To Learn Flashcards

1
Q

Regex

\b

A

Metacharacter matches at the beginning or end of a word

\bLO - matches LO at the beginning of a word

LO\b - matches LO at the end of a word

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Regex

( )

A

Defines and captures groups of characters.

^(IMG\d+.png)$

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Regex
[ ]

A

Matches a single instance of the specific characters.

[abc]
[A-F]
[0-5]

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Regex
?

A

Adds optionality to a character. It does not have to be present to match.
ab?c will match with abc or ac

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Regex
.

A

Escaped the period character to match the period.

The period charcter without the backslash is a wildcard for any character.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Tombstone

A

The original file is quarantined and replaced with one describing the policy violation and how the user can release it again

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

DLP Remediation Actions

A

Alert only
Block
Quarantine
Tombstone

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Heuristic Analysis

A

A method that uses feature comparisons and likenesses rather than specific signature matching to identify whether the target of observation is malicious.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Behavioral Analysis

A

A heuristic model of “typical” behavior is created. An alert is created for any behavior that is outside of the baseline.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Anomaly Analysis

A

A network monitoring system that uses a baseline of acceptable outcomes or event patterns to identify events that fall outside the acceptable range.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Trend Analysis

A

The proess of detecting patterns within a dataset over time, and using those patterns to make predictions about future events or better understand past events

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Data acquisition

A

The process of obtaining a forensically clean copy of data from a device held as evidence

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Order of data acquisition

A
  1. CPU registers and cache memory
  2. Contents of system memory (RAM)
  3. Data on persistent mass storage devices
  4. Remote logging and monitoring data
  5. Physical configuration and network topology
  6. Archival media
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Password spraying

A

A brute force attack in which multiple user accounts are tested with a dictionary of common passwords

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Credential stuffing

A

A brute force attack in which stolen user account names and passwords are tested against multiple websites

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Brute force attack

A

A hacking method that uses trial and error to crack passwords, login credentials, and encryption keys

17
Q

Hybrid attack

A

A type of attack where the perpetrator blends two or more kinds of tools to carry out the assault

18
Q

Rainbow attack

A

An attack that attempts to crack hashed passwords by comparing them against precomuted hashed plaintexts

19
Q

Dictionary attack

A

An attack that uses a dictionary file of possible passwords to crack accounts

20
Q

Risk prioritization

A
  • Risk mitigation
  • Risk avoidance
  • Risk transference
  • Risk acceptance
21
Q

Risk mitigation

A

The process of reducing exposure to, or the effects of, risk factors

22
Q

Risk avoidance

A

The practice of ceasing activity that presents risk

23
Q

Risk transference

A

The response of moving or sharing the responsibilit of risk to another entity (e.g., a vendor)

24
Q

Risk acceptance

A

The response of determining that a risk is within the organization’s appetite and no countermeasures other than ongoing monitoring is needed

25
Q

Incident Response life cycle

A
  1. Preparation
  2. Detection and Analysis
  3. Containment
  4. Eradication and Recovery
  5. Post-incident Activity
26
Q

Preparation

Incident Response Lifecycle

A

Preparing the network and machines to be resistant to attack
* Hardening systems
* Writing policies and procedures
* Setting up cponfidential lines of communication
* Creating response resources and procedures

27
Q

Detection and Analyis

Incident Response Lifecycle

A

Determine whether an incident has taken place andassessing how severe it might be (triage)

Also includes notifying stakeholders of the incident

28
Q

Containment

Incident Response Lifecycle

A

Limit the scope and magnitude of the incident.

Secure data while limiting the immediate impat on customers and business partners.

29
Q

Eradication and Recovery

Incident Response Lifecycle

A

Remove the cause of the incident and bring the system back to a secure state

30
Q

Post-incident activity

Incident Response Lifecycle

A

Analyze the incident and responses to identify whether procedures or systems could be improved

AKA lessons learned

31
Q

TPM

A

Trusted Platform Module

A specification for hardware-based storage of digital certificates, cryptographic keys, hashed passwords, and other user and platform ientification information.

Implemented as part of the chipset or a function of the CPU

Hard coded with a unique, unchangeable asymmetric private key called the enforsement key.

32
Q

HSM

A

An appliance for generating and storing cryptographic keys. This sort of solution may be less susceptible to tampering and insider threats than software-based storage

33
Q

eFUSE

A

An Intel-designed mechanism to allow a software instruction to blow a transistor in the hardware chip.

Prevents firmware downgrades

34
Q

SED

A

Self-encrypting drive

35
Q

Attack surface

A

All the points at which an adversary could interact with the system and potentially compromise it

36
Q

Attack vector

A

A specific means of exploiting some point on the attack surface

37
Q

Threat modeling

A

The process of identifying and assessing the possible threat actors and attack vectors that pose a risk to the security of an app, network, or other system

38
Q

Adversarial capabilities

A

A formal classification of the resources and expertise available to a threat actor

39
Q

Fuzzing

A

A technique designed to test software for bugs and vulnerabilities. It involved