Study Flashcards

Question 1

Q

Authentication Factors

Answer

A

Something you know, have or are

Question 2

Q

Authentication Attributes

Answer

A

Less certain factors like IP or location

Question 3

Q

/etc/passwd

Answer

A

Contains user info + hashed passwords

Question 4

Q

/etc/shadow

Answer

A

Contains encrypted passwords + security info

Question 5

Q

%SystemRoot%System32\config\SAM

Answer

A

Where Windows stores passwords

Question 6

Q

TAP Active

Answer

A

Network management, boosts signal strength + makes data better to send to a monitoring tool

Question 7

Q

TAP Passive

Answer

A

Copies network traffic

Question 8

Q

SPAN (Mirror)

Answer

A

Copies traffic from a bunch of ports and mirrors to one port

Question 9

Q

swapfile

Answer

A

When RAM is full data goes here

Question 10

Q

cdmlet

Answer

A

PowerShell command to control 1+ computers at once

Question 11

Q

Recovery Point Objective (RPO)

Answer

A

How much data a company can lose in a disaster event

Question 12

Q

RAM

Answer

A

Short term memory, data that is being actively used or processed

Question 13

Q

Cache Memory (CPU Memory)

Answer

A

Part of RAM, temporarily stores most frequently used instructions to make CPU process it faster

Question 14

Q

Hard Disk Drive (HDD)

Answer

A

Old school data storage

Question 15

Q

Solid State Drive (SDD)

Answer

A

Like HDD but newer and better

Question 16

Q

Controller Cache

Answer

A

Temporary storage area that saves frequently accessed data to speed

Question 17

Q

Dump Files

Answer

A

Captures what happens when program/system crashes

Question 18

Q

Self Encrypting Drive (SED)

Answer

A

Built in protection, very secure, good for performance but expensive

Question 19

Q

Full Disk Encryption (FDE)

Answer

A

Can be applied to any drive, cheaper but takes time to encrypt/decrypt everythang

Question 20

Q

Honeypot

Answer

A

Single system/resource

Question 21

Q

Honeynet

Answer

A

Bunch of connected honeypots

Question 22

Q

Honeyfile

Question 23

Q

DNS Security Extensions (DNSSEC)

Answer

A

Combats DNS poisoning, uses cryptographic signatures to ensure websites are legit

Question 24

Q

DNSSEC Stages

Answer

A

Signing the Data (making public/private keys)
Key Distribution
Signing Resource Records (Signing it)
Authentication
Chain of Trust (confirmation)

Question 25

Q

IEEE802.1X

Answer

A

Network security, controls which devices are let in. Checks via device, switch and authentication server

Question 26

Q

Security Enhanced Android (SEAndroid)

Answer

A

Security enhancements, assigns labels to everything, like what entity can do

Question 27

Q

Memory Leak

Answer

A

Program/app not releasing temp memory when it’s done

Question 28

Q

Exception Handling

Answer

A

Code tries to do something it can’t/bugs out it doesn’t shut down

Question 29

Q

Clickjacking

Answer

A

Malicious website overlays/disguises their content over a legit one

Question 30

Q

UEM (Unified Endpoint Management)

Answer

A

Controls multiple types of devices despite different OS’. Can do actions, change policies and update software

Question 31

Q

XSS (Cross Site Scripting)

Answer

A

Attacker injects malicious script into legit website

Question 32

Q

PAP (Password Authentication Protocol)

Answer

A

Old way of transmitting credentials, plaintext so unsecure unless using secure tunnel like IPSec. Basic username/password login

Question 33

Q

IPSec (Internet Protocol Security)

Answer

A

Encrypts data sent over network, provides integrity and authentication. Verifies identity of users involved

Question 34

Q

AH (Authentication Header)

Answer

A

Used in IPSec and encrypts the whole packet. Privudes authentication/integrity and protects against replay attacks

Question 35

Q

ESP (Encapsulated Security Payload)

Answer

A

Part of IPSec, encrypts the actual data payload

Question 36

Q

L2TP (Layer 2 Tunneling Protocol)

Answer

A

Creates tunnel between 2 endpoints. Creates VPN when used with IPSec

Question 37

Q

C2 Server (Command & Control Server)

Answer

A

Commands bots + botnets. Malware connects endpoints to C2.

Question 38

Q

Hash Collision

Answer

A

2 different data inputs return the same hash

Question 39

Q

DLL (Dynamic Link Library)

Answer

A

Precompiled functions from different apps to save resources

Question 40

Q

DLL Injection

Answer

A

Insert code into running process. Can mask malware with legit code

Question 41

Q

LDAP

Answer

A

Manages + accesses directory info over a network. Commonly used for user authentication and authorisation

Question 42

Q

Directory Traversal Attack

Answer

A

Attack uses ../ to break free from directory and access forbidden ones

Question 43

Q

Race Condition

Answer

A

Several processes trying to access the same resources at the same time = freak out, processes wont work properly and mistakes will be made

Question 44

Q

Improper Input Validation

Answer

A

Data input isn’t checked so users can insert malicious stuff

Question 45

Q

Network Replay Attack

Answer

A

Attacker resends user data to access users stuff. Attacker snooped on user comms and took info, then resends that info so it gets sent to them = access to user/network stuff

Question 46

Q

Session ID

Answer

A

Website assigns users loging a session ID so they don’t have to keep logging in

Question 47

Q

SSRF (Server Side Request Forgery)

Answer

A

Take control of a server and uses it as a proxy for naughty activities

Question 48

Q

On Path Attack

Answer

A

Man in the middle

Question 49

Q

Shimming

Answer

A

Adding extra code (a shim) to smooth over compatibility issues, doesn’t affect core code

Question 50

Q

Refactoring

Answer

A

Changing essential code, malware refactors so it doesn’t match attack signature

Question 51

Q

Sideloading

Answer

A

Downloading app from non official app store

Question 52

Q

Prepending

Answer

A

Adding extra characters (01,02,03) for filing and security (random hashes/characters)

Question 53

Q

Fuzz Testing

Answer

A

Throwing random inputs to software to test it

Question 54

Q

Pass the Hash

Answer

A

Attacker logs in with just the hash not plaintext

Question 55

Q

Bluejacking

Answer

A

Spam via bluetooth

Question 56

Q

Bluesnarfing

Answer

A

Unauthorised access to a device via bluetooth

Question 57

Q

Wireless Dissociation Attack

Answer

A

Kicking user off WiFi

Question 58

Q

2V (Initialisation Vector)

Answer

A

Like a salt, adds random data to result in diff ciphertexts for same data

Question 59

Q

ARP Poisoning

Answer

A

Associate my MAC address with default gateway IP so network traffic gets sent to me

Question 60

Q

DNS Poisoning

Answer

A

DNS translates URL to IP to take you where wanna go. This attack changes IP to take you somewhere else

Question 61

Q

Pharming

Answer

A

DNS poisoning falls under pharming, can also send you to identical looking website

Question 62

Q

OT (Operational Technology)

Answer

A

Physical tech like machines or power plants

Question 63

Q

Federation

Answer

A

Use one company’s credentials for multiple logins, like Google

Question 64

Q

SAML

Answer

A

Document that contains AAA about the user, used for SSO

Answer 64

A

Used in SSO/federation, lets apps access some user data without their credentials

Answer 65

A

Sits between users devices and external networks. It mediates comms, performs security, privacy, content filtering, and network performance optimisation. Forwards user requests

Answer 66

A

Sits at edge of network and decides which external users are allowed access to internal servers. Users connect to jump server first

Answer 67

A

Part of Mitre, framework basically logs all known ATT for education and security purposes

Answer 68

A

Set of tools, libraries, documentation devs use to built stuff. Means devs can focus on working not on low level implementation stuff

Answer 69

A

Interface for web documents. Translates docs (like HTML/XML) into a tree like structure with nodes. Makes it easier to change stuff in the doc

Answer 70

A

Macro programming language, file extension is .vba or .bas

Answer 71

A

Methodology for writing software faster

Answer 72

A

Command line and scripting language for Windows, file extension is .ps1

Answer 73

A

OS with great command line interface. File extension .sh

Answer 74

A

Directory of known exploits

Answer 75

A

Made by NIST, even better American CVE

Answer 76

A

USAs real time sharing of threat indicators

Answer 77

A

Standardised language for sharing threat info/indicators

Answer 78

A

How people share infosec info like IoC and TTPs

Answer 79

A

Email encryption, uses public key cryptography, relies on PKI, and allows use of digital signatures

Answer 80

A

Integrates diff tools, focuses on automated incident response, better for large orgs

Answer 81

A

Prevents code from being executed in memory that should only contain data, reduces exploits

Answer 82

A

Asymmetric encryption where each key is newly generated for each session. Means past sessions can’t be comprimomised with current keys and vice versa
Often used in TLS

Answer 83

A

Stealthy way of checking for open ports on nmap

Answer 84

A

Show open ports and OS but not the version

Answer 85

A

Capture and analyse network traffic

Answer 86

A

Lookup domain and IPs via querying DNS

Answer 87

A

Find network topology. Traces route packets take from source to destination + records time it takes.
tracert - Windows
traceroute - Linux/Mac

Answer 88

A

Network interface info
ipconfig - Windows, gives IP, subnet mask, default gateway and DNS server
ifconfig - Linux, gives IP, subnet mask, broadcast address

Answer 89

A

Shows network statistics, and traffic between local device and other devices on the network
Shows open ports, routing tables and network connections, etc

Answer 90

A

Virus that can change files and admin rights to gain privileges

Answer 91

A

Ensuring a system can survive failure, through things like redundancy and load balancing

Answer 92

A

System adaptability

Answer 93

A

Verifying config settings and ensuring they’re right

Answer 94

A

The amount of data loss an org/system can sustain

Answer 95

A

How long after disaster recovery until reg work activities can resume

Answer 96

A

Max amount of time disaster recovery can take

Answer 97

A

AAA solution, scalable, works with network devices like switches and routers.
Only encrypts passwords. Centralised, open source. Works for stuff like WiFi and VPNs

Answer 98

A

AAA solution, same as RADIUS but is a Cisco proprietary control. Works primarily with Cisco devices but encrypts entire packet. More granular

Answer 99

A

AAA solution, the default Windows solution. Network authent, used for SSO and mutual authen between client/server - prevents onpath/replay attacks. Cryptographic ticketing system. Not every device compat with Kerberos
AS gives user a TGT
User gives TGT to TGS
User also gets ST from TGS to acces specific stuff like email
User sends ST to SS which decrypts it TGS

Answer 100

A

Butter that smooths over the AAA solutions/diff authentication solutions and allows them to work together

Answer 101

A

Uses digital certs for mutual authentication - most secure EAP

Answer 102

A

Uses TLS to produce encapsulate EAP messages in a secure tunnel

Answer 103

A

Sets up secure tunnel with PAC (Protected Access Credential) which securely transport credentials

Answer 104

A

Part of Kerberos, contains authorisation info about the user

Answer 105

A

Like PEAP (secure tunnel) but uses a server side certificate, has mutual authentication between client and server

Answer 106

A

A hash or a/symmetric encryption

Answer 107

A

Bunch of primitives like a cipher suite

Answer 108

A

Manages industrial processes, monitors/controls/optimises processes/infra in real time. Does everything from remote control/security/alarms

Answer 109

A

Like tailgating but tricking someone to let you in

Answer 110

A

Using a compromised account/system to gain access to other accounts/systems. Lateral movement

Answer 111

A

Detects/responds to advanced threats at endpoint level, does everything Bitdefender can basically

Answer 112

A

NG has AI, ML, user analytics, proactive threat hunting, good with cloud + helps protect diverse environments. Trad is none of that and is reactive

Answer 113

A

0 is no redundancy but high performance (striping without parity), 1 is duplicating all data to another drive (mirroring), 5 is spreading data across a bunch of drives and having one drive that holds the full data (striping with parity)

Answer 114

A

Assign signatures to malware/malicious processes/attacks, etc Needs frequent updating to keep up with new attacks. Used by AV

Answer 115

A

Sectoral for P2M and Directional for P2P

Answer 116

A

Analyse stuff to understand how business process works.
1. Process inputs/outputs
2. Roles/responsibilities
3. Process flow/sequence
4. KPIs
5. Dependencies/interactions (want low dependencies)

Answer 117

A

Uses TCP and UDP, doesn’t inspect data transmissions, distributes info based on header info like IPs/ports - used for streaming services too

Answer 118

A

HTML based, routes info based on URLs, cookies, etc as well as on data transmission content. It can test applications states

Answer 119

A

Cryptographic document that binds the identity of an entity to a public key. Has public/private key pairs.
Only valid for x amount of time
Adheres to X.509 standard

Answer 120

A

Code signing certs for software validity
Email security (using key pairs for encryption)
In TLS/SSL protocols for security

Answer 121

A

Standard that defines the format of public key certificates

Answer 122

A

Assigns the certificates, entire PKI system is based on trust of the CA.
Root CA - top of hierarchy, assigns intermediary CAs
Intermediary CAs - assign certificates to entities
If intermediary CA gets compromsied the root CA is still secure which is vital, limits the impact of compromise

Answer 123

A

The framework that runs digital certificates

Answer 124

A

Investigates/verifies the identities of the entities applying for certificates

Answer 125

A

Lists that CAs update to tell entities when their certificates are expiring

Answer 126

A

When orgs need to work together or share data the ISA sets the ground rules of what is/n’t allowed

Answer 127

A

Separates control plane from data plane in network devices. Makes network structure more flexible and efficient

Answer 128

A

Control plane is the instructions on what to do (what to prioritise, secure or switch)
Data plane is the action of doing it
Management - monitors traffic and network status

Answer 129

A

System memory cache, data on mass storage devices, remote monitoring data, archival media

Answer 130

A

Helps detect spoofing attacks

Answer 131

A

Prioritises services which are chunks of code that function independently and can be put in other apps or used for different stuff

Answer 132

A

Uses API to break app into ‘microservices’ for flexibility and scalability. Can change code in each microservice rather than whole app

Answer 133

A

Uncontrolled growth of VMs in a virtual enivronment. Usage audits + asset documentation

Answer 134

A

Malware running on guest OS escapes to another OS or to the host. Sandboxing + patch management

Answer 135

A

Standard login but sends password as a hash

Answer 136

A

Loss expected from one event

Answer 137

A

Loss over a year, ALEm is with Mitigation so loss expectancy over a year with mitigation startegies included

SLExARO=ALE

Answer 138

A

(Value of Loss/Asset Value) x100

Answer 139

A

How many times a year will this happen

Answer 140

A

How much is saved

((ALE - ALEm) - Cost of Solution) / Cost of Solution

Answer 141

A

Reconnaissance
Weaponisation
Exploitation
Delivery
Installation
6 Command and Control (C2)
Actions on Objectives

Answer 142

A

What VMs run on, like VirtualBox

Answer 143

A

Often used in symmetric encryption. Encrypt one bite at a time, are fast. Often include IV (like a salt) to the encryption

Answer 144

A

Often used in symmetric encryption. Encrypts whole blocks at a time, not bite by bite.

Answer 145

A

Digital, decentralised ledger. Saved in ‘blocks’ and usually hashed. Used for crypto payments, online voting, etc

Answer 146

A

Combines two or more cloud types, like public, private or community

Answer 147

A

Bridge between IoT (edge) devices and the cloud. Data can quickly be moved to cloud but not stored in there

Answer 148

A

IoT devices, they need only themseleves to do their tasks, don’t need to contact the cloud/internet. Like LED light

Answer 149

A

Instead of using VMs to run each app, you contain each app in a ‘container’ (sandbox) and run them. More streamlined than virtualisation

Answer 150

A

Secure sections in a public cloud that holds specific resources

Answer 151

A

Directs users to correct VPC

Answer 152

A

Removing duplicates of info in a database

Answer 153

A

Input validation and stored procedures (only xyz SQL commands accepted)

Answer 154

A

Source code being unnecessarily big and complicated

Answer 155

A

Time based one time password

Answer 156

A

HMAC Based One Time Password, generated with a secret key

Answer 157

A

Technique that provides multiple paths between host and storage device. Mitigates single point of failure + enhances availability

Answer 158

A

Combining multiple NICs for performance, load balancing and redundancy

Answer 159

A

Good for short term emergency power

Answer 160

A

Distributes power to multiple devices

Answer 161

A

Connects storage devices to servers at high speeds. Centralise storage management in a data center

Answer 162

A

Storage device/server in a network that provides file storage to other devices. Shares and manages files

Answer 163

A

Captures data that has changed since the last backup. Typically multiple incremental backups have the full data needed, it’s faster and uses less storage

Answer 164

A

Captures all data since the last FULL backup. Takes longer + more storage space but easier to restore

Answer 165

A

When changes made to system are temp so they go away once there’s a reboot

Answer 166

A

OS where tasks are completed in specific time frames, have to be predictable. Used in medical devices, brakes, missiles, etc

Answer 167

A

Secure hardware device that creates, manages and protects encryption keys. Can work with many devices

Answer 168

A

Allows IoT devices to talk to each other

Answer 169

A

DMZ, zone were servers/services are isolated usually between internet and internal systems

Answer 170

A

Asymmetric encryption method, suits things with low processing power like mobiles

Answer 171

A

Symmetric + used in only one session, used for session IDs

Answer 172

A

Weak and shouldn’t be used, replicates encrypted blocks

Answer 173

A

Secure encryption, provides CIA - often used with TLS

Answer 174

A

Turns block cipher into stream cipher

Answer 175

A

Attacker gets app memory directed to null (no memory) causing it to crash and DoS

Answer 176

A

Network protocol for secure data transfer, remote login, command execution, etc

Answer 177

A

Protocol for trasmitting video and audio over internet. SRTP is the secure version

Answer 178

A

Protocol to exchange files over network/internet. FTPS uses SSL/TLS

Answer 179

A

Protocol for managing/monitoring devices in a network. SNMPv3 is most secure, v1/v2 sent data unencrypted

Answer 180

A

Better replacement of BIOS. Better GUI and secure boot

Answer 181

A

New hardware section in computer that securely stores cryptographic keys and securing the platform, ensuring secure boot. Only one device

Answer 182

A

Like TPM but only for cryptographic keys

Answer 183

A

Replacing security info with unique token like credit card number becomes Token123

Answer 184

A

DoS attack involves taking up a lot of resources like memory so nothing works

Answer 185

A

Says what is allowed on the network, prevents rogue access points

Answer 186

A

Provider gives you physical things like servers

Answer 187

A

A software service like outlook or gmail

Answer 188

A

Platform for buuilding your own apps, gives you dev blocks, like a login page block, etc. Speeds up dev greatly - dont have to code every little thing

Answer 189

A

Anythign that can be delivered over Internet/Network as a service

Answer 190

A

Time between x being requested and x actually happening

Answer 191

A

Running multiple OS’ on same device, using VMs basically

Answer 192

A

Brings together different comm tools into a unified platform

Answer 193

A

User doesn’t know that there’s a proxy, everything is done automatically

Answer 194

A

User has to configure settings and work with the proxy. Usually used by users who want to anonymity or content filtering

Answer 195

A

Translates a bunch of private IP addresses into one public IP when going on the Internet. Conserves public IPs and helps security

Answer 196

A

Wifi and wireless network security enhancer. Gradual update from WPA2

Answer 197

A

Key exchange protocol used in WPA3

Answer 198

A

Key exchange security mechanism in WPA and WPA2

Answer 199

A

Simple way of connecting devices to wifi like with a pin. Insecure, shouldn’t be used, susceptible to brute forcing

Answer 200

A

Old version of WPA with tonnes of vulnerabilities, no longer used

Answer 201

A

Wireless delivery of software updates to mobile or IoT devices

Answer 202

A

Better version of SMS, adds media, read receipts, etc

Answer 203

A

Intermediary between users and CSPs, monitors user activity and has security features like encrypting data, only authorised access, lists applications in use
Does not provide security for data on laptops/mobiles but all data transfer are encrypted

Answer 204

A

Like OAuth but provides authentication, often used for SSO

Answer 205

A

Synchronises time across all devices/networks

Answer 206

A

Secure version of NTP

Answer 207

A

Certificate covers many domains, subdomains or hosts

Answer 208

A

Certificate that covers different subdomains

Answer 209

A

Trusted third party that stores cryptographic key backups

Answer 210

A

Retrieves keys from key escrow

Answer 211

A

Verifying authenticity of new certificates by checking up the chain to the root CA

Answer 212

A

Windows/Linus command can be used for anything from banner grabbing, port scanning, file transfer and proxying

Answer 213

A

Data table stored in a router with info on network destinations

Answer 214

A

Log management tool that centralises logs, collects, processes and forwards log data.

Answer 215

A

Cisco network protocol that collects IP traffic info and monitors network traffic flow

Answer 216

A

Standard for exporting traffic flow info from network devices, used for monitoring, anal and security. Contains info like src/dest IP addresses, protocols, ports and timestamps

Answer 217

A

Standard protocol for collecting and transmitting log messages in a network

Answer 218

A

Open source syslog with better features like centralisation, message filtering, routine and processing

Answer 219

A

Syslog for LinuxUnix with better features like filtering, input sources and output targets

Answer 220

A

Standard that gives guidelines to orgs on how to establish and maintain an ISMS to protect information assets

Answer 221

A

Supports 27001, gives guidelines on implementing infosec controls

Answer 222

A

Expands on 27001 to include privacy management, PIMS

Answer 223

A

Complements 27701, gives additional guidelines

Answer 224

A

Guidelines on risk management

Answer 225

A

Only know some stuff about the environment

Answer 226

A

Splitting data up into smaller chunks based on xyz

Answer 227

A

Bridge between hardware and software and manages system resources

Answer 228

A

Non volatile memory and stores data even without power

Answer 229

A

OS stores this info which is every process running on the device

Answer 230

A

Like a printer, fax, scanner, etc all in one

Answer 231

A

All components for a computer on one chip, like memory, CPU, etc

Answer 232

A

Average time x thing can operate before a failure

Answer 233

A

Attacker knows victim visits x site so they compromise the site to get to victim, also in real life scenarious like knows x person is going to a conference

Answer 234

A

Weak, often unused.

Answer 235

A

First/last 10 lines of file

Answer 236

A

Retrives a webpage and displays as HTML in command line

Answer 237

A

Search for text/x thing in files

Answer 238

A

Cryptography library that supports SSL/TLS encryption on web servers

Answer 239

A

Port scan using a proxy - not traced to you

Answer 240

A

Intermediary firewall between web servers and incoming traffic. Mitigates SQL injection, XXS and CSRF

Answer 241

A

Like malicious clickbait on website. Tricks user on legit site

Answer 242

A

WiFi name

Answer 243

A

Route malicious DNS requests to a bum (sinkhole) server so it can’t cause damage, or devives trying to connect to C2 servers

Answer 244

A

Records the integrity of each component of boot process, creates a log of it

Answer 245

A

Like measured but each component in boot process is signed with trusted key - prevents malware being executed

Answer 246

A

Enforces use of signed + authenticated bootloaders/OS components. Prevents unsigned/tampered code beign executed

Answer 247

A

Virtual desktop (VM) that can be accessed on thin clients, mobiles, etc

Answer 248

A

Traditional firewall functions with application control, intrusion prevention, advanced threat protection, user identity and SSL/TLS inspection

Answer 249

A

Secure comms protocol that adds encryption to LDAP data exchanged between client/server

Answer 250

A

Standard for credit card security

Answer 251

A

Documents for implementing/managing cloud security controls. CSA is the nonprofit

Answer 252

A

Virus changes itself each time it’s downloaded. Has to be installed by user

Answer 253

A

Email protocol for accessing and managing emails on a server like Outlook

Answer 254

A

Generating unique session key for each session. Past session keys can’t be used for future sessions and vice versa

Answer 255

A

Senior person who decides who has access, usage policies, etc

Answer 256

A

Follows instructions of data owner and processes on their behalf. Responsible for security measures during processing

Answer 257

A

Individual/team responsible for day to day management/quality of data

Answer 258

A

Mediator between org, data subjects and authorities. Monitors data protection, ensures org follows rules

Answer 259

A

If system/infrastructure, esp in cloud computing, can scale up or down with demand

Answer 260

A

Bare minimum access/permissions needed to complete job

Answer 261

A

Create forensic image of hard drive or USB

Answer 262

A

Open source tool for analysing/investigating forensic evidence in user friendly way

Answer 263

A

Structure for managing cyber security risk in federal systems

Answer 264

A

Lack of space in critical resources like CPU, network bandwidth or memory

Answer 265

A

IPS on a host, examines stuff like file modifications and network connections

Answer 266

A

Widely used encryption program for data comms, usually email. Uses symmetric and asymmetric

Answer 267

A

Lets wifi enabled wireless devices like phones connect to wired network via radio signals

Answer 268

A

Swapping encryption keys off network, like over the phone for security

Answer 269

A

VPN that handles a bunch of connections

Answer 270

A

Precompiled/stored SQL queries/statements saved on database for later use

Answer 271

A

How many false acceptances/rejections biometric reader makes

Answer 272

A

Scrambling or replacing identifiable data with pseudononymous data for anonymity

Answer 273

A

Protocol that allows web server to check when certificates expires/gets revoked. Stapling is when OCSP responds and ‘staples’ response to the certificate

Answer 274

A

Static checks it without executing it, dynamic executes to find out

Answer 275

A

Pins SSL/TLS certificate/public key to a domain. Prevents MITM

Answer 276

A

Program writes more data than it was allowed to hold, causes crashes

Answer 277

A

Number goes over alloted amount and causes issues like crashes

Answer 278

A

Attacker copies MAC address of authorised device for impersonation, MITM or evasion

Answer 279

A

AV studies how programs normally acts and flag it when they don’t act right

Answer 280

A

Anything deviates from baseline is flagged

Answer 281

A

Understands entity behaviour over time and flags when deviates from behaviour

Answer 282

A

Windows command to view every available resource on LAN like computers, servers and shared folders

Answer 283

A

Dumping memory (RAM) into file

Answer 284

A

Linux command for changing permissions of files and directories

Answer 285

A

Linux command for copying data from one locations to another and disk imaging

Answer 286

A

Splits knowledge between 2+ people so no one knows everything

Answer 287

A

Some info through VPN like files some not like printer sent

Brainscape's Knowledge GenomeTM

Study Flashcards

Brainscape's Knowledge Genome^TM