1
Q
IEEE 802.1X
A
Standard for network access control that authenticates devices before they can access a network, typically using an authentication server like RADIUS.
2
Q
Which technique would provide the largest increase in security on a network with ICS, SCADA, or IoT devices?
A
User and entity behavior analytics, as these devices often can’t run traditional security tools
3
Q
SDN Layers
A
Application Layer - focuses on the communication resource requests or information about the network
Control Layer - uses the information from applications to decide how to route a data packet on the network and to make decisions about how traffic should be prioritized, how it should be secured, and where it should be forwarded to
Infrastructure Layer - contains the physical networking devices that receive information from the control layer about where to move the data and then perform those movements
Management Plane - monitor traffic conditions, the status of the network, and allows network admins to oversee the network and gain insight into its operations
4
Q
Blind SQL Injection
A
Attack that asks the database true or false questions and determines the answer based on the applications response. This attack is often used when the web application is configured to show generic error messages, but has not mitigated the code that is vulnerable to SQL injection.
External vulnerability scans typically cannot confirm if a server is vulnerable to this
5
Q
What does a SNMP “no response” indicate?
A
Could be several things based on how SNMP doesn’t send error messages:
Unreachable
Target machines are not running SNMP servers
The community string being used is invalid
6
Q
Attestation Services
A
Used to ensure the integrity of the computer’s startup and runtime operations
Hardware-based attestation is designed to protect against threats and malicious code that could be loaded before the OS is loaded
7
Q
SDLC Waterfall Method
A
Planning
Requirements Analysis
Design
Implementation
Testing
Deployment
Maintenance
8
Q
RITA
A
Real Intelligence Threat Analytics
Tool used for analyzing network traffic logs to detect anomalies, such as beaconing or C2 activity, often used in malware infections
9
Q
TCO
A
Total cost of ownership
Associated cost of an asset including acquisition costs and maintance/operational costs over its lifespan
10
Q
XML Gateway
A
Application layer firewall specifically to monitor XML formatted messages as they enter or leave a network or system
Used for inbound pattern detection and prevention of outbound data leaks
11
Q
Certificate Stapling
A
Allows a webserver to perform certificate status checking instead of having the browser perform the checking. The web server checks the status of a certificate and provides the browser with the digitally signed response from the OCSP responder. Much faster than using individual queries to the CA using OCSP.
12
Q
OCSP
A
Online Certificate Status Protocol
Allows clients to request the status of a digital certificate and to check whether it is revoked.
13
Q
Certificate Pinning
A
Deprecated method of trusting digital certificates that bypasses the CA hierarchy and chain of trust to minimize on-path attacks
14
Q
FPGA
A
Field Programmable Gate Array
Type of processor that can be programmed to perform a specific function by a customer rather than at the time of manufacture, for the customer’s specific use case or application
15
Q
ASIC
A
Application-Specific Integrated Circuit
Type of processor designed to perform a specific function; expensive to design and only work for a single application or function
16
Q
QoS
A
Quality of Service
Set of technologies that work on a network to guarantee its ability to run high-priority applications and traffic dependably
17
Q
Pre-Boot Authentication (PBA)
A
Ensures self encrypting drives (SEDs) require user authentication before allowing access to the drive, effectively protecting the data even if the device is stolen.
18
Q
Cipher Mismatch Error
A
Generated by a modern web browser if an old or deprecated cipher suite is being requested for use by the webserver
Can also occur if the client is using an older OS that doesn’t support a more modern cipher suite
19
Q
Vertical Scaling
A
Allows additional resources to be added to an individual system, such as adding processors, memory, and storage to an existing server
20
Q
Horizontal Scaling
A
Adding servers to help process the same workload
21
Q
Autoscaling
A
The ability to expand and contract the performance of workloads based on policies with specific maximum and minimum capacity specifications
22
Q
Clustering
A
Allows multiple redundant processing nodes that share data to accept connections; the cluster appears to be a single server to the clients but provides additional levels of redundancy and resiliency.
23
Q
BeEF
A
Browser Exploitation Framework
Penetration testing tool included with Kali Linux that focuses on web browsers. Can be used for XSS and injection attacks against a website.
24
Q
Netcat
A
Open-source networking utility for debugging and investigating the network, and can be used to create TCP/UDP connections and investigate them
25
Nikto
Open-source web server scanner that searches for potentially harmful files, checks for outdated web server software, and looks for problems with some web server software versions
26
Androzer
Security testing framework for Android apps and devices
27
What is the likelihood of a port scan being conducted against a DMZ, and why?
High - the DMZ would contain systems and servers exposed to the internet, so would likely be constantly scanned by potential attackers performing recon
28
Legal Hold
Process an organization uses to preserve all forms of relevant information when litigation is reasonably anticipated
29
Discovery
Formal process of exchanging information between parties about the witnesses and evidence they will present at trial
30
Self-Signed Certificate
Certificate generated independently of a certificate authority and is considered not trustworthy
31
Key Stretching
Used to make a possibly weak key, typically a password or passphrase, more secure against brute-force attacks by increasing the resources it takes to test each possible key
32
Best practices of firewall configurations state that you should include ___ at the end of your ACL rules
Implicit Deny
This will ensure anything not specifically allowed in the rules above is blocked
33
XSS
Cross-Site Scripting
Enables attackers to inject client-side scripts into web pages viewed by other users
34
CSRF
Cross-Site Request Forgery
Malicious exploit of a website where unauthorized commands are transmitted from a user that the web application trusts
35
ISAKMP
Used to set up secure connections and perform key exchanges
36
TKIP
Encryption protocol included as part of the IEEE 802.11i standard for WLANs
37
Port Security
AKA Persistent MAC Learning or Sticky MAC
Security feature that enables an interface to retain dynamically learned MAC addresses when the switch is restarted or the interface goes down and is brought back online
Can be used to prevent someone from unplugging their office computer and connecting their laptop to the network jack without permission
38
Unquoted Service Path Vulnerability
If a service is created with an executable path that contains spaces and is not enclosed within quotes
If this condition exists, it would handle the space as a break and pass the rest of the service path as an argument. If the service involved has SYSTEM privileges, an attacker could exploit this vulnerability and gain SYSTEM level access
39
Border Gateway Protocol (BGP)
Used to route data between autonomous systems (AS)
If the AS number is misconfigured, BGP routing issues can occur
40
Autonomous System (AS)
A collection of networks within the same administrative domain
41
ChaCha
Modern and efficient symmetric stream cipher that uses a 128-bit or 256-bit encryption key
Widely used in combination with the Poly1305 hashing algorithm in the TLS implementation of the Chrome browser and Android OS
42
RC4
Stream cipher that was used in WEP and many SSL/TLS implementations
Considered extremely vulnerable to attack and should not be used in modern applications
43
AES
Current standard for the US Federal Government's symmetric block encryption cipher
Can use 128, 192, or 256 bit keys with a 128-bit block size
44
3DES
Was built as a temporary replacement for the older DES algorithm
Utilizes 3 different 56-bit encryption keys in an encrypt-decrypt-encrypt workflow to effectively increase the security of the weaker DES algorithm
45
XSD
XML Schema Definition
Enables developers to define the structure and data types for XML documents, and the format expected by the application
46
Risk Transference
Assigning risk to a third party (such as an insurance company or a contract with a supplier that defines liabilities)
47
Risk Avoidance
The company stops doing an activity that is risk-bearing
48
RADIUS
Remote Authentication Dial-In User Service
Used to manage remote and wireless authentication infrastructure. Users supply authentication information to RADIUS client devices, like WAPs, which then pass the authentication data to a AAA server that processes the request
49
Secure Boot
Feature of UEFI that prevents unwanted processes from executing during the boot operation by checking a list of digital certificates from valid OS vendors before the system booting up
50
Software Provenance
Verifying the origin, authenticity, and integrity of software
51
Recovery Service Level
Minimum acceptable amount of services that must be restored for a given system to consider it recovered
52
External Target
Asset that can be accessed from outside the organization
53
Internal Target
Assets can be accessed from within the organization
54
GLBA
Gramm-Leach-Bliley Act
United States federal law that requires financial institutions to explain how they share and protect their customers' private information
55
SOX
Sarbanes-Oxley
United States federal law that mandates certain practices in financial record keeping and reporting for corporations.
56
FERPA
Family Educational Rights and Privacy Act
United States federal law that governs the access to educational information and records by public entities such as potential employers, publicly funded educational institutions, and foreign governments
57
Risk Tolerance
Specific amount or level of risk that an organization is willing to accept or bear
58
Risk Appetite
Overall amount of risk an organization is willing to pursue or retain in order to achieve its objectives.
Broader in nature and less specific than risk tolerance
59
SDN Overlay
Allows the use of software to create and manage new virtual networks which leverage your existing hardware
60
LACP
Link Aggregation Control Protocol
Provides a method to control the bonding of several physical ports to form a single logical channel
61
LLDP
Link Layer Discovery Protocol
Vendor-neutral link layer protocol used by network devices for advertising their identity, capabilities, and neighbors on an IEEE 802 LAN, principally wired ethernet
62
L2TP
Layer 2 Tunneling Protocol
Tunneling protocol used to support VPNs or as part of the delivery of services by ISPs
63
Hex Code for the @ symbol
%40
64
Which analysis framework makes no allowance for an adversary retreat in its analysis?
Lockheed Martin Cyber Kill Chain
Implicitly assumes a unidirectional workflow; therefore, it fails to consider that an adversary may retreat during an attack
65
HSM vs TPM
Hardware Security Module purpose built for managing cryptographic keys with hardware-based security and compliance capabilities
Trusted Platform Modules are typically embedded in devices and lack the scalability and performance required for enterprise-level key management
66
Secure Enclaves
Designed for isolating sensitive computations
67
Passive vs Active Information Gathering
Passive consists of gathering open-source or publicly available information without the target being aware that the information has been accessed
Active information gathering starts to probe the organization using DNS enumeration, port scanning, and OS fingerprinting techniques
68
If you want to sanitize or destroy data while ensuring computers will remain usable, what method should you use?
Wiping
Uses a software tool to overwrite the data on a hard drive to destroy all electronic data. May be performed with 1x, 7x, or 35x overwriting
69
Chained Exploit
Integrates more than one form of attack to accomplish their goal
Example- writing to a temporary file, netcat usage, and FTP usage
70
SNMP Community String
Used by SNMP as a basic authentication mechanism before allowing you to access a network device's statistics
71
Cyber Kill Chain
Threat modeling framework that breaks down the steps an attacker must go through to complete an attack
Reconnaissance
Weaponization
Delivery
Exploitation
Installation
Command and Control
Actions on Objectives
72
Continuous Deployment
Software development method in which app and platform updates are committed to production rapidly
Release into Prod is automated
73
Continuous Delivery
Software development method in which app and platform requirements are frequently tested and validated for immediate availability
Human is still required to approve the release into Prod
74
Continuous Integration
Software development method that automates the build and testing of code changes whenever they are committed to a repository
75
When testing if a site is susceptible to SQL injection, what is the first character that you should attempt to use in breaking a valid SQL request?
Single quote
The single quote character (') is the character limiter in SQL. With a single quote,' you delimit strings, and therefore you can test whether the programmer has properly escaped the strings in the targeted application. If not escaped directly, you can end any string supplied to the application and add other SQL code after it. This is a common technique for SQL injections.
76
Adversarial Attack
Involves subtly altering input data, such as adding noise or modifying images, to cause an AI model to produce incorrect outputs.
Exploits weaknesses in the model's interpretation of input data without directly tampering with the model
77
SCA Tool
Software Composition Analysis
Ensures that vulnerabilities in third-party libraries are identified and addressed early
78
To break into a network that uses NAC, what is a popular NAC bypass attack?
Spoof the MAC or IP address of a printer or VOIP device since they cannot natively participate in NAC and are often allow listed by administrators
79
Three-Tiered Data Center Network Architecture
Core Layer - backbone used to merge geographically separated networks back into one logical and cohesive unit
Distribution/Aggregation Layer - Provides boundary definition by implementing access lists and filters to define the policies for the network at large
Access/Edge Layer - Used to connect all the endpoint devices
80
SASE Framework
Secure Access Service Edge
Route all user traffic through cloud-based security services, such as SWG or CASB, ensuring consistent monitoring and policy enforcement
81
Tradeoff Analysis
Compares potential benefits to potential risks and determines a course of action based on adjusting factors that contribute to each area
82
Formal Methods of Verification
Use a mathematical model of the inputs and outputs of a system to prove that the system works as specified in all cases
Designed for use in critical software in which corner cases must be eliminated
83
Which cryptographic algorithm uses a smaller key size while providing equivalent levels of protection to larger keys?
ECC - Elliptic Curve Cryptography
Heavily used in mobile devices and low-powered device encryption
84
Cryptographic Erase
Erases the media encryption key and then reimages the drive
85
Secure Erase
Used to sanitize flash-based devices (SSDs or USBs) when cryptographic erase is not available
86
CPU Security Extensions
Provide hardware-based features such as memory encryption and enhanced isolation for virtual machines, ensuring secure operation in virtualized environments.
87
AEAD
Authenticated Encryption with Associated Data
Form of encryption that provides confidentiality of the plaintext, a way to check its integrity, and a method of verifying its authenticity
88
Digital Markets Act (DMA)
EU regulation aimed at ensuring fair competition in the digital marketplace
Imposes specific obligations on large online platforms designated as "gatekeepers" to prevent monopolistic practices and protect consumer and business interests
89
What would allow Dion Training to store their data in two data centers located in different states?
Region - collection of data centers located within a specific geographic area
90
Server Affinity
Aka sticky sessions
Ensures that a user's session is consistently routed to the same server
91
Shibboleth
Standards-based, open-source software package for SSO across or within organizational boundaries on the web
92
On a vulnerability scan, items classified by the system as Low or For Informational Purposes Only may be indicators of ___
False positives that can be ignored
93
DNS Brute-Force Attack
Recon technique where attacker sends a high volume of DNS queries using a list of common subdomain names with the intent of discovering valid, potentially hidden subdomains and map out the target's network infrastructure
Typically bypasses IDS/IPS systems that do not alert on DNS queries
94
IdP
Identity Provider
Authenticates and provides identity information for users to other services
Manages digital identities and is often used for SSO in cloud computing
95
SP
Service Provider
96
MOU
Memorandum of Understanding
Used as a preliminary or exploratory agreement to express the intent for two companies to work together
97
ISA
Interconnection Security Agreement
Governs the relationship between any federal agency and a third party interconnecting their systems
98
General Purpose/Domain Validation (DV) Digital Certificates
Prove the ownership of a particular domain by responding to an email to the authorized domain contact or by publishing a text record to the domain's DNS records
99
Extended Validation (EV) Digital Certificates
Process that requires more rigorous checks on the subject's legal identity and control over the domain or software being signed
Major drawback- cannot be issued for a wildcard domain
100
Multidomain Certificate
Single SSL/TLS certificate that can be used to secure multiple, different domain names (ie diontraining.com and yourcyberpath.com)
101
Regression Testing
Ensures that recent changes or updates do not introduce new issues or break existing functionality, including security features
102
Canary Testing
Validates changes in a limited environment
103
Unit Testing
Focuses on individual components rather than overall system stability
104
Enforcing token-based authentication for all API requests ___
Aligns with Zero Trust principles of verifying every request and minimizing trust assumptions
105
Vendor Lockout
Occurs when a vendor's product is developed in a way that makes it inoperable with other products, the ability to integrate it with other vendor products is not a feasible option or does not exist
106
Vendor Lock-In
Occurs when a customer is dependent on a vendor for products or services because switching is either impossible or would result in substantial complexity and costs.
107
In the event of a breach of PCI DSS data, which type of disclosure would you be required to provide during your incident response efforts?
Notification to your credit card processor
108
In a Zero Trust architecture, what is the primary goal of defining subject-object relationships?
Specifying which users (subjects) can access specific resources (objects) and under what conditions.
This ensures granular access control, aligning with Zero Trust principles.
109
What category of technical impact would a third party performing recon by querying your WHOIS data be classified as?
Low - WHOIS data about the organization's domain name is publicly available, and your company gets to decide what information is published in the WHOIS data.
110
Ladder Logic
Graphical, flowchart-like programming language used to program the special sequential control sequences used by a programmable logic controller (PLC)
111
Which analysis framework provides a graphical depiction of the attacker's approach relative to a kill chain?
Diamond Model of Intrusion Analysis
112
What is the most significant risk to an organization when using AI-enabled digital assistants?
Access control misconfiguration, allowing unauthorized access to corporate systems
113
Linting Tools
Analyze source code during development to enforce coding standards and detect issues such as poor coding practices and potential vulnerabilities
114
SAST
Static Application Security Testing
Analyzes source code early in the development lifecycle, allowing the team to detect and fix security vulnerabilities before the application is compiled or deployed
115
DAST
Dynamic Application Security Testing
Testing the code as it runs after it is operational
116
To reduce interruptions to VPN due to network instability, what can be configured?
Dynamic failover using multiple VPN gateways
If one gateway fails or becomes unstable, traffic is automatically rerouted to a backup gateway, ensuring continuous connectivity
117
What IAM control relies upon using a certificate-based authentication mechanism?
Smart Card
Contains a digital certificate embedded within that is presented to the system when it is inserted into the smart card reader
118
Regex Parentheses vs Square Brackets
Parentheses match the full string
Square brackets match on any character listed within
119
Social Engineering Leveraging AI-Based Customization
AI used to analyze publicly available info and create highly personalized phishing messages
120
HTML encoding is typically used as part of ___
XSS, UNLESS you see SQL or XML statements in the string
121
RPO
Recovery Point Objective
Defines maximum amount of data that can be lost without irreparable harm to the operation of the business
122
RTO
Recovery Time Objective
Defines maximum amount of time that performing a recovery can take and the service can be offline
123
Generating digital signatures for each purchase order made by customers ensures ___
Non-repudiation
124
Risk Management Lifecycle - Identify
Used to inventory assets and for the identification of all risk items in an organization
125
Risk Management Lifecycle - Assess
Used to analyze identified risks to determine their associated level of risk before any mitigations or controls are implemented
126
Risk Management Lifecycle - Control
Used to identify effective methods for risk reduction
127
Risk Management Lifecycle - Review
Used to periodically re-evaluate the risks in an organization by determining if the risk level has changed and identified controls are still effective
128
UEBA
User and Entity Behavior Analytics
Application or appliance that identifies anomalous or malicious behavior by using machine learning and statistical analysis to identify deviations from normally established baselines and patterns of activity
129
TACACS+
Terminal Access Controller Access Control System
Proprietary authentication protocol developed by Cisco to provide authentication, authorization, and accounting services
130
CHAP
Challenge-Handshake Authentication Protocol
Used to authenticate a user or network host to an authenticating entity. Does not provide authorization or accounting services
131
EAP
Extensible Authentication Protocol
Framework in a series of protocols that allows for numerous different authentication mechanisms, including passwords, digital certificates, and PKI
132
MS-CHAP v2
Microsoft Challenge Handshake Authentication Protocol version 2
Password-based authentication protocol that is widely used as an authentication method in Point to Point Tunneling Protocol based VPNs and can be used with EAP
133
Private Function Evaluation (PFE)
Feature of homomorphic encryption that allows two parties to jointly evaluate a private function without revealing their respective inputs
134
Secure Function Evaluation (SFE)
Feature of homomorphic encryption that allows two parties to jointly evaluate a publicly known function without revealing their respective inputs
135
Private Information Retrieval (PIR)
Cryptographic protocol that allows a user to retrieve an item from a database without revealing which item is retrieved to the database owner
136
Secure Multi-Party Computation
Feature of homomorphic encryption that allows two parties to jointly compute a function over their inputs while keeping those inputs private
137
Model Inversion Attack
Attempt to reverse-engineer an AI model to extract sensitive information from its training data
138
Out-of-Band Deployment
Enables IDS to monitor traffic passively without affecting the flow of legitimate business traffic
139
Inline Deployment
Characteristic of an IPS, actively blocks traffic
140
Measured Boot
Log of all boot actions is taken and stored in a TPM for later retrieval and analysis by anti-malware software on a remote server
141
Master Boot Record Analysis
Used to capture the hard disk's required information to support a forensic investigation
142
Startup Control
Used to determine which programs will be loaded when the OS is initially booted
143
PAP
Password Authentication Protocol
Password-based authentication protocol used by Point to Point Protocol to validate users
144
SNMP
Simple Network Management Protocol
Commonly used to gather information from routers, switches, and other network devices
Provides info about device status, including CPU and memory utilization, and many other useful details about the device
145
CWPP
Cloud Workload Protection Platform
Secures cloud workloads by providing visibility, runtime protection, and threat detection across containers, VMs, and serverless environments
146
Model Denial of Service
Overwhelms AI system with excessive requests or computational tasks, rendering it unable to process legitimate inputs effectively
147
Prompt Injection
Feeding malicious input to manipulate the AI model's output
148
Disassembly
Converting executable code into a human-readable format to understand its logic and functionality
149
___ relies on mutual authentication of the client and the server for its security
LDAPS
150
In a Windows environment, to locate domain controllers, what command might we use to query specific protocols?
Use nslookup to search for Kerberos and LDAP-based protocols on the target domain
151
YARA
Rule based language used for creating patterns or signatures that help in identifying malware based on specific attributes, such as file contents, strings, or behaviors
Designed for scanning files and directories to detect known threats
152
What cloud function could inadvertently cause a data breach caused by data remnants?
Rapid Elasticity
When a cloud resource is deprovisioned and returned to the CSP, it can be issued to another organization for use. If the data was not properly erased from the underlying storage, it could be exposed to the other organization
All cloud-based drives should be encrypted by default to prevent this
153
Data Historian
Type of software that aggregates and catalogs data from multiple sources within an ICS's control loop.
Acts like a SIEM for ICS/SCADA systems.
154
If a template is used for certificate enrollment, but results in a "cannot enroll for this type of certificate" or "operation failed" error, what is most likely the issue?
Template's permissions are misconfigured- incorrect permissions error
155
Parameterized Query
Aka prepared statement
A means of pre-compiling a SQL statement so that all you need to supply are the variables that need to be inserted into the statement for it to be executed
Commonly used as a means of preventing SQL injection attacks
156
Common VLAN hopping method
Poison/Overflow the MAC table on a vulnerable switch
When this occurs, the switch defaults to operating as a hub and repeats all frames being received through all of its ports. This "Fail Open" method ensures the network can continue to operate, but is a security risk that can be exploited by the penetration tester
157
Full Interruption Test
Used to take the primary site offline and shift operations to the alternate site
158
Parallel Test
Occurs when the alternative site is brought online as if a real disaster occurred, but the primary site is not taken offline or affected
159
Availability vs Reliability
Availability - operate as expected at any time
Reliability - measure the ability of a system to perform without error or to avoid, detect, and/or repair component or integrity features
160
Buffer overflows are most easily detected by conducting ___
Static code analysis
161
ECDSA
Elliptic-Curve Digital Signature Algorithm
Asymmetric algorithm that utilizes the properties of elliptic curves to provide comparable levels of protection as RSA with a much smaller key size
162
Connection String Parameter Pollution (CSPP)
Exploits the semicolon-delimited database connection strings that are constructed dynamically based on user inputs from web applications.
If carried out successfully, can be used to steal user identities and hijack web credentials.
Often used as part of exploit chaining
163
Triple-Homed Firewall
Connects to three networks:
Internal (Private)
External (Internet/Public)
Screened Subnet (aka DMZ)
164
Application-Aware Firewall
Can make decisions about what applications are allowed or blocked by a firewall, as opposed to simply using IP addresses and port numbers, by inspecting the data within the packets
165
Stateless Packet Inspection Firewall
Allows or denies packets into the network based on the source/destination IP address or the traffic type
166
Stateful Packet Inspection Firewall
Monitors the active sessions and connections on a network; takes into consideration existing ACL rules as well as the information gathered regarding active connections
167
Neither stateless or stateful inspection firewalls operate at layer 6 or 7, so ___
They cannot inspect the contents of packets to ensure it contains the correct traffic type
168
Secure Attribute on Cookie
Prevents an attacker from stealing tokens stored in cookies by only sending it over a secure channel, protecting its confidentiality.
169
Integration Testing
Evaluates how different components of an application work together; ensures new changes do not introduce issues when modules interact
170
SAML
Facilitates SSO by allowing authentication and authorization data to be securely exchanged between an IdP and a SP
171
RPs
Relying Parties
Provide services to members of a federation
172
NAT Gateway
Allows private subnets in a VPC access to the internet. Can use NAT gateway so that instances in a private subnet can connect to services outside your VPC but external services cannot initiate a connection with those instances
173
Hybrid SDN
Uses a combination of traditional and software-defined networks in the same environment to achive its objectives
174
Open SDN
Uses open standards and open-source software as a strategy to reduce the risks of vendor lock-in
175
MSA
Master Service Agreement
Contract reached between parties in which they agree to most of the terms that will govern future transactions or future agreements
176
Data Zone
Describe the state and location of data to help isolate and protect it from unauthorized/inappropriate use within a data lake
177
Availability Zone
Physical or logical data center within a single region
178
VPC/Vnet
Virtual Private Cloud/Virtual Network
Allows for the creation of cloud resources within a private network that parallels the functionality of the same resources in a traditional, privately operated data center
179
Checklist Test
Uses a copy of the BCP/DRP to review and provide comments, updates, or changes to the plan during a periodic update
180
During the development of a mobile banking application, the development team is debating a security vs. usability trade-off. The team must choose between implementing a strict password policy and allowing users to authenticate using biometric data such as fingerprints. Which best addresses this trade-off?
Use biometrics with strong passwords for recovery
Let users choose between passwords or biometrics
Option 1- Use biometrics with strong passwords for recovery
Letting users choose may reduce security, as users often choose convenience over protection
181
Mobile Site
Data center in a container or trailer that can be rapidly deployed to a given location
Best categorized as a mixture of a cold site and a warm site which can also be relocated when needed
182
Credential Stuffing
Automated injection of breached username/password pairs to gain user accounts access fraudulently
Automatically entered into websites until they are potentially matched to an existing account
183
Mandatory Access Control (MAC)
Requires all access to be predefined based on system classification, configuration, and authentication. Commonly used in highly centralized environments and usually relies on a series of labels, such as data classification labels
Provides strongest level of protection when compared to DAC, RBAC, etc
184
SAML transactions use ___ for standardized communication between IdPs and SPs
XML
185
How does RADIUS work? What port number does it run on?
Utilizes an obfuscated password created from the shared secret and creates an MD5 hash of the authentication request to protect communications
Runs on Port 1812
186
Configuration Drift
Occurs when changes are applied inconsistently across network devices, leading to performance issues
187
%3A
Hex-code for :
188
If you see pws=0 in a Google search URL, what does this indicate?
Personalization is turned off
189
Traffic Shaping
Aka packet shaping
Manipulation and prioritization of network traffic to reduce the impact of heavy users or machines from affecting other users
Used to optimize or guarantee performance, improve latency, or increase usable bandwidth for some kinds of packets by delaying other kinds.
190
UTM
Unified Threat Management
Will protect from most things using a single device- includes antivirus, network defense, etc
191
A system administrator is troubleshooting a SSO issue where a user successfully logs into the identity provider (IdP) but cannot access an application integrated with SSO. The user receives an "unauthorized" error from the application. What is the most likely cause of this issue?
The application does not trust the identity provider's assertion
192
XCCDF
Extensible Configuration Checklist Description Format
Language that is used in creating checklists for reporting results in a standardized fashion
193
SCAP
Security Content Automation Protocol
Multi-purpose framework of specifications supporting automated configuration, vulnerability and patch checking, technical control compliance activities, and security measurement
194
FIM
File Integrity Monitoring
Type of software that reviews system files to ensure that they have not been tampered with
195
Which cloud computing concept allows users to store files on a cloud-based serverwhen necessary and copy that data from the cloud, and put it back on the device when space once again becomes available on the device?
On-Demand
196
sc.exe
Control services, including terminating them
197
wmic
Windows Management Instrumentation
Used to query and manage system information. Powerful tool for scripting tasks like getting system details, managing processes, etc
198
services.msc
Windows Services console
Used to view, manage, start, stop and configure all system and third party services
199
secpol.msc
Local Security Policy Editor
Used for configuring local computer security settings like password policies, user rights, and firewall rules
200
Default file name for Apache logs
access_log
201
You just finished conducting a remote scan of a class C network block using the following command "nmap -sS 202.15.73.0/24". The results only showed a single web server. What technique would allow you to gather additional network information?
Perform on-site scan
If the organization's network is set up correctly, scanning from off-site will be much more difficult as many of the devices will be hidden behind the firewall. By conducting an on-site scan, you can conduct the scan from behind the firewall and receive more detailed information on the various servers and services running on the internal network.
202
Insecure Deserialization Vulnerability
Threat actor creates a fictitious object, serializes it, and sends it through an API for execution
203
___ can result in unintended VLAN communications
Misconfigured switch ports
204
Layer 7 Firewall
Operates at application layer, and can be configured to log all of the details for data entering and leaving the DMZ or screened subnet
205
SDN - Application Layer
Focuses on the communication resource requests or information about the network
206
SDN - Control Layer
Uses the information from applications to decide how to route a data packet on the network and to make decisions about how traffic should be prioritized, how it should be secured, and where it should be forwarded to
207
SDN - Infrastructure Layer
Contains the physical networking devices that receive information from the control layer about where to move the data and then perform those movements
208
SDN - Management Plane
Used to monitor traffic conditions, the status of the network, and allows network administrators to oversee the network and gain insight into its operations
209
A penetration tester is using a known vulnerability to compromise an Apache webserver. After they gain access to the webserver, what is their next step to pivot to a protected system outside of the screened subnet?
Privilege Escalation
Apache web servers are run as a limited user by default, not as an administrative or root account. To be efficient and effective, the penetration tester should attempt to conduct a privilege escalation before pivoting into the screened subnet.
210
What phase of the software development lifecycle is sometimes known as the acceptance, installation, and deployment phase?
Training and transition
211
You are preparing for the exploitation of an organization's systems as part of a penetration test. During your research, you determined that the organization is using application containers for each of its websites. You believe that these containers are all hosted on the same physical underlying server. Which components should you attempt to exploit to gain access to all of the websites at once?
Common Libraries
If you can exploit the common libraries, you will gain access to every website on that server, even if they are in an application container.
212
Sponsored authentication of guest wireless devices requires ___
A guest user to provide valid identification when registering their wireless device for user on the network
213
Clearing
Applies logical techniques to sanitize data in all user-addressable storage locations for protection against simple non-invasive data recovery techniques.
Involves overwriting data 1 or more times with repetitive data or resetting a device to factory settings
214
A system administrator wants to verify that external IP addresses cannot collect software versioning from servers on the network. What tool can be used to confirm the network is protected, and why?
A packet capture tool like Wireshark can help administrators determine what kind of information and metadata is contained within packets.
215
Dion Training allows its visiting business partners from CompTIA to use an available Ethernet port in their conference room to establish a VPN connection back to the CompTIA internal network. The CompTIA employees should obtain internet access from the Ethernet port in the conference room, but nowhere else in the building. Additionally, if any of the Dion Training employees use the same Ethernet port in the conference room, they should access Dion Training's secure internal network. Which technology would allow you to configure this port and support both requirements?
Implement NAC
216
Dion Training is creating a new mobile application and needs to select an appropriate encryption algorithm to protect the user’s data transmitted by the app to the company’s remote servers. The company wants to choose an asymmetric encryption algorithm that supports fast key agreements and provides extremely high levels of security using only a 384-bit key. Which encryption algorithm should be selected to meet these requirements?
ECC
Allows smaller key sizes compared to non-elliptic curve cryptography methods while still providing the equivalent level of security. ECC is heavily used in mobile devices and low-powered device encryption. For example, the P384 curve uses a 384-bit key and is approved for the encryption of data up to the Top Secret level by the National Security Agency.
217
SecurityX
flashcards
Decks in class (25)
# Cards
-
Governance28
-
Risk Management19
-
Compliance33
-
Resilient System Design45
-
Secure Architecture Design16
-
Security in Systems38
-
Access, Authentication, Authorization5
-
Hardware Security7
-
PKI Architecture39
-
Troubleshooting IAM15
-
Troubleshooting Network Infrastructure26
-
Cloud Security31
-
Specialized System Security9
-
Automated Security Operations7
-
Integrated Security and Automation16
-
Artificial Intelligence17
-
Vulnerabilities and Attacks26
-
Detection and Mitigation7
-
Threat Modeling Considerations5
-
Threat Modeling Frameworks15
-
Attack Surface Determination11
-
Indication Analysis19
-
REVIEW217
-
Cryptographic Types13
-
802.1x and Authentication Protocols9
