Terms Deck 5 Flashcards

1
Q

Open Authorization (OAuth)

A

A framework used for Internet token-based authorization that provides API authorization between applications.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

OpenID

A

An identity layer based on OAuth 2.0 specifications used for consumer single sign-on.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

kerberos

A

A set of authentication services, including the authentication service (AS) exchange protocol, the ticket-granting service (TGS) exchange protocol, and the client/server (CS) exchange protocol.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

attribute-based access control (ABAC)

A

A logical access control model recommended as the preferred access control model for information sharing among diverse organizations by the Federal Identity, Credential, and Access Management (FICAM) Roadmap.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

role-based access control (RBAC)

A

A security method that combines MAC and DAC. RBAC uses profiles, which are defined for specific roles within a company, and then users are assigned to such roles. This facilitates administration in a large group of users because when you modify a role and assign it new permissions, those settings are automatically conveyed to all users assigned to that role.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

rule-based access control

A

An extension of access control that includes stateful testing to determine whether a particular request for resource access may be granted. When a rule-based method is in force, access to resources might be granted or restricted, based on conditional testing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

mandatory access control (MAC)

A

A centralized security method in which users are not allowed to change permissions on objects.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

discretionary access control (DAC)

A

An access control method in which access rights are configured at the discretion of accounts with authority over each resource, including the capability to extend administrative rights through the same mechanism.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

digital certificate

A

An electronic document that includes the user’s public key and the digital signature of the certificate authority (CA) that has authenticated the user. The digital certificate can also contain information about the user, the CA, and attributes that define what users are allowed to do with systems they access using the digital certificate.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

key management

A

The process of creating and managing cryptographic keys and digital certificates.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

certificate authority (CA)

A

A system that issues, distributes, and maintains current information about digital certificates. Such authorities can be private (operated within a company or an organization for its own use) or public (operated on the Internet for general public access).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

registration authority (RA)

A

A network authority that provides a CA with authentication of a client’s certificate request and serves as an aggregator of information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

certificate revocation list (CRL)

A

A list generated by a CA that enumerates digital certificates that are no longer valid and the reasons they are no longer valid.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Online Certificate Status Protocol (OCSP)

A

An Internet protocol defined by the IETF that is used to validate digital certificates issued by a CA. OCSP was created as an alternative to certificate revocation lists (CRLs) and overcomes certain limitations of CRLs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

certificate signing request (CSR)

A

A request to apply for a digital certificate

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

distinguished encoding rules (DER)

A

The binary form of a PEM certificate.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

privacy enhanced mail (PEM)

A

The most common format and extension for certificates.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

personal information exchange (PFX)

A

A binary certificate format also known as PKCS#12.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

pinning

A

A method that extends beyond normal certificate validation to help thwart on-path attacks.

20
Q

key escrow

A

A situation in which a CA or another entity maintains a copy of the private key associated with the public key signed by the CA.

21
Q

nslookup/dig

A

A command-line utility used for troubleshooting DNS.

22
Q

ipconfig/ifconfig

A

A tool that displays network settings such as IP address, subnet mask, and default gateway.

23
Q

Nmap

A

A network scanning tool used for locating network hosts, detecting operating systems, and identifying services.

24
Q

ping

A

A network tool for testing the basic function of a network that is commonly used to test whether a remote host is alive or responding.

25
Q

hping

A

A packet assembler and analyzer that provides a number of security capabilities.

26
Q

netcat

A

A network utility for gathering information from TCP and UDP network connections.

27
Q

ARP

A

Address Resolution Protocol - A protocol that resolves a device’s assigned IP address to its MAC hardware address.

28
Q

cURL

A

A command-line tool that provides the ability to get and send data using URLs.

29
Q

theharvester

A

A tool used to gather emails, domains, employee names, ports, and banners from varying sources.

30
Q

sn1per

A

An automated penetration testing scanner that enumerates and scans for vulnerabilities.

31
Q

scanless

A

A port scanning utility that uses websites to do scanning and enables the user to remain anonymous.

32
Q

dnsenum

A

A tool that enumerates DNS by finding DNS servers and DNS records such as mail exchange servers, domain name servers, and the address records for a domain.

33
Q

Cuckoo

A

A malware analysis tool that provides results of what a file does when executed in an isolated environment.

34
Q

head

A

A command-line file manipulation command that displays the beginning of a text file or file fed to the command.

35
Q

tail

A

A command-line file manipulation command that is used to display the tail end of a text file or a file fed to the command.

36
Q

cat

A

A command-line file-manipulation command for reading files sequentially that is used to concatenate files.

37
Q

grep

A

A command-line file manipulation command that searches files for patterns.

38
Q

chmod

A

A command-line tool used to change access permissions for files and directories.

39
Q

logger

A

A command-line tool that is used to add logs to the local syslog file or a remote syslog server.

40
Q

PowerShell

A

A command-line shell and scripting interface for Microsoft Windows environments.

41
Q

Python

A

A popular and widely used general-purpose programming language.

42
Q

tcpreplay

A

A command-line tool used for replaying network traffic from saved files such as tcpdump.

43
Q

Wireshark

A

A well-known packet analyzer that is similar to tcpdump.

44
Q

tcpdump

A

A command-line packet analysis tool that captures packets sent and received on an interface.

45
Q

exploitation framework

A

A structure that helps in penetrating testing and risk assessments. Each exploitation framework contains a set of exploits for known vulnerabilities.