Terms Flashcards

Question

Salted hash

Answer 1

A hash but with a little more additional random data as security. Rainbow table (every conceivable combination of hash) don’t work on salt hash

Answer 2

Integrity, authentication, non repudiation (not fake). Message is hashed then signed with senders private key = digital signature

Answer 3

A distributed ledger (database shared across multiple sites and keep track of transactions). So if someone sends bitcoin then everyone in that ledger get a receipt basically, if it’s changed by one person… then it makes it invalid.

Answer 4

X.509 Public certificate, given by CA (certificate authority). Web of trust another form which individuals sign off on it, the web of friends is trusted

Answer 5

Security of trust use by 3rd party saying this website is good

Answer 6

CA a trusted third party, they give websites certificate. So the check mark on google

Answer 7

Certificate signing request, a request by website they give their private and public key, the CA signs it with CA private they

Answer 8

Subject alternative name or wildcard certificate. Certificate can be used for many different domains, if it’s listed

Answer 9

Key revocation list, list of revoked certs

Answer 10

Online certificate status protocol, large scale “stapled” means it’s digitally signed by CA. Status of certificate checked by browser

Answer 11

Gov is APT advance persistent threat. They mostly do war like shit

Answer 12

Working around orgs built in rules, no knowledge of rules that impact org

Answer 13

Method used to gain access to system

Answer 14

Fake link that looks like official site

Answer 15

Invoice scam, they make you do something to gain info

Answer 16

Can get through network that’s air gap (not network connection) bypass firewall

Answer 17

Not installed in computer, need to connect to system (Internet) which infects computer via online

Answer 18

3rd party to be in infrastructure, via Managed service provider (MSP) so they infiltrate 3rd party system, like target

Answer 19

3rd party to be in infrastructure, via Managed service provider (MSP) so they infiltrate 3rd party system, like target

Answer 20

Non legitimate, fake. @us.al.mil

Answer 21

Hijack the website link but a small typo. Pornhub.com to pronhub.com

Answer 22

A pre story leading to scenario to steal info

Answer 23

Use your Identity

Answer 24

Use your Identity

Answer 25

Coffee shop using 3rd party site, the scammer tries to gain access to bakery connection. The mfs poison the watering hole to get you coffee shop

Answer 26

Factually incorrect, influence campaign - move public opinion on political, national state actor - distract/divide nation

Answer 27

Dynamic link library, runs and injects code applications use

Answer 28

Attacker writes more memory into system memory, waste resource. Adds to 8 bit data an high jack permissions. More than 8 bites then that’s an over flow

Answer 29

Two events happen at the same time, issues basically the system doesn’t know two events are happen in at the same time. Paying Amex, the delay of updating on bank but it’s immediately in Amex, the balance still didn’t change so that’s the race condition… mf did not update. Potential to use up that money that’s not there TOCTOU time of check to time of use attack - application retrieve info and does something with it… but then behind the scene something happens from the time you checked and the use. Basically when you use info, and it changes without you knowing.. now you are using info that’s different from what you needed

Answer 30

adding own info into application

Answer 31

adding own info into application

Answer 32

injects data into input field into SQL, even on browser Password or ‘1’ = ‘1 a SQL injection… input. Test using webgoat.org

Answer 33

injects data into input field into SQL, even on browser Password or ‘1’ = ‘1 a SQL injection… input. Test using webgoat.org

Answer 34

Cross site scripting, security flaw in website. Using java script. Ex Attacker sends link with mf script, the link takes it to legit site but extra malicious script is also executed to obtain data so its a legit site with an attached script and both run at the same time.

Answer 35

3rd party site that allows attacker to run script into trusted website input user block, which is the flaw. Attacker sends link to mf and they click it with the script embedded into site. So like user name input embedded with a code.

Answer 36

post trusted link with malicious code, everyone sees the payload…injected script is permanently in server

Answer 37

internet of things, shit connected to the network/internet

Answer 38

OS in hardware. Only vendors can fix hardware

Answer 39

end of life, manufacturer stops selling a product. End of service life, no more support/update way more significant than EOL.

Answer 40

self contained

Answer 41

break out of one VM and get into another VM.

Answer 42

Allocate physical and virtual resource effectively

Answer 43

multi factor authentication

Answer 44

configuration vulnerability, moves structure of webserver application to different directories

Answer 45

able to write code into memory unauthorized

Answer 46

provider of target gets attacked… like IT Finance, then that can get into Targets whole system

Answer 47

Admin or Super User (usually easy password to hack) so use su or sudo with elevated access

Answer 48

view everything sent over the network, using wall of sheep which is a wall of protocols sent over a network so it removes insecure protocols

Answer 49

takes advantage of default settings on devices via Internet of thing (IoT) aka devices that exchange data connected to Internet like home application or printers. It’s open source too

Answer 50

replaces existing OS with 3rd party OS. All security gets fucked

Answer 51

installing application to app and one malicious app will fuck up your phone, this only happens when you jailbreak and go away from official Application downloader like app store

Answer 52

an attack without a patch.. Or a new vulnerability with no patch. Unknown patch yet

Answer 53

Operating system/browser base

Answer 54

no installation but it operates in memory. Bruh tbh its like the mail that wont go away 1.

Answer 55

no user interaction and the only way to stop it is firewalls. Wannacry worm rare - infect all systems inside network with same random ware.

Answer 56

spys on you aka watch everything in system advertising, id theft. Install malwarebytes

Answer 57

with UEFI bios has secure boot that will stop root kit even installed

Answer 58

C&C (command and control) uses a fuck ton of computers (botnet) to use all bandwidth/ traffic spikes. Asymmetric threat or attacker has way less resources to attack large resources.

Answer 59

attacker taking over DNS (domain name server or name of website) pronhub.com and change IP of original website to its IP and everyone that checks the original will be routed to the attackers IP/ server.

Answer 60

hacker accesses domain registration and its a form of DNS poisoning. Basically they can route users to their IP by changing original IP to theirs.

Answer 61

jacks mispelled domain of original or redirects users to attackers site. Aka typosquatting a misspelled word to similar

Answer 62

a DDoS of network, boots you off network 802.11 management frame gets fucked, this framework enables wireless connectivity. 802.11ac encrypted aka updated

Answer 63

attacker is in between traffic and can see traffic

Answer 64

attacker copies IP of router to user and users device thinks its the router and updates storage with attackers IP now attacker has access to users computer.

Answer 65

middleman was on the same device as user by using malware. Man in the browser, malware is configured as a SERVER. It then routes info to attacker.

Answer 66

when attacker obtains information like user info and they replay that data to be used (browser cookies cause it stores info).

Answer 67

victim sends authentication and attacker gets copy of data… they can replay it to the server posing as the victim.

Answer 68

victim tries to access server and the server gives ID back… but the attacker gets it and replays it and accesses server with victims info

Answer 69

session ID is stored within headers sent back and forth within system. Can be exploited using wireshark which can also be modify

Answer 70

adding extra info to victims data

Answer 71

adding buffer of memory and spills over to other memory areas

Answer 72

attacker moves from A access to B resources

Answer 73

prevents data being executed on areas that its not allowed

Answer 74

highest privilege in windows

Answer 75

request are legit at a common site… but all its being loaded from different servers. Client sees only GUI and Server they process shit internally like youtube viewer vs youtuber

Answer 76

one click attack or session riding (XSRF or CSRF). Trusted browser by server so attacker can use your BROWSER specifically. Ex. I get an email about amex to transfer funds and I click the link, I log in and the bank gets the request, then that fund transfer goes to the attacker

Answer 77

misconfigured web configuration on one directory folder then the attacker can gain access to one directory thats fucked then it can go through the other directories. ../ code means go back one directory… bruh basically they access one directory thats fucked then can jump directories

Answer 78

password not stored in an encrypted application

Answer 79

hash data as fixed-length or a fingerprint basically a hash (SHA-256) and that shit cant be fucking reverted.

Answer 80

mfs trying top 3 passwords 12345…123456….qwerty lolll using weak password. No lockouts or alerts

Answer 81

trying every possible combination till the hash is matched. Mf has the HASH now trying passwords to match HASH obtained

Answer 82

indicator of compromise, like network activity or login patters or changes in local client

Answer 83

users not talking directly to database server but only the application

Answer 84

access control list, allow or disallow traffic through your network. Basically put details like port number/ application. Limiting IP or users

Answer 85

nothing runs unless approved. VERY RESTRICTIVE

Answer 86

nothing on the bad list can be executed. Anti Virus, allows everything to run except what is listed

Answer 87

Encrypting file system, OS encrypt data or file. Built in integrated encryptor. File level encryption

Answer 88

full disk encryption, encrypt everything in system like OS and files

Answer 89

encrypt stored data in application

Answer 90

security information event manager, central system of logs to monitor data

Answer 91

writes and permissions of user is the bare minimum.. TF you give them admin rights..

Answer 92

users access to application and data. My computer

Answer 93

endpoint detection and response, detects a threat via behavior analysis, basically its like AI type deal

Answer 94

performs studies on threat and kills that mf

Answer 95

software based firewall, runs on every endpoint. Controls incoming data or outbound. Views all data before encryption. Monitors and can block stuff, it runs on all devices but is controlled on one central device

Answer 96

Host based intrusion prevention system, blocks known attacks, it also checks request coming into system and IDs issues in OS, it can alert and block modifications

Answer 97

scans open ports in system

Answer 98

more than one public or private cloud

Answer 99

cloud providers dont talk directly, youll have to configure platforms to match each other between different providers

Answer 100

in cloud if we want to use like an added safety feature… we use a third party vendor, have vendor risk management policy to maintain risk

Answer 101

defines server, network, and application as code. Easily modified via code

Answer 102

after creating cloud code, then you can use that code in every cloud application and keep rebuilding the same one. Build application instance - an application infrastructure that is its own entity.

Answer 103

Function as a service, no OS can run in any OS. Only run when needed. Serverless architecture.

Answer 104

one big application that does everything. USER interface, data input, and output.

Answer 105

application programming interface a type of micro service. Basically you can separate application into sub categories or micro services. It basically connects two or more softwares to communicate with each other.

Answer 106

physically separated from one device or another and prevents communication with each other…

Answer 107

Virtual local area networks, separate devices physically basically configuring switch to segment between VLANS so A and B are physically segmented from each other.

Answer 108

software defined networking, enables network to be centrally controlled or programed using software. Part of planes of operation in cloud. Basically this thing defines hardware into functions and use those functions to become software in cloud. So like a function of a computer or server is physical, so you program it into software aka cloud to do a computer or server job.

Answer 109

process network frames and packet aka forwarding data. This is the infrastructure layer.

Answer 110

manages actions of data plane, tells data plane how to process data from one place to another. It has routing tables (router). Control layer.

Answer 111

configure and manage the device via SSH, browser, API. The management plane. Application layer.

Answer 112

network devices have different functions like data, control, and management planes.

Answer 113

ports is data plane, control plane look up tables and address translations for data plane to operate, all need to connect to management console aka management plane.

Answer 114

create security in cloud network.. Like firewalls and shit.

Answer 115

full control in house, usually has IT team that manages security but is expensive. Modification of security posture can be made and customized.

Answer 116

systems are all in different locations/cloud providers/ or OS. Very difficult to monitor and managed.

Answer 117

can view in one location but single point of failure.

Answer 118

run many different OS on the same hardware. Each virtual machine though needs its own OS. So they'll run on an infrastructure (physical device) then hypervisor (software). Kinda expensive cause youll have to run separate OS to each virtual device.

Answer 119

have multiple application runs on one area but NO OS. Basically you can swap since it all runs on one OS. They cannot see each other though since its in a sand box (self contained)

Answer 120

manages resource on each virtual machine.

Answer 121

internet of things, devices connected to network. Apple watch or Alexa. Easily exploited though

Answer 122

Superviory Control and Data Aquisition System or large scale multi-site industrial control system. Anyways computer manages all equipment.. MRM on gang. No access from outside.

Answer 123

real time operating system, a deterministic process meaning no wait time for process, like breaking in a military vehicle, theres no waiting it just does it asap rocky

Answer 124

hardware and software designed for one sole purpose. Apple watch, traffic lights, theres no direct access to OS, like MRI.

Answer 125

High availability, always on and available. Like a failover system

Answer 126

how fast equipment can recover from down time

Answer 127

mean time to repair, how long itll take for component can be replaced if it breaks

Answer 128

or elasticity how quickly we can expand and contract application

Answer 129

transfer risk to a 3rd party, cyber security insurance, basically can recover downtime or financial loss. Even legal issues.

Answer 130

access secure network, from the outside so you have an external device and jumpserver inside to route client in. Jump server hardened hella

Answer 131

sits between user and external network. So user sends request and the proxy server sends request to internet then it filters that mf before getting back to client.

Answer 132

needs to be configured in OS, we are explicitly configuring the name of that proxy

Answer 133

invisible dont need to be configured, automatically makes request

Answer 134

network address translation, convert between internal and external. Works when there is a private network separated from public network NAT enables private IP network to use internet and cloud.

Answer 135

understands the protocol used for a specific application so like website it uses HTTP

Answer 136

internal proxy, request from the internet and then it checks the data and if it is good then it sends the data to the user

Answer 137

inbound traffic from internet to internal service webserver. So like internet requesting pron data the proxy from pron will ask the webserver the pron data storage.

Answer 138

internet to proxy and to internet the proxy 3rd party can be adding code. So you ask internet to get pron, the internet will go to a 3rd party and the 3rd party will route to internet. So its inbetween 2 internet. That aint good cause they can add shit to it. Like henta that has links and will reach to other henta

Answer 139

keeps load even on multiple servers. Active/active load balancer means all servers are all active and it can distribute to any of the open servers to balance the load

Answer 140

protocol keeps servers open and doesnt have to make a request. Load balancing.

Answer 141

encrypt/decrypt. The load balancer removes SSL encryption from traffic coming in so servers dont have to keep decrypting data. Load balancing.

Answer 142

fast response due to temporary storage

Answer 143

can send request depending on need

Answer 144

some servers are active and some are passive, if active fails passive takes over. Load balancing

Answer 145

console that collects data from all devices in a network. It reports data across all devices.

Answer 146

extensible authentication protocol, authentication framework for port security. AUTHENTICATOR request and response

Answer 147

network acess control or IEEE 802.1X, cant access network or port till you authenticate w/ 802.1X

Answer 148

switch to wireless network port

Answer 149

device that provides access

Answer 150

validates client

Answer 151

filter traffic by port number or application, VPN

Answer 152

unified threat management, all in one security appliance a web security gateway. Filters URL and content layer 4

Answer 153

next generation/deep packet inspection firewall layer 7 can make decisions based on application. Every packet is analyzed. Control traffic flow based on application. Fuck the ports bro I make decision based on apps. Content filtering via website traffic so pron

Answer 154

web application firewall, based on HTTPS with allows or deny based on expected input. Basically it can prevent SQL injection.

Answer 155

encrypted data going through public network. Data getting added new header and trailer sandwiching data.

Answer 156

end point everyone to connect to, encryption/decryption access device. Basically middle man to connect users to company network. Removes encryption.

Answer 157

secure socket layer in port 443. Part of OS. Used mostly from coffee shop internet to company

Answer 158

always on so remote site will always be able to connect to corporate network automatically

Answer 159

software defined networking in a wide area network, a WAN built for the cloud. So servers are able to jump from one site to another and not just to one data center.

Answer 160

secure access service edge, next gen VPN to communicate to other web based applications. SASE added on all applications and now you can jump to any cloud services you need connected to it. So like amazon AWS it got all the damn services for cloud, you can access all that using SASE cause it connects you to all of that. Connected to DS-WAN.

Answer 161

managed by 3rd party

Answer 162

unique to the organization like secret formula

Answer 163

other people are able to see but use of copyright and trade marks

Answer 164

PII, court records, and documents. Can be stored private or other publics sources

Answer 165

bank record, transactions

Answer 166

not easily understood by humans. CSV, JSON.

Answer 167

data only used by that specific org or property of an organization, unique to them.

Answer 168

health details of person

Answer 169

PII, PHI, Intellectual property

Answer 170

very sensitive, must be approved to view

Answer 171

no restriction on viewing data

Answer 172

restricted access may require an NDA to access data

Answer 173

data should always be available

Answer 174

storage device, hard drive, SSD, flash drive. Can have access control list where only authorized users can access the data

Answer 175

data moving from one place ot another. Use firewall and encryption

Answer 176

use in active memory like RAM and is always decrypted usually easily hackable

Answer 177

data stored in country and is subject to that country

Answer 178

general data protection regulation, european rules where data collected on EU citizens must be stored in the EU

Answer 179

seperat trusted from untrusted

Answer 180

potential opening to attack our network. Like open ports

Answer 181

intrusion prevention system, watches network traffic and blocks it

Answer 182

intrusion detection system, alarm/alert

Answer 183

data will flow still if the system fails, availability but down on security (network still open)

Answer 184

system fails and data doesn't flow (network is cut)

Answer 185

system is connected inline basically internet, firewall, IPS. Everything runs in a line like a step by step process before getting into the network. Blocks traffic might not be good in some cases

Answer 186

switch takes copy of network traffic to IPS then to destination in the system, it is in spider web not in line. Data cannot be blocked in real time and doesnt slow down data traffic. Issue is that it doesnt prevent issue from going to destination cause itll be copied then sent to server then destination nothing stopping it

Answer 187

automatically allow or restrict access if they are near the office or not

Answer 188

open and not encrypted

Answer 189

encrypted data

Answer 190

encrypted data is different from plaintext (its just text to encryption)

Answer 191

finger print of hashed data as short string of text

Answer 192

256 bits aka the hash, if changed then the whole shit changes (strong)

Answer 193

separates data sources in different location prevents single point of failure

Answer 194

control access to the account aka permissions you have on an org account, minimum shit you need to do before you can log in then after logging in what you are authorized to access

Answer 195

always on incase main fails, good but expensive

Answer 196

combines two or more servers operates as one single server, good for redundancy. They know they all exist all OS same

Answer 197

a device that distributes to multiple servers and the server dont know that each exist. Can be in different OS load balancer makes decision.

Answer 198

exact replica of main site and it is located somewhere else

Answer 199

no hardware just an empty building

Answer 200

in between hot and cold, it has enough to keep things going

Answer 201

all OS has potential issues, basically area has different platforms so if one OS is fucked then the other is fine

Answer 202

uses more than one cloud provider

Answer 203

continuity of operations planning - when shit dont go according to plan, like a random disaster to there needs to be an alternative when something fails

Answer 204

match supply to demand, too much demand application slows down and too much supply means too much cash, need to balance

Answer 205

the frame work of apps, server, network Basically base for an office

Answer 206

scheduled update or event for recovery testing aka to recover shit if it fails.

Answer 207

collab with other organizations and compare logistics of their recovery exercise to ours. No physical disaster but comparison of statistics

Answer 208

plan for the worse, aka redundancy to when shit fails then it goes to another service to keep going… bruh I know this one

Answer 209

test with a simulated event, the bullshit phishing email that pisses everyone off

Answer 210

single computer with multiple computers to handle multiple transactions, you basically spread the job and can improve recovery

Answer 211

no internet link required, immediate data available less expensive

Answer 212

transfer over internet, can be restored anywhere even after disaster

Answer 213

in cloud based environment, a snapshot or an instant back up of an entire system. Effective snapshot every 24 hrs. Can be reverted back to any snapshot

Answer 214

need to be able to restored, disaster simulation then restore from backup. After application needs to be able to use data

Answer 215

real time backup, keeps data synchronized in multiple locations, apple data which changes with the live data. Can be replicated on all remove sites

Answer 216

power goes out while writing data to storage, data gets corrupted… so you journal which kinda writes data to journal aka storage then it goes into the actual system so google drive then to computer

Answer 217

short term backup power or drop in voltage called brown out or excess voltage aka surge

Answer 218

or standby when equipment is running on main but then it shuts off the offline comes on

Answer 219

increase little by little when voltage drops

Answer 220

double conversion UPS is always on from main power to back up powe

Answer 221

all applications must follow a baseline of security like updates and OS versions. Microsoft security compliance tool kit (SCT) useful knowing secure baseline

Answer 222

how we deploy the baselines aka like updates to all devices

Answer 223

basically updates, avoid conflicts with other company environments. If you install a new OS then you need new baseline. Make sure you audit and that what you did is being maintained.

Answer 224

default is never secure, manufacture usually has guides for device.

Answer 225

bux fixes and security patches, definitely company uses segmentation aka company and user data is seperated

Answer 226

mobile device manager an all in one application that updates devices and shit

Answer 227

monitor the laptops forsure and make constant updates, have a policy management system a fancy way to say being in a system that has a policy that is secure, and remove unused applications

Answer 228

switches and routers, the best way to protest it is not to use default settings, the manufacturer issssss the only one the only one that has security updates.

Answer 229

a cloud management workstation is needed and need least privilege on all of them meaning they all have minimum permissions

Answer 230

ENDPOINT DETECTION AND RESPONSE, all devices monitor all devices ACCESSING cloud

Answer 231

cloud to cloud aka back up to a different cloud provider

Answer 232

updates using service packs or updates. Limit user accounts also set policy to limit what devices can access servers. Use anti virus too

Answer 233

supervisory control and data acquisition system the same as ICS, large scale industrial equipment or EUR3, a platform that controls and manages energy, logistic, all that shit. Monitored by DCS and is usually no access to the outside world. MRM

Answer 234

industrial control system, large scale industrial equipment or EUR3, a platform that controls and manages energy, logistic, all that shit. Monitored by DCS and is usually no access to the outside world. MRM

Answer 235

Distributed control system - used by SCADA and ICS a monitoring system with real time information and system control

Answer 236

real time operating system,no wait time for process. Military type shit, should be isolated from other areas so they run only for what is needed. Use host based firewall

Answer 237

heating and cooling that bullshit, just change the passwords and dont use default… should change my printers info lol. Put them on their own VLAN

Answer 238

determining existing wireless landscape, so ID access points that may or maynot be part of your network, sometimes they are just near your network. Use heatmap, ID wireless signal strength.

Answer 239

shows signal coverage like how good a signal is and potential interference. Built in tools or can use 3rd party too

Answer 240

mobile device management, manage device by company or user owned mobile. Centralized management of all mobile devices and set policies or partition aka segment areas of the phone. Use manage access control or pins/screen lock

Answer 241

bring your own device, bring your own phone and shit can be used for work or user pron needs. Its mostly used for work but y ou use your own device needs to meet company requirements

Answer 242

corporate owned, personally enabled. Company buys device for you but it is configured for corporate and personal… weiirrddd

Answer 243

choose your own device, same as COPE but the company says hey bro you can choose your phone

Answer 244

so 4G and 5G means separation of coverage. Like 5G can be in france and 4G in america these are separated aka thats why they are called Cell phones

Answer 245

high speed communication over short distances, PAN personal area network. Used to connect from one device to another.

Answer 246

not everyone is allowed, encrypt, use authentication, and integrity

Answer 247

message integrity check, any traffic sent is received properly.

Answer 248

encryption protocol, encrypt data but there is an issue with initial connection. So they capture the hash and use a brute force to get the PREEEE-shared key (PSK). They basically listen to a 4way handshake to get the PSK.

Answer 249

WIFI protected Access 3 an updated WPA2, uses GCMP a Galiois message authentication code… stronger encryption basically

Answer 250

simultaneous authentication of equals, so the preshared key is no longer an issue, uses mutual authentication so both computers communication can both create the same key on both sides so they dont need to use online.

Answer 251

PSK (your default password aka initial password to connect to network) and 802.1x authentication. Configuration also is used.

Answer 252

open system means no authentication/password required. WPA3-PSK (personal) everyone needs the same pre-shared key or 256-bit key. WPA3-802.1x (enterprise) the server will authenticate each server

Answer 253

this is a server that lets mfs in usin ID person user name, authentication aka password, authorization aka what access, and accounting or logs

Answer 254

(remote authentication dial-in user service, the most popular AAA protocol which is a centralize authenticator for users. Its just a server that authenticates people. THIS IS AN ACCESS DATABASE SERVER

Answer 255

part based network access control (NAC), the prompt we get for our user and password is 802.1X. You do not get access to the network till you authenticate used in conjunction with an access database aka RADIUS.

Answer 256

extensible authentication protocol, an authentication framework. Combines with 802.1X… EAP imbeds authentication protocol into 802.1X can be tailored to use of company

Answer 257

testing testing to find vulnerabilities and shit

Answer 258

inputs bullshit to see if it works or not.. Aka it shouldnt. Like character or character input matches what needs to be input. Like password some wont let you without following what they ask.

Answer 259

will put random data in input and if one slips then they can fix it

Answer 260

info stored in computer by browser for tracking, personalization, make sessions easier to open.

Answer 261

static application security testing, test code of an application by running the code to analyze vulnerabilities. Can have false positives… or say there is something wrong… but it isnt

Answer 262

CA signs developers public key and signs code with the developers new private key so you know that the application is good

Answer 263

request first, negotiate, then purchasing right after.. Idk if this is even needed

Answer 264

tracking system manages all assets receive by company and track life cycle of devices. Ownership - gives name to asset so we know who got it.

Answer 265

Hardware (capital expenditure)/ Software (operating expenditure). Label take taxes into consideration basically hardware depreciate and software dont

Answer 266

list all parts of one whole asset like mf computer will all the cpu, memory, keyboard and shit

Answer 267

disposing of data make sure shit is wiped. Delete everythingggg unless you just reusing it in company just delete things that need to be deleted

Answer 268

electro magnetic field to destroy mf hard drive data

Answer 269

3rd party drills and degausse and will have a certificate that all devices are fucking broken

Answer 270

back up of data a certain amount of back up is required and be in regulatory compliance.

Answer 271

not pentesting but it just say theres a potential an attack exist… like a port scan to show if a port is open.. Test from outside and inside of network.

Answer 272

statistic application security testing, reviews source code to ID vulnerabilities like an injection. They cannot see encryption or authentication security

Answer 273

or fuzzing, sends random input to application, like faulty injection to see if the application crashes or does something out of normal. Can use CERT (emergency response team) its a fuzzer website

Answer 274

research the threats and actors

Answer 275

anyone can access and see open source threats. Internet or government data or commercial data aka databases

Answer 276

or third party intelligence a threat intelligence service you can buy that source already did analytics on threats coming from other companies that have new threats

Answer 277

public threat intelligence was classified now made public and private company usually have extensive resources.

Answer 278

cyber threat alliance, group of oranization that gather details about threats and send it within their shared contacts and they score those submissions and other members can score the threats themselves

Answer 279

overlay network that uses the internet you can see hacking groups and services. Monitor forums in dark web to see if their shit is on it.

Answer 280

simulated attack, aka actual attack to exploit vulnerabilities. National Institute of Standards and technology (NIST) a guide for pentesting