Test Prep April 2

Question 1

SRTP

Answer 1

Secure Real Time Transport Protocol: This encrypts communication with AES

Question 2

NTPsec

Answer 2

Secure Network Time Protocol

Question 3

S/MIME

Answer 3

Secure multipurpose internet mail extensions: Requires a public key infrastructure

Question 4

Secure POP3

Answer 4

Uses STARTTLS to encrypt with SSL

Question 5

IMAP

Answer 5

Uses SSL to encrypt email messages

Question 6

SSL

Answer 6

Secure Sockets Layer

Question 7

TLS

Answer 7

Transport Layer Security: Uses HTTPS

Question 8

HTTPS

Answer 8

HTTP over TLS: Uses Private key encryption

Question 9

IPsec

Answer 9

Internet Protocol Security: Security for OSI Layer 3, encryption and packet signing; uses authentication header

Question 10

FTPS

Answer 10

File Transfer protocol secure: FTP over SSL

Question 11

SFTP

Answer 11

SSH file transfer protocol

Question 12

LDAP

Answer 12

Lightweight Directory Access Protocol: Protocol for reading and writing directories over an IP network

Question 13

SASL

Answer 13

Simple authentication and security layer

Question 14

SSH

Answer 14

Secure Shell: encrypted terminal communication replaces telnet and FTP

Question 15

DNS

Answer 15

Domain Name System: Easy to poison a DNS

Question 16

SNMPv3

Answer 16

Simple network management protocol version 3: Has encrypted data, verifies the source

Question 17

DHCP

Answer 17

Dynamic Host configuration protocol: This assigns IP addresses to the devices on the network, no secure version of this

Question 18

NAT

Answer 18

Network Address Translation

Question 19

Stateless Firewall

Answer 19

Not secure! Does not keep track of traffic flows, each packet is individually examined, this needs two separate rules, one for outside to inside and another from inside to outside

Question 20

Stateful Firewall

Answer 20

Much more secure! They remember the state of the session, only need a single rule. everything within a valid flow is allowed

Question 21

UTM

Answer 21

Unified threat management device: Web security gateway, spam filter, malware inspection etc.

Question 22

NGFW

Answer 22

Next generation firewall: Every packet must be analyzed and categorized before a security decision is made

Question 23

WAF

Answer 23

Web application firewall: Applies rules to HTTP/HTTPS conversations This is used with the PCI DSS (payment card industry data security standard)

Question 24

Passive footprinting

Answer 24

Gather information that will not be seen by the victim. Needs to happen over open source. Can do this through social media, web site etc.

Question 25

Wardriving/warflying

Answer 25

Combine wifi monitoring and a GPS, search from a car, plane or drone.

Question 26

Active footprinting

Answer 26

Actively sending info into the network to gain more information. ping scans, port scans etc.

Question 27

Malicious actor

Answer 27

a person you are trying to protect your data from

Question 28

APT

Answer 28

Advanced persistent threat

Question 29

Nation State

Answer 29

These are governments, commonly an APT

Question 30

hacktivist

Answer 30

often associated to a social or political agenda, specific hacks, no financial gain

Question 31

organized crime

Answer 31

motivated by money, very sophisticated

Question 32

Order of volatility

Answer 32

How long does data stick around: Most volatile - Least: CPU, Memory, temporary file systems, Disk, Remote logging, Network topology, archive media

Question 33

RAM

Answer 33

Random access memory: Changes constantly, memory dump; grab everything in the RAM

Question 34

Swap

Answer 34

An area of the storage device to store RAM when memory is depleted

Question 35

snapshot

Answer 35

original image is the full backup, each snapshot is incremented from the last

Question 36

cache

Answer 36

A temporary storage area and is designed to speed up performance of an OS

Question 37

Embedded systems

Answer 37

hardware and software designed for a specific function

Question 38

SoC

Answer 38

System on a chip: multiple components running on a single chip, difficult to upgrade hardware

Question 39

FPGA

Answer 39

Field programmable gate array: An integrated circuit that can be configured after manufacturing, common on routers and firewalls

Question 40

SCADA/ICS

Answer 40

Supervisory control and data acquisition system: Large scale, multi site industrial control system. Often found within manufacturing, not connected to the internet

Question 41

VOIP

Answer 41

Voice over internet protocol: Each device is a computer

Question 42

MFD

Answer 42

Multifunction devices: everything you need in one single device (example a printer)

Question 43

RTOS

Answer 43

Real time operating system: designed to work on a specific schedule, no time to wait for other processes (example automobiles) no security in place usually

Question 44

CIS

Answer 44

Center for internet security: Used to Design to improve the security posture in your organization and has 20 different controls

Question 45

NIST CSF

Answer 45

Cybersecurity framework: Used for commercial cyber framework. 1. Framework core, framework implemetation tiers and framework profile

Question 46

ISO/IEC 27001

Answer 46

Standard for information security management systems

Question 47

ISO/IEC 27002

Answer 47

Code of practice for security controls

Question 48

ISO/IEC 27701

Answer 48

Privacy information management systems

Question 49

ISO 31000

Answer 49

International standards for risk management practices

Question 50

SSAE SOC 2 Type I/II

Answer 50

These are for the auditing of accounting. SOC2 is the audit documentation

Question 51

Type I audit

Answer 51

Tests controls in place at a particular time

Question 52

Type II audit

Answer 52

Tests controls over a period of at least six months

Question 53

CSA

Answer 53

Cloud security alliance: not for profit organization for cloud security controls

Question 54

CCM

Answer 54

Cloud control matrix: Cloud specific security controls

Question 55

PII

Answer 55

Personally identifiable information: Credit card info, social security numbers etc

Question 56

Containment

Answer 56

Every application is running on its own sandbox and is running independently

Question 57

SOAR

Answer 57

Security orchestration, automation and response: Integrate third party tools and data sources

Question 58

runbooks

Answer 58

Linear checklist of steps to perform step by step approach to automation

Question 59

playbook

Answer 59

Conditional steps to follow, a broad process lots of steps in one

Question 60

Federation

Answer 60

Allow someone to authenticate to your network using credentials that are stored by a third party.

Question 61

Attestation

Answer 61

This proves the hardware is really yours.

Question 62

SMS

Answer 62

Short message service: Login can be sent via SMS to a phone number to provide username and password

Question 63

TOTP

Answer 63

Time based one time password algorithm: The random number for login will be available for a certain amount of time and then after that time the number will change.

Question 64

HOTP

Answer 64

HMAC based one time password algorithm: A number you would use one time to authenticate and never use that number again.

Question 65

EAP

Answer 65

Extensible authentication protocol: A standard framework for authentication usually integrates with 802.1x

Question 66

802.1x

Answer 66

Port based network access control used with RADIUS, LDAP etc.

Question 67

Supplicant

Answer 67

This is the client that is connecting to the network

Question 68

Authenticator

Answer 68

This is the device that provides access to the network

Question 69

Authentication Server

Answer 69

this validates the username and password

Question 70

EAP-FAST

Answer 70

EAP flexible authentication via secure tunneling: Authentication server and supplicant are able to transfer info over a secure tunnel

Question 71

PAC

Answer 71

Protected access credential: Supplicant receives the shared secret

Question 72

PEAP

Answer 72

Protected extensible authentication protocol: This uses TLS tunnel to share information using a digital certificate and is only on the server.

Question 73

MSCHAPv2

Answer 73

Microsoft challenge handshake authentication protocol

Question 74

GTC

Answer 74

Generic token card

Question 75

EAP-TLS

Answer 75

Transport Layer Security: Strong security, requires digital certificates on all devices. TLS tunnel is built after the certificates are done

Question 76

EAP-TTLS

Answer 76

Tunneled transport layer security: can tunnel other protocols within a TLS tunnel. Only needs a single digital certificate

Question 77

RADIUS Federation

Answer 77

Members of one organization can authenticate to the network of another organization, uses 802.1x to authenticate

Question 78

CASB

Answer 78

Cloud access security broker: Help enforce security policies that were already created. Operates on; visibility, compliance, threat prevention and data security

Question 79

Application configurations

Answer 79

This is the most common security concern with the cloud

Question 80

SWG

Answer 80

Next-Gen secure web gateway: Provides security with all users across all devices in any location. Can allow or deny certain activities

Question 81

non-credentialed scan

Answer 81

The scanner cannot login to the remote device

Question 82

CVE

Answer 82

Common vulnerabilities and exposures

Question 83

CVSS

Answer 83

Common vulnerability scoring system

Question 84

nmap

Answer 84

This is a port scanner to see open and closed ports

Question 85

FDE

Answer 85

Full Disk encryption: Encrypt everything on the drive

Question 86

SED

Answer 86

Self encrypting drive: Hardware based full disk encryption, no OS software needed

Question 87

MAC

Answer 87

Mandatory Access Control: Requires you to have separate security clearance levels and assign documents and users to those clearances

Question 88

DAC

Answer 88

Discretionary access control: You create an object and you assign rights and permissions to it

Question 89

RBAC

Answer 89

Role Based Access Control: You have rights and permissions based on the role you have

Question 90

ABAC

Answer 90

Attribute Based access control: Access may be granted based on many different criteria

Question 91

Rule Based Access control

Answer 91

The System admin makes the rules for all the users.

Question 92

PAM

Answer 92

Privileged access management: A centralized way to manage access for admins

Question 93

Traceroute

Answer 93

A tool to determine the route a packet takes to a destination. Windows use ICMP echo requests. Linux allows you to specify the protocol used

Question 94

nslookup

Answer 94

This is a tool to determine the ip addresses on the network

Question 95

dig

Answer 95

domain information groper: More advanced version of nslookup

Question 96

ipconfig

Answer 96

This will determine the ip configuration of devices

Question 97

pathping

Answer 97

combines ping and traceroute, will run a traceroute to an ip address to determine what routes may be between your device and the device your pinging.

Question 98

netstat

Answer 98

showing us what ip addresses are communicating to our device and what ip addresses our device is connecting to.

Question 99

arp

Answer 99

address resolution protocol: determines mac addresses based on the current ip address

Question 100

COPE

Answer 100

Corporate owned, personally enabled: Used as both a corporate and personal device, everything is controlled by the organization

Question 101

VDI/VMI

Answer 101

Virtual desktop infrastructure: The apps are separated from the mobile device, the data is separated

Question 102

Preventive control

Answer 102

examples are locks and security guards

Question 103

Detective control

Answer 103

identifies the intrusion but does not stop it

Question 104

Corrective control

Answer 104

similar to an IPS

Question 105

RADIUS

Answer 105

Remote authentication dial in service: This is an authentication protocol

Question 106

TACACS

Answer 106

Terminal access controller: Remote authentication protocol usually with CISCO

Question 107

Kerboros

Answer 107

A type of authentication system that uses single sign on. the client and server authenticate, usually used with microsoft

Question 108

VPN Concentrator

Answer 108

the device that encrypts data and sending it out on the network and then decrypting anything it receives

Question 109

HTML5 VPNs

Answer 109

Hypertext markup language version 5 supports API interfaces and web cryptography

Question 110

Full tunnel

Answer 110

everything that is being transmitted by the remote user is sent to the vpn concentrator on the other side and determines where that data goes

Question 111

Split tunnel

Answer 111

some info from the user can go through the tunnel and other info does not have to go through the tunnel

Question 112

L2TP

Answer 112

Layer 2 tunneling protocol: Site to site VPN’s use this. These are commonly uses with IPsec networks

Question 113

IPsec

Answer 113

Internet protocol security: Security for OSI layer 3, connecting site to site communication uses this. Commonly used for the internet.

Question 114

Tunnel mode

Answer 114

this will protect the ip info and the data. both are encrypted with ipsec

Question 115

AH

Answer 115

authentication header: Hash of the packet and a shared key and SHA-2 is commonly used

Question 116

ESP

Answer 116

Encapsulation security payload: Most ipsec uses this, this encrypts and authenticates the tunneling data using SHA-2 and AES for encryption

Question 117

Jump server

Answer 117

Allows us to access internal devices by a private connection on the inside.

Question 118

HSM

Answer 118

Hardware security module: A server to manage and control keys within your environment.

Question 119

ARO

Answer 119

Annual rate of occurrence: Describes the likelyhood of an event occuring

Question 120

SLE

Answer 120

Single loss expectancy: How much money will we loose for an event occuring

Question 121

ALE

Answer 121

Annualized loss expectancy: ARO x SLE

Question 122

Transit gateway

Answer 122

This is essentially a router within the cloud where all the virtual private clouds can connect to.

Question 123

elasticity

Answer 123

the process of providing resources when demand increases and
scaling down when the demand is low.

Question 124

jump server

Answer 124

jump server is a highly secured device commonly used to access secure
areas of another network.

Question 125

UPS

Answer 125

Uninterruptable power supply: can provide backup power
when the main power source is unavailable

Question 126

Incident Response

Answer 126

PICERL: Preperation, identification, containment, eradication, recovery and lessons learned

Question 127

Key Escrow

Answer 127

Safely storing private keys