Stuff from Exams I don't knw #4 Flashcards
Serverless Architecture
serverless architecture refers to a cloud computing model where the cloud provider manages the infrastructure, automatically scaling resources as needed. In this model, users don’t need to manage or provision servers; instead, they focus on writing code and deploying functions.
Risk Management Components
Risk assessment, risk response.
VXLAN
Virtual Extensible LAN - encapsulation protocol enabling switch created network segments to be stretched across subnets and geographical space.
Which component of IPSec allows multiple concurrent vpns?
ISAKMP
Familiarity
AKA ‘liking’ used as a social engineering principle. Attempts to exploit native trust in something familiar.
Temporal Protections - encryption
Process that marks encrypted traffic as valid for only a limited amount of time.
Used to prevent replay attacks.
Is Security Governance related to Acquisitions, divestitures, and governance committees?
Yes
RFC 6749
OAuth
Scoping
Removing controls from a suggested baseline of controls.
Service Ticket
In Kerberos authentication, a service ticket is a time-limited credential provided by the Ticket Granting Server (TGS) after a user presents a valid Ticket Granting Ticket (TGT). This service ticket allows the user to access a specific network service, serving as proof of the user’s authenticated identity for the requested service.
What is a Ticket Granting Ticket?
Kerberos ticket that allows authenticated users to request access to network services.
What is a Ticket Granting Server?
A Kerberos Ticket Granting Server (TGS) is a component in the Kerberos authentication system that issues service tickets to users after they have successfully obtained a Ticket Granting Ticket (TGT) from the Authentication Server (AS). The TGS plays a key role in facilitating secure access to various services within a network by providing users with tickets that authenticate their identity to those servic
Randomized masking
An anonymization technique. When done correctly cannot be reversed.
What best describes a Service Account?
Used to run applications.
Wired Extension
A single added WAP used to extend a wired network.
Enterprise Extension
Topology where wireless network is designed to support large envioronment with one SSID, numerous APs. Ofeten used to extend a wired network.
What port is used for SQL
1433
IR Mitigate phase
Contain Damage
IR Recovery phase
Restore system back to original state
IR Remediation phase
Root Cause Analysis, patch.
IR Response phase
Gather the IR team
Software test coverage that verifies every if statement in code has been executed under all ‘if’ and ‘else’ conditions?
Branch coverage
Split-response attack
Cache Poisoning
DCE and IDL??
DCOM, RPC, CORBA….
WiFi uses _______ for collision detection
CSMA/CA
TM symbol vs R symbol
TM is used to indicate a trademark that isn’t yet registered with USPTO
R is a Registered Trademark
What is a Web Development Framework?
A Code package used to provide many of the functions a webpage will need, such as Angular Js, Flask, Django, Symfony, Express.
OIDC/OpenD Connect
Uses the RFC6749 OAuth framework, but is maintained by the openid foundation.
Is HVAC considered a security control?
Yes, because it cPontrols temperature in server rooms.
What is the primary goal of Asset Inventory Managemetn
Prevent Losses.
ECDSA Elliptic Curve Digital Signature Alg.
Elliptic Curve Cryptography when used to produce digital signatures.
Distributed Data Model
Data is stored in more than one DB, but is still logically connected. User perceives the DB as a single entity, even though it comprises numerous parts over a network.
Branch Coverage
Evaluates that every ‘if’ statement has been executed.
What does Baselining provide?
a minimum level of security. Meant to be a starting point, does not ensure maximum security.
Should you clear and purge on tapes?
You can, but this will reduce the lifetime of the tapes. Not the best option.
TCP Wrapper
An application that can serve as a basic firewall by restricting access based on user IDs or system IDs. (I think) typically only used in Linux and Unix environments
Kerberos Port
88
TKIP
Introduced with WPA as a replacement for weaker WEP encryptions. Now considered deprecated.
SAE
Introduced in WPA3, simultaneous authentication of equals. Removes the need for a key exchange.
OpenID Connect and JSON tokens, what is the relationship?
JSON Tokens used to pass information back and forth between entities.
Fileless Malware
Malware that leaves no trace.
SCAP - CCE? Is CCE a thing?
Yes - stands for Common Configuration Enumeration. A Naming system for system configuration issues.
VMS Vendor Management System
Vendor Management System: Assists with mgmt and procurement of staffing services, hardware, software, and other needed products/services.
OFDM, DSS, FHSS??
DNSSEC and PKI?
DNSSEC uses certs to perform mutual authentication of peer DNS servers.
Embedded System?
Is a computer implemented as part of a larger system. Typically designed around a limited set of specific functions in relation to the larger product it is a component of.
ISA
ISA: Interconnection Security Agreement
formal declaration of the security stance, risk, and technical requirements to link two organizations’ IT infrastructures.
Audit vs Assessment
Can a WAF be used in lieu of yearly web vuln. assessments in PCI??
Yes
Does Configuration management account for changes in already-running systems?
NO - it’s only used to ensure systems are similarly deployed.
Final step of Fagan Inspection?
Follow-up
Can a Configuration Management System assist in Hardware Asset Mgmt?
Yes
BPA
Business Partners Agreement: Contract between two entities dictating the terms of the business relationship.
SLR
Service Level Agreement:
Statement of expectations of service and performance from the product or service of a vendor.
What is DRM geared towards protecting?
Copyrighted materials
Tokenization vs Psedonymization
Token - third party holds mappings
Pseudonymization - internal DB hold mappings
BiometricsL: one-to-many
Identification
Biometrics: one-to-one
authentication
Tunnel Mode VPN connects ____ to ____?
Networks to Networks, or Hosts to Networks
Transport Mode VPN connects ____ to ____?
Hosts to hosts.
DB - Concurrency?
Concurrency locks the data elements while a change is processing, so that a second operation cannot be run against the data at the same time.
Risk Assignment
Synonymous with Risk Transference (i.e cyberinsurance)
Is a VPN an example of network segmentation?
NO
Cloud Security Policy - CSP
Rules how the provider provides service.
Software - statement coverage
Test to verify that every line of code is executed.
FHSS
Frequency Hopping Spread Spectrum (FHSS) is a transmission technology in which the data signal is modulated by a narrowband carrier signal which changes frequency (“hops”) over a wide band of frequencies.
