain unauthorized access to a building.
Prevent this with policy for visitors, one scan per person, and man traps
Tailgating
Attacker sends a fake invoice to who pays the bills for a company
Invoice scam
Attacker collecting login password through your computer on web browsers, windows cred manager
Theharvester
Password file
Credential harvesting
Collisions
Credential harvesting
Name 4 social engineering principles
Authority
Intimidation
Consensus
Scarcity
Urgency
Familiarity
Trust
Social engineering principle that convinces based on what’s normally expected, “your co worker Jill did this last week for me” is familiarity/liking
False, Consensus/social proof
Social engineering principle, someone you know, we have common friends is Familiarity/liking
True
Social engineering May involve multiple organizations, may be in person or electronic
True
Malicious software, gathers your information through keystrokes, can turn computer into a zombie, trick you through advertising and can download virus/worms to encrypt your data
Malware
Name 4 types of malware
Virus
Crypto malware
Ransomware
Worms
Trojan horse
Rootkit
Keylogger
Adware/spyware
Botnet
A worm takes advantage of a vulnerability, then installs malicious software that includes a remote access back door and later installs a bot is how you get what harmful thing to your computer?
Malware process
Don’t click email links or web page pop ups
Keep OS up to date
Check applications publisher
Prevents what?
Malware
Persistent XSS attack
Non Persistent XSS attack
Botnets
Malware
Malware that can reproduce itself through file systems or the network after you execute a program, can be invisible and spread from just running a program
Virus
This needs its signature file updated
Anti-virus
Program virus is OS and browser based
False, script virus
Program virus is part of the application
Common virus in Microsoft office is boot sector virus
False, macro virus
Boot sector is in your storage
What kind of virus infection process is this:
1. User clicks on malicious website link
2. Website exploits flash/Java/windows vulnerability
3. Launches power shell, downloads payload in RAM
4. Runs PS scripts, executables in memory, exfiltrates data, damage files
5. Adds an auto start to registry
Server side forgery request
Session hijacking
Fileless virus
Watering hole attack
Fileless virus
Malware that self replicated, you don’t have to do anything, self propagates and spreads quickly
Worms
Firewalls and IDS/IPS can get rid of worms
False, they can mitigate/prevent but can’t do much once the work is inside
This virus avoids anti virus detection by not downloading to a file, it operates in memory but is never installed in a file or application
Fileless virus
Attackers locking you out of your laptop and will let you back in if you pay
Ransomware
Malware encrypts your data files and you must pay attacker to get decryption key, untraceable payment system
Crypto malware
Have an offline backup
Keep os/applications up to date by patching vulnerabilities and additional security
Keep anti malware and antivirus signature up to date
Prevent what attack?
Ransomware
Crypto malware
Rootkit
Botnets
Ransomware
Trojan horse
Software pretending to be something else to take over your computer
PUP (potentially Unwanted program)
This is identified by antivirus which shows potentially undesirable software and often installed with other software. Overly aggressive tool bar, back up utility that displays ads, browser search engine hijacker
Placed on computer through malware to avoid going through rigorous process. Other malware can get through this also. Some software even comes with this
Back door
Ultimate back door for administrative control of a device. Malware installs the server/service/host and connects with client software. Control a device with key logging, screen record, copy files, more malware embedded
RAT (Remote Access Control)
Don’t run unknown software
Keep anti virus signature up to date
Always have a back up
Prevents against what?
Watering hole attack
Session hijacking
RAT and Trojan
Crypto ware
RAT and Trojan
Modifies core system files, can’t see in task manager/os/antivirus, takes over control of administrator functions
Rootkit
This rootkit malware is famous for cleaning out bank accounts combined with
Rootkit types, Zeus/zbot
Necurs (kernel level driver) to not be able to delete zbot and have total control
Anti malware scans, use a remover specifically for this, secure boot for security in bios finds and removes what?
RAM
Rootkit
Storage
RAT
Rootkit
Computer is full of pop ups that cause performance issues. Can be installed accidentally but you need to be carful of software that claims it removes this
Pup
Crypto malware
Adware
Machine learning
Adware
Malware that monitors you and your surfing habits. Can capture keystrokes or trick you into installing fake security software
Adware
Key logger
Malware
Spyware
Spyware
Money for What you see, your computer time and bandwidth, and your bank account are reasons for these attacks
Adware and spyware
Maintain anti virus signature
Always know what you are installing
Having a backup
Run scans (malware bytes)
Protect against what?
Fileless virus
adware/spyware
Rootkit
Watering hole attack
Adware/spyware
A system admin has determined that a spoofed email originated in another country. Which of the following most likely provided this information?
Netflow
Syslog
Metadata
IPPFIX
SFlow
Metadata - data that describes other data sources
HSM, DLP, jump server, Collector
•access protected network from external connection
•backup and manage certificates for all company web servers
•gather stats for long term network monitoring
•block network traffic with private info
•Jump server- access protected network from external connection
•HSM- backup and manage certificates for all company web servers
•Collector- gather stats for long term network monitoring
•DLP-block network traffic with private info
Which describes best the time required to fix an issue during an outage?
RTO
MTTR
EULA
MTBF
RPO
MTTR
Which would best transfer data to a siem?
IPSec
Syslog
HTTPS
Ssh
SFTP
Syslog
Which of the following is best way to direct individuals through a specific area?
Motion detection
CCTV
Bollard
Protected distribution
Industrial camouflage
Bollard- prevent access
Which would provide management of both mobile and non mobile devices?
MDM
MAM
SNMP
UEM
HSM
UEM Unified endpoint management
Evolution of MDM
Server admin at bank notices a decrease in number of visitors to its website. Research shows users being directed to a different ip address than the banks server. What attack is this?
Disassociation
DDOS
Buffer Overflow
DNS poisoning
Dns poisoning
Group of Infected computers that relay spam, proxy network traffic and computing tasks. Botnets can be rented is what kind of attack?
DDOS
Prevent initial infection with os/application patches, Update anti malware signature, identify infection with on demand scans/network monitoring
Are ways to stop what?
Man in the middle
Botnets
XSS attack
SQL injection
Botnets
Block at firewall, identify at workstation with a host based firewall of host based IPS to prevent what?
Command and control (C&C)
Waits for a predefined event. Time/date or a used event will trigger this. Difficult to identify and disappear after it is done
Logic bomb
Have Formal change control to identify when a procedure is not followed, use electronic monitoring with alert for changes and HID’s, constant auditing with an admin authorizing and circumventing existing systems prevents what attack?
Adware
RAT
Fileless Virus
Logic bomb
Preventing a logic bomb
Difficult to recognize and each is unique with no predefined signatures.
If you store a password here anyone with access to the password file or database has every credential
Plain text
Book covering up because it’s naked
Represent Data as a fixed length string of text with different inputs for different passwords, impossible to recover original message from digest, common way to store passwords
Hashing a password
Different across operating systems and applications, different hash algorithms
Rainbow dictionary
Brute force hashing
Password file
Salting
Password file
Attack an account with 3 or more common passwords and if it doesn’t work then move on to the next account in order to not be locked out is what attack?
Spraying attack
Obtain a list of users and hashes then calculate password has and compare to a stored hash. Large computational resource requirement is what attack?
Pass the hash
Brute force the hash
Rainbow table
Replay attack
Brute force the hash
Rainbow tables
Pre built set of hashes
Random data added to a password when hashing. Each user gets their own and rainbow tables won’t work against this. Each user gets a different random hash
Salting
Has additional electronics inside and your OS identified it as Human Interface Device like a keyboard/mouse and once connected it downloads and installs malicious software is a malicious flash drive
False, malicious USB
Malicious flash drive acts like a HID and loads malware in documents/pdf’s, infect computer after a reboot or act as an Ethernet adapter to act as a wireless gateway or redirect internet traffic
Stealing credit card information during a normal transaction by copying credit card or with a small camera is
skimming
Card cloning
Get card details from skimmer, create a duplicate with same magnetic strip (chip can’t clone)
Cloned gift cards are common
Computers identify patterns in data, face recognition for analyzing, use it to stop spam, recommend products
Evasion attack
RDNS
API attack
Machine learning
Machine learning
Attackers send modified training data that causes AI to behave incorrectly
Poisoning training data
Machine learning
Evasión attack
Rdns
Poisoning training data
AI is only as good as the training, AI can be fooled, can release real world confidential information
Evasión attacks
Machine learning
Cryptographic attack
Adware
Evasión attacks
cross check and verify training data, retrain with new/better data, train AI with possible poisoning to secure what?
Learning algorithms
AI
Hacking the human
Hybrid warfare
Learning algorithms
contains many moving parts and attackers can infect different parts without supervision. One exploit can affect this
Supply chain
Cryptographic attacks
Botnets
DDOS
Supply chain
Can you trust server/router/firewall/software, use small supplier base for tighter control of vendor, strict controls over policies and procedures, security implemented in overall designs is security for what?
Logic bomb
Supply chain
Cryptographic attack
Evasión attack
Supply chain
Cloud based security puts security burden on the client with data center security and infrastructure costs
False, on premise security
Cloud based is centralized and costs less with no dedicated hardware or data center but a 3rd party handles everything
Customize your security posture with full control in house, on-site local IT security team, this team maintains uptime and availability with system checks, security changes for this takes time is what type of security?
On premise security
Data in a secure environment but 3rd party May have access to it, manage large scale security with auto signature and security updates, limited downtime with fault tolerance, scalable security options
Security in the cloud
Many shortcomings for this attack and the main issue attackers go after is the implementation. Attacker looking for the key is what?
Cryptographic attacks
Same hash value for 2 different plaintext’s. Find a collision through brute force. Attacker generates multiple versions of plaintext to match hashes
Persistent XSS attack
Birthday attack
Brute force hashing
Botnets
Birthday attack
Protect yourself with large hash output
Kelbys plain “happy birthday” text to me
Collisions
Hash digests are supposed to be unique, different input data should never create same hash
Force a system to downgrade their security is what attack
Downgrade attack
Gain higher level access to a system through a bug or exploiting vulnerability, need to get these holes closed up quickly,
Eliciting information
Privilege escalation
Worm
Rootkit
Privilege escalation
Horizontal privilege escalation- user a can use user b resources
Patch quickly, update antivirus/block known vulnerabilities, data execution prevention with only data in executable areas, address space layout randomize to prevent a buffer overrun at known memory address mitigates what?
LDAP injection
Collisions
Code injection
Privilege escalation
Privilege escalation
Browser security flaws with information from one site shared to another, common web application develop errors and takes advantage of the trust a user has for a site, malware that uses JavaScript
Server side request forgery
XSS attack
Watering hole attack
DLL injection
Cross site scripting/XSS
Bad person puts bad code into a website and when you visit it bad things happen to your computer. Like a diary for friends that someone writes mean things in
Website allows scripts to run in user input like a search box, attacker emails link that takes advantage of vulnerability and runs a script that sends credentials to attacker,script embedded in url in victim’s browser, attacker uses credentials to steal victim’s information
Non persistent (reflected) XSS attack
A sneaky person tricks a website to having something on the web page it shouldn’t when people visit. Like a mirror that shows cute animals but a fairy instead changes it to show toys
Attacker posts a message to social network with malicious payload, everyone/all viewers gets payload, social networking this can spread quickly with everyone having it posted to page and can propagate further
Botnets
Non Persistent XSS attack
Persistent XSS attack
Session hijacking
Persistent (stored) XSS attack
A notebook with a message that appears nice but when you open it is mean.
Be careful with untrusted links, disable JS or control with an extension, keep browser applications updated to avoid vulnerabilities, validate input and don’t allow users to add their own scripts to an input field protects against what?
Watering hole attack
Server side forgery request
XSS
Birthday attack
Protecting against XSS
Xz wow
Adding your own information into a data stream, enabled from bad programming with the application should be able to handle input and output, user for many different data types
Code injection
SQL injection
Most common relational database management system language, modifies these requests and application should not allow this
XML injection
Set of rules for data transfer and storage, modifies these requests that a good application will validate
SAN/NAS (acronyms for storage)
Agreeing to XXX site rules
Created by telephone companies and now used by everyone,modify these requests to manipulate application results
LDAP injection
Windows library containing code and data and many applications can use this library, have an application run a program and run as part of the target process
DLL injection
Dill pickle on the window, wieners on the glass
Sneaky friend adds special tools to a programs room without program knowing and can change how the program works
Overwriting of memory, spills into other memory areas, attackers look for openings so developers need to blind check, not simple and it takes time to avoid crashing/do what you want, should be repeatable so a system is compromised to gain access to a system or make an application do what they want
Buffer overflows
XML injection
Memory leak
Fileless virus
Buffer overflow
A glass with too much milk spills, computer has place to store information but if too much a sneaky person can grab it outside of the cup when it spills
Useful information sent over network, access to raw data through network tap/arp poisoning/malware on victim computer, replay data to appear as someone else, not on path attack or need work station is what type of attack?
Replay attack
Avoid this with a salt to use a session ID with the password hash to create a unique authentication hash each time
Server side forgery
Cross site scripting
Passing the hash
Replay attack
Replay attack
What is this a process for? 1. Client authenticate with username and hashed password 2. During authentication the attacker captures username and password hash 3. Attacker sends his own authentication request using the captured credentials
Pass the hash
Information gathering through wire shark, exploits with cross scripting, modify headers and cookies with cookie managers is what?
Cookies and session ID’s
Cross site request
Header manipulation
Pass the hash
Header manipulation
Encrypt end to end so they can’t see session ID, additional load on web server (https) force https, encrypt end to somewhere to avoid capture over local wireless network, still in clear and use personal vpn to prevent what attack?
Server side request forgery
Cross site scripting
Session hijacking
Replay attack
Prevent session hijacking
Information stored on computer by browser and used for tracking personalization, only a risk if someone gets access to them, privacy risk, maintain multiple sessions
Browser cookies and session ID’s
Process for what? 1. Victim authenticates to server 2. Server provides session ID to client 3. Attacker intercepts session ID and uses it to access the server with the victim’s credentials
Session hijacking
Common and legit, html directs these from your browser, most unauthenticated requests
Cross site requests
Website pages consist of code on each side of the Client and server
True
server side performs requests from the client-html, PHP, transfer money from one account to another, post video on YouTube
True
Client side renders page on screen, html/JavaScript
One click attack/session riding takes advantage of trust web app has for user like browser and made with your co sent, significant web applications develop oversight with anti forgery or cryptographic tokens
Cross site forgery
What is this the process for? 1. Attacker creates funds transfer request 2. Request is sent as a hyperlink to a user who may already be logged into the bank website 3. Visitor clicks link and unknowingly sends transfer request to bank website 4. Bank validates transfer and sends funds to attacker
Cross site request forgery
Attacker finds vulnerable web application by sending requests to web server and it performs on behalf of attacker
Server side request forgery SSRF
This is caused by bad programming, never trust user input, server should validate input and responses, rare but can be critical vulnerabilities
Session hijacking
Header manipulation
Cross site scripture forgery
Server side request forgery
Server side request forgery
Waiting, not trusting your server with food
What is this the process for 1. Attacker sends request that controls a web application 2. Web server sends request to another service such as cloud file storage 3. Cloud storage sends response to web server 4. Web server forwards response to attacker
Server side request forgery
Antivirus is good at identifying known attacks by checking signature and blocking, although there are still ways to infect and hide is what term?
Malware hide and go seek
Interaction between hardware and OS that trusted but security issues
FaaS
Azure
Driver
Hypervisor
Driver
Shimming
Filling in space between 2 objects, windows has its own and is backwards compatible, malware authors write their own
Refactoring
Metamorphic malware where it is a different program each time it’s downloaded, adds NOP instructions/loops pointless strings, can intelligent redesign itself by changing app flow
Difficult to match with signature based detection
Difficult to do but Combines on path attack with downgrade attack, sits in middle and modify victim and web server messages, victim sees nothing but browser is not encrypted
SSL stripping/HTTP downgrade
Strips S from HTTPS
Programming conundrum, time of check to time of use attack (TOCTOU) something happening between check and use
Race condition
2 trains trying to get to station at once. A computer having the same function happens at the same time and causing issues
Unused memory not properly released, slowly grows in size, eventually uses all memory, system crashes
Memory leak
Programming technique that references a portion of memory, application crash/debug/DoS
NULL pointer dereference
Integer overflow
Large number into smaller sized space, shouldn’t be able to manipulate memory this way
users shouldn’t be able to browse windows folder, won’t stop user from browsing past web sever root and takes advantage of badly written code, Read files from web server that are outside of website file directory
Directory traversal
Messages should be just informational enough, network information/memory dump/stack traces/database dumps
Improper error handling
Improper header handling
Birthday attack
SSL stripping/HTTP downgrade
Improper error handling
All input should be considered malicious, allowing invalid input can be devastating is what kind of handling?
Improper input handling
Attackers look for vulnerabilities by exposing sensitive data/DoS/intercepted communication/privileged access
API attacks
Special DoS only require a device and lie bandwidth, zip bomb
Resource exhaustion
Evasión attack
Logic bomb
DLL injection
Resource exhaustion
Bluejacking is access to a blue tooth device and data, if you know file or picture or video you can download without authentication
False, Bluesnarfing
Bluejacking is sending of unsolicited messages to another device
802.11w
Protects against disassociation/de authentication attacks
Prevent wireless communications with decrease the signal to noise ratio at receiving device, can be intentional or caused by microwave or lights
Reactive jamming
Code injection
Replay attack
Radio frequency jamming
Radio frequency jamming
Constant random bits or frames sent at random times, needs to be close to do this,
Nfc
RFID
Wireless jamming
Jitter
Wireless jamming
Only sending signals when the attacker sees someone is trying to communicate on the network
DLL injection
DDOS jamming
Reactive jamming
Computer hoax
Reactive jamming
Fox hunting
Finding source of jamming signal
Access badges/inventory/pet id that uses radio energy for bidirectional communication
RFID (radio frequency identification)
Data capture through replay attack, spoof the reader, DOS signal jamming, decrypt communication is what attack?
RFID attack
Nfc attack
Reactive jamming
Radio frequency jamming
RFID attack
Running the 800 in track (tracking and 800 is a lot)
2 way wireless communication, used for payment systems and helps with blue tooth pairing, an access token/security card with short range encryption is what?
, NFC (near field communication)
Remote capture, frequency jamming/DoS, replay/on path attack, loss of device are security concerns for what?
NFC
RFID
DDOS
rDns
Nfc
Arbitrary, pseudo number used once that can’t be reasonably guessed for login process and helps to avoid a replay attack
Cryptographic nonce
Type of nonce that randomizes encryption scheme, used in encryption ciphers, WEP and some SSL implementations
Nonce
Hash
Salt
Initialization vectors
Initialization Vectors
Malware/Trojan does all the proxy work and the malware in your browser waits for you to login to your bank and other sites and steal your money/information is what kind of attack?
Spyware
On path browser attack
RAT
Logic bomb
On path browser attack
Attacker sending traffic with different source MAC addresses to force out legit MAC addresses on the table. This makes the switch a hub that will repeat information to all devices connected to it
MAC flooding
Acces to domain registration(determines dns names/ip addresses) to control traffic flows is what attack?
domain hijacking
Internet tracking your security posture, if bad can cause email rejections and errors that appear when someone tries to go to the website that tell them the website is not safe to access
Domain hijacking
Domain reputation
Domain registration
SQL injection
Domain reputation
Makes an application break or work harder, can be identified by anti virus, over use a cloud resource like cpu is what attack?
Application DoS
Hardware and software for industrial equipment, electric grid goes, offline, plant shuts down etc
RFID
Operational tech DoS
NFC
DDOS
Operational tech DoS
Shell Script is the Command line for windows system admins, extends command line functions, attacked through system admin/active domain admin/file share access
False, Windows powershell
She’ll script is unix/Linux
General purpose scripting language, popular, used for cloud orchestration for application instances, attacks happen in infrastructure of routers, servers, switches
Python
Macros
Automatic functions with application or os, can create security vulnerabilities, all they need is the user to open the file
Automatic processes within windows application, powerful programming language, run arbitrary code in document with CVE-2010-0815/MS10-031
Visual Basic for applications (VBA)
Entity responsible for an event that has an impact on the safety of another entity
Threat actor or malicious actor
An attacker in the network and undetected, constant attacks is an example of this
Advanced persistent threat
71 days in US
Script kiddies
Runs premade scripts without Knowledge of what’s really happening
When people at work use apps or software they’re not supposed to use
Script kiddies
Birthday attack
Shadow IT
Code injection
Shadow IT
Method a computer hacker tries to get into a computer system or network, a lot of work goes into finding these vulnerabilities
Attack vector
What type of attack vector do we lock data centers for, they try to modify OS, attack keylogger for passwords, transfer files or DoS?
Direct access
This attack vector modifies access point config, rogue/evil twin
Direct access
Removable media
Email
Wireless
Wireless
Biggest attack vector, phishing, social engineering
Cloud
Email
Removable
Wireless
This attack vector tampers with infrastructure or manufacturing process with malware
Cloud
Supply chain
Social media
Removable
Supply chain
Which attack vector is publicly facing applications and services with security misconfiguration, brute force/orchestration/DoS attacks?
Cloud media
Social media is fake friends, user profiling for information on you
What attack vector gets around fire wall, has malicious software on usb flash, Data exfiltration and allows usb to act as keyboards?
Removable media
Open source intelligence makes decisions to best prevent hackers and attackers
False, threat intelligence
OSINT is publicly available through discussion groups/internet
Threat intelligence services, compiled threat information, constant threat monitoring
Closed/proprietary intelligence
Who’s line is it prop scene with Wayne Brady triple threat
Public/private sharing center
Includes the CTA where members upload threat intelligence with scores on how severe, sharing of cyber threat information
Intelligence industry standard for sharing threat data that includes STIX and TAXI
AIS, Automated indicator sharing
describes cyber threat info, includes motivations/response information
CIST
NIST
STIX
TAXII
STIX
TAXII securely shares STIX data
Event that shows an intrusion, unusual amount of activity/file hash values change/uncommon login patterns
IOC
Analyze large amounts of data to find suspicious patterns, identifies dns queries/location/traffic pattern behavior, early warning system, machine learning
Dark web intelligence
AIS
Predictive analysis
Threat map
Predictive analysis
identifies attacks and trends and file/code repository shows what the hackers are building, see what code accidentally releases
Threat map
Sharing center
AIS
Code reuse
Threat map
They know the product better than anyone and know the problems/vulnerabilities
Threat research
Vendor websites
Local industry groups
Vulnerability feeds
Vendor websites
Vulnerability feeds, conferences, academic journals request for comments , local industry groups, threat feeds and social media are great for threat research
True
These proactively look for threats by searching data and networks, look for what adversaries are doing
TTP (tactics, technique, and procedures)
No Security, anyone can access, change or take anything from. Computer or a file or folder. Increasingly common with cloud storage
Open permissions
Zero day attack
Unsecured root accounts
Default settings
Open permissions
When the Most powerful key for your computer system that allows you to control and make big changes is not locked. Can be by a MIs configuration
Weak encryption
Unsecured root account
Open port
Default settings
Unsecured root accounts
Most common encryption issue
AES
3DES
SSL
TLS
TLS
Takes advantage of default configurations/IoT devices, cameras, routers, garage door openers etc
Unsecured root account
Weak encryption
Mirái Botnet
Insecure protocol
Mirai botnet
Hardware and software from a 3rd party can contain malware
True
For outsourced code development make sure the development systems should be isolated, test encryption and check for back doors
True
Intelligence fusion
Overwhelming amount of data/types, split into security operation/security intelligence/threat response teams, fuse data together with diverse datasets
Logs/sensors/intrusion detection/internet events, focus on predictive and user behavior analytics
Threat hunting
Intelligence fusion
Fusing the data
Cybersecurity maneuvers
Fusing the data
Moving firewalls and is, firewall rule/block ip address, delete malicious software, automated maneuvers
Fusing data
Cybersecurity maneuvers
Intelligence fusion
Threat hunting
Cybersecurity maneuvers
Threat hunting
Find attacker before they find you, intelligence data is reactive
Minimally invasive, port scans, identify systems and devices, detects insider threats is what?
Vulnerability scanning
gathers information and doesn’t try to exploit a vulnerability is what type of scan?
Non intrusive
intrusive scan isTrying out a vulnerability to see if it works
is not having password what kind of scan?
Non credentialed
A credentialed scan is when a normal user emulates an insider attack
Having a key to a house and non is looking at house from outside. Credentialed is more effective because you can see inside house
Application scans are desktop/mobile scans
web application scans are for software on a web server
This scans misconfigured firewalls, open ports, vulnerable devices
Systems scan
Application scan
Web application scan
Network scan
Network scan
A vulnerability that is identified but doesn’t actually exist is a false negative
False, false positive
False negative is a vulnerability exists but you didn’t detect it
Includes data inputs for authentication attempts/vpn/firewall session logs/denied outbound traffic/network utilization and packet captures of network packets/critical alert/capturing everything is data for what?
Siem data
detects insider threats/identify target attacks/catches what DLP and Siem systems might miss
user and entity behavior analytics (UEB)
Sentiment analysis is public discourse correlated to real world behavior/hate you they hack you/social media as barometer
Soar
Security, orchestration, automation and response
Automate routine/tedious/time intensive activities
Rules of engagement
Defines purpose, scope and penetration test parameters. Includes: IP address ranges, emergency contacts, handling sensitive information, in/out of scope devices
Try to break into system, can cause DoS/data loss, buffer overflows/gain privilege escalation, password brute force, social engineering, injections
Risk
Soar
Threat actor
Exploiting vulnerabilities
Exploiting vulnerabilities
Getting into network is difficult but inside of network is relatively unprotected
Lateral movement
Rules of engagement
Pentest aftermath
Threat actor
Lateral movement
Initial exploitation, lateral movements, persistence (setting up a way to get back in with a back door, pivot is the process for what?
Pentesting
Getting access to one system that allows you to get access to others
Initialization vector
Pivot
Persistence
Lateral movement
Pivot
Friends ross
Leave network in original state, remove binaries or temp files, remove back doors, delete user accounts created is what?
Sandbox
Pentest aftermath
Quarantine
Order of volatility
pentest aftermath
Cat
On a Linux server, combine the contents of both files to a single document would be what command?
Which provides a framework for better understanding techniques which may be used by a potential attacker?
Mitre att&ck
Cyber kill chain
Osi
Ieee
Diamond model
Mitre att&ck
Which is categorized as an operational security control?
Security policy
Firewall
Hot site
Warning sign
Security guard
Security guard
A network admin has identified a device sending a large amount of traffic to an external ip address. The computer is powered on, but the user is on vacation. Which is most like reason for this traffic?
Botnet
Logic bomb
MAC spoofing
Skimming
Botnet
A package delivery receipt includes signature of receiving party. Which describes signature on receipt?
Something you are
Something you have
Something you can do
Something you are
Something you know
Something you can do
A user digitally signs all email messages sent to external recipients. Which of the following would be used to provide this functionality?
SaaS
IPSec
Ldaps
S/mime
SRTP
S/mime
Security engineer runs monthly vulnerability scan. Scan doesn’t list any vulnerabilities for windows servers, but a significant vulnerability was announced last week and no servers are patched yet. Which best describes?
Exploit
Credentialed
Zero day attack
False negative
False negative
is monitoring packets on network through ping scans, port scans, os scans and looks at nmap. People are able to see reconnaissance
Active footprinting
passive footprinting is utilizing open sources such as social media, Reddit, and corporate websites to learn information
Red team is offensive attacking, blue team is defensive protecting security, purple team is red and blue collaborating and white team manages the interactions between red and blue teams
True
These should be performed often, check against well documented baselines and if failed would require immediate correction
Integrity measurement check
Standardized naming/numbering for cables and devices in your environment so everyone knows where equipment is located in data center/rack.
Standard naming conventions
Ex for devices asset tag names/numbers, networks have port labeling, user account names
Ip schema
Knowing what ip addresses are used at what locations. Ranges, subnets, hosts per subnet, reserved addresses
Data is on a storage drive, network and in a CPU. It is protected by encryption and has different permissions for users
True
Data that resides in a country is subject to the laws of that country
Data masking
Data in use
Data at rest
Data sovereignty
Data sovereignty
Data masking
Hide some of original data with obfuscation, protects PII. Last 4 digits on a receipt for credit card but the rest not shown
Original information is plain text, encrypted form is ciphertext
True data encryption
changing one character of the input and many characters change of the output
diffusion,
Confusion is the encrypted data is drastically different than the plain text
Data at wha, encrypts entire data, applies permissions with ACL’s and authorized users and is on a storage device
Data at rest
Data in use is data over network without much protection, includes network based protection, need to provide transport encryption like TLS or IPSec
False, data in transit
Data in use is actively processing in memory. Data is always decrypted and attackers take straight from RAM
Replace sensitive data with a non sensitive place holder. Storing a ssn number as a different number. Common with credit card
Tokenization
IRM information rights management
Limits the scope of what someone can do with a document
Examines everything going into and out of a device
Endpoint dlp
Located between users and the internet , block custom defined data strings, prevent file transfers to cloud storage, block virus/malware
Cloud based dlp
Data in Motion is on your network and data at rest is on your server
True
Views information within encrypted data to see if anything malicious is in it. Has to be specially configured and done with your device trusting browser
Tls inspection
IPSec
Dlp endpoint
DLL injection
Tls inspection
TLS encryption works if Browser checks a web servers certificate was signed by a trusted CA
True
It’s a special list of things that a computer or a program can do. Instead of going into the computer and telling it exactly what to do, you can use this just like you use the menu at a restaurant, to ask the computer to do specific tasks. This tells the computer how to do those tasks, and it gives you back the results, just like a waiter brings you the food you ordered from the menu.
API
Authentication to legitimate users, authorization for users to have limited roles, and uses a WAF for security
CPU
Vulnerabilities
Syslog
API
API
Multiple honey pots is called what?
honey net
Bait for honeynet is called honeyfiles
True
Trying to get machine to think malware is actually something good through machine learning so it won’t be able to identify it
Fake telemetry
Dns that gives out incorrect ip addresses, attacker can redirect to malicious site, can also redirect malicious domains to being ip addresses which is good, can integrate with firewalls
Dns sinkhole
You only handle development is software as a service
False, PaaS
Broad description of cloud models, services delivered over the internet, IT function changed into service
Xaas anything as a service
Handle aspects of tech for clients, can be cloud service provider, provides network connect management/disaster recovery/growth management, can focus on IT security
MSP managed service provider
Latency with cloud too far away, limited bandwidth, difficult to protect data and requires internet connectivity are issues for which type of computing?
Cloud
Edge
Fog
Network
Cloud, massive data storage and instant computing power
30 billion IoT devices, processes data locally/on the device, storage, no latency or network requirements, does not need cloud to process data is fog computing
False, Edge computing
Fog is cloud + IoT to extend cloud
What type of computing has no latency because data is local, no bandwidth requirements, minimizes security concerns, and provides long term analysis
Cloud
Fog
Edge
Network
Fog
Applications run on a remote server, VDI/DaaS instead of physical devices, only local devices are KB/mouse/screen
Thin client, minimal OS on client but needs big network connectivity
Runs many different OS on the same hardware, each app has its own OS
Virtualization
Isolated process in a sandbox, apps can’t interact with each other, uses host kernel and secure separation between applications
Container
One big application that does everything, contains all decision making process/code challenges
Monolithic
API
is the glue for micro services, built in containment, outage containment and scalable
Serverless architecture where apps split into individual functions, ran in a stateless computer container, managed by third party and May only run for 1 event
Function as a Service
Transit gateway, pool of resources created in a public cloud, many are created, cloud router, on different subjects and connected through vpn
Azure
FaaS
SIAM
VPC
Virtual private cloud
Azure
specifies which resources can be provisioned and amazon specifies resources/permitted actions-list users, allow api access from ip address range
Service integration and management
Many different service providers (multi sourcing) integrates diverse providers
Directly programmable, agile to make changes dynamically, centrally managed with open standards, no human intervention
Software defined networking, control and data plane
Needs to see data to secure it, devices include: NGF/WAF/Siem, encapsulates data with VXLAN/TLS, monitor application traffic with real time traffic flow, can control traffic flow via api is what?
Software Defined Visibility
I’m virtualization you have built too many servers/networks and firewalls, can’t tell which VM’s are for which apps
VM Sprawl
VM escape protection
Breaking out of VM and interact with host operating system or hardware, huge exploit because control virtual network
A sandbox is an isolated testing environment
True
Dismantling and removing an application instance is de provisioning and provisioning is deploying an app (web server, database server etc)
True
elasticity
increases or decreases available resources as the workload changes
Scalability increases workload in a given infrastructure
SQL databases with client sending detailed requests for data, limit client interactions is what?
Stored procedures
Memory management
Code reuse
Dead code
Stored procedures
Cryptographic nonce is Taking perfectly readable code and turning it into nonsense. True or False
False, obfuscation
Code reuse is when the results aren’t used anywhere else in the application
False, dead code
Code reuse is using old code to build new applications, watch for security risks
Helps protect against malicious users, attackers may not use your interface is what type of validation point?
Input
Server side
Client side
Version control
Server side, checks occur on server
What Validation point has end user app make validation decisions, filter legit input from users, provide additional speed
Input
Server side
Client side
Version control
Client side, use both server and client but server is more important
Extend functionality of a programming language
Third party libraries
A windows 10 exploit affects all windows 10 users unless the computers are running different software/applications with uniques binaries. What is the name of this preventive measure
Software diversity
Constantly written code that is merged into the central repository many times a day, need to document security baselines
Continuous delivery
Continuous deployment
Continuous Integration
Continuous scripting
CI
Which Continuous is more automation, auto deploy to production, no manual checks
continuous deployment
Continuous delivery automated testing and release processes, click button and deploy application
All usernames and passwords of a organizations database, authentication requests reference this, Kerberos or ldap
Attestation
SMS
Federation
Directory services
Directory services
Provide network access to others, partners/suppliers/customers etc, must establish trust
Federation
Attestation
Prove that hardware is yours , remote has operational report to verification server
This is authentication to a specialized app on mobile device
Push notification
Login factor sent to phone with predefined phone number is SMS and
True or false, Authentication apps are pseudo random token generators, physical or software token generators
True
Secret key and time of day, key configured ahead of time with time stamp
Time based one time password algorithm
HOTP one time password
Once a session with one login attempt, includes: HMAC algorithm (keyed hash) token based (hash different each time) hardware/software tokens
You can authenticate with both phone calls giving you a code and smart cards and a static code such as a pin or a password/phrase
True
False rejection rate is the likelihood that an unauthorized user will be accepted, not sensitive enough
False, false acceptance rate
False rejection rate is likelihood that an authorized user will be rejected, too sensitive
Defines overall accuracy of a biometric system, rate at which FAR and FRR are equal, adjust sensitivity to equalize both values is what?
True, Crossover Error Rate
Authorization is proving who you say you are with a password and other factors
False, authentication
Authorization is the accesses you have based on your identification and authentication
Internal monitoring and management, need internal expertise, external access must be granted and managed is what authentication?
Cloud
On premise
Multi factor
Biometric
On premise
What authentication factor is completing a series of patterns?
Something you do
Something you know
Something you have
Something you are
Something you know
Multiple links in network in case a link fails
RAID
Geographic dispersal
Load balancing
Multipath I/O
Multipath I/O
Ex. multiple fibre channels with multiple switches in case of failure
Raiders 0 is no fault tolerance
True
NICs talk to each other broadcasts
False,
Multicast
Ups is a short term backup power supply and a generator is long term
True
Hot swappable
Replace a faulty power supply without powering down
Provide multiple power outlets (in a rack)
Include monitoring and control by managing power capacity and enable or disable indv outlets
PDU
duplicates data from one data center to another
Use SAN-SAN
This includes redundancy by maintaining one VM and replicate all others (one big file) maintain copies anywhere
VM replication
Cloud storage is faster than on premise
False, cloud is always slower than local
All files changes since the last full back up
Full
Incremental
Differential
Non authoritative
Differential,
Incremental is all files changed since last incremental backup
Incremental is the fastest back up
True
A copy is an exact duplicate of a systemat one point in time
True
A disk is sequential storage, easy to ship and store, 100gb
False, magnetic tape
Disk is faster and deduplicate/compress
Run os from removable media, portable
Non persistence
Live boot media
Diversity
Order of restoration
Love boot media
What should be restored first?
Application
Server
Hardware
Database
Database
All cryptography is temporary
True, additional CA’s can provide additional protection
Embedded systems
Hardware and software designed for a specific function like digital watch, medical imaging system etc
Multiple components running on a single chip
System on a chip
Small form factor
Integrated circuit that can be configured after manufacturing. Common in infrastructure (firewall, routers)
FPGA
Cellular networking that runs at 10Gbits per second
5G
Uses to provide information to a cellular network provider from IoT devices, contains mobile details and embedded systems
5G
Subscriber Identity Module
Narrowband
Zigbee
SIM
Communicates analog signals over a slim range of frequencies, conserves frequency over long distance
5G
Subscriber Identity Module
Narrowband
Zigbee
Narrowband, used with IoT devices and SCADA
Single cable with a digital signal, bidirectional
Baseband
Subscriber Identity Module
Narrowband
Zigbee
Baseband
100base-to, 1000base-t, 10gbase-t
IoT networking, IEEE 802.15.4 PAN, alt. To WiFi and Bluetooth(less power consumption)
Zigbee
Embedded systems are not usually ran on a fully capable computer, they have limited features/communication (low cost)
True
Raspberry pie etc
What is a common constraint of embedded systems?
Power
CPU
RAM
Network
Power, cpu and network
Embedded systems commonly use authentication for security
False, typically none
Concealing an important facility in plain sight, blends into local environment
Industrial camouflage
Chemical fire you would use what to stop?
DuPont FM-200 (halon)
Site surveys, damage assessments you would use this
Proximity reader
Bollard
Faraday cage
Drone
Drone
Blocks electromagnetic fields, microwave oven inside
Faraday cage
Physically secure cabled network, protect cables/fiver and data, can’t cut the cables
PDS
Dual power
PDU
Hot swappable
PDS
Protected distribution system
Physical separation between networks, in shared environments; stock markets, SCADA, airplanes etc have these for protection
Air gap
Remove magnetic field, destroys drive data and renders drive unusable
Degaussing
Wiping data is is removing it from an existing data store
False, purge
Wipe is unrecoverable removal of data in a storage device, to be able to reuse on another system
What are added to encrypt a text?
Key
Cypher is the algorithm used to encrypt
Already built in and generates hashes from passwords
Key stretching library
Cryptographic key
Homomorphic encryption
Public/private sharing
Key stretching library
Used to secure IoT devices with limited power/CPU,
LW Crypt
Homomorphic encryption
Perform calculations while data is encrypted, directly on encrypted data, can only decrypt with price key
Single key to encrypt/decrypt data, if it gets out you need another key, secret key algorithm, doesn’t scale well
Symmetric encryption
Public key cryptography with 2 or more keys (public/private) need both to encrypt/decrypt. Both mathematically related
Asymmetric encryption
Key generation
combines a large random (prime) number with a key generation program to create a private and public key
Elliptic curve cryptography
Instead of numbers these use smaller keys than large prime numbers, smaller storage, perfect for phones
These can be a digital signature; authentication, non repudiation and integrity
Hashes
Verifies a downloadable file, compares downloaded file hash with the posted hash value
Collision
Practical hashing
Salt
Elliptical curve
Practical hashing
Digital signature does what
Proves message not changed (integrity)
Verify signature (non repudiation)
Sign with private key
Verify with public key
All the above
Don’t send the symmetric key over net, uses phone or in person is in band key exchange
False, out of band
In band is on network with additional encryption, use asymmetric to deliver symmetric key
Session keys are permanent
False, they are ephemeral (temporary) and need to be changed often
You can decrypt a web servers data if you have the private key and capture traffics. SPOF. Use this to change the method of key exchange
Pfs,
Uses elliptic curve or diffie helman for ephemeral key exchange
Steganography
is security through obscurity
Name 3 types of steganography
-embed messages in tcp packets
-place in image
-invisible watermarks
-digital audio files
-sequence of images
0’s and 1’s and combos of them used to search large data bases
Steganography
Post quantum cryptography
NTRU
Quantum superposition
Quantum superposition
Crypto system not vulnerable to quantum computing. Instead of using prime numbers it uses closest vector problem.
NTRU
random stream Quibits (key) across quantum network, if both keys are identical then it wasn’t viewed during transmission, someone seeing it would modify data stream and keys not be the same
QKD
Stream cyphers are mostly used with asymmetric encryption
False, symmetric
Block cyphers
What are symmetric encryption that are often 64 or 128 bit and each bit is encrypted or decrypted separately
Simplest encryption mode, each block encrypted with same key
ECB
Each plaintext block is XORed with previous cipher text. First block is IV and adds randoms
CBC
CTR
Acts as a stream cipher, encrypts successive values
Galois/ Counter Mode
Encryption with authentication, part of block mode, efficient without latency, used in packet used data;IPSec, tls etc
A block chain is a distributed ledger that keeps track of transactions, replicates to anyone
True
Low Power devices/low latency need larger symmetric key sizes and use ECC for asymmetric encryption
False, use smaller key sizes
High resiliency needs larger key sizes
Match these to the below; integrity, authentication, non repudiation
Validate content with hashes
Password hashing
digital signature
Integrity- Validate content with hashes
Auth-Password hashing
Non repudiated-digital signature
Public key encryption and digital signing of mail content
S/MIME
SRTP
NTPsec
HMAC
S/MIME
FTPS is SSH file over FTP
False, FTP over SSL
SFTP is SSH file over FTP
SASL
Provides authentication using many different methods is
Users access of data and applications is what?
endpoint
DLP is preventing data being lost
Kernel
This has complete control of OS
Specification for cryptographic functions used by apps within os, random number generator, versatile memory
TPM
This verifies a boot loader with a signed trustee certificate or digital signature
Hardware module
Trusted Boot
Boot integrity
Secure boot
Secure boot
Bootlisder verifies digital signature of os kernel, kernel verifies other components, then checks every driver if trusted
Hardware module
Trusted Platform Module
Trusted Boot
Secure boot
Trust boot
Remote Attestation
Device provides operational report to a verification server
Sending random input to an application; robustness testing, fault injecting, negative testing
Fuzzing
Secure cookies
Salting
Hashing
Fuzzing (dynamic analysis)
These prevent XSS attacks, add to web server configuration, only allow local script sites
Fuzzing
Secure cookies
Salting
HTTP secure headers
HTTP secure headers
Decisions in os, application hash, certificates, path and network zones are examples of what?
Fuzzing
Allow lists
Salting
HTTP secure headers
Allowed lists
Help identify security flaws, can automate finding a hidden vulnerability in a source code
Static application security testing
Registry
Primary configuration database for windows
Encryption for this prevents access to application database files
Disk
FDE, SED, Opal storage specification
-Hardware based full disk encryption, no OS
-encrypt everything on drive, bit locker
Full disk encryption- encrypt everything on drive, bit locker
-Self encryption drive-Hardware based full disk encryption, no OS
Opal Storage- 
send to server with lowest use
Weighted round Robin
Round Robin
Dynamic round round robin
Active/active load balancing
Dynamic round Robin
Round Robin, Each server is selected in turn
Weighted round Robin prioritizes a server
extranet
Private network for partners/ vendors, suppliers, needs additional authentication is what?
Intranet is private network for internal use only, vpn access only
North/south traffic is the ingress/egress to an outside device, internal web server inside data center communicating to an external web server
True,
East to west is traffic flow in a data centers, 2 web servers inside same data center communicating to each other
Encryption/decryption access device, used with client software built into os, many deployment options
Concentrator
Language commonly in web browsers, includes api and web cryptography, create vpn tunnel without a separate vpn application
HTML5 vpn
Everything sent from remote user is sent to vpn concentrator and the concentrator decides where the data goes
Split
Full
Site to site
L2TP
Full
Always on, firewall acts as vpn concentrator between remote user and corporate resources
L2TP
Site to site
Full
Split
Site to site
Connecting sites over a layer 3 network as if they were connected at layer 2, implemented with IPSec
Site to site
Full
L2TP
Split
L2TP
IPsec
Security for layer 3, authentication and encryption for every packet, confidentiality and integrity
Transport mode encrypts both the data and IP header
False, tunnel mode
Use this if you only care about integrity of data, hash of packet and shared key, prevent replay attack
ESP
AH
L2TP
IPSec
AH,
ESP encrypts and authenticates, more common to use, combined with AH for the integrity
802.1D
Prevents switching loops
BPDU guard
,
This bypasses listening and learning states, spanning tree control protocol, work stations don’t send these
Ip tracking on layer 2 device, switch is a firewall for tus, switch watches these conversations, filters invalid information
DHCP snooping
Descruces process of controlling traffic flows, many methods is
QoS
No NAT, no ARP, IPSec built in for ipv4 security
False, ipv6 security
Port redirection, software based and limited functionality
Port mirror
These limit the number of broadcasts per second, can also control multicast and unicast traffic, managed by values
Switches
STP
BPDU guard
NGFW
Switches, managed
Filter traffic by port number or application, encrypt traffic between vpn sites, layer 3 device, incorporating NAT
WAF
Network based firewall
Stateless firewall
NGFW
Network based
Application layer, all data is in every packet, each packet analyzed
State full firewall
Network based firewall
Stateless firewall
NGFW
NGFW
Applies rules to https, allows or denies based on input, used for payment cards, sQl injection
WAF
Network based firewall
Stateless firewall
NGFW
WAF
Firewall ACL’s are from top to bottom
True, also includes implicit deny
True or false, Opening source firewalls include application controls and high speed hardware
False, proprietary
Open source is traditionally firewall function
Appliance provide faster throughput for firewall then host based
True,
Host based can view non encrypted data
This access control is Connecting internal network to the internet, mostly with firewalls, access control is inside or outside and trying to reach resources/access can be through location or user groups etc
Edge
integrated with Active Directory and makes health checks during login and log off is what?
Agentless nac
dissolvable agents- Not Installing permanent software, performs posture assessment and terminates when done
These are useful fit caching information, access control, url filtering and content scanning
Proxies
Internal proxy commonly to protect and control user access to the internet
Application proxy
Forward proxy
Reverse proxy
Open proxy
Forward proxy
Inbound traffic from Internet to your internal service
Application proxy
Forward proxy
Reverse proxy
Open proxy
Reverse proxy
3rd party uncontrolled proxy, significant security concern, used to circumvent existing security controls
Application proxy
Forward proxy
Reverse proxy
Open proxy
Open proxy
Connects an ips, redirects traffic by examining a copy of traffic. Does this through port mirror or network tap, does not block, just prevents
In band response
Passive monitoring
In line monitoring
Out of band response
Passive monitoring
Out of band response
Malicious traffic is identified, limits traffic , iPs sends tcp reset frame to disable traffic flow and prevent anymore malicious traffic
Ips sits physically in-line, all traffic goes through it first, prevents any malicious traffic from getting into netwok, drops bad traffic
In band response
High end cryptographic hardware, secures storage, offloads cpu overhead from other devices, used in large environments with clusters and redundant power
Hardware Security module
Access secure network zones, highly secured device, ssh/tunnel/vpn to this, security concern
Jump server
This is Proprietary consoles (firewall, ips) siem consoles (Syslog servers) aimed include correlation engine to compare diverse sensor data
Collector
WPA2-CCMP
Data confidentiality with aes, message integrity with cbc-mac
WPA3 PSK has a brute force problem
False, WPA2 PSK
WPA changes PSK to include mutual authentication, creates shared session key that isn’t shared over the network, no hashes/handshakes is now in WPA3 for SAE
True
Diffie Hellman derive key exchange with authentication component, everyone uses different session key, even with PSK is SAE
True, dragon fly handshake
This security mode authenticates users individually with an authentication server (radius) is WPA-PSK
False, WPA3 enterprise/802.1x
Allows for easy set up of mobile device through pin configured on access point entered on phone/push button on access point
Eap
PEAP
WPS
EAP-FAST
WPS
Authentication framework, many ways to authenticate based on RFC standard, integrates with 802.1x.
Eap
PSK is used in conjunction with access to to a database, radius/ldap/TACACS
False, 802.1x (port based network access control)
Authentication server and supplicant share a protected access credential (pac) (shared secret) needs radius server, authenticates over tls. *makes sure supplicant and authenticator can communicate in a tunnel
Eap-fast
PEAP
Eap
Captive portal
Eap-fast
Encapsulates eap in a tls tunnel, user authenticates with MSCHAPv2, user can authenticate with GTC. Uses digital certificates for authentication
Eap-fast
PEAP
Eap
Captive portal
PEAP
Requires digital certificate in AS and other devices. Uses mutual auth in order for a tls tunnel. Required PKI and legacy devices may not be able to use
Eap-fast
PEAP
Eap
Eap tls
Eap tls
Radius federation is members of an organization can authentication to network of another organization, uses 802.1x (NAC)
True
Supplicant- the client
authenticator- device that provide access authentication server- validates client credential
True
Eap-ttls
Supports other authentication protocols in a tls tunnel, needs one digital certificate on AS, used by all is what?
For wireless packet analysis, you can’t hear everything on the network if you are transmitting data
True
Configures, updates, and maintain all access points in an infrastructure
Controller
ESSID
802.1x
Eap-tls
Controller
Connections to buildings are point to multi point
False, point to point
Multi point is full connectivity between nodes
WiFi is WAN
Blue tooth is PAN- high speed communication over short distance
WiFi is LAN
DOS/frequency jamming, remote capture, stolen device, replay attack or man in the middle are common attacks against what?
RFC
NFC
Bluetooth
GPS
NFC
Mobile device management
Manage company owned and user owned mobile devices
Secure access to data, protect data from outsiders, file sharing and viewing, DLP for mobile devices
Mobile content management
Context aware auth
Authentication that combines multiple contexts; ip address, gps, other devices, emerging tech, what devices you frequent etc
Separate enterprise mobile apps and data, creates a virtual area for company data with limited sharing. Storage segments the data is what?
Containerization
Shrinks PCI express, security; key generation, digital signatures, authentication, secure storage
MicroSD HSM
Provision, update and remove apps, creates enterprise catalog, monitor application use, remote wipe
MicroSD
UEM
MAM
SEAndroid
Mobile application management
Addresses broad scope of system security for Linux/kernel/user space/policy configuration
MicroSD
UEM
MAM
SEAndroid
SEAndroid
Move from user assigned control to object labels and minimum user access
SEAndroid
manages android deployments
Applications can be used across different platforms by using this
MicroSD
UEM
MAM
SEAndroid
UEM
Rooting (android)/jailbreaking (Apple)
Install custom firmware, uncontrolled access, side load apps. You don’t need access to os
Company buys device, used as corporate and personal device, org has full control of device
Corporate owned personally enabled
Apps/data separate from mobile device, centralized app development, data separate from device
Corporate owned
VDI/VMI
COPE
CYOD
Virtual desktop infrastructure
Company owns device and is not for personal use use is CYOD
False, corporate owned
CYOD is similar to COPE but you choose your device
HA across zones are Availability zones, isolated locations with cloud region, independent power, build apps to be highly available, load balancers
True
This allows different os and applications to communicate across platforms, validates security controls
Integration/auditing
resource policies- Identity access management, map job functions to roles, provide access to cloud resources, centralize user accounts
API keys, password, certificates, difficulty to manage, authorize access to this, manage access control policy, provide audit trail
Secrets management
Resource policies
HA across zones
Integration
Secret management
Iam, bucket policies, globally blacking public access, don’t put data in cloud unless it needs to be there are examples of what?
Resource policies
Permissions
Replication
Cloud storage
Permission
Data already encrypted when sent to the cloud and performed by the application is client side encryption
True,
Server side encryption encrypts data in cloud and is encrypted when stored on a disk
is micro service architecture that view’s special api queries and monitors incoming/outgoing data
API inspection and integration
Manages computing resources such launchers/removesa vm or container, allocates resources
Iaas
Security groups
Virtual private cloud endpoint
Container security
Iaas
Dynamic resource allocation
Provisioned resources when needed, scaled up or down, ongoing monitoring
Instance awareness
Granular security controls, identifies specific data flows, files shares and defines set policies, denies certain uploads
Allows private cloud subnets to communicate to other cloud services, does not need internet connectivity
Virtual private cloud endpoint
Bugs, Insufficient security controls, Mia configurations are security issues for what?
Virtualization
Cloud computing
Container
Man I. The middle
Container
Cloud access security broker
Keeps data secure in the clouds, organization has defined security policies, implemented as client software, determines authorization of apps, compliance, threat prevention
This is one of the most common cloud security issues
Wireless
Applications
Storage
RAM
Applications misconfiguration
Protects uses and devices regardless of activity/location, examines api applications, examines JSON strings and api requests
Next gen secure web gateway SWG
Attributes
Identifier or property of an entity, name/email/department name etc., one or more can be used for identification
-ssh-keygen
Create a public/private key pair
Copy the public key to the ssh server
-ssh-copy-id host@user
-ssh-I’d user-copy@host
-keygen-copy-id user@host
-ssh-copy-id user@host
-ssh-copy-id user@host
-ssh user@host
No password prompt
Used exclusively by services running on a computer, no interactive, web/data base server, access defined for specific action is what kind of account?
Service accounts
What adds location metadata to a document or file, location based access rules, time based access rules?
Geotagging
geofencing is automatically allowing or restricting access when the user is in a specific location, don’t allow to run unless near office
All passwords in one location, credentials encrypted with unique passwords is a password vault
True
Use personal knowledge as an authentication factor
Knowledge based authentication
Static kba questions are based on an identity verification service, street number etc
False, dynamic
Static kba is pre configured shared secrets, used with password recovery (make and model of first car)
TPM
as a cryptographic processor that will generate random numbers or key generators, persistent memory with unique keys burned in?
Larg number of servers woukusing encryption would use an HSM, centralized storage
True
Encrypted authentication protocol that utilizes a 3 way handshake is PAP
False, CHAP
Pap is basic in the clear, weak and non encrypted
After a link is established, server sends a challenge
Client responds with a password hash calculated from the challenge and password
Server compares received hash with stored hash
3 way handshake
Trusted Platform process
Password vault process
Radius
3 way handshake
Used commonly with point to point tunneling and has security issues with DES, easy to brute force
IPsec
MS-CHAP
L2tp
802.1x
MS-CHAP, micro soft version of chap
Use L2TP, IPsec, 802.1x or another secure authentication method
Common AAA protocol, supported on a wide variety of platforms, centralize authentication for users, on any server
Radius
Network authentication protocol that you do not need to reauthenticate with and is used with Microsoft
Kerberos
Integrates with eap and prevents access to network until authentication succeeds
802.1x
Radius
Tacacs
LDAP
802.1x
Used in conjunction with either radius, Tacacs or ldap
Routers/switches/firewalls, sever authentication, remote vpn, 802.1x would authenticate with Kerberos
False, radius
Open standards for authentication and authorization, can authenticate from 3rd party, one standard does it all, issues with mobile apps
Federation
SAML
O auth
SASL
Security assertion markup language
Authorization framework, determine resources a user will be able to access, created by Google and others, openid connect handles SSO, authorization but not auth,
O auth
Users receive rights for authorization through what?
ACL’s
Windows groups
Access control models
Chmod a-w
access control models
Os limits operation of object based on security clearance, every object gets a label, admin decides who gets security access
DAC
Mac
Rbac
ABAC
Mac
Used in most os, spreadsheet/owner controls who has access, flexible but weak security
Discretionary access control
Rbac
is used in windows that use groups for access control
Users can have complex relationships to applications and data, many parameters
DAC
Mac
Rbac
ABAC
Attributes based access control
Ex resource info, ip address, time of day, data relationship
Generic term for following rules, access comes through system enforced rules, rule is associated with object
Rule based access control
Stores files and access to them, done through acls/user rights/central files, handles encryption and decryption
File system security
Difficult to apply old methods of authentication to new methods of working, constantly changing cloud, conditions, controls allow or block, can make complex access rules
Conditional access
Managing super user access with admin and root, store privileged accounts in digital vault, centralized passwords/automation/manage each user access/tracking and Audit
Privileged access management
Policies, procedures, hardware, software, people and digital certificates
PKI
Public key certificate that binds with digital signature from CA
RA
PKI
CA
Digital certificates
Digital certification
Key pair send the public key to the CA
Certificate signing request
Built in browser is commercial certificate
True,
Private certificates are in house with internal ca, for large organizations
Everyone receives certificates from multiple CA’s
False, one
Entity requesting certificate needs to be verified, approval or rejection, responsible for revocations
RA
PKI
CA
CSR
Registration authority
CN
Common name
FQDN for certificate
Manages certification revocation list
CRL
PKI
CA
CSR
CA
DV, EV, wildcard domain and SAN are what type of tickets?
Web server ssl
Web server user
Code signing
Root
Web server ssl
Owner of certificate has some control over dns domain
Domain validation
Additional checks have verified the certificate owners identity, show green name on address bar, ssl now outdated
Ev
DV
San
Wildcard
Extended validation certificate
Ext to x.509 certificate, lists addition identification information, certificate support many different domains
Ev
DV
San
Wildcard
Subject alternative name
Certificate are based on name of server, apply to all server names in a domain
Ev
DV
San
Wildcard
Wildcard
Developers provide level of trust/apps signed by developers, users os examines developer signature bf validate software
Code signing
Web signing ssl
Root
Self signed
Code signing certificate
Public key certificate that identifies root ca, issues other certificates
Code signing
Web signing ssl
Root
Self signed
Root certificate
Internal certificate not signed by public ca, build your own ca
Code signing
Web signing ssl
Root
Self signed
Self signed certificate
Putting a certificate on a device that you signed is what type of certificate?
machine and computer certification
User certificates is an id card with additional authentication factor
Cryptography in an email platform with public key cryptography, public key encrypts email/private key decrypts is what certificate?
email certificate
X.509
Structure of certification is standardized, format of file can take many forms
Format designed to transfer syntax for data structures, specifically coding format, binary, common with Java
Distinguished encoding rules
Common format, base64 encoded der certificate, format from CA’s, on many platforms, ASCII
X.509
DER
PEM
PKCS #12
Privacy enhanced mail
N64 pikachu unreal in smash
PKCS #12
Personal information exchange syntax standard, rfc standard, format for many x.509 certificates, used to transfer public/private key, PFX
Windows x.509 ext, encoded as der or as ascii pem format, public key and private is transferred in .pfx format
CER
PKCS #12
PAM
PKCS #7
Certificate
Cryptographic message syntax standard, store I. ASCII (human readable format), no private keys, wide platforms supported
CER
DER
PEM
PKCS #7
PKCS #7
Encrypts emails, received encrypted emails, digital signatures/private key digitally signs, non repudiated/integrity
CER
Email certificates
PEM
PKCS #7
Email certificate
Offline CA’s are bad and cannot be trusted
True
Provides scalability for these checks, CA responds to these client requests, doesn’t scale well, certificate holder verified status, in TLS handshake
Pinning
Certificate chaining
Key escrow
OCSP stapling
Online certificate status protocol stapling
Proves you are communicating on trustworthy tls server, this has expected certificate or public key to an application, keys don’t match then it shuts down
Pinning
Certificate chaining
Key escrow
OCSP stapling
Pinning
Cross certifying CA’s are for scalability with mesh
False, don’t scale well
Someone else holds encryption keys
Key escrow
List of all veers between server and root CA, starts with SSL cert and ends with root, anything in between us this
Certificate chaining
Web of trust is a single CA issues certain to intermediate CA’s
False, hierarchical
Web of trust is alt to traditional PKI
Takes advantage of ICMP TTL exceeded error message, TTL is hops, TTL=1 first router, TTL=2 2nd router is what command?
Tracert (windows) or trace route
This device filters icmp
Firewall
This command learns about devices, port scan for device and open ports, can determine OS, service scans and has additional scripts/vulnerability scanning
Nmap
Pathping
First phase runs a trace route to build map, 2nd phase measures round trip time and packet loss at each hop
TCP/IP packet assembler/analyzer that is a ping that can send anything
Hping
hping3 - - desport 80 10.1.10.1 modifies IP/TCP/UDP/ICMP values and is easy to flood and DoS
True
Show all active connections
Netstat -a
Netstat -n
Do not resolve names
Netcat
Read or write to the network, open port and send or receive traffic, listens on port number/transfer data/scans port, becomes backdoor
Locate active devices, arp, ICMP requests, tcp ack, ICMP timestamp is what?
ip scanners
Arp determined Mac address based on ip address
True
ARP -a
View local arp table
View devices routing table, find out which way the packers will go
Give windows and Linux commands
Route
Route print (windows)
Netstat -r (Linux)
Cur1
Client url, retrieve data using a url, web pages, ftp, grabs raw data from search
Gathers osint, finds associated ip addresses, names from linked in, pho keys by email domain, dns brute force is what command?
theHarvester
Combine many recon tools into a single framework, non and intrusive scanning options
Sn1per
What Run port scans from different hosts, port scan proxy, ip is hidden scan source?
Scanless
Dnseum
Enumerated dns information, view host from dns servers, find host names on Google
Nessus
Industry leader in vulnerability scanning, checklist of issues/extensive reporting
Cuckoo
Sandbox for malware, virtual environments, api calls and network traffic/memory analysis, traffic captures, screenshots
View first part of a file
Head
- head -n 5 syslog uses n to specify what?
Number of lines
Tail
View last part of a file
Cat
Link together in a series
Concatenate
- cat file1.txt file2.txt copies a file to a screen and - cat file1.txt file2.txt > both.txt copies a file to another file
True
Change mode of a file system object, set for file owner (u) group (g) others (o) or all (a)
Chmod
X= execute
-chmod 744 first.txt is user to read write execute, group is read only and other is read only
True
Type of change mode to All users, no writing to first text
Chmod a-w first.txt
Owner of script.sh can execute the file
Scanless
Cur1
Chmod u+x
Chmod a-w
Chmod u+x script.sh
Add entries to system log, syslog is what?
Logger
-logger “This information is added to syslog” is useful for including information in a local or remote syslog file, included as part of automation script and log an important event. True or false
True
Command line for system administrators, .ps1 file extensions
SSH
Power shell
Python
OpenSSL
Windows power shell
Toolkit and crypto library for this, create/manage x.509 certificates and requests and CRLs, supports many hashing protocols, encryption
OpenSSL
Packet replay utilities that edit packet captures, check ip signatures/firewall rules, looks at traffic in Netflix and evaluates security performance devices is what?
tcpreplay
captures packers from command line and displays packers on screen and write packers to a
tcpdump
Wire shark is a graphical packet analyzer that gathers frames on network and can be built into the device with extensive decodes
dd
Includes an ibm mainframe and data definition, bit by bit copy of a drive
Create a disk image is - dd if=/dev/sda of=/tmp/sda-image.img
Restore from an image is -dd if=/tmp/sda-image.img of=/dev/sda memdump
True
Winhex
Universal hexadecimal editor for windows os that edits disks/files/ram, clones disks, hard drive cleaning is
Ftk imager
Access data forensic drive imaging tool, widely supported, full disk encryption, import other image formats
Perform digital forensics of hard drives, extract many different data types
Autopsy
Metasploit
Attack known vulnerabilities is what?
Ñame 2 nist sp800-61 security incidents handling guide incident life cycle stages
Preparation
Detection analysis
Containment, eradication, and recovery
Post incident activity
This monitoring detects configuration changes like system files
Host based
Phased approach to fixing a system after an attack
Reconstitution
Performing a full scale disaster drill before an event
Walkthrough
Exercise
Tabletop exercise
Simulation
Exercise
Not having to physically go through a disaster drill
Walkthrough
Exercise
Tabletop exercise
Simulation
Table top exercise
Include responses, test processes before an event and go through each step to identify faults
Walkthrough
Exercise
Tabletop exercise
Simulation
Walkthrough
Testing an event like phishing email is which prevention exercise
Simulation
Using paper when a computer goes down is an example of what plan?
Coop (continuity of operation planning)
Determines actions of an attacker: identify point of intrusion, understand methods to move around, look at security techniques to block future attacks
Diamond model of intrusion
Incident response
Mitre attack
Siem
Mitre attack
Apply scientific principles to intrusion analysis/measurements and looks simple but is complex, adversary deploys capability over some infrastructure against a victim
Diamond model of intrusion
Diamond models co sits of what?
adversary, infrastructure, victim and capability
Cyber kill chain, name 2
Reconnaissance- gather intel
weaponization- build deliverables to include a backdoor
delivery- deliver executable over email
exploit- execute code on victims device
installation- malware installed on os
command and control- C2 channel created for remote access
actions on objectives - attacker can remotely carry out objectives
Is what?
A vulnerability exists but you didn’t detect it is a false negative
True
Switches, routers, ap’s, vpn concentrators and infrastructure devices are what kind of logs?
Network
System
Applications
Security
Network logs
Os, security events, requires filtering, extensive
Network
System
Applications
Security
System
Windows event viewer, Linux macOS parse log details on siem, specific to this log
Network
System
Applications
Security
Application
Blocked and allowed traffic, exploit attempts, blockier categories, dns sinkhole, firewalls and critical protection information
Network
System
Applications
Security
Security
Ip address, access errors, unauthorized attempts, server start up and shut down activity
Network
System
Authentication
Web
Web log files
View lookup requests, ip address of the request, malware sites and queries to bad urls, block or modify bad requests
Network
DNS
Authentication
Web
Dms log files
Know who logged in or who didn’t, account name, source ip, auth method, identify brute force and multiple failures,
Network
System
Authentication
Web
Authentication log files
Store all contents of memory into diagnostic file, reste in windows task manager, some apps have their own of this log file
Dump log files
View inbound and outbound call info, audit trail, includes sip information
VoIP and call manager
System
Dump
DNS
VoIP logs
Rsyslog is a popular Syslog daemon with additional filtering/storage and NXlog is a collection from many diverse log types
False, syslog-ng,
Rsyslog is a rocket fast system for log processing
Linux log, stored in binary, optimized for storage and provides method for querying system journal with search and filter
Jountslalctl
Bandwidth monitoring is percentage of use over time
True, snmp, Netflix, SFlow, ipfix
Describes other data sources like mobile/web/files etc
Jountslalctl
Metadata
Rsyslog
NXlog
Metadata
This gathers traffic flow by a probe watching network and summary records sent to collector
Netflow
Templates used to describe data, newer Netflow is what?
ipfix
Sflow is sample of actual network traffic, embedded in routers/switches
Protocol analyzer
This solves complex application issues, gathers network packet, and views detailed traffic information
End user device like a pc is an endpoint
True
Decisions made into os, only allow apps with unique identifiers, allow digitally signed apps from publishers, only run apps in folders or network zone are
Kernel
Macro
CRL
Approval lists
approval lists
Enable it disable phone and tablet functionality, regardless of physical location
Mobile device manager
Block transfer of pii or sensitive information
DLP
Content filtering
Limit access to untrusted websites, block know malicious sites, blocklists share suspicious site urls
Admin isolate compromised device with malicious software from everything else/network is containments
False, isolation
Containment is running app in sandbox, limit interaction with os and multi device security
Sepárate network, prevent unauthorized movement and limit scope of breach is segmentation
True
Includes run books of linear checklist steps to perform and playbooks with conditional steps to follow with a data breach, integrates 3rd party tools and data sources
Security orchestration automation and response
Collect and protect information relating to an intrusion, RFC 3227 guideline for evidence collection
Digital forensics
Legal technique to preserve relevant information, hold notifications, electronically stored information, ongoing preservation
Legal hold
Not all data can be used in a court of law, legal authorization, laboratories, technical qualifications
Admissibility
Control evidence by maintaining integrity, use hashes and everyone contacts evidence/labels everything,
Digital forensics
Legal hold
Admissibility
Chain of custody
Chain of custody
Fat time is stored in gmt
False, ntfs
Fat is stored in local time
Below is least volatile to most
CPU registers, cpu cache
Router table, arp cache, kernel, memory
Temporary file systems
Disk
Remote logging/monitoring data
Physical config, network topology
Archival media
False, most to least
How long data sticks around
volatility
Changes constantly and is difficult to capture, memory dump
RAM
Swap/pagefile
Used by different os system, place to store ram when memory is deleted, more space on storage drive, portions of application, similar to ram dump
Snapshot
Associated with virtual machines, original image is full back up, each of these is incremental from the last
Artifacts
Digital items left behind, every contact leaves a trace, log info/flash memory etc
CPU cache is long term instruction storage
False, short term
A legal agreement to have the option to perform a security audit at any time
Right to audit clause
Data in different of these may be bound by different rules, data stored in cloud may not be located in same country, data center can determine its treatment
Forensic cloud
Right to audit clause
Regulatory/jurisdiction
Data breach notification law
Regulatory/jurisdiction
Protects against accidental changes during transmission, relatively simple integrity check, not designed to replace hash
Checksum
Provenance
Preservation
E-discovery
Checksum
Documentation of authenticity, chain of custody for data handling, blockchain tech
Checksum
Provenance
Preservation
E-discovery
Provenance
Handling evidence, manage collection process, live collection
Checksum
Provenance
Preservation
E-discovery
Preservation
Gathers data required by legal process
Checksum
Provenance
Preservation
E-discovery
E-discovery
Focus on key threat activity for a domain, prevent hostile intelligence operations is
strategic intelligence/counter intelligence
Technical controls are controls that are implemented by people, security guards/awareness programs
False, Operational
Technical is systems like firewalls or antivirus
This type of Control addresses security design, security policies, SOP’s
Technical
On premise security
Managerial
Peap
Managerial
Physical contrincante access, door lock, security guard, firewall
Preventive
Detective
Corrective
Deterrent
Preventive
May not prevent access, identifies and records any intrusion attempt, motion detector, ips/ids
Preventive
Detective
Corrective
Deterrent
Detective
Designed to mitigate damage, ips can block attacker, backups mitigate ransomware, or storm
Preventive
Detective
Corrective
Deterrent
Corrective
May not directly prevent access, discourage intrusion attempts, warning sign, login banner
Preventive
Detective
Corrective
Deterrent
Deterrent
Doesn’t prevent attack, restore using other means, restore from backup, hot site, backup power system
Preventive
Physical
Corrective
Compensating
Compensating
Fences, locks, mantraps, real world security
Preventive
Physical
Corrective
Compensating
Physical
Compliance
Meeting standards of laws, policies, and regulations, across many aspects of business, penalties and scope
Ray regulation for data protection, control export of personal data, individual has control of their personal data, details privacy rights for user
General Data Protection Regulation
Payment card industry, data security standard for protecting credit cards
GDPR
PCI DSS
Security framework
Compliance
PCI DSS
What is this?
Build and maintain secure network systems
Protect cardholder data
Maintain vulnerability management program
Implement strong access control measure regular monitor networks
Maintain information security policy
PCI DSS
6 steps for NIST RMF
Categorize- define environment
Select- pick appropriate controls
Implement- define proper implementation
Asses- determine if controls are working
Authorize- make a decision to authorize a system
Monitor- check for ongoing compliance
Practical and actionable tasks for it professionals for cyber defense is what?
center for internet security
Cis is the alignment of standards, guidelines, and practices to framework core
False, framework profile inside Nist CSF
Ido/iec 27001
Standard for an information security management system
27 ISO
Ido/iec 27002
Code of practice for information security controls
Ido/iec 27701
Privacy information management
ISO 31000
International standards for risk management practices
Type 1 audit tests controls in place at a particular point in time
True
Type 2 tests controls over a period of at least 6 consecutive months
Cloud controls Matrix
Cloud specific security controls, controls are mapped to Standards, best practices and regulations
Enterprise architecture
Methodology and tools, asses internal it groups and cloud providers, determine security capabilities, build road map
This hardens what, banner information, directory browsing for info leakage , run permissions from non privileged account, configure ssl, monitor log files
Web server
This gardens what, updates/patches, user account with password complexity, limit network access, anti virus/malware
Web server
Os
Application
Network infrastructure
Os
This hardens what, runtime/programming language b/w web server and database, disable unnecessary services, security patches, limit rights and access from other devices
Web server
Os
Application
Network infrastructure
Application
This hardens what, switches/routers, embedded os with purpose built in device, don’t use default configuration, manufacturer security updates etc
Network infrastructure
What use is allowed for assets of the company is what?
acceptable use policy
Job rotation so no one has total control, mandatory vacations, separation of duties, clean desk policy are examples of least privilege
False, business policies
NDA, prevents use of confidential information, social media analysis
AUP
Personnel security procedures
Business policies
User training
Personnel security procedures
Gamification, capture the flag/hacking, phishing simulation, computer based training are examples of what?
AUP
Personnel security procedures
Business policies
User training
User training
An adverse action is someone failing a background check
True
Mínimum terms for services provided, used between customers and service providers
Service level agreement
Don’t make decisions based on incorrect data, used with quality management systems like 6 sigma, calculate measurements uncertainty
BPA
MOU
MSA
EOSL
Measurement system analysis
Manufacturer stop selling product, no more support for product
BPA
MOU
MSA
EOSL
End of life or end of service life
Rules, processes. And accountability associated with an Organization’s data
Data governance
Data steward
Data classification
Data retention
Data governance
Manages governance process, data accuracy/privacy/security, associate’s sensitivity labels to the data, ensure compliance with applicable laws
Data steward
Identify data types and compliance
Data governance
Data steward
Data classification
Data retention
Data classification
Keep files that change frequently for version control/files change often, recover from virus infection, often legal requirements with different storages
Data governance
Data steward
Data classification
Data retention
Data retention
Passwords must be embedded in the application, everything needs to be on the client side, not the server side
False, server side not client side
Personnel accounts have no privileged access to os
True
Web server rights and permissions will be the same as the data base server
False, different
An account that has Elevated access to one or more systems, complete access to drivers, not used for normal administration, highly secured is what?
an admin/root account
Change control steps. Name 2
Analyze risk associated with change
Create a plan
Get end user approval
Present proposal to change control board
Backout plan if change doesn’t work
Document changes
Theft of ideas/inventions/creative expressions is intellectual property theft
True
Every project has a plan with risk, document risk with each step and apply solutions, monitor results
Risk register
Risk control assessment
Risk matrix
Inherent risk
Risk register
Risk matrix
View results of risk assessment, risk based on color, likelihood of an event with potential impact,
Impact + likelihood, risk exists in absence of controls
Inherent risk
Inherent risk +control effectiveness, risk after controls are considered, models based on on including additional controls
Risk register
Risk matrix
Inherent risk
Residual risk
Residual risk
Risk determined, cybersecurity requirements, formal audit, security based on requirements, exist controls are good or not
Risk control assessment
Co Stanton changing backfield, overwhelming amount of information, knowledge is key
Risk awareness
Risk matrix
Inherent risk
Risk control assessment
Risk awareness
Likelihood, annual rate of occurrence, single loss expectancy, annual loss expected are types of what?
Risk awareness
Risk matrix
Quantitative risk
Risk control assessment
Quantitative risk
Impact
Life, property, safety, finance, reputation is what?
What recovery plans should consider in unique environments? Name 2
Application
Personnel
Equipment
Work environment
Récords are sorted and stored
Distribution
Use
Maintenance
Disposition
Distribution
Use
Make business decisions
Maintenance
Ongoing data retrieval and data transfers is what?
Disposition
Archiving or disposal of data is called what?
Notices
Terms of service and conditions, awareness
Data classification that is property of an org, including trade secrets and unique data to org
Proprietary
Hashing and masking are examples of what?
Anonymous zation
manages the purposes and means by which personal data is processed
Data controller
is responsible for data accuracy, privacy and security
Data custodian or steward
Data that is property of an organization
Proprietary
Security admin needs to search a storage drive to get email messages and browser histories. Which?
Autopsy
Using an automated teller machine with a pin and debit card
Something you know
Something you have
Something you are
Something you do
Something you have/know
Airport check in process requires photo identification
Something you know
Something you have
Something you are
Something you do
Something you are
Door to data center requires a id card and handprint
Something you know
Something you have
Something you are
Something you
Something you are/have
Main door to a building uses 2 separate keys on a key ring
Something you know
Something you have
Something you are
Something you
Something you have
A users browser will only send session keys over an encrypted connection
Code signing
Input validation
Static cookie analysis
Secure cookies
Fuzzing
Secure cookies
A security admin is gathering data from a compromised host. Which should be gathered first?
Any previous backups
Memory dump
Drive image
Default router configuration
/tmp directory contents
Memory dump
A company loses $1,000 each time a tablet is stolen
RPO
SLE
MTBF
RTO
ALE
SLE, Singletary loss expectancy
Losing a device
A team in the security department is responsible for scanning and exploiting vulnerabilities on the company network
Blue
White
Purple
Green
Red
Red
A Linux admin is downloading an updated version of her Linux distribution. The download site shows a link to the ISO and SHA256 hash value. Which describes the use of the hash value?
Verified the file was not corrupted during file transfer
Provides a key for decrypting the ISO download
Authenticates the site as an official ISO distribution site
Confirms that the file does not contain any malware
Verified the file was not corrupted during file transfer
Attackers ability to reconnect to a compromised host is what part of kill chain process?
Persistence
Weaponization
Reconnaissance
Pivoting
Persistence
Banner grabbing
Probing a server to elicit a response to identify the server application and version number or how server is configured
Arp is an easily configurable backdoor
False, Netstat
X.509 links the identity of a user to a public key, while PGP links the identity to a private key
False
Verification is a stage in a key’s life cycle
False
Guaranteeing the identity of e commerce sites and the other websites that gather and store confidential information is the purported of what?
CA
Server certificates
RA
Root CA
Server certificate
All certificates use PEM which converts information into binary
False, DER (distinguished encoding rules)
PGP is under what kind of model?
GPG
Web of trust
Hierarchical
Chain of trust
Web of trust
Tokens can be allowed to continue without expiring in HTOP
True
Key stretching
Putting initial key through thousands of rounds of hashing
Provide google credentials and can simultaneously log into Twitter because they have a trusted network between the 2 is federated
True
Access control model that is not rule based
Rbac
Mac
ABAC
Dac
Dac
Access model that is strict and inflexible, contains labels similar to security clearances
Mac
Access model that is complex for defining rules that allow or deny access
Rbac
Dac
ABAC
Mac
ABAC
X.500
Principle directory standard
Way of binding an ldap(SMTP, or IMAP) directory server with client and server agreeing upon mutually supported security mechanism
Open auth
Sasl
Ldaps
Saml
Sasl (simple authentication and security layer)
Allows client and server applications to authenticate each other
Saml tokens are written in what?
X.500
Active Directory is a database stored on one or more servers called this
Domain controllers
Su
Linux command that allows you to gain access while logged into your normal user account
This is executed in the hosts memory and cpu but not installed to a local disk
Hotp
Totp
Persistent agent
Dissolvable agent
Dissolvable agent
duplicates data for FT (mirroring)
Raid 1
Raid 0
Raid 5
Multiple raids
Raid 1
requires additional disk for redundancy
Raid 5
Raid 1
Raid 3
Raid 0
RAID 5
Sneaky friend adds special tools to a programs room without program knowing and can change how the program works
DLL Injection
What weakness is exploited in a MD5 hash?
Collision
What is a problem with symmetric encryption?
Difficult to maintain secure distribution and storage of key
Public key can’t be use to decrypt private key
Private key can’t decrypt public key
A lot of computing overhead
Difficult to maintain secure distribution and storage of key
Asymmetric key is faster than symmetric
False
CTR and GCM allow block ciphers to behave like stream ciphers
True
GCM
Type of ctr mode and combines cipher text with messages authentication code GMAC similar to HMAC
Functions like a stream cipher, each block is combined with a nonce (non repeating) counter value
CTR
CBC applies same key to each plaintext block
False, ECB
CBC improves ciphertext integrity with IV to first plaintext block to ensure the key produces a unique ciphertext from plaintext
This means a key should not be derivable from the ciphertext
Diffusion
Obstruction
Confusion
Masking
Confusión
Diffusion
If one bit of the plaintext is changed, many bits in cipher text should change is what?
What ensures identical plaintext’s produce different ciphertext a?
Iv, salt, nonce
Digital envelopes
Used both symmetric and asymmetric encryption
Used crypto algorithms to generate unique value from file contents. If file changed so does this
Checksum
A stream cipher is padded to the correct size if there is not enough data in the plain text
False, block cipher
the state when data is present in volatile memory, like RAM or CPU register is what type of data?
Data in use
Having am the same public key as someone but a different private key is what encryption?
Asymmetric
Crypto hash algorithm produces a fixed length string from a variable length string
Collision
Checksum
Passed hash
Message digest
Message digest
a special box that helps keep your toys organized and safe.
you play with your toys (which are like apps or programs), the box makes sure your toys are being used safely. It checks who is playing with them, makes sure they’re being used in the right way, and keeps an eye out for any problems or things that shouldn’t happen. Is what?
API
CASB
SWG
XSS
CASB
Just like your toy box helps keep your toys safe and organized, a CASB helps keep computer programs and apps safe when they are used on the internet or in the cloud.
gatekeeper/super hero for the computer that keeps you safe when you go online to play games/watch videos.
So, when you want to go on the internet (like going to a playground), the superhero gatekeeper stands at the entrance. It checks everything you want to do on the internet to make sure it’s safe and good for you. It helps stop any bad stuff from getting to your computer, like mean bugs or things that might make your computer sick.
SWG (next gen secure web gateway)
Just like a superhero protects a city, the SWG helps protect your computer when you’re playing and exploring things on the internet.
X.509 links identity to a private key
False, public
PGP for private
Purpose for which a certificate was issued
Standard extensions
RA informs user whether a certificate is valid, revoked or suspended
False, they are only for registration process
These are like extra labels you add to a treasure map (CA) to give more details on the information it’s protecting is extensions
Extensions
Like an ID cards helps people know who you are/can trust you. This helps computers and programs trust each other with these types of certificates (ID’s)
X.509
a special robot is very good at noticing and understanding what’s going on in the moment. It’s like when you’re playing a game, and you quickly notice if someone joins in or if the game rules change. Is what?
Instance awareness
– that’s being instance aware, just like the smart toy robot that knows what’s happening around it.
helps computers and devices connect to and access things stored in the cloud (like data or applications) without having to physically be where those things are located. It creates a magical connection that allows you to reach and use cloud stuff from wherever you are, just like the magic door on your backpack brings your toys to you!
API
VPC
Netflow
Sfix
Virtual private cloud endpoints
System or technology’s ability to stay up and running for a long time without interruption
Highly available
Gaining administrative access to system files and settings that are usually restricted in order to modify os, install custom software etc for greater control and customization of device
Rooting/jailbreaking
Su
Linux command that allows you to gain root access while logged into your normal user account
Removing all data from mobile device, always have a backup is what?
Remote wipe
Instead of authenticating with just a password, this authentication adds additional information like location, device info, time of access, behavior pattern and network information to be able to sign in
EV
Rbac
PAM
Context aware authentication
Context aware authentication
Bad person puts bad code into a website and when you visit it bad things happen to your computer. Like a diary for friends that someone writes mean things
Cross site scripting/xss attack
Used in wireless networks and PPP connections. It is a framework for standards on different methods of authentication
L2tp
EAP
SASL
Ipsec
EAP
Your computer wants to connect to a Wi-Fi network or another computer, it does a secret handshake with the network or the other computer. This helps in making this handshake more secure by creating a safe tunnel for the handshake to happen. It’s like having a secret passage where only the right computers can go through is eap-fast
True
is like a digital backpack where you can keep secret keys, certificates, and other important stuff for your computer. It helps keep everything safe and organized so only the right people can use them is PKCS #12
True
is like a digital envelope for messages. It helps keep information secure when it’s sent from one place to another on the internet. It’s like putting your message in a special, locked box so only the person you want to open it can read it.
SWG
PKCS #7
Mail gateway
API
PKCS #7
These attacks bypass maximum failed login restrictions
Rainbow table
An attacker compromises a public CA and issues unauthorized X.509 certificates for Company.com. In the future, Company.com wants to mitigate the impact of similar incidents. Which of the following would assist Company.com with its goal?
Cert. with EV
Cert. pinning
Cert. chaining
Cert. stapling
Certificate pinning
What is the term used to describe the process of validating a digital certificate by verifying a chain of trust through a series of certificates?
Certificate chaining
What is the term for the practice where a web server provides a digital certificate directly to a client, rather than the client retrieving it from a certificate authority during the TLS/SSL handshake?
A) certificate pinning
B) Certificate Chaining
C) Certificate Stapling
D) eap-fast
Certificate stapling
What security practice involves associating a specific digital certificate with a particular server or service, allowing client applications to verify the server’s authenticity by checking if the presented certificate matches the pre-configured one?
A) Certificate EV
B) Certificate stapling
C) Certificate Pinning
D) OSCP stapling
Certificate pinning
What type of digital certificate provides additional verification steps beyond basic domain ownership, often including thorough validation of the requesting entity’s legal identity and business details?
A) DV certificate
B) CSR
C) RA
D) Certificate EV
Certificate with Extended Validation
A security analyst is reviewing an assessment report that includes software versions, running services, supported encryption algorithms, and permission settings. Which of the following produced the report?
Nmap
Vulnerability scanner
IP Scanner
TLS Inspection
Vulnerability scanner
Port,/network/vulnerability scanning, banner grabbing, fingerprinting, social engineering and packet sniffing are examples of what?
Active reconnaissance
A systems administrator found a suspicious file in the root of the file system. The file contains URLs, usernames, passwords, and text from other documents being edited on the system. Which of the following types of malware would generate such a file?
Keylogger
A security administrator wants to implement a company-wide policy to empower data owners to manage and enforce access control rules on various resources. Which of the following should be implemented?
Rbac
Mac
ABAC
Dac
Dac
Which encryption program is commonly used for securing emails and files by providing a method for end-to-end encryption and digital signatures?
PGP
Which of these would best describe the use of a nonce?
-Information is hidden inside of an image
-Information encrypted with a public key is decrypted with a private key
-Prevents replay attacks during authentication
-The sender of an email can be verified
-Prevents replay attacks during authentication
A system administrator is implementing a fingerprint scanner to provide access to the data center. Which of these metrics would be the most important to minimize so that unauthorized persons are prevented from accessing the data center?
You Answered
TOTP
HOTP
FAR
FRR
False Acceptance Rate
Which set of security standards is designed to ensure that all companies that accept, process, store, or transmit credit card information maintain a secure environment?
PCI DSS
What is the term for activities undertaken to prevent, detect, and respond to intelligence activities conducted by adversaries or competitors against an organization or government?
CI
Focus on key threat activity for a domain
Strategic intelligence
Swap/pagefile
In computer systems, what is the term used for a reserved space on the hard drive that is used as virtual memory when the physical RAM is fully utilized?
What term is commonly used to refer to a set of documented procedures and steps that system administrators or operators follow to perform routine operational tasks and address common issues in an IT environment?
A) CI
B) playbook
C) Runbook
D) continuous deployment
Runbook
Playbook
What term is commonly used to describe a documented set of strategies, actions, and procedures that are planned and organized in advance for a specific purpose, often used in cybersecurity incident response?
Which framework provides a knowledge base of tactics and techniques used by adversaries in the cybersecurity domain, offering a comprehensive resource for understanding, preventing, and mitigating cyber threats?
Mitre attack
Which framework provides a set of guidelines and best practices for improving the cybersecurity posture of an organization, with a focus on risk management and a lifecycle approach to managing information security?
A) ISO/IEC 27001
B) PCI DSS
C) NIST Framework
D) COBIT
Nist framework
Which model is commonly used in cybersecurity to analyze and understand cyber threats by considering four key elements: adversaries, infrastructure, capabilities, and victim organizations?
Diamond Model of Intrusion Analysis
STIX/TAXI Model
commonly used in cybersecurity to standardize the exchange of threat intelligence information, providing a structured language and transport mechanism for sharing information about cyber threats
Which document from the National Institute of Standards and Technology (NIST) provides guidance on how organizations can effectively respond to and recover from computer security incidents?
B) NIST SP800-61
Which forensic imaging tool is commonly used for creating forensic images of digital devices, allowing investigators to capture and analyze data from storage media in a forensically sound manner?
Ftk imager
Which forensic tool is often used for computer forensics and data recovery, providing features such as disk editing, data interpretation, and file recovery in a hexadecimal and ASCII visualization?
Winhex
Dd
Which command-line tool is commonly used in Unix-like operating systems for copying and converting data, often used in forensic imaging to create bit-for-bit copies of disks or partitions?
Which open-source software toolkit is commonly used for implementing the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, providing encryption, decryption, and other cryptographic functions for secure communication over a computer network?
Open ssl
Chmod
In Unix-like operating systems, what command is used to change the permissions of a file or directory?
Which command-line tool is commonly used for network testing and packet crafting, allowing users to send custom ICMP, UDP, or TCP packets to a target host for network analysis and troubleshooting?
HPing
Which version of the tools is an extended and improved version, offering additional features for network testing and packet crafting, including support for various protocols and sophisticated packet manipulation capabilities?
Hping3
organizational structure of a Public Key Infrastructure (PKI) where multiple levels or tiers of Certificate Authorities (CAs) are arranged with each level providing a different level of trust and validation?
C) Hierarchical PKI
Which PKI (Public Key Infrastructure) model relies on the concept of users personally verifying the identities of others and vouching for the authenticity of their public keys, creating a decentralized and trust-based network?
A) Hierarchical PKI
B) 2 way trust PKI
C) Web of Trust PKI
D) Federated PKI
C) Web of Trust PKI
What is the primary purpose of a Public Key Infrastructure (PKI) in computer security?
A) To manage passwords
B) To encrypt files
C) To establish secure communication and verify the identities of users or entities
D) To monitor network traffic
C) To establish secure communication and verify the identities of users or entities
In a network security context, what is the primary function of a jump server or jump host?
A) To host website content
B) To facilitate secure communication between two networks
C) To jump between different Wi-Fi networks
D) To manage email communication
B) To facilitate secure communication between two networks
What does passive monitoring refer to in the context of network security?
A) intercepting and modifying data traffic
B) Monitoring network traffic without interacting with data
C) Initiating automated security scans on network devices
D) Blocking incoming traffic from specific IP addresses
B) Monitoring network traffic without actively interacting or altering the data
What is the primary benefit of using OCSP Stapling in the context of web security?
A) Faster web page loading times
B) Improved server authentication
C) Enhanced data encryption
D) More efficient DNS resolution
A) Faster web page loading times
In cryptography, what does the term “key escrow” refer to?
A) Storing cryptographic keys in a secure physical vault
B) Backing up cryptographic keys to a secure cloud storage
C) Providing a trusted third party with a copy of the encryption keys
D) Changing cryptographic keys periodically for added security
C) Providing a trusted third party with a copy of the encryption keys
In the realm of cryptography, what term describes a set of rules used for encoding and representing data structures in a binary format, often utilized in the encoding of digital certificates?
A) PKCS #12
B) CER
C) PEM
D) DER
Distinguished Encoding Rules
You’re working with a secure email system that uses a format for encoding certificates and keys. What term best describes this encoding method, often used for cryptographic purposes in emails and various applications?
Privacy-Enhanced Mail
You’re tasked with securely storing a user’s private key, public key, and potentially additional certificates in a single file format. What standard would you choose for this purpose?
D) PKCS #12
You need to share a digital certificate that only contains the public key and is intended for use in a specific application. What file format would be most suitable for this scenario?
A) DER
B) PEM
C) CER
D) PFX
CER
You’re involved in a project where multiple digital signatures and certificates need to be bundled together for secure transmission. Which file format would you choose to achieve this, ensuring integrity and authenticity of the signatures?
A) PKCS #7
B) PKCS #12
C) PEM
D) CER
A) PKCS #7
You’re setting up security measures for a website where the main concern is ensuring a secure connection and encrypted data transfer. What type of SSL/TLS certificate would be most appropriate for this scenario, considering cost-effectiveness and quick issuance?
A) EV (Extended Validation) Certificate
B) DV (Domain Validation) Certificate
C) SAN (Subjective Alternative Name)
D) Wildcard Certificate
DV
You’re launching an e-commerce website and want to establish a high level of trust with your customers. What type of SSL/TLS certificate would you choose to display a green address bar in web browsers, providing a visual indicator of enhanced security and identity verification?
A) DV
B) EV
C) SAN
D) wildcard
EV
You’re managing a server that hosts multiple websites with different domain names. To secure all these domains with a single SSL/TLS certificate, ensuring compatibility and ease of management, which certificate type would you choose?
A) DV (Domain Validation) Certificate
B) EV (Extended Validation) Certificate
C) Wildcard Certificate
D) Subject Alternative Name (SAN) Certificate
SAN
You’re responsible for securing various subdomains of a website, and you want to simplify certificate management while ensuring all subdomains are protected. What type of SSL/TLS certificate would you choose for this scenario?
A) DV (Domain Validation) Certificate
B) EV (Extended Validation) Certificate
C) SAN (Subject Alternative Name) Certificate
D) Wildcard Certificate
Wildcard
You’re tasked with implementing a robust security strategy for a company that involves generating, distributing, storing, and retiring cryptographic keys. What phase of the key management lifecycle would you focus on when ensuring that keys are securely created and made available for use across various applications and services?
A) Key Generation
B) Key Distribution
C) Key Storage
D) Key Retirement
KG
You’re the IT administrator for a large e-commerce website, and your company needs to secure online transactions. Considering the need for widespread trust and compatibility with major web browsers, which type of certificate authority would you choose to issue SSL/TLS certificates for your website?
A) Private Certificate Authority
B) Self-Signed Certificate Authority
C) Commercial Certificate Authority
D) Public Certificate Authority
CCA
In a large organization with a complex network infrastructure, you want to streamline the process of validating and verifying users before issuing digital certificates. Which entity would you designate to handle the user identity validation process and act as an intermediary between users and the certificate authority?
A) Certificate Authority
B) Registration Authority
C) Certificate Revocation Authority
D) Certificate Repository
RA
You’re responsible for securing access to critical systems within your organization. You want to implement a solution that provides just-in-time privileged access, session recording, and periodic credential rotation for administrators. Which security approach would you choose to achieve these goals?
A) Role-Based Access Control (RBAC)
B) Multi-Factor Authentication (MFA)
C) Privileged Access Management (PAM)
D) Identity and Access Management (IAM)
PAM
You’re responsible for designing a Single Sign-On (SSO) solution for your organization, where users need seamless access to multiple applications. Additionally, you want to ensure secure authentication without the need for storing passwords on each application. What standard would you consider for achieving this SSO functionality?
A) OAuth
B) LDAP
C) SAML (Security Assertion Markup Language)
D) Kerberos
SAML
You’re developing a mobile application that needs to access a user’s social media data without requiring them to share their login credentials. Additionally, you want to ensure that the user has control over the data shared. What authorization framework would you implement for secure and delegated access to the user’s social media account?
A) SAML (Security Assertion Markup Language)
B) JWT (JSON Web Token)
C) OAuth (Open Authorization)
D) Kerberos
OAuth
You’re tasked with enhancing the security of a company’s laptops to protect sensitive data and prevent unauthorized access. What hardware-based security solution would you recommend to store cryptographic keys, secure the boot process, and enable features like full disk encryption on these laptops?
A) USB Token
B) HSM (Hardware Security Module)
C) TPM (Trusted Platform Module)
D) Smart Card
TPM
Your organization has adopted a cloud-first strategy, and employees use various cloud services for collaboration. However, you want to ensure visibility, control, and data security across these cloud applications. What solution would you implement to enforce security policies, monitor user activities, and protect sensitive data in the cloud?
CASB
Your organization is focused on providing a secure and productive web experience for employees. You need a solution that goes beyond traditional web filtering, offering advanced threat protection, real-time content analysis, and user behavior monitoring. Which security solution would you choose to address these requirements for secure web access?
A) IPSEC
B) CASB
C) Next-Gen Secure Web Gateway (SWG)
D) API
SWG
Your organization is hosting critical applications on a cloud platform and wants to establish private and direct connectivity to specific AWS services without using public IPs. You also aim to enhance security by avoiding exposure to the public internet. What AWS feature would you leverage to achieve this secure and private communication?
A) SWG
B) faas
C) Azure
D) Virtual Private Cloud Endpoint
VPC
In the context of Android security, what is the primary role of SEAndroid, and how does it enhance the security posture of the Android operating system?
A) SEAndroid is a kernel-level security module that enforces Mandatory Access Controls (MAC) to restrict app permissions.
B) SEAndroid provides secure boot functionality, ensuring the integrity of the Android system during the boot process.
C) SEAndroid is a runtime encryption technology that protects sensitive data within Android applications.
D) SEAndroid is a secure enclave within the Android framework that handles cryptographic operations for secure communication.
A) SEAndroid is a kernel-level security module that enforces Mandatory Access Controls (MAC) to restrict app permissions.
Your organization encourages employees to use mobile devices for work-related tasks, and you want to ensure secure access to corporate applications and data. However, you also want to maintain separation between work and personal data on employees’ devices. Which mobile security approach would you implement to achieve this balance of security and user privacy?
A) Mobile Device Management (MDM)
B) Mobile Application Management (MAM)
C) Mobile Threat Defense (MTD)
D) Containerization
MAM
Your organization is implementing a wireless network, and you prioritize a secure and efficient authentication method for users connecting to the Wi-Fi. Considering the need for a quick and secure EAP method, especially in environments where certificate-based authentication might be challenging, which EAP method would you choose for this wireless network?
A) EAP-TLS (Extensible Authentication Protocol-Transport Layer Security)
B) EAP-FAST (Extensible Authentication Protocol-Flexible Authentication via Secure Tunneling)
C) EAP-TTLS (Extensible Authentication Protocol-Tunneled Transport Layer Security)
D) PEAP (Protected Extensible Authentication Protocol)
Eap-fast
Your organization is implementing secure Wi-Fi access for employees, and you want a method that provides strong authentication while ensuring ease of deployment. Considering the need for a widely supported and secure EAP method that doesn’t require client-side certificates, which EAP method would you choose for this wireless network?
A) EAP-TLS (Extensible Authentication Protocol-Transport Layer Security)
B) EAP-FAST (Extensible Authentication Protocol-Flexible Authentication via Secure Tunneling)
C) PEAP (Protected Extensible Authentication Protocol)
D) EAP-TTLS (Extensible Authentication Protocol-Tunneled Transport Layer Security)
PEAP
In a corporate environment with a diverse range of devices and operating systems, you need to implement a secure Wi-Fi authentication method that supports a variety of client devices. Additionally, you want to provide a method that allows for the use of username and password without requiring client-side certificates. Which EAP method would you choose for this wireless network?
A) EAP-TLS (Extensible Authentication Protocol-Transport Layer Security)
B) EAP-FAST (Extensible Authentication Protocol-Flexible Authentication via Secure Tunneling)
C) PEAP (Protected Extensible Authentication Protocol)
D) EAP-TTLS (Extensible Authentication Protocol-Tunneled Transport Layer Security)
Eap-ttls
You’re tasked with implementing a secure Wi-Fi network for a residential community, where users have varying levels of technical expertise. You want a password-based authentication method that offers strong security and is resistant to certain types of attacks. What authentication method would you choose to ensure both security and user-friendliness in this scenario?
A) eAP-FAST (Wired Equivalent Privacy)
B) PEAP (Wi-Fi Protected Access - Pre-Shared Key)
C) EAP-TLS (Extensible Authentication Protocol-Transport Layer Security)
D) SAE (Simultaneous Authentication of Equals)
SAE
A copy of traffic is sent to an IDS/IPS
Passive monitoring
In-line monitoring
Out of band response
In band response
Passive monitoring, port mirror network tap
In a network security setup, you want to deploy a monitoring solution that allows real-time analysis of traffic passing through the network, enabling immediate threat detection and response. What type of monitoring would you choose to inspect and analyze network traffic as it flows through the security appliance, ensuring minimal latency in detecting and preventing potential threats?
A) Passive Monitoring
B) Inline Monitoring
C) Out-of-Band Monitoring
D) in band monitoring
In-line monitoring
In an organization where employees need secure access to various web applications, you want to implement a solution that provides additional security layers, including content filtering, authentication, and protection against application-layer attacks. What type of security solution would you deploy to act as an intermediary between users and web applications, offering advanced security features while ensuring seamless access to authorized applications?
A) Firewall
B) VPN (Virtual Private Network)
C) IDS/IPS (Intrusion Detection System/Intrusion Prevention System)
D) Application Proxy
Application proxy
the core component of an operating system that manages resources and facilitates communication between software and hardware?
Kernel
In a secure communication setup, which encryption method allows computations to be performed on encrypted data without decrypting it?
c) Homomorphic encryption
Software-Defined Visibility
provides a centralized and programmable view of network traffic, allowing for enhanced monitoring and analysis
SSRF
In a cybersecurity scenario, an attacker tricks a server into making unintended requests to internal resources. What vulnerability is being exploited?
In the realm of authentication protocols, which mechanism provides a framework for client-server communication, allowing authentication without exposing the user’s password?
a) SSL/TLS
b) OAuth
c) SASL (Simple Authentication and Security Layer)
d) Kerberos
SASL
What is edge access managed primarily through?
Firewall rules
Evaluate operational status of a system or network
Dissolvable agent
Persistent agent
Posture assessment
Health check
Health check
Game operation
Evaluate security or compliance with security policies if a system or device
Dissolvable agent
Persistent agent
Posture assessment
Health check
Posture assessment
In an enterprise environment with a diverse range of devices and operating systems, you want to ensure continuous monitoring and enforcement of security policies, even when devices are off the corporate network. Additionally, you aim to facilitate remote troubleshooting and push security updates seamlessly. What security solution would you implement to achieve ongoing endpoint visibility and control?
Persistent agent
In a guest network environment where temporary and limited access is granted to devices, you want to ensure that security policies are applied without requiring the installation of permanent software on guest devices. Additionally, you aim to provide a seamless and non-intrusive experience for guests. What approach would you choose for enforcing security policies in this scenario?
A) non Persistent Agent
B) Intrusion Prevention System (IPS)
C) Dissolvable Agent
D) Network Segmentation
Dissolvable agent
In a Bring Your Own Device (BYOD) environment where users connect a variety of personal devices to the corporate network, you want to enforce security policies without requiring the installation of agents on every device. Additionally, you aim to streamline the onboarding process for new devices. What NAC approach would you choose for achieving this goal?
A) Persistent Agent
B) Dissolvable Agent
C) Network Segmentation
D) Agentless NAC
Agentless nac
A network administrator has implemented a group of servers that are configured as a unit and work together to provide network services as a means of fault tolerance. In the event of a node failure, the data on one node is made available to another node seamlessly. What is this called?
Clustering
While browsing a website, you come across a form that allows users to submit comments. A friend shares a link to a different website, and when you click it, you notice that it automatically submits a comment on the original site without your knowledge. What security vulnerability is demonstrated in this scenario?
a) Cross-Site Scripting (XSS)
b) Cross-Site Request Forgery (CSRF)
c) SQL Injection
d) Session Hijacking
CSRF
You’re sending a sensitive file to your colleague, and you want to ensure that the file’s integrity is maintained during transit. Which cryptographic technique would you employ to generate a fixed-size string (hash) unique to the file’s content, allowing your colleague to verify its integrity upon receipt?
Message digest
You discover that an attacker has gained unauthorized access to your network and obtained hashed password values. Instead of cracking the actual passwords, the attacker tries to use the obtained hashes to authenticate to various services. What type of attack is the intruder attempting?
Pass the hash
You’re working on automating tasks within a Microsoft Office application, such as Excel or Word. Which programming language is specifically designed for this purpose, allowing you to write macros and automate repetitive actions within the Office suite?
VBA
NGFW’s are network based firewalls
True
Ips, content filtering, control traffic flow based on apps like YouTube etc
Your company’s website is experiencing an increase in malicious traffic and attempted SQL injection attacks. To enhance security, you decide to implement a protective barrier that filters and monitors HTTP traffic between your web application and the internet. What security measure are you likely to deploy?
WAF
Validates DNS responses
DNSSEC
Original authentication, data integrity with Public Key Crypt, signed by trustee 3rd party
A sneaky person tricks a website to having something on the web page it shouldn’t when people visit. Like a mirror that shows cute animals but a fairy instead changes it to show toys
Non persistent XSS attack
IOS devices take less time to update than android
True
Ally has an application on her phone for a particular store she often visits. The app has a feature that turns on as soon as she walks into the store, showing her information on her past purchases, weekly sales, product suggestions, and more. The feature relies upon GPS positioning, creating a sort of virtual boundary based on real-world geography. What is this technique called?
Geofencing
GPS tagging
Ips services
Geolocation
Geofencing
Your company has a workforce that operates remotely from various locations. Employees need secure access to internal resources such as file servers and company applications. Considering the importance of providing secure remote access without the need for specialized client software and the need for broad device compatibility, which VPN technology would you implement for this scenario?
A) IPsec VPN
B) MPLS VPN
C) SSL VPN
D) PPTP VPN
SSL VPN
In a modern workplace where employees use a mix of devices, including laptops, tablets, and smartphones, you’re tasked with implementing a VPN solution that provides secure access to internal resources. Your goal is to ensure accessibility from any device without requiring specific client installations. What VPN technology would be most suitable for achieving this device-agnostic and user-friendly secure access?
A) IPsec VPN
B) MPLS VPN
C) SSL VPN
D) HTML5 VPN
HTML5 VPN
During a security assessment, an attacker manipulates user input in a web application, causing the system to misinterpret data and potentially leading to unauthorized access. What is the specific term for this security threat?
XML injection
Monitor the server load and distribute to the server with lowest use is weighted round Robin
False, dynamic round Robin
Weighted prioritizes the server use
In a large-scale cloud environment, your organization is managing multiple virtual machines to support critical applications. To enhance performance and optimize resource allocation, you want to ensure that certain VMs consistently share the same physical host. What cybersecurity concept would you leverage to achieve this specific placement and minimize potential security risks?
Affinity rules
Primary configuration database for windows, hierarchical, shows a before and after changes
Registry
In a corporate environment where sensitive data is stored on laptops and mobile devices, you want to implement a security measure that ensures the confidentiality of data, especially in the event of device loss or theft. What solution would you deploy to encrypt the entire contents of the storage drive, protecting the data from unauthorized access even if the physical device falls into the wrong hands?
A) Antivirus Software
B) Network Firewall
C) Full Disk Encryption (FDE)
D) Intrusion Detection System (IDS)
FDE
In an organization where data security is a top priority, you’re responsible for managing a fleet of laptops and storage devices. Given the need to protect sensitive information at rest, what technology would you choose to ensure that the data stored on these devices is automatically and transparently encrypted, without relying on additional software or user intervention?
A) homomorphic encryption
B) FDE
C) SED
D) File-Level Encryption
SDE, Self-Encrypting Drives
In an enterprise setting with a focus on securing stored data on client devices, you want to deploy a solution that provides hardware-based encryption and seamless integration with existing management systems. Your goal is to enhance data security and maintain centralized control over encryption policies. What technology would you implement for encrypting data on storage devices, ensuring compatibility with enterprise management tools?
A) BitLocker
B) Opal Storage
C) VeraCrypt
D) FileVault
Opal storage
In the development lifecycle of a critical software application, the security team wants to identify potential vulnerabilities by subjecting the application to a variety of unexpected and invalid inputs. The goal is to discover and address any weaknesses in the application’s input handling. What technique would the security team most likely employ for this purpose?
A) Penetration Testing
B) Static Code Analysis
C) Threat Modeling
D) Fuzzing
Fuzzing
In the development lifecycle of a critical software application, the security team wants to identify potential vulnerabilities by subjecting the application to a variety of unexpected and invalid inputs. The goal is to discover and address any weaknesses in the application’s input handling. What technique would the security team most likely employ for this purpose?
A) Penetration Testing
B) Static Code Analysis
C) Threat Modeling
D) Fuzzing
Static code analysis
In a corporate environment where data security and system integrity are paramount, you want to implement a solution that ensures the secure boot process of devices and protects cryptographic keys used for disk encryption. Additionally, you aim to enhance the overall security posture of the organization’s computing infrastructure. What hardware-based security measure would you deploy to achieve these goals?
A) Hardware Security Module (HSM)
B) Secure Boot
C) Intrusion Detection System (IDS)
D) Trusted Platform Module (TPM)
TPM
HSM focuses on cryptographic operations and key management/is a standalone device. TPM focuses on secure platform with secure boot and is integrated on multiple devices
True
In an organization where data integrity and system security are paramount, you’re tasked with implementing measures to prevent the execution of unauthorized or tampered code during the startup process. Additionally, you want to ensure that only trusted firmware and operating system components are loaded. What technology or process would you implement to achieve a secure and trustworthy boot sequence in this scenario?
A) Digital Signatures
B) Virtual Private Network (VPN)
C) Trusted Platform Module (TPM)
D) Secure Boot
Secure boot
In a high-security environment where protecting against advanced persistent threats and unauthorized system modifications is critical, you need a mechanism that verifies the integrity of the entire boot process, including the BIOS/UEFI firmware and the operating system. What security feature would you deploy to ensure that the system only boots from a known and trusted state, helping to prevent compromise from the early stages of system startup?
A) boot integrity
B) Measured boot
C) Secure Boot
D) Trusted Boot
Trusted Boot
In a highly regulated industry where compliance with stringent security standards is mandatory, you need to implement a solution that not only verifies the integrity of the system during boot but also generates a secure record or log of the boot process. This record will be crucial for audit trails and compliance reporting. What technology would you deploy to ensure a comprehensive and verifiable measurement of the entire boot sequence?
A) Secure Boot
B) Intrusion Prevention System (IPS)
C) Measured Boot
D) Endpoint Detection and Response (EDR)
Measured boot
In a large enterprise where protecting against advanced threats and rapidly responding to potential security incidents are top priorities, you want a solution that provides real-time visibility into endpoint activities, enables threat detection, and allows for swift response actions. What security technology would you deploy to enhance your organization’s ability to detect and respond to security incidents at the endpoint level?
A) Firewall
B) Antivirus Software
C) Virtual Private Network (VPN)
D) Endpoint Detection and Response (EDR)
EDR
Endpoint detection and response primarily looks at signatures for detecting threats
False, it does but also looks at other types like behavioral and machine learning
n a scenario where an organization relies on cryptographic hash functions for data integrity verification, an attacker aims to find a collision—a situation where two different inputs produce the same hash value. The attacker is specifically looking for a point where the collision probability becomes surprisingly high. What type of attack is the adversary attempting in this situation, and why is it called that?
A) Brute Force Attack
B) Birthday Attack
C) Man-in-the-Middle Attack
D) Denial-of-Service Attack
Birthday attack
In a network security environment where an Intrusion Detection System (IDS) is in place to analyze network traffic for malicious patterns, an attacker is attempting to manipulate or obfuscate the network packets to avoid detection. The goal is to deliver a payload or execute malicious actions while bypassing the detection mechanisms. What type of attack is the adversary engaging in, and what is the primary objective of this technique?
A) Spoofing Attack
B) Evasion Attack
C) Phishing Attack
D) Denial-of-Service (DoS) Attack
Evasion attacks
In a web application where users can input comments and interact with dynamic content, an attacker identifies a vulnerability that allows injecting malicious scripts into the comments section. The scripts execute within the browsers of other users who view the comments. What type of attack is the adversary exploiting, and what is the potential impact of this attack on the affected users?
A) Cross-Site Request Forgery (CSRF)
B) SQL Injection Attack
C) Cross-Site Scripting (XSS)
D) Man-in-the-Middle (MitM) Attack
XSS
In an online forum where users can share links and discuss various topics, an attacker crafts a malicious link containing a script. The attacker then tricks a user into clicking on the link. When the user clicks the link, the script executes in the context of the user’s browser. What type of Cross-Site Scripting attack is demonstrated in this scenario, and why is it considered “non-persistent”?
A) Stored XSS Attack
B) DOM-Based XSS Attack
C) Non-Persistent (Reflected) XSS Attack
D) Self-XSS Attack
Non persistent XSS attack
In a non-persistent XSS attack, the malicious script is delivered to the victim as part of a crafted URL or input, and it is not stored permanently on the target server. The script is reflected back to the user without being saved on the server, making it non-persistent. The attack relies on tricking users into clicking on specially crafted links or interacting with manipulated input fields.
True
In a persistent (stored) XSS attack, the malicious script is permanently stored on the target server, often within a database or another storage mechanism. The script is then served to users whenever they view the affected content, making it more dangerous as it can impact multiple users over an extended period. In this scenario, the injected script in the comment section can affect anyone who views that specific blog post
True
In a popular online blogging platform where users can create and share posts, an attacker discovers a vulnerability that allows them to inject a malicious script directly into the comment section of a blog post. The injected script becomes part of the permanently stored content. What type of Cross-Site Scripting attack is the adversary exploiting in this scenario, and how does the persistent nature of the attack affect potential victims?
A) Non-Persistent (Reflected) XSS Attack
B) DOM-Based XSS Attack
C) Persistent (Stored) XSS Attack
D) Self-XSS Attack
Persistent XSS attack
In a Windows-based environment with a client-server application, an attacker gains access to a user’s computer and identifies a vulnerability in a legitimate application that loads dynamic link libraries. The attacker exploits this vulnerability to inject a malicious this into the memory space of the target process. What type of attack is the adversary conducting?
A) SQL Injection Attack
B) Cross-Site Scripting (XSS) Attack
C) DLL Injection Attack
D) Man-in-the-Middle (MitM) Attack
DLL injection
In a DLL injection attack, an attacker injects a malicious DLL into the address space of a running process. This technique is often used to execute arbitrary code within the context of a trusted application, potentially leading to unauthorized access, data theft, or further exploitation of the compromised system. In this scenario, the injected DLL could manipulate the behavior of the legitimate application, allowing the attacker to control or monitor the affected process.
True
In a scenario where an e-commerce website handles sensitive customer information and experiences frequent web application attacks, the security team is tasked with implementing a solution to protect against common web exploits. What security technology would be most effective in inspecting and filtering HTTP traffic, blocking malicious requests, and preventing attacks such as SQL injection and cross-site scripting (XSS) on the website?
A) IPS
B) IDS
C) SWG
D) (WAF
Web Application Firewall
In a secure communication system, an organization is transmitting sensitive data over a network using a block cipher. To enhance the confidentiality of the transmitted information, the security team decides to implement a mode of operation that XORs each plaintext block with the previous ciphertext block before encryption. What cryptographic mode is being employed to achieve this chaining effect, and why is it chosen for this scenario?
A) Electronic Codebook (ECB)
B) Cipher Block Chaining (CBC)
C) Counter (CTR) Mode
D) Galois/Counter Mode (GCM)
CBC
CBC mode, each plaintext block is XORed with the previous ciphertext block before encryption. This chaining effect adds an extra layer of security, making it more resistant to certain attacks, such as pattern recognition in identical plaintext blocks. CBC is a commonly used mode of operation for block ciphers in situations where chaining is beneficial
Trye
In a corporate environment that extensively uses Microsoft Office applications, a team of employees needs to automate repetitive tasks in Excel, such as data manipulation and report generation. The goal is to enhance efficiency and accuracy in their workflows. Which programming language, often integrated into Microsoft Office applications, would be most suitable for creating custom macros and automating tasks in this scenario?
A) Python
B) SQL
C) VBA
D) Java
VBA
In a company where secure access to sensitive systems and applications is crucial, the IT department is implementing a multi-factor authentication solution. The team wants to ensure that even if a password is compromised, an additional layer of time-sensitive authentication is in place. What technology would they likely incorporate into their authentication process to generate temporary codes that expire after a short duration, providing an additional layer of security?
A) SMS-based One-Time Passwords (OTP)
B) Biometric Authentication
C) Time-based One-Time Password (TOTP)
D) Hardware Token
TOTP
In a highly secure online banking application, the development team is implementing a two-factor authentication mechanism to enhance account security. They want to ensure that each authentication code is unique and verifiable, with a focus on counter-based synchronization. What technology would they likely choose to generate one-time passwords that are based on a secret key and a counter, providing a strong and time-independent authentication method?
A) Time-based One-Time Password (TOTP)
B) Biometric Authentication
C) HMAC-based One-Time Password (HOTP)
D) SMS-based One-Time Passwords (OTP)
HOTP
In a biometric authentication system deployed at a high-security facility, the management is concerned about the risk of unauthorized access. They want to evaluate the system’s performance in terms of mistakenly accepting an impostor. What metric would the security team measure to assess the system’s likelihood of incorrectly granting access to someone who is not the legitimate user?
A) True Acceptance Rate (TAR)
B) False Rejection Rate (FRR)
C) False Acceptance Rate (FAR)
D) Genuine Acceptance Rate (GAR
FAR
In an access control system where employees use fingerprint biometrics to gain entry to a secure facility, the security team is concerned about instances where legitimate users are incorrectly denied access. What metric would the security team focus on to measure the frequency of rejecting valid users, and how would they refer to this metric?
A) True Acceptance Rate (TAR)
B) False Acceptance Rate (FAR)
C) False Rejection Rate (FRR)
D) Genuine Acceptance Rate (GAR)
FRR
In a biometric identification system used for employee authentication in a corporate setting, the security team is evaluating the system’s overall performance. They want to find the point where the rates of false acceptance and false rejection are equal. What specific metric would they use to determine this equal error rate, and why is it important for optimizing the system’s accuracy?
A) True Acceptance Rate (TAR)
B) False Acceptance Rate (FAR)
C) False Rejection Rate (FRR)
D) Crossover Error Rate (CER)
CER
Striping without parity. High performance, no fault tolerance. In a media production company where high-performance is critical for video editing workflows, the IT team is tasked with configuring storage for a new server. The primary requirement is to achieve maximum data transfer speeds and storage capacity. What RAID level would be most suitable for this scenario, considering that redundancy is not a priority, and the focus is on maximizing storage performance?
A) RAID 1
B) RAID 5
C) RAID 0
D) RAID 10
RAID 0
Mirroring. Duplicates data for fault tolerance, but requires twice the disk space. In a business environment where data redundancy and fault tolerance are of utmost importance, a company wants to ensure that critical files and applications are protected against disk failures. What RAID level would the IT team likely choose to provide mirroring of data, offering an exact copy of each disk in the array and the ability to continue operations even if one disk fails?
A) RAID 0
B) RAID 1
C) RAID 5
D) RAID 10
RAID 1
With Parity. Faul Tolerant, only requires an additional disk for redundancy. In a corporate server environment where both data redundancy and optimized storage capacity are crucial considerations, the IT team is tasked with configuring a storage solution. The goal is to provide fault tolerance and maintain data accessibility even in the event of a single drive failure. What RAID level would be most suitable for achieving these objectives while maximizing storage efficiency?
A) RAID 1
B) RAID 0
C) RAID 5
D) RAID 10
RAID 5
In an enterprise setting where both performance and fault tolerance are paramount, the IT team is planning the storage infrastructure for a mission-critical database server. The team wants to ensure a balance between high data transfer speeds and redundancy. What RAID configuration would be a suitable choice, allowing for striping and mirroring, and providing fault tolerance by creating a mirrored set of striped disks?
A) RAID 0+1
B) RAID 1+0
C) RAID 5+1
D) RAID 10
RAID 1 + 0
This raid type combines RAID methods to increase redundancy
Múltiple RAID types
In a secure communication system where resource efficiency and strong encryption are key considerations, a company is implementing a new cryptographic algorithm for securing sensitive data during transmission. The goal is to achieve high-level security with smaller key sizes, reducing computational overhead. What cryptographic algorithm would be a suitable choice for this scenario, offering a higher level of security with shorter key lengths compared to traditional methods like RSA?
A) RSA
B) Diffie-Hellman
C) Elliptic Curve Cryptography (ECC)
D) AES
ECC
In a real-time communication application where low latency and efficiency are critical, the development team is looking for a symmetric key encryption method that can encrypt and decrypt data on the fly. The application involves the continuous streaming of data, and the team wants a solution that allows for efficient processing without the need to buffer large blocks of data. What type of encryption algorithm would be most suitable for this scenario?
A) Block Cipher
B) Asymmetric Key Encryption
C) Stream Cipher
D) Elliptic Curve Cryptography (ECC)
Stream cipher
In a secure file storage system where data is stored in fixed-size blocks, the development team is tasked with implementing a symmetric key encryption method to protect the confidentiality of each block. The goal is to ensure that each block of data is individually encrypted and decrypted. What type of encryption algorithm would be most suitable for this scenario, providing a systematic approach to secure each fixed-size block of data independently?
A) Stream Cipher
B) Asymmetric Key Encryption
C) Block Cipher
D) Elliptic Curve Cryptography (ECC)
Block cipher
In a scenario where a company is encrypting large volumes of identical data blocks independently for storage, the development team is considering different encryption modes. They want a simple and straightforward approach where each block is encrypted individually without any dependencies on other blocks. What encryption mode would be most suitable for this scenario, offering ease of implementation and parallel processing for encrypting and decrypting each block independently?
A) Cipher Block Chaining (CBC)
B) Electronic Codebook (ECB)
C) Counter (CTR) Mode
D) Galois/Counter Mode (GCM)
ECB
In a secure communication system where confidentiality is crucial, a company is transmitting sensitive data over a network. The development team wants to ensure that each block of data is dependent on the previous block during encryption, adding an extra layer of security. What cryptographic mode would be most suitable for this scenario, providing a chaining effect that helps prevent certain types of attacks, such as pattern recognition in identical plaintext blocks?
A) Electronic Codebook (ECB)
B) Cipher Block Chaining (CBC)
C) Counter (CTR) Mode
D) Galois/Counter Mode (GCM)
CBC
In a software development project, a team is reviewing code for potential vulnerabilities. They come across a section where a pointer is accessed without being properly initialized, leading to a situation where it points to memory location zero. What type of software vulnerability is the team identifying, and why is it considered risky in terms of system stability and security?
A) Buffer Overflow
B) Cross-Site Scripting (XSS)
C) Null Pointer Dereference
D) SQL Injection
Null pointer dereference
Null pointer dereference occurs when a program attempts to access or manipulate data through a pointer that has not been initialized (i.e., it points to a null or invalid memory location). This can lead to crashes, unexpected behavior, and potentially open avenues for attackers to exploit the application
True
Adding different input and output to data for randomization. If 2 identical bits are put in then it’s a 0. If 2 different bits then it is a 1
XOR
is when rate of false rejections and false acceptance are equal
Crossover error rate (CER)
Best method to handle input validation?
Fuzzing
encrypts your message bit by bit, with each bit’s transformation depending on the previous ones and the secret key stream. It’s like a magical dance that only you and your friend know, keeping your message safe from prying eyes!
Block cipher
GCM
Stream cipher
IV
a stream cipher
is putting data into usually 128 bits in a block and encrypting each block with complex math equations unless you have the symmetric key
Block cipher
Electronic Codebook (ECB) is a mode of operation for block ciphers where each block of plaintext is independently encrypted using the same key. The key remains constant for all the blocks. This simplicity in applying the same key to each block makes ECB straightforward, but it has certain vulnerabilities
True
is a mode of operation for block ciphers. It turns a block cipher into a stream cipher, allowing the encryption of individual bits or bytes of plaintext independently. The basic idea is to use a counter value as an input to the block cipher, generating a stream of pseudorandom bits that can be XORed with the plaintext to produce the ciphertext. The counter is incremented for each block, ensuring uniqueness and avoiding the weaknesses associated with modes like Electronic Codebook (ECB
CTR
Order of volatility from most
-CPU register/cache
-Router table, arp cache, kernel stats, memory
-temporary systems
-disk
-remote logging and monitoring data
-physical configuration, network topology
-archival media
In essence, elasticity is about adapting in real-time to fluctuating demand, while scalability is about designing a system’s capacity to handle growth over the long term
True
Which below is a data steward not responsible for?
Compliance
Accuracy
Privacy
Security
It is responsible for all,
Associates sensitivity labels to data
Tests controls in place at a particular point in time
Type I audit
Type II at least 6 consecutive months
Admissibility
evidence or information may be considered if it meets the criteria set by legal rules and is allowed to be presented in court.
It is a legal requirement that prevents the destruction, alteration, or deletion of potentially relevant information, ensuring its integrity and availability for legal proceedings
Legal hold
What is the incident response lifecycle?
-Preparation
-Detection and analysis
-containment, eradication, and recovery
-post incident activity
protocol used in public key infrastructure to determine the revocation status of an SSL/TLS digital certificate. web server itself periodically contacts this server, obtains the status, and attaches that status to its own certificate
Online Certificate Stapling process
Hashing a hashed password multiple times through
Key stretching
Bios provides software security
True,
Secure boot specifically
A boot loader verifying a digital signature of the OS kernel is what
Secure boot
Trusted boot
Boot integrity
Measured boot
Trusted boot
Calculates if changes happened on OS, stores hash, boot drivers and everything else loaded prior in the process, includes remote attestation for a report to verification server
Boot integrity
Secure boot
Measured boot
Trusted boot
Measured boot
Took user by network admins to create connections between 2 machines
Netcat
Access control that allows users to assign permissions
Dac
What requires both server and client certificates?
Eap-tls
Non transitive trust is if A trusts B, and B trusts C, then A would trust C also
False, transitive
Non transitive would mean A only trusts B, even if B trusts C, A would not trust C
CSR
Cert signing request
When you provide a public key to the certificate authority (CA) to be signed
Securely taking with customers on a scheduled conference call would use what protocol?
SRTP
Securely synchronizes the time across all of your devices and port number
NTPsec
123
Port 389
LDAP
636 is secure
.security administrator, is concerned about the potential for data exfiltration using external storage drives. Which of the following would be the BEST way to prevent this method?
A. Create an operating system security policy to prevent the use of removable media
B. Monitor removable media usage in host-based firewall logs
C. Only allow applications that do not use removable media
D. Define a removable media block rule in the UTM
C. Only allow applications that do not use removable media
IPS at your company has found a sharp increase in traffic from all-in-one printers. After researching, your security team has found a vulnerability associated with these devices that allows the device to be remotely controlled by a third-party. Which category would BEST describe these devices?
IoT
RTOS
MFD
SoC
Multifunction device
A security incident has occurred on a file server. Which of the following data sources should be gathered to address file storage volatility? (Select TWO)
Partition data
Kernel statistics
ROM data
Temporary file systems
Process table
Patroon data and temporary file systems are part of file storage subsystem
A security team has been provided with a non-credentialed vulnerability scan report created by a third-party. Which of the following would they expect to see on this report?
A summary of all files with invalid group assignments
A list of all unpatched operating system files
The version of web server software in use
A list of local user accounts
The version of the web server software in use
A security administrator is concerned about data exfiltration resulting from the use of malicious phone charging stations. Which of the following would be the BEST way to protect against this threat?
USB data blocker
A file server has a full backup performed each Monday at 1 AM. Incremental backups are performed at 1 AM on Tuesday, Wednesday, Thursday, and Friday. The system administrator needs to perform a full recovery of the file server on Thursday afternoon. How many backup sets would be required to complete the recovery?
2
3
4
1
4
Each incremental backup will archive all of the files that have changed since the last full or incremental backup. To complete this full restore, the administrator will need the full backup from Monday and the incremental backups from Tuesday, Wednesday, and Thursday
A security administrator needs to identify all references to a Javascript file in the HTML of a web page. Which of the following tools should be used to view the source of the web page and search through the file for a specific filename? (Select TWO)
tail
openssl
scanless
grep
Nmap
curl
head
Grep, curl
A user has assigned individual rights and permissions to a file on their network drive. The user adds three additional individuals to have read only access to the file. Which of the following would describe this access control model?
DAC
MAC
ABAC
RBAC
Dac
A security administrator needs to identify all computers on the company network infected with a specific malware variant. Which of the following would be the BEST way to identify these systems?
DNS sinkhole A DNS (Domain Name System)
sinkhole can be used to redirect and identify devices that may attempt to communicate with an external command and control (C2) server. The DNS sinkhole will resolve an internal IP address and can report on all devices that attempt to access the malicious domain
Which part of the PC startup process verifies the digital signature of the OS kernel?
The Trusted Boot
portion of the startup process verifies the operating system kernel signature and starts the ELAM (Early Launch Anti-Malware) process
. A corporate security team would like to consolidate and protect the private keys across all of their web servers. Which of these would be the BEST way to securely store these keys?
Use an HSM
Implement full disk encryption on the web servers
Use a TPM
Upgrade the web servers to use a UEFI BIOS
HSM
The security policies in a manufacturing company prohibit the transmission of customer information. However, a security administrator has received an alert that credit card numbers were transmitted as an email attachment. Which of the following was the MOST likely source of this alert message?
IPS
DLP
SMTP
PCI DSS
DLP
Port numbers and their secure numbers for:
RTP (SRTP)
NTP (NTPsec)
HTTP (HTTPS
LDAP (LDAPS)
DNS
DHCP
RTP (SRTP) 5004
NTP (NTPsec) 123,
HTTP (HTTPS) 80, 443
LDAP (LDAPS) 389, 636
DNS- 53
DHCP- 67/68
Retrieves a web page and displays as html at the command line
Curl (client url)
HPing
This modifies all IP TCP, UDP, and ICMP values
What is a generic framework for adding auth to different protocols like LDAP, SMTP, IMAP?
SASL (simple auth security layer)
SAML (Security Assertion Markup Language) is a security/authentication focused on web based single sign on and federated identity
Adhering to a layered security approach, a controlled access facility employs security guards who verify the authorization of all personnel entering the facility. Which of the following terms BEST describes the security control being employed?
Corrective
Deterrent
Compensating
Administrative
Admin
Mark is currently configuring a new e-commerce server. He’s concerned about security issues, so which of the following would be the best location to place his e-commerce server?
DMZ
Intranet
Extranet
Guest network
DMZ
Which of these should be used for remote access authentication for users who have smart cards?
EAP-TLS
CHAP
PEAP
MS-CHAPv2
Eap-tls
You’re wanting to integrate users’ accounts with other resources from the web. In order to do so, you need to allow authentication to be used across different domains and while doing so, you mustn’t expose your users’ passwords to these services. Of the listed principles, which would be the most effective to accomplish this goal?
Kerberos
SAML
SASL
OAuth
OAuth
Why would a company want to utilize a wildcard certificate for their servers?
To extend the renewal data of the certificate
To secure the certificate’s private key
To reduce the certificate management burden
To increase the certificate’s encryption key length
To reduce the certificate management burden
A wildcard certificate is a public key certificate which can be used with multiple subdomains of a domain. This saves money and reduces the management burden of managing multiple certificates, one for each subdomain. A single Wildcard certificate for *.diontraining.com, will secure all these domains (www.diontraining.com, mail.diontraining.com, ftp.diontraining.com, …). The other options provided are not solved by using a wildcard certificate
Secure Enclave
All data on a mobile device is encrypted is what?
Msp needs a secure method of connecting to the web servers of a remote client
Proxy server
Jump server
IPS
HSM
Jump server
Ddos has caused a critical service to be unavailable for 90% of the business day.
Asset value
Single loss expectancy
Risk appetite
Exposure factor
Key risk indicator
Exposure factor
An attacker has circumvented a web-based application to send commands directly to a database. Which of the following would describe this attack type?
SQL injection
Which of the following would be the MOST significant security concern when protecting against organized crime?
-Require identification cards for all employees and guests
-Prevent users from posting passwords near their workstations
-Maintain reliable backup data
-Use mantraps at all data center locations
Maintain reliable backup data
A system administrator has added a new user to the network and has categorized this user to have “secret” level access. With this setting, the user will be able to access all files and folders with secret level access and lower. Which of the following describes this access control method?
Rule-based
Discretionary
Mandatory
Role-based
Mac
To upgrade an internal application, the development team provides the operations team with a patch executable and instructions for backing up, patching, and reverting the patch if needed. The operations team schedules a date for the upgrade, informs the business divisions, and tests the upgrade process after completion. Which of the following describes this process?
You Answered
Continuity planning
Usage auditing
Agile
Change management
Change management
A security administrator has installed a network-based DLP solution to determine if file transfers contain PII. Which of the following describes the data during the file transfer?
In-transit
Highly available
In-use
At-rest
In transit
A coworker is connecting to a secure website using HTTPS. The coworker informs you that before the website loads, their web browser displays an error that the site certificate is invalid and the site is not trusted. Which of the following is most likely the issue?
-The web server is currently unavailable.
-The web browser is requiring an update.
-A web proxy is blocking the connection.
-The server is using a self-signed certificate.
Server is using a self signed certificate
IPsec is a VPN protocol, not a remote access and authentication protocol
True
RFC 3227
Guidelines for evidence collection and archiving, digital forensic process
Message digests work as support for what?
many hashing protocols
A doctor with a hash brown as a nurse assisting him
Key management life cycle 6 stages
Key generation
Certificate generation
Distribution
Storage
Revocation
Expiration
To create a key pair, send the private key to the CA to be signed
False, public key
Company engineers regularly participate in a public Internet forum with other engineers throughout the industry. Which of the following tactics would an attacker MOST likely use in this scenario?
Watering Hole Attack
Hybrid Warfare
Pharming
Credential Harvesting
Watering hole attack
Which of the following is unique to a stream cipher?
It uses AES encryption
It is used in HTTPS
It encrypts 128 bytes at a time.
It performs bit-level encryption
Bit level encryption
A systems administrator is configuring a new network switch for TACACS+ management and authentication. Which of the following must be configured to provide authentication between the switch and the TACACS+ server
CHAP
Shared Secret
SNMPv3
SSH
Shared secret
Provenance
This is the original data and shows where the data has gone (chain of custody for data handling) block chain tech
A security engineer is configuring a wireless network that must support mutual authentication of the wireless client and the authentication server before users provide credentials. The wireless network must also support authentication with usernames and passwords. Which of the following authentication protocols MUST the security engineer select?
EAP
EAP-FAST
PEAP
EAP-TLS
Peap
Diamond model of intrusion analysis is what?
Adversary (develops)
Capability (exploits)
Victim (connects to)
Infrastructure (uses)
OAuth (Open Authorization) is an open standard for authorization that allows users to grant third-party applications limited access to their resources without sharing their credentials (like passwords) directly with the third-party application. It’s commonly used for enabling secure access to APIs and web services, particularly in scenarios involving user authentication and authorization.
True
Security assertion markup language
An open standard for authentication and authorization, can authenticate through a 3rd party, not good for mobile apps
SWG stands for Secure Web Gateway. It is a security solution designed to protect users and devices within an organization from web-based threats and enforce security policies for internet traffic. SWGs act as intermediaries between users and the internet, monitoring and filtering web traffic to prevent access to malicious or unauthorized websites and content
True
Key stretching library, Ext of Unix crypt library, generate hashes from passwords, blowfish cipher to perform multiple rounds of hashing
Bcrypt
Change the method of key exchange, can’t decrypt with private server key/every session uses a different private key for the exchange, uses ECC or diffie is what?
Perfect forward secrecy
Perfect forward secrecy
Use a different encryption key for each session is what?
An authentication program performs a hash of all passwords is data in what?
Data in use
Each time a spreadsheet is updated, all other cells with formulas auto update is what data?
Data in use
The Vice President of Sales has asked the IT team to create daily backups of the sales data. The Vice President is an example of
A. Data owner
B. Data protection officer
C. Data controller
D. Data processor
Data owner
A company has been informed of a hypervisor vulnerability that could allow users on one virtual machine to access resources on another virtual machine. Which of the following would BEST describe this vulnerability?
A. Containerization
B. VM sprawl
C. SDN
D. VM escape
VM escape A VM (Virtual Machine) escape is a vulnerability that allows communication between separate VMs
Vala, a security analyst, has received an alert from her IPS regarding active exploit attempts from the Internet. Which of the following would provide detailed information about these exploit attempts?
A. Netstat
B. Nmap
C. Nessus
D. Wireshark
Wireshark
Defines how much data loss would be acceptable during a recovery
RPO
RTO
Recovery time objectives
Defines minimum objectives required to get up and running to a particular service level
A recent security audit has discovered email addresses and passwords located in a packet capture. Which of the following did the audit identify?
A. Weak encryption
B. Improper patch management
C. Insecure protocols
D. Open ports
Insecure protocols
. An IPS report shows a series of exploit attempts were made against externally facing web servers. The system administrator of the web servers has identified a number of unusual log entries on each system. Which of the following would be the NEXT step in the incident response process?
A. Check the IPS logs for any other potential attacks B. Create a plan for removing malware from the web servers
C. Disable any breached user accounts
D. Disconnect the web servers from the network
D. Disconnect the web servers from the network
Disconnect the web servers from the network The unusual log entries on the web server indicate that the system may have been exploited. In that situation, the servers should be isolated to prevent access to or from those systems
Raid 0 is striping with parity
False, RAID 5
Raid 0 is striping with no parity
Minimization
Which of the following would limit the type of information a company can collect from their customers
This command can be used to perform a reverse-lookup of the IPv4 address and determine the IP address block owner that may be responsible for this traffic.
dig (Domain Information Groper)
. A hacker is planning an attack on a large corporation. Which of the following would provide the attacker with details about the company’s domain names and IP addresses? A. Information sharing center
B. Vulnerability databases
C. Automated indicator sharing
D. Open-source intelligence
. Open-source intelligence
describes reconnaissance gathering from publicly available sources. In this example, information about domain names and IP address would be easily retrieved from a query to a public DNS (Domain Name System) server.
A security administrator would like to test a server to see if a specific vulnerability exists. Which of the following would be the BEST choice for this task?
Metasploit
exploitation framework that can use known vulnerabilities to gain access to remote systems. Metasploit performs penetration tests and can verify the existence of a vulnerability
Which of the following would be the BEST way to protect credit card account information when performing real-time purchase authorizations?
A. Masking
B. DLP
C. Tokenization
D. NGFW
Tokenization,
technique that replaces user data with a non-sensitive placeholder, or token. Tokenization is commonly used on mobile devices to purchase using a credit card without transmitting the credit card number
. A government transport service has installed access points that support WPA3. Which of the following technologies would provide enhanced security for PSK while using WPA3?
A. 802.1X
B. SAE
C. WEP
D. WPS
SAE
.security administrator has identified the installation of a RAT on a database server and has quarantined the system. Which of the following should be followed to ensure that the integrity of the evidence is maintained?
A. Perfect forward secrecy
B. Non-repudiation
C. Chain of custody
D. Legal hold
Chain of custody
o process the company payroll, a manager logs into a third-party browser-based application and enters the hours worked for each employee. The financial transfers and physical check mailings are all provided by the third-party company. The manager does not maintain any servers or virtual machines within his company. Which of the following would BEST describe this application model?
A. PaaS
B. Private
C. SaaS
D. IaaS
SaaS
Which of the following BEST describes the modification of application source code that removes white space, shortens variable names, and rearranges the text into a compact format?
A. Confusion
B. Obfuscation
C. Encryption
D. Diffusion
Obfuscation
Which of the following would be the MOST likely result of plaintext application communication?
A. Buffer overflow
B. Replay attack
C. Resource exhaustion
D. Directory traversal
Replay attack
What can be used to monitor and alert if there are any changes to a file?
file integrity check (i.e., Tripwire, System File Checker, etc.)
company disposed of seven-year-old printed customer account summaries that were no longer required for auditing purposes. A recent online search has now found that images of these documents are available as downloadable torrents. Which of the following would MOST likely have prevented this information breach?
A. Pulping
B. Degaussing
C. NDA
D. Fenced garbage disposal areas
Pulping
Pulping places the papers into a large washing tank to remove the ink, and the paper is broken down into pulp and recycled. The information on the paper is not recoverable after pulping.
True
application developer is creating a mobile device app that will include extensive encryption and decryption. Which of the following technologies would be the BEST choice for this app?
A. AES
B. Elliptic curve
C. PFS
D. PGP
Elliptic curve
ECC (Elliptic Curve Cryptography) uses smaller keys than non-ECC encryption and has smaller storage and transmission requirements. These characteristics make it an efficient option for mobile devices
The ARO (Annualized Rate of Occurrence) describes the number of instances that an event would occur in a year. For example, if the organization expect to lose seven laptops to theft in a year, the ARO for laptop theft is seven.
True
Responsible for the organization’s data privacy – Sets policies, implements processes and procedures
Data protection officer
Data steward
Data custodian
Data controller
Data protection officer
Defines payroll amounts and timeframes, processes payroll and stores employee information
Payroll controller and processor
What is the information lifecycle?
Creation and receipt
Distribution
Use
Maintenance
Disposition
Get up and running quickly, get back to a particular service level is MTTR
False, recovery time objective
How much data loss is acceptable, bring the system back online, how far back data goes is what?
True, RPO
Confusion
Concept with data encryption where the encrypted data is drastically different than the plain text
In a zero trust architecture, which component acts as a gatekeeper between untrusted systems and trusted enterprise resources?
Oscp
Sender Policy framework
End point detection and response
Policy enforcement point
Policy enforcement point,
A policy enforcement point allows, monitors, and terminates connections between the trusted and untrusted systems.
Attacker emails a link that if clicked on will run a java script that sends credentials/session IDs/cookies to the attacker
Non persistent XSS attack
When you buy something from a website and a attacker puts a js in so they can steal your information to be able to authenticate back to that website and buy stuff with your information
When a website’s browser has a video from YouTube on it or has pictures loaded from insta, this is a what?
Cross site
Most are unauthenticated
What is for randomizing encryption schemes like ciphers, WEP and SSL?
IV
salt is a type of nonce used with password randomization to make the password hash unpredictable
Your organization requires support for specific authentication methods beyond username/password
Eap-tls
Eap-ttls
Peap
Eap-fast
Eap-ttls
How a process can affect customer privacy is what?
Privacy impact assessment (PIA)
Maintenance
Information life cycle stage that deals with retrieval of information and data transfers
Information life cycle stage about how Information is processed, stored and sorted
Distribution
RPO is how much time to recover to a certain point, not complete recovery
False, RTO (recovery time objective)
RPO is minimum amount of data to get back online
EU protection/privacy for data
GDPR
Which best sends data to a specific remote port
Netcat
Route
Grep
Dig
Tail
Netcat
Ip sec, FTPs, NTPsec, ssh
-Encrypt all data sent to terminal console
-encrypt all voip phone call audio
-gather performance metrics from switches and routers
-Send files from workstation to a server
-auto set time snd date on laptop
-connect 2 sites using encrypted tynnel
-securely authenticate users to a network resource
- SSH
- SRTP
- SNMPv3
- FTPS
- NTPsec
- IPsec
- Ldaps
Security admin wants to block users from visiting known malicious internet locations. Which provide this?
Honeypot
DNS sinkhole
DLP
Fake telemetry
Embedded system
DNS sinkhole
An application developer has embedded a certificate in a mobile app. Which best describes the app use of the certificate
Self signed
Stapling
Pinning
Hashing
Pinning
Security assertion markup language (SAML)
Open standard to be able to gain authentication and authorization to a 3rd party’s resources
Not for mobile apps
Security admin needs to modify a portion of a systems boot sector. Which is the best for the task?
Ftk imager
Winhex
Memdump
Autopsy
Dd
Winhex
Which is the way to save energy in a data center?
Air gap
Hot and cold aisles
East and west
Ingress and egress
Hot and cold aisles
Which of the following would be most likely to verify the entity requesting a certificate?
OCSP
Common name
RA
CRL
RA
Ñame 3 business policies
Job rotation, mandatory vacation, separation of duties, dual control, clean desk policy
Framework Core
This identifies, protects, detects, responds and recovers
Security in cloud computing, not for profit organization
Cloud security alliance (CSA)
Controls that are implemented by people is managerial controls
False, operational
Managerial is security designs and and implementations, policies and SOP’s
Récord custodians are instructed to preserve data is what?
Hold notification
But for bit copy and preserves all data, even if it as deleted
Forensic clone (disc)
Ñame 2 types of data found in the RAM/memory dump
Browsing history, clipboard information, encryption keys, command history
Ñame 2 artifact locations
Log information
Flash memory
Prefetch cache files
Recycle bins
Browser bookmarks and logins
What is a difficulty with digital forensics in the cloud?
Devices are not totally in your control
There may be limited access
Associate data with a specific user
What kind of attack is this, a virus alert appears in your browser from Microsoft with a phone number to call for support
Vishing
Hoax
Spoofing
On path
Hoax
A computer room in a library that has a web server and a database server in it would use what 3 security controls?
Locking cabinets
Environmental sensors
Biometric reader
FDE
Cable lock
Smart card
Video surveillance
Locking cabinets
Environmental sensors
Video surveillance
A library employee is offsite using his laptop that contains PII. What 2 security controls should he use?
Environmental sensors
Video surveillance
Biometric reader
Locking cabinets
Smart card
FDE
Cable lock
FDE
Biometric reader
An open area with laptop computers for a newspaper reading lab would use cable locks as security controls
True
What secure network protocol would use to accept customer purchases from your primary website?
HTTPS
Your login will not work unless you are connected to the VPN is something you can do
False, somewhere you are
What 2 protocols use TLS to provide secure communication?
HTTPS, FTPS
Daniel needs to know how often a firewall is expected to fail between repairs
Mtbf
RTO
Mttr
MTTF
MTBF
What would provide a list of internal windows devices that have not installed the latest security patches and verification of encrypted data transfers?
CASB
Name an an example of an approval list
application hash- only allows apps with unique identifier
Certificate- has to be digitally signed from publisher
Path-only applications from specific folders
Network zone- only from a specific zone
This typically has allowed lists built in
Firewall
Os
Embedded system
Concentrator
OS
An online web conference is sent in real time to attendees is data in what?
In use
In transit
At rest
In transit
Authentication attempts to an AAA server is data what?
In transit
In use
At rest
In transit
An org is using the SSAE SOC 2 type II framework. Which is associated with this framework?
System audit
A company is creating a security policy that will protect all corporate mobile devices
Cope
Cyod
Mdm
Mcm
Mdm
The user adds 3 additional individuals to read only access to the file
Mac
ABAC
Rbac
Dac
Dac
These need different tables for different hashing methods and aren’t useful if passwords are salted
Rainbow tables
A security would like to verify systems can’t be accessed by former employees
-Confirm that no authorized accounts have admin access
-Validate lock out policy
-Validate process/procedure for all outgoing employees
-Create a report with all authentication for 24 hour period
Validate process/procedure for all outgoing employees
This views data trends, alerts and correlations(view data in different ways)
SIEM
NXlog
Syslog daemon that collects many diverse logs
Memory is the 2nd most volatile
True
Which risk management strategy would include purchase and installation of an NGFW?
Transference
Mitigation
Acceptance
Risk avoidance
Mitigation
Mitre Attack
-identify point of intrusion
-understand method used to move around
-identify potential security techniques to block future attacks
Which person in an org is responsible for managing access rights?
Data processor
Data owner
Privacy officer
Data custodian
Data custodian
Vm in a screened subnet with guest login and no password would be the most likely reason?
Server is a Honeypot
Server is a Cloud storage
Server is a VPN concentrator
Server is a sandbox for 3party programming
Server is a Honeypot
Company would like to securely deploy applications without overhead if installing a vm for each system.
Containerization
Iaas
Segmentation
Virtualization
Containerization
How many drives does each below need?
Raid 0
Raid 1
Raid 5
2
2
3
Choose 3 security features for tablet and 3 for desktop with browser based front end with 2 authentication forms:
Remote wipe, FDE, environmental factors, face recognition, locking cabinets, host based firewall, anti malware, smart card
Tablet: remote wipe, FDE, face recognition
Desktop: host based firewall, anti malware, smart card
Sales information is uploaded daily from a remote site using a satellite network is what type of data in?
Data in Transit
Maintain uptime when power surges cause physical damage to one of the power supplies in a system
Dual power supplies
PDU
PDS
Hot swappable
dual power supplies
This command would allow you to use a reverse lookup of an IPv4 address and see the IP address block owner
Dig
Which would provide an attacker details about a company’s domain name and ip address?
Information sharing center
Vulnerability database
AIS
Open source intelligence
Open source intelligence
Standard format and transfer mechanism for distributing security intelligence b/w different organizations
Information sharing center
AIS
IOC
Vulnerability database
Automated indicator sharing
. To process the company payroll, a manager logs into a third-party browser-based application and enters the hours worked for each employee. The financial transfers and physical check mailings are all provided by the third-party company. The manager does not maintain any servers or virtual machines within his company. Which of the following would BEST describe this application model?
A. PaaS
B. Private
C. SaaS
D. IaaS
SaaS
Modifies application source code and removes white spaces, shortens variable names and rearranges the text in compact form
Confusion
Obfuscation
Encryption
Diffusion
Obfuscation
These logs may contain information about recent traffic flows to systems outside of corporate network
Hips
Host based firewall
An app developer is creating a mobile device app that will include extensive encryption and decryption is what?
Elliptic curve, efficient for mobile devices
Tests Security devices by checking ips signatures and firewall rules, test ip flow/Netflow devices, evaluates performance of security devices
Tcprelay
View’s application traffic, traffic patterns, identifies unknown traffic, verifies packet filtering and security controls
Wire shark
Copy information in a system memory to the standard output stream
Memdump
Certificate chaining starts with the SSL certificate and ends with the root certificate. What is a certificate in between the 2 called?
Chain certificate or intermediate certificate
Common attack for this is the attacker making their system appear trusted with false ip addresses, caller id numbers and other ways to gain access to systems or information
Spoofing
Encrypted data is drastically different than the plaintext is obfuscation
False, confusion
Obfuscation makes things unclear
CA verifies the entity requesting the certificate
False, RA
Certificate Authority deploys and managements certificates
Company is required to maintain 7 years of tax records. Which is best?
A. Created automated script to remove tax info more than 7 years old
B. Print and store all tax records in 7 year span
C. Allie users to down tax records from account login
D. Create separate daily backup archive for all applicable tax records
D. Create separate daily backup archive for all applicable tax records
Security solution for end user devices to protect against malicious software and threats
Endpoint detection response
It is common for vulnerability scans to show vulnerabilities that don’t actually exist and can be dismissed once the alert has been properly researched
True, especially with non credentialed scans
Used with dedicated network exclusively to manage manufacturing equipment, power and water management systems
Industrial control system
ICS
Which is a common way to prevent exploitation of a root certificate?
Certificate chaining
CRL
Certificate pinning
Offline CA
Offline CA, can’t hack if offline
Security admin thinks a user installed a rogue AP on corporate network. Which can confirm?
Utm log
WAF log
Switch log
DLP log
Switch log
Incident response team is validating their disaster recovery plans without making changes to the infrastructure.
Table top exercise
Simulation
Passive reconnaissance
Exercise
Table top exercise
Simulation often changes an existing system or infrastructure in order to properly test a simulated disaster
True
Evaluates security of existing source code
Static code analyzer
This would provide a specific filter that would prevent a web server from processing added data
Input validation
Contract of long term temp employee is ending. Which is most important of off boarding process?
-Perform on demand audit of user privileges
-Archive decryption keys with user account
-Document outstanding tasks
-Obtain signed AUP
Archive decryption keys with user account
System admin needs to provide os access to a web server executable.
User
Privileged
Service
Guest
Service
Company maintains a scheduling app and a database in a virtualized cloud based environment. Which is best backup?
Full
Snapshot
Differential
Incremental
Snapshot
VM’s and virtual clouds specifically for this
In an environment with discretionary access control, which controls the rights and permissions associated with a file or directory?
Admin
Owner
Group
System
Owner
D.O. Chiedo
Determining if file transfers contain PII. Which describes data during a file transfer?
In use
In transit
At rest
Highly available
In transit
System dev life cycle that focuses on creating content as quick as possible and refining the content until the final product is complete
Agile
.. in a file path
Parent directory
Associated with directory traversal
Merges developed code, tests for issues, and auto moves the newly developed application to production without human intervention
Continuous deployment
Continuous of operations
Continuous delivery
Continuous integration
Continuous deployment
Code constantly written and merged into central repository many times a day
Continuous integration
An attacker sending a HTTP suspicious WebDAV (packet) is trying to do what?
Trigger the IPs
Accesses a connection on a remote machine
SSH
Netcat
Nmap
LW thin client
Netcat, also creates open connections and reads and writes information to the network
Most effective use of asymmetric encryption
Real time video encryption
Store passwords
Protect data on mobile devices
Securely derive a session key
Securely derive a session key
It manager wants to prevent 3rd parties from gaining access to to info if a laptop is stolen. Which is best?
Remote wipe
FDE
Biometrics
Bios user password
FDE
This firewall allows or denies based on expected input. Blocks unexpected input to exploit an application
Web application firewall
-Physically disconnected the Ethernet cable on the database server
-Disabled the unknown account • -Configured a firewall rule to prevent file transfers from the server Which incident response process?
A. Eradication
B. Containment
C. Lessons learned
D. Preparation
B. Containment
Disconnecting compromised devices from the network, blocking malicious traffic is which of the incident response lifecycle?
Detection analysis
Containment
Eradication
Recovery
Containment
Eradication is finding/eliminating the root cause of a security incident
True
Which of the following is an authentication attribute?
Something you have
Somewhere you are
Something you know
Something you are
Somewhere you are
What type of wireless network security limits access using physical hardware addresses?
Geofencing
WPS
Geotagging
Mac filtering
Mac filtering
A system administrator has replaced a storage drive and restored a server from backup using a full backup and multiple additional tape sets. Which of the following would BEST describe this backup type?
Differential
Snapshot
Full
Incremental
Incremental
A system administrator would like to identify all known vulnerabilities on a remote device. Which of the following would be the BEST choice for this task?
Scanless
Grep
Nessus
Dnseum
Nessus
An attacker has circumvented a security control by modifying their MAC address. Which of the following would describe this attack type?
Rogue AP
Cloning
Man in the middle
Jamming
Cloning
Which of these best describes authentication that is genuine with high confidence?
Hashing
Non repudiation
Integrity
AH
Non repudiation
Which of the following would be the best way to prevent a worm entering the network through a USB flash drive
Screened subnet
NGFW
DLP
WAF
DLP
Which of the following is commonly used to verify device drivers during Windows startup?
ELAM
A company has determined that laptops valued at $50,000 have been stolen over the last calendar year. Which of the following would describe this value?
ALE
ARO
SLE
CER
Annual loss expectancy
Infrastructure is handled by the provider in SaaS
True, you use both the providers software and infrastructure
IaaS you would only use the providers infrastructure but be in charge of your own software
Saas is like going to a restaurant and they make your meal for you
PaaS is like going to an open kitchen where you have full access to cook your own meal
True
Which control is security designs and and implementations, policies and SOP’s
Managerial
This allows, monitors, and terminates connections between the trusted and untrusted systems.
A policy enforcement
PII and PHI are classified/private information
False, sensitive
Buying cybersecurity insurance is which risk management strategy?
Transference
Mitigation would be investing in security systems
is public discourse correlated to real world behavior/hate you they hack you/social media as barometer
Sentiment analysis
SSL, intermediary and root certificate make up what?
Certificate chain
Both sides agree to contents, includes a confidentiality statement, informal letter of intent, not signed contract
Memorandum of understanding
BPA
Business partnership agreement
Going into business together, owner stake, financial contract, decision agreements, contingency preparation
Name 2 control objectives for PCI DSS
-build and maintain a secure network and systems
-protect cardholder data
-maintain a vulnerability management program
-implement strong access control measures
-regularly monitor and test networks
-maintain an information security policy
Records custodians are instructed to preserve data is what?
Hold notification
In a legal hold, what has many different data sources and types/a unique workflow and retention requirements?
Electronically stored information ESI
Record time offsets from the OS
True,
Windows registry
/var/log
Event Viewer
Log store for
Linux
Windows
In volatility ñame all in the 2nd and fifth most volatile
- Router table, kernel statistics, memory, process, ARP cache
- Remote logging and monitoring data
What do you connect to a disk?
Imaging device with write protection
What transfers pages of RAM to a storage device?
Swap/pagefile
Place to store ram when memory is depleted
Deleted files
Hidden data
Hardware or software corruption
Storage device is physically damaged
Data recovery process
The 2 parties can verify non repudiation through a use of what?
Message authentication code
MAC
CASB
CASB
you implement to
-enforce security policies,
-monitor user activities,
-and protect sensitive data in the cloud?
Which logs are stored in binary format?
System
Determines route a packet takes to a destination is what command?
Traceroute
Maps entire path
This command performs port, os and service scans and additional scripts
Nmap
ARP on local subnet, ICMP requests, TCP ACK, and ICMP timestamp requests are techniques for what tool?
Ip scanner
Uses cmdlets to extend command line functions
Windows power shell
To create a key pair you send the private key to the CA to be signed
False, public
