Study Test A Flashcards
HTTPS
Hypertext Transfer Protocol Secure – Used for secure communication over a network. Used on internet to protect data between user’s computer and website. Uses TLS. (Ex. Online purchases are secure) Port 443 TCP
Hypertext Transfer Protocol over SSL/TLS (HTTPS) provides an encrypted web connection to the router
Hybrid cloud model
Combines both private and public cloud infrastructures
Reconstitution (incident response)
The recovery after a breach, can be a phased approach that may take months to complete
CMS
Content Management System - Used to manage the creation and modification of digital content
802.1X
Authentication protocol, but it needs additional functionality to authenticate across multiple user databases. Centralized authentication server. Provides an authentication framework that allows a user to be authenticated by a central authority. Standard for port-based network access control (PNAC)…RADIUS
A IPS can detect…
If an alert was generated by an embedded script and an attacker’s IP Address
ABAC
Attribute-based Access Control - combines many different parameters to determine if a user has access to a resource based on attributes
Provides the most detailed and explicit type of access control over a resource
Active Reconnaissance
Used to gather info about services on network. Intruder engages with the targeted system to gather info about vulnerabilities Does not exploit vulnerabilities
Administrative Control
Sets a policy that is designed to control how people act
AES
Advanced Encryption Standard - Symmetric block cipher chosen by the U.S. government to protect classified information.
Specification for the encryption of electronic data
Key size can be 128/192/256 bits
Agile development life-cycle
Process of developing code that is rapid and highly-collaborative.
Software development that is performed in small increments to allow more adaptivity and room to change
ALE
Annual Loss Expectancy - is the financial loss over an entire 12-month period
An immutable system
Can’t be changed once deployed
Anti-spoofing
Commonly used with routers to prevent communication from spoofed IP addresses
API
Application Programming Interface - how 2 or more computer programs communicate with each other
ARO
Annual Rate of Occurrence - the number of times an event will occur in a 12-month period
ARP poisoning
Address Resolution Protocol poisoning - often associated with a man-in-the-middle attack. Attacker must be on the same local IP subnet as the victim, so it’s often associated with an external attack
Spoofing attack that hackers use to intercept data…attacker sends falsified ARP (Address Resolution Protocol) messages over a local area network
Backdoor
Allows an attacker to access a system at any time without any user intervention. If there are inbound traffic flows that cannot be identified, it may be necessary to isolate that computer and examine it for signs of a compromised system
Business Impact Analysis
Usually created during the disaster recovery planning process
CA Key
Certificate Authority key - commonly used to validate the digital signature from a trusted CA. Not commonly used for user data encryption
Captive portal
Commonly used on web-based systems as an authentication method
CASB
Cloud Access Security Broker – can be used to apply security policies to cloud-based implementations. Management software designed to mediate access to cloud services by users across all devices. Provide visibility into how clients and other network nodes use cloud services
CHAP
Challenge-Handshake Authentication Protocol - combines a server’s challenge message with the client’s password hash during the authentication process
Community cloud model
Resources and costs are shared among several different organizations who have common service needs
Compensating Control
Doesn’t prevent an attack, but it does restore from an attack using other means. In this example, the UPS does not stop a power outage, but it does provide alternative power if an outage occurs.
Used whenever you can’t meet the requirements for a normal control, mechanism that is put in place to satisfy the requirement for a security measure that is deemed too difficult or impractical to implement at the present time
ACL
Access Control List. Can be configured with the router. Filters traffic by IP address and port number
Single entry in a firewall that dictates whether specific communication is permitted (allowed) or denied (blocked)
Network traffic filter that can control incoming or outgoing traffic
Connecting a VPN to separate networks would…?
Encrypt all information between the two networks, but would not provide any segmentation
Containerization
Mobile device containerization allows an organization to securely separate user data from company data on a mobile device
COPE
Corporately Owned and Personally Enabled – commonly purchased by the corporation and allows the use of the mobile device for both business and personal use
Corrective Control
A corrective control can actively work to mitigate any damage
DAC
Discretionary Access Control - allows the owner of the resource to control who has access
Data Custodian
Manages access rights and sets security controls to the data
Role that handles managing the system where the data assets are stored. Responsible for enforcing access control, encryption, and backup/recovery measures
Data Owner
Usually a high-level executive who makes business decisions regarding the data
Rsponsible for labeling the asset and ensuring that it is protected with appropriate controls. The data owner typically selects the data steward and data custodian and has the authority to direct their actions. Ultimately they’re the main person responsible for the data
Data sanitization
Commonly used to permanently delete individual files from a drive or permanently delete all data on a drive
Data Steward
Responsible for data accuracy, privacy, and adding sensitivity labels to the data
Primarily responsible for data quality
Degaussing the hard drive does what?
Removes everything on the drive, but it will also erase any ROM or flash memory components on the drive.
If the goal is to completely destroy the drive, then degaussing would be a good choice. Uses magnets
Detective Control
May not prevent access, but it can identify and record any intrusion attempts
Detective Control
May not prevent access, but it can identify and record any intrusion attempts
Differential Backup
Backs up anything that has changed since the last full backup
Digital signature
A certificate authority will digitally sign a certificate to add trust. If you trust the certificate authority, you can then trust the certificate
DLL injection
Dynamic Link Library injection – Takes advantage of the libraries referenced by an application rather than the application itself. Injects malicious code in place of another code, forcing computer to load the malicious dynamic-link library
DNS
Domain Name System – Turns human readable “example.com” into a computer readable IP address Port 53 TCP/UDP
DNSSEC
Domain Name System Security – Ensures Domain Name is legit. Used on DNS servers to validate DNS responses using public key cryptography
Preventive Control
Physically limits access to a device or area
DoS
Denial of Service - an attack that overwhelms or disables a service to prevent the service from operating normally. A packet that disables a server would be an example of a DoS attack
DV certificate
Domain Validated - Shows that the owner can manage aspects of their DNS configuration. DV certificate would generally go through less validation than an EV certificate
EAP-FAST
Extensible Authentication Protocol - Flexible Authentication via Secure Tunneling – an updated version of LEAP (Lightweight EAP) that was commonly used after WEP (Wired Equivalent Privacy) was replaced with WPA (Wi-Fi Protected Access)
EAP-TLS
Extensible Authentication Protocol - Transport Layer Security – does not provide a mechanism for using multiple authentication types within a TLS tunnel. Requires both the client and the server to identify themselves with a certificate
EAP-TTLS
Extensible Authentication Protocol - Tunneled Transport Layer Security – allows the use of multiple authentication protocols transported inside of an encrypted TLS tunnel. This allows the use of any authentication while maintaining confidentiality with TLS. Requires only server-side certificates
Elasticity
Scales resources as the demand increases or decreases
EV SSL Certificate
Extended Validation Certificate - certificate is provided by a Certificate Authority after additional checks have been made to validate the certificate owner’s identity.
Highest level of trust a company can inspire in its website visitor
Does not provide any additional encryption features, but makes your website super legit
False Negative
When malicious activity is identified as normal, no alert
False Positive
When normal activity is identified as an attack
Faraday Cage
An enclosure used to block electromagnetic fields/electromatic interference
Fault-tolerant
Can correct itself if a problem is identified
FTPS
File Transfer Protocol Secure – Transfers files from hosts to hosts over encrypted connection using TLS
Port 989/990 TCP
Fuzzing
Method of testing software that inputs random or unexpected data to examine the results
Used to test input validation by entering random, unexpected data into application fields to see how the software program reacts
Highly available
Environment maintains the availability of a system if a problem occurs. In a highly available environment, the corrections are implemented automatically and usually without the knowledge of the end user. An application platform that is constantly changing many not necessarily be highly available Refers to a system that needs to remain up and operational
HMAC
Hash-based Message Authentication Code - can check for data integrity and authenticity with a hash, does not provide encryption or decryption
Host-based firewall
Monitors traffic flows on host network. Does not commonly log hardware or USB drive access
HSM
Hardware Security Module - high-end cryptographic hardware appliance that can securely store keys and certificates for all devices. Physical device that acts as a secure cryptoprocessor during the encryption process
IaC
Infrastructure as code - describes the virtualization of infrastructure components such as firewalls, routers, and switches
Incremental Backup
Starts with a full backup. It backs up anything that has changed since the last full or incremental backup
Integrity measurement
Designed to check for the secure baseline of firewall settings, patch levels, operating system versions, and any other security components associated with the application. These secure baselines may vary between different application versions
IoT
Internet of Things – wearable tech, home automation devices. Objects that must be connected to the internet (Ex. refrigerator, thermostat, apple watch)
IPS logs
Can show attacks that may be attempting to exploit this vulnerability
ISO
International Organization for Standardization - international standard development organization
Isolation and containment (incident response)
During an incident, it’s useful to separate infected systems from the rest of the network
Kerberos
Uses public-key cryptography to provide security during the authentication process. Uses a ticket-based system to securely provide SSO (Single Sign-On) functionality. You only need to authenticate once with Kerberos to gain access to multiple resources. Port 88
Kernel Statistics
Stored in memory
LDAPS
Lightweight Directory Access Protocol Secure or LDAPS over TLS - Standard for accessing a network directory. Can provide an authentication method, but it does not provide any single sign-on functionality
Port 636
Lessons learned (incident response)
Once the event is over, it’s useful to revisit the process to learn and improve for next time
MAC
Mandatory Access Control - allows access based on the security level assigned to an object. Only users with the object’s assigned security level or higher may access the resource.
MAC filtering
Media access control filtering - Blocks traffic based on MAC addresses. This is a weak system because it’s easy to spoof MAC addresses. Device can see access point but will not be able to connect to it
SSID Broadcast suppression
Service Set Identifier - Broadcast will hide the name from the list of available wireless networks. Properly configured client devices can still connect to the network wireless
Master image
Used to quickly copy a server for easy deployment. This image will need to be updated and maintained to prevent the issues associated with unexpected vulnerabilities
MD5
Hashing algorithm. Doesn’t provide a method of encrypting and decrypting info. Neither a symmetric nor asymmetric
MDM
Mobile Device Manager – provides a centralized management system for all mobile devices
MFD
Multi-function Devices – All in one printer
Most common way a Trojan is delivered?
A download
MTBF
Mean Time Between Failures – Prediction of how often a repairable system will fail
MTTF
Mean Time to Failure – Expected lifetime of a non-repairable product or system.
MTTR
Mean Time to Restore – Amount of time it takes to repair a component
nbtstat
Command line tool. NetBIOS over TCP/IP statistics - used in Windows to send NetBIOS queries to other Windows devices
netstat
Command Line tool. Provides a list of network statistics, and the default view shows the traffic sessions between the local device and other devices on the network
Displays network status and protocol statistics. You can display the status of TCP and UDP, routing table info, and interface info
Nmap
Command line tool. Can query services and determine version numbers without any special rights or permissions, which makes it well suited for non-credentialed scans
Scans network that a computer is connected to and shows a list of ports, device names, operating systems, and several other identifiers that help the user understand the details behind their connection status.
Can be used by hackers to gain access to uncontrolled ports on a system
Non-persistent
Stateless. Environment is always in motion, and application instances can be created, changed, or removed at any time. Desktop state is automatically destroyed at regular intervals. Depending on company policy, it could be at each logoff, every night, or even once a week. Nothing is saved
If you shut down computer, all your data remains as-is on your hard drive, you have persistence. If you shut down computer, all the contents of your computer’s memory are erased, that’s non-persistence. With the growth of automation and public cloud, non-persistence has become more important. With non-persistence, you can more easily automate
Nonce
Random or semi-random number that is generated for a specific use. Adds additional randomization to a cryptographic function. This means that an authentication hash sent across the network will be different for each authentication request
Number used once
Normalization
Used to check & correct input to an application. (Ex. A first name should not include numbers. If a first name was submitted with a number, the normalization process would correct the name or prompt for a correction)
NTPsec
Network Time Protocol Secure – Used to sync the time across all devices on a network securely Port 4460 TCP
Obfuscation
The process of making something normally understandable more difficult to understand
Partition Data
A means of managing large amounts of data & controlling where it goes. (File System)
PEAP
Protected Extensible Authentication Protocol – Extra security for EAP. Provides a method of authentication over a protected TLS tunnel for EAP
Penetration test
Determines if a system can be exploited. Attempts to break system. Could cause a denial of service or loss of data, so the best practice is to perform the penetration test during non-production hours or in a test environment
PHI
Protected Health Information – Healthcare data
PII
Personally Identifiable Information - often associated with privacy and compliance concerns
Polymorphic virus
Modifies itself each time it’s downloaded. Could potentially install a backdoor, but would not be able to activate without user intervention
Changes part of code
Port Scan
Type of active reconnaissance determines, determines which ports on a network are open
Precursors (incident response)
Log files and alerts can often warn you of potential problems
Privacy Officer
Sets privacy policies and implements privacy processes and procedures
Responsible for oversight of any PII/SPI/PHI assets managed by the company
Private Key
Asymmetric encryption, the private key is used to decrypt information that has been encrypted with the public key. To ensure continued access to the encrypted data, the company must have a copy of each private key
Privilege Escalation
Attack that allows a user to exceed their normal rights and permissions…moves up
Process Table
Keeps track of system process and stores info in ROM
Protocol Analyzer
Can provide more detail about specific traffic flows
Public Key
Asymmetric encryption, a public key is already available to everyone
QA Testing
Quality Assurance testing - commonly used for finding bugs and verifying application functionality.
Checking for problems and making sure everything is going properly
Race Conditions
Occurs when two processes occur at similar times, usually with unexpected results
RADIUS Federation
Remote Authentication Dial-In User Service with federation - allows members of one organization to authenticate using the credentials of another organization. Federation allows you can link a user’s identity across multiple authentication systems. Uses 802.1X as the authentication method
Rainbow Table Attack
Offline attack type built prior to an attack to match a specific password hashing technique…if a different hashing technique is used, a completely different rainbow table must be built. Not a useful method if passwords use salt
RBAC
Role-based Access Control - assigns rights & permissions based on the role of a user. Administrators define the access that a particular role will have
RC4
Encryption cipher, symmetric
Redundant
Environment maintains the availability of the system if a problem occurs. This redundancy may need to be manually enabled if an issue is identified. Duplicating critical systems to provide fault tolerance
Replay Attack
Captures information and then replays that information as the method of attack
ROM data
Memory storage
RTO
Recovery Time Objectives – Define a set of objectives needed to restore a particular service level
RTOS
Real Time Operating System – Used in manufacturing and cars
Running a virus scan does what?
A virus scan may identify and attempt to remove the malware, but there’s no guarantee that the anti-virus software can completely remove all of the malware
S/MIME
Secure/Multipurpose Internet Mail Extensions - provides a way to integrate public key encryption and digital signatures into most modern email clients. This would encrypt all email information from client to client, regardless of the communication used between email servers
SaaS
Software as a Service - Provides all the hardware, operating system, software, and applications needed for a complete service to be delivered
Sandbox
Commonly used as a development environment. Used for testing
Secure IMAP
Internet Message Access Protocol - encrypts communication downloaded from an email server, but it would not provide any security for outgoing email messages
Port 993
Session keys
Commonly used temporarily to provide confidentiality during a single session. Once the session is complete, the keys are discarded. Not used to provide long-term data encryption
SHA-2
Secure Hash Algorithm 2 - Hashing algorithm. Does not provide any encryption or decryption functionality. Neither a symmetric nor asymmetric
SIEM
Security Information & Event Manager – Saves logs from devices and creates audit reports. Software provides real-time security analysis of systems, applications, and network hardware. Can generate alerts when issues arise
SLE
Single Loss Expectancy - describes the financial impact of a single event.
SNMPv3
Simple Management Network Protocol – Used to remotely monitor network devices. Provides secure access to devices by encrypting data packets over network. Uses encrypted communication to manage devices
Protocol for managing/monitoring devices over a network. Commonly used in monitoring tools to obtain device info such as model number, firmware and software versions, & configuration info. Version 3 adds cryptographic capabilities
SoC
System/Software on a Chip – Multiple components that run on a single chip (Ex. robot vacuum)…used within embedded systems
Spoofing
When a device pretends to be a different device or pretends to be something they aren’t
SRTP
Secure Real-Time Transport Protocol/Secure RTP – Uses AES to encrypt the voice/video. Uses VoIP to make sure calls and videos are secure
SSH
Secure Shell – Encrypted Terminal Communication, replaces Telnet. Uses symmetric and asymmetric encryption. Access switches using CLI terminal screen. Useful for encrypted terminal sessions. Port 22 TCP
SSL/TLS certificate
Digital certificate that authenticates a website’s identity and enables an encrypted connection
Tabletop Exercise
Allows a disaster recovery team to evaluate and plan disaster recovery processes without performing a full-scale drill
TACACS+
Terminal Access Controller Access-Control System Plus - Cisco-proprietary remote authentication system. Common authentication method, but it does not provide any single sign-on functionality Port 49 Introduced as an alternative to RADIUS
Temporary File System
Holds info temporarily while file is being created/modified. Stores, moves, and recovers lost data
TLS
Transport Layer Security - commonly used for HTTPS (Hypertext Transfer Protocol Secure) and FTPS (File Transfer Protocol Secure), but it’s not used for SRTP traffic
Port 443
TLS
Transport Layer Security - encryption mechanism that’s associated with web server communication. Uses public-key cryptography
TOTP
Time-based One-Time Passwords
TPM
Trusted Platform Module - used on individual devices to provide cryptographic functions and securely store encryption keys on motherboard.
traceroute
Command line tool. Lists the route between devices and shows the IP address information of the routers at each hop.
Maps each hop by slowly incrementing the TTL (Time to Live) value during each request. When the TTL reaches zero, the receiving router drops the packet and sends an ICMP (Internet Control Message Protocol) TTL Exceeded message back to the original station
dig
Commang line tool. Domain Information Groper - queries DNS servers for the fully qualified domain name and IP address information of other devices
True Negative
Normal activity is identified as normal activity
True Positive
Malicious activity is identified as an attack
UEFI/BIOS
Unified Extensible Firmware Interface/Basic Input/Output System - Firmware that provides the computer instructions for how to accept input and send output
UPS
Uninterruptible Power Supply - Combines the functionality of a surge protector with that of a battery backup
UTM
Unified Threat Manager – watches traffic flows across the network. A single device that combines many other network security devices. Does not commonly manage the storage options on individual computers
VDI
Virtual Desktop Infrastructure – refers to the use of virtual machines to provide and manage virtual desktops. Allows a cloud provider to offer a full desktop operating system to an end user from a centralized server
VMI
Virtual Mobile Infrastructure - allows access to applications from many different types of devices without the requirement of a mobile device management or concern about corporate data on the devices
Allows organizations to host their mobile apps on servers and provide personalized, remote access to their apps from any device
VPN Full Tunneling
ALL traffic is sent through encrypted tunnel
VPN Split tunneling
VPN configuration that only sends a portion of the traffic through the encrypted tunnel. A split tunnel would allow work-related traffic to securely traverse the VPN, and all other traffic would use the non-tunneled option
Vulnerability Scan
Scans for vulnerability, does not try to exploit vulnerability. Will minimize potential for any downtime or data loss.
Vulnerability scanner can check the status of a vulnerability on a device and create a report of which devices may be susceptible to a particular vulnerability
WAF
Web Application Firewall - commonly used to monitor the input to web-based applications
Web server issues relating to trust are generally associated with the status of?
The web server certificate
What does it mean to reimage a computer?
Completely wiping the drive with a new image is an effective way to completely remove any malware from a computer
What will segment a network without requiring additional switches?
VLANs (Virtual Local Area Networks)
Wiping
Process that deletes information off of a hard drive
WPA2
Wi-Fi Protected Access 2 - encryption with AES, common encryption method for wireless networks
WPA2-PSK
Wi-Fi Protected Access -Preshared Key - shared password
AES-based encryption protocol
WPS
Wi-Fi Protected Setup - connects users to a wireless network using a shared PIN
