Security Concepts

Question 1

CIA Triad

Answer 1

Confidentiality: Certain information only known by certain people
Integrity: Data is stored and transferred was intended without modification
Availabilty: Information is accessible to those authorized to access it

Question 2

Vulnerability

Answer 2

• Weakness that could be accidentally triggered or intentionally exploited to cause security breach

Question 3

Threat

Answer 3

• Potential for vulnerability to be exploited and security breached
• Intentional or unintentional
• Thing posing threat is threat actor or agent
• Pather or tool used is attack vector

Question 4

Risk

Answer 4

Likelihood and impace of threat actor exercising vulnerability

Question 5

Risk Management

Answer 5

• Process for identifying, assessing and mitigating vulnerabilities and threats.
• ERM: Enterprise Risk Managment policies based on published frameworks

Question 6

Security Controls

Answer 6

• Procedures, activities and tools designed to give a system or data asset the CIA properties
• Aim is to mitigate risk factors to affordable level

Question 7

Risk Posture

Answer 7

• Overall status of risk management

- Shows which risk response options can be identified and prioritized

Question 8

Posture Assessment

Answer 8

• Used ot assess organizations maturity level in its use of security policies and contols

Question 9

MEF

Answer 9

Mission Essential Function

• Function org must be able to perform as close to continually as possible
• If there is disruption, must be restored with priority

Question 10

BIA

Answer 10

Business Impact Analysis

• Process of assessing what losses might occur from a range of threat scenarios
• Gives context for making decisions on what security controls are worth investment

Question 11

Exploit

Answer 11

• Specific code or method of using vulnerability to gain control of or damage system

Question 12

Zero-Day

Answer 12

• Vulnerability that is exploited before it is patched or known
• Can be extremely destructive

Question 13

Vulnerability Assessment

Answer 13

• Evaluation of a system’s security and ability to meet compliance requirements based on configuration state of the system.
• How close it is to ideal configuration.

Question 14

CVE

Answer 14

Common Vulnerabilities and Exposures

- Dictionary of vulnerabilities that is published

Question 15

TTP

Answer 15

Tactics, Techniques and Procedures of threat actors

Question 16

Behavioral threat research

Answer 16

• Narrative commentary describing examples of attacks and TTPs

Question 17

Reputational threat intelligence

Answer 17

• Lists of IP addresses and domains associated with malicious behavior
• signature of file based malware

Question 18

Threat Data

Answer 18

• Computer data that can correlate events observed on customers own networks and logs with known TTP indicators

Question 19

SIEM

Answer 19

Security Information and Event Management

• Security Control designed to integrate assessment efforts with automated collection and analysis
• Links events or data points to indicators of risk or compromise
• Can drive an alert system based on findings

Question 20

Penetration Testing

Answer 20

• Authorized hacking techniques to discover exploitable weaknesses
• Active test of security controls

Question 21

Vendor Management

Answer 21

• Process of selecting supplier companies and evaluating risks inherent in relying on third party products or services.
• Risk cannot be fully transferred to vendors

Question 22

ACL

Answer 22

Access Control List

- List of subjects and rights or permissions they have access to

Question 23

Local Authentication provider

Answer 23

Software architecture and code that underpins the mechanism by which the user is authenticated before starting a shell.
- Microsoft or Linux sign in

Question 24

Hash

Answer 24

• Function that converts any string to a unique, fixed-length code
• Cannot be converted back to plaintext string
• Passwords are stored in the credential database as hash
• One-way cryptographic function

Question 25

SSO

Answer 25

- Allows user to authenticate once to local device and be otherized to access compatible application servers without having to authenticate again - In Windows, usually provided by Kerberos Framework

Question 26

Kerberos

Answer 26

- Provides SSO authentication to active directory - Authentication service approves user logon requests - KDC (Key Distribution Center) presents user with Ticket Granting Ticket - To access domain resources, client requests Service Ticket by supplying Ticket Granting Ticket to Ticket Granting Service

Question 27

Digital Certificate

Answer 27

- Used to authenticate server machines when using TLS | - Can be installed on web or email server to validate identity and secure transmission channel

Question 28

Public Key Cryptography

Answer 28

- Key pair is generated - Private key only you know - Public Key can be transmitted to other subjects - Private key cannot be derived from public key - Messages sent with public key can only be decrypted with your private key - Can also be used to authenticate yourself by creating unique signature, which only you could have made

Question 29

PKI

Answer 29

Public Key Infrastructure - Aims to solve issue with public key by proving owner of public key - Anyone issuing public keys should obtain a digital certificate - Wrapper for entities public key

Question 30

EAP

Answer 30

Extensible Authentication Protocol - framework for deploying multiple types of authentication protocols and technologies - Many use digital certificates on the server and client machines - Used to establish trust relationship and secure tunnel to transmit other credentials

Question 31

NAC

Answer 31

IEEE 802.X Port-based Netwrok Access Control - Means of using EAP method when device connected to ethernet switch port, WAP or VPN gateway. - Uses Authentication, Authortization and Accounting (AAA) architecture.

Question 32

RADIUS

Answer 32

Remote Authentication and Dial-in User Service - Widely used for client access over switches, wireless and VPNs. - Uses port 1812 and 1813 - Each client must have IP of radius server and shared secret

Question 33

TACAS+

Answer 33

Terminal Access Controller and Access Control System - Similar to RADIUS, but more flexible and reliable - Often used to authenticate administrative access to routers and switches - Port 49

Question 34

PAM

Answer 34

Privileged Account Management - policies, procedures and technical controls to prevent malicious abuse of privileges accounts - Identify and document privileged accounts, and manage the credentials used to access them

Question 35

Least Privilege

Answer 35

- User is granted sufficient rights to perform job and no more - Mitigates risk if account is compromised - Should perform regular audits to prevent authorization creep

Question 36

Role-based Access

Answer 36

- A set of organizational roles is defined and subjects are allocated to those roles - Roles can only be modified by system owner - Rights are given from role assignment, rather than directly

Question 37

Zero Trust

Answer 37

- Based on idea that perimeter security is unlikely to be completely robust - Use continuous authentication and conditional access to mitigate privilege escalation and compromise.

Question 38

LDAP

Answer 38

Lightweight Directory Access Protocol - Used to query and update x.500-like directory - Used TCP and UDP port 389

Question 39

X.500

Answer 39

- Main directory standard - Each object has unique identifier called distinguished name - Made of attributes=value pairs separated by commas. - Most specific attribute is listed first and then get broader Example: CN: Jaime, OU: Admins, DC:corp, DC:515support, DC:Com