Starting from SQL Flashcards
What is SQL?
It is a programming language with which we can create, maintain and request information from Databases.
What is a Database?
It is an organized collection of data or information.
what are relational databases?
A structured database containing tables that are related to each other.
Tables might be similar in one or more columns.
The columns that relate 2 tables to each other are called keys.
There are other kinds of databases as well.
What are 2 types of keys in relational databases?
Primary key - A column where every row has a unique key.
Foreign key - A column in a table that is a primary key in another tale.
Foreign keys unlike primary keys can have empty values or duplicates.
What is a Query?
A query is a request for data from a database table or a combination of tables.
How we can access SQLite version of SQL from Linux command line?
sqlite3
Give me an example of a scenario where we might Linux as compared to SQL.
Sometimes data format that we need to examine might not be compatible with SQL (for example - text files). For such cases, we need to use Linux.
What are the 2 basic keywords used in SQL queries?
SELECT - indicates which columns to return (* denotes to return all the columns of a table)
FROM - Indicates which tables to query
What keyword do we use to get an ordered result of a query to a database?
We can craft our query to order the query output based on any of the columns in the database.
SYNTAX - >
SELECT customer_ID, city
FROM customers
ORDER BY city;
In descending ->
ORDER BY city DESC;
Note - We can also sort based on multiple columns.
What are the basic filters in SQL queries?
WHERE -> acts as a clause that we use to create a filter
% -> Wildcard
- -> Wildcard
Like -> operator
Give me example of usage of WHERE in SQL.
WHERE country = ‘USA’
WHERE country LIKE “US_”
(In the above statement, underscore will substitute for only one another character )
WHERE name LIKE “man%”
(Above, percentage sign will substitute for any number of other characters)
WHERE NOT country = “USA”
What are the common datatypes in Databases?
Strings, Numbers, Data and Time
Note - Data and Time need to be enclosed within quotation marks like strings.
Give me an example of filtering use of comparison operator in SQL.
SELECT *
FROM employees
WHERE birthdate > ‘1970-01-01’;
What is inner join in SQL database tables?
It returns rows matching a specified column that exists in more than one table.
When we use INNER JOIN, all the columns in both tables are returned.
If the column exists in both of the tables, it is returned twice when SELECT * is used
What are different kinds of Joins in SQL?
Inner Join
Left Join
Right Join
Full join
Give me an example of Inner join syntax.
SELECT username, operating_system, employees.device_id
FROM employees
INNER JOIN machines ON employees.device_id = machines.device_id;
What are aggregate functions in SQL?
Count - returns a single number that represents the number of rows returned from your query.
AVG - for average
SUM - for sum
SELECT COUNT(firstname)
FROM customers
WHERE Country = ‘USA’;
How do we calculate risk to some asset?
Its formula is
Likelihood * impact = Risk
It depends on how often a risk can be exploited and what its impact on the organization if it is exploited.
What are the categories of a threat?
Intentional threat -
Unintentional threat -
Outsider threat -
Insider threat -
What are the 2 categories of vulnerabilities?
Technical vulnerability
Human vulnerability
What is Asset management?
It is the process of making an inventory of all the organization’s assets, tracking all the assets, and finding out all the associated risks to these assets.
It also includes asset classification.
What is asset classification?
Asset classification is the process of classifying assets based on how important an asset is to an organization and how sensitive it is.
How do we find out the sensitivity and importance of an asset to an organization?
To know the sensitivity and importance of an asset to an organization, we normally ask the following questions:
- What you have
- Where it is
- Who owns it
- How important it is
What are the common asset classifications that an asset can be categorized into?
- Restricted
- Confidential
- Internal only
- Public
What is information security?
Information Security is the practice of keeping information secured from unauthorized access in all its states :
Data-in-use
Data-at-rest
Data-in-transit
To protect data, we need to know what state our data is in.
What are the elements of a Security Plan?
Every Security Element has the following elements :
Policies - Policies are the set of rules that reduce risk and protect information.
Procedures -
Standards - these are the references based on what policies are created.
What are the components of the NIST Cyber security framework?
NIST CSF has 2 main components :
Core
Tiers
Profiles
What are the sub-components of the core component NIST CSF?
The core component has 5 sub-components :
- Identify
- Protect
- Detect
- Respond
- Recover
What is the use of Tier component of NIST CSF?
This provides security teams with a way to measure performance across each of the 5 functions of the core.
What is the use of Profile component of NIST CSF framework?
It is like a snapshot of the security posture of an organization at different times.
It is used to see the improvements in the security posture of an organization.
What are the different types of security controls?
Technical
Managerial / Administrative
Operational - controls like user training or incident response.
What is information privacy?
It is the practice of protecting information from unauthorized access and giving the right to choose.
What is the best way or best control to protect the data privacy?
By implementing the principle of least privilege.
What are service accounts?
Service accounts are assigned to applications that need to interact with the other software on the network.
What are the 3 common approaches to auditing user accounts?
We can audit user accounts using 3 ways:
- Usage audits
- Privilege audits - These audits happen on the accounts of a user who is with the organization for a long time and they tend to accumulate more privileges as they are promoted or change their department.
- Account change audits - in this one, security analysts look for unauthorized changes on user accounts.
What is Data governance?
It is a set of processes that defines how an organization manages information.
It defines policies that keep data secure throughout its lifecycle.
What are the different stages in Data life cycle?
Data life Cycle has 5 stages -
- Collect
- Store
- Use
- Archive
- Destroy
What is cryptography?
It is the process of transforming information into a form that unintended readers can’t understand.
What is PKI - Public Key Infrastructure?
It is an encryption framework that secures the exchange of information online.
Give me some examples of symmetric encryption algorithms.
3DES -
AES - advanced encryption algorithm - it supports a key length of 128, 192 and 256 bits.
Give me an example of asymmetric algorithms.
RSA - Rivest Shamir Adleman
DSA - Digital signature algorithm - It was generated by NIST and it generates a key length of 2048 bits. This algorithm is widely used PKI.
What are some of the ways to protect information?
Using the principle of least privilege
Using cryptography
using Hashing functions
What are different hashing functions?
MD5 - generates a hash of 128 bits
SHA1 - Secure Hashing - Produces a digest of 160 bits
SHA-224 - 224 bits digest
SHA-384
SHA-512
What are the vulnerabilities in Hashing functions?
MD5 is vulnerable to Hashing collision.
Hashing collision - it happens when more than one input value gives that same digest value. An attacker might exploit this vulnerability.
Hashing functions are also vulnerable to Rainbow Table attacks.
Rainbow table - A rainbow table is a file of pre-generated hash values and their associated plaintext. These are like dictionaries of weak passwords. In some cases, if an attacker gets hold of the organization’s password database, he/she might use these rainbow tables to guess the password.
How can we compute the hash of a file in Linux command line?
sha256sum
To compare the contents of 2 files and to see the number of the first character where it differ, we use cmp function.
What is Access Control?
Security controls that manage access, authorization, and accountability of information.
What is SSO?
SSO establishes a user’s identity once for a specified period of time.
It includes the concept of identity and service provider.
SSO should always adopt MFA.
What are the 2 common authentication protocols that SSO implementation relies on?
LDAP - Light Weight Directory Access protocol
SAML - Security Assertion Mark Up Language
What 2 factors influence authorization?
Principle of least privilege
Separation of duties
What are 2 security controls that are used to secure data that travel over the internet?
Basic Auth
and OAuth
In OAuth, user authenticates to an OAuth server which provides a token to the service provider to authenitcate user. So user password and user name does not travel over the wire.
For example, when you log into Brainscape with google account, you are directed to the Google OAuth server that authenticates you and sends a authorization/ authentication token to Brainscape. Eventually, you are grated access to the service of service provider.
What is Basic Auth?
HTTP uses basic auth. The technology is used to establish a user’s request to access a server.
It works by sending an identifier (username and password) every time the user communicates with a webpage.
It is not secure as it sends username and password in clear text.
What is OAuth?
An open standard authorization protocol that shares designated access between applications.
For example - We can tell google that it is ok for other websites to access your profile to create a account.
Also, instead of sending and requesting sensitive username and password over the network, OAuth uses API tokens to authorize people to access webpages.
What is API token?
It is a small block of encrypted code that contains information about a user.
Information like identity, site permissions, and more.
What is a Session?
Any time a user accesses a system, they initiate what is called a session.
A session is a sequence of network HTTP basic auth requests and responses associated with the same user.
What are the 2 things that happen when a session is initiated?
- Session ID is created - It is a unique token that identifies a user and their device while accessing the system.
- Second action that takes place during the start of session is the exchange of session cookies.
What is a session cookie?
A token that websites use to validate a session and determine how long that session should last.
When cookies are exchanged between your computer and server, your session ID is read to determine what information should site show you. Cookies make web session more safer and efficient.
What is session Hijacking attack?
Exchange of tokens means no sensitive data like usernames or passwords are shared.
Session cookies prevent attackers from obtaining sensitive data. However, there is other damage that they can do. With a stolen cookie, the attacker can impersonate a user using their session token.
Session hijacking is an event when an attacker obtains a legitimate user’s session ID.
What are 3 main frameworks that organizations use to handle the steps of IAM?
- MAC - Mandatory Access Control
- DAC - Discretionary Access Control
- RBAC - Role Based Access Control
What is MAC - Mandatory Access Control?
It is the strictest of the 3 frameworks. Authorization in this model is based on the need-to-know basis. Access to information must be granted manually by a central authority or system admin.
What is an exposure?
It is a mistake that can be exploited by a threat.
What is Vulnerability management?
It is the process of finding and patching vulnerabilities.
What are the 4 steps of vulnerability management?
- Identify vulnerabilities
- Consider potential exploits
- Prepare defenses against threats
- Evaluate those defenses
What is a zero day attack?
An exploit that was previously unknown.
What are the 5 layers of defense in depth strategy?
- Perimeter layer
- Network layer
- Endpoint layer
- Application layer
- Data layer
What is a CVE list?
An openly accessible dictionary of known vulnerabilities and exposures.
What is CVE numbering authority (CNA)?
An organization that volunteers to analyze and distribute information on eligible CVEs
CVE list tests 4 criteria that a vulnerability must have before it is assigned an ID.
- Independent of other issues
- Recognized as a potential security risk
- It can only affect one codebase (only one programs source code)
What is CVSS - Common Vulnerability Scoring System?
A measurement system that scores the severity of a vulnerability.
This vulnerability score is assigned by the National Vulnerability Database.
These are used as part of the vulnerability Management process.
What is OWASP?
It is a not-for-profit organization that works to improve the security of web applications.
It stands for Open Web Application Security Project or Open Worldwide Application Security Project.
What is OWASP 10?
It is one of the most valuable resources of OWASP that aware us about the web’s most targeted vulnerabilities.
What are the first 3 OWASP top 10 vulnerabilities?
- Broken Access Control - if the web applications fail to keep Access Control in place, it might lead to unauthorized access to sensitive information, or escalated rights to the web database.
Access control can be a technology or process that controls who has access to a particular service and what can they do with the resources. - Cryptographic Failures - This might take place when application data is not encrypted or it is encrypted using a weak encryption algorithm. It might also involve the scenario where weak hashing functions are used like the user of MD5 that produces a digest of 128 bits.
- Injection - Injection is an attack in which an attacker inserts malicious code into an application through its vulnerability. Injection attacks can give back door into an organization information system.
What are the 4th, 5th and 6th vulnerabilities mentioned by OWASP10?
- Insecure design - It is a vulnerability in which developers miss security controls or they use poorly implemented security controls while developing the application.
- Security Misconfiguration - Example of this using default settings while configuring a server.
- Vulnerable and outdated components - In this vulnerability, to complete their application design quickly, developers make use of pre-built libraries / open source libraries that are vulnerable to several kinds of attacks.
What are 7th, 8th and 9th vulnerabilities stated by OWASP 10.
- Identification and authentication failures - This happens when an application fail to recognize who should have access and what they are authorized to.
- Software and Integrity failures - These are instances when updates or patches are inadequately reviewed before implementation. This can lead to supply chain attacks.
- Security logging and monitoring failures -
- Server-Side Request forgery - In this vulnerability, attackers manipulate the normal operations of a server to read or update other resources on that server.
What is OSINT - Open Source Intelligence?
It refers to the analysis of information or data to produce insights or knowledge that supports decision making in a particular subject.
What is vulnerability assessment?
It is the internal review process of organization systems to find any vulnerabilities in them.
Vulnerability assessment involves 4 steps -
- Identifying the vulnerabilities
- Analyzing the vulnerability to find you the root cause.
- Doing risk assessment which will find out how severe is this vulnerability and how likely it can be exploited.
- Remediation
What is a Vulnerability scanner?
It is a software that automatically compares known vulnerabilities and exposures against the technologies used in the organization.
In general, these tools scan systems to find misconfigurations and programming flaws.
What are the different kinds of vulnerability scans that we can perform with vulnerability scanners?
Authenticated / Unauthenticated scans
Limited / Comprehensive scans -
What is penetration testing?
It is a simulated attack that helps identify vulnerabilities in systems, networks, applications and processes. We pen-test, security analysts find out that ways in which vulnerabilities can be exploited and what are the consequences if these vulnerabilities are exploited.
What are the different types of penetration testing?
- Open box - Tester knows the system architecture, data flows, and network diagrams.
- Closed box - Black box
- Partial knowledge testing -
What is one of the crucial steps that security analysts perform to secure organization assets?
They get to know the attack surface area of organization assets.
Attack Surface Area - It includes all the potential vulnerabilities that a threat actor could exploit.
There are 2 kinds of attack surface area -
Physical attack surface area
Digital Attack surface area
What is Security Hardening?
It is the process of strengthening the system to reduce its vulnerability and attack surface.
What are different types of threat actors?
A threat actor is any person or any group who resents a security risk.
These are divided into 5 categories -
- competitors
- Criminal Syndicates -> Refer to an organized group of people who make money from criminal activity.
- state actors
- Insider threats
- Shadow IT
What are attack vectors?
These are the pathways that attackers take to penetrate defenses.
What is the list of common Attack vectors / Access Points?
- Direct access -
- Email -
- Removable drive/media -
- Social Media platforms -
- Wireless networks
- Cloud Services -
- Supply chains - Like 3rd part vendors that can present a backdoor into systems.
How do we practice an attacker mindset?
- Identify a target
- Determine how the target can be accessed
- Evaluate attack vectors that can be exploited
- Find the tools and methods of attack.
Give me examples of common rules for defending an attack vector.
- Educating users
- Applying the principle of least privilege
- Using the right security controls and tools
- Building a diverse security team.
What is reverse brute force attack?
In reverse brute force attack, attacker gets hold of legit username/ password of some user and then he / she tries this password combination systems until a match is found.
What is credentials stuffing attack?
In this attack, the attacker uses the stolen login credentials from previous data breaches.
A specialized type of credentials stuffing is pass the hash. These attacks reuse stolen, unsalted hashed credentials to trick an authentication systems into creating a new authenticated user session on the network.
Give me some examples of tools of trade for brute force attacks.
Aircrack-ng
Hashcat
John The Ripper
Oph crack
THC Hydra
What are the common preventative measures against brute force attacks?
- Hashing and Salting
- MFA
- CAPTCHA
- Password Policies
Salting is used to strengthen the length and complexity of hash values.