SY0-701: 2.0 (Threats, Vulnerabilities, and Mitigations) Flashcards

Question 1

Q

Vulnerability (2.3)

Answer

A

Any weakness in the system design or implementation (software bugs, misconfigures software. improperly protected network devices, missing security patches, lack of physical security)

Question 2

Q

Threat Actor Attributes (2.1)

Answer

A

Specific characteristics or properties that define and differentiate various threat actors from one another

Question 3

Q

Threat Actor (2.1)

Answer

A

Individual or entity responsible for incidents that impact security and data protection

Question 4

Q

Threat Actor Types (2.1)

Answer

A

Unskilled Attackers- baby hackers
Hacktivists- driven by cause
Organized Crime- driven by money
Nation-State Actors- cyber warfare/espionage
Insider Threats- revenge or accidental

Question 5

Q

Unskilled Attacker (2.1)

Answer

A

AKA Script Kiddie
Runs scripts w/ no knowledge of how it works

Question 6

Q

Hacktivist (2.1)

Answer

A

Individuals or groups that use their technical skills to promote a cause or drive a social change instead of for personal gain

Question 7

Q

Organized Crime (2.1)

Answer

A

Sophisticated and well-structured entities that leverage resources and technical skills for illicit gain

Question 8

Q

Nation-State Actor (2.1)

Answer

A

Highly trained and often funded by nation states/governments

Question 9

Q

Insider Threat (2.1)

Answer

A

Cybersecurity threats that originate from within an organization (malicious or accidental)

Question 10

Q

Threat Actor Motivations (2.1)

Answer

A

Data exfiltration
Espionage
Service disruption
Blackmail
Financial gain
Philosophical/political beliefs
Ethical
Revenge
Disruption/chaos
War

Question 11

Q

Threat Actor Attributes (2.1)

Answer

A

Internal / External
Resources / Funding (tools, skills, personnel)
Level of sophistication / Capability (technical skill, coimplexity of tools, ability to evade detection)

Question 12

Q

False Flag Attack (2.1)

Answer

A

Attack that is orchestrated in such a way that it appears to originate from a different source or group (popular style w/ nation-state groups)

Question 13

Q

APT (2.1)

Answer

A

Advanced Persistent Threat- Prolonged and targeted cyber attack in which an intruder gains unauthorized access to a network and remains undetected for an extended period of time while trying to steal data or monitor network activities rather than cause immediate damage

Question 14

Q

Shadow IT (2.1)

Answer

A

The use of information technology systems, devices, software, applications, and services without explicit organizational approval

Question 15

Q

Threat Vector (2.2)

Answer

A

Method used by an attacker to access a victim’s machine (e.g. a vulnerability; messages, images, files, etc.)

Question 16

Q

Attack Surface (2.2)

Answer

A

Encompasses all the various points where an unauthorized user can try to enter data to or extract data from an environment

Question 17

Q

BlueBorne (2.2)

Answer

A

Set of vulnerabilities in Bluetooth technology that can allow an attacker to take over devices or spread malware

Question 18

Q

BlueSmack (2.2)

Answer

A

Type of DOS attack that targets Bluetooth-enabled devices by sending a specially crafted Logical Link Control and Adaptation Protocol packet to a target device

Question 19

Q

Forms of Impersonation (2.2)

Answer

A

Impersonation
Brand Impersonation
Typosquatting
Watering Hole Attacks

Question 20

Q

Brand Impersonation (2.2)

Answer

A

Specific form of impersonation where an attacker pretends to represent a legitimate company or brand

Question 21

Q

Impersonation (2.2)

Answer

A

An attack where an adversary assumes the identity of another person to gain unauthorized access to resources or steal sensitive data

Question 22

Q

Typosquatting (2.2)

Answer

A

A form of cyber attack where an attacker registers a domain name that is similar to a popular website but contains some kind of common typographical errors

Question 23

Q

Watering Hole Attacks (2.2)

Answer

A

Targeted form of cyber attack where attackers compromise a specific website or service that their target is known to use

Question 24

Q

Pretexting (2.2)

Answer

A

Technique where an attacker provides some information that seems true in an attempt to get the victim to provide more information

Question 25

Q

Phishing Attack Types (2.2)

Answer

A

Phishing
Vishing
Smishing
Whaling
Spear Phishing
Business Email Compromise

Question 26

Q

Phishing (2.2)

Answer

A

Fraudulent attack using deceptive emails from trusted sources to trick individuals into disclosing personal information like passwords and credit card numbers

Question 27

Q

Vishing (2.2)

Answer

A

Voice Phishing- Phone-based attack in which the attacker deceives victims into divulging personal or financial information

Question 28

Q

Smishing (2.2)

Answer

A

SMS Phishing- Attack that uses text messages to deceive individuals into sharing their personal information

Question 29

Q

Whaling (2.2)

Answer

A

Form of spear phishing that targets high-profile individuals, like CEOs or CFOs

Question 30

Q

Spear Phishing (2.2)

Answer

A

Phishing with a more tightly focused group of individuals or organizations

Question 31

Q

Business Email Compromise (BEC) (2.2)

Answer

A

Advanced phishing attack that leverages internal email accounts within a company to manipulate employees into carrying out malicious actions for the attacker

Question 32

Q

Identity Theft (2.2)

Answer

A

When attackers tries to fully assume the identity of their victim

Question 33

Q

Identity Fraud (2.2)

Answer

A

e.g. Attacker takes the victims credit card number and makes charges

Question 34

Q

Scam (2.2)

Answer

A

A fraudulent or deceptive act or operation

Question 35

Q

Invoice Scam (2.2)

Answer

A

A scam in which a person is tricked into paying for a fake invoice for a service or product that they did not order

Question 36

Q

Misinformation (2.2)

Answer

A

Inaccurate information shared unintentionally

Question 37

Q

Disinformation (2.2)

Answer

A

Intentional spread of false information to deceive or mislead

Question 38

Q

Attack Vector (2.4)

Answer

A

A means by which an attacker gains access to a computer to infect the system with malware

Question 39

Q

Malware (2.4)

Answer

A

Malicious Software (Viruses, trojans, worms, etc.)

Question 40

Q

Virus (2.4)

Answer

A

Malicious code that’s run on a machine without the user’s knowledge
*requires user actions to reproduce and spread

Question 41

Q

Virus Types (2.4)

Answer

A

Boot Sector
Macro
Program
Multipartite
Encrypted
Polymorphic
Metamorphic
Stealth
Armored
Hoax

Question 42

Q

Boot Sector Virus (2.4)

Answer

A

Stored in the first sector of a hard drive and loaded into memory upon boot up

Question 43

Q

Macro Virus (2.4)

Answer

A

Allows virus to be embedded w/i another document (Word Doc, Spreadsheet, etc.)

Question 44

Q

Program Virus (2.4)

Answer

A

Infect an executable or application file

Question 45

Q

Multipartite Virus (2.4)

Answer

A

Combination of a boot sector virus and program virus; first attaches itself to the boot sector and system files before attacking other files

Question 46

Q

Encrypted Virus (2.4)

Answer

A

Uses cipher to encrypt its contents in an attempt to hide from antivirus

Question 47

Q

Polymorphic Virus (2.4)

Answer

A

Advanced version of an encrypted virus; changes itself every time it is executed by altering the decryption module in an attempt to hide from antivirus

Question 48

Q

Metamorphic Virus (2.4)

Answer

A

Advanced version of Polymorphic Virus; is able to rewrite itself entirely before it attempts to infect a file

Question 49

Q

Stealth Virus (2.4)

Answer

A

A way viruses protect themselves

Question 50

Q

Armored Virus (2.4)

Answer

A

Has a layer of protection to confuse a program or person analyzing it

Question 51

Q

Hoax Virus (2.4)

Answer

A

Tricks user into infecting their own machine; ““Your machine has been infected”” messages; user gets the virus if they follow instructions; form of social engineering

Question 52

Q

Worm (2.4)

Answer

A

Malicious software that is able to replicate and spread without any user interaction; cause disruption to normal network traffic and computing activities

Question 53

Q

Trojan (2.4)

Answer

A

Malicious software which is disguised as harmless or desirable software; will usually provide desirable function as well as malicious one

Question 54

Q

RAT (2.4)

Answer

A

Remote Access Trojan: trojan which gives attacker remote access to machine; most common type of trojan

Question 55

Q

Ransomware (2.4)

Answer

A

Encrypts users files and provides instructions for payment to decrypt files

Question 56

Q

Spyware (2.4)

Answer

A

Secretly gathers information about user w/o their consent; may include keylogger

Question 57

Q

Adware (2.4)

Answer

A

Type of spyware which displays ads based on info collected while collecting data w/o consent

Question 58

Q

Grayware (2.4)

Answer

A

Also known as Jokeware; Causes improper system behavior w/o serious consequences (eg crazymouse)

Question 59

Q

Botnet (2.4)

Answer

A

Network of compromised computers or devices controlled remotely by malicious actors; Allows attacker to use the devices processing power, memory etc. for nefarious purposes

Question 60

Q

Zombie (2.4)

Answer

A

A compromised computer or device that is part of a botnet and used to perform tasks using remote commands

Question 61

Q

Command and Control Node (2.4)

Answer

A

AKA C2 Node- Responsible for managing and coordinating the activities of other nodes or devices within a network

Question 62

Q

Rootkit (2.4)

Answer

A

Designed to gain administrative level control on computer system w/o being detected; typically uses method called DLL Injection or Driver Manipulation

Question 63

Q

DLL Injection (2.4)

Answer

A

Malicious code is inserted into a running process on a Windows machine by taking advantage of Dynamic Link Libraries which are loaded at runtime

Question 64

Q

Driver Manipulation (2.4)

Answer

A

Compromises the kernel-mode device drivers which operate at a privileged or system level

Answer 65

A

Code placed between two components to intercept calls and redirect them; similar concept as man in the middle

Answer 66

A

Abuse of electronic messaging systems; usually email, texts, etc.; usually just annoying but can be dangerous if malicious code is embedded in messages

Answer 67

A

Controlling the Assault of Non-solicited Pornography And Marketing; 1st national standards for sending commercial emails

Answer 68

A

Spam over instant messaging; text messages, chat rooms, etc.

Answer 69

A

Used to bypass the normal security and authentication functions

Answer 70

A

Unsecure coding practice that was used by programmers to provide a joke or a gag gift to the users

Answer 71

A

Malicious code that’s inserted into a program and will only execute when certain conditions have been met

Answer 72

A

Piece of software or hardware that records every single keystroke that is made on a computer or mobile device

Answer 73

A

Used to create a process in the system memory without relying on the local file system on the infected host

Answer 74

A

Initiates or runs other malware forms within a payload on an infected host

Answer 75

A

Retrieves additional tools post the initial infection facilitated by a dropper

Answer 76

A

Encompasses lightweight code meant to execute an exploit on a given target

Answer 77

A

Used to help the threat actor prolong unauthorized access to a system by hiding tracks, erasing log files, and hiding any evidence of malicious activities

Answer 78

A

A strategy adopted by many APTs and criminal organizations
The threat actors try to exploit the standard system tools to perform intrusions

Answer 79

A

Account lockout
Concurrent session usage
Blocked content
Impossible travel
Resource consumption
Resource inaccessibility
Out-of-cycle logging
Missing logs
Published or documented attacks

Answer 80

A

User’s unable to access accounts due to login attempts

Answer 81

A

User’s having multiple concurrent/simultaneous sessions

Answer 82

A

Increase in blocked content notices from security tools

Answer 83

A

User’s account is accessed from two different geographic locations in an impossible amount of time

Answer 84

A

System slowdowns for unidentified reasons

Answer 85

A

Inability to access resources such as files or systems

Answer 86

A

Log files generated at odd hours

Answer 87

A

Log files missing/deleted; time gap in logs

Answer 88

A

If a report is published stating your organization has been attacked

Answer 89

A

Generic greetings
Spelling and grammar mistakes
Spoofed email addresses
Urgency
Unusual requests
Mismatched URLs
Strange email addresses

Answer 90

A

Techniques and strategies that adversaries employ to exploit vulnerabilities in cryptographic systems with the intent to compromise the confidentiality, integrity, or authenticity of data

Answer 91

A

aka Version Rollback Attack- Cryptographic attack which aims to force a system into using a weaker or older cryptographic standard or protocol than what it’s currently utilizing

Answer 92

A

A computer that uses quantum mechanics to generate and manipulate quantum bits (qubits) in order to access enormous processing powers

Answer 93

A

Aims to find two different inputs that produce the same hash output

Answer 94

A

A communications network that relies on qubits made of photons to send multiple combinations of ones and zeros simultaneously which results in tamper resistant and extremely fast communications

Answer 95

A

A quantum bit composed of electrons or photons that can represent numerous combinations of ones and zeros at the same time through superposition

Answer 96

A

A new kind of cryptographic algorithm that can be implemented using todays classical computers but is also impervious to attacks from future quantum computers

Answer 97

A

CRYSTALS-Dilithium - Recommended by NIST for digital signatures
FALCON
SPHINCS+ - Focuses on hashing

Answer 98

A

Involves trying every possible combination of characters until the correct password is found
Mitigated against by:
Increasing complexity
Increasing length
Limiting number of login attempts
Using multifactor authentication
Using CAPTCHAS

Answer 99

A

Using a list of commonly used passwords and trying them all
Mitigated against by:
Increasing complexity
Increasing length
Limiting number of login attempts
Using multifactor authentication
Using CAPTCHAS

Answer 100

A

A form of brute force attack that involves trying a small number of commonly user passwords against a large number of usernames or accounts
Mitigated against by:
Using unique passwords
Using multifactor authentication

Answer 101

A

Blends brute force and dictionary techniques by using common passwords with variations, such as adding numbers or special characters

Answer 102

A

Security flaws or weaknesses inherent in a devices physical components or design that can be exploited to compromise the integrity, confidentiality, or availability of the system and its data

Answer 103

A

Specialized form of software stored on hardware device, like a router or a smart thermostat, that provides low-level control for the devices specific hardware

Answer 104

A

Refers to hardware or software products that have reached the end of their life cycle; vendors no longer providing support

Answer 105

A

Outdated computing software, hardware, or technologies that have been largely superseded by newer and more efficient alternatives

Answer 106

A

Hardware or software products that no longer receive official technical support, security updates, or patches from their respective vendors or developers

Answer 107

A

Device, application, or piece of software that has not been updated with the latest security patches so that it remains vulnerable to known exploits and attacks

Answer 108

A

Occurs when a devices settings, parameters, or options are not optimally set up, and this can cause vulnerabilities to exist, a decrease in performance, or unintended behavior of devices or systems

Answer 109

A

Involves tightening the security of a system

Answer 110

A

Involves the regular updating of the software, firmware, and applications with the latest security patches

Answer 111

A

Means that the system is retired and removed from the network

Answer 112

A

Used to limit the potential damage that might occur from a potential security breach

Answer 113

A

Used to divide the network into segments

Answer 114

A

Used to ensure that all devices and systems adhere to a standard secure configuration

Answer 115

A

Wireless technology standard used for exchanging data between fixed and mobile devices over short distances without the need for an Internet connection

Answer 116

A

Occurs when Bluetooth devices establish a connection without proper authentication

Answer 117

A

Occurs when an attacker impersonates a device to trick a user into connecting

Answer 118

A

Exploits Bluetooth protocol vulnerabilities to intercept and alter communications between devices without either party being aware

Answer 119

A

Attacker sends unsolicited messages to a Bluetooth enabled device to test the vulnerability of the device

Answer 120

A

Attacker obtains unauthorized access to a device using Bluetooth connection oftentimes to steal data such as contacts, call logs, and/or text messages

Answer 121

A

Bluetooth attack which focuses on a denial of service by sending a large amount of data

Answer 122

A

An attack which is sent wirelessly and can affect numerous devices within seconds without requiring user intervention

Answer 123

A

Keep Bluetooth off when not in use
Ensure devices are set to non-discoverable
Regularly update firmware
Only allow pairing between known/trusted devices
Use unique PINs or passkeys
Be cautious of unsolicited connection requests
Use encryption for sensitive data transfers

Answer 124

A

The practice of installing applications on a device from unofficial sources which actually bypasses devices default app store

Answer 125

A

Process that gives users escalated privileges on the devices and allows users to circumvent the built-in security measures provided by the devices

Answer 126

A

Mobile Device Management- used to conduct patching of the devices by pushing any necessary updates to the devices to ensure that they are always equipped with the latest security patches

Answer 127

A

Any vulnerability that’s discovered or exploited before the vendor can issue a patch for it

Answer 128

A

Any unknown exploit that exposes a previously unknown vulnerability in the software or hardware

Answer 129

A

Unauthorized data transfers from within an organization to an external location

Answer 130

A

Occurs when an attacker has been able to craft a malicious update to a well-known and trusted program in order to compromise the systems of the programs end users

Answer 131

A

The insertion of code through a data input form from a client to an application

Answer 132

A

Structured Query Language- used to search, input, update, and delete data from a database

Answer 133

A

Extensible Markup Language- Used by web applications for authentication, authorization, and other types of data exchange

Answer 134

A

Billion Laughs Attack- XML encodes entities that expand to exponential sizes, consuming memory on the host and potentially crashing it

Answer 135

A

XML External Entity- An attack that embeds a request for a local resource

Answer 136

A

Cross Site Scripting- Injects a malicious script into a trusted site to compromise the sites visitors

Answer 137

A

Persistent Cross Site Scripting- Allows an attacker to insert code into the backend database used by that trusted website

Answer 138

A

Document Object Model Cross Site Scripting- Exploits the client-side scripts to modify the content and layout of the web page

Answer 139

A

Enables web applications to uniquely identify a user across several different actions and requests

Answer 140

A

Text file used to store information about a user when they visit a website

Non-Persistent: Known as a session cookie, which resides in memory and is used for a very short period of time; when session concludes cookie is deleted

Persistent: Store in the browser cache until either deleted by a user or expired

Answer 141

A

Type of spoofing attack where the attacker disconnects a host and then replaces it with his or her own machine by spoofing the original host IP

Answer 142

A

Type of spoofing attack where the attacker attempts to predict the session token in order to hijack the session

Answer 143

A

Cross-Site Request Forgery- Malicious script is used to exploit a session started on another site within the same web browser

Answer 144

A

Occurs when data exceeds allocated memory, potentially enabling unauthorized access or code execution

Answer 145

A

A temporary storage area where a program stores its data

Answer 146

A

Software vulnerability where the outcome depends on the timing of events not matching the developers intended order

Typically occur outside the normally logged processes on a computer making them difficult to detect

Answer 147

A

Software vulnerability that occurs when the code attempts to remove the relationship between a pointer and the thing that pointer was pointing to in the memory

Answer 148

A

Popular 2016 exploit showcasing a race condition exploitation

Answer 149

A

Copy On Write

Answer 150

A

Time Of Check- Type of race condition where an attacker can alter a system resource after an application checks its state but before the operation is performed

Answer 151

A

Time Of Use- Type of race condition that occurs when an attacker can change the state of a system resource between the time it is checked and the time it is used

Answer 152

A

Time Of Evaluation- Type of race condition that involves the manipulation of data or resources during the time window when a system is making a decision or evaluation

Answer 153

A

Mutually exclusive flag that acts as a gatekeeper to a section of code so that only one thread can be processed at a time

Answer 154

A

Occurs when a lock remains in place because the process its waiting for is terminated, crashes, or doesn’t finish properly, despite the processing being complete

Answer 155

A

Specialized type of DoS attack which attempts to send more packets to a single server or host

Answer 156

A

A variety of flood attack in which a server is sent with too many pings (ping = ICMP echo but exam refers to it as a ping)

Answer 157

A

A variety of a flood attack where an attacker will initiate multiple TCP sessions but never complete the three-way handshake

Answer 158

A

Permanent Denial of Service- An attack whi9ch exploits a security flaw by re-flashing a firmware, permanently breaking the networking device

Answer 159

A

A large number of processes is created to use up a computers available processing power

Answer 160

A

Specialized DDoS attack where the attacker overloads a target system with DNS response traffic by exploiting the DNS resolution process

Answer 161

A

Method of fighting a DDoS attack by identifying attacking IP addresses and routing all their traffic to a non-existent server (this is a temporary solution since attackers can just change their IP address)

Answer 162

A

Scales up as server requirements increase which can ride out a DDoS attack but costs money due to scaling up

Answer 163

A

Domain Name Systems- Responsible for translating human-friendly domain names into IP addresses that computers can understand

Answer 164

A

aka DNS Spoofing- Involves corrupting the DNS resolver with false information

Answer 165

A

Domain Name System Security extensions- adds a digital signature to the organizations DNS data; combats DNS Cache Poisoning

Answer 166

A

Uses DNS protocol over port 53 to encase non-DNS traffic, trying to evade firewall rules for commands control or data exfiltration

Answer 167

A

Altering a domain names registration without the original registrants consent

Answer 168

A

The attacker mimics an authorized system to request an obtain the entire DNS zone data for a domain

Answer 169

A

A type of injection attack that allows access to commands, files, and directories, either connected to web document root directory or not (e.g. ../../../../)

Answer 170

A

%2e%2e%2f (%2e = “.” ; %2f = “/”)

Answer 171

A

Allows an attacker to either download files from an arbitrary location or upload an executable or script file to open a backdoor

Answer 172

A

Occurs when an attacker tries to execute a script to inject a remote file

Answer 173

A

Occurs when an attacker tries to add a file that already exists

Answer 174

A

A vulnerability that allows an attacker to run a code or module that exploits a vulnerability

Answer 175

A

A type of arbitrary code execution that allows an attacker to transmit code from a remote host

Answer 176

A

Occurs when a user accesses or modifies specific resource that they are not entitles to normally access

Vertical Privilege Escalation- From normal level user to higher level (e.g. regular user to root)

Horizontal Privilege Escalation- From one user to another of generally the same level (e.g. from sales user to HR user)

Answer 177

A

A class of malware that modifies system files, often at the kernel level, to conceal its presence

Kernel Mode and User Mode

Answer 178

A

Type of network-based attack that involves maliciously repeating or delaying valid data transmissions (e.g. attacker records banking login session and plays it back at a later time to log in as you)

Answer 179

A

A type of spoofing attack where the host is disconnected and replaced by the attacker; a lot of times this is done by stealing session cookies

Answer 180

A

Unique data pieces that prevent session replay by attackers

Answer 181

A

A fundamental security component that enables web applications to identify a user

Answer 182

A

An attacker attempts to predict the session token to hijack that session

Answer 183

A

Modifying the contents of a cookie to be sent to a clients browser and exploit the vulnerabilities in an application

Answer 184

A

aka Interception Attack- An attack where the attacker puts the workstation logically between two hosts during the communication

Answer 185

A

Occurs when attackers insert themselves in between two hosts and become part of the conversation

Answer 186

A

Tricking the encryption application with an HTTP connection instead of an HTTPS connection

Answer 187

A

Occurs when an attacker attempts to have a client or server abandon its higher security mode

Answer 188

A

Lightweight Directory Access Protocol Injection- An attack in which LDAP statements, typically created by user input, are fabricated

Answer 189

A

A threat actor is able to execute arbitrary shell commands via a vulnerable web application

Answer 190

A

A method of executing arbitrary code in the address space of a separate live process

Answer 191

A

Indicators of Compromise- Data pieces that detect potential malicious activity on a network or system

Account lockouts (multiple failed login attempts)
Concurrent session usage (one user w/ multiple sessionts)
Blocked content (users attempting to download content w/o proper privileges)
Impossible travel (users logs on from US and an hour later from India)
Resource consumption
Resource inaccessibility (inablility to access resources such as a database)
Out-of-cycle logging (logs show entries during hours when office is closed)
Articles or documents on security breach sites
Missing logs

Answer 192

A

A process of configuring a workstation or server with only essential applications and services for the user

Answer 193

A

A security measure that permits only approved applications to run on an operating system; this is more secure than blocklisting since everything is denied by default but is more difficult to set up

Answer 194

A

Entails preventing listed applications from running, allowing all others to execute; less secure than allowlisting but easier to set up

Answer 195

A

Background applications that operate within the OS, executing a range of tasks; unnecessary services should be disabled

Answer 196

A

sc stop [service name] (sc = service controls or…
net stop [service name]

Answer 197

A

top (displays running processes with their associated pid’s
kill pid [process id of process to kill] (pid = process ID)

Answer 198

A

Trusted Operating System- Designed to provide a secure computing environment by enforcing stringent security policies that usually rely on mandatory access controls

Answer 199

A

POSIX-based operating system that is designed for embedded system use

Answer 200

A

Evaluation Assurance- Based on a set of predefined security standard and Certification from the Common Criteria for Information Technology Security Evaluation; has levels (1-7) e.g. Integrity-178B EAL level 6; highest level is 7

Most user based OS’s (Linux, Mac, Windows) are EAL level 4 or 4+ meaning they were carefully designed, tested and reviewed, and offer good security assurance

Answer 201

A

Mandatory Access Control- Access permissions are determined by a policy defined by the system administrators and enforced by the operating system

Answer 202

A

Offers secure, multi-level operations with MAC, detailed system audits, and data/process compartmentalization

Answer 203

A

A software patch that solves a security issue and should be applied immediately after being tested in a lab environment

Answer 204

A

Provides a system with additional functionality but does not usually provide any patching of security related issues

Answer 205

A

Includes all the hotfixes and updates since the release of the operating system

Answer 206

A

Assign a dedicated team to track vendor security patches
Establish automated system-wide patching for OS and applications
Include cloud resources in the patch management
Categorize patches as urgent, important, or non-critical for prioritization
Create a test environment to verify critical patches before production deployment
Maintain comprehensive patching logs for program evaluation and monitoring
Establish a process for evaluating, testing, and deploying firmware updates
Develop a technical process for deploying approved urgent patches to production
Periodically assess non-critical patches for combined rollout

Answer 207

A

Planning, testing, implementing, and auditing of software patches

Answer 208

A

Planning- Create policies, procedures, and systems to track and very patch compatibility
Testing
Implementation
Auditing

Answer 209

A

Microsoft Endpoint Manager
Cisco UCS Manager

Answer 210

A

Process of converting data into a secret code to prevent unauthorized access

Answer 211

A

Full Disk Encryption- Encrypts an entire hard disk (Bitlocker / FileVault)
Partition- Encrypts a specified partition (VeraCrypt)
File- Encrypts an individual file (GNU Privacy Guard aka GPG)
Volume- Encrypts a specified volume (VeraCrypt)
Database- Encrypts an entire database
Record- Encrypts specific record in a database

Answer 212

A

GNU Privacy Guard- Provides cryptographic privacy and authentication for data communication

Answer 213

A

SQL Server Transparent Data Encryption- Auto-encrypts the entire database without needing application changes, as the system handles encryption and decryption

Brainscape's Knowledge GenomeTM

SY0-701: 2.0 (Threats, Vulnerabilities, and Mitigations) Flashcards

Brainscape's Knowledge Genome^TM