Security Flashcards
A script that runs automatically when a user logs in, often used to map network drives, set environment variables, or launch apps.
Login Script
A central collection of users, computers, and resources managed under a single set of rules and policies in Active Directory.
Domain
A centralized way to control settings for users and computers in an AD environment, including enforcing updates, passwords, desktop restrictions, and more.
Group Policy / Updates
A personal network folder assigned to a user for storing files; typically mapped to a specific drive letter at login.
Home Folder
AD objects used to assign permissions to resources or delegate rights to multiple users simultaneously.
Security Groups
A policy that redirects user data folders (like Documents or Desktop) to a network location for easier backup and roaming profiles.
Folder Redirection
A wireless security protocol that uses AES encryption and was the industry standard for many years; more secure than WEP or WPA.
Wi-Fi Protected Access 2 (WPA2)
The latest wireless security protocol offering stronger encryption, individualized encryption per device, and protection against brute-force attacks.
WPA3
An older encryption protocol used with WPA; less secure than AES and gradually being phased out due to known vulnerabilities.
Temporal Key Integrity Protocol (TKIP)
A symmetric encryption algorithm used by WPA2 and WPA3; offers strong security and is widely used across various technologies, not just Wi-Fi.
Advanced Encryption Standard (AES)
A secure, password-based authentication method used in WPA3 that replaces the less secure PSK method from WPA2; protects against offline dictionary attacks and provides forward secrecy.
Simultaneous Authentication of Equals (SAE)
A centralized authentication protocol used for remote access and network services; uses UDP, combines authentication and authorization, and encrypts only the password.
Remote Authentication Dial-In User Service (RADIUS)
A Cisco-developed protocol for centralized authentication; uses TCP, separates authentication, authorization, and accounting, and encrypts the entire payload.
Terminal Access Controller Access-Control System Plus (TACACS+)
A secure network authentication protocol that uses tickets and a trusted third party to verify users and services. Common in Active Directory environments.
Kerberos
An authentication approach that requires two or more verification methods from different categories: something you know (password), something you have (token), or something you are (biometric).
Multifactor Authentication (MFA)
A broad term for any malicious software designed to harm, exploit, or compromise data, devices, or networks. Includes viruses, trojans, spyware, ransomware, and more.
Malware
A type of malware disguised as a legitimate program but contains malicious code that runs once the program is executed.
Trojan
A stealthy form of malware that gives attackers privileged access to a system while hiding its presence from standard detection tools.
Rootkit
A type of malicious software that attaches itself to a file or program and spreads to other files or systems when executed.
Virus
Software that secretly gathers user information, such as browsing habits or personal data, often without consent.
Spyware
Malware that locks or encrypts user data and demands payment (a ransom) to restore access.
Ransomware
Records every keystroke typed by a user to steal sensitive data like passwords, PINs, or credit card numbers.
Keylogger
A type of virus that infects the master boot record (MBR) of a storage device, loading before the operating system starts.
Boot Sector Virus
Malware that hijacks system resources to secretly mine cryptocurrency, often degrading system performance.
Cryptominers
A special boot environment that starts the OS with minimal drivers and services; used to isolate malware and run cleanup tools safely.
Recovery Mode
Software specifically designed to detect and remove viruses, often providing real-time protection and scanning capabilities.
Antivirus
A broader security tool that targets various forms of malicious software including spyware, ransomware, trojans, and more—not just viruses.
Anti-malware
Security software that monitors and controls incoming and outgoing network traffic on a single device to help block unauthorized access or suspicious activity.
Software Firewalls
Training programs that help users recognize fraudulent emails or websites designed to steal sensitive data like passwords or credit card numbers.
Anti-phishing Training
Educating users on how to avoid malware through best practices like not clicking unknown links, using strong passwords, and updating software regularly.
User Education Regarding Common Threats
A last-resort option for malware removal that wipes the system clean and reinstalls a fresh version of the operating system.
OS Reinstallation
Manipulating people into giving up confidential information or performing actions that compromise security, often through deception or trust exploitation.
Social Engineering
A type of attack that uses emails or messages posing as legitimate sources to trick users into clicking malicious links or revealing sensitive data.
Phishing
Voice-based social engineering where attackers call victims pretending to be someone trustworthy to gather sensitive information.
Vishing
Looking over someone’s shoulder to observe sensitive information, such as passwords or PINs, often in public or work environments.
Shoulder Surfing
A phishing attack targeting high-profile individuals like executives or public officials, often using highly personalized tactics.
Whaling
Following someone closely through a secure door or entry point without authorization, often pretending to be an employee or delivery person.
Tailgating
Pretending to be someone trusted—like tech support or a coworker—to gain access or information. Often used in person, via email, or phone.
Impersonation
Searching through trash or recycling bins to find sensitive documents or data that can be used for fraud or further attacks.
Dumpster Diving
A rogue Wi-Fi access point that mimics a legitimate one to trick users into connecting, allowing attackers to intercept data or install malware.
Evil Twin
An attack where multiple compromised systems flood a target with traffic, overwhelming its resources and making it unavailable to users.
Distributed Denial of Service (DDoS)
An attack where a single system floods a network or service with excessive requests to disrupt access or functionality.
Denial of Service (DoS)
An attack that exploits a previously unknown software vulnerability before a patch is available, leaving systems defenseless.
Zero-day Attack
Falsifying the identity of a user or system in order to deceive or gain unauthorized access (e.g., IP, email, or MAC address).
Spoofing
Also known as a man-in-the-middle (MITM) attack; the attacker secretly intercepts and possibly alters communications between two parties.
On-path Attack
An attack where an attacker tries every possible combination of characters to guess a password.
Brute-force Attack
A password-cracking method that tries words from a predefined list or dictionary, often targeting weak or common passwords.
Dictionary Attack
A security threat originating from someone within the organization who misuses access—either maliciously or accidentally.
Insider Threat
An injection attack where malicious SQL commands are entered into input fields to manipulate or access backend databases.
Structured Query Language (SQL) Injection
A web-based attack that injects malicious scripts into trusted websites, allowing attackers to steal data from users who visit the page.
Cross-site Scripting (XSS)
A network of compromised computers or devices (often called zombies) controlled remotely by an attacker to launch coordinated attacks like DDoS.
botnet
An individual device that has been infected with malware and is being controlled by an attacker as part of a larger botnet, often without the user’s knowledge.
Zombie
A type of cyberattack where the attacker secretly intercepts and possibly alters the communication between two parties without their knowledge. Often used to steal data or credentials. Also known as a man-in-the-middle (MITM) attack.
On-path Attack
A weakness or flaw in software, hardware, or organizational processes that can be exploited by threats to gain unauthorized access, cause damage, or steal data.
Vulnerability
FTP
20 (data), 21 (control)
SSH
22
Telnet
23
SMTP
25
DNS
53
HTTP
80
DHCP
67 (server), 68 (client)
POP3
110
NetBIOS
137–139
IMAP
143
SNMP
161/162
LDAP
389
HTTPS
443
SMB
445
RDP
3389
Transfers files between computers using a control and data channel
FTP
Provides secure remote login and command execution using encryption
SSH
Allows remote login to another host without encryption
Telnet
Sends email messages between servers
SMTP
Resolves domain names to IP addresses
DNS
Loads websites using unencrypted web traffic
HTTP
Assigns IP addresses dynamically on a network
DHCP
Retrieves email from a server and downloads it to a local device
POP3
Provides legacy file and printer sharing in older Windows networks
NetBIOS
Retrieves email while keeping it on the mail server
IMAP
Collects and organizes network device information and monitoring data
SNMP
Provides directory services like user and device lookups
LDAP
Loads websites using encrypted web traffic
HTTPS
Shares files, printers, and other resources in Windows networks
SMB
Allows remote desktop access to another computer over a network
RDP
A user profile created and stored on the device itself versus one linked to an online identity for syncing settings, apps, and services across devices.
Local vs. Microsoft Account
Account type that is intended for everyday use. It allows users to run apps, use the internet, and customize their personal environment, but it cannot install or uninstall software, change system settings, or manage other user accounts. It’s considered the safest type for daily use.
Standard Account
An account type that has full control of the system. It can install and uninstall software, create and manage user accounts, change system-wide settings, and access protected system files. Administrator privileges are required for most maintenance and troubleshooting tasks.
Administrator
Account type that is a built-in, very limited access profile designed for temporary or infrequent users. It cannot install programs, change settings, or access other users’ files. It’s disabled by default in modern Windows versions for security reasons.
Guest User
Account type that is a legacy Windows group that has more permissions than a standard user but fewer than an administrator. It could install some software and access some system tools, but was restricted from high-level system management. This group is largely deprecated in modern Windows versions.
Power User
Securely removing data from a storage device so it cannot be recovered. Often involves overwriting the drive multiple times with random data.
Erasing/Wiping
A deeper, manufacturer-level formatting process that fully resets a storage device by rewriting sectors and mapping out bad ones
Low-Level Formatting
The process of setting up a file system and clearing the file allocation table; does not fully erase existing data and is less secure for recycling.
Standard Formatting
A network protocol that allows devices on the same network to discover each other and automatically configure services like media sharing or port forwarding. Convenient, but can introduce security risks if not properly managed
Universal Plug and Play (UPnP)
the process of redirecting communication requests from one address and port number to another
Port Forwarding
a process that takes the contents of a file and runs it through a mathematical algorithm to create a unique string of characters, known as a hash or checksum
Hashing
What does UAC stand for in Windows security? (Set 813)
A) User Access Control
B) Universal Admin Control
C) User Account Control
D) Unified Access Control
Answer: C) User Account Control
Which port does HTTPS typically use? (Set 638)
A) 443
B) 80
C) 22
D) 21
Answer: A) 443
What type of malware disguises itself as legitimate software? (Set 127)
A) Worm
B) Ransomware
C) Trojan
D) Spyware
Answer: C) Trojan
Which Windows feature encrypts the entire disk? (Set 386)
A) Firewall
B) BitLocker
C) EFS
D) Windows Hello
Answer: B) BitLocker
Which of the following methods ensures data is unreadable without the correct key? (Set 878)
A) Authentication
B) Authorization
C) Encryption
D) Hashing
Answer: C) Encryption
Arrange the steps to enable BitLocker on a drive:
1) Right-click the drive
2) Select ‘Turn on BitLocker’
3) Choose how to unlock drive
4) Choose where to save recovery key
5) Start encryption
- Right-click the drive
- Select ‘Turn on BitLocker’
- Choose how to unlock drive
- Choose where to save recovery key
- Start encryption
Arrange the steps for setting up a strong password policy:
1) Open Group Policy Editor
2) Navigate to Password Policy
3) Set password length
4) Set expiration days
5) Apply policy
- Open Group Policy Editor
- Navigate to Password Policy
- Set password length
- Set expiration days
- Apply policy
Put the malware removal process in order:
1) Identify symptoms
2) Quarantine the system
3) Remediate
4) Schedule future scans
5) Reconnect to network
- Identify symptoms
- Quarantine the system
- Remediate
- Schedule future scans
- Reconnect to network
Put the steps in order for configuring a firewall rule:
1) Open Windows Defender Firewall
2) Click Advanced Settings
3) Create new rule
4) Define ports and protocol
5) Apply rule
- Open Windows Defender Firewall
- Click Advanced Settings
- Create new rule
- Define ports and protocol
- Apply rule
Put the steps to enable multifactor authentication (MFA) in order:
1) Sign in to security settings
2) Select MFA options
3) Enter verification method
4) Confirm and test MFA
- Sign in to security settings
- Select MFA options
- Enter verification method
- Confirm and test MFA