Terms

Question 1

What are the 6 control types?

Answer 1

1. Preventative
2. Detective
3. Corrective
4. Deterrent
5. Compensating
6. Directive

Question 2

What are the 4 control categories?

Answer 2

1. Managerial
2. Physical
3. Operational
4. Technical

Question 3

What does the CIA Triad stand for and what does it mean?

Answer 3

C - Confidentiality (Certain info should only be know to certain people, encryption, access control, 2 factor authentication, etc.)
I - Integrity (Data is stored and transferred as intended, hashing, certificates, etc.)
A - Availability (Information is accessible to authorized users, redundancy, fault tolerance, etc.)

Question 4

What is a threat vector?

Answer 4

A method used by the attacker to gain access or infect the target

Question 5

What are the various types of threat vectors?

Answer 5

1. Message-based vectors
   
   • Phishing attacks
   • Social Engineering Attacks
2. Image-based vectors
   
   • HTML injection
   • image formats can be a threat
3. File-based vectors
   
   • more than just .exe
   • PDF, ZIP/RAR files, Office
4. Voice call vectors
   
   • Vishing
   • War dialing
5. Removable device vectors
6. Vulnerable software vectors
7. Unsupported systems vectors
8. Insecure network vectors
9. Open Service Ports
10. Default Credentials
11. Supply chain vectors

Question 6

What is an on-path network attack?

Answer 6

Known as a man-in-the-middle attack, redirects traffic then passes it on to the destination. Can be achieved with ARP poisoning on the local IP subnet

Question 7

What is an on-path browser attack?

Answer 7

Similar to the man-in-the-middle attack but if the middleman is on the same computer as the victim. Allows malware/trojan to do all of the proxy work. Relatively easy to proxy encrypted traffic, and looks normal to the victim.

Question 8

What does IaaS, PaaS, and SaaS mean?

Answer 8

Infrastructure as a Service, Platform as a Service, and Software as a Service

Question 9

What does EAP mean and do?

Answer 9

Stands for Extensible Authentication Protocol (EAP), and is an authentication framework. EAP integrates with 802.1X which prevents access to the network until authentication succeeds.

Question 10

What is IEEE 802.1X?

Answer 10

an IEEE Standard for port-based network access control (PNAC). It is part of the IEEE 802.1 group of networking protocols. It provides an authentication mechanism to devices wishing to attach to a LAN or WLAN.

Question 11

What is SSL/TLS?

Answer 11

SSL stands for secure socket layer and is a communication protocol, or set of rules, that creates a secure connection between two devices or applications on a network. Transport Layer Security (TLS) is the upgraded version of SSL that fixes existing SSL vulnerabilities. TLS authenticates more efficiently and continues to support encrypted communication channels.

Question 11

What is geofencing?

Answer 11

Automatically allow or restrict access when the user is in a particular location

Question 12

What is tokenization?

Answer 12

Replace sensitive data with a non-sensitive placeholder
ex: SSN 266-12-1112 is now 691-61-8539

Question 13

What does COPE stand for?

Answer 13

Corporate owned, personally enabled. Company buys the device and is used as both a corporate device and a personal defice

Question 14

What is SCAP?

Answer 14

Security Content Automation Protocol. It is a suite of tools that have been compiled to be compatible with various protocols for things like configuration management, compliance requirements, software flaws, or vulnerabilities patching. Accumulation of these standards provides a means for data to be communicated between humans and machines efficiently.

Question 15

What is LDAP?

Answer 15

Lightweight Directory Access Protocol. It is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network.

Question 16

What does CRL stand for and mean?

Answer 16

A certificate revocation list (CRL) is a list of digital certificates that have been revoked by the issuing certificate authority (CA) before their actual or assigned expiration date.

Question 17

What does OCSP stand for and mean?

Answer 17

Online Certificate Status Protocol, is a protocol used by the browser to check the revocation status of a certificate

Question 18

What does CA stand for and mean?

Answer 18

Certificate Authority, which deploys and manages certificates

Question 19

What does CSR stand for and mean?

Answer 19

Certificate Signing Request, this is sent with the public key to the certificate authority. Once the certificate information has been verified, the CA will digitally sign the public key certificate.

Question 20

What are the phases for incident response?

Answer 20

Preparation
Detection
Analysis
Containment
Eradication
Recovery
Lessons learned

Question 21

What does SPF stand for and mean?

Answer 21

Sender Policy Framework, provides authorization for email servers. The recipient of an email can view the SPF record of a domain to determine if an email was sent from an authorized server.

Question 22

What is journaling?

Answer 22

Writing data to a journal before committing the data to a large data store. Can help prevent corruption of the data if the writing process was interrupted.

Question 23

What is data in-transit?

Answer 23

Data that moves across the network

Question 24

What is data at-rest?

Answer 24

Data located on a storage device

Question 25

What is data in-use?

Answer 25

Data in the memory of a device

Question 26

What is a data owner?

Answer 26

The data owner is accountable for the classification, protection, use, and quality of one more data sets within an organization.

Question 27

What is a data steward?

Answer 27

The data steward is a subject expert with a thorough understanding of a particular data set. They are responsible for ensuring the classification, protection, use, and quality of the data is in line with the data governance standards set by the owner.

Question 28

What is a data controller?

Answer 28

The entity who uses the data (i.e. HR, Dept, which collects employee information)

Question 29

What is a data processor?

Answer 29

The entity that processes the data on behalf of the data controller (i.e., the HR Dept offloads payroll to some 3rd party company)

Question 30

What is OSINT?

Answer 30

Open Source Intelligence, the process of obtaining information from open sources such as social media sites, corporate websites, online forums, etc.

Question 31

What is exfiltration?

Answer 31

The theft of data by an attacker

Question 32

What is active reconnaissance?

Answer 32

the process where the attacker engages with the target system to gather information

Question 33

What is log aggregation?

Answer 33

A method of centralizing evidence and log files for reporting and future analysis

Question 34

What is escalation scripting?

Answer 34

Scripting and automation to orchestrate the escalation response when a security issue is detected

Question 35

What is Smishing?

Answer 35

Phishing using SMS (Short Message Service), text messaging

Question 36

What is a watering hole attack?

Answer 36

Requires users to visit a central website or location

Question 37

What is a typosquatting attack?

Answer 37

Uses a misspelling of a domain name to redirect victims to a malicious site

Question 38

What is a VM escape?

Answer 38

A vulnerability that allows communication between separate VMs

Question 39

What is SDN?

Answer 39

Software-defined networking (SDN) is an approach to network management that enables dynamic and programmatically efficient network configuration to improve network performance and monitoring in a manner more akin to cloud computing than to traditional network management.

Question 40

What is DKIM?

Answer 40

DomainKeys Identified Mail (DKIM) is an email authentication method designed to detect forged sender addresses in email (email spoofing), a technique often used in phishing and email spam.

Question 41

What is RADIUS?

Answer 41

Remote Authentication Dial-In User Service (RADIUS) is a networking protocol that provides centralized authentication, authorization, and accounting (AAA) management for users who connect and use a network service.

Question 42

What is a VLAN?

Answer 42

VLAN (Virtual Local Area Network) is a common method of using a switch to logically segment a network. The devices in each segmented VLAN can only communicate with other devices in the same VLAN. A router is used to connect VLANs, and this router can often be used to control traffic flows between the VLANs.

Question 43

What is a VPN?

Answer 43

A VPN (Virtual Private Network) is an encryption technology used to secure network connections between sites or remote end-user communication. VPNs are not commonly used to segment internal network communication.

Question 44

What is RBAC?

Answer 44

BAC (Role-Based Access Control) describes a control mechanism for managing rights and permissions in an operating system. RBAC is not used for network segmentation.

Question 45

What is a jump server?

Answer 45

A jump server is a highly secured device commonly used to access secure areas of another network. The technician would first connect to the jump server using SSH or a VPN tunnel, and then "jump" from the jump server to other devices on the inside of the protected network. This would allow technicians at an MSP (Managed Service Provider) to securely access devices on their customer's private networks.

Question 46

What is HSM?

Answer 46

An HSM (Hardware Security Module) is a secure method of cryptographic key backup and hardware-based cryptographic offloading

Question 47

What is NAC?

Answer 47

NAC (Network Access Control) is a broad term describing access control based on a health check or posture assessment. NAC will deny access to devices that don't meet the minimum security requirements.

Question 48

What is an air gap?

Answer 48

An air gap is a segmentation strategy that separates devices or networks by physically disconnecting them from each other.

Question 49

What does MTBF stand for?

Answer 49

The MTBF (Mean Time Between Failures) is the average time expected between outages. This is usually an estimation based on the internal device components and their expected operational lifetime.

Question 50

What does MTTR mean?

Answer 50

MTTR (Mean Time to Repair) is the time required to repair a product or system after a failure.

Question 51

What does RPO stand for?

Answer 51

RPO (Recovery Point Objectives) define how much data loss would be acceptable during a recovery

Question 52

What does RTO stand for?

Answer 52

RTO (Recovery Time Objectives) define the minimum objectives required to get up and running to a particular service level.

Question 53

What is masking?

Answer 53

Data masking hides data from being viewed.

Question 54

What is IPsec?

Answer 54

a secure network protocol suite that authenticates and encrypts packets of data to provide secure encrypted communication between two computers over an Internet Protocol network. It is used in virtual private networks (VPNs).

Question 55

What is password vaulting?

Answer 55

a technique used to store passwords in a central location and protect them with encryption. The primary purpose of a password vault is to simplify password management by eliminating the need to memorize multiple passwords for different accounts.

Question 56

What is DAC?

Answer 56

With discretionary access control (DAC), access and permissions are determined by the owner or originator of the files or resources.

Question 57

What is side loading?

Answer 57

Circumventing a curated app store to install an app manually is called side loading.

Question 58

What is cross-site scripting?

Answer 58

Cross-site scripting is an attack that uses the trust in a browser to gain access to a third-party site.

Question 59

What is gap analysis?

Answer 59

A gap analysis is a formal process comparing the current security posture with where the company would like to be.

Question 60

What is a snapshot?

Answer 60

A snapshot is a type of backup commonly associated with virtual machines (VMs).

Question 61

What is OCSP stapling?

Answer 61

a technique that delivers revocation information to browsers. The certificate stapling process involves a current OCSP response being stapled into the HTTPS connection. This requires less traffic between the server and the browser, which then no longer has to request the OCSP itself.

Question 62

What is exposure factor?

Answer 62

An exposure factor describes a loss of value to the organization. For example, a network throughput issue might limit access to half of the users, creating a 50% exposure factor. A completely disabled service would calculated as a 100% exposure factor.

Question 63

What is risk tolerance?

Answer 63

Risk tolerance describes the amount of risk that would be acceptable to an organization. For example, an organization may tolerate the risk involved with a delay so that patches can be tested prior to deployment.

Question 64

What is DLP?

Answer 64

DLP (Data Loss Prevention) solutions can identify and block sensitive data from being sent over the network. DLP does not provide any additional security or protection for real-time financial transactions.

Question 65

What is NGFW?

Answer 65

An NGFW (Next-Generation Firewall) is an application-aware security technology. NGFW solutions can provide additional controls for specific applications, but they won't provide any additional account protections when sending financial details.

Question 66

What is an MDM?

Answer 66

An MDM (Mobile Device Manager) is used to manage and control an organization's mobile phones and tablets.

Question 67

What is RADIUS?

Answer 67

RADIUS (Remote Authentication Dial-In User Service) is an authentication protocol used for centralized authentication. RADIUS is commonly used in conjunction with 802.1X, but RADIUS does not provide data confidentiality or encryption.

Question 68

What is tunneling?

Answer 68

Tunneling describes the process of transferring data inside of another protocol type, such as sending encrypted data over a VPN (Virtual Private Network). Tunneling would not maintain network connectivity if an IPS was to fail.

Question 69

What is WAF?

Answer 69

A WAF (Web Application Firewall) is designed as a firewall for web-based applications. WAFs are commonly used to protect against application attacks such as injections, cross-site scripting, and invalid input types.

Question 70

What is UTM?

Answer 70

A UTM (Unified Threat Management) appliance acts as a traditional firewall, and many UTMs may also include additional features such as intrusion prevention and content filtering. However, UTMs are not commonly used for protection of web-based applications

Question 71

What is SASE?

Answer 71

SASE (Secure Access Service Edge) is a cloud-aware version of a VPN client, and it is commonly deployed as a client on the user device. A SASE solution would not commonly be used to protect a web-based application

Question 72

What are SNMP traps?

Answer 72

SNMP (Simple Network Management Protocol) traps are used to provide alerts and alarms from servers and infrastructure devices. SNMP is not an authentication protocol

Question 73

What is a rogue access point?

Answer 73

A rogue access point is an unauthorized access point added by a user or attacker. This access point may not necessarily be malicious, but it does create significant security concerns and unauthorized access to the corporate network.

Question 74

What is TPM?

Answer 74

TPM (Trusted Platform Module) is part of a computer’s motherboard, and it’s specifically designed to assist and protect with cryptographic functions. Full disk encryption (FDE) can use the burned-in TPM keys to verify the local device hasn’t changed, and there are security features in the TPM to prevent brute-force or dictionary attacks against the full disk encryption login credentials

Question 75

Define the mandatory access control

Answer 75

Mandatory access control uses a series of security levels (i.e., public, private, secret) and assigns those levels to each object in the operating system. Users are assigned a security level, and they would only have access to objects that meet or are below that assigned security level.

Question 76

Define the rule-based access control

Answer 76

rule-based access control determines access based on a series of system- enforced rules. An access rule might require a particular browser be used to complete a web page form, or access to a file or system is only allowed during certain times of the day.

Question 77

Define the discretionary access control

Answer 77

Discretionary access control allows the owner of an object to assign access. If a user creates a spreadsheet, the user can then assign users and groups to have a particular level of access to that spreadsheet.

Question 78

Define the role-based access control

Answer 78

Role-based access control assigns a user’s permissions based on their role in the organization. For example, a manager would have a different set of rights and permissions than a team lead.

Question 79

What is ACL?

Answer 79

An ACL (Access Control List) is a security control commonly implemented on routers to allow or restrict traffic flows through the network.

Question 80

What is ARO?

Answer 80

The ARO (Annualized Rate of Occurrence) describes the number of instances estimated to occur in a year. For example, if the organization expect to lose seven laptops to theft in a year, the ARO for laptop theft is seven.

Question 81

What is SLE?

Answer 81

SLE (Single Loss Expectancy) is the monetary loss if a single event occurs. If one laptop is stolen, the cost to replace that single laptop is the SLE, or $1,000.

Question 82

What is ALE?

Answer 82

The ALE (Annual Loss Expectancy) is the expected cost for all events in a single year. If it costs $1,000 to replace a single laptop (the SLE) and you expect to lose seven laptops in a year (the ARO), the ALE for laptop theft is $7,000.