Security Operations & Monitoring Flashcards

1
Q

UEFI Boot Phases

A
  1. Security 2. Pre-EFI initialization 3. Driver Execution Environment 4. Boot Device Select 5 .Transient System Load 6. Runtime
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Clear

A

Clear applies logical techniques to sanitize data in all user-addressable storage locations for protection against simple non-invasive data recovery techniques

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Technical Control

A

implemented as a system of hardware, software, or firmware.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Administrative Control

A

involve processes and procedures.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Physical Control

A

include locks, fences, and other controls over physical access.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Compensating Control

A

controls that are put in place to cover any gaps and reduce the risk remaining after using other types of controls.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Honeypot

A

host set up with the purpose of luring attackers away from the actual network components and/or discovering attack strategies and weaknesses in the security configuration.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Jumpbox

A

a hardened server that provides access to other hosts.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Sandbox

A

computing environment that is isolated from a host system to guarantee that the environment runs in a controlled, secure fashion.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Containerization

A

a type of virtualization applied by a host operating system to provision an isolated execution environment for an application.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Mimikatz

A

a leading post-exploitation tool that dumps passwords from memory, as well as hashes, PINs, and Kerberos tickets.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Ring 0

A

complete access to any memory location and, therefore, any hardware devices connected to the system. Processes that operate with ring 0 privileges are referred to as working in kernel mode.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Ring 3

A

referred to as user mode. Ring 3 is where the OS runs services and non-essential device drivers. It is also where applications run.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Tombstone remediation

A

quarantines and replaces the original file with one describing the policy violation and how the user can rerelease it.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

journalctl

A

a command for viewing logs collected by systemd.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Credential stuffing

A

automated injection of breached username/password pairs to gain user accounts access fraudulently.

17
Q

exact data match (EDM)

A

a pattern matching technique that uses a structured database of string values to detect matches.

18
Q

Document matching

A

attempts to match a whole document or a partial document against a signature in the DLP.

19
Q

Statistical matching

A

a further refinement of partial document matching that uses machine learning to analyze various data sources using artificial intelligence or machine learning.

20
Q

getfacl

A

allows backups of directories to include permissions, saved to a text file.

21
Q

setfacl

A

used to restore the permissions from the backup created.

22
Q

iptables

A

used to configure the Linux firewall

23
Q

Linux permissions

A

“owner, group, other.” 4 (read), 2 (write), and 1 (execute)