Total Comp TIA - Online class Flashcards
(131 cards)
1
Q
What is risk management
A
risk is the likelihood of a threat actor taking advantage of a vulnerability by using a threat against an IT asset
2
Q
What is an asset
A
any part of an IT infrasture that has value
3
Q
what is likelihood
A
the probability of an asset being damaged over time
4
Q
what are threat actors
A
anyeone or anything with with the motive and resourcees to attach anothers IT infrastructure
5
Q
what are nine the different threat actor groups
A
- Hacker - ppl trying to crack into IT inf.
- Hacktivist- someone with an activist attitude- ex. greenpeace
- script kitties- someone who uses known scrips and trying stuff ( premade attacks)
- insiders - somebody that has access to internal structure
- Competitors
- shadow IT - any form of IT inf that is being put in in an unofficial or illegal way
- criminal syndicates - denial of service attacks
- state actors - ex. - state sponser, long term type of actors
- advanced persistent threat(APT) - long term hacking of something to get information over time
6
Q
what is a vulnerability
A
a weakness inherit in the protection of an asset . ex. firewalls that have holes in them
7
Q
what is a threat
A
an action (attack or exploit) by a malicious threat actor that they can use against an vulnerability to preform harm to an asset
8
Q
how can you get rid of threats
A
you go through remediation - lets look at all threat actors, threats , infrustructure, at their vulnerability and based on likelyhood elts make decision on hat we are going to do to remediate these threats
9
Q
what does the CIA triad stand for
A
C- CONFIDENTIALITY
I-INTEGRITY
A- AVAILABILITY
10
Q
what is an example of a script kitty
A
Kali linux
11
Q
what are attack vectors
A
pathways to gain access to infrastructure
-example- open firewall ports
-weak configurations
-lack of security awareness
-missing patches
-infected USB thumb drive
-supply chain attacks
12
Q
threat intelligence sources
A
-facilitate risk management
hardening can reduce incident response time
-provide cyber security insight - ex.threat maps
13
Q
what are the threat intelligent sources
A
- closed/ proprietary- pay
-OSINT- Open source intelligent ex. goverment reports ex. NSA
-CVE- Common vulnerability and exposures
-dark web- anonymous connections ( TOR Network)
-AIS- Automated indicator sharing- exchange of cyber security intelligence between entities ( ex. STIX)
14
Q
what is STIX
A
Structred threat information Expression - special format to package information that is understood between similar systems
15
Q
what is TAXII
A
trusted automates exchange of intelligence iformation : ex- real time threat indicator feeds
16
Q
describe OSINT
A
open sourced intelligence
-rferes to publis cybersecurity intelligence resources
* ex: CVE- Common vulenabilities and exposures database
17
Q
what is the dark web
A
an encypted and anonymized inter access mechanism allowing access to unindexed contect
18
Q
what could be some attack vectors
A
ex- mISSION CRITICAL it SYSTEMS - PAYMENT PROCESSING
-Third party access- software components
19
Q
what are physical risk vector
A
ex- access control vestibules - mantraps
-Server room access
20
Q
how can you manage risk vectors
A
with a risk management framework (RMF)
-ex. CIS- center for internet security
-NIST- national institute of risk management
21
Q
what are some financial RMF’S
A
SSAE SOC 2
22
Q
what is NIST
A
national institute of standards and technology
-It is a guide for conduction risk assessment
23
Q
what is a GDPR
A
general data protection regulation
-protect EU citizens private data
ex. in the US- HIPPA ( health insurance portability and accountability act ) - protect health insurance info
-PCI DSS- Payment card industry data security standards
24
Q
what are types of security policies
A
AUP- Acceptable use policy
-ex. email, account policies, web browsing , Data retention
25
define risk management frameworks
provide guidence on identifying and managing risk
26
what does a security control do
a solution that mitigates threat
-ex. running malware to prevent infections
27
What are the different security control categories
-Managerial/ adminitrative- WHAT
-operations- HOW OFTEN - POLICY REVIEWS
-technical - HOW - Technical controls
28
what is a cloud security control document
- cloud security alliance ( CSA)
- or CCM - cloud control matriculation
29
what are the security control types
-physical - ex. mantrap
-detective ( log files, tv)
-corrective- patching vulnerabilities
-detterent- device logon warning - ex. you are logging into
-compensating - ex. using alternative
30
what is risk assessment
prioritization of threats against assets and determining what to do about it
31
what is the risk assessment process
- risk awareness
-evaluate security controls
-implememt security controls
-periodic review
32
what are the different types of risk types
- Environmental - floods
-man made - terrorism
-internal - malicious insider
-external - competitors
-
33
what are the catagories for risk treatments
-risk acceptance - current level of risk is acceptable \- mitigation/reduction of risk ( security controls before undertaking risk)
-transference/sharings - some risk transfered to someone else - ex. cybersecurity insurance)
-risk avoidance - avoid activity
34
what is a quantitative risk assessment
risk assesment based on numeric value- we are focusing on dollar amount
-what is the asset value (AV)
35
what is the exposure factor
amoutn of asset that is considered lost when a negative incident occurs
-ex. 1 --> 100% - one incident will be a complete loss of asset
36
what is the single loss expectancy
SLE- how much loss is experienced uring one negative incident
-multiply asset value by exposure factor
37
calculate SLE:
ASSET: 24,000
Exposure Factor: 12.5 %
24,000 x .125 = 3,000 SLE
when one negative occurance happens we are loosing about 3,000 dollars
38
How do you calculate the SLE ( SINGLE LOSS EXPECTANCY )
MULTIPLE THE ASSET VALUE X THE EXPOSURE FACTOR
39
what is the Annualized rate of occurance
ARO: - EXPECTED NUMBER OF YEARLY OCCURANCES DOWNTINE- ex. 3 times a years
40
how do you calculate the annualized loss expectancy
total yearly cost of bad things happening
1.) determining cost of single loss expectancy ( 1 negative occurance)
2.) multiple by number of occurances in one year BASED ON HISTORICAL KNOWLEDGE
41
what is a qualitative risk assesment
based on subjective opinions regarding
-thread likelihood
-impact of threat
threats are given a severity rating
42
what is a risk resgister
it is a cetralized list of risk, severities, responsibilities and mitigations - QUALITATIVE
43
what is a risk heat map
take risk severity levels and map them visually - by color
44
what is a risk matrix
table of risk details minus colors
45
what is a business impact analysis ( BIA)
-Allows us to prioritize mission critical processes
-ASSESS risk
*** identifies how negative incidents will impact business processes and sentitive data
46
What are the diffrent types of business impact
-financial
-Reputation laws
-Data Loss
-Data Exfiltration
47
Failed components Impact - different times
MTBF- Mean time between failures
* average time that passes between repairable compoent failures - EX. SOFTWARE
-Mean time to Failure ( MTTF)
-* average time between non repairable component failURES - ex. hard disk
-MTTR- Mean time to repair-
48
what is MTBF
MTBF- Mean time between failures
* average time that passes between repairable compoent failures - EX. SOFTWARE
49
what is MTTF
-Mean time to Failure ( MTTF)
-* average time between non repairable component
50
What is MTTR
-mean time to repair
*time required to repair a failed component
51
what is a privacy threshold assessment (PTA)
First step before implementing solutions related to sensitive data
-where is our sensitive data
52
what is the RPO
RECOVERY POINT OBJECTIVE ( MAXIMUM TOLERABLE Amount of data loss)
-EX. 1 hour maximum - then you should be backing up at least once every hour
53
what is the RTO
RECOVERY TIME Objective (maximum of downtime that we can tolerate) -EX. 2 hours - ex. after two hours it would have a great impact on the organization
-Get it up and running between two hours
54
what are the different data roles
1. Data Owner - legal owner - sets rules
2. Data Controlelr - data complies
3. Data processor- handles data but follow laws for that data
4. Data Custodian- Managing data - day to day - acts the rules
5. DPO- Data privacy officer- ensures data privacy
55
explain the information life cycle of
collect data
store data
process data
share data
archive and delete
56
what is PII
Personally identifiable information
-one or more pieces of sentitive ino that can be traced back to an individuaL
-ex. social security numbers
-CC
-address
57
What is PHI
protected health information
-one or more pieces of MEDICAL information that can be traced back to individual
-ex. BLOOD TYPE
-PATIENT MEDICAL ELEMENTS
-health insurance information
58
what are some privacy enhansing technologies
-anonymization
59
What are some aunomization techniques
-pseudo- replace PII with fake identifiers
-Data minimization- limit stored or retained information- EX. cc info- shread it
-Tokenization- ex. for Credit cards
-DATA data masking- ex. blurring rest of info
60
what is data sovereignty
where is the data located
-location of data and laws that apply to it
61
what does data sanitation do
ensures sensitive data cannot be recovered
62
what are some meathods to do data sanitication
-burning
-shredding
-cryptographic erasure
-disk wiping tools
-degaussing - MAGNET
63
how can you secure personnel management
job rotation
mandatory vacation
separation of duties
64
what is included in user onboarding
it occurs after hiring and included taining and account provisioning
65
What are the third party risk management
-MSA- Measurement system analysis - QUALITY ASSURANCE
66
what are supply chain security risk
-unstable or unsecure hardware - ex. EOL, EOSL- end of life
-cloud service providers - software
-contractors - data privacy notice
-suppliersm
67
what are third party risk management
DLP- Data loss prevention- can control the intentional or unintentional disclosure of sensite data
-storing data in the cloud
68
what is MSA
MEASUREMENT SYSTEM ANALYSIS - CAN IDENTIfy supply chain improvements
69
what is an interconnection security agreement (ISA)
-Linking companies , legal review, vulneraability scans) w
-apply when connecting different entities together
70
what is a service level agreement (SLA)
contractual document stating level of service , guaranteed service uptime and consequences)
71
what is a memorandum of understanding (MOU)
BROAD Terms of agreement between parties)
-MOA- Memorandum of agreemnt - a bit more detailed
72
what is a business partnership agreement
legal document , responisbilities , investment
73
NDA- Non disclosure agreement
prevent sentitive data disclosure
74
WHAT IS CRYPTOGRAPHY
THE study of taking data, and making it hidden in some way to other people cant see it and then bringing the data back
-providing confidentiality
75
what is obfuscation
take something that makes sense and hide it
76
how can obfuscation be done
-Difussion- less obvious
-confusion-
77
what is the ceaser cipher
each letter in the plaintext is replaced by a letter some fixed number of positions down the alphabet.
78
vigenere cypher
it is a cesaer cipher with expra confusion
-assign key first
79
What is needed to create a vigenere cypher
1. algorithm
2.key or encryption
* only good for alphabet
80
what is kerckhoffs principle
as long as you dont know what the key is to an encryption you can understand the algorithm completely
81
what is data at rest
data on mass storage that is sitting on harddrive
-no program or computer looking at doing something to that data
*proprietary information - ex. health insurance info
82
what is data in use or computation
-the database of information. You are doing something that is doing something to the data itself ( data in use)
-if not encrypted, - shoulder surfing
-key loggers
83
what is data in transit
data is moving through and it is being intercepted in between. ( sniffing)
-worst case: man in the middle - do something to information anf then send it to end user
84
what are the three differen types of data
1. data rest
2. data in use
3. data in transit
85
what is symmetric encryption
using the same key to deal with this piece of information
- it is called session key
* in-band - sent key with data
* out- of band- physically giving key
86
what is the primary way that data is encrypted
symmetric encyption
87
what is an ephemeral key
a key that is temporary
-it is a perfel forward secrecy
88
what is Asymmetric encryption
uses a key pair
-A Private key and a public key
89
explain the diffrence between a private key and a public key
* public key - only used to encrypt
*private key- only used to decrypt
90
what is asymmetic encryption mainly used for
to send a secure session key
91
what is a crypto system
define key properties, communication requirements for thekey exchange and the actions taken through the encryption and decryption process
92
what is a symmetric block algorithm
encrypts data in chunks
EX-DES- data encription standards
-3des
blowfish
and currently - AES
93
what is a symmetric block algorithm defined by
key length
block size
number of rounds
94
What is AES
Advanced encryption standard ( black cypher)
95
what is a streaming cypher
they encript one bit at a time ( popular with wireless)
RC4
96
what happens with RSA asymetric cryptography
public keys are paired with a private key
97
what can ECC do that is better than RSA
can create smaller keys ad provides same security
98
what is diffie hellman
an asymmetirc algorithm ofter referred to as a key schange aggrement
99
what do diffie helman groups do
they help define the size or type of key structure to use * can have a very large key)
100
what are hashes
one way, deterministic, and will produce the same result each time the source is hashed
101
what happens to hash if length of source changes
it will be the same exact size
102
what is involved with hashes
password storage and encription
103
what do digital signatures do
verify that the person who sent the public key legitimately owns the private key
104
what do digital certificates inclue
they include a thirs party to authenticate the owner of the digital signature
105
what does the web of trust use
uses a network of mutually trusting peers
106
what does PKI stand for and what does it mean
PKI- Public KEY INFRASTRUCTURE
-Uses a hierarchi structure with certificate authorities (CAs) AND INTERMEDIATE and intermediate certificate authorities
107
what does public key cryptography standards to
gives details on digital certificate construction and uses
108
what are the three main categories for crytographic attacks
1. attack the algorithm -almost impossible
2. attack implementation- advantages of weeknesses
3.attack the key- figuring out key in order to break in
109
how are passwords usually stored
in hash format
110
what are the different types of password attacks
1. brute force - try character combinations
2. Dictionary attacks- uses list of probable passwords
3. rainbow tables - uses pre calculated hashes of words
111
what can help secure passwords
-Salting and key stretching
112
what are the big factors of multifactor identification
-identificatoin- claiming identity
-authentication- proving that identity
-authorization- permitting actions once a user has been authenticate d
113
what are the identification factors
- somthing you know, something you have or something you are
114
what are the identification atributes
include something you do- typing speed
something you exhibit-
something you know - someone you know
somewhere you are - zip code
115
what are the AAA ( multifactor authentications)
authentication- identify yourself
authorization- giving eprmisison
Accounting- auditing
116
descrive accounting in authetication
- auditing( tracking user activity on a system )
-suparate user accounts are important to assure accurate accounting
-even logs can be used to identify unusual or malicious activity
117
what are password vaults
provide centralized password storage and are protected with a master key
118
what are OTP's
ONE TIME PASSWORDS - SIGNLE CODE USED TO ENHANSE AUTHENTICATION
119
WHAT ARE TOTP'S
time based OTP
-HMAC-based OTPs use encryption for added authentication
120
what does biometric authentication use
physical characteristics to authenticate people
121
what are credential policies
defines who gets access to what
122
what are ABAC ( atribute based access control)
uses attibutes to determine permission - ex. date of birth or devide type
-allows resources access based on user devide, resources attributes
123
what is RBAC ( role bases access control)
- a role ins a collection of related permissions
124
what is RBAC (ule based access control)
-conditonal access policies
* we have a series of conditions that must be based:
- ex. mfa, device type and location
125
what is MAC
Mandatory access control
-resources are labeld
-permission assignments are based on resource abels and security clearance
126
what is DAC
Discretionary access control
-dta custodian sets permissions at their discretion
127
what is physical access control
-limited access facility
ex. vestivules, locks on computers *
128
NTLM V2 passwords
aare salted
129
what are PAP and MC CHAP
older network authentication protocols
130
where is karberos used
for authentication and resourceaccesss in an active directory encv
131
what does SSO allor users to do
to sign in once yet access many services without re-entering credentials
