Weak Points #3 Flashcards

1
Q

Rule-Based Access Control

A

An access control model in which access to resources is granted or denied depending on the contents of Access Control List (ACL) entries

Label-based access control that defines whether access should be granted or denied to objects by comparing the object label and the subject label

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

ABAC Access Policy Properties

A

Subject (user or process requesting access)
Type of action (for example “read”, “write”, “execute”)
Resource type (medical record, bank account etc.)
Environment (contextual data, such as time of day or geolocation)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

MAC Characteristics

A

Users are not allowed to change access policies at their own discretion

Labels and clearance levels can only be applied and changed by an administrator

Every resource has a sensitivity label matching a clearance level assigned to a user

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

PAM

A

Privileged Access Management:

A security solution that provides control over elevated (i.e. administrative type) accounts

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

DER Characteristics

A

Encoded in binary format

.der and .cer file extension

Generally used for Java servers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

PEM Characteristics

A

Encoded in text (ASCII Base64) format

.pem .crt .cer .key file extensions

Generally used for Apache servers or similar configurations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

PFX & P12 Characteristics

A

Encoded in binary format

.pfx .p12 file extensions

Generally used for Windows servers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

P7B Characteristics

A

Encoded in text (ASCII Base64 format)

.p7b file extension

Generally used for Windows & Java Tomcat servers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

IPFIX

A

An IETF specification that defines how IP flow information is to be formatted and transferred from an exporter to a collector

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Order of Volatility

A

Cache memory -> RAM -> Swap/Pagefile -> Temporary files -> Disk files -> Archival media

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Operational Control Examples

A

Data backups
Configuration management
Awareness programs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Preventative Control Examples

A

Security Guards
System hardening
Separation of duties

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Detective Control Examples

A

Log monitoring
Security audits
CCTV
IDS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Corrective Control Examples

A

IPS
Backups & system recovery
Alternate site
Fire suppression system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Compensating Control Examples

A

Backup power system
Sandboxing
Temporary port blocking
Temporary service disablement

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

CIS (Simplified)

A

Center for Internet Security:

Configuration guidelines for hardening

17
Q

ISO/IEC 27001

A

Basic procedure for cybersecurity (international standard) - focused on establishing/maintaining info systems

18
Q

ISO/IEC 27002

A

International standard focused on information security controls
(to protect those systems)

19
Q

ISO/IEC 27701

A

Adding privacy to ISMS (privacy extension for ISO 27001)

Focuses on privacy data management

20
Q

ISO/IEC 31000

A

Attempt to create global risk management framework

A family of standards providing principles & guidelines for risk management

21
Q

SOC 2 Audits (SSAE 18)

A

System & Organization Controls:
Provides detailed information and assurance about a service organization’s security, availability, processing integrity, confidentiality and/or privacy controls, based on their compliance with the AICPA’s TSC (Trust Services Criteria)

22
Q

SOC 2 Audit Type I

A

Provides a snapshot of the organization’s control landscape in a specific point in time

23
Q

SOC 2 Audit Type II

A

Evaluates the effectiveness of controls over a period of time of at least six consecutive calendar months

24
Q

CSA

A

Cloud Security Alliance:

A nonprofit organization promoting best security practices related to cloud computing environments

25
Q

CSA: CCM

A

Cloud Security Alliance: Cloud Control Matrix

Designed to provide fundamental security principles to guide cloud vendors and to assist prospective cloud customers in assessing the overall security risk of a cloud provider

Cloud-specific security controls
Controls are mapped to standards/best practices/regulations

26
Q

CSA: Reference Architecture

A

Gives us the outline of what we want & build roadmap to meet needs

27
Q

NIST RMF

A

Risk Management Framework:
Integrates security/risk management into the system development life cycle

Prepare, Categorize, Select, Implement, Assess, Authorize, Monitor

28
Q

NIST CSF

A

Cybersecurity Framework:
Standards/best practices to help manage cybersecurity risks

Identify, protect, detect, respond, recover

29
Q

USB OTG

A

USB On-the-Go:
Allows USB devices (phones/tablets/etc) to act as a host, allowing other USB devices (flash drives/cameras/mouse/keyboard) to be attached to them.

One is host, one is peripheral

30
Q

CCMP (Counter-mode/CBC-MAC Protocol)

A

Employs 128-bit keys and a 48-bit initialization vector that minimizes vulnerability to replay attacks

The Counter Mode component provides data privacy

The Cipher Block Chaining Message Authentication Code component provides data integrity and authentication

31
Q

NAT Gateway

A

Allows systems to connect to another network without being directly exposed to it

32
Q

Opal (FDE/SED)

A

A set of specifications for features of data storage devices that enhance their security

Defines a way of encrypting the stored data so that an unauthorized person who gains possession of the device cannot see the data

33
Q

EDR

A

Endpoint Detection & Response:

Monitor and collect activity data from endpoints that could indicate a threat

Analyze this data to identify threat patterns

Automatically respond to identified threats to remove or contain them, and notify security personnel

Forensics and analysis tools to research identified threats and search for suspicious activities

34
Q

FISMA

A

Federal Information Security Management Act:
A US federal law that defines a comprehensive framework to protect government information, operations, and assets against natural or human-made threats.

Requires that government agencies and other organizations that operate systems on behalf of government agencies comply with security standards.

35
Q

PtH (Pass the Hash)

A

The process of harvesting an account’s cached credentials when the user logs into a SSO system.
(The cached credentials are in hash form)

36
Q

Heuristic vs. Behavioral Detection

A
Behavioral Detection (AKA: Statistical or Profile-based):
The engine is trained to recognize baseline traffic or expected events associated with a user account or network device. Anything that deviates from this baseline (outside a defined level of tolerance) generates an alert

Heuristic Detection:
Determines whether several observed data points constitute an indicator and whether related indicators make up an incident depending on a good understanding of the relationship between the observed indicators