Security+ Test Study Flashcards

1
Q

What are the four security control categories?

A

Technical, Managerial, Operational, and Physical.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are Technical controls?

A

Controls implemented using some type of technical system, for example, setting up policies and procedures in an OS that would allow or disallow different functions from occurring. Firewalls, anti-virus, and other similar software fall under this category.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are Managerial controls?

A

A series of policies that explain to end users the best way to manage their computers, data, or other systems. A security policy document or manual is an example of this.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are Operational controls?

A

Controls implemented and/or made by people . Security guards, awareness programs, and posters are all examples of this.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are Physical controls?

A

Controls that limit physical access to a building, room or device. Locks, fences, and badge readers are examples of this.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are the six security control types?

A

Preventive, Deterrent, Detective, Corrective, Compensating, and Directive.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is a Preventive control type?

A

A control type that block access to a resource.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is a Deterrent control type?

A

A control type that discourages an intrusion, but does not directly prevent access.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is a Detective control type?

A

A control type that identifies and logs an intrusion attempt.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is a Corrective control type?

A

A control type that applies a control after an event has been detected.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is a Compensating control type?

A

A control type that uses other means instead to compensate for what was originally intended (Plan B).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is a Directive control type?

A

A control type that directs a subject towards security compliance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

A firewall is an example of what control category and type?

A

Technical Preventive

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Being informed you may receive a demotion for not following policy is an example of what control category and type?

A

Managerial Deterrent

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Guards patrolling a property is an example of what control category and type?

A

Operational Detective

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

A fire extinguisher is an example of what control category and type?

A

Physical Corrective

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Requiring multiple security staff is an example of what control category and type?

A

Operational Compensating

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Compliance policies is an example of what control category and type?

A

Managerial Directive

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

An on-boarding policy that states what you can and can’t do with company equipment is an example of what control category and type?

A

Managerial Preventive

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

A splash screen issuing a warning is an example of what control category and type?

A

Technical Deterrent

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Reviewing printed out login reports is an example of what control category and type?

A

Managerial Detective

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Contacting the authorities after an incident has occurred is an example of what control category and type?

A

Operational Corrective

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Utilizing a power generator is an example of what control category and type?

A

Physical Compensating

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Having staff undergo security policy training is an example of what control category and type?

A

Operational Directive

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

A guard shack set up outside of the entrance to a building is an example of what control category and type?

A

Operational Preventive

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

A door lock is an example of what control category and type?

A

Physical Preventive

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

A reception desk at the entrance of a building is an example of what control category and type?

A

Operational Deterrent

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Warning signs are an example of what control category and type?

A

Physical Deterrent

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Motion detectors an example of what control category and type?

A

Physical Detective

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Writing out policies for how staff are to report issues after an issue has occurred is an example of what control category and type?

A

Managerial Corrective

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

A backup recovery on a computer is an example of what control category and type?

A

Technical Corrective

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

Having system logs on your computer is an example of what control category and type?

A

Technical Detective

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

A sign that reads, “Authorized Personnel Only” is an example of what control category and type?

A

Physical Directive

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

Separating duties to multiple staff members is an example of what control category and type?

A

Managerial Compensating

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

Blocking an incomplete application on a system instead of patching the application is an example of what control category and type?

A

Technical Compensating

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

File storage polices on an OS is an example of what control category and type?

A

Technical Directive

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

What is the CIA Triad?

A

A combination of principles concerning the fundamentals of security; Confidentiality, Integrity, and Availability.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

In the CIA Triad, what is Confidentiality?

A

Ensures that information being exchanged is confidential or private. The concept includes the prevention of disclosure of information to unauthorized individuals or systems. This is achieved through encryption, two-factor authentication, and access controls.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

In the CIA Triad, what is Integrity?

A

Ensures that information stored or sent to someone else will stay the same while in transit or while it’s saved. This is achieved by hashing, digital signatures, certificates and non-repudiation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

In the CIA Triad, what is Availability?

A

Ensures that all of your systems and networks remain up and running. This is achieved through redundancy, fault tolerance, and patching.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

How does encryption ensure confidentiality is achieved in the CIA Triad?

A

Messages are encrypted so that only certain people can read it. If someone receives a message without the means to decode it, they are out of luck.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

How does two-factor authentication ensure confidentiality is achieved in the CIA Triad?

A

Two-factor authentication requires an additional confirmation of who the person receiving the information is before access is allowed. If they cannot provide this, access is not given.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

How do access controls ensure confidentiality is achieved in the CIA Triad?

A

Access controls set limits to who has access to certain types of information. A person will not be able to access information if they have not been allowed access in the access controls.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

How does hashing ensure integrity is achieved in the CIA Triad?

A

The person sending the data will create a hash of the data and send you both the data and the hash at the same time. When you receive the data, you’ll perform the same hashing function, and if your hash matches the sender’s hash, then you’ll know the data you’ve received is exactly the same as the data that was sent.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

How do digital signatures ensure integrity is achieved in the CIA Triad?

A

A digital signature takes a hash and encrypts it. If the receiver can decode the digital signature (encrypted hash) AND the data hash, then they know the data is good.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

How do certificates ensure integrity is achieved in the CIA Triad?

A

Certificates identify devices or people sending data from one device to another.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

How does non-repudiation ensure integrity is achieved in the CIA Triad?

A

Non-repudiation provides proof of integrity that proves data originated from an original party.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

How does redundancy and fault tolerance ensure availability is achieved in the CIA Triad?

A

Redundancy and fault tolerance allows for multiple technologies to be in play at once so that if one fails another can take its place.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

How does patching ensure availability is achieved in the CIA Triad?

A

By making sure your systems don’t go down due to software being out of date and failing, you’ll need to constantly make sure your systems are managed and updated by patching them. Patching closes security holes and makes your systems stable.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

What is non-repudiation?

A

The ability to verify whether the information received is from the sender that the information says it’s from. A non-technological example would be like you signing a document. Only you have your own signature, so that adds non-repudiation to the document you’re signing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q

What is proof of integrity?

A

Any data that’s received can be verified that it is the exact same data that was originally sent, and nothing inside of the data has been changed. This can be accomplished by using a hash.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q

What is a hash?

A

A short string of text that can be created based upon data contained within the plain text. Also known as a message digest or a fingerprint. It’s impossible to recover the original message with just the hash.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
53
Q

True or False: If data changes, the hash changes.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
54
Q

What are the downsides of a hash?

A

The downside of a hash is that it only tells you if the data has changed, but it doesn’t tell you who changed it. Hashes are not associated with individuals.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
55
Q

What is proof of origin?

A

An additional level of integrity that verifies the individual who sent you the data by providing a digital signature from the sender. Anybody can see the signature, but only the signer has the private key. The receiver uses a public key that anybody can get to examine the digital signature, decrypt it, and verify that the hash of the plain text has not been altered.
A digital signature is created with a private key that’s shared, and verified with a public key, the opposite of the process of encrypting data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
56
Q

What are the three A’s in the AAA framework?

A

Authentication, Authorization, and Accounting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
57
Q

What is Authentication?

A

The check between your username, your password, and any other authentication factors. It proves we are who we say we are.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
58
Q

What is Authorization?

A

What type of access one has after they’ve proven who they are through identification and authentication.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
59
Q

What is Accounting?

A

A log of who has logged in, sent and received data, and logged out.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
60
Q

What is Identification?

A

Who you claim to be. This is usually a username.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
61
Q

Briefly explain how The AAA Framework works

A

Here’s how it works: You’re trying to access an internal file server remotely, one that’s on the other side of a VPN concentrator. You try to access the file server, and the VPN concentrator prompts you to authenticate. Now, the VPN concentrator itself doesn’t store your authentication credentials, but it does have access to a AAA server that does, so when you put in your credentials, the VPN concentrator asks the AAA server if what you put in matches info already put into the database. If it does, you’re approved and you can access the file server.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
62
Q

What does someone do if someone is trying to authenticate but there is no end user to physically type in a password?

A

We do this by putting a digitally signed certificate on the device so that firewalls and VPNs can recognize the device as one that is owned by the organization. Management software can validate the end device.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
63
Q

How do you make device certificates?

A

You can make device certificates by utilizing a CA (Certificate Authority). Most organizations maintain their own CAs. They’re usually a type of software. The organization creates a certificate on the device and then digitally signs it. The digital signature validates the certificate. It’s like a software version of an asset tag, and allows only certified devices to access certain things.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
64
Q

What is an authorization model?

A

Also called an abstraction. The model used to give groups of users specific rights and permissions to different data. (Bruh, it’s just OUs).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
65
Q

What is gap analysis?

A

A study of where we are versus where we would like to be. It requires research and consideration of many different IT and security factors in order to close that gap and make sure everything is completed without tripping over itself.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
66
Q

What are the four gap analysis strategies?

A

-Work towards a known baseline, or internal set of goals
-Get a baseline of employees, their experience, training and knowledge
-Look at what your currently have IT wise, and compare and research better alternatives
-Create a final document that summarizes everything you’ve discovered, how much time, money, and change control it’s going to take, a formal description of the current state, and how to get to the established baseline. This is called a Gap Analysis Report.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
67
Q

What is zero trust?

A

A holistic approach to network security that covers every device, process and person. You have to authenticate every time you want to gain access to a particular resource.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
68
Q

Explain the concept of planes of operation.

A

Having your network split into functional planes. A common practice is splitting your network into a data plane (the plane that includes all of your data processing, forwarding, trunking, encrypting, NAT, etc.) and the control plane (the plane that manages how that data is moved and forwarded). Think of it this way: On a switch, you have your ports that process and move data from one place to another, and that’s your data plane, but that switch is also configured to know how that data is supposed to move and has specific network address settings, and those ports are configured to do so. That’s your control plane.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
69
Q

What is adaptive identity?

A

Where you examine the identity of an individual and apply security controls based on other factors than just what the end user told you, such as the end user’s physical location, their relationship to the organization, their type of connection, and their IP address.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
70
Q

What is threat scope reduction?

A

Limiting how many places can be used to get into the network, such as only allowing people in the building access, or only allowing access to the network via a specific VPN.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
71
Q

What is policy-driven access control?

A

Combining adaptive identity with a predefined set of rules to determine if the person trying to log in is really that person.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
72
Q

What are security zones?

A

Examines where you’re connecting from to where you’re connecting to to determine what devices can be trusted to connect to the network. They will allow devices connecting from a trusted zone and disallow devices connecting from an untrusted zone.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
73
Q

What is PDP?

A

Policy Decision Point: (PDP) A policy engine and policy administrator working together to determine whether traffic supplied by the PEP can be allowed or disallowed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
74
Q

What is PEP?

A

Policy Enforcement Point: (PEP) The gatekeeper that all network traffic goes through. Can be one device or multiple devices working together checking different policies on things.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
75
Q

What is a policy engine?

A

Thing that looks at all of the requests that are coming through the network, examines each request, compares it to a set of predefined security policies, and then makes a decision on whether the request is granted, denied, or revoked.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
76
Q

What is a policy administrator?

A

Takes the decision made by the policy engine and provides that information to the PEP.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
77
Q

What are barricades and bollards?

A

Allow people access by channeling them to a specific point, but prevent vehicles.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
78
Q

What is an access control vestibule?

A

A place people have to go into first before accessing another part of the building. Opening one door causes another one to lock, or vice versa.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
79
Q

What is fencing?

A

….It’s a fence, dude. I don’t know what to tell you.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
80
Q

What is video surveillance?

A

Or CCTV. Security cameras that watch areas to see if unauthorized people are gaining access. Can have motion or object detection.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
81
Q

What are guards?

A

A person physically protecting something at the reception area of a facility. They also validate the identification of existing employees.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
82
Q

What is two-person integrity/control?

A

Two guards working together for security. Sometimes jobs are divided between the two so that no one person has access to everything.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
83
Q

What are access badges?

A

Badge that identifies you. Has your picture, name, and other details printed on it, must be worn at all times, and is sometimes electronically logged.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
84
Q

How does lighting enhance security?

A

More light means more security. Attackers avoid the light, so keep your entrances well lit for both guards and cameras.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
85
Q

What are infrared sensors?

A

A common sensor found in motion detectors that detect infrared radiation in both light and dark rooms.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
86
Q

What are pressure sensors?

A

Detects a change in force in a room.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
87
Q

What are microwave sensors?

A

Similar to infrared sensors, but utilized in large rooms.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
88
Q

What are ultrasonic sensors?

A

Detect motion and collision through ultrasonic sound waves reflected off of surfaces.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
89
Q

What is a honeypot?

A

Setting up a fake system to attract a bad guy, monitoring how they are attempting to override your fake system, and then recording their methods to implement securities on your real system. Tricking evil Winnie the Pooh and trapping him.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
90
Q

What is a honeynet?

A

A bunch of honeypots networked together. Very sticky.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
91
Q

What is a honeyfile?

A

A fake file with fake information to attract a bad guy. An alert is sent once the file is accessed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
92
Q

What are honeytokens?

A

A bit of traceable data added to your honeynet. If data is stolen and shared, you will be notified and can trace it to who stole it.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
93
Q

What is change management?

A

Or Change Approval Process. The formal process an IT administrator goes through to ensure that a change to the systems goes through properly and without messing anything up.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
94
Q

What are the basic best practices of change management?

A

Have clear policies that include the frequency, duration, installation process, and rollback procedures should they not work, of updates and changes to your systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
95
Q

What are the seven steps of the change control process?

A

-1) Fill out an approval process request form.
-2) Explain what the change is and why it’s being implemented.
-3) Identify the scope of the change, or how big this change will be.
-4) Schedule a date and time for the change to take place.
-5) Determine the affected systems and the impact on those systems.
-6) Analyze the risk associated with the change.
-7) Get approval from the change control board to go ahead with the change.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
96
Q

In terms of change management, what is ownership?

A

The individual or entity who discovers a change needs to be made. For example, the head of Shipping and Receiving gets a notification on his computer saying all of the departments’ address label printers need to be updated. Shipping and Receiving owns this process, but it’s the IT department that will actually be making this change.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
97
Q

What are stakeholders?

A

Individuals or departments that will be impacted by the change you’re proposing. They’re going to want input on the change management process, and some type of control over when the change occurs. Take into account who all is going to be impacted by the change. Look beyond the immediate impact and look through the whole process.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
98
Q

What is impact analysis?

A

Determining what sort of risk is going to be involved when a change is made, i.e., fixes that don’t fix anything, fixes that break something else, OS failures, etc.
Alternatively, it could also mean what risks are going to be involved if a change is NOT made, i.e., security vulnerability, application unavailability, or unexpected downtime. Risks can be high, medium, or low.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
99
Q

What is sandbox testing?

A

An environment set up to test changes that has no actual connection to the real world or your production systems. A technological safe space. A place to test and confirm before deployment. Also a really good place to test your backout plan.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
100
Q

In terms of change management, what is a backout plan?

A

A plan to back out of an implemented change should things go wrong and mess up your systems. Always have a way to revert to your original settings before the change was implemented. Always have backups.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
101
Q

What is a maintenance window?

A

When the best time would be to implement a change, that would have as little impact on production as possible.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
102
Q

In terms of change management, what should be included on your company’s intranet?

A

Standard operating procedures should be available on your company’s intranet, along with any and all well documented change processes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
103
Q

What is an allow list?

A

Nothing runs unless it’s approved. Very restrictive.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
104
Q

What is a deny list?

A

Everything runs unless it’s denied. Very flexible.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
105
Q

True or False: Anti-Virus programs are basically really big deny lists.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
106
Q

In terms of the change control process, what are restricted activities?

A

In the change control process, this is a specified list of things you can actually do during the change window to implement the change. You can’t do anything outside of this scope unless change management says so. Scope can be expanded and approved as the change progresses.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
107
Q

What is downtime?

A

The time during a change in the change control process where services are unavailable because of the change, usually scheduled during non-production hours.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
108
Q

What is the best practice to implement if there is no way to prevent downtime during a change control process?

A

If there’s no way to prevent any downtime in your organization while making a change, try switching users to a secondary system, upgrading their primary systems, and then switch them back.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
109
Q

What are service restarts?

A

Usually, after a change is made to systems, you’ll need to restart either the service, the application, the OS, or the whole system in order for the change to start working.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
110
Q

What are legacy applications?

A

Applications that have been running in the organization for a long, long time and are probably no longer supported by the developer. Be careful with deleting or changing these because there may not be a way to bring them back. Document how they’re installed and hang onto it in case a change needs to be made.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
111
Q

What are dependencies?

A

Applications or services dependent on another in order to run. Changes will need to be made to one application or service before you’re able to install or update another application or service. It’s a pain.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
112
Q

In terms of the change control process, what is documentation?

A

It’s difficult to keep up with all of the changes that are made in an organization so document EVERYTHING and keep it up to date. Stay organized. It will save you headaches in the future. Update your diagrams and IP addresses. Rewrite your processes and procedures and keep them handy.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
113
Q

What is version control?

A

Keeping track of changes to a file or configuration of data over time. If a file updates, save the previous version before upgrading to the new so you’ll have a backup of the old on hand in case something goes wrong.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
114
Q

What is PKI?

A

Policies and procedures that are responsible for creating, distributing, managing, storing, revoking, and performing processes associated with digital certificates.
PKI used as a verb means to associate a certificate to people or devices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
115
Q

What is symmetric encryption?

A

A single, shared key. You encrypt data with the key and decrypt data with the key. If the key gets out, you’ll need another key. Also known as a secret key algorithm or a shared secret. It doesn’t really scale very well because it’s only one key shared between a bunch of people. It is very fast, however.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
116
Q

What is asymmetric encryption?

A

Public key cryptography. Two (or more) mathematically related keys. You encrypt data with one key and decrypt data with a different key. Both keys are made at the same time so they mathematically understand one another. One of the keys made is the private key (the one that is not shared) and the other is made to be the public key (the one that is shared to other people). The private key is the only key that can decrypt data encrypted with the public key, making all data encrypted with the public key safe from encryption except from one source.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
117
Q

True or False: You can derive the private key from the public key.

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
118
Q

What is key escrow?

A

Someone else holding onto your decryption keys, either within your organization or with a third party.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
119
Q

What is data at rest?

A

Data that’s stored on storage devices such as SSDs, hard drives, USB drives, cloud storage, etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
120
Q

What are two examples of full-disk and partition/volume encryption software?

A

BitLocker (Windows OS) and FileVault (Mac OS).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
121
Q

True or False: You can encrypt individual files on Windows using EFS (Encrypting File System), and other OSs using other third party utilities.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
122
Q

True or False: Data used online is stored in a database.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
123
Q

What is transparent encryption?

A

Symmetric key encryption for databases. Things have to be unlocked every time data is pulled from the database.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
124
Q

What is record-level encryption?

A

Data in a database that’s encrypted at the record level while everything else is public. For example, names in the database are decrypted, but SSNs are encrypted.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
125
Q

What is transport encryption?

A

Protecting data as it crosses the network. This is done by browsers using secure ports such as HTTPS that encrypt data as it crosses the network. VPNs are another example, either site to site VPNs using IPsec, or client based VPNs using SSL/TLS.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
126
Q

What are algorithms?

A

The formula used to encrypt and decrypt data. Both sides of the data decide on the algorithm being used before data is encrypted. The details are often hidden from the end user, however. You’ve gotta encrypt and decrypt with the same algorithm, or it won’t work.
There’s very little that isn’t known about the cryptographic process. The algorithms being used are usually known entities. The only thing that isn’t known is the key. In other words, just by knowing the mathematical process of how an algorithm creates a key, doesn’t allow you to know how to reverse engineer the key itself.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
127
Q

True or False: Keys are not subject to brute-force attacks.

A

False. Keys are subject to brute-force attacks, however. This is why key length is important. The longer the key, the harder it is to brute-force guess what it is.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
128
Q

What is key strengthening?

A

Also known as key hashing or key stretching. The process of making your key stronger by hashing the hashes of your password multiple times. The hash of a hash of a hash of a password is difficult to brute-force.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
129
Q

What is key exchange?

A

Sharing an encryption key across an insecure medium.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
130
Q

What is out-of-band key exchange?

A

Using other means than the internet to share an encryption key. Telephone, using a courier, handing it off in person, etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
131
Q

What is in-band key exchange?

A

Sharing an encryption key on the network and protecting the encryption with additional encryption.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
132
Q

What are session keys usually used for?

A

Session keys are usually used for temporary services.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
133
Q

Briefly explain how to create a symmetric key using public key cryptography.

A

Bob on his computer has a private and public key. Alice on her computer also has her own private key and public key. Bob shares his public key with Alice, and Alice shares her public key with Bob. Together, combining their own private key with each other’s public key, they’ve created an identical symmetric key that both of them now have.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
134
Q

What is TPM?

A

Trusted Platform Module. Cryptography hardware on a device. Contains a cryptographic processor, a random number generator, key generators, and both persistent memory with unique keys burned in during manufacturing, and versatile memory for storing all the keys you make with the hardware.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
135
Q

What is HSM?

A

Hardware Security Module. A standalone device whose sole purpose is to provide cryptographic keys to many devices in large environments. It securely stores thousands of cryptographic keys.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
136
Q

What is a key management system?

A

A centralized console that keeps track of all of your different keys for all of your different servers, users, and devices. Logs key use and other important events.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
137
Q

What is a secure enclave?

A

A security processor built into the systems we use.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
138
Q

What is obfuscation?

A

The process of making something unclear and more difficult to understand.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
139
Q

What is steganography?

A

Hiding information inside of an image, TCP packets, audio files, video files, and invisible watermarks on printed pages. Security through obscurity. Can be reverse engineered if you figure out how it was hidden.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
140
Q

What is tokenization?

A

Replacing sensitive data sent across the network with a non-sensitive placeholder. The number is replaced with a nonsense number while being sent and then decrypted to the actual number on the other end. Used during credit card purchases.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
141
Q

True or False: If you use tokenization, you don’t need to encrypt or hash your data because the only thing that will be intercepted is nonsense.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
142
Q

What is data masking?

A

Hiding some of the original data. Where all but the last four digits of your credit card number are replaced with asterisks on receipts and things like that.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
143
Q

What is a hash?

A

A short string of text that can be created based upon data contained within the plain text. Also known as a message digest or a fingerprint.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
144
Q

True or False: If data changes, the hash changes. It’s possible to recover the original message with just the hash.

A

False. If data changes, the hash changes. It’s impossible to recover the original message with just the hash.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
145
Q

What is salting?

A

Random data added to a password when hashing that password, making a different hash for the password when stored. For example, the password ‘dragon’ has its own unique hash, but the password ‘dragon +r4$x’ has a different hash, but is still able to be deciphered when the password is looked at in plain text. The +r4$x is known to the user to be the salt.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
146
Q

True or False: Digital signatures do NOT encrypt any data being sent. They only include a hash as an attachment to the message that can be verified by the receiver that the data hasn’t been altered.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
147
Q

What is a blockchain?

A

A distributed ledger for anyone to be able to see that keeps track of transactions. If you are involved in a blockchain, you are notified of any and all changes. The transaction is then added to a new block of data containing other recently verified transactions. A hash is added to the block of data and the block is completed so that if data is changed, everyone looking at it will know.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
148
Q

What is a digital certificate?

A

A file that contains both a public key and a digital signature. Think of it as a digital version of an ID card. It’s a way to provide trust and for them to say that the person is who they actually say they are in authentication, and allow them access to things they previously did not have access to.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
149
Q

What is a web of trust?

A

Rather than a centralized certificate authority verifying digital certificates, multiple individuals are instead signing each other’s certificate. Friends trusting friends.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
150
Q

What is X.509?

A

Standard web browser certificate format that everyone can read.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
151
Q

What is a root of trust?

A

A third party vouching for a site or resource that we can always trust. Certificate Authorities (CAs) can be Roots of Trust as well.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
152
Q

What is a certificate authority?

A

A trusted entity that issues digital certificates. These certificates are used to verify the identities of individuals, organizations, or devices in the context of secure communication over a computer network. When two parties communicate securely using encryption, the recipient can verify the sender’s identity by checking the digital signature on the sender’s certificate. To establish trust, major web browsers and operating systems come preloaded with a list of trusted root certificates from well-known and reputable CAs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
153
Q

What is CSR?

A

The process of creating a certificate for your web server, sending that certificate to a certificate authority to be validated, having them digitally sign it, and then sending it back to you. You create a public key, add the identifying information about what server it’s connected to and info about your organization, you send it off to the CA, they validate it with their private key, and then send it back to you complete.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
154
Q

What are CRLs?

A

A list of digital certificates that have been revoked by the issuing Certificate Authority (CA) before their scheduled expiration date. When a CA issues a digital certificate, it includes an expiration date. However, certain events may lead to the need for revocation before the certificate’s expiration, such as the compromise of the private key associated with the certificate, the compromise of the CA itself, or other security-related concerns.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
155
Q

What is a self-signed CA?

A

You can have your own in-house Private CA for large organizations all running internal software that needs to be trusted.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
156
Q

What are wildcard CAs?

A

When you click the lock icon on a web browser and look at the subject alternative names, you’ll see a list of names with an asterisk next to them. These are the lists of domains that are allowed to use that CA. As long as your device is associated with one of the listed domains, it can use that CA.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
157
Q

What is OCSP?

A

Online Certificate Status Protocol. A protocol that lists the status of its certificate onto the web server itself.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
158
Q

What are threat actors?

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
159
Q

What are the three important attributes to nail down when identifying a threat actor?

A

1) Are they internal or external
2) How much funding/resources do they have
3) What’s their level of sophistication/capability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
160
Q

What is a nation state threat actor?

A

A threat actor external to your organization associated with a government or national security of that government. They could have many motivations for attacking you, with lots of sophistication, capability, and resources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
161
Q

What are unskilled attackers?

A

Basically the opposite of a Nation State. Low skill, resources, and capability. Motivated by causing disruption and general chaos. They usually run pre-made scripts to attack your organization without really knowing how any of it works. Anyone can do this. Can be internal or external.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
162
Q

What is a hacktivist?

A

A hacker with a purpose. Motivated by an opposing philosophy, revenge, general disruption, etc. Often an external entity, but can sometimes be an insider threat. Can be quite sophisticated, using very specific attacks. They know what they’re doing, however, funding is usually low.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
163
Q

What is an insider threat?

A

A threat from the inside of your organization. Someone on the outside can squeazel their way in and then betray you. Motivated by revenge and financial gain. In this circumstance, your organization is their funding. They have institutional knowledge, and know what vulnerable systems to hit.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
164
Q

What is organized crime?

A

Mnyaah, see? Professional criminals motivated by money, almost always an external enemy. Very sophisticated, seeing as their hacking is the best money can buy. They are organized in that one person hacks, another exploits, another person sells data, and another handles customer support.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
165
Q

What is shadow IT?

A

Someone who works in your IT department and has found a way around your security and policies. Limited resources, they can only afford what you pay them, and medium sophistication. They may know a thing or two, but they don’t know everything.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
166
Q

What is a threat vector?

A

A method that an attacker uses to gain access to your systems. Also called ‘attack vectors’.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
167
Q

What are message-based vectors?

A

Using email, SMS, and instant messaging to send you malicious links to get you to download malicious software or gain access to your systems. Basically, phishing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
168
Q

What are image-based vectors?

A

Attackers using SVG (Scalable Vector Graphic) image formats that utilize XML files that describe the image and allows the attacker to embed other information within the XML. An attacker can put information within the image description that would then run inside of your browser.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
169
Q

What are file-based vectors?

A

Files that run on your computer that attackers can use to gain access to your files. The most easily recognizable are exe executable files, but .pdfs, ZIP, RAR compression files, add-ins, file extensions, and Microsoft Office documents are also used to instigate an attack.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
170
Q

What are voice call vectors?

A

Phishing over the phone. Someone on the other end of a phone trying to get you to give up valuable information. A wide scale version of this is called war dialing. They also attempt to DoS your systems by call tampering, and spam over IP.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
171
Q

What are removable device vectors?

A

Using a USB drive to get into systems and get or disrupt information. Fun fact: USB drives can be modified into appearing to your computers as keyboards and can automatically begin typing things onto your screen.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
172
Q

What is a client-based vulnerable software vector?

A

Security issues and vulnerabilities within software that has not been properly updated.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
173
Q

What is an agentless vulnerable software vector?

A

Security issues and vulnerabilities within software on a server that is distributed to client devices that have not been properly updated.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
174
Q

What are unsupported system vectors?

A

Systems within your network that are no longer able to receive upgrades or patches to prevent attacks, and are therefore vulnerable within your network. Example, outdated operating systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
175
Q

What are unsecure network vectors?

A

Attackers using outdated, un-upgraded, or rogue wireless, wired, and Bluetooth connections to gain access to systems on your network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
176
Q

What are open service ports?

A

An unsecure port that can be utilized by an attacker to gain access to the systems on your network. The more services you install, the more open ports and potentially the less secure a system might be. Use firewalls.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
177
Q

What are default credentials?

A

The default username and passwords on your network devices when you first get them. Change them so they won’t be utilized by an attacker!

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
178
Q

What are supply chain vectors?

A

Third parties gaining access to your systems through established infrastructure in equipment, using an authorized vendor program to jump to an unauthorized system, and the utilization of counterfeit networking equipment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
179
Q

What are MSPs?

A

Managed Service Providers: Third parties that you are paying to manage your equipment and systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
180
Q

What is phishing?

A

Communication method used to make you think something is real when it really isn’t in order to steal data or make your infrastructure vulnerable. Example: texts with dubious links, suspicious emails from unknown senders, and fake websites that look like real websites.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
181
Q

What is typosquatting?

A

A fake URL that’s very similar to the real one that attackers use to trick people into clicking dubious links.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
182
Q

What is pretexting?

A

The attacker lying to you and creating a dramatic situation to get your information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
183
Q

What is vishing?

A

An attacker lying to you over the phone to get your information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
184
Q

What is smishing?

A

SMS phishing. An attacker lying to you through text to get your information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
185
Q

What is impersonation?

A

An attacker pretending to be someone of importance that you should listen to (a boss, an authority, someone from the help desk, or a third party account holder) in order to get information from you.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
186
Q

What is identity fraud?

A

An attacker pretending to be you to use and waste assets that are already yours.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
187
Q

What is a watering hole attack?

A

An attacker, who cannot gain access to your network by conventional means, “poisons” a third party website that all of your employees visit, thus getting a foot in the door, and attacking your network indirectly.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
188
Q

What is defense-in-depth?

A

Having multiple layered contingencies to protect your systems, employing the use of a firewall AND an IPS AND antivirus software all working at the same time.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
189
Q

What is misinformation/disinformation?

A

Giving, either deliberately or not, the wrong information. Creates confusion and division. Usually given on a large scale by influence campaigns, nation-state actors, and advertising on social media to sway public opinion.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
190
Q

What are the five steps of the Misinformation Process?

A

1) Create fake users
2) Create content on the fake user account
3) Content is liked and shared
4) Real users share the message
5) Mass media picks up the story

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
191
Q

What is brand impersonation?

A

Attackers pretending to be a well known brand in order to fool people into visiting their fake site and download malware and exfiltrate your information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
192
Q

Briefly explain memory injection.

A

All software runs in memory. Nothing runs on your computer unless it is run through memory and processed on a CPU. By this logic, malware also runs in memory, and has two options to run once it’s inside your PC. It can either run its own processes, or inject itself into a legitimate already running process on your PC. The process of a malware script being inserted into the existing process of other software is called Memory Injection.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
193
Q

What is DLL injection?

A

Dynamic-Link Library Injection. A type of executable on your system that many different processes and applications use. An attacker can insert his malicious DLL into the legitimate DLL by making a path from a storage device to the legitimate DLL and make it part of the process.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
194
Q

What is DLL?

A

Ask AI

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
195
Q

What is a buffer overflow?

A

Where an attacker can write more than what’s expected into a particular area of memory and that additional information that they’re writing overflows into another area of memory. It’s a difficult attack to perform, because additional information written onto an application often causes a system to crash.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
196
Q

What is bound checking?

A

An application developer ensuring that only 8 bytes of data are being written at a time into memory to prevent possible buffer overflow attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
197
Q

What is a race condition?

A

Where two events happen at nearly the same time with an application, and the application doesn’t take into account that the two events are happening simultaneously.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
198
Q

What is a TOCTOU attack?

A

Time-of-check to time-of-use attack. An application checks a system to retrieve information that may be stored. After it retrieves that information, it performs a particular function with a particular value. But sometimes something else happens between the time the application checks the system for the value, and the application actually using the value.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
199
Q

What is a malicious update?

A

An update presented to your application or OS that is not legitimate and contains malicious software within its fake update. Have a good backup and install updates only from trusted sources with digital signatures.

200
Q

What and when is Patch Tuesday?

A

The 2nd Tuesday of every month where Microsoft releases Windows OS updates.

201
Q

What are the two best practices to avoid and prevent a malicious update?

A

Always update all the time as often as you can.
Have a backup of your current OS version all the time.

202
Q

What is code injection?

A

An attacker adding their own code into information that is imputed into an application. Super common, and used in a variety of different applications, such as HTML, SQL, XML, LDAP, etc.

203
Q

What is SQL injection?

A

Structured Query Language Injection. The most common database management system language is SQL. The injection occurs when an attacker puts their own SQL requests into an existing application. The application doesn’t normally allow this because it (should) be performing checks. Usually done within a web browser.

204
Q

What is a good indicator that an SQL injection has occurred?

A

If you see a code that has “1 = 1” on the end of it, that’s a good indication it’s a SQL injection.

205
Q

What is XSS?

A

Cross-Site Scripting. Utilized by JavaScript. An attacker sends a link containing a malicious script to a victim. The victim clicks the link and visits a legitimate website trusted by the victim. But because the attacker provided the link, there’s additional information included with the connection, usually a malicious script running along with the link to the website. That script then sends the victims data (via session cookies, etc.) behind the scenes to the attacker.

206
Q

What is firmware?

A

OS running inside of various hardware (thermostats, fridges, garage doors, etc.) that’s connected to your network (layman definition). It needs to be updated too. Usually, only the manufacturer can update the firmware, but this isn’t always the case.

207
Q

What is EOL?

A

End of Life. When a manufacturer stops selling a product, but will, for a time, continue to support it and provide firmware and security updates to the product.

208
Q

What is EOSL?

A

End of Service Life. When a manufacturer stops selling a product and support and updates are no longer available. It’s time to get something else.

209
Q

In terms of hardware vulnerabilities, what is legacy?

A

Devices that have been on your network for a long time, running older OSs and outdated applications. While they work and don’t cost anything anymore to run, they are vulnerable because they can no longer be updated. If they HAVE to be there, just make sure they have additional security protections.

210
Q

What is a VM escape?

A

When a VM is able to break out of its self-contained system and interact with the host operating system or hardware on the same hypervisor.

211
Q

What is resource reuse?

A

You have a hypervisor managing multiple VMs. Those VMs are sharing RAM. Sometimes information is shared between the VMs via the shared RAM.

212
Q

What is important to know about cloud-specific vulnerabilities?

A

Because Cloud services are available to be accessed by anyone in the world, they are susceptible to multiple kinds of attacks, such as Dos, Authentication Bypass, Code Injection, and Remote Code Execution.

213
Q

In terms of supply chain vulnerabilities, what is service provider vulnerability?

A

If you’re outsourcing the systems you use to a third party, it’s up to them to take care of your stuff. For peace of mind, make sure you have ongoing security audits with your third party provider to make sure they’re protecting your stuff.

214
Q

In terms of supply chain vulnerabilities, what is hardware provider vulnerability?

A

Taking a switch or some other device out of the box, plugging it into your network, and assuming there’s no malicious software on the device. For peace of mind, have close relationships with a small number of vendors, and utilize only them.

215
Q

In terms of supply chain vulnerabilities, what is software provider vulnerability?

A

Downloading an update or patch to a system from a provider you’re not sure you trust (or are not fully familiar with). For peace of mind, download software and firmware updates ONLY from trusted sources, and confirm digital signatures during installation.

216
Q

What are open permissions?

A

Literally leaving unencrypted information just sitting around on the internet somewhere. Attackers just take it.

217
Q

What are unsecured admin accounts?

A

The admin account has a weak or easy to figure out password, leaving your data open and vulnerable. Change your passwords!

218
Q

What are some insecure protocols?

A

Telnet, FTP, SMTP, and IMAP all send their information in the clear, so use the secure versions of these instead.

219
Q

What are open ports and services?

A

You have open ports on your server accessible by others, so implement a firewall to disallow use of specific ports.

220
Q

What is jailbreaking?

A
221
Q

What is sideloading?

A

Downloading a malicious app to your device that can cause a data breach. Always get your apps from the legitimate app stores. Disallow the ability to download an app from anywhere else.

222
Q

What is a zero-day vulnerability?

A

There’s a lot of vulnerabilities that we just don’t know about yet. When an attacker finds one first and they utilize it, that’s known as a zero-day attack. Once it’s known about, it can be patched and stopped.

223
Q

What is malware?

A

Software that’s been installed on your system that’s designed to be malicious.

224
Q

What is ransomware?

A

Malware in which a third party takes your files for ransom and will not give them back unless you comply with their demands.

225
Q

What is a trojan horse?

A

Malware that convinces a user to install by pretending to be legitimate software.

226
Q

What is a botnet?

A

Malware that allows a third party to take control of your system.

227
Q

What are the two best practices to prevent malware?

A

Patch and update your systems! Also, always have a backup!

228
Q

What is a virus?

A

Malware that YOU install, rather than someone finding a vulnerability, exploiting it, and installing it themselves.

229
Q

What is a fileless virus?

A

A virus that does not download its files needed to operate into your systems storage, but rather only operates from your system’s memory. Adds an auto-start to the registry

230
Q

What is a worm?

A

Malware similar to a virus that can move around from system to system without any user intervention.

231
Q

What is adware/spyware?

A

Malware that presents advertising to you and watches where you go on the internet.

232
Q

What is a keylogger?

A

Malware that monitors and stores all of the keys you press.

233
Q

What is bloatware?

A

Additional, usually unnecessary software included on a new device by the manufacturer, and visible when it’s first turned on.

234
Q

What is a logic bomb?

A

A type of malware that waits for a particular event to occur before executing.

235
Q

What is a rootkit?

A

Malware that’s difficult to remove from a system because it disguises itself as a root service or kernel.

236
Q

What does it mean to brute force something?

A

Trying every possible password combination until the hash is matched. Takes a lot of time. Also, literally kicking in a door to a data center.

237
Q

What is RFID cloning?

A

Duplicating an access badge to impersonate a legitimate employee and gain access to where they go.

238
Q

What are environmental attacks?

A

Attacking everything supporting the technology, like, turning off the power or taking out the HVAC.

239
Q

What is DoS?

A

Denial-of-Service. Forcing a service to fail, usually by the service being overloaded and made unavailable for others to use. Most common way to implement this is to make a bunch of bots attack a central point all at once, but it could be as simple as turning off the power.

240
Q

What is Friendly DoS?

A

When someone unintentionally makes a service fail. Oops.

241
Q

What is DDoS?

A

Distributed Denial-of-Service. Remotely controlling bots around the globe on infected computers to do what you tell them to, namely, attacking a central point all at once to overload a system.

242
Q

What is DDoS reflection?

A

A DDOS attack reflected off of another device or service.

243
Q

What is DDoS amplification?

A

A DDOS attack where a small amount of data is initially asked for, but then it amplifies in size significantly once it responds to the requesting device. Usually done over non-authenticated services, such as DNS queries.

244
Q

What is DNS poisoning?

A

Redirecting people to whatever IP address you like by modifying a DNS server, modifying the host file on a client, or by sending a fake response to a valid DNS request.

245
Q

What is an on-path attack?

A

The attacks formerly known as man-in-the-middle attacks. Attackers getting in between two systems and watching, capturing, and modifying the traffic that flows between them. The attacker is “on your path”.

246
Q

What is domain hijacking?

A

Gaining access to a DNS server and making configuration changes by gaining access to the fully qualified domain name in the register used by the DNS server.

247
Q

What is URL hijacking?

A

Redirecting users to a site that is slightly different than the actual URL, and either utilizing the alternative URL to advertise and make money, or redirect traffic for everyone who went there to the URL’s competitor. See Typosquatting.

248
Q

What is wireless deauthentication?

A

A DOS attack where a third party can send specially crafted Wi-Fi management frames to disconnect your station from the wireless network.

249
Q

What is RF jamming?

A

Radio Frequency Jamming. A wireless DOS attack that affects everyone trying to communicate over wireless frequencies. The attacker sends interfering wireless signals so the receiving device can no longer hear good wireless signals. The signals can be legitimate or not.

250
Q

What is ARP poisoning?

A

Address Resolution Protocol poisoning. Also known as IP spoofing. Manipulating where certain devices can send traffic. A local device tries to get out of a network by looking for the router’s IP address, and another device pretends to be that router’s IP address and intercepts the data. Once the device has cached that IP address, it will always send data to it to get out of the network, but it will now be going through the attacker’s computer first before it gets to the router.

251
Q

What is an on-path bowser attack?

A

ARP Poisoning happening on the victim’s computer, where malware on the browser acts as a proxy that redirects traffic before and after it’s sent to the network. Traffic manipulated this way is seen in the clear because it is happening on the same device.

252
Q

What is a replay attack?

A

An attacker gathers information shared across the network and then replays what a user did on their computer to communicate with the server, essentially imitating the victim’s computer. Stop this with encrypting your info end to end.

253
Q

What are cookies?

A

Information stored on your computer by the browser. Used for tracking, personalization, and session management. They are a privacy risk, and contain the valuable Session ID that attackers are eager to get.

254
Q

What is malicious code?

A

Executables, scripts, macro viruses, worms, trojan horses, or any type of malicious software that is used to gain access to a system.

255
Q

What is privilege escalation?

A

A user gaining higher (or just different) levels of access to a system than what’s initially assigned to them. Usually comes about from a hidden vulnerability in an application.

256
Q

In terms of application attacks, what is a forgery?

A

Also known as a One-Click Attack and Session Riding. An attacker takes advantage of the trust that’s already established between a website and a browser. Their goal is to make requests on that trusted website without your consent or knowledge. For example, let’s say you’re logged into a bank website. An attacker creates a funds transfer request and sends the hyperlink to you in an email. Because you’re already logged in to the bank website, clicking the link will unknowingly activate the funds transfer request, and because you’re already authenticated into the site, the request goes forward.

257
Q

What are directory traversals?

A

Web server configuration vulnerability. Allows an attacker to read or write files to a web server that are normally outside the scope of the website’s directory.

258
Q

What’s the motto for cryptographic attacks?

A

When you can’t get the combination (the key), attack the safe (the cryptography).

259
Q

In terms of cryptographic attacks, what is a downgrade?

A

An attack where the attacker forces the systems to use an encryption that’s either not as good or gone completely. SSL stripping is an example of this.

260
Q

In terms of cryptographic attacks, what is a collision?

A

A single hash that is exactly the same across two different plaintexts.

261
Q

Describe the birthday concept in relation to cryptographic attacks.

A

In a classroom of 23 students, what is the chance of two students sharing a birthday? About 50%. For a class of 30, the chance is about 70%. A hash collision is the same hash value for two different plaintexts, so what are the chances of those being the same? Find a collision through brute force.

262
Q

What is spraying?

A

Trying to login with the most popular passwords. If the attacker is unsuccessful, they move onto the next account before getting locked out.

263
Q

What is brute forcing?

A

Trying every possible password combination until the hash is matched. Takes a lot of time.

264
Q

Name a few examples of indicators of compromise.

A

Account lockout, concurrent session usage, blocked content, impossible travel, resource consumption, resource inaccessibility, out-of-cycle logging, published content, and missing logs.

265
Q

In terms of indications of compromise, what is an account lockout?

A

Your credentials aren’t working, or your login attempts have been exceeded and you’re locked out now. Possibly even administratively disabled.

266
Q

In terms of indications of compromise, what is concurrent session usage?

A

The same person logged in in two different locations or systems.

267
Q

In terms of indications of compromise, what is blocked content?

A

Once an attacker has gained access to your system, they want to stay logged in as long as possible, so they block all content that might allow you to patch or update your system so they can stay logged in.

268
Q

In terms of indications of compromise, what is impossible travel?

A

Two logins in two completely different locations in the world.

269
Q

In terms of indications of compromise, what is resource consumption?

A

When an attacker gains access to a system and is in the process of downloading your data, a noticeable spike in bandwidth resources should be visible. This is a good indication you’re compromised.

270
Q

In terms of indications of compromise, what is resource inaccessibility?

A

If a server suddenly conks, or if a section of the network is disrupted.

271
Q

In terms of indications of compromise, what is out-of-cycle logging?

A

When a system patch log occurs outside of the normal schedule.

272
Q

In terms of indications of compromise, what is published/documented content?

A

Your data is now out and available on the internet. You done got got.

273
Q

In terms of indications of compromise, what are missing logs?

A

Deleted log information is an indication that someone is (sloppily) trying to cover their tracks.

274
Q

What is physical segmentation?

A

Devices confined within a specific network that are unable to access other networks because the physical devices between the two networks are not physically connected.

275
Q

What is logical segmentation?

A

Devices ARE connected to the same physical switch, but they are separated on the switch via VLANs.

276
Q

What is an ACL?

A

Access Control List. List that allows or disallows traffic based on IP address, port number, categories of traffic, or even time of day.

277
Q

What is an application allow/deny list?

A

Ensuring only legitimate applications are used on a system. Allow List = Nothing runs unless it’s approved. Deny List = Everything can run except the things denied.

278
Q

What is mitigation?

A

The process of reducing the impact of a security event or a potential security event.

279
Q

What is patching?

A

Keeping your systems up to date by closing up found holes of vulnerability. Do this as often as you can.

280
Q

What is encryption?

A

Having file systems and other specific pieces of data converted into a non-readable hash and no longer in plaintext.

281
Q

In terms of mitigation techniques, what is monitoring?

A

Aggregating information from your devices that is watched by built-in sensors, IPSs, firewall logs, authentication logs, web server access logs, and various others that is consolidated, and sends an alert when something is out of the ordinary.

282
Q

What is least privilege?

A

Setting the rights and permissions of users to the bare minimum of what they can do on a device in your network to prevent possible exploits.

283
Q

What is configuration enforcement?

A

Once someone logs into a system, the system checks to see if they have the most up to date OS upgrades, patches, antivirus software, certificate status, and other security features. It then forces you to install these features or quarantines your device.

284
Q

What is decommissioning?

A

The process and protocols of correctly destroying a storage device.

285
Q

What are some basic hardening techniques?

A

Ensure you’re installing updates, make sure passwords are lengthy and complex, limit what accounts can do, limit network access, and monitor and secure the system with anti-virus software. Disable your ports and protocols. Every open port is a possible entry point. Close everything except required ports. Change your default passwords on network devices and add multi factor authentication. Remove bloatware from new devices, and unused applications from currently used devices.

286
Q

What are some basic hardening techniques that utilize encryption?

A

Ensure file systems are encrypted, either EFS or FDE, and encrypt your network with a VPN.

287
Q

What is EDR?

A

Endpoint Detection and Response. A type of software that can detect threats based upon behavioral analysis, machine learning, and process monitoring. It’s a lightweight agent on the endpoint. Analyses behavior of a threat and is able to detect it again.

288
Q

What is a host-based firewall?

A

Software based firewall that runs behind the scenes on every endpoint. Allows or disallows incoming or outgoing application traffic. Identifies and blocks unknown processes.

289
Q

What is HIPS?

A

Host-Based Intrusion Prevention System. Watches network traffic and alerts and stops attacks.

290
Q

What is IaaS?

A

Using someone else’s hardware to run your application. You’re in charge of all the management, data, software and security of your application. You’re only borrowing the hardware. (sometimes called Haas, hardware as a service).

291
Q

What is SaaS?

A

Everything you want to use is on the cloud and managed by someone else. You are only responsible for the content. Think Gmail. You only provide the content of the emails, but not any of the software, security, or hardware it’s stored on.

292
Q

What is PaaS?

A

Someone on the cloud is providing you with a platform to build what you want. You handle the development of your application with data and content, they provide you with the hardware, software, and security.

293
Q

What is the cloud responsibility matrix?

A

A chart of responsibilities showing who’s responsible for the different aspects of the technologies running in the cloud. Could be based on a contract. Customers are responsible for some, while providers are responsible for others, and sometimes there’s overlap.

294
Q

What is a hybrid cloud?

A

Using a technology that is spread across more than one cloud provider. Some aspects are in one cloud, while some aspects are in another. People using this technology will still have to authenticate to both and server and firewall configurations will have to be set up separately.

295
Q

In terms of cloud infrastructure, what are some considerations for third party vendors?

A

You write an application and put it on the cloud, but you also want to protect it with a firewall from a third party. Managing this firewall is still something you have to do, but it isn’t actually yours, and you’ll have to talk to the third party providing the firewall to make sure everything is kosher. This is done in a Vendor Risk Management Policy.

296
Q

What is IaC?

A

Infrastructure as Code. A way to describe an application instance or a portion of the infrastructure in the cloud, but you’re defining it as code rather than defining it as a particular piece of hardware. Could be written out as code to define what hosts need to be built, the type of web servers that are running on these hosts, and database servers that would also be used in the cloud infrastructure. Easy to write out and modify.

297
Q

What is serverless architecture?

A

An application instance put on the cloud that has no servers. Instead of accessing a single application, you’re accessing individual functions that are handled by that application. Thus, no server is required and no need to worry about a specific OS. You only need to run functions.

298
Q

What are microservices?

A

Instead of having one big application running all of the functions of the application simultaneously, you can have different aspects of the application run on and be supplied by different services still accessible from one client through an API gateway. The API gateway is the glue that makes all the services run when they’re needed. Security for each microservice can be provided individually, instead of security for one big application.

299
Q

In terms of network infrastructure concepts, what is an air gap?

A

Means the devices are physically separate. If an attacker gained access to switch A, they would have no way to access switch B.

300
Q

What are VLANs?

A

Virtual Local Area Network. Segmenting multiple networks (broadcast domains) logically on the same switch.

301
Q

What is SDN?

A

Software Defined Networking. Networking architecture is defined by how the networking devices operate on their planes of operation, and organized accordingly.

302
Q

What are the three planes of operation in networking infrastructure?

A

The three planes of operation for software defined networking are the data, control, and management planes.

303
Q

What is the data plane?

A

Also called the Infrastructure Layer. It’s the plane doing the real work. Switches and firewalls processing network frames, forwarding and trunking and encrypting data as it moves around, etc.

304
Q

What is the control plane?

A

Also called the Control Layer. Manages the actions of the data plane. Has all of the routing, session, and NAT tables.

305
Q

What is the management plane?

A

Also called the Application Layer. Where we as Network admins physically configure and manage all of these network devices.

306
Q

List some of the benefits of cloud-based security.

A

Centralized, costs less, no dedicated hardware you have to support, no data center to secure, and a third party handles everything.

307
Q

List some of the benefits of on-premises security.

A

Everything is local and on you to secure, giving you the freedom and control to protect things exactly how you want it, but it costs more to maintain (being a Tech Director).

308
Q

In terms of infrastructure concepts, what does centralized mean?

A

EVERYTHING is in one location.

309
Q

In terms of infrastructure concepts, what does decentralized mean?

A

Everything is spread out and in different hands and different locations. Most organizations are decentralized, but monitored on a console as if they were centralized.

310
Q

What is virtualization?

A

Running many different operating systems and VMs on the same hardware.

311
Q

What is containerization?

A

Having multiple applications running simultaneously all on one single piece of hardware and one single OS, as opposed to virtualization, where a separate OS is spun up on one VM to run one application.

312
Q

What is IoT?

A

Internet of Things. Devices designed to be integrated into your network and support some of the features and services that you use on a daily basis. Smart things in your home. Lousy at being secure.

313
Q

What are the best practices for maintaining security on IoT devices?

A

Segment the IoT devices from the private network. Keep personal devices and storage systems away from IoT devices, that way if an IoT device is breached, your personal data is not accessible. Use a separate VLAN or guest network for IoT devices.

314
Q

What is SCADA?

A

Supervisory Control and Data Acquisition System. Also known as ICS, Industrial Control Systems. Basically large scale industrial networking. Various building controls talking to one another through the network. Managed usually at one computer.

315
Q

What is RTOS?

A

Real-Time Operating System. An operating system with a deterministic processing schedule. Can take a single process on it and suddenly grab all of the resources of the system and have that process take priority. Found in cars and military equipment. Extremely sensitive to security issues, but difficult to break in.

316
Q

What is an embedded system?

A

Hardware and software designed for a specific function, or to operate as part of a larger system. Created to do only one thing. Traffic light controllers, for example, only do one thing and do it really well. No other functionality in an embedded system.

317
Q

What is high availability?

A

The methods employed to keep a system up and running all the time. The nearly instantaneous and automatic swap between a failed network component and its backup. High Availability nearly always means higher costs, but it’s worth it to keep things running.

318
Q

In terms of infrastructure considerations, what is availability?

A

Ensures that all of your systems and networks remain up and running. This is achieved through redundancy, fault tolerance, and patching. In security, we want our stuff up and running all the time, but only to the right people.

319
Q

In terms of infrastructure considerations, what is resilience?

A

If things happen, how quickly can you recover, based on the damage to hardware, software, or redundant systems. Mean Time to Repair (MTTR).

320
Q

In terms of infrastructure considerations, what is cost?

A

How much money is needed to implement/maintain technology? Is the cost ongoing?

321
Q

In terms of infrastructure considerations, what is responsiveness?

A

How quickly do your services respond.

322
Q

In terms of infrastructure considerations, what is scalability?

A

How big can your technology grow or shrink in capacity based upon what you need at what time.

323
Q

In terms of infrastructure considerations, what is ease of deployment?

A

How easy is it to set up your application and all of its components and get it up and going.

324
Q

In terms of infrastructure considerations, what is risk transference?

A

Making a third party responsible for security, transferring the risk. Example, Cybersecurity insurance.

325
Q

In terms of infrastructure considerations, what is ease of recovery?

A

How quickly and easily can you get back up and going after something happens.

326
Q

In terms of infrastructure considerations, what is patch availability?

A

How often and available are patches for your systems and applications.

327
Q

In terms of infrastructure considerations, what is inability to patch?

A

What do you do if patching isn’t available for some of your stuff? How do you defend and protect your stuff?

328
Q

In terms of infrastructure considerations, what is power?

A

Do you have enough at all the right times? Is it available all the time? Do you have UPSs? Who is your provider?

329
Q

In terms of infrastructure considerations, what is compute?

A

Do you have enough processing power to do the things you want to do?

330
Q

What is device placement?

A

The placement of devices on a network that would best utilize security and logical separation so that all devices are running at maximum efficiency and protection.

331
Q

What are security zones?

A

Instead of separating different devices by IP address, they are separated by use or access type. Each area of the network is associated with a particular zone, such as trusted, untrusted, internal, external, inside, etc. You then allow or disallow traffic to travel between the different zones.

332
Q

What is an attack surface?

A

The combination of potential openings into your network. How does your network look? Are you aware of all of the ways into your network?

333
Q

In terms of securing your infrastructure, what is connectivity?

A

The way in which your devices are connected to one another. Is everything connected to everything? It probably shouldn’t be. If it is, provide encryption.

334
Q

What is an IPS?

A

Watches network traffic and alerts and stops attacks.

335
Q

What is an IDS?

A

Intrusion Detection System. Watches network traffic and only alerts if it finds traffic it doesn’t recognize.

336
Q

What is the difference between the fail-open and fail-close failure modes?

A

Fail-Open: When a system fails, data continues to flow.
Fail-Close: When a system fails, data stops flowing.

337
Q

What is active monitoring?

A

A system is connected inline, and data can be blocked in real-time as it passes by. Example, IPSs.

338
Q

What is passive monitoring?

A

A system is not connected inline, and instead, a copy of the network traffic is examined using a tap or port monitor. Data cannot be blocked in real-time. Example, IDSs.

339
Q

What is a jump server?

A

A server that’s on the inside of a private protected network that provides access to allowed clients on the outside trying to access that network.

340
Q

What is a proxy server?

A

A type of security control that sits between one part of a network and another (or the internet), allowing or preventing certain traffic to traverse the network. Useful for caching information.

341
Q

What is a load balancer?

A

Determines which server to send you to in case one gets too populated, and allows you to scale up or scale down the capacity of each server based on use and have fault tolerance should one server fail.

342
Q

In terms of networking appliances, what are sensors?

A

Aggregate information from network devices. They notify you when something happens or a threshold is reached. Some sensors are built-in, while others are separate devices. Usually integrated into switches, routers, servers, firewalls, etc. Take information and compile a report in a collector (IPS, firewall, SIEM, etc.)

343
Q

What is EAP?

A

Extensible Authentication Protocol. The protocol that 802.1X relies on to have credentials provided to it to allow authentication.

344
Q

What is a WAF?

A

Web Application Firewall. A firewall that applies rules to HTTP/HTTPS conversations. It allows or denies based on expected input, so, for example, it’s mainly looking specifically for things like SQL injections and similar attacks.

345
Q

What is UTM?

A

Unified Threat Management. An all in one security appliance. Contains a firewall, URL filter, malware inspection, spam filter, IDS/IPS, bandwidth shaper, VPN endpoint, and routing and switching capabilities. Usually only operate up to layer 4, and not all of them can run at once. Good idea, but it’s too much.

346
Q

What is a NGFW?

A

Next-Generation Firewall. Firewalls able to filter traffic based upon OSI layer 7 (application layer). Can do a full packet decode of everything moving on the network. IPS built in. Contains content filtering based on URLS of types of sites, for example, it can block all gambling sites if you let it.

347
Q

What is a VPN?

A

Virtual Private Network. Encrypted (private) data traversing a public network. Data meets and flows in and out of a VPN concentrator.

348
Q

What is tunneling?

A

Basically encryption. You have data with an IP header that isn’t encrypted. Putting an IPSec header and trailer and a new IP header on the data allows it to be encrypted and flow to the VPN concentrator.

349
Q

What is IPSec?

A

Internet Protocol Security. Provides authentication (AH, authentication header) and encryption (ESP, encapsulation security payload) for all layer 3 (IP) packets.

350
Q

What protocol does a client VPN use?

A

Client VPNs use SSL/TLS protocols (TCP 443).

351
Q

What is a site-to-site VPN?

A

Used to connect two or more remote networks securely over the internet. It creates a virtual network bridge between the local area networks (LANs) of different sites or offices. The VPN connection is established at the network level, typically between routers or firewalls located at each site. It provides secure and encrypted connectivity for all devices within the connected networks. It is commonly used by organizations to connect branch offices, remote sites, or geographically distributed networks.

352
Q

What is SD-WAN

A

Software Defined Wide Area Network: A WAN built for the cloud. Instead of telling a WAN to connect to a centralized data center, we can tell it to access the data directly inside the cloud. No more accessing Data Centers, you can go directly to the cloud.

353
Q

What is SASE?

A

Secure Access Service Edge. Basically the VPN for cloud services. The next generation VPN that allows us to communicate to web-based applications. Allows different clients (corporate offices, home users, and mobile users) to access cloud services as if it were communicating through a VPN.

354
Q

What is regulated data?

A

Data managed by a third-party which makes the rules on how it should be protected.

355
Q

What is a trade secret?

A

The set of secrets and processes exclusive and unique to an organization. The Krabby Patty secret formula.

356
Q

What is an intellectual property?

A

Data that’s publicly visible, but protected under copyright and trademark.

357
Q

What is legal information?

A

Court records, judge and attorney information, (PII data may be stored differently), and other sensitive details. Usually stored in many different systems.

358
Q

What is financial information?

A

Internal company financial details, customer financials, payment records, credit card data and bank records.

359
Q

What is human readable data?

A

Data that a human can read that’s clear and obvious.

360
Q

What is non-human readable data?

A

Data that a human cannot read, such as encoded data, barcodes, or encrypted images.

361
Q

True or False: All data has the same level of categorization.

A

False. Not all data has the same level of categorization. Different levels require different security and handling, such as additional permissions need to be given, a different process to view the data may be required, or access to specific data will be restricted on the network.

362
Q

What is proprietary data?

A

Any data that an organization owns, or information that they’ve gathered and created into their own set of trade secrets. Data that is the unique property of an organization.

363
Q

What is PII?

A

Personally Identifiable Information. Data that can be used to identify an individual, such as a name, date of birth, mother’s maiden name, and biometric information.

364
Q

What is PHI?

A

Protected Health Information. Health information associated with an individual, their health status, health care records, payments for health care, etc.

365
Q

What is sensitive data?

A

Data that shouldn’t be visible to everyone. Intellectual property, PII, and PHI.

366
Q

What is confidential data?

A

Very sensitive data, must be approved to view.

367
Q

What is public data?

A

Data with no restrictions and anyone can view it.

368
Q

What is restricted/private data?

A

Data that has restricted access that may require an NDA to view.

369
Q

What is critical data?

A

Data that should always be accessible and should never be down.

370
Q

What are the three states of data?

A

Data at rest
Data in transit
Data in use

371
Q

What is data at rest?

A

Data that is on a storage device.

372
Q

What is data in transit?

A

Data that is transmitted across the network.

373
Q

What is data in use?

A

Data actively processing in memory.

374
Q

What is data sovereignty?

A

The idea that data that resides in a country is subject to the laws of that country.

375
Q

What is geolocation?

A

Technology utilized to determine and track where data and people are, for example, GPS, 802.11 data, mobile providers, etc. Can be used to allow access to data based on location (Netflix stopping people from watching things in the US).

376
Q

In terms of how data is protected, what are geographic restrictions?

A

Making policy decisions based upon where the data is located and where the user is located.

377
Q

What is encryption?

A

Encoding information into unreadable data. Can be decrypted.

378
Q

What is hashing?

A

Representing data as a short string of text. Cannot be decrypted.

379
Q

What is masking?

A

Taking original data and hiding only some of it, for example, turning all but the last four digits of your credit card number into asterisks.

380
Q

What is tokenization?

A

Takes sensitive information such as a credit card number used in a purchase, and replaces it with a token number that is completely different when crossing the network. Only a one time use. Nothing is encrypted, but all the numbers are changed on the token.

381
Q

What is obfuscation?

A

Make something normally understandable very difficult to understand. For example, taking perfectly readable code, running it through an obfuscation process, and turning it into complete nonsense. Both work fine, one is just difficult to read.

382
Q

What is segmentation?

A

Separating your data into different segments so if an attacker gets in, they would only get a piece of the info, and not all of it.

383
Q

What are permission restrictions?

A

Controlling access to accounts so that only certain people can access certain data. File permissions.

384
Q

In terms of resiliency, what is high availability?

A

The nearly instantaneous and automatic swap between a failed network component and its backup. High Availability nearly always means higher costs, but it’s worth it to keep things running.

385
Q

What is server clustering?

A

Having multiple servers configured to all work together as one big server. Can be added or removed in real-time as needed. All run the same OS. All use the same shared storage.

386
Q

What is load balancing?

A

Load is distributed across multiple servers, but the servers are unaware of each other. Only the load balancer knows about all the servers. Servers can run different OSs.

387
Q

What is site resiliency?

A

A site recovery plan that requires a separate facility. Another physical site you can go to if there is a problem at your main site.

388
Q

What is a cold site?

A

A separate facility that’s just an empty building. You have to bring all of your equipment, people, and data to the site and set it up.

389
Q

What is a warm site?

A

A separate facility where not everything is there, but some stuff is already set up.

390
Q

What is a hot site?

A

A separate facility that’s just a copy paste of your main facility. Everything is there and ready to go.

391
Q

What is geographic dispersion?

A

Ensuring that your backup site location is far enough away from the disaster at your main site so you can get up and going again.

392
Q

What is platform diversity?

A

Using multiple OSs in your organization to avoid vulnerabilities. If your Windows stuff goes down, you can get it up again on Linux. Don’t just have one OS that everything runs on.

393
Q

What are multi-cloud systems?

A

Same idea as platform diversity. Have multiple cloud providers, plan your backups, and don’t rely on just one cloud provider should something go wrong.

394
Q

What is COOP?

A

Continuity of Operations Planning. What to do after a disaster or incident that keeps work going, even if all the common technology is gone.

395
Q

What is capacity planning?

A

Predicting, calculating, and implementing the supply and demand of your organization to match. If you have too much demand on your systems, there’s slowdowns and outages. If you have too much supply, you’re paying too much for things you don’t need. This needs to be done for three different aspects of your organization, people, technology, and infrastructure.

396
Q

What is recovery testing?

A

Testing certain events and disaster scenarios to see how well prepared you are in case of a catastrophic event.

397
Q

What is a tabletop exercise?

A

Go through the steps as if you were actually doing them with other people at a table. Talk with others and see if the implemented plan actually works.

398
Q

What is a fail over?

A

A test to see if the redundant devices that have been set up actually switch over and work continues in a simulated failure.

399
Q

In terms of recovery testing, what is a simulation?

A

Testing an organization with a simulated event, like a phishing attack, or password requests, or a data breach.

400
Q

What is parallel processing?

A

Split a process through multiple (parallel) CPUs.

401
Q

What is an onsite backup?

A

The backup data and backup media are in your organization. Data is immediately available. Less expensive.

402
Q

What is an offsite backup?

A

The backup data and/or backup media are not in your organization, but stored elsewhere. More expensive, but restoration can be performed from anywhere.

403
Q

What are snapshots?

A

Backing up an entire system with the click of a button at the time the button is clicked. Popular on VMs and cloud services.

404
Q

What is recovery testing?

A

Making sure that the backups you’re making every week/month can actually be used if they need to be.

405
Q

What is replication?

A

An ongoing, almost real-time backup. Data is synchronized in multiple locations.

406
Q

What is journaling?

A

If you’re making a backup, and the power goes out right in the middle of writing the backup, the data is probably corrupted. To avoid this, you can write a journal entry stored on the drive before the backup is initiated. Then, once it’s written, go ahead and make the backup. If the data gets corrupted, you have something to fall back on. Corruptions can be corrected if a hard drive gets corrupted data, but then looks at the journal for all of the corrections.

407
Q

What are generators?

A

Long-term alternative power supply that’s an engine that supplies electricity. You need a place to store your fuel though.

408
Q

What is a UPS?

A

Uninterruptible Power Supply. Provides short term battery backup power in case of a loss of electricity.

409
Q

What is a baseline?

A

The average, normal amount of metrics over a given time in a measured thing that can be compared to the current status of a device. You can check for inconsistencies by comparing your device stats to your baseline.

410
Q

What is an established baseline?

A

A baseline that you either initially set up, or one that comes out of the box from the manufacturer.

411
Q

What is a deployed baseline?

A

You’ve made a list of things you want to deploy for your baseline, and now you’re sending it out. Usually through a centrally administered console.

412
Q

What is a maintained baseline?

A

Keeping your baseline consistent and stagnant. Baselines rarely change, but if they do, test them out and measure them to avoid conflicts and contradictions before you deploy them.

413
Q

What are some basic hardening techniques for mobile devices?

A

Frequently install updates and patches. Segment company data stored on the device. Control with an MDM (mobile device manager).

414
Q

What are some basic hardening techniques for workstations?

A

Frequently install OS, application, and firmware updates and patches (usually automated once per month). Be connected to AD. Remove any and all bloatware.

415
Q

What are some basic hardening techniques for switches and routers?

A

Change the default credentials. Check the manufacturer for patches to the embedded OS and the firmware.

416
Q

What are some basic hardening techniques for cloud infrastructures?

A

Assign least privilege rights. Configure EDR (Endpoint Detection and Response). Always have a backup.

417
Q

What are some basic hardening techniques for servers?

A

Frequently install OS updates, service packs, and security patches. Make sure password lengths and complexities are set. Limit network access (only a few people need access to servers in the first place). Make sure the antivirus is installed.

418
Q

What are some basic hardening techniques for ICS/SCADA?

A

You don’t. There’s very little access from the outside anyway.

419
Q

What are some basic hardening techniques for embedded systems?

A

Keep them up to date, even though updates are rare. Put them on a segmented network.

420
Q

What are some basic hardening techniques for RTOS?

A

Isolate these systems if they aren’t already. Let them run with minimum services.

421
Q

What are some basic hardening techniques for IoT devices?

A

Change the default credentials. Deploy updates as soon as possible. Put them on their own VLAN.

422
Q

What is a site survey?

A

Going around and determining the wireless landscape of a building, getting the number of APs, what their strength is, what frequencies they’re set to, how much coverage they are providing for the building, etc.

423
Q

What is a heat map?

A

Similar to a site survey, but shows you the wireless signal strengths of each AP in real-time.

424
Q

What is MDM?

A

Mobile Device Management: A centralized console that manages company-owned and user-owned mobile devices. Can set policies on what mobile apps can and can’t be used, can remotely access phones, and can partition the device data into segments.

425
Q

What is BYOD policy?

A

Bring Your Own Device Policy. The employee can use their own device for company purposes. Convenient, but difficult to secure and protect data.

426
Q

What is COPE policy?

A

Corporate Owned, Personally Enabled Policy. The company buys the phone, but gives it to the employee to use as both a corporate and personal device.

427
Q

What is CYOD policy?

A

Choose Your Own Device Policy. The company buys the phone, but lets the employee choose which phone it is.

428
Q

Why is it difficult to secure cellular networks?

A

They’re called ‘Cell Phones’ because the antenna frequency transmitted from a tower makes a ‘cell’ area, and phones communicate on that cell. 4G and 5G coverage. It’s hard to secure cell networks because there is frequent traffic monitoring, location tracking, and world wide access to a mobile device. We don’t normally have control of these things.

429
Q

What are two main susceptibilities for wi-fi networks?

A

Susceptible to data capture through on-path attacks, and DoS attacks.

430
Q

What’s a basic rule for securing Bluetooth networks?

A

High speed communication over short distances. Don’t pair with what you don’t know.

431
Q

What is WPA3?

A

Wi-Fi Protected Access 3. WPA with GCMP block cipher mode. PSK is not sent across the network. Nothing to brute force. Each session key is unique, so it doesn’t matter if it’s captured. Very secure.

432
Q

What is RADIUS?

A

Remote Authentication Dial-in User Service. How the teachers at school log in. A centralized database of users and passwords (Active Directory) that allows for authentication into a network. Used by all sorts of devices, very popular.

433
Q

Explain how 802.1X and EAP works.

A

You have a user device, known as a supplicant, trying to talk to the network through an authenticator. The authenticator checks with the authentication server to see if this person is set up. If they are, the authentication server asks the authenticator to ask the supplicant to provide credentials to login to the network. The supplicant provides those credentials and the authenticator checks them against what’s logged in the authentication server. If the credentials are validated, the authenticator provides access to the supplicant. This is how Active Directory and RADIUS work.

434
Q

In terms of application security, what is input validation?

A

Basically editing application code. Application developers perform input validation when information is going into their application. It ensures that any unexpected data that’s put into one of those inputs will not be interpreted by the application. They check to see what they’ve put into their apps matches what’s actually supposed to go in there.

435
Q

What are secure cookies?

A

Cookies are bits of data about your web sessions that’s stored on your computer by a web browser. Secure cookies only send that data over HTTPS so it’s secure.

436
Q

What is static code analysis?

A

A method application developers use to test the security of their applications. They put their code through a static code analyzer and the analyzer checks it for buffer overflows and database injections.

437
Q

What is dynamic analysis?

A

Fuzzing. Fuzzing is designed to send a random input into the code of an application (fault-injecting) and see if it responds in an unexpected way.

438
Q

What is code signing?

A

Validating that the code you’re about to run on your computer for an application is the same code that was made by the developers. Code is digitally signed by the dev, like a CA.

439
Q

What is sandboxing?

A

Running code in an isolated environment to make sure it works and won’t infect anything if it’s corrupted. Commonly used during development.

440
Q

In terms of application security, what is monitoring?

A

The developer built in a real-time monitoring software into the application to watch its use, see if any attacks are occurring, and gain data on how it’s used.

441
Q

Explain the Acquisition/Procurement Process.

A

A user wants something and asks IT for it. IT (or the purchasing committee) looks at what they want to buy and analyzes the budget to see if they can buy it. If they can, management, IT, and/or the purchasing committee sign off on it and they buy it. Sometimes IT haggles with whoever they’re trying to buy it from. When a price is reached, the transaction takes place. Paid all at once or in payments.

442
Q

Explain Assignment/Accounting and Monitoring/Asset Tracking.

A

…Dude, just put an asset tag on things when you get them, and put them into an asset tracking system explaining what the thing is and who currently has it. This is not hard.

443
Q

What is media sanitization?

A

Making sure data is completely removed from media, and no usable information remains. You can either completely clean a hard drive for future use, or just permanently delete a single file.

444
Q

List some ways to physically destroy media.

A

Drill it. Hammer it. Shoot it. Put it in a shredder. Crush it. Incinerate it. Degauss it.

445
Q

What is a certificate of destruction?

A

Give your drives to a third party, they blow them up, and then give you a certificate saying they blew them up.

446
Q

In terms of asset management, what is data retention?

A

Sometimes you are required to keep data for a certain number of years (emails, for example). Make sure this data is backed up somewhere, and sometimes even in multiple formats.

447
Q

What is a vulnerability scan?

A

A minimally invasive scan on your systems used to determine if a system may be susceptible to a type of attack. Not a penetration test. Usually includes a port scan. Sometimes include false positives, so they need to be looked through by hand afterward.

448
Q

What is package monitoring?

A

Verifying the contents of an application package when you download it to your OS. Make sure the stuff you install is from the manufacturer. Confirm it’s safe before you deploy it.

449
Q

What is OSINT?

A

Publicly available information from a variety of sources that give information on the latest threats and attacks to watch out for on your systems.

450
Q

What is third party/proprietary threat intelligence?

A

An organization has already compiled a list of threats across multiple enterprises, and you can buy it for a price.

451
Q

What is the Information Sharing Organization?

A

An organization that has compiled their threat intelligence and made it available to their customers. Can be public information that was once classified, or private intelligence dealing with threats specific to an organization. See, The CTA (Cyber Threat Alliance).

452
Q

What is dark web threat intelligence?

A

Intelligence from the source. Usually very detailed. The Dark Web is only accessible by using specialized software. Lots of hacking groups on the Dark Web.

453
Q

What is penetration testing?

A

A simulated attack on your own systems. You’re trying to exploit the vulnerabilities found on your system.

454
Q

What is the responsible disclosure program?

A

A list of updated and patched vulnerabilities that have been made public.

455
Q

What is a bug bounty?

A

A reward for discovering a vulnerability in a system.

456
Q

What is a false positive?

A

A vulnerability that is identified that doesn’t really exist.

457
Q

What is a false negative?

A

A vulnerability that exists, but your software didn’t find it.

458
Q

What is CVSS?

A

Common Vulnerability Scoring System. A scoring system that rates how critical a vulnerability is on a scale of 1 to 10.

459
Q

What is CVE?

A

Common Vulnerability Enumeration. A cross-reference of vulnerabilities listed online.

460
Q

Explain a vulnerability classification.

A

A vulnerability scanner scans your systems and classifies found vulnerabilities on what sort of systems they’re found on, for example, it will classify the vulnerability as application, web application, or network vulnerability.

461
Q

What is exposure factor?

A

Usually represented as a percentage, it tells users how risky it is to have that vulnerability remain on your system. If it’s minor, the percentage will be small. If it’s major, the percentage will be high.

462
Q

In terms of analyzing vulnerabilities, what are environmental variables?

A

Knowing the environment that the vulnerability occurred in. One would patch a vulnerability differently in a cloud server than on an internal server. Decide which environment gets priority to be patched.

463
Q

In terms of analyzing vulnerabilities, what is the industry/organization impact?

A

Understanding the type of organization that is affected by an exploited vulnerability and prioritizing them accordingly.

464
Q

What is risk tolerance?

A

The amount of risk acceptable to an organization. It’s impractical to remove all risk, so you have to ask how long can you go without patching this vulnerability?

465
Q

In terms of vulnerability remediation, what is patching?

A

The most common mitigation technique. A vulnerability shows up, we download a patch to fix it. Usually they’re scheduled.

466
Q

In terms of vulnerability remediation, what is insurance?

A

Cybersecurity Insurance Coverage can help mitigate your losses in the event of a cybersecurity attack, recovering money stolen, and covering assets or data lost in the attack.

467
Q

In terms of vulnerability remediation, what is segmentation?

A

Separate your stuff into VLANs so that an attacker can’t get everything.

468
Q

In terms of vulnerability remediation, what is compensation controls?

A

Sometimes patches can’t be deployed right away. As an alternative, you can disable the service, revoke access to the application, limit external access, or modify internal security controls and software firewalls. Doing something to temporarily prevent access until a patch can be deployed.

469
Q

In terms of vulnerability remediation, what are exceptions and exemptions?

A

Sometimes you can’t give things a patch, and you need to exclude that application from getting a patch in spite of the vulnerability. Call this shot on your own, and determine if it’s worth it.

470
Q

What is validation of remediation?

A

The vulnerability is now patched, but did that patch work, and did the patch go out to all your applicable systems? Running a scan and an audit after the patch is deployed is validating the remediation. You can also manually verify that the patch is now working.

471
Q

In terms of vulnerability remediation, what is reporting?

A

An ongoing, automated list of vulnerabilities, systems patched and unpatched, a list of new threat notifications, errors, exceptions, and exemptions in your environment.

472
Q

What are some best practices for systems monitoring?

A

Have authentication for logins from strange places, server monitoring such as service activity, backups and updated software versions.

473
Q

What are some best practices for application monitoring?

A

Have availability, monitor the traffic, uptime, and response times. Monitor data transfers and look for increases or decreases in rates. Monitor application security notifications and see if you get any updates from the developer/manufacturer.

474
Q

What are some best practices for infrastructure monitoring?

A

Monitor your remote access systems to see who’s connecting via VPN. Also, take a look at your firewall and IPS reports.

475
Q

List some of the activities you can do for security monitoring.

A

Log aggregation, Scanning, Reporting, Archiving, Alert response and remediation/validation, quarantining, Alert tuning.

476
Q

What is log aggregation?

A

Getting all the security data you need all at once. Use a SIEM: Security Information and Event Management. The logging of security events and information to one central consolidation point. What you can reference if something goes wrong with security. You can set up a SIEM to alert you as well.

477
Q

In terms of security monitoring activities, what is scanning?

A

Actively check systems and devices. Look for OS types and versions, device driver versions, installed applications, and potential anomalies. Gather as much info as possible and create detailed reports for later if you need them.

478
Q

In terms of security monitoring activities, what is reporting?

A

Analyze the collected data from your scans.

479
Q

In terms of security monitoring activities, what is archiving?

A

Collecting and having access to your data at any given moment.

480
Q

In terms of security monitoring activities, what is Alert Response and Remediation/Validation?

A

Crafting a real-time notification of security events and enabling a quick response should an attack happen. Be informed via text message and email.

481
Q

What is quarantining?

A

Taking a system off the network so the attacker can’t go anywhere else.

482
Q

What is alert tuning?

A

Fine tuning your alerts to make sure that the alerts you set up are legitimate and not false positives or false negatives.

483
Q

What is SCAP?

A

Security Content Automation Protocol. The consolidation of vulnerabilities found by multiple firewalls, IPSs, vulnerability scanners, etc. into a single language, so that all of these devices are communicating and working together to find threats.

484
Q

In terms of security tools, what are benchmarks?

A

The best practice implemented on a device for security, the bare minimum for security settings on a device without any additional security configurations.

485
Q

Describe the difference between agent and agentless devices.

A

To check if a device is in compliance, a software agent is usually installed onto a device before it is given out. It’s then always on and checking to see if the device is within compliance. Agent devices continuously have to be updated. Agentless devices don’t have any software downloaded to it for checks, but once you login to the device, a check for compliance occurs, but only once.

486
Q

What is antivirus?

A

Tools used to identify malicious software, usually spyware, ransomware, and fileless malware.

487
Q

What is DLP?

A

Data Loss Prevention. Looks for and stops running data you don’t want running on your network. If someone sends their social security number over the network, DLP stops it.

488
Q

What is a SNMP trap?

A

Simple Network Management Protocol Traps. Gathers statistics from network devices by polling them on how many bytes have been transferred over it. An alarm is sent if an abnormality occurs.

489
Q

What is NetFlow?

A

Gathers statistics and data from the raw traffic going across your network. Consists of a probe and a collector. The probe gathers data and then exports it back to the collector.

490
Q

What is a vulnerability scanner?

A

A vulnerability scanner scans your systems and classifies found vulnerabilities on what sort of systems they’re found on, for example, it will classify the vulnerability as application, web application, or network vulnerability.

491
Q

What is a firewall?

A

Network device that filters traffic by port number and protocol or application, depending on whether it’s a traditional firewall or a next gen firewall.

492
Q

What is the implicit deny firewall rule?

A

If there is no explicit rule to allow traffic on a firewall, then traffic is blocked.

493
Q

What is the explicit deny firewall rule?

A

If traffic does not match any of the rules on a firewall placed above the explicit deny rule, the traffic is blocked.

494
Q

What is an ACL?

A

Access Control List. List that allows or disallows traffic based on IP address, port number, categories of traffic, or even time of day.

495
Q

What is a screened subnet?

A

What used to be known as a DMZ. a subnet that is monitored and controlled, but accessible from the outside of your network.

496
Q

What is an IPS signature rule?

A

An IPS looks at traffic as it passes by. A signature based rule in an IPS is looking for a perfect match of specific malicious traffic.

497
Q

What is an IPS trend rule?

A

An IPS looks at traffic as it passes by. A trend based rule in an IPS is looking for a trend of traffic that is similar to malicious traffic, and blocks all traffic that looks like the trend.