Test Prep Flashcards
MOU
Memorandum of understanding - preliminary or exploratory agreement to express an intent to work together that is not legally binding and does not involve monetary exchange
Rules of engagement
define how that testing is to occur.
CRLF Injection
software application coding vulnerability that occurs when an attacker injects a CRLF character sequence where it is not expected
MOA
CSRF
malicious exploit of a website where unauthorized commands are transmitted from a user that the web application trusts
Full Disk Encryption
Data Masking
LDAP
Lightweight directory access protocol: uses a client-server model for mutual authentication.
Directory Traversal
allows attackers to access restricted directories and execute commands outside the web server’s root directory
NTLM
Creates a 128-bit fixed output
RIPEMD
160-bit, 256-bit, or
320-bit message digest
Air Gaps
designed to remove connections between two networks to create physical segmentation between them.
Symmetric encryption
Private key : encryption algorithm in which both the sender and the receiver must
know the same secret using a privately-held key, 1 key
example: DES, IDEA, AES, RC4, RC5, Blowfish
Asymmetric encryption
Public key: Encryption algorithm where different keys are used to encrypt and
decrypt the data, 2 keys are needed.
Example: Diffie-Hellman, RSA, ECC
Stream cipher
Utilizes a keystream generator to encrypt data bit by bit using a
mathematical XOR function to create the ciphertext
Block Cipher
Breaks the input into fixed-length blocks of data and performs the
encryption on each block
DES
Data encryption standard: Encryption algorithm which breaks the input into 64-bit blocks and uses
transposition and substitution to create ciphertext using an effective key
strength of only 56-bits
3DES
Triple DES: uses three separate symmetric keys to encrypt, decrypt, then encrypt the plaintext into ciphertext
IDEA
International Data Encryption Algorithm: Symmetric block cipher which uses 64-bit blocks to encrypt plaintext into
ciphertext
AES
Advanced encryption standard: uses 128-bit, 192-bit, or 256-bit blocks and a
matching encryption key size to encrypt plaintext into ciphertext
Blowfish
uses 64-bit blocks and a variable length
encryption key
Twofish
uses 128-bit blocks
and a 128-bit, 192-bit, or 256-bit encryption key
RC4
Rivest Cipher: 40-bits to 2048-
bits that is used in SSL and WEP, this is the only stream cipher on the exam
Diffie-Hellman
Diffie-Hellman is used for the establishment of a VPN tunnel using IPSec
RSA
RSA is widely used for key exchange, encryption, and digital signatures RSA can use key sizes of 1024-bits to 4096-bits
One-time pad
A stream cipher that encrypts plaintext information with a secret random
key that is the same length as the plaintext input
Steganography
The science and art of hiding messages within other messages
Ephemeral
A cryptographic key that is generated for each execution of a key
establishment process
Homomorphic Encryption
An encryption method that allows calculations to be performed on data
without decrypting it first
MD5
Algorithm that creates a fixed-length 128-bit hash value unique to the
input file
SHA-1
creates a fixed-length 160-bit hash value
SHA-2
SHA-224, SHA-256, SHA-348, and
SHA512
SHA-3
creates hash digests between 224-bits and 512-bits
Pass the Hash
allows an attacker to authenticate to a remote server or service by using the underlying NTLM or LM hash instead of requiring the associated plaintext password, Mimikatz tool helps to automate the harvesting of hashes
PKI
Public key infrastructure: n entire system of hardware, software, policies, procedures, and people
that is based on asymmetric encryption
Wildcard certificates
Public key certificate that can be used with multiple subdomains of a domain.
BER
Basic encoding rules: original ruleset governing the encoding of data structures for
certificates where several different encoding types can be utilized
CER
Canonical Encoding Rules: only allows the use of only one encoding type
DER
Distinguished encoding rules: allows one encoding type and has more restrictive rules for length, character strings, and how elements of a digital certificate are stored in X.509
GLBA
Gramm-Leahc-Biliey Act - Financial institutions and how they are to protect their customers private information
SOX
Sarbanes-Oxley - federal law that sets new or expanded requirements for all US public company boards, management, and public accounting firm
FERPA
governs the access to educational information and records
WPA
Wi-Fi protected access (WPA) is an improved encryption scheme for protecting Wi-Fi communications that was designed to replace WEP
WPA3
Most secure - Wi-Fi protected access version 3 (WPA3) has replaced WPA2 as the most secure wireless encryption method
WEP
Least secure - Wired equivalent privacy (WEP) is an older mechanism for encrypting data sent over a wireless connection. WEP is considered vulnerable to attacks that can break its encryption.
WPA2
Wi-Fi protected access version 2 (WPA2) replaced the original version of WPA after the completion of the 802.11i security standard
Protected Health Information
defined as any information that identifies someone as the subject of medical and insurance records, plus their associated hospital and laboratory test results.
requires notification of the individual, the Secretary of the US Department of Health and Human Services (HHS), and the media (if more than 500 individuals are affected)
PII - Personally Identifiable Information
any data that can be used to identify, contact, or impersonate an individual
syslog
a way network devices can use a standard message format to communicate with a logging server
Proxy Server
server application that acts as an intermediary between a client requesting a resource and the server providing that resource.
Port 389
LDAP - This includes the active directory
Port 3389
RDP - Remote desktop protocol
Port 21
FTP - File transfer protocol
MAC
Mandatory access control - requires all access to be predefined based on system classification, configuration, and authentication
Diamond Model of Intrusion Analysis
constructed around a graphical representation of an attacker’s behavior.
OpenIOC
contains a depth of research on APTs but does not integrate the detection and mitigation strategy.
Data Protection Officer (DPO)
ensure that her organization processes the personal data of its staff, customers, providers, or any other individuals
Passive Reconnaissance
focuses on collecting information that is widely and openly available from publicly available sources.
ICS/SCADA network
machines utilize very specific commands to control the equipment and to prevent malicious activity
SPI
Sensitive Personal Information: information about an individual’s race or ethnic origin
One-time use pad
Provides the strongest and most secure encryption - ensures that every message is encrypted with a different shared key that only the two owners of the one-time use pad would know.
Port 445
SMB service
Port 23
TELNET
Port 69
TFTP
Port 53
DNS
EDM
Exact Data Match: a pattern matching technique that uses a structured database of string values to detect matches
BeEF
penetration testing tool that focuses on the web browser.
SSO
Single Sign On
SAML
XML-based framework for exchanging security-related information such as user authentication, entitlement, and attributes
PKI
Public key infrastructure: an entire system of hardware, software, policies and procedures that is based on asymmetric encryption
SSL
Secure socket layer: Cryptographic protocols that provide secure internet communications for web browsing, email and many other services. Should NOT USE
SSH
Secure Shell: A protocol that can create a secure channel between two computers or
network devices, one device takes control of another device.
Port 22
SSH
Port 1723
PPTP: Port to port tunneling protocol, A protocol that encapsulates PPP packets and ultimately sends data as
encrypted traffic
Port 1701
L2TP: Layer 2 tunneling protocol
Redundant Power Supply
An enclosure that provides two or more complete power supplies
UPS
Uninterruptible Power Supply: Combines the functionality of a surge protector with that of a battery backup
RAID
Redundant array of independent disks: Allows the combination of multiple physical hard disks into a single logical hard disk drive
RAID 0
Provides data striping across multiple disks to increase performance
RAID 1
Provides mirroring the data identically into two hard disks, least amount of down time
RAID 5
Striping data and parity data across the disk drives, three physical disks needed.
RAID 6
Striping data and double parity data across the disk drives, requires 4 physical disks
RAID 10
Two mirrored RAIDS combines RAID 1 and RAID 0
TLS
Transport Layer Security: Symmetric tunnel between the private keys
Port 25
SMTP: Secure mail transfer protocol
Incident response (IMPORTANT TO KNOW)
PICERL: Preparation, Identification, Containment, Eradication, Recovery, Lessons learned
SIEM
Security Information and Event Monitoring: combination of different data sources into one tool that provides real time analysis of security alerts generated by applications and network
hardware
Tracert
displaying possible routes and
measuring transit delays of packets across an
Internet Protocol network
nmap
An open-source network scanner that is used to discover hosts and
services on a computer network
Shimming
Alters the external behavior of an application and at the same time does not introduce any changes to application code
Refactoring
The practice of modifying an applications code without changing its external behavior
RFID
Radio Frequency Identification: wireless system comprised of tags and readers
VM Escape
Attack that allows an attacker to break out of a normally isolated VM
subnetting
Act of creating subnetworks through manipulating IP addresses.