Security+ section 1 Flashcards
W.I a preventative control give examples
it physically blocks a person firewall (technical), on-boarding policy (managerial), guard shake (operational), doorlock (physical)
W.I a deterrent control give examples
discourages an intrusion attempt splash screen, demotion, reception desk, warning signs
W.I a detective control
identifies and logs intrusion attempts. System logs
W.I a corrective control
performs an action after detection of an intrusion. eg restore backups
W.I a compensating control
temporary non-comprehensive correction to an intrusion eg block instead of patrch
W.I directive control type
direct a subject to more secure procedure file storage policy
W.I non-repudiation
proof of integrity and proof of origin
W.I the CIA (AIC) triad
Availability, integrity (messages cannot be modified without detection), confidentiality (only authorized users see this data)
how do you get proof of integrity
use a hash
how do you get proof of origin
use a digital signature with a private key which is decrypted using a public key
W.I authentication
prove who you are
W.I authorization
what do you have access to
W.I accounting
resources used
how do you authenticate a system?
with a certificate
what is the data plane?
process the frames packets and network data.
what is the control plane?
manages the actions of the data plane, define policies and rules, determines how packets should be forwarded.
W.I adaptive identity
consider information other than Authentication information. eg location relationship to organization. Then if needed create stronger authentication
W.I threat scope reduction
decrease possible entry points
W.I security zone
the path of connection
W.I policy enforcement point
gatekeeper of resources
policy decision point
decider in policy enforcement point
W.I. change management
policies for making changes to a system
W.I. Public key infrastructure(PKI)
policies procedures, hardwar, software, people associated with certificates
W.I. out of band key exchange
exchange not over internet
W.I. secure enclave
a protected area for secrets. can be a separate CPU
What features does a secure enclave have?
own boot ROM, monitors system boot, true RNG, real-time memory encryption, root cryptographic keys, AES encryption in hardware
W.I. steganography
information is hidden inside of other data
W.I. data masking
hiding part of the information
W.I. a wildcard certificate
1 certificate for man devices using the same domain name
W.I. certificate revocation list
a list of certificates you no longer wish to use maintained by certificate authority
W.I. online certificate status protocol (OCSP)
scalable OSCP checks
name types of threat actors
Nation state, unskilled, hacktivist, insider threat, organized crime, Shadow IT
W.I. a watering hole attack
attacker corrupts a 3rd party resource you intend to use
W.I. a memory injection attack
injecting malicious code into an other process so that it executes from a legitimate process.
W.I. a buffer overflow attack
modifying a variable to use more memory than expect to modify an other variable
W.I. a race condition
a variable is used for a process but while its being used it is modified by an other process
W.I. a malicious update attack?
malware embedded in an update or when you install a fake update
W.I. a cross site scripting attack?
executing code inside a legitimate site
W.I. dns poisoning/ spoofing
modification of the host files on a dns server which allows the modification of the response that is sent to requests
W.I. domain hijacking
gain access to the full qualified domain name
URL hijacking
using URL that is very close to the legitimate site
