Test Incident Plans & Certifications Flashcards
Tabletop exercises
Simulate scenarios in a discussion-based setting, allowing team members to walk through their roles and responses.
Walkthroughs
Conduct step-by-step reviews of the response procedures with key team members to identify gaps or inefficiencies.
Simulation exercises
Use simulated cyberattacks or incidents to test technical and procedural responses in a controlled environment.
Full-scale drills
Conduct comprehensive, realistic exercises involving multiple teams and stakeholders to validate the overall effectiveness of your response plan.
Red team exercises
Engage a team of ethical hackers to simulate real-world attacks and test your defenses.
Non-repudiation
security principle that ensures a party cannot deny the authenticity of their signature on a document or a sent message. (achieved through digital signatures and audit logs)
SSL/TLS certificates
These secure website communications by encrypting data between the browser and server, ensuring safe and private browsing. Common examples include EV (Extended Validation), DV (Domain Validation), and OV (Organization Validation) certificates.
Code signing certificates
These validate that software or applications come from a trusted source and haven’t been altered. Developers use them to sign codes to prevent tampering.
Client certificates
Used to authenticate individuals to a server, often in corporate environments for secure VPN access or email encryption.
Email certificates (S/MIME)
Secure email communications by providing encryption and digital signatures, ensuring that email content remains confidential and unaltered.
Query the active directory
How many users have not changed their password in last x min
Salting
adding a unique, random string of characters (salt) to each password before hashing it.
Key stretching
technique involves applying a hash function multiple times to a password to make it computationally expensive for attackers to crack passwords using brute force attacks
