Security+ Test Study Flashcards

Question

A guard shack set up outside of the entrance to a building is an example of what control category and type?

Answer 1

Operational Preventive

Answer 2

Physical Preventive

Answer 3

Operational Deterrent

Answer 4

Physical Deterrent

Answer 5

Physical Detective

Answer 6

Managerial Corrective

Answer 7

Technical Corrective

Answer 8

Technical Detective

Answer 9

Physical Directive

Answer 10

Managerial Compensating

Answer 11

Technical Compensating

Answer 12

Technical Directive

Answer 13

A combination of principles concerning the fundamentals of security; Confidentiality, Integrity, and Availability.

Answer 14

Ensures that information being exchanged is confidential or private. The concept includes the prevention of disclosure of information to unauthorized individuals or systems. This is achieved through encryption, two-factor authentication, and access controls.

Answer 15

Ensures that information stored or sent to someone else will stay the same while in transit or while it's saved. This is achieved by hashing, digital signatures, certificates and non-repudiation.

Answer 16

Ensures that all of your systems and networks remain up and running. This is achieved through redundancy, fault tolerance, and patching.

Answer 17

Messages are encrypted so that only certain people can read it. If someone receives a message without the means to decode it, they are out of luck.

Answer 18

Two-factor authentication requires an additional confirmation of who the person receiving the information is before access is allowed. If they cannot provide this, access is not given.

Answer 19

Access controls set limits to who has access to certain types of information. A person will not be able to access information if they have not been allowed access in the access controls.

Answer 20

The person sending the data will create a hash of the data and send you both the data and the hash at the same time. When you receive the data, you'll perform the same hashing function, and if your hash matches the sender's hash, then you'll know the data you've received is exactly the same as the data that was sent.

Answer 21

A digital signature takes a hash and encrypts it. If the receiver can decode the digital signature (encrypted hash) AND the data hash, then they know the data is good.

Answer 22

Certificates identify devices or people sending data from one device to another.

Answer 23

Non-repudiation provides proof of integrity that proves data originated from an original party.

Answer 24

Redundancy and fault tolerance allows for multiple technologies to be in play at once so that if one fails another can take its place.

Answer 25

By making sure your systems don't go down due to software being out of date and failing, you'll need to constantly make sure your systems are managed and updated by patching them. Patching closes security holes and makes your systems stable.

Answer 26

The ability to verify whether the information received is from the sender that the information says it’s from. A non-technological example would be like you signing a document. Only you have your own signature, so that adds non-repudiation to the document you’re signing.

Answer 27

Any data that’s received can be verified that it is the exact same data that was originally sent, and nothing inside of the data has been changed. This can be accomplished by using a hash.

Answer 28

A short string of text that can be created based upon data contained within the plain text. Also known as a message digest or a fingerprint. It’s impossible to recover the original message with just the hash.

Answer 29

The downside of a hash is that it only tells you if the data has changed, but it doesn’t tell you who changed it. Hashes are not associated with individuals.

Answer 30

An additional level of integrity that verifies the individual who sent you the data by providing a digital signature from the sender. Anybody can see the signature, but only the signer has the private key. The receiver uses a public key that anybody can get to examine the digital signature, decrypt it, and verify that the hash of the plain text has not been altered. A digital signature is created with a private key that’s shared, and verified with a public key, the opposite of the process of encrypting data.

Answer 31

Authentication, Authorization, and Accounting

Answer 32

The check between your username, your password, and any other authentication factors. It proves we are who we say we are.

Answer 33

What type of access one has after they’ve proven who they are through identification and authentication.

Answer 34

A log of who has logged in, sent and received data, and logged out.

Answer 35

Who you claim to be. This is usually a username.

Answer 36

Here’s how it works: You’re trying to access an internal file server remotely, one that’s on the other side of a VPN concentrator. You try to access the file server, and the VPN concentrator prompts you to authenticate. Now, the VPN concentrator itself doesn’t store your authentication credentials, but it does have access to a AAA server that does, so when you put in your credentials, the VPN concentrator asks the AAA server if what you put in matches info already put into the database. If it does, you’re approved and you can access the file server.

Answer 37

We do this by putting a digitally signed certificate on the device so that firewalls and VPNs can recognize the device as one that is owned by the organization. Management software can validate the end device.

Answer 38

You can make device certificates by utilizing a CA (Certificate Authority). Most organizations maintain their own CAs. They’re usually a type of software. The organization creates a certificate on the device and then digitally signs it. The digital signature validates the certificate. It’s like a software version of an asset tag, and allows only certified devices to access certain things.

Answer 39

Also called an abstraction. The model used to give groups of users specific rights and permissions to different data. (Bruh, it’s just OUs).

Answer 40

A study of where we are versus where we would like to be. It requires research and consideration of many different IT and security factors in order to close that gap and make sure everything is completed without tripping over itself.

Answer 41

-Work towards a known baseline, or internal set of goals -Get a baseline of employees, their experience, training and knowledge -Look at what your currently have IT wise, and compare and research better alternatives -Create a final document that summarizes everything you’ve discovered, how much time, money, and change control it’s going to take, a formal description of the current state, and how to get to the established baseline. This is called a Gap Analysis Report.

Answer 42

A holistic approach to network security that covers every device, process and person. You have to authenticate every time you want to gain access to a particular resource.

Answer 43

Having your network split into functional planes. A common practice is splitting your network into a data plane (the plane that includes all of your data processing, forwarding, trunking, encrypting, NAT, etc.) and the control plane (the plane that manages how that data is moved and forwarded). Think of it this way: On a switch, you have your ports that process and move data from one place to another, and that’s your data plane, but that switch is also configured to know how that data is supposed to move and has specific network address settings, and those ports are configured to do so. That’s your control plane.

Answer 44

Where you examine the identity of an individual and apply security controls based on other factors than just what the end user told you, such as the end user’s physical location, their relationship to the organization, their type of connection, and their IP address.

Answer 45

Limiting how many places can be used to get into the network, such as only allowing people in the building access, or only allowing access to the network via a specific VPN.

Answer 46

Combining adaptive identity with a predefined set of rules to determine if the person trying to log in is really that person.

Answer 47

Examines where you’re connecting from to where you’re connecting to to determine what devices can be trusted to connect to the network. They will allow devices connecting from a trusted zone and disallow devices connecting from an untrusted zone.

Answer 48

Policy Decision Point: (PDP) A policy engine and policy administrator working together to determine whether traffic supplied by the PEP can be allowed or disallowed.

Answer 49

Policy Enforcement Point: (PEP) The gatekeeper that all network traffic goes through. Can be one device or multiple devices working together checking different policies on things.

Answer 50

Thing that looks at all of the requests that are coming through the network, examines each request, compares it to a set of predefined security policies, and then makes a decision on whether the request is granted, denied, or revoked.

Answer 51

Takes the decision made by the policy engine and provides that information to the PEP.

Answer 52

Allow people access by channeling them to a specific point, but prevent vehicles.

Answer 53

A place people have to go into first before accessing another part of the building. Opening one door causes another one to lock, or vice versa.

Answer 54

….It’s a fence, dude. I don’t know what to tell you.

Answer 55

Or CCTV. Security cameras that watch areas to see if unauthorized people are gaining access. Can have motion or object detection.

Answer 56

A person physically protecting something at the reception area of a facility. They also validate the identification of existing employees.

Answer 57

Two guards working together for security. Sometimes jobs are divided between the two so that no one person has access to everything.

Answer 58

Badge that identifies you. Has your picture, name, and other details printed on it, must be worn at all times, and is sometimes electronically logged.

Answer 59

More light means more security. Attackers avoid the light, so keep your entrances well lit for both guards and cameras.

Answer 60

A common sensor found in motion detectors that detect infrared radiation in both light and dark rooms.

Answer 61

Detects a change in force in a room.

Answer 62

Similar to infrared sensors, but utilized in large rooms.

Answer 63

Detect motion and collision through ultrasonic sound waves reflected off of surfaces.

Answer 64

Setting up a fake system to attract a bad guy, monitoring how they are attempting to override your fake system, and then recording their methods to implement securities on your real system. Tricking evil Winnie the Pooh and trapping him.

Answer 65

A bunch of honeypots networked together. Very sticky.

Answer 66

A fake file with fake information to attract a bad guy. An alert is sent once the file is accessed.

Answer 67

A bit of traceable data added to your honeynet. If data is stolen and shared, you will be notified and can trace it to who stole it.

Answer 68

Or Change Approval Process. The formal process an IT administrator goes through to ensure that a change to the systems goes through properly and without messing anything up.

Answer 69

Have clear policies that include the frequency, duration, installation process, and rollback procedures should they not work, of updates and changes to your systems.

Answer 70

-1) Fill out an approval process request form. -2) Explain what the change is and why it’s being implemented. -3) Identify the scope of the change, or how big this change will be. -4) Schedule a date and time for the change to take place. -5) Determine the affected systems and the impact on those systems. -6) Analyze the risk associated with the change. -7) Get approval from the change control board to go ahead with the change.

Answer 71

The individual or entity who discovers a change needs to be made. For example, the head of Shipping and Receiving gets a notification on his computer saying all of the departments’ address label printers need to be updated. Shipping and Receiving owns this process, but it’s the IT department that will actually be making this change.

Answer 72

Individuals or departments that will be impacted by the change you’re proposing. They’re going to want input on the change management process, and some type of control over when the change occurs. Take into account who all is going to be impacted by the change. Look beyond the immediate impact and look through the whole process.

Answer 73

Determining what sort of risk is going to be involved when a change is made, i.e., fixes that don’t fix anything, fixes that break something else, OS failures, etc. Alternatively, it could also mean what risks are going to be involved if a change is NOT made, i.e., security vulnerability, application unavailability, or unexpected downtime. Risks can be high, medium, or low.

Answer 74

An environment set up to test changes that has no actual connection to the real world or your production systems. A technological safe space. A place to test and confirm before deployment. Also a really good place to test your backout plan.

Answer 75

A plan to back out of an implemented change should things go wrong and mess up your systems. Always have a way to revert to your original settings before the change was implemented. Always have backups.

Answer 76

When the best time would be to implement a change, that would have as little impact on production as possible.

Answer 77

Standard operating procedures should be available on your company’s intranet, along with any and all well documented change processes.

Answer 78

Nothing runs unless it’s approved. Very restrictive.

Answer 79

Everything runs unless it’s denied. Very flexible.

Answer 80

In the change control process, this is a specified list of things you can actually do during the change window to implement the change. You can’t do anything outside of this scope unless change management says so. Scope can be expanded and approved as the change progresses.

Answer 81

The time during a change in the change control process where services are unavailable because of the change, usually scheduled during non-production hours.

Answer 82

If there’s no way to prevent any downtime in your organization while making a change, try switching users to a secondary system, upgrading their primary systems, and then switch them back.

Answer 83

Usually, after a change is made to systems, you’ll need to restart either the service, the application, the OS, or the whole system in order for the change to start working.

Answer 84

Applications that have been running in the organization for a long, long time and are probably no longer supported by the developer. Be careful with deleting or changing these because there may not be a way to bring them back. Document how they’re installed and hang onto it in case a change needs to be made.

Answer 85

Applications or services dependent on another in order to run. Changes will need to be made to one application or service before you’re able to install or update another application or service. It’s a pain.

Answer 86

It’s difficult to keep up with all of the changes that are made in an organization so document EVERYTHING and keep it up to date. Stay organized. It will save you headaches in the future. Update your diagrams and IP addresses. Rewrite your processes and procedures and keep them handy.

Answer 87

Keeping track of changes to a file or configuration of data over time. If a file updates, save the previous version before upgrading to the new so you’ll have a backup of the old on hand in case something goes wrong.

Answer 88

Policies and procedures that are responsible for creating, distributing, managing, storing, revoking, and performing processes associated with digital certificates. PKI used as a verb means to associate a certificate to people or devices.

Answer 89

A single, shared key. You encrypt data with the key and decrypt data with the key. If the key gets out, you’ll need another key. Also known as a secret key algorithm or a shared secret. It doesn’t really scale very well because it’s only one key shared between a bunch of people. It is very fast, however.

Answer 90

Public key cryptography. Two (or more) mathematically related keys. You encrypt data with one key and decrypt data with a different key. Both keys are made at the same time so they mathematically understand one another. One of the keys made is the private key (the one that is not shared) and the other is made to be the public key (the one that is shared to other people). The private key is the only key that can decrypt data encrypted with the public key, making all data encrypted with the public key safe from encryption except from one source.

Answer 91

Someone else holding onto your decryption keys, either within your organization or with a third party.

Answer 92

Data that’s stored on storage devices such as SSDs, hard drives, USB drives, cloud storage, etc.

Answer 93

BitLocker (Windows OS) and FileVault (Mac OS).

Answer 94

Symmetric key encryption for databases. Things have to be unlocked every time data is pulled from the database.

Answer 95

Data in a database that’s encrypted at the record level while everything else is public. For example, names in the database are decrypted, but SSNs are encrypted.

Answer 96

Protecting data as it crosses the network. This is done by browsers using secure ports such as HTTPS that encrypt data as it crosses the network. VPNs are another example, either site to site VPNs using IPsec, or client based VPNs using SSL/TLS.

Answer 97

The formula used to encrypt and decrypt data. Both sides of the data decide on the algorithm being used before data is encrypted. The details are often hidden from the end user, however. You’ve gotta encrypt and decrypt with the same algorithm, or it won’t work. There’s very little that isn’t known about the cryptographic process. The algorithms being used are usually known entities. The only thing that isn’t known is the key. In other words, just by knowing the mathematical process of how an algorithm creates a key, doesn’t allow you to know how to reverse engineer the key itself.

Answer 98

False. Keys are subject to brute-force attacks, however. This is why key length is important. The longer the key, the harder it is to brute-force guess what it is.

Answer 99

Also known as key hashing or key stretching. The process of making your key stronger by hashing the hashes of your password multiple times. The hash of a hash of a hash of a password is difficult to brute-force.

Answer 100

Sharing an encryption key across an insecure medium.

Answer 101

Using other means than the internet to share an encryption key. Telephone, using a courier, handing it off in person, etc.

Answer 102

Sharing an encryption key on the network and protecting the encryption with additional encryption.

Answer 103

Session keys are usually used for temporary services.

Answer 104

Bob on his computer has a private and public key. Alice on her computer also has her own private key and public key. Bob shares his public key with Alice, and Alice shares her public key with Bob. Together, combining their own private key with each other’s public key, they’ve created an identical symmetric key that both of them now have.

Answer 105

Trusted Platform Module. Cryptography hardware on a device. Contains a cryptographic processor, a random number generator, key generators, and both persistent memory with unique keys burned in during manufacturing, and versatile memory for storing all the keys you make with the hardware.

Answer 106

Hardware Security Module. A standalone device whose sole purpose is to provide cryptographic keys to many devices in large environments. It securely stores thousands of cryptographic keys.

Answer 107

A centralized console that keeps track of all of your different keys for all of your different servers, users, and devices. Logs key use and other important events.

Answer 108

A security processor built into the systems we use.

Answer 109

The process of making something unclear and more difficult to understand.

Answer 110

Hiding information inside of an image, TCP packets, audio files, video files, and invisible watermarks on printed pages. Security through obscurity. Can be reverse engineered if you figure out how it was hidden.

Answer 111

Replacing sensitive data sent across the network with a non-sensitive placeholder. The number is replaced with a nonsense number while being sent and then decrypted to the actual number on the other end. Used during credit card purchases.

Answer 112

Hiding some of the original data. Where all but the last four digits of your credit card number are replaced with asterisks on receipts and things like that.

Answer 113

A short string of text that can be created based upon data contained within the plain text. Also known as a message digest or a fingerprint.

Answer 114

False. If data changes, the hash changes. It’s impossible to recover the original message with just the hash.

Answer 115

Random data added to a password when hashing that password, making a different hash for the password when stored. For example, the password ‘dragon’ has its own unique hash, but the password ‘dragon +r4$x’ has a different hash, but is still able to be deciphered when the password is looked at in plain text. The +r4$x is known to the user to be the salt.

Answer 116

A distributed ledger for anyone to be able to see that keeps track of transactions. If you are involved in a blockchain, you are notified of any and all changes. The transaction is then added to a new block of data containing other recently verified transactions. A hash is added to the block of data and the block is completed so that if data is changed, everyone looking at it will know.

Answer 117

A file that contains both a public key and a digital signature. Think of it as a digital version of an ID card. It’s a way to provide trust and for them to say that the person is who they actually say they are in authentication, and allow them access to things they previously did not have access to.

Answer 118

Rather than a centralized certificate authority verifying digital certificates, multiple individuals are instead signing each other’s certificate. Friends trusting friends.

Answer 119

Standard web browser certificate format that everyone can read.

Answer 120

A third party vouching for a site or resource that we can always trust. Certificate Authorities (CAs) can be Roots of Trust as well.

Answer 121

A trusted entity that issues digital certificates. These certificates are used to verify the identities of individuals, organizations, or devices in the context of secure communication over a computer network. When two parties communicate securely using encryption, the recipient can verify the sender's identity by checking the digital signature on the sender's certificate. To establish trust, major web browsers and operating systems come preloaded with a list of trusted root certificates from well-known and reputable CAs.

Answer 122

The process of creating a certificate for your web server, sending that certificate to a certificate authority to be validated, having them digitally sign it, and then sending it back to you. You create a public key, add the identifying information about what server it’s connected to and info about your organization, you send it off to the CA, they validate it with their private key, and then send it back to you complete.

Answer 123

A list of digital certificates that have been revoked by the issuing Certificate Authority (CA) before their scheduled expiration date. When a CA issues a digital certificate, it includes an expiration date. However, certain events may lead to the need for revocation before the certificate's expiration, such as the compromise of the private key associated with the certificate, the compromise of the CA itself, or other security-related concerns.

Answer 124

You can have your own in-house Private CA for large organizations all running internal software that needs to be trusted.

Answer 125

When you click the lock icon on a web browser and look at the subject alternative names, you’ll see a list of names with an asterisk next to them. These are the lists of domains that are allowed to use that CA. As long as your device is associated with one of the listed domains, it can use that CA.

Answer 126

Online Certificate Status Protocol. A protocol that lists the status of its certificate onto the web server itself.

Answer 127

1) Are they internal or external 2) How much funding/resources do they have 3) What’s their level of sophistication/capability

Answer 128

A threat actor external to your organization associated with a government or national security of that government. They could have many motivations for attacking you, with lots of sophistication, capability, and resources.

Answer 129

Basically the opposite of a Nation State. Low skill, resources, and capability. Motivated by causing disruption and general chaos. They usually run pre-made scripts to attack your organization without really knowing how any of it works. Anyone can do this. Can be internal or external.

Answer 130

A hacker with a purpose. Motivated by an opposing philosophy, revenge, general disruption, etc. Often an external entity, but can sometimes be an insider threat. Can be quite sophisticated, using very specific attacks. They know what they’re doing, however, funding is usually low.

Answer 131

A threat from the inside of your organization. Someone on the outside can squeazel their way in and then betray you. Motivated by revenge and financial gain. In this circumstance, your organization is their funding. They have institutional knowledge, and know what vulnerable systems to hit.

Answer 132

Mnyaah, see? Professional criminals motivated by money, almost always an external enemy. Very sophisticated, seeing as their hacking is the best money can buy. They are organized in that one person hacks, another exploits, another person sells data, and another handles customer support.

Answer 133

Someone who works in your IT department and has found a way around your security and policies. Limited resources, they can only afford what you pay them, and medium sophistication. They may know a thing or two, but they don’t know everything.

Answer 134

A method that an attacker uses to gain access to your systems. Also called ‘attack vectors’.

Answer 135

Using email, SMS, and instant messaging to send you malicious links to get you to download malicious software or gain access to your systems. Basically, phishing.

Answer 136

Attackers using SVG (Scalable Vector Graphic) image formats that utilize XML files that describe the image and allows the attacker to embed other information within the XML. An attacker can put information within the image description that would then run inside of your browser.

Answer 137

Files that run on your computer that attackers can use to gain access to your files. The most easily recognizable are exe executable files, but .pdfs, ZIP, RAR compression files, add-ins, file extensions, and Microsoft Office documents are also used to instigate an attack.

Answer 138

Phishing over the phone. Someone on the other end of a phone trying to get you to give up valuable information. A wide scale version of this is called war dialing. They also attempt to DoS your systems by call tampering, and spam over IP.

Answer 139

Using a USB drive to get into systems and get or disrupt information. Fun fact: USB drives can be modified into appearing to your computers as keyboards and can automatically begin typing things onto your screen.

Answer 140

Security issues and vulnerabilities within software that has not been properly updated.

Answer 141

Security issues and vulnerabilities within software on a server that is distributed to client devices that have not been properly updated.

Answer 142

Systems within your network that are no longer able to receive upgrades or patches to prevent attacks, and are therefore vulnerable within your network. Example, outdated operating systems.

Answer 143

Attackers using outdated, un-upgraded, or rogue wireless, wired, and Bluetooth connections to gain access to systems on your network.

Answer 144

An unsecure port that can be utilized by an attacker to gain access to the systems on your network. The more services you install, the more open ports and potentially the less secure a system might be. Use firewalls.

Answer 145

The default username and passwords on your network devices when you first get them. Change them so they won’t be utilized by an attacker!

Answer 146

Third parties gaining access to your systems through established infrastructure in equipment, using an authorized vendor program to jump to an unauthorized system, and the utilization of counterfeit networking equipment.

Answer 147

Managed Service Providers: Third parties that you are paying to manage your equipment and systems

Answer 148

Communication method used to make you think something is real when it really isn’t in order to steal data or make your infrastructure vulnerable. Example: texts with dubious links, suspicious emails from unknown senders, and fake websites that look like real websites.

Answer 149

A fake URL that’s very similar to the real one that attackers use to trick people into clicking dubious links.

Answer 150

The attacker lying to you and creating a dramatic situation to get your information.

Answer 151

An attacker lying to you over the phone to get your information.

Answer 152

SMS phishing. An attacker lying to you through text to get your information.

Answer 153

An attacker pretending to be someone of importance that you should listen to (a boss, an authority, someone from the help desk, or a third party account holder) in order to get information from you.

Answer 154

An attacker pretending to be you to use and waste assets that are already yours.

Answer 155

An attacker, who cannot gain access to your network by conventional means, “poisons” a third party website that all of your employees visit, thus getting a foot in the door, and attacking your network indirectly.

Answer 156

Having multiple layered contingencies to protect your systems, employing the use of a firewall AND an IPS AND antivirus software all working at the same time.

Answer 157

Giving, either deliberately or not, the wrong information. Creates confusion and division. Usually given on a large scale by influence campaigns, nation-state actors, and advertising on social media to sway public opinion.

Answer 158

1) Create fake users 2) Create content on the fake user account 3) Content is liked and shared 4) Real users share the message 5) Mass media picks up the story

Answer 159

Attackers pretending to be a well known brand in order to fool people into visiting their fake site and download malware and exfiltrate your information.

Answer 160

All software runs in memory. Nothing runs on your computer unless it is run through memory and processed on a CPU. By this logic, malware also runs in memory, and has two options to run once it’s inside your PC. It can either run its own processes, or inject itself into a legitimate already running process on your PC. The process of a malware script being inserted into the existing process of other software is called Memory Injection.

Answer 161

Dynamic-Link Library Injection. A type of executable on your system that many different processes and applications use. An attacker can insert his malicious DLL into the legitimate DLL by making a path from a storage device to the legitimate DLL and make it part of the process.

Answer 162

Where an attacker can write more than what’s expected into a particular area of memory and that additional information that they’re writing overflows into another area of memory. It’s a difficult attack to perform, because additional information written onto an application often causes a system to crash.

Answer 163

An application developer ensuring that only 8 bytes of data are being written at a time into memory to prevent possible buffer overflow attacks.

Answer 164

Where two events happen at nearly the same time with an application, and the application doesn’t take into account that the two events are happening simultaneously.

Answer 165

Time-of-check to time-of-use attack. An application checks a system to retrieve information that may be stored. After it retrieves that information, it performs a particular function with a particular value. But sometimes something else happens between the time the application checks the system for the value, and the application actually using the value.

Answer 166

An update presented to your application or OS that is not legitimate and contains malicious software within its fake update. Have a good backup and install updates only from trusted sources with digital signatures.

Answer 167

The 2nd Tuesday of every month where Microsoft releases Windows OS updates.

Answer 168

Always update all the time as often as you can. Have a backup of your current OS version all the time.

Answer 169

An attacker adding their own code into information that is imputed into an application. Super common, and used in a variety of different applications, such as HTML, SQL, XML, LDAP, etc.

Answer 170

Structured Query Language Injection. The most common database management system language is SQL. The injection occurs when an attacker puts their own SQL requests into an existing application. The application doesn’t normally allow this because it (should) be performing checks. Usually done within a web browser.

Answer 171

If you see a code that has “1 = 1” on the end of it, that’s a good indication it’s a SQL injection.

Answer 172

Cross-Site Scripting. Utilized by JavaScript. An attacker sends a link containing a malicious script to a victim. The victim clicks the link and visits a legitimate website trusted by the victim. But because the attacker provided the link, there’s additional information included with the connection, usually a malicious script running along with the link to the website. That script then sends the victims data (via session cookies, etc.) behind the scenes to the attacker.

Answer 173

OS running inside of various hardware (thermostats, fridges, garage doors, etc.) that’s connected to your network (layman definition). It needs to be updated too. Usually, only the manufacturer can update the firmware, but this isn’t always the case.

Answer 174

End of Life. When a manufacturer stops selling a product, but will, for a time, continue to support it and provide firmware and security updates to the product.

Answer 175

End of Service Life. When a manufacturer stops selling a product and support and updates are no longer available. It’s time to get something else.

Answer 176

Devices that have been on your network for a long time, running older OSs and outdated applications. While they work and don’t cost anything anymore to run, they are vulnerable because they can no longer be updated. If they HAVE to be there, just make sure they have additional security protections.

Answer 177

When a VM is able to break out of its self-contained system and interact with the host operating system or hardware on the same hypervisor.

Answer 178

You have a hypervisor managing multiple VMs. Those VMs are sharing RAM. Sometimes information is shared between the VMs via the shared RAM.

Answer 179

Because Cloud services are available to be accessed by anyone in the world, they are susceptible to multiple kinds of attacks, such as Dos, Authentication Bypass, Code Injection, and Remote Code Execution.

Answer 180

If you’re outsourcing the systems you use to a third party, it’s up to them to take care of your stuff. For peace of mind, make sure you have ongoing security audits with your third party provider to make sure they’re protecting your stuff.

Answer 181

Taking a switch or some other device out of the box, plugging it into your network, and assuming there’s no malicious software on the device. For peace of mind, have close relationships with a small number of vendors, and utilize only them.

Answer 182

Downloading an update or patch to a system from a provider you’re not sure you trust (or are not fully familiar with). For peace of mind, download software and firmware updates ONLY from trusted sources, and confirm digital signatures during installation.

Answer 183

Literally leaving unencrypted information just sitting around on the internet somewhere. Attackers just take it.

Answer 184

The admin account has a weak or easy to figure out password, leaving your data open and vulnerable. Change your passwords!

Answer 185

Telnet, FTP, SMTP, and IMAP all send their information in the clear, so use the secure versions of these instead.

Answer 186

You have open ports on your server accessible by others, so implement a firewall to disallow use of specific ports.

Answer 187

Downloading a malicious app to your device that can cause a data breach. Always get your apps from the legitimate app stores. Disallow the ability to download an app from anywhere else.

Answer 188

There’s a lot of vulnerabilities that we just don’t know about yet. When an attacker finds one first and they utilize it, that’s known as a zero-day attack. Once it’s known about, it can be patched and stopped.

Answer 189

Software that’s been installed on your system that’s designed to be malicious.

Answer 190

Malware in which a third party takes your files for ransom and will not give them back unless you comply with their demands.

Answer 191

Malware that convinces a user to install by pretending to be legitimate software.

Answer 192

Malware that allows a third party to take control of your system.

Answer 193

Patch and update your systems! Also, always have a backup!

Answer 194

Malware that YOU install, rather than someone finding a vulnerability, exploiting it, and installing it themselves.

Answer 195

A virus that does not download its files needed to operate into your systems storage, but rather only operates from your system’s memory. Adds an auto-start to the registry

Answer 196

Malware similar to a virus that can move around from system to system without any user intervention.

Answer 197

Malware that presents advertising to you and watches where you go on the internet.

Answer 198

Malware that monitors and stores all of the keys you press.

Answer 199

Additional, usually unnecessary software included on a new device by the manufacturer, and visible when it’s first turned on.

Answer 200

A type of malware that waits for a particular event to occur before executing.

Answer 201

Malware that’s difficult to remove from a system because it disguises itself as a root service or kernel.

Answer 202

Trying every possible password combination until the hash is matched. Takes a lot of time. Also, literally kicking in a door to a data center.

Answer 203

Duplicating an access badge to impersonate a legitimate employee and gain access to where they go.

Answer 204

Attacking everything supporting the technology, like, turning off the power or taking out the HVAC.

Answer 205

Denial-of-Service. Forcing a service to fail, usually by the service being overloaded and made unavailable for others to use. Most common way to implement this is to make a bunch of bots attack a central point all at once, but it could be as simple as turning off the power.

Answer 206

When someone unintentionally makes a service fail. Oops.

Answer 207

Distributed Denial-of-Service. Remotely controlling bots around the globe on infected computers to do what you tell them to, namely, attacking a central point all at once to overload a system.

Answer 208

A DDOS attack reflected off of another device or service.

Answer 209

A DDOS attack where a small amount of data is initially asked for, but then it amplifies in size significantly once it responds to the requesting device. Usually done over non-authenticated services, such as DNS queries.

Answer 210

Redirecting people to whatever IP address you like by modifying a DNS server, modifying the host file on a client, or by sending a fake response to a valid DNS request.

Answer 211

The attacks formerly known as man-in-the-middle attacks. Attackers getting in between two systems and watching, capturing, and modifying the traffic that flows between them. The attacker is “on your path”.

Answer 212

Gaining access to a DNS server and making configuration changes by gaining access to the fully qualified domain name in the register used by the DNS server.

Answer 213

Redirecting users to a site that is slightly different than the actual URL, and either utilizing the alternative URL to advertise and make money, or redirect traffic for everyone who went there to the URL’s competitor. See Typosquatting.

Answer 214

A DOS attack where a third party can send specially crafted Wi-Fi management frames to disconnect your station from the wireless network.

Answer 215

Radio Frequency Jamming. A wireless DOS attack that affects everyone trying to communicate over wireless frequencies. The attacker sends interfering wireless signals so the receiving device can no longer hear good wireless signals. The signals can be legitimate or not.

Answer 216

Address Resolution Protocol poisoning. Also known as IP spoofing. Manipulating where certain devices can send traffic. A local device tries to get out of a network by looking for the router’s IP address, and another device pretends to be that router’s IP address and intercepts the data. Once the device has cached that IP address, it will always send data to it to get out of the network, but it will now be going through the attacker's computer first before it gets to the router.

Answer 217

ARP Poisoning happening on the victim’s computer, where malware on the browser acts as a proxy that redirects traffic before and after it’s sent to the network. Traffic manipulated this way is seen in the clear because it is happening on the same device.

Answer 218

An attacker gathers information shared across the network and then replays what a user did on their computer to communicate with the server, essentially imitating the victim’s computer. Stop this with encrypting your info end to end.

Answer 219

Information stored on your computer by the browser. Used for tracking, personalization, and session management. They are a privacy risk, and contain the valuable Session ID that attackers are eager to get.

Answer 220

Executables, scripts, macro viruses, worms, trojan horses, or any type of malicious software that is used to gain access to a system.

Answer 221

A user gaining higher (or just different) levels of access to a system than what’s initially assigned to them. Usually comes about from a hidden vulnerability in an application.

Answer 222

Also known as a One-Click Attack and Session Riding. An attacker takes advantage of the trust that’s already established between a website and a browser. Their goal is to make requests on that trusted website without your consent or knowledge. For example, let’s say you’re logged into a bank website. An attacker creates a funds transfer request and sends the hyperlink to you in an email. Because you’re already logged in to the bank website, clicking the link will unknowingly activate the funds transfer request, and because you’re already authenticated into the site, the request goes forward.

Answer 223

Web server configuration vulnerability. Allows an attacker to read or write files to a web server that are normally outside the scope of the website’s directory.

Answer 224

When you can’t get the combination (the key), attack the safe (the cryptography).

Answer 225

An attack where the attacker forces the systems to use an encryption that’s either not as good or gone completely. SSL stripping is an example of this.

Answer 226

A single hash that is exactly the same across two different plaintexts.

Answer 227

In a classroom of 23 students, what is the chance of two students sharing a birthday? About 50%. For a class of 30, the chance is about 70%. A hash collision is the same hash value for two different plaintexts, so what are the chances of those being the same? Find a collision through brute force.

Answer 228

Trying to login with the most popular passwords. If the attacker is unsuccessful, they move onto the next account before getting locked out.

Answer 229

Trying every possible password combination until the hash is matched. Takes a lot of time.

Answer 230

Account lockout, concurrent session usage, blocked content, impossible travel, resource consumption, resource inaccessibility, out-of-cycle logging, published content, and missing logs.

Answer 231

Your credentials aren’t working, or your login attempts have been exceeded and you’re locked out now. Possibly even administratively disabled.

Answer 232

The same person logged in in two different locations or systems.

Answer 233

Once an attacker has gained access to your system, they want to stay logged in as long as possible, so they block all content that might allow you to patch or update your system so they can stay logged in.

Answer 234

Two logins in two completely different locations in the world.

Answer 235

When an attacker gains access to a system and is in the process of downloading your data, a noticeable spike in bandwidth resources should be visible. This is a good indication you’re compromised.

Answer 236

If a server suddenly conks, or if a section of the network is disrupted.

Answer 237

When a system patch log occurs outside of the normal schedule.

Answer 238

Your data is now out and available on the internet. You done got got.

Answer 239

Deleted log information is an indication that someone is (sloppily) trying to cover their tracks.

Answer 240

Devices confined within a specific network that are unable to access other networks because the physical devices between the two networks are not physically connected.

Answer 241

Devices ARE connected to the same physical switch, but they are separated on the switch via VLANs.

Answer 242

Access Control List. List that allows or disallows traffic based on IP address, port number, categories of traffic, or even time of day.

Answer 243

Ensuring only legitimate applications are used on a system. Allow List = Nothing runs unless it’s approved. Deny List = Everything can run except the things denied.

Answer 244

The process of reducing the impact of a security event or a potential security event.

Answer 245

Keeping your systems up to date by closing up found holes of vulnerability. Do this as often as you can.

Answer 246

Having file systems and other specific pieces of data converted into a non-readable hash and no longer in plaintext.

Answer 247

Aggregating information from your devices that is watched by built-in sensors, IPSs, firewall logs, authentication logs, web server access logs, and various others that is consolidated, and sends an alert when something is out of the ordinary.

Answer 248

Setting the rights and permissions of users to the bare minimum of what they can do on a device in your network to prevent possible exploits.

Answer 249

Once someone logs into a system, the system checks to see if they have the most up to date OS upgrades, patches, antivirus software, certificate status, and other security features. It then forces you to install these features or quarantines your device.

Answer 250

The process and protocols of correctly destroying a storage device.

Answer 251

Ensure you’re installing updates, make sure passwords are lengthy and complex, limit what accounts can do, limit network access, and monitor and secure the system with anti-virus software. Disable your ports and protocols. Every open port is a possible entry point. Close everything except required ports. Change your default passwords on network devices and add multi factor authentication. Remove bloatware from new devices, and unused applications from currently used devices.

Answer 252

Ensure file systems are encrypted, either EFS or FDE, and encrypt your network with a VPN.

Answer 253

Endpoint Detection and Response. A type of software that can detect threats based upon behavioral analysis, machine learning, and process monitoring. It’s a lightweight agent on the endpoint. Analyses behavior of a threat and is able to detect it again.

Answer 254

Software based firewall that runs behind the scenes on every endpoint. Allows or disallows incoming or outgoing application traffic. Identifies and blocks unknown processes.

Answer 255

Host-Based Intrusion Prevention System. Watches network traffic and alerts and stops attacks.

Answer 256

Using someone else's hardware to run your application. You’re in charge of all the management, data, software and security of your application. You’re only borrowing the hardware. (sometimes called Haas, hardware as a service).

Answer 257

Everything you want to use is on the cloud and managed by someone else. You are only responsible for the content. Think Gmail. You only provide the content of the emails, but not any of the software, security, or hardware it’s stored on.

Answer 258

Someone on the cloud is providing you with a platform to build what you want. You handle the development of your application with data and content, they provide you with the hardware, software, and security.

Answer 259

A chart of responsibilities showing who’s responsible for the different aspects of the technologies running in the cloud. Could be based on a contract. Customers are responsible for some, while providers are responsible for others, and sometimes there’s overlap.

Answer 260

Using a technology that is spread across more than one cloud provider. Some aspects are in one cloud, while some aspects are in another. People using this technology will still have to authenticate to both and server and firewall configurations will have to be set up separately.

Answer 261

You write an application and put it on the cloud, but you also want to protect it with a firewall from a third party. Managing this firewall is still something you have to do, but it isn’t actually yours, and you’ll have to talk to the third party providing the firewall to make sure everything is kosher. This is done in a Vendor Risk Management Policy.

Answer 262

Infrastructure as Code. A way to describe an application instance or a portion of the infrastructure in the cloud, but you’re defining it as code rather than defining it as a particular piece of hardware. Could be written out as code to define what hosts need to be built, the type of web servers that are running on these hosts, and database servers that would also be used in the cloud infrastructure. Easy to write out and modify.

Answer 263

An application instance put on the cloud that has no servers. Instead of accessing a single application, you’re accessing individual functions that are handled by that application. Thus, no server is required and no need to worry about a specific OS. You only need to run functions.

Answer 264

Instead of having one big application running all of the functions of the application simultaneously, you can have different aspects of the application run on and be supplied by different services still accessible from one client through an API gateway. The API gateway is the glue that makes all the services run when they’re needed. Security for each microservice can be provided individually, instead of security for one big application.

Answer 265

Means the devices are physically separate. If an attacker gained access to switch A, they would have no way to access switch B.

Answer 266

Virtual Local Area Network. Segmenting multiple networks (broadcast domains) logically on the same switch.

Answer 267

Software Defined Networking. Networking architecture is defined by how the networking devices operate on their planes of operation, and organized accordingly.

Answer 268

The three planes of operation for software defined networking are the data, control, and management planes.

Answer 269

Also called the Infrastructure Layer. It’s the plane doing the real work. Switches and firewalls processing network frames, forwarding and trunking and encrypting data as it moves around, etc.

Answer 270

Also called the Control Layer. Manages the actions of the data plane. Has all of the routing, session, and NAT tables.

Answer 271

Also called the Application Layer. Where we as Network admins physically configure and manage all of these network devices.

Answer 272

Centralized, costs less, no dedicated hardware you have to support, no data center to secure, and a third party handles everything.

Answer 273

Everything is local and on you to secure, giving you the freedom and control to protect things exactly how you want it, but it costs more to maintain (being a Tech Director).

Answer 274

EVERYTHING is in one location.

Answer 275

Everything is spread out and in different hands and different locations. Most organizations are decentralized, but monitored on a console as if they were centralized.

Answer 276

Running many different operating systems and VMs on the same hardware.

Answer 277

Having multiple applications running simultaneously all on one single piece of hardware and one single OS, as opposed to virtualization, where a separate OS is spun up on one VM to run one application.

Answer 278

Internet of Things. Devices designed to be integrated into your network and support some of the features and services that you use on a daily basis. Smart things in your home. Lousy at being secure.

Answer 279

Segment the IoT devices from the private network. Keep personal devices and storage systems away from IoT devices, that way if an IoT device is breached, your personal data is not accessible. Use a separate VLAN or guest network for IoT devices.

Answer 280

Supervisory Control and Data Acquisition System. Also known as ICS, Industrial Control Systems. Basically large scale industrial networking. Various building controls talking to one another through the network. Managed usually at one computer.

Answer 281

Real-Time Operating System. An operating system with a deterministic processing schedule. Can take a single process on it and suddenly grab all of the resources of the system and have that process take priority. Found in cars and military equipment. Extremely sensitive to security issues, but difficult to break in.

Answer 282

Hardware and software designed for a specific function, or to operate as part of a larger system. Created to do only one thing. Traffic light controllers, for example, only do one thing and do it really well. No other functionality in an embedded system.

Answer 283

The methods employed to keep a system up and running all the time. The nearly instantaneous and automatic swap between a failed network component and its backup. High Availability nearly always means higher costs, but it’s worth it to keep things running.

Answer 284

Ensures that all of your systems and networks remain up and running. This is achieved through redundancy, fault tolerance, and patching. In security, we want our stuff up and running all the time, but only to the right people.

Answer 285

If things happen, how quickly can you recover, based on the damage to hardware, software, or redundant systems. Mean Time to Repair (MTTR).

Answer 286

How much money is needed to implement/maintain technology? Is the cost ongoing?

Answer 287

How quickly do your services respond.

Answer 288

How big can your technology grow or shrink in capacity based upon what you need at what time.

Answer 289

How easy is it to set up your application and all of its components and get it up and going.

Answer 290

Making a third party responsible for security, transferring the risk. Example, Cybersecurity insurance.

Answer 291

How quickly and easily can you get back up and going after something happens.

Answer 292

How often and available are patches for your systems and applications.

Answer 293

What do you do if patching isn’t available for some of your stuff? How do you defend and protect your stuff?

Answer 294

Do you have enough at all the right times? Is it available all the time? Do you have UPSs? Who is your provider?

Answer 295

Do you have enough processing power to do the things you want to do?

Answer 296

The placement of devices on a network that would best utilize security and logical separation so that all devices are running at maximum efficiency and protection.

Answer 297

Instead of separating different devices by IP address, they are separated by use or access type. Each area of the network is associated with a particular zone, such as trusted, untrusted, internal, external, inside, etc. You then allow or disallow traffic to travel between the different zones.

Answer 298

The combination of potential openings into your network. How does your network look? Are you aware of all of the ways into your network?

Answer 299

The way in which your devices are connected to one another. Is everything connected to everything? It probably shouldn’t be. If it is, provide encryption.

Answer 300

Watches network traffic and alerts and stops attacks.

Answer 301

Intrusion Detection System. Watches network traffic and only alerts if it finds traffic it doesn’t recognize.

Answer 302

Fail-Open: When a system fails, data continues to flow. Fail-Close: When a system fails, data stops flowing.

Answer 303

A system is connected inline, and data can be blocked in real-time as it passes by. Example, IPSs.

Answer 304

A system is not connected inline, and instead, a copy of the network traffic is examined using a tap or port monitor. Data cannot be blocked in real-time. Example, IDSs.

Answer 305

A server that’s on the inside of a private protected network that provides access to allowed clients on the outside trying to access that network.

Answer 306

A type of security control that sits between one part of a network and another (or the internet), allowing or preventing certain traffic to traverse the network. Useful for caching information.

Answer 307

Determines which server to send you to in case one gets too populated, and allows you to scale up or scale down the capacity of each server based on use and have fault tolerance should one server fail.

Answer 308

Aggregate information from network devices. They notify you when something happens or a threshold is reached. Some sensors are built-in, while others are separate devices. Usually integrated into switches, routers, servers, firewalls, etc. Take information and compile a report in a collector (IPS, firewall, SIEM, etc.)

Answer 309

Extensible Authentication Protocol. The protocol that 802.1X relies on to have credentials provided to it to allow authentication.

Answer 310

Web Application Firewall. A firewall that applies rules to HTTP/HTTPS conversations. It allows or denies based on expected input, so, for example, it’s mainly looking specifically for things like SQL injections and similar attacks.

Answer 311

Unified Threat Management. An all in one security appliance. Contains a firewall, URL filter, malware inspection, spam filter, IDS/IPS, bandwidth shaper, VPN endpoint, and routing and switching capabilities. Usually only operate up to layer 4, and not all of them can run at once. Good idea, but it’s too much.

Answer 312

Next-Generation Firewall. Firewalls able to filter traffic based upon OSI layer 7 (application layer). Can do a full packet decode of everything moving on the network. IPS built in. Contains content filtering based on URLS of types of sites, for example, it can block all gambling sites if you let it.

Answer 313

Virtual Private Network. Encrypted (private) data traversing a public network. Data meets and flows in and out of a VPN concentrator.

Answer 314

Basically encryption. You have data with an IP header that isn’t encrypted. Putting an IPSec header and trailer and a new IP header on the data allows it to be encrypted and flow to the VPN concentrator.

Answer 315

Internet Protocol Security. Provides authentication (AH, authentication header) and encryption (ESP, encapsulation security payload) for all layer 3 (IP) packets.

Answer 316

Client VPNs use SSL/TLS protocols (TCP 443).

Answer 317

Used to connect two or more remote networks securely over the internet. It creates a virtual network bridge between the local area networks (LANs) of different sites or offices. The VPN connection is established at the network level, typically between routers or firewalls located at each site. It provides secure and encrypted connectivity for all devices within the connected networks. It is commonly used by organizations to connect branch offices, remote sites, or geographically distributed networks.

Answer 318

Software Defined Wide Area Network: A WAN built for the cloud. Instead of telling a WAN to connect to a centralized data center, we can tell it to access the data directly inside the cloud. No more accessing Data Centers, you can go directly to the cloud.

Answer 319

Secure Access Service Edge. Basically the VPN for cloud services. The next generation VPN that allows us to communicate to web-based applications. Allows different clients (corporate offices, home users, and mobile users) to access cloud services as if it were communicating through a VPN.

Answer 320

Data managed by a third-party which makes the rules on how it should be protected.

Answer 321

The set of secrets and processes exclusive and unique to an organization. The Krabby Patty secret formula.

Answer 322

Data that’s publicly visible, but protected under copyright and trademark.

Answer 323

Court records, judge and attorney information, (PII data may be stored differently), and other sensitive details. Usually stored in many different systems.

Answer 324

Internal company financial details, customer financials, payment records, credit card data and bank records.

Answer 325

Data that a human can read that’s clear and obvious.

Answer 326

Data that a human cannot read, such as encoded data, barcodes, or encrypted images.

Answer 327

False. Not all data has the same level of categorization. Different levels require different security and handling, such as additional permissions need to be given, a different process to view the data may be required, or access to specific data will be restricted on the network.

Answer 328

Any data that an organization owns, or information that they’ve gathered and created into their own set of trade secrets. Data that is the unique property of an organization.

Answer 329

Personally Identifiable Information. Data that can be used to identify an individual, such as a name, date of birth, mother’s maiden name, and biometric information.

Answer 330

Protected Health Information. Health information associated with an individual, their health status, health care records, payments for health care, etc.

Answer 331

Data that shouldn’t be visible to everyone. Intellectual property, PII, and PHI.

Answer 332

Very sensitive data, must be approved to view.

Answer 333

Data with no restrictions and anyone can view it.

Answer 334

Data that has restricted access that may require an NDA to view.

Answer 335

Data that should always be accessible and should never be down.

Answer 336

Data at rest Data in transit Data in use

Answer 337

Data that is on a storage device.

Answer 338

Data that is transmitted across the network.

Answer 339

Data actively processing in memory.

Answer 340

The idea that data that resides in a country is subject to the laws of that country.

Answer 341

Technology utilized to determine and track where data and people are, for example, GPS, 802.11 data, mobile providers, etc. Can be used to allow access to data based on location (Netflix stopping people from watching things in the US).

Answer 342

Making policy decisions based upon where the data is located and where the user is located.

Answer 343

Encoding information into unreadable data. Can be decrypted.

Answer 344

Representing data as a short string of text. Cannot be decrypted.

Answer 345

Taking original data and hiding only some of it, for example, turning all but the last four digits of your credit card number into asterisks.

Answer 346

Takes sensitive information such as a credit card number used in a purchase, and replaces it with a token number that is completely different when crossing the network. Only a one time use. Nothing is encrypted, but all the numbers are changed on the token.

Answer 347

Make something normally understandable very difficult to understand. For example, taking perfectly readable code, running it through an obfuscation process, and turning it into complete nonsense. Both work fine, one is just difficult to read.

Answer 348

Separating your data into different segments so if an attacker gets in, they would only get a piece of the info, and not all of it.

Answer 349

Controlling access to accounts so that only certain people can access certain data. File permissions.

Answer 350

The nearly instantaneous and automatic swap between a failed network component and its backup. High Availability nearly always means higher costs, but it’s worth it to keep things running.

Answer 351

Having multiple servers configured to all work together as one big server. Can be added or removed in real-time as needed. All run the same OS. All use the same shared storage.

Answer 352

Load is distributed across multiple servers, but the servers are unaware of each other. Only the load balancer knows about all the servers. Servers can run different OSs.

Answer 353

A site recovery plan that requires a separate facility. Another physical site you can go to if there is a problem at your main site.

Answer 354

A separate facility that’s just an empty building. You have to bring all of your equipment, people, and data to the site and set it up.

Answer 355

A separate facility where not everything is there, but some stuff is already set up.

Answer 356

A separate facility that’s just a copy paste of your main facility. Everything is there and ready to go.

Answer 357

Ensuring that your backup site location is far enough away from the disaster at your main site so you can get up and going again.

Answer 358

Using multiple OSs in your organization to avoid vulnerabilities. If your Windows stuff goes down, you can get it up again on Linux. Don’t just have one OS that everything runs on.

Answer 359

Same idea as platform diversity. Have multiple cloud providers, plan your backups, and don’t rely on just one cloud provider should something go wrong.

Answer 360

Continuity of Operations Planning. What to do after a disaster or incident that keeps work going, even if all the common technology is gone.

Answer 361

Predicting, calculating, and implementing the supply and demand of your organization to match. If you have too much demand on your systems, there’s slowdowns and outages. If you have too much supply, you’re paying too much for things you don’t need. This needs to be done for three different aspects of your organization, people, technology, and infrastructure.

Answer 362

Testing certain events and disaster scenarios to see how well prepared you are in case of a catastrophic event.

Answer 363

Go through the steps as if you were actually doing them with other people at a table. Talk with others and see if the implemented plan actually works.

Answer 364

A test to see if the redundant devices that have been set up actually switch over and work continues in a simulated failure.

Answer 365

Testing an organization with a simulated event, like a phishing attack, or password requests, or a data breach.

Answer 366

Split a process through multiple (parallel) CPUs.

Answer 367

The backup data and backup media are in your organization. Data is immediately available. Less expensive.

Answer 368

The backup data and/or backup media are not in your organization, but stored elsewhere. More expensive, but restoration can be performed from anywhere.

Answer 369

Backing up an entire system with the click of a button at the time the button is clicked. Popular on VMs and cloud services.

Answer 370

Making sure that the backups you’re making every week/month can actually be used if they need to be.

Answer 371

An ongoing, almost real-time backup. Data is synchronized in multiple locations.

Answer 372

If you’re making a backup, and the power goes out right in the middle of writing the backup, the data is probably corrupted. To avoid this, you can write a journal entry stored on the drive before the backup is initiated. Then, once it’s written, go ahead and make the backup. If the data gets corrupted, you have something to fall back on. Corruptions can be corrected if a hard drive gets corrupted data, but then looks at the journal for all of the corrections.

Answer 373

Long-term alternative power supply that’s an engine that supplies electricity. You need a place to store your fuel though.

Answer 374

Uninterruptible Power Supply. Provides short term battery backup power in case of a loss of electricity.

Answer 375

The average, normal amount of metrics over a given time in a measured thing that can be compared to the current status of a device. You can check for inconsistencies by comparing your device stats to your baseline.

Answer 376

A baseline that you either initially set up, or one that comes out of the box from the manufacturer.

Answer 377

You’ve made a list of things you want to deploy for your baseline, and now you’re sending it out. Usually through a centrally administered console.

Answer 378

Keeping your baseline consistent and stagnant. Baselines rarely change, but if they do, test them out and measure them to avoid conflicts and contradictions before you deploy them.

Answer 379

Frequently install updates and patches. Segment company data stored on the device. Control with an MDM (mobile device manager).

Answer 380

Frequently install OS, application, and firmware updates and patches (usually automated once per month). Be connected to AD. Remove any and all bloatware.

Answer 381

Change the default credentials. Check the manufacturer for patches to the embedded OS and the firmware.

Answer 382

Assign least privilege rights. Configure EDR (Endpoint Detection and Response). Always have a backup.

Answer 383

Frequently install OS updates, service packs, and security patches. Make sure password lengths and complexities are set. Limit network access (only a few people need access to servers in the first place). Make sure the antivirus is installed.

Answer 384

You don’t. There’s very little access from the outside anyway.

Answer 385

Keep them up to date, even though updates are rare. Put them on a segmented network.

Answer 386

Isolate these systems if they aren’t already. Let them run with minimum services.

Answer 387

Change the default credentials. Deploy updates as soon as possible. Put them on their own VLAN.

Answer 388

Going around and determining the wireless landscape of a building, getting the number of APs, what their strength is, what frequencies they’re set to, how much coverage they are providing for the building, etc.

Answer 389

Similar to a site survey, but shows you the wireless signal strengths of each AP in real-time.

Answer 390

Mobile Device Management: A centralized console that manages company-owned and user-owned mobile devices. Can set policies on what mobile apps can and can’t be used, can remotely access phones, and can partition the device data into segments.

Answer 391

Bring Your Own Device Policy. The employee can use their own device for company purposes. Convenient, but difficult to secure and protect data.

Answer 392

Corporate Owned, Personally Enabled Policy. The company buys the phone, but gives it to the employee to use as both a corporate and personal device.

Answer 393

Choose Your Own Device Policy. The company buys the phone, but lets the employee choose which phone it is.

Answer 394

They’re called ‘Cell Phones’ because the antenna frequency transmitted from a tower makes a ‘cell’ area, and phones communicate on that cell. 4G and 5G coverage. It’s hard to secure cell networks because there is frequent traffic monitoring, location tracking, and world wide access to a mobile device. We don’t normally have control of these things.

Answer 395

Susceptible to data capture through on-path attacks, and DoS attacks.

Answer 396

High speed communication over short distances. Don’t pair with what you don’t know.

Answer 397

Wi-Fi Protected Access 3. WPA with GCMP block cipher mode. PSK is not sent across the network. Nothing to brute force. Each session key is unique, so it doesn’t matter if it’s captured. Very secure.

Answer 398

Remote Authentication Dial-in User Service. How the teachers at school log in. A centralized database of users and passwords (Active Directory) that allows for authentication into a network. Used by all sorts of devices, very popular.

Answer 399

You have a user device, known as a supplicant, trying to talk to the network through an authenticator. The authenticator checks with the authentication server to see if this person is set up. If they are, the authentication server asks the authenticator to ask the supplicant to provide credentials to login to the network. The supplicant provides those credentials and the authenticator checks them against what’s logged in the authentication server. If the credentials are validated, the authenticator provides access to the supplicant. This is how Active Directory and RADIUS work.

Answer 400

Basically editing application code. Application developers perform input validation when information is going into their application. It ensures that any unexpected data that’s put into one of those inputs will not be interpreted by the application. They check to see what they’ve put into their apps matches what’s actually supposed to go in there.

Answer 401

Cookies are bits of data about your web sessions that’s stored on your computer by a web browser. Secure cookies only send that data over HTTPS so it’s secure.

Answer 402

A method application developers use to test the security of their applications. They put their code through a static code analyzer and the analyzer checks it for buffer overflows and database injections.

Answer 403

Fuzzing. Fuzzing is designed to send a random input into the code of an application (fault-injecting) and see if it responds in an unexpected way.

Answer 404

Validating that the code you’re about to run on your computer for an application is the same code that was made by the developers. Code is digitally signed by the dev, like a CA.

Answer 405

Running code in an isolated environment to make sure it works and won’t infect anything if it’s corrupted. Commonly used during development.

Answer 406

The developer built in a real-time monitoring software into the application to watch its use, see if any attacks are occurring, and gain data on how it’s used.

Answer 407

A user wants something and asks IT for it. IT (or the purchasing committee) looks at what they want to buy and analyzes the budget to see if they can buy it. If they can, management, IT, and/or the purchasing committee sign off on it and they buy it. Sometimes IT haggles with whoever they’re trying to buy it from. When a price is reached, the transaction takes place. Paid all at once or in payments.

Answer 408

…Dude, just put an asset tag on things when you get them, and put them into an asset tracking system explaining what the thing is and who currently has it. This is not hard.

Answer 409

Making sure data is completely removed from media, and no usable information remains. You can either completely clean a hard drive for future use, or just permanently delete a single file.

Answer 410

Drill it. Hammer it. Shoot it. Put it in a shredder. Crush it. Incinerate it. Degauss it.

Answer 411

Give your drives to a third party, they blow them up, and then give you a certificate saying they blew them up.

Answer 412

Sometimes you are required to keep data for a certain number of years (emails, for example). Make sure this data is backed up somewhere, and sometimes even in multiple formats.

Answer 413

A minimally invasive scan on your systems used to determine if a system may be susceptible to a type of attack. Not a penetration test. Usually includes a port scan. Sometimes include false positives, so they need to be looked through by hand afterward.

Answer 414

Verifying the contents of an application package when you download it to your OS. Make sure the stuff you install is from the manufacturer. Confirm it’s safe before you deploy it.

Answer 415

Publicly available information from a variety of sources that give information on the latest threats and attacks to watch out for on your systems.

Answer 416

An organization has already compiled a list of threats across multiple enterprises, and you can buy it for a price.

Answer 417

An organization that has compiled their threat intelligence and made it available to their customers. Can be public information that was once classified, or private intelligence dealing with threats specific to an organization. See, The CTA (Cyber Threat Alliance).

Answer 418

Intelligence from the source. Usually very detailed. The Dark Web is only accessible by using specialized software. Lots of hacking groups on the Dark Web.

Answer 419

A simulated attack on your own systems. You’re trying to exploit the vulnerabilities found on your system.

Answer 420

A list of updated and patched vulnerabilities that have been made public.

Answer 421

A reward for discovering a vulnerability in a system.

Answer 422

A vulnerability that is identified that doesn’t really exist.

Answer 423

A vulnerability that exists, but your software didn’t find it.

Answer 424

Common Vulnerability Scoring System. A scoring system that rates how critical a vulnerability is on a scale of 1 to 10.

Answer 425

Common Vulnerability Enumeration. A cross-reference of vulnerabilities listed online.

Answer 426

A vulnerability scanner scans your systems and classifies found vulnerabilities on what sort of systems they’re found on, for example, it will classify the vulnerability as application, web application, or network vulnerability.

Answer 427

Usually represented as a percentage, it tells users how risky it is to have that vulnerability remain on your system. If it’s minor, the percentage will be small. If it’s major, the percentage will be high.

Answer 428

Knowing the environment that the vulnerability occurred in. One would patch a vulnerability differently in a cloud server than on an internal server. Decide which environment gets priority to be patched.

Answer 429

Understanding the type of organization that is affected by an exploited vulnerability and prioritizing them accordingly.

Answer 430

The amount of risk acceptable to an organization. It’s impractical to remove all risk, so you have to ask how long can you go without patching this vulnerability?

Answer 431

The most common mitigation technique. A vulnerability shows up, we download a patch to fix it. Usually they’re scheduled.

Answer 432

Cybersecurity Insurance Coverage can help mitigate your losses in the event of a cybersecurity attack, recovering money stolen, and covering assets or data lost in the attack.

Answer 433

Separate your stuff into VLANs so that an attacker can’t get everything.

Answer 434

Sometimes patches can’t be deployed right away. As an alternative, you can disable the service, revoke access to the application, limit external access, or modify internal security controls and software firewalls. Doing something to temporarily prevent access until a patch can be deployed.

Answer 435

Sometimes you can’t give things a patch, and you need to exclude that application from getting a patch in spite of the vulnerability. Call this shot on your own, and determine if it’s worth it.

Answer 436

The vulnerability is now patched, but did that patch work, and did the patch go out to all your applicable systems? Running a scan and an audit after the patch is deployed is validating the remediation. You can also manually verify that the patch is now working.

Answer 437

An ongoing, automated list of vulnerabilities, systems patched and unpatched, a list of new threat notifications, errors, exceptions, and exemptions in your environment.

Answer 438

Have authentication for logins from strange places, server monitoring such as service activity, backups and updated software versions.

Answer 439

Have availability, monitor the traffic, uptime, and response times. Monitor data transfers and look for increases or decreases in rates. Monitor application security notifications and see if you get any updates from the developer/manufacturer.

Answer 440

Monitor your remote access systems to see who’s connecting via VPN. Also, take a look at your firewall and IPS reports.

Answer 441

Log aggregation, Scanning, Reporting, Archiving, Alert response and remediation/validation, quarantining, Alert tuning.

Answer 442

Getting all the security data you need all at once. Use a SIEM: Security Information and Event Management. The logging of security events and information to one central consolidation point. What you can reference if something goes wrong with security. You can set up a SIEM to alert you as well.

Answer 443

Actively check systems and devices. Look for OS types and versions, device driver versions, installed applications, and potential anomalies. Gather as much info as possible and create detailed reports for later if you need them.

Answer 444

Analyze the collected data from your scans.

Answer 445

Collecting and having access to your data at any given moment.

Answer 446

Crafting a real-time notification of security events and enabling a quick response should an attack happen. Be informed via text message and email.

Answer 447

Taking a system off the network so the attacker can’t go anywhere else.

Answer 448

Fine tuning your alerts to make sure that the alerts you set up are legitimate and not false positives or false negatives.

Answer 449

Security Content Automation Protocol. The consolidation of vulnerabilities found by multiple firewalls, IPSs, vulnerability scanners, etc. into a single language, so that all of these devices are communicating and working together to find threats.

Answer 450

The best practice implemented on a device for security, the bare minimum for security settings on a device without any additional security configurations.

Answer 451

To check if a device is in compliance, a software agent is usually installed onto a device before it is given out. It’s then always on and checking to see if the device is within compliance. Agent devices continuously have to be updated. Agentless devices don’t have any software downloaded to it for checks, but once you login to the device, a check for compliance occurs, but only once.

Answer 452

Tools used to identify malicious software, usually spyware, ransomware, and fileless malware.

Answer 453

Data Loss Prevention. Looks for and stops running data you don’t want running on your network. If someone sends their social security number over the network, DLP stops it.

Answer 454

Simple Network Management Protocol Traps. Gathers statistics from network devices by polling them on how many bytes have been transferred over it. An alarm is sent if an abnormality occurs.

Answer 455

Gathers statistics and data from the raw traffic going across your network. Consists of a probe and a collector. The probe gathers data and then exports it back to the collector.

Answer 456

A vulnerability scanner scans your systems and classifies found vulnerabilities on what sort of systems they’re found on, for example, it will classify the vulnerability as application, web application, or network vulnerability.

Answer 457

Network device that filters traffic by port number and protocol or application, depending on whether it’s a traditional firewall or a next gen firewall.

Answer 458

If there is no explicit rule to allow traffic on a firewall, then traffic is blocked.

Answer 459

If traffic does not match any of the rules on a firewall placed above the explicit deny rule, the traffic is blocked.

Answer 460

Access Control List. List that allows or disallows traffic based on IP address, port number, categories of traffic, or even time of day.

Answer 461

What used to be known as a DMZ. a subnet that is monitored and controlled, but accessible from the outside of your network.

Answer 462

An IPS looks at traffic as it passes by. A signature based rule in an IPS is looking for a perfect match of specific malicious traffic.

Answer 463

An IPS looks at traffic as it passes by. A trend based rule in an IPS is looking for a trend of traffic that is similar to malicious traffic, and blocks all traffic that looks like the trend.