Unknown answers Flashcards

1
Q

What are the stages of digital Forensics?

A

Acquisition
* Obtain Data without altering origional evidence
* Look for artifacts, left behind log information etc.

Reporting
* Document all findings
* Summary information

Preservation
* Handling Evidence
* Manage collection process

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Differerence between Vertical and Horizontal password attacks

A

Vertical
* Targeting one account with large number of possible passwords
Horizontal
* Targeting multiple accounts trying a few common passwords

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Why is inventory important

A
  • Enables a organization to maintain up-to-date records of hardware, software and data assets
  • This enables timely patch management, as administrators can easily identify assets that require updates or patches
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Explain Buffer overflow

A
  • Occurs when an application receives more data than it´s allocated to handle
  • Causing the excess data to overflow into adjacent memory locations
  • Can lead to application crashes potentially allowing attacker to execute arbitrary code
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is a Golden Image?

A
  • Ensures consistency and saves time by providing a standardized confoguration for each VM empoyed
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is SCAP

A

** Security Content Automation Protocol **
* Different standards for automating the management of computer security threats and vulnerabilities
* Ensures organizations infrastructure is compliant with regulatory standards and guidelines
* Provides common language for security content
* Aids in automating the process of detecting vulnerabilities and managing configurations in a system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is a Security custodian?

A
  • Responsible for day-today management and implementation of security controls
  • Work under guidance of CISO or Security owner to ensure security measures are applied
  • Do not have primary responsibility for defining and establishing organization wide security procedures
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is a Data Controller

A
  • Responsible for determining the purposes and means of processing personel data
  • Defining how personal data is handled
  • Data governance and compliancewith data protection regulations
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

How is the ALE calculated?

A

SLE x ARO
SIngle Loss expectancy x Annual Rate of Occurrence

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is Federation?

A
  • Linking together of of several seperate systems, databases or applications to create unified cooperative system
  • Allows different computing system,s and organozations to share and access data
  • Typically in cloud environments
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is the main significance of implementing XDR?

A
  • Ability to integrate and correlate security data from various souces
  • Endpoints, networ, and cloud environments
  • Detect and respond to sophisticated, multi-vector threats
  • Still, primary role is detect and respond
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is a rogue WAP and which attack can you conclude from it?

A

Refers to any Wifi access point that has ben installed without explicit authorization from a network administrator

  • On-path-attack
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

WAF

A
  • Web application Firewall
  • Protects Web applications by monitoring, filtering and blocking HTTP/HTTPS traffic
  • Layer 7
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Client based

A
  • Software that runs on computer and requires installation and configuration
  • May have vulnerabilities if not patched
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

ABAC

A

Attribute-Based Access Control
* Access permissions based on various user attributes: Job Role, department, location, and time of access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

RBAC

A

Role-based Access Control
* Soley based on job roles or job functions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

DAC

A

Discretionary access control
* Allows individual users to have discretion or control over their own resources

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is Enumeration in the effective management of Hardware, software, and data assets?

A
  • Practice of assigning unique identifiers, access controls and attributes to each asset
  • Helps establish ensurance only authorized users can interact with assets
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Cellular

A
  • Use GSM or CDMA technologies to provide wireless communication between devices
  • Secure
  • Best way for secure and reliable communication between offices
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What is an AUP?

A

Acceptable use policy
* Is a directive control because it helps direct employee behavior by specifying what actions are allowed and not allowed when using company resources

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What could be a security implication of Microservices?

A

As applications are broken down into microservices, ecah service might need specific access controls potentially complicating permissions landscape

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What is the purpose of an audit committee?

A

Overseeing and evaluating an organizations internal controls, financial reporting and compliance processes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Which common method of authenticating systems is used in SSL/TLS?

A

Uses digital certificates to authenticate the identity of the server and optionally client during SSL/TLS handshake

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

How is a CVE identifier formated?

A

Year and sequence of numbers
2023-12345

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Volume encryption

A

Affects defined, formatted block of storage which could span across multiple partitions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Name SCADA systems vulnerabilities

A
  • Hard to patch
  • Often legacy protocols without encryption
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Partition Encryption

A

Encrypts only defined partition on a storage device

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

False Negative

A

Dismisses threath

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

false positive

A

Legitimate action but labeled as threath

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Data owner

A

The owner’s role is accountable for the data’s security and compliance with the organization’s strategic objectives. Outlines the purposes, conditions, and methods of personal data processing to comply with GDPR pertain to the controller role, not the owner.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

What is the primary purpose of internal compliance reporting?

A

Provide updates on compliance status, identify potential issues, and inform organizations management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

ECC

A

Elliptic Curve Cryptography
* Primarily used for digital signatures and key exchanges rather than direct encryption of data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

What means Employee retention?

A
  • Organization can retain experienced staff who have gained valuable knowledge and expertise
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Explain an audit comittee

A
  • Makes sure that an organization meets necessary regulatory standards.
  • Overerseeing risks and ensuring regulatory compliance
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Kerberos

A
  • Network Authentication protocol designed to provide stron authentication for client/server applications
  • Central authority (KDC) provides tickegt to users after credentials are verified
  • This ticket is then used to access various services within the network
32
Q

SAML

A

Security Assertion Markup Language
* Commonly used in single sign ons (login once, acces multiple applications)
* Standard for exchanging authentication and authorization data between an identity provider and service provider

33
Q

OAuth

A

Granting application Access to resources in another application

34
Q

LDAP

A

Lightweight Directory Access protocol
* Widely used protocol for managing and accessing directory information services over an IP network

35
Q

SRTP

A

Secure Real-time Transport Protocol
* Provides encryption, message authentication, and integrity for voice communications over IP

36
Q

SASE

A

Secure Access service Edge
* Combines network security funtions with wide-area networking
* dynamic, secure access needs of organizations

37
Q

IPsec

A

Internet Protocol Security
* Secure IP communication by authenticating and encrypting each IP packet of session

38
Q

SD-WAN

A

Allows Cloud based applications to communicate directly to the cloud instead of hopping through central point

39
Q

Homorphic encryption

A

Sophisticted form of Cryptography where encrypted data can be processed without decrypting it first.
* Secures Data in Use

40
Q

Record-level encryption

A

Encrypts individual entries or records within a database

41
Q

Probability

A

Refers to the expected frequency of occurrence of a specific risk within a given time frame.

42
Q

ARO

A

The annualized rate of occurrence (ARO) is a quantitative risk analysis metric that represents the expected number of times a specific risk occurs in a year.

43
Q

Likelihood

A

Likelihood is a qualitative term used to express the chance of a risk occurring, typically described in terms of low, medium, or high.

44
Q

Exposure Factor

A

The exposure factor represents the percentage of asset loss that would occur if a specific risk is realized. It is a quantitative risk analysis metric

45
Q

In Dion Training’s data management framework, Scherazade determines the why and how data will be collected. She then directs Sahra what should be done with the data that is collected. Which of the following BEST describes the roles that Scherazade and Sahra?

A

Scherazade is the data controller because the data controller determines how and why the data is collected and used. Sahra is the data processor because the data processor follows the data controller’s directions for using the data that is collected. The data owner is the person who is ultimately responsible for the confidentiality, integrity, and availability of the data. The data custodian handles the management of the system used to store and collect the data. The data owner is the person who is ultimately responsible for the confidentiality, integrity, and availability of the data.

46
Q

What is the safest form of critical encryption safeguarding dara during transmission?

A

End-to-end Encryption
By encrypting data at the source and decrypting it only at the destination, the organization ensures that even if intercepted during transmission, the data remains confidential and unreadable.

47
Q

What does an exposure factor do?

A

Measures the likelihood of a vulnerability being exploited
* Essential to priorititze risk posed by potential attacks

48
Q

Explain an end-of-life vulnerability

A

Refers to hardware that is no longer supported by manufacturers, often leading to unpatched and exploitable vulnerabilities

49
Q

S/MIME

A

Secure Multipart Internet Message Extension
Leverages email certificates to both sign an encrypt email content.
* Ensuring authenticity and confodentiality

50
Q

What does the Policy Administrator do within Zero trust paradigm?

A

Maintaining and updating policies for Access Control

51
Q

Data retention

A
  • Dictate how long different types of data should be kept
  • Often driven by legal requirements
  • Industry specific
52
Q

Computer Security Act 1987

A

This act specifically requires federal agencies to develop policies to secure computer systems that process sensitive or confidential information.

53
Q

GDPR

A

(General Data Protection Regulation)
is a European Union regulation that deals with the protection of personal data, and it doesn’t pertain to US federal agencies’ computer systems.

54
Q

GLBA

A

(Gramm–Leach–Bliley Act)
Is focused primarily on financial institutions and requires them to ensure the security and confidentiality of customer data.

55
Q

SOX

A

(Sarbanes-Oxley Act)
Does emphasize transparency and accountability in financial reporting.

56
Q

E-Discovery

A
  • E-discovery is an essential component of incident response and primarily relates to the collection and handling of electronic data.
  • Designed to be used as evidence in legal cases and includes in its scope anything that is stored electronically - emails, documents, databases, presentation files, voicemails, video/audio files, social media posts, and mor
57
Q

Root Cause analysis

A
  • Crucial in incident response
  • Helps to understand how the incident occurred, what vulnerabilities were exploited, and how to prevent similar incidents in the future.
  • By identifying the root cause, organizations can address underlying weaknesses in their security measures and implement necessary improvements to enhance their overall security posture.
58
Q

Incremental backup

A
  • Backup that only copies files that have changed since most recent backup
59
Q

Differential Backup

A
  • Captures all changes made since last full backup
60
Q

Journaling

A
  • Keeping record (journal) of changes before they are implemented
  • Protection agianst corruption in event of system crash or power failure
61
Q

What can be consequences of single point of failure

A
  • Can lead to system outages and compromise reliability of automated security operations
62
Q

Quantitative risk analysis

A
  • Involves calculating or numerical scoring of financial impact of specific risk events
  • Considering probability of occurence and potential loss in monetary terms
63
Q

Qualitative risk analysis

A
  • Assigning subjective values to risks based on decriptive terms
  • High, low, medium
64
Q

AES

A

*Advanced Encryption Standard
* Symmetric encrytion algorithm

65
Q

RSA

A

Rivest Shamir Adleman
* Asymmetric encrytion technique

66
Q

ECC

A

Elliptic Curve Cryprography
* Public and private keys based on Eliptic curve mathematics

67
Q

Diffie-Hellmann

A

Asymmetric key exchange method used to exchange keys over a public channel

68
Q

Acqusition as Incident Response step

A
  • Identifying an gathering evidence related to Incident
  • Collecting Logs, taking disk images, or other procedures to catalogue everything that might be used in court
69
Q

Boards

A
  • Panel of specialists
  • Sets taks or requirements for comitees
70
Q

Comitees

A
  • Subject matter experts
  • Considers input from boards
  • Determines nect stept for a topic at hand
  • Presents results to boards
71
Q

SLA

A

Service Level Agreement
* Minimum terms for services provided
* Uptime, response time agreement, etc.
* Commonly used between customers and service providers

72
Q

MOU

A
  • Both sides aggree in general to contents on memorandum
  • common goals
  • Informal, no signed contract
73
Q

MOA

A

Memorandum of Agreement
* Conditonally agreeing to objectives
* Can also be legal document
* Unlike contract, may not contain legally enforcable promises

74
Q

MSA

A

Master Service Agreement
* Legal contract and agreement of terms
* Broad framework to cover later transactions

75
Q

WO / SOW

A

Work order / Statement of work
* Detailled instructions and requirements for specific tasks or projects to be carried out by a vendor

76
Q

BPA

A

Buisness Partners Agreement
* Who makes business decisions
* Lists specific individuals and scope
* Financial issues
* Disaster recovery

77
Q

RTO

A

Recovery time objective
* Sets the goal for the time taken to recover business operations after an outage
* Essential for continuity planning

78
Q

BCP

A

Business continuity planning
* Overall process

79
Q

RPO

A

Recovery point objective
* maximum acceptable amount of data loss measured in time from disaster to disruption

80
Q

Custodian

A
81
Q

What is the most secure and widely adopted encryption protocol?

A

AES