Test Out - 1.0 Security Concepts and 2.0 Threats, Vulnerabilities and Mitigations Flashcards
ASA stands for
Adaptive Security Appliance
Operation controls are controls for the
human element
Compensating controls are a partial control solution
that is implemented when a control cannot fully meet a requirement
Detective controls monitor network activity and inform the security team of a
potential security event.
Corrective controls attempt to fix
any controls that aren’t working properly.
Deterrent controls discourage malicious actors
from attempting to breach a network.
Shadow IT is devices added to the network by
internal employees
Steps in General attack strategy are
Reconnaissance
breaching
Escalating privileges
Staging
Exploiting
Part of a social engineering attack
Research
Development
Exploitation
Difference between Disinformation and Misinformation
Disinformation they want to decieve
Misinformation they do not want to decieve but it is incorrect information.
A pharming attack redirects users from a legitimate website
to a malicious one.
Vishing is what
Voice phishing
RSA, Diffie-Hellman, ECC, DSA and ElGamal are used in which type of encryption
asymmetric
Blowfish and DES are used in which type of encryption
symmetric
Encryption key strength of AES, Twofish, IDEA, DES
DES - 56 bit
AES 128, 192, 256
TwoFish upto 256
IDEA 128
How does the following cipher mode operate CTR (counter mode)
uses a nonce (a unique, random value) combined with a counter that is incremented for each block of plaintext.
How does the following cipher mode operate Electronic Code Book (ECB)
Encrypts each block independently (no nonce or counter).
How does the following cipher mode operate Cipher Feebback Mode (CBC)
Uses previous ciphertext to generate the next encryption block (no counter).
How does the following cipher mode operate Cipher Block Chaining (CBC)
Uses the previous ciphertext block as an input to the next block encryption (no counter).
