SY0-701: 1.0 (General Security Concepts) Flashcards
CIA Triad (1.2)
Confidentiality (Encryption), Integrity (Hashes), Availability (Info is stored, accessed, and protected and all times)
Confidentiality (1.2)
Protection of information from unauthorized access and disclosure via:
Encryption
Access Controls
Data Masking
Physical Security Measures
Training and Awareness
Encryption (1.2)
Process of converting data into code to prevent unauthorized access
Access Controls (1.2)
Ensure only authorized personnel can access certain types of data using user permissions
Data Masking (1.2)
Method that involves obscuring data within a database to make it inaccessible for unauthorized users while retaining the real data’s authenticity and use for authorized users (e.g. first part of credit card is masked with “X’s”)
Physical Security Measures (1.2)
Used to ensure confidentiality for physical types of data (e.g. papers locked in filing cabinet) and for digital information contained on servers and workstations (e.g. biometric access, smart card access, locked server rooms)
Training and Awareness (1.2)
Conducting regular training on the security awareness best practices that employees can use to protect the organization’s sensitive data
Integrity (1.2)
Helps to ensure information and data remain accurate and unchanged from their original state unless intentionally modified by an authorized individual in order to:
Ensure data accuracy
Maintain trust
Ensure system operability
Hashing (1.4)
One-way cryptographic function that takes an input and produces a unique message digest as its output (hash value is known as a hash digest which serves as a digital fingerprint)
Digital Signatures (1.2)
Uses encryption to ensure integrity and authenticity
Checksums (1.2)
Method to verify the integrity of data during transmission
Access Controls (1.2)
Ensure that only authorized individuals can modify data and reduce the risk of unintentional or malicious alterations
Regular Audits (1.2)
Involves systematically reviewing logs and operations to ensure that only authorized changes have been made and any discrepancies are addressed
Availability (and how it’s measured) (1.2)
Used to ensure that information, systems, and resources are accessible and operational when needed by authorized users in order to:
Ensure business continuity
Maintain customer trust
Upholding an organizations reputation
(3 Nines = 99.9% uptime; 5 nines is gold standard)
Redundancy (1.2)
Duplication of critical components or functions of a system with the intention of enhancing its reliability:
Server redundancy
Data redundancy
Network redundancy
Power redundancy
Server Redundancy (1.2)
Using multiple servers in a load balance so that if one is overloaded or fails, the other servers can take over the load
Data Redundancy (1.2)
Storing data in multiple places (RAID, cloud-based backups
Network Redundancy (1.2)
Ensures that if one network path fails, the data can travel through another route
Power Redundancy (1.2)
Using backup power sources to ensure that an organization’s systems remain operational during periods of power disruption or outages within a local service area
Non-Repudiation (1.2)
Focuses on providing undeniable proof in digital transactions (e.g. Digitally signing email) in order to:
Confirm the authenticity of digital transactions
Ensure integrity of critical communications
Provide accountability
Digital Signature (1.2)
Non-Repudiation; Created by first hashing a particular message or communication to be digitally signed and encrypting the hash digest with the user’s private key using asymmetric encryption
AAA (1.2)
Authentication (Prove your identity), Authorization (Allowed to have access), Accounting (Data tracking, e.g. log file)
Authentication (1.2)
Security measure that ensures individuals or entities are who they claim to be during a communication or transaction
5 Methods of Authentication (1.2)
Something you Know (Knowledge Factor; Name/Password)
Something you have (Possession Factor; Smart Card)
Something you are (Inherence Factor; Biometrics)
Something you do (Action Factor; Typing/Speaking pattern)
Somewhere you are (Location Factor)
2FA / MFA (1.2)
Two-Factor Authentication / Multi-Factor Authentication (2 or more authentication factors)
Authorization (1.2)
Permissions and privileges granted to users or entities after they have been authenticated
Accounting (1.2)
Security measure that ensures all user activities are properly tracked and recorded in order to:
Provide audit trail
Gain regulatory compliance
Perform forensic analysis
Optimize resources
Maintain user accountability
Audit Trail (1.2)
Provides a chronological record of all user activities that can be used to trace changes, unauthorized access, or anomalies back to a specific user or point in time
Regulatory Compliance (1.2)
Maintains a comprehensive record of all the users activities
Forensic Analysis (1.2)
Uses detailed accounting and event logs that can help cybersecurity experts understand what happened, how it happened, and how to prevent similar incidents from occurring again in the future
Resource Optimization (1.2)
Organizations can optimize system performance and minimize costs by tracking resource utilization and allocation decisions
Maintain User Accountability (1.2)
Thorough accounting system ensures users actions are monitored and logged, deterring potential misuse and promoting adherence to the organization’s policies
Syslog Server (1.2)
Used to aggregate logs from various network devices and systems so that system administrators can analyze them to detect patterns or anomalies in the organization
Network Analyzers (1.2)
Used to capture and analyze network traffic to gain detailed insights into all the data moving within a network
SIEM (1.2)
Security Information and Event Management
Provides real-time analysis of security alerts generated by various hardware and software infrastructure in an organization
Security Control Categories (1.1)
Technical Controls
Administrative/Managerial Controls
Operational
Physical Controls
Technical Controls (1.1)
The technologies, hardware, and software mechanisms that are implemented to manage and reduce risks (antivirus, firewalls, encryption processes, intrusion detection systems, etc.)
Administrative/Managerial Controls (1.1)
Involves the strategic planning and governance side of security (policies, procedures, security awareness training, disaster recovery plans)
Operational Controls (1.1)
Procedures and measures that are designed to protect data on a day-to-day basis and are mainly governed by internal processes and human actions (password change requirements, backup procedures, account reviews)
Physical Controls (1.1)
Tangible, real-world measures, taken to protect assets (fences, shredding documents, security guards, door locks, surveillance cameras)
Security Control Types (1.1)
Preventative
Deterrent
Detective
Corrective
Compensating
Directive
Preventative Controls (1.1)
Proactive measures implemented to thwart potential security threats or breaches (e.g. firewalls)
Deterrent Controls (1.1)
Aim to discourage potential attackers by making the effort seem less appealing or more challenging (alarm system signs/warning signs)
Detective Controls (1.1)
Monitor and alert organizations to malicious activities as they occur or shortly thereafter (antivirus in detection mode, security cameras, alarm systems)
Corrective Controls (1.1)
Mitigate any potential damage and restore the systems to their normal state (antivirus in quarantine/removal mode)
Compensating Controls (1.1)
Alternative measures that are implemented when primary security controls are not feasible or effective (WPA2 w/ VPN if WPA3 isn’t available)
Directive Controls (1.1)
Often rooted in policy or documentation and set the standards for behavior within an organization (Acceptable Use Policy- AUP)
Gap Analysis (1.2)
Process of evaluating the differences between an organization’s current performance and its desired performance
Gap Analysis Steps (1.2)
- Define the scope of analysis
- Gather data on the current state of the organization
- Analyze the data to identify gaps
- Develop a plan to bridge the gap
Gap Analysis Types (1.2)
Technical Gap Analysis
Business Gap Analysis
Technical Gap Analysis (1.2)
Involves evaluating an organizations current technical infrastructure and identifying any areas where it falls short of the technical capabilities required to fully utilize its security solutions
Business Gap Analysis (1.2)
Involves evaluating an organizations current business processes and identifying any areas where they fall short of the capabilities required to fully utilize the solutions
POA&M (1.2)
Plan Of Action & Milestones: Outlines the specific measures to address each vulnerability, allocate resources, and set up timelines for each remediation task that is needed
Zero Trust (1.2)
Security Model that operates on the principle that no one, whether inside or outside the organization, should be trusted BY DEFAULT
Zero Trust- Planes (1.2)
Control Plane
Data Plane
Zero Trust- Control Plane (1.2)
The overarching framework and set of components responsible for defining, managing, and enforcing the policies related to user and system access within an organization
Zero Trust- Control Plane Key Elements (1.2)
Adaptive Identity
Threat Scope Reduction
Policy-driven access control
Policy Administrator
Policy Engine
Adaptive Identity (1.2)
Use adaptive identities that rely on real-time validation that takes into account the user’s behavior, device, location, and more (entering current password in order to change password)
Threat Scope Reduction (1.2)
Limit the users access to only what they need for their work tasks because this drastically reduces the network’s potential attack surface
Policy-driven access control (1.2)
Entails developing, managing, and enforcing user access policies based on their roles and responsibilities
Secured Zone (1.2)
Isolated environments within a network that are designed to house sensitive data
Policy Administrator (1.2)
Used to establish and manage the access policies
Policy Engine (1.2)
Cross-reference the access request with its predefined policies
Data Plane (1.2)
Implicit trust zones
Subject/System
Policy Enforcement Point
Implicit trust zones (1.2)
Area of network where all communications are implicitly trusted
Subject/System (1.2)
Refers to the individual or entity attempting to gain access
Policy Enforcement Point (1.2)
Allow, restrict, or deny access; it will effectively act as a gatekeeper to the sensitive areas of the systems or networks
Deception and Disruption Technologies (1.2)
Designed to mislead, confuse, and divert attackers from critical assets while simultaneously detecting and neutralizing threats
Honeypots
Honeynets
Honeyfiles
Honeytokens
Honeypots (1.2)
Decoy system or network set up to attract potential hackers
Honeynets (1.2)
Network of honeypots to create a more complex system that is designed to mimic an entire network of systems, including servers, routers, and switches
Honeyfiles (1.2)
Decoy file placed within a system to lure in potential attackers
Honeytokens (1.2)
Piece of data or a resource that has no legitimate value or use but is monitored for access or use (e.g. fake user account, fake database entry)
TTPs (1.2)
Tactics, Techniques, and Procedures
Specific methods and patterns of activities or behaviors associated with a particular threat actor or group of threat actors (MO of the cybersecurity world)
Bogus DNS (1.2)
Fake DNS entries introduced into a system’s DNS server
Port Triggering (1.2)
Security mechanism where specific services or ports on a network device remain closed until a specific outbound traffic pattern is detected
Fake telemetry Data (1.2)
System can respond to an attacker’s network scan attempt by sending out fake telemetry or network data
Decoy Directories (1.2)
Fake folders and files placed within a system’s storage
Dynamic Page Generation (1.2)
Used in websites to present ever-changing content to web crawlers to confuse and slow down the threat actor
Symmetric Algorithm (1.4)
aka Private Key Cryptography- Encryption method which uses a single key to encrypt and decrypt the data; sharing the same key is not scalable but this method is much faster that asymmetric
Asymmetric Algorithm (1.4)
aka Public Key Cryptography- Encryption method which uses two different keys (a public key and a private key) to encrypt and decrypt the data
Hybrid Encryption Implementation (1.4)
Utilizes asymmetric encryption to securely transfer a private key that can then be used with symmetric encryption
Stream Cipher (1.4)
Utilizes a keystream generator to encrypt data bit by bit using a mathematical XOR function to create the ciphertext; good for real-time applications such as communications
Block Cipher (1.4)
Breaks the input into fixed-length blocks of data and performs the encryption on each block; easier than stream to set up and implement
DES (1.4)
Data Encryption Standard- Encryption algorithm which breaks the input into 64-bit blocks and uses transposition and substitution to create ciphertext using an effective key strength of only 56-bits (used 1970’s - early 2000’s)
3DES (1.4)
Triple Data Encryption Standard- Encryption algorithm which uses 3 separate symmetric keys, one to encrypt, one to “decrypt” (although second key doesn’t actually decrypt), then the 3rd to encrypt again in order to increase the strength of DES; effectively a 112-bit algorithm
IDEA (1.4)
International Encryption Algorithm- Symmetric block cipher which uses 64-bit blocks to encrypt data; 128-bit
AES (1.4)
Advanced Encryption Standard- Symmetric block cipher that uses 128-bit, 192-bit, or 256-bit blocks and a matching encryption key size to encrypt data; go to for symmetric encryption
Blowfish (1.4)
Symmetric block cipher that uses 64-bit blocks and a variable length encryption key to encrypt data; 32-bit to 440-bit key
Twofish (1.4)
Provides the ability to use 128-bit blocks io its encryption algorithm; 128-bit, 192-bit, or 256-bit key
RC Cipher Suite (1.4)
Created by Ron Rivest (RC4, 5, and 6 are in use)
RC4 (1.4)
Rivest Cipher 4- Symmetric stream cipher using a variable key size from 40-bits to 2048-bits; used in SSL and WEP
RC5 (1.4)
Rivest Cipher 5- Symmetric block cipher that uses key sizes up to 2048-bits
RC6 (1.4)
Rivest Cipher 6- Symmetric block cipher that was introduced as a replacement for DES but AES was chosen instead
Asymmetric Cryptography provides… (1.4)
Confidentiality
Integrity
Authentication
Non-Repudiation (Symmetric doesn’t provide this since private keys must be shared)
Asymmetric Encryption process (for confidentiality) (1.4)
Encrypt using RECIPIENTS PUBLIC KEY and only recipient can decrypt using their private key
Asymmetric Encryption process (for non-repudiation) (1.4)
Encrypt using SENDERS PRIVATE KEY and data is decrypted using senders public key which anyone can access
Digital Signature Process (1.4)
- A hash digest of a message is encrypted with the senders private key to let the recipient know the document was created and sent by the person claiming to have sent it (integrity, authenticity, and non-repudiation)
- The message is encrypted using the recipients public key so they can read it only after decrypting with their private key (confidentiality)
DH (1.4)
Diffie-Hellman- Asymmetric algorithm used to conduct key exchanges and secure key distribution over an unsecure network
Widely used for key exchange inside VPN tunnel establishment as part of IPSec
Susceptible to man in the middle attacks
RSA (1.4)
Created by Rivest, Shamir, and Adleman- Asymmetric algorithm that relies on the mathematical difficulty of factoring large prime numbers
Widely used for key exchanges and digital signatures
Can support key sizes between 1024-bits and 4096-bits
ECC (Encryption) (1.4)
Elliptic Curve Cryptography- based on the algebraic structure of elliptical curves over finite fields to define its keys
A 256-bit key with ECC is just as secure as a 2048-bit key with RSA
ECC and all variants are heavily used in mobile devices and low-power computing devices because they require less power/processing to decrypt
ECDH (1.4)
Elliptic Curve Diffie-Hellman- ECC version of the Diffie-Hellman key exchange protocol
ECDHE (1.4)
Elliptic Curve Diffie-Hellman Ephemeral- Uses a different key for each portion of the key establishment process inside the Diffie-Hellman key exchange
ECDSA (1.4)
Elliptic Curve Digital Signature Algorithm- Used as a public key encryption algorithm by the US Government in their digital signatures
MD5 (1.4)
Hashing algorithm- creates a 128-bit hash value that is unique to the input file
Most popular and most widely used but since it’s only 128-bit collisions are possible
SHA (1.4)
Secure Hash Algorithm- family of algorithms created to replace MD5
Each versions performs a different number of rounds of mathematical computations to create the hash digest
SHA-1 (1.4)
Secure Hash Algorithm- creates 160-bit hash digest
SHA-2 (1.4)
Secure Hash Algorithm
uses between 64-80 rounds of computations to create digest
SHA-224: creates 224-bit hash digest
SHA-256: creates 256-bit hash digest
SHA-384: creates 384-bit hash digest
SHA-512: creates 512-bit hash digest
SHA-3 (1.4)
Secure Hash Algorithm
Same algorithms as SHA-2 224-512 bits) but more secure because it uses 120 rounds of computations to create digest
RIPEMD (1.4)
RACE Integrity Primitive Evaluation Message Digest
Comes in 160-bit, 256-bit, and 320-bit versions
160-bit version is most common (RIPEMD-160)
Competitor to SHA but not as popular
HMAC (1.4)
Hash-based Message Authentication Code
Used to check integrity of a message and provides some level of assurance that its authenticity is real
Paired with other algorithms (HMAC-MD5, HMAC-SHA256)
DSS (1.4)
Digital Security Standard- Relies on a 160-bit message digest created by the Digital Security algorithm. Used by the federal government for digitally signing (commercial entities use RSA because it is faster and can be used for digital signatures, encryption, and key distribution)
Pass the Hash Attack (1.4)
Hacking technique that allows the attacker to authenticate to a remote server or service by using the underlying hash of a users password instead of requiring the associated plaintext password
Mimikatz (1.4)
Provides the ability to automate the process of harvesting the hashes and conducting the attack
Birthday Attack (1.4)
Occurs when an attacker is able to send two different messages through a hash algorithm and it results in the same identical hash digest, referred to as a collision
Key Stretching (1.4)
Technique that is used to mitigate a weaker key by increasing the time needed to crack it; hash a password multiple times
Salting (1.4)
Adding random data into a one-way cryptographic hash to help protect against password cracking techniques
Dictionary Attack (1.4)
When an attacker tries every word from a predefined list
Brute-Force Attack (1.4)
When an attacker tries every possible password combination
Rainbow Tables (1.4)
Precomputed tables for reversing cryptographic hash functions
Nonce (1.4)
Stands for “number used once”, is a unique, often random number, that is added to a password-based authentication process
PKI (1.4)
Public Key Infrastructure- System that creates the asymmetrical key pairs that consist of those public and private keys that are used in the encryption and decryption process; also manages digital keys and certificates
Public Key Cryptography (1.4)
This encryption and decryption process is just one small part of the overall PKI architecture
Certificate Authority (1.4)
Issues digital certificates and keeps the level of trust between all of the certificate authorities around the world
Key Escrow (1.4)
Process where cryptographic keys are stored in a secure, third-party location, which is effectively an “escrow”
Public Key Encryption (1.4)
Refers to asymmetric encryption and decryption
Digital Certificate (1.4)
Digitally signed electronic document that binds a public key with a users identity
Wildcard Certificate (1.4)
Allows all of the subdomains to use the same public key certificate and have it displayed as valid
SAN Field (1.4)
Subject Alternate Name- Certificate that specifies what additional domains and IP addresses are going to be supported; used when certificate needs to cover websites on different domains
Single-Sided Certificate (1.4)
Only requires the server to be validated
Dual-Sided Certificate (1.4)
Requires both the server and the user to be validated
Self-Signed Certificate (1.4)
Digital certificate that is signed by the same entity whose identity it certifies
Third-Party Certificate (1.4)
Digital certificate issued and signed by a trusted certificate authority (CA)
CA (1.4)
Certificate Authority; Trusted third party who is going to issue these digital certificates (Verisign, Digisign, Amazon, Google, CloudFlare)
Root of Trust (1.4)
Hierarchal tree where the top (root) is checked to vouch for the lower parts; Root is usually a third-party CA; Each certificate is validated using the concept of a root of trust or the chain of trust
RA (1.4)
Registration Authority; Requests identifying information from the user and forwards that certificate request up to the certificate authority to create the digital certificate
CSR (1.4)
Certificate Signing Request; A block of encoded text that contains information about the entity requesting the certificate
CRL (1.4)
Certificate Revocation List; Serves as an online list of digital certificates that the certificate authority has already revoked
OCSP (1.4)
Online Certificate Status Protocol; Allows to determine the revocation status of any digital certificate using its serial number
OCSP Stapling (1.4)
Online Certificate Status Protocol Stapling; Allows the certificate holder to get the OCSP record from the server at regular intervals (this is an alternative to OCSP and is part of the SSL/TLS handshake)
Public Key Pinning (1.4)
Allows an HTTPS website to resist impersonation attacks from users who are trying to present fraudulent certificates
Key Recovery Agent (1.4)
Specialized type of software that allows the restoration of a lost or corrupted key to be performed
Blockchain (1.4)
A shared, immutable, ledger for recording transactions, tracking assets, and building trust
Each block contains a hash value for the prior block
Public Ledger (1.4)
A record keeping system that maintains participants identities in a secure and anonymous format
Smart Contracts (1.4)
Self-Executing contracts where the terms of agreement or conditions are written directly into lines of code
Permissioned Blockchain (1.4)
Used for business transactions and it promotes new levels of trust and transparency using this immutable public ledgers
TPM (1.4)
Trusted Module Platform; Dedicated microcontroller designed to secure hardware through integrated cryptographic keys
HSM (1.4)
Hardware Security Module; Physical device that safeguards and manages digital keys, primarily used for mission-critical situations like financial transactions
KMS (1.4)
Key Management System; Integrated approach for generating, distributing, and managing cryptographic keys for devices and applications
Secure Enclave (1.4)
Co-processor integrated into the main processor of some devices, designed with the sole purpose of ensuring data protection
Steganography (1.4)
Derived from the Greek words meaning “covered writing,” and it is all about concealing a message within another so that the very existence of the message is hidden
Tokenization (1.4)
Transformative technique in data protection that involves substituting sensitive data elements with non-sensitive equivalents, called tokens, which have no meaningful value
Data Masking (1.4)
Used to protect data by ensuring that it remains recognizable but does not actually include sensitive information
Change Management (1.3)
An organizations orchestrated strategy to transition from its existing state to a more desirable
CABChange Management (1.3)
Change Advisory Board- Body of representatives from various parts of an organization that is responsible for evaluation of any proposed changes
Change Owner (1.3)
An individual or a team that initiates the change request
Stakeholder (1.3)
A person who has a vested interest in the proposed change
Impact Analysis (1.3)
An integral part of change management process that involves understanding of changes potential fallout
-What could go wrong?
-What would be the immediate effects?
-How would the long-term ops be impacted?
-Are there unforeseen challenges that might cause an issue?
Change Management Process (1.3)
Preparation
Vision for Change
Implementation
Verification
Documentation
Preparation (Change Management) (1.3)
Involves assessing the current state and recognizing the need for transition
Vision for Change Change Management (1.3)
A clear, compelling description of the desired future state that is guiding the transformation process within an organization
-Define future state
-Explain reasons for change
-Ensure vivid vision
Implementation (Change Management) (1.3)
Put the plan into action
-Training
-Restructuring teams
-Introducing new technologies
-Continuous communication
Verification (Change Management) (1.3)
Measuring the changes effectiveness by comparing it to the initial objectives
-Surveys
-Performance metrics analysis
-Stakeholder interviews
Documentation (Change Management) (1.3)
Creating a thorough record of the entire change process
-Reflect on past initiatives
-Understand decisions
-Improve practices
Areas of Consideration (Change Management Process) (1.3)
- Use of scheduled maintenance windows
- Creation of a backout plan
- Testing of results
- Use of Standard Operating Procedures (SOPs)
Backout Plan (1.3)
Predetermined strategy for restoring systems to their initial state in case a change does not go as expected
SOP (1.3)
Standard Operating Procedure- A step-by-step instruction that guides the carrying out of a specific task to maintain consistency and efficiency
Technical Implications of Change (1.3)
Allow / Deny lists
Restricted Activities- Knowing the restrictions prior to implementing the change will prevent data breaches and operational problems (e.g. before updating server know whether or not its too sensitive to take offline)
Downtime
Service / Applications Restart
Legacy Applications
Dependencies
Documenting Changes (1.3)
Version Control
Proper Documentation
Maintenance of various associated records
Version Control (1.3)
Tracks and manages changes in documents and software, enabling collaborative work and reverting to prior versions when needed
Proper Documentation (1.3)
Document and record every change
Update diagrams
Revise policies
Update change requests
Maintain associated trouble tickets
