Various Concepts x2 Flashcards
1
Q
A solution that provides real time or near real time analysis of security alerts generated by network hardware and applications.
A
SIEM
2
Q
A class of security tools the help facilitate incident response, threat hunting, and security configuration by orchestrating automated runbooks and delivering data enrichment. AKA next generation SIEM.
A
SOAR
3
Q
commonly used to gather information about routers, switches, and other network devices including status indicators, and CPU and memory utilization.
A
SNMP
4
Q
Inactive data that is archived
A
Data at Rest
5
Q
Data that is crossing the network or that resides in the computer’s memory.
A
Data in Transit
6
Q
Data that is undergoing change.
A
Data in Use
7
Q
an algorithm that performs the encryption or decryption.
A
Cipher
8
Q
A single key encrypts and decrypts the data.
A
Symmetric Encryption
9
Q
One key encrypts and a second key decrypts the data.
A
Asymmetric Encryption
10
Q
encrypts data bit by bit using a mathematical XOR function to create the cipher text. (Symmetric).
A
Stream cipher
11
Q
breaks the input into fixed-length blocks of data and performs encryption on the blocks of data.
A
Block Cipher
12
Q
breaks the input into 64-bit blocks and uses transposition and substitution to create the cipher text and a key strength of only 56-bits. Considered insecure.
A
DES - Symmetric cipher
13
Q
uses 3 separate symmetric keys to encrypt, decrypt, and then encrypt the cipher text to increase the strength of its predecessor.
A
3DES - Symmetric cipher
14
Q
block cipher which uses 64-bit blocks to encrypt plaintext to cipher text.
A
IDEA symmetric
15
Q
block cipher that uses 128, 192, or 256-bit blocks and a matching key size to encrypt plain text to cipher text. The standard for U.S. government.
A
AES Symmetric
16
Q
block cipher uses 64-bit blocks and a variable length key to encrypt plain text to cipher text.
A
Blowfish symmetric
17
Q
block cipher that replaced blowfish and uses 128-bit blocks and 128, 192, of 256-bit keys to encrypt plain text to cipher text.
A
Twofish symmetric
18
Q
stream cipher using a variable key size from 40 to 2048-bits that is used in SSL and WEP.
A
RC4 Symmetric
19
Q
block cipher using key sizes up to 2048-bits.
A
RC5 symmetric
20
Q
block cipher introduced as a replacement for DES, but AES was chosen instead.
A
RC6 symmetric
21
Q
State the symmetric algorithms (9):
A
DES, 3DES, AES, Twofish, Blowfish, IDEA, RC4, RC5, and RC6
22
Q
Asymmetric algorithms are also known as this:
A
Public Key Cryptography.
23
Q
a hash digest of a message encrypted with the sender’s private key to let the recipient know that the document was created and sent by the person claiming to have sent it.
A
Digital Signature
24
Q
Used to conduct key exchanges and secure key distribution over an unsecure network. Used to establish a VPN tunnel with IPSEC.
A
Diffie-Hellman Asymmetric Algorithm
25
relies on the mathematical difficulty of factoring large prime numbers. Supports key sizes from 1024 to 4096-bits.
RSA (Rivest, Shamir, and Adleman) Asymmetric Algorithm
26
based upon the algebraic structure of elliptic curves over finite fields to define the keys. More efficient than RSA. Commonly used in mobile devices and low-power computing devices.
ECC (Elliptic Curve Cryptography) Asymmetric
27
State the 3 Asymmetric algorithms
ECC, RSA, Diffie-Hellman
28
An encryption program used for signing, encrypting, and decrypting emails. Uses IDEA and hybrid encryption.
PGP (pretty good privacy)
29
Newer version of PGP that uses AES for its symmetric encryption functions. Also is cross platform (linux, windows, etc. ).
GNU Privacy Guard (GPG)
30
stream cipher using XOR that encrypts plaintext information with a secret random key that is the same length as the plaintext input.
One-Time Pad
31
PRNG
Pseudo Random Number Generator.
32
A shared, immutable ledger for recording transactions, tracking assets, and building trust.
Blockchain
33
a cryptographic key is generated for each execution of the key process. The keys last a “short” time.
Ephemeral
34
allows calculations to be performed on data without it being decrypted. Used for privacy preserving data in cloud storage and outsourced computations.
Homomorphic encryption
35
a one-way cryptographic function which takes an input and produces a unique message digest.
Hashing
36
occurs when 2 files create the same hash digest
Collision
37
fixed-length 128-bit hash value unique to the input file.
MD5
38
fixed-length 160-bit hash value unique to the input file. Replaced MD5 to reduce collisions.
SHA-1
39
family of algorithms with longer hash digests that include SHA-224, SHA-256, SHA-348, and SHA-512
SHA-2
40
hash digests between 224 and 512-bits.
SHA-3
41
open-source algorithm that creates unique 160,256, or320-bit hash message digests for each input file.
RIPEMD
42
hashing algorithm used to create a level of assurance as to the integrity and authenticity of a given message or file.
HMAC
43
original version of password hashing used by Windows that uses DES and is limited to 14 characters.
LANMAN Hash(LM hash)
44
replacement to LM Hash that uses RC4 and released with Windows 3.1 in 1993.
NT LAN Manager Hash (NTLM Hash)
45
replaced NTLM and uses HMAC-MD5 and is considered difficult to crack.
NTLMv2 Hash
46
A technique that allows an attacker to authenticate to a server or service by using the underlying NTLM or LM hash instead or requiring the plaintext password.
Pass the Hash
47
a technique used to mitigate a weaker key by increasing the time needed to crack it,
Key Stretching
48
adding random data into a one-way hash to help protect against password cracking techniques.
Salting
49
An entire system of hardware, software, policies, procedures, and people that is based on asymmetric encryption.
PKI
50
digitally signed electronic documents that bind a public key with a user’s identity.
Certificates
51
digital certificate standard used in PKI that contains owner, user, and certificate authority information.
X.509
52
allow all the subdomains of a website to use the same public key certificate and have it displayed as valid.
Wildcard certificates
53
Allows a certificate owner to specify additional domains and IP addresses to be supported.
SAN Subject Alternate Name
54
only require the server to be validated
Single-sided certificates
55
require both the server and the user to be validated.
Dual-sided certificates
56
standard that contains encoding methods that include BER, CER, and DER.
X.690
57
original ruleset covering the encoding of data structures for certificates where several different encoding types can be used.
BER (Basic Encoding Rules)
58
A restricted version of BER that only allows one encoding type.
CER (Canonical Encoding Rules)
59
restricted version of BER that has one encoding type and stricter rules for length, character strings, and how elements of digital certificate are stored in x.509
DER (Distinguished Encoding Rules)
60
used to verify information about a user prior to requesting that a CA issue the certificate.
Registration Authority (RA)
61
the entity that issues certificates to a user
CA Certificate Authority
62
online list of digital certificates that the CA has revoked.
CRL Certificate Revocation List
63
a protocol that allows you to determine the revocation status of a digital certificate using its serial number.
OCSP Online Certificate Status Protocol
64
allows the certificate holder to get the OCSP record from the server at regular intervals and include it as part of the ssl or tls handshake.
OCSP Stapling
65
allows an https website to resist impersonation attacks by presenting a set of trusted public keys to the user’s browser as part of the HTTP header.
Public Key Pinning
66
occurs when a secure copy of a user’s private key is held in case the user accidentally loses their key. Usually require 2 persons (separation of duties) to retrieve the key.
Key Escrow
67
a specialized type of software that allows the restoration of a lost or corrupt key.
Key Recovery Agent
68
a decentralized trust model that addresses issues associated with the public authentication of public keys within a CA-based PKI system and is a concept used in PGP and GNuPg.
Web of Trust
69
is a web of trust. Peer to peer self-signed certificate where the more people know you, the more people will trust you. Examples include the ebay seller rating system.
PGP (Pretty Good Privacy)
70
a standard that provides cryptographic security for electronic messaging, email.
S/MIME secure multipurpose internet mail extensions
71
a protocol that encrypts PPP packets and sends data as encrypted traffic. It also can use CHAP based authentication which is considered insecure.
PPTP port1723. PPTP
72
is a tunneling protocol used to support virtual private networks (VPNs) or as part of the delivery of services by ISPs.
LT2P port1701
73
A TCP/IP protocol that authenticates and encrypts IP packets and effectively secures communications between devices using this protocol. It also provides CIA, confidentiality through encryption, integrity through hashing, and authentication through a key exchange.
IPSec
74
method used by IPSec to create the vpn tunnel by encrypting the connection between authenticated peers.
IKE Internet Key Exchange
75
this is a set of IPSec specifications that are negotiated between devices that are establishing an IPSec relationship
SA Security Association
76
protocol in IPSec that provides integrity and authentication.
Authentication Header AH
77
provides confidentiality through encryption, hashing of the AH, and integrity by encapsulation in the IPSec protocol.
ESP
78
Two IPSec vpn modes
Transport and Tunnel.
79
only encrypts the payload and not the header. Semi- truck comparison- only the trailer is encrypted and not the cab.
Transport Mode
80
encrypts both the payload and headers. Semi- truck comparison- both the cab and trailer are encrypted.
Tunnel mode
81
an unexpected increase in the amount of voltage provided
Surge
82
a short transient in voltage that can be due to a short circuit, tripped breaker, power outage, or lightning strike.
Spike
83
An unexpected decrease in a power supply.
Sag
84
occurs when the voltage drops low enough that it typically causes the lights to dim and can cause a computer to shut off.
Brownout
85
totally loss of power for a prolonged amount of time.
Blackout
86
Allows the combination of multiple hard disks into a logical single disk drive that is recognized by the system.
RAID Redundant Array of Inexpensive Disks
87
provides data striping across multiple disks to increase performance. Requires at least 2 drives.
RAID 0
88
provides redundancy by mirroring the data identically on two hard disks. Requires at least 2 drives.
RAID 1
89
provides redundancy by striping data and parity data across the disk drives. Requires at least 3 different drives.
RAID 5
90
provides redundancy and double parity data across the disk drives. Requires at least 4 different drives.
RAID 6
91
creates a striped RAID of two mirrored RAIDs.
RAID 10 It is a combination of RAID 1 and RAID 0, equaling a RAID 10.
92
two or more servers working together to perform a particular job function.
Cluster
93
the second server can take over if the active server fails.
Failover Cluster
94
servers are clustered in order to share resources.
Load-balancing cluster
95
near duplicate of working site and can be up and running in minutes.
Hot site
96
A site partially equipped but will require some configuration prior to being active.
Warm site
97
A minimally equipped site with no configuration.
Cold Site
98
All of the contents of the data storage are copied.
Full Backup
99
Only backs up the changes to the data storage since the last full backup or this type of backup
Incremental Backup. Quicker backup times, longer restoral in the event of a failure.
100
Only backs up the changes to the data storage since the last full backup
Differential Backup.
Quicker restoral time in the event of a failure, longer backup times.
101
each data storage tape is used once a day for 2 weeks, and then the entire set is reused.
10 Tape Rotation
102
Three sets of backup tapes are used: son = daily, father=weekly, and grandfather=monthly.
Grandfather-father-son
103
three sets of back up tapes used to store data. One tape = every other day, tape 2 = every four days, and tape three = every eight days.
Towers of Hanoi backup system
104
type of backup primarily used to capture the entire operating system image including all applications and data.
Snapshot backup
105
A systematic activity that identifies organizational risks and determines their effect on ongoing, mission critical operations.
Business Impact Analysis
106
MTD
Maximum Tolerable Downtime
107
WRT
Work Recovery Time
108
The longest time a organization can sustain lost access to data
RPO Recovery Point Objective.
109
When a thief attempts to take responsibility for a shipment by diverting the delivery to a nearby location.
Diversion theft
110
this provides a comprehensive security management framework.
Governance
111
this defines the role of security in an organization and establishes the desired end state of the security program.
Policies
112
this is used to implement a policy in an organization.
Standards
113
this is used to recommend actions.
Guidelines
114
This is detailed step-by-step instructions that are created to ensure that personal can perform a given action.
Procedures
115
the attacker sends a TCP SYN request using the same IP address and port as both the source and destination IP address and port. the system replies to itself exhausting resources and leading to a system crash.
land attack,
116
this is any information that can result in a loss of security or the advantage a company has if it is accessed by unauthorized persons.
Sensitive Data
117
Data that would have no impact to the organization if it were leaked.
Public Data
118
Data that will have minimal impact to the organization if it were leaked.
Sensitive Data
119
Data that should only be used inside of the organization.
Private Data
120
The highest level of data classification such as trade secrets, intellectual property, etc that would seriously affect the organization if disclosed.
Confidential Data
121
Government data that can be released to the public.
Unclassified Data
122
Government data that would not impact national security but would affect those the data represents.
Sensitive, but Unclassified
123
Government data that could seriously affect the government if unauthorized disclosure occurs.
Confidential Data
124
Government data that would damage national security if disclosed.
Secret Data
125
Government data that could gravely damage national security if released to unauthorized persons.
Top Secret Data
126
A senior executive role with responsibility for maintaining the CIA of information assets.
Data Owner
127
128
A role that focuses on maintaining the quality of the data and associated metadata.
Data Steward
129
A role that focuses on handling the management of the systems on which the data is stored.
Data Custodian
130
A role responsible for the oversight of any PII/SPI/PHI assets managed by the company.
Privacy officer
131
Affects US government computer systems that stores, collects, or uses PII.
Privacy Act of 1974
132
Affects publicly traded US companies and requires certain accounting methods and financial reporting requirements.
Sarbanes-Oxley SOX
133
Affects banks, mortgage, loan, insurance, and credit card companies that prohibits the sharing of PII or financial information with third parties.
Gramm-Leach-Bliley GLBA
134
Requires each government agency to develop, document, and implement an agency wide systems security program to protect their data.
Federal Information Security Act of 2002 FISMA
135
provides regulations that govern the security, confidentiality, and integrity of the PII collected, stored, and processed during the election and voting process.
Help America Vote Act HAVA of 2002
136
Requires any California business that stores PII to disclose a breach.
SB1386
137
methods and technologies that remove identifying information from data before it is distributed.
Deidentification
138
A deidentification method where generic or placeholder labels are substituted for real data while preserving the structure of the original data.
Data Masking
139
A deidentification method where a unique token is substituted for real data.
Tokenization
140
a deidentification method where data is generalized to protect the individuals involved.
Aggregation and Banding
141
An attack that combines a deidentified dataset with other data sources to discover how secure the deidentification method is.
Reidentification
142
agreement between two parties that identifies what data is confidential and cannot be shared outside of the relationship.
Non-disclosure Agreement NDA
143
A non-binding agreement between two or more parties to detail a common line of action.
MOU Memorandum of Understanding
144
an agreement concerned with the ability to support and respond to problems within a given timeframe and continuing to provide the agreed upon level of service to the user.
Service-level Agreement SLA
145
an agreement for the owners and operators of IT systems to document what technical requirements each must meet.
Interconnection Security Agreement ISA
146
Conducted between two business partners that establish the conditions of their relationship.
Business Partnership Agreement BPA
147
Exposes the hard drive to a powerful magnetic field which causes the data written on the drive to be erased.
Degaussing
148
the act of removing data in a manner that it cannot be reconstructed using any known forensic techniques.
Purging (Sanitizing)
149
the act of removing data with a certain amount of assurance cannot be reconstructed.
Clearing
150
this is a risk driven architecture the considers the who, what, when, where, and why.
SABSA Sherwood Applied Business Security Architecture
151
A security framework that divides IT into four domains: plan and organize, acquire and implement, deliver and support, and monitor and evaluate.
COBIT Control Objectives for Information and Related Technology
152
this is a security control framework developed by the Department of Commerce.
NIST 800-53
153
considered to be the de facto standard for IT security practices.
ITIL Information Technology Infrastructure Library
154
a frame work with consensus-developed secure configuration guidelines for hardening and prioritized sets of best practices for IT security.
Center for Internet Security CIS
155
a framework developed by NIST and used in government applications that integrates security and management activities into the system development life cycle.
Risk Management Framework RMF
156
a set of industry standards and best practices developed by NIST to help organizations manage cyber related risks.
Cybersecurity Framework CSF
157
State the five categories of CSF
Identify, Protect, Detect, Respond, and Recover
158
an international standard that identifies requirements for implementing, maintaining, and improving information security management systems ISMS.
ISO 27001
159
an international standard that provides best practice recommendations on information security controls for use by those responsible for initiating, implementing, or maintaining information security management systems ISMS.
ISO 27002
160
Punycode format for representing ASCII characters in legacy or international dns systems
xn--
161
an attack where a malicious dns server is used to tunnel other protocols.
dns tunneling
162
an attack where he browser is redirected to the malicious web page that delivers the exploit to the victim's machine through a series of redirections.
http302 cushioning
163
Zero Trust model protects these 3 areas
Workforce, workload, and workplace.
164
acts as a privacy extension to ISO 27001 with additional requirements for establishing and maintaining PIMS (privacy information management systems).
ISO 27701
165
an international standard for enterprise risk management that replaces a myriad of other standards and methodologies.
ISO 3100
166
a suite of reports produced during an audit which is used by service organizations to issue validated reports on internal controls over those information systems and their users.
System and Organizational Controls SOC
167
provides fundamental security principles to guide cloud vendors and to assist cloud customers in assessing the risks with cloud solutions.
Cloud Security Alliance’s Cloud Control Matrix
168
a set of procedures that an investigator follows when examining a security event.
Incident Response
169
What are the six incident response steps, in order:
Preparation, identification, containment, eradication, recovery, and lessons learned.
170
A linux cmd line utility used for querying and displaying logs from journald, the systemd logging service in Linux.
Journalctl
171
a multiplatform, open source log management tool that helps easily identify security risks, policy breaches, or analyze various operational logging systems.
Nxlog
172
a proprietary network protocol developed by Cisco that collects active IP traffic as it flow in or out of an interface, including its point of origin, destination, and paths on the network.
Netflow
173
an open source version of netflow
Sflow
174
A universal standard of export for IP flow information from routers, probes, etc used by various information systems and defines how that information should be formatted and transferred to a collector.
Internet Protocol Flow Information Export IPFIX
175
Two methods that combat shellcode attacks:
ADSLR and DEP
176
This is an indicator that shellcode is traversing the network.
Detecting patterns that contain NOP (no-operation) instructions.
177
A process designed to preserve all relevant information when litigation is reasonably expected to occur.
Legal Hold
178
Name two popular digital forensic tools:
FTK (Forensics ToolKit) and EnCase
179
What can be used to investigate Windows security, system, and application logs?
Event Viewer
180
exchanging/swapping out multiple IP addresses that are associated with a malicious FQDN
Fast Fluxing
181
an early IPS evasion technique that split malicious traffic that bypassed IPS sensors.
Fragmentation
182
Open Source software and an open network that enables anonymous communications so that users can browse the web anonymously.
TOR The Onion Router
183
a very popular P2P file sharing application that is still in use.
BitTorrent
184
malware that downloads a file over the network and then executes that file.
Dropper
185
7 steps in Lockheed Martin's cyber kill chain
Reconnaissance, Weaponization, Delivery, Exploitation, Installation, C2, and Actions on Objectives
