Security + Flashcards by Thomas Eyre

-Social engineering/spoofing
-done by email, text etc, URL
-can spot by spelling, fonts, graphics

Vishing
Phishing
Impersonation
Spear fishing

Phishing

How well did you know this?

Not at all

Perfectly

Ñame 2 types of typosquatting

URL hijacking- https://professor messier.com instead of messer

Prepending- https://pprofessor messer.com

Guy squatting with a gun held up to someone to change a URL

How well did you know this?

Not at all

Perfectly

“Hi we’re calling from Visa about an auto payment and need your credentials” is an example of what?”

Pretexting
Phishing
Impersonation
Spear phishing

Pretexting, lying to get info

Wolf of Wall Street him teaching script scene

How well did you know this?

Not at all

Perfectly

Redirect a legit website to a bogus site, poisoned dns server or client vulnerabilities

Pharming

How well did you know this?

Not at all

Perfectly

Phishing is harvesting large groups of people

False, pharming
Phishing collects access credentials

How well did you know this?

Not at all

Perfectly

Anti malware is great for detecting pharming

False, everything appears legit to the user

How well did you know this?

Not at all

Perfectly

Type of phishing: Caller ID spoofing, fake security or bank updates, done over phone

Vishing

Fish on phone with fingers in v shape

How well did you know this?

Not at all

Perfectly

Type of phishing done by text, spoofing and forwards links to ask for personal information

Smishing

“Yeah we smushed”

How well did you know this?

Not at all

Perfectly

Gather information on a victim, digital footprint. Understands security posture and focuses on key systems

Reconnaissance

A renaissance knight with a scroll asking people questions

How well did you know this?

Not at all

Perfectly

An attacker builds this through social media, where you work, your bank, family/friends

Pretext

How well did you know this?

Not at all

Perfectly

Targeted phishing with inside information that includes whaling

Spear phishing

How well did you know this?

Not at all

Perfectly

Never click a link in an email, type it out to see if it is legit

True

How well did you know this?

Not at all

Perfectly

Attacker pretending to be someone, using details from reconnaissance, May pretend to be higher rank, May try to throw technical details or act like a buddy

Impersonation

When Donny Burger gives you a fake name you go with it!

How well did you know this?

Not at all

Perfectly

Seen with vishing
Victims don’t realize it is happening (hacking the human) Getting info from victim

Pretexting
Impersonation
Spoofing
Eliciting information

Eliciting information

An e ice cream cone that each time you press to lick, a new fact about you is presented

How well did you know this?

Not at all

Perfectly

Identity being used by someone not you. Includes: credit card, bank, lone and govt benefits fraud

Impersonation
Social engineering
Identity fraud
Pharming

Identity fraud

How well did you know this?

Not at all

Perfectly

Important information thrown out with the trash that can be gathered for an attack and is typically done at the end of the month

Dumpster diving

How well did you know this?

Not at all

Perfectly

Control I put by being aware of your surroundings, use privacy filters, keeping monitors away from windows and hallways are ways to prevent this

Shoulder surfing

How well did you know this?

Not at all

Perfectly

Blacks a screen unless you are sitting directly in front of a monitor

Privacy filter

How well did you know this?

Not at all

Perfectly

A threat that doesn’t actually exist, often through email and is attempting to get money but not through an electric means. Not a virus but can waste almost as much time

Computer hoax
Spoofing
Pharming
Dumpster diving

Computer Hoax

Stephen a bamboozled, run a muck

How well did you know this?

Not at all

Perfectly

Consider source, cross reference, spam filters and if it sounds too good to be true are ways to what?

De-hoaxing
Eliciting information
Adware
Rdns

De-hoaxing

Detective Hoch

How well did you know this?

Not at all

Perfectly

Determines which website the victim group to uses by infecting third party sites with site vulnerability/email attachments to infect all visitors who go to that site and gain access to your network

Watering hole attack

Ex. Infecting a site you know people visit so every time they visit then malicious JavaScript files are downloaded to your computer

How well did you know this?

Not at all

Perfectly

Defense in depth, firewalls and IPS, antivirus/anti malware signature updates are best methods to prevent what kind of attack?

Spraying
Watering hole
Man in the middle
Crypto malware

Watering hole attack

How well did you know this?

Not at all

Perfectly

Unsolicited messages by emails, forums etc by phishing attempts

Spam
Over IM is SPIM

How well did you know this?

Not at all

Perfectly

Used to identify spam,only receives email from trustee sender and SMTP blocks anything that doesn’t follow RFC standards

Allowed list
Recipient filtering
ACL
rDNS

Allowed list

How well did you know this?

Not at all

Perfectly

Used to identify spam, block email where the sender’s domain doesn’t match the ip address

rDNS, reverse DNS

Tarpitting blocks all email not addressed to a valid recipient email address Used to identify spam,

False, intentionally slow down the server conversation Recipient filtering will block all email not addressed to a valid recipient email address

An unsolicited email is stopped here and can be either onsite or cloud based

Mail gateway

Swaying public opinion on political and social issues, enabled through social media to amplify, used to divide and includes advertising Hacking the human Cyber warfare Hybrid warfare Hacking public opinion

Hacking public opinion Ex. Creating fake users to post about things until real users voice sane opinion and goes viral

Attack an entity with tech, influencing foreign elections, fake news Hacking public opinion Hybrid warfare Social engineering Cyber warfare

Cyber warfare

Militaries trying to influence people with the internet in order to have elected officials benefit them Cyber warfare Hybrid warfare Social engineering Hacking the human

Hybrid warfare

Tailgating

Using an authorized person to gain unauthorized access to a building.

Prevent this with policy for visitors, one scan per person, and man traps

Tailgating

Attacker sends a fake invoice to who pays the bills for a company

Invoice scam

Attacker collecting login password through your computer on web browsers, windows cred manager Theharvester Password file Credential harvesting Collisions

Credential harvesting

Name 4 social engineering principles

Authority Intimidation Consensus Scarcity Urgency Familiarity Trust

Social engineering principle that convinces based on what’s normally expected, “your co worker Jill did this last week for me” is familiarity/liking

False, Consensus/social proof

Social engineering principle, someone you know, we have common friends is Familiarity/liking

True

Social engineering May involve multiple organizations, may be in person or electronic

True

Malicious software, gathers your information through keystrokes, can turn computer into a zombie, trick you through advertising and can download virus/worms to encrypt your data

Malware

Name 4 types of malware

Virus Crypto malware Ransomware Worms Trojan horse Rootkit Keylogger Adware/spyware Botnet

A worm takes advantage of a vulnerability, then installs malicious software that includes a remote access back door and later installs a bot is how you get what harmful thing to your computer?

Malware process

Don’t click email links or web page pop ups Keep OS up to date Check applications publisher Prevents what? Malware Persistent XSS attack Non Persistent XSS attack Botnets

Malware

Malware that can reproduce itself through file systems or the network after you execute a program, can be invisible and spread from just running a program

Virus

This needs its signature file updated

Anti-virus

Program virus is OS and browser based

False, script virus Program virus is part of the application

Common virus in Microsoft office is boot sector virus

False, macro virus Boot sector is in your storage

What kind of virus infection process is this: 1. User clicks on malicious website link 2. Website exploits flash/Java/windows vulnerability 3. Launches power shell, downloads payload in RAM 4. Runs PS scripts, executables in memory, exfiltrates data, damage files 5. Adds an auto start to registry Server side forgery request Session hijacking Fileless virus Watering hole attack

Fileless virus

Malware that self replicated, you don’t have to do anything, self propagates and spreads quickly

Worms

Firewalls and IDS/IPS can get rid of worms

False, they can mitigate/prevent but can’t do much once the work is inside

This virus avoids anti virus detection by not downloading to a file, it operates in memory but is never installed in a file or application

Fileless virus

Attackers locking you out of your laptop and will let you back in if you pay

Ransomware

Malware encrypts your data files and you must pay attacker to get decryption key, untraceable payment system

Crypto malware

Have an offline backup Keep os/applications up to date by patching vulnerabilities and additional security Keep anti malware and antivirus signature up to date Prevent what attack? Ransomware Crypto malware Rootkit Botnets

Ransomware

Trojan horse

Software pretending to be something else to take over your computer

PUP (potentially Unwanted program)

This is identified by antivirus which shows potentially undesirable software and often installed with other software. Overly aggressive tool bar, back up utility that displays ads, browser search engine hijacker

Placed on computer through malware to avoid going through rigorous process. Other malware can get through this also. Some software even comes with this

Back door

Ultimate back door for administrative control of a device. Malware installs the server/service/host and connects with client software. Control a device with key logging, screen record, copy files, more malware embedded

RAT (Remote Access Control)

Don’t run unknown software Keep anti virus signature up to date Always have a back up Prevents against what? Watering hole attack Session hijacking RAT and Trojan Crypto ware

RAT and Trojan

Modifies core system files, can’t see in task manager/os/antivirus, takes over control of administrator functions

Rootkit

This rootkit malware is famous for cleaning out bank accounts combined with

Rootkit types, Zeus/zbot Necurs (kernel level driver) to not be able to delete zbot and have total control

Anti malware scans, use a remover specifically for this, secure boot for security in bios finds and removes what? RAM Rootkit Storage RAT

Rootkit

Computer is full of pop ups that cause performance issues. Can be installed accidentally but you need to be carful of software that claims it removes this Pup Crypto malware Adware Machine learning

Adware

Malware that monitors you and your surfing habits. Can capture keystrokes or trick you into installing fake security software Adware Key logger Malware Spyware

Spyware

Money for What you see, your computer time and bandwidth, and your bank account are reasons for these attacks

Adware and spyware

Maintain anti virus signature Always know what you are installing Having a backup Run scans (malware bytes) Protect against what? Fileless virus adware/spyware Rootkit Watering hole attack

Adware/spyware

A system admin has determined that a spoofed email originated in another country. Which of the following most likely provided this information? Netflow Syslog Metadata IPPFIX SFlow

Metadata - data that describes other data sources

HSM, DLP, jump server, Collector •access protected network from external connection •backup and manage certificates for all company web servers •gather stats for long term network monitoring •block network traffic with private info

•Jump server- access protected network from external connection •HSM- backup and manage certificates for all company web servers •Collector- gather stats for long term network monitoring •DLP-block network traffic with private info

Which describes best the time required to fix an issue during an outage? RTO MTTR EULA MTBF RPO

MTTR

Which would best transfer data to a siem? IPSec Syslog HTTPS Ssh SFTP

Syslog

Which of the following is best way to direct individuals through a specific area? Motion detection CCTV Bollard Protected distribution Industrial camouflage

Bollard- prevent access

Which would provide management of both mobile and non mobile devices? MDM MAM SNMP UEM HSM

UEM Unified endpoint management Evolution of MDM

Server admin at bank notices a decrease in number of visitors to its website. Research shows users being directed to a different ip address than the banks server. What attack is this? Disassociation DDOS Buffer Overflow DNS poisoning

Dns poisoning

Group of Infected computers that relay spam, proxy network traffic and computing tasks. Botnets can be rented is what kind of attack?

DDOS

Prevent initial infection with os/application patches, Update anti malware signature, identify infection with on demand scans/network monitoring Are ways to stop what? Man in the middle Botnets XSS attack SQL injection

Botnets

Block at firewall, identify at workstation with a host based firewall of host based IPS to prevent what?

Command and control (C&C)

Waits for a predefined event. Time/date or a used event will trigger this. Difficult to identify and disappear after it is done

Logic bomb

Have Formal change control to identify when a procedure is not followed, use electronic monitoring with alert for changes and HID’s, constant auditing with an admin authorizing and circumventing existing systems prevents what attack? Adware RAT Fileless Virus Logic bomb

Preventing a logic bomb Difficult to recognize and each is unique with no predefined signatures.

If you store a password here anyone with access to the password file or database has every credential

Plain text Book covering up because it’s naked

Represent Data as a fixed length string of text with different inputs for different passwords, impossible to recover original message from digest, common way to store passwords

Hashing a password

Different across operating systems and applications, different hash algorithms Rainbow dictionary Brute force hashing Password file Salting

Password file

Attack an account with 3 or more common passwords and if it doesn’t work then move on to the next account in order to not be locked out is what attack?

Spraying attack

Obtain a list of users and hashes then calculate password has and compare to a stored hash. Large computational resource requirement is what attack? Pass the hash Brute force the hash Rainbow table Replay attack

Brute force the hash

Rainbow tables

Pre built set of hashes

Random data added to a password when hashing. Each user gets their own and rainbow tables won’t work against this. Each user gets a different random hash

Salting

Has additional electronics inside and your OS identified it as Human Interface Device like a keyboard/mouse and once connected it downloads and installs malicious software is a malicious flash drive

False, malicious USB Malicious flash drive acts like a HID and loads malware in documents/pdf’s, infect computer after a reboot or act as an Ethernet adapter to act as a wireless gateway or redirect internet traffic

Stealing credit card information during a normal transaction by copying credit card or with a small camera is

skimming

Card cloning

Get card details from skimmer, create a duplicate with same magnetic strip (chip can’t clone) Cloned gift cards are common

Computers identify patterns in data, face recognition for analyzing, use it to stop spam, recommend products Evasion attack RDNS API attack Machine learning

Machine learning

Attackers send modified training data that causes AI to behave incorrectly Poisoning training data Machine learning Evasión attack Rdns

Poisoning training data

AI is only as good as the training, AI can be fooled, can release real world confidential information Evasión attacks Machine learning Cryptographic attack Adware

Evasión attacks

cross check and verify training data, retrain with new/better data, train AI with possible poisoning to secure what? Learning algorithms AI Hacking the human Hybrid warfare

Learning algorithms

contains many moving parts and attackers can infect different parts without supervision. One exploit can affect this Supply chain Cryptographic attacks Botnets DDOS

Supply chain

Can you trust server/router/firewall/software, use small supplier base for tighter control of vendor, strict controls over policies and procedures, security implemented in overall designs is security for what? Logic bomb Supply chain Cryptographic attack Evasión attack

Supply chain

Cloud based security puts security burden on the client with data center security and infrastructure costs

False, on premise security Cloud based is centralized and costs less with no dedicated hardware or data center but a 3rd party handles everything

Customize your security posture with full control in house, on-site local IT security team, this team maintains uptime and availability with system checks, security changes for this takes time is what type of security?

On premise security

Data in a secure environment but 3rd party May have access to it, manage large scale security with auto signature and security updates, limited downtime with fault tolerance, scalable security options

Security in the cloud

Many shortcomings for this attack and the main issue attackers go after is the implementation. Attacker looking for the key is what?

Cryptographic attacks

Same hash value for 2 different plaintext’s. Find a collision through brute force. Attacker generates multiple versions of plaintext to match hashes Persistent XSS attack Birthday attack Brute force hashing Botnets

Birthday attack Protect yourself with large hash output Kelbys plain “happy birthday” text to me

Collisions

Hash digests are supposed to be unique, different input data should never create same hash

Force a system to downgrade their security is what attack

Downgrade attack

Gain higher level access to a system through a bug or exploiting vulnerability, need to get these holes closed up quickly, Eliciting information Privilege escalation Worm Rootkit

Privilege escalation Horizontal privilege escalation- user a can use user b resources

Patch quickly, update antivirus/block known vulnerabilities, data execution prevention with only data in executable areas, address space layout randomize to prevent a buffer overrun at known memory address mitigates what? LDAP injection Collisions Code injection Privilege escalation

Privilege escalation

Browser security flaws with information from one site shared to another, common web application develop errors and takes advantage of the trust a user has for a site, malware that uses JavaScript Server side request forgery XSS attack Watering hole attack DLL injection

Cross site scripting/XSS Bad person puts bad code into a website and when you visit it bad things happen to your computer. Like a diary for friends that someone writes mean things in

Website allows scripts to run in user input like a search box, attacker emails link that takes advantage of vulnerability and runs a script that sends credentials to attacker,script embedded in url in victim’s browser, attacker uses credentials to steal victim’s information

Non persistent (reflected) XSS attack A sneaky person tricks a website to having something on the web page it shouldn’t when people visit. Like a mirror that shows cute animals but a fairy instead changes it to show toys

Attacker posts a message to social network with malicious payload, everyone/all viewers gets payload, social networking this can spread quickly with everyone having it posted to page and can propagate further Botnets Non Persistent XSS attack Persistent XSS attack Session hijacking

Persistent (stored) XSS attack A notebook with a message that appears nice but when you open it is mean.

Be careful with untrusted links, disable JS or control with an extension, keep browser applications updated to avoid vulnerabilities, validate input and don’t allow users to add their own scripts to an input field protects against what? Watering hole attack Server side forgery request XSS Birthday attack

Protecting against XSS Xz wow

Adding your own information into a data stream, enabled from bad programming with the application should be able to handle input and output, user for many different data types

Code injection

SQL injection

Most common relational database management system language, modifies these requests and application should not allow this

XML injection

Set of rules for data transfer and storage, modifies these requests that a good application will validate SAN/NAS (acronyms for storage) Agreeing to XXX site rules

Created by telephone companies and now used by everyone,modify these requests to manipulate application results

LDAP injection

Windows library containing code and data and many applications can use this library, have an application run a program and run as part of the target process

DLL injection Dill pickle on the window, wieners on the glass Sneaky friend adds special tools to a programs room without program knowing and can change how the program works

Overwriting of memory, spills into other memory areas, attackers look for openings so developers need to blind check, not simple and it takes time to avoid crashing/do what you want, should be repeatable so a system is compromised to gain access to a system or make an application do what they want Buffer overflows XML injection Memory leak Fileless virus

Buffer overflow A glass with too much milk spills, computer has place to store information but if too much a sneaky person can grab it outside of the cup when it spills

Useful information sent over network, access to raw data through network tap/arp poisoning/malware on victim computer, replay data to appear as someone else, not on path attack or need work station is what type of attack?

Replay attack

Avoid this with a salt to use a session ID with the password hash to create a unique authentication hash each time Server side forgery Cross site scripting Passing the hash Replay attack

Replay attack

What is this a process for? 1. Client authenticate with username and hashed password 2. During authentication the attacker captures username and password hash 3. Attacker sends his own authentication request using the captured credentials

Pass the hash

Information gathering through wire shark, exploits with cross scripting, modify headers and cookies with cookie managers is what? Cookies and session ID’s Cross site request Header manipulation Pass the hash

Header manipulation

Encrypt end to end so they can’t see session ID, additional load on web server (https) force https, encrypt end to somewhere to avoid capture over local wireless network, still in clear and use personal vpn to prevent what attack? Server side request forgery Cross site scripting Session hijacking Replay attack

Prevent session hijacking

Information stored on computer by browser and used for tracking personalization, only a risk if someone gets access to them, privacy risk, maintain multiple sessions

Browser cookies and session ID’s

Process for what? 1. Victim authenticates to server 2. Server provides session ID to client 3. Attacker intercepts session ID and uses it to access the server with the victim’s credentials

Session hijacking

Common and legit, html directs these from your browser, most unauthenticated requests

Cross site requests

Website pages consist of code on each side of the Client and server

True

server side performs requests from the client-html, PHP, transfer money from one account to another, post video on YouTube

True Client side renders page on screen, html/JavaScript

One click attack/session riding takes advantage of trust web app has for user like browser and made with your co sent, significant web applications develop oversight with anti forgery or cryptographic tokens

Cross site forgery

What is this the process for? 1. Attacker creates funds transfer request 2. Request is sent as a hyperlink to a user who may already be logged into the bank website 3. Visitor clicks link and unknowingly sends transfer request to bank website 4. Bank validates transfer and sends funds to attacker

Cross site request forgery

Attacker finds vulnerable web application by sending requests to web server and it performs on behalf of attacker

Server side request forgery SSRF

This is caused by bad programming, never trust user input, server should validate input and responses, rare but can be critical vulnerabilities Session hijacking Header manipulation Cross site scripture forgery Server side request forgery

Server side request forgery Waiting, not trusting your server with food

What is this the process for 1. Attacker sends request that controls a web application 2. Web server sends request to another service such as cloud file storage 3. Cloud storage sends response to web server 4. Web server forwards response to attacker

Server side request forgery

Antivirus is good at identifying known attacks by checking signature and blocking, although there are still ways to infect and hide is what term?

Malware hide and go seek

Interaction between hardware and OS that trusted but security issues FaaS Azure Driver Hypervisor

Driver

Shimming

Filling in space between 2 objects, windows has its own and is backwards compatible, malware authors write their own

Refactoring

Metamorphic malware where it is a different program each time it’s downloaded, adds NOP instructions/loops pointless strings, can intelligent redesign itself by changing app flow Difficult to match with signature based detection

Difficult to do but Combines on path attack with downgrade attack, sits in middle and modify victim and web server messages, victim sees nothing but browser is not encrypted

SSL stripping/HTTP downgrade Strips S from HTTPS

Programming conundrum, time of check to time of use attack (TOCTOU) something happening between check and use

Race condition 2 trains trying to get to station at once. A computer having the same function happens at the same time and causing issues

Unused memory not properly released, slowly grows in size, eventually uses all memory, system crashes

Memory leak

Programming technique that references a portion of memory, application crash/debug/DoS

NULL pointer dereference

Integer overflow

Large number into smaller sized space, shouldn’t be able to manipulate memory this way

users shouldn’t be able to browse windows folder, won’t stop user from browsing past web sever root and takes advantage of badly written code, Read files from web server that are outside of website file directory

Directory traversal

Messages should be just informational enough, network information/memory dump/stack traces/database dumps Improper error handling Improper header handling Birthday attack SSL stripping/HTTP downgrade

Improper error handling

All input should be considered malicious, allowing invalid input can be devastating is what kind of handling?

Improper input handling

Attackers look for vulnerabilities by exposing sensitive data/DoS/intercepted communication/privileged access

API attacks

Special DoS only require a device and lie bandwidth, zip bomb Resource exhaustion Evasión attack Logic bomb DLL injection

Resource exhaustion

Bluejacking is access to a blue tooth device and data, if you know file or picture or video you can download without authentication

False, Bluesnarfing Bluejacking is sending of unsolicited messages to another device

802.11w

Protects against disassociation/de authentication attacks

Prevent wireless communications with decrease the signal to noise ratio at receiving device, can be intentional or caused by microwave or lights Reactive jamming Code injection Replay attack Radio frequency jamming

Radio frequency jamming

Constant random bits or frames sent at random times, needs to be close to do this, Nfc RFID Wireless jamming Jitter

Wireless jamming

Only sending signals when the attacker sees someone is trying to communicate on the network DLL injection DDOS jamming Reactive jamming Computer hoax

Reactive jamming

Fox hunting

Finding source of jamming signal

Access badges/inventory/pet id that uses radio energy for bidirectional communication

RFID (radio frequency identification)

Data capture through replay attack, spoof the reader, DOS signal jamming, decrypt communication is what attack? RFID attack Nfc attack Reactive jamming Radio frequency jamming

RFID attack Running the 800 in track (tracking and 800 is a lot)

2 way wireless communication, used for payment systems and helps with blue tooth pairing, an access token/security card with short range encryption is what?

, NFC (near field communication)

Remote capture, frequency jamming/DoS, replay/on path attack, loss of device are security concerns for what? NFC RFID DDOS rDns

Nfc

Arbitrary, pseudo number used once that can’t be reasonably guessed for login process and helps to avoid a replay attack

Cryptographic nonce

Type of nonce that randomizes encryption scheme, used in encryption ciphers, WEP and some SSL implementations Nonce Hash Salt Initialization vectors

Initialization Vectors

Malware/Trojan does all the proxy work and the malware in your browser waits for you to login to your bank and other sites and steal your money/information is what kind of attack? Spyware On path browser attack RAT Logic bomb

On path browser attack

Attacker sending traffic with different source MAC addresses to force out legit MAC addresses on the table. This makes the switch a hub that will repeat information to all devices connected to it

MAC flooding

Acces to domain registration(determines dns names/ip addresses) to control traffic flows is what attack?

domain hijacking

Internet tracking your security posture, if bad can cause email rejections and errors that appear when someone tries to go to the website that tell them the website is not safe to access Domain hijacking Domain reputation Domain registration SQL injection

Domain reputation

Makes an application break or work harder, can be identified by anti virus, over use a cloud resource like cpu is what attack?

Application DoS

Hardware and software for industrial equipment, electric grid goes, offline, plant shuts down etc RFID Operational tech DoS NFC DDOS

Operational tech DoS

Shell Script is the Command line for windows system admins, extends command line functions, attacked through system admin/active domain admin/file share access

False, Windows powershell She’ll script is unix/Linux

General purpose scripting language, popular, used for cloud orchestration for application instances, attacks happen in infrastructure of routers, servers, switches

Python

Macros

Automatic functions with application or os, can create security vulnerabilities, all they need is the user to open the file

Automatic processes within windows application, powerful programming language, run arbitrary code in document with CVE-2010-0815/MS10-031

Visual Basic for applications (VBA)

Entity responsible for an event that has an impact on the safety of another entity

Threat actor or malicious actor

An attacker in the network and undetected, constant attacks is an example of this

Advanced persistent threat 71 days in US

Script kiddies

Runs premade scripts without Knowledge of what’s really happening

When people at work use apps or software they’re not supposed to use Script kiddies Birthday attack Shadow IT Code injection

Shadow IT

Method a computer hacker tries to get into a computer system or network, a lot of work goes into finding these vulnerabilities

Attack vector

What type of attack vector do we lock data centers for, they try to modify OS, attack keylogger for passwords, transfer files or DoS?

Direct access

This attack vector modifies access point config, rogue/evil twin Direct access Removable media Email Wireless

Wireless

Biggest attack vector, phishing, social engineering Cloud Email Removable Wireless

This attack vector tampers with infrastructure or manufacturing process with malware Cloud Supply chain Social media Removable

Supply chain

Which attack vector is publicly facing applications and services with security misconfiguration, brute force/orchestration/DoS attacks?

Cloud media Social media is fake friends, user profiling for information on you

What attack vector gets around fire wall, has malicious software on usb flash, Data exfiltration and allows usb to act as keyboards?

Removable media

Open source intelligence makes decisions to best prevent hackers and attackers

False, threat intelligence OSINT is publicly available through discussion groups/internet

Threat intelligence services, compiled threat information, constant threat monitoring

Closed/proprietary intelligence Who’s line is it prop scene with Wayne Brady triple threat

Public/private sharing center

Includes the CTA where members upload threat intelligence with scores on how severe, sharing of cyber threat information

Intelligence industry standard for sharing threat data that includes STIX and TAXI

AIS, Automated indicator sharing

describes cyber threat info, includes motivations/response information CIST NIST STIX TAXII

STIX TAXII securely shares STIX data

Event that shows an intrusion, unusual amount of activity/file hash values change/uncommon login patterns

IOC

Analyze large amounts of data to find suspicious patterns, identifies dns queries/location/traffic pattern behavior, early warning system, machine learning Dark web intelligence AIS Predictive analysis Threat map

Predictive analysis

identifies attacks and trends and file/code repository shows what the hackers are building, see what code accidentally releases Threat map Sharing center AIS Code reuse

Threat map

They know the product better than anyone and know the problems/vulnerabilities Threat research Vendor websites Local industry groups Vulnerability feeds

Vendor websites

Vulnerability feeds, conferences, academic journals request for comments , local industry groups, threat feeds and social media are great for threat research

True

These proactively look for threats by searching data and networks, look for what adversaries are doing

TTP (tactics, technique, and procedures)

No Security, anyone can access, change or take anything from. Computer or a file or folder. Increasingly common with cloud storage Open permissions Zero day attack Unsecured root accounts Default settings

Open permissions

When the Most powerful key for your computer system that allows you to control and make big changes is not locked. Can be by a MIs configuration Weak encryption Unsecured root account Open port Default settings

Unsecured root accounts

Most common encryption issue AES 3DES SSL TLS

TLS

Takes advantage of default configurations/IoT devices, cameras, routers, garage door openers etc Unsecured root account Weak encryption Mirái Botnet Insecure protocol

Mirai botnet

Hardware and software from a 3rd party can contain malware

True

For outsourced code development make sure the development systems should be isolated, test encryption and check for back doors

True

Intelligence fusion

Overwhelming amount of data/types, split into security operation/security intelligence/threat response teams, fuse data together with diverse datasets

Logs/sensors/intrusion detection/internet events, focus on predictive and user behavior analytics Threat hunting Intelligence fusion Fusing the data Cybersecurity maneuvers

Fusing the data

Moving firewalls and is, firewall rule/block ip address, delete malicious software, automated maneuvers Fusing data Cybersecurity maneuvers Intelligence fusion Threat hunting

Cybersecurity maneuvers

Threat hunting

Find attacker before they find you, intelligence data is reactive

Minimally invasive, port scans, identify systems and devices, detects insider threats is what?

Vulnerability scanning

gathers information and doesn’t try to exploit a vulnerability is what type of scan?

Non intrusive intrusive scan isTrying out a vulnerability to see if it works

is not having password what kind of scan?

Non credentialed A credentialed scan is when a normal user emulates an insider attack Having a key to a house and non is looking at house from outside. Credentialed is more effective because you can see inside house

Application scans are desktop/mobile scans

web application scans are for software on a web server

This scans misconfigured firewalls, open ports, vulnerable devices Systems scan Application scan Web application scan Network scan

Network scan

A vulnerability that is identified but doesn’t actually exist is a false negative

False, false positive False negative is a vulnerability exists but you didn’t detect it

Includes data inputs for authentication attempts/vpn/firewall session logs/denied outbound traffic/network utilization and packet captures of network packets/critical alert/capturing everything is data for what?

Siem data

detects insider threats/identify target attacks/catches what DLP and Siem systems might miss

user and entity behavior analytics (UEB) Sentiment analysis is public discourse correlated to real world behavior/hate you they hack you/social media as barometer

Soar Security, orchestration, automation and response

Automate routine/tedious/time intensive activities

Rules of engagement

Defines purpose, scope and penetration test parameters. Includes: IP address ranges, emergency contacts, handling sensitive information, in/out of scope devices

Try to break into system, can cause DoS/data loss, buffer overflows/gain privilege escalation, password brute force, social engineering, injections Risk Soar Threat actor Exploiting vulnerabilities

Exploiting vulnerabilities

Getting into network is difficult but inside of network is relatively unprotected Lateral movement Rules of engagement Pentest aftermath Threat actor

Lateral movement

Initial exploitation, lateral movements, persistence (setting up a way to get back in with a back door, pivot is the process for what?

Pentesting

Getting access to one system that allows you to get access to others Initialization vector Pivot Persistence Lateral movement

Pivot Friends ross

Leave network in original state, remove binaries or temp files, remove back doors, delete user accounts created is what? Sandbox Pentest aftermath Quarantine Order of volatility

pentest aftermath

Cat

On a Linux server, combine the contents of both files to a single document would be what command?

Which provides a framework for better understanding techniques which may be used by a potential attacker? Mitre att&ck Cyber kill chain Osi Ieee Diamond model

Mitre att&ck

Which is categorized as an operational security control? Security policy Firewall Hot site Warning sign Security guard

Security guard

A network admin has identified a device sending a large amount of traffic to an external ip address. The computer is powered on, but the user is on vacation. Which is most like reason for this traffic? Botnet Logic bomb MAC spoofing Skimming

Botnet

A package delivery receipt includes signature of receiving party. Which describes signature on receipt? Something you are Something you have Something you can do Something you are Something you know

Something you can do

A user digitally signs all email messages sent to external recipients. Which of the following would be used to provide this functionality? SaaS IPSec Ldaps S/mime SRTP

S/mime

Security engineer runs monthly vulnerability scan. Scan doesn’t list any vulnerabilities for windows servers, but a significant vulnerability was announced last week and no servers are patched yet. Which best describes? Exploit Credentialed Zero day attack False negative

False negative

is monitoring packets on network through ping scans, port scans, os scans and looks at nmap. People are able to see reconnaissance

Active footprinting passive footprinting is utilizing open sources such as social media, Reddit, and corporate websites to learn information

Red team is offensive attacking, blue team is defensive protecting security, purple team is red and blue collaborating and white team manages the interactions between red and blue teams

True

These should be performed often, check against well documented baselines and if failed would require immediate correction

Integrity measurement check

Standardized naming/numbering for cables and devices in your environment so everyone knows where equipment is located in data center/rack.

Standard naming conventions Ex for devices asset tag names/numbers, networks have port labeling, user account names

Ip schema

Knowing what ip addresses are used at what locations. Ranges, subnets, hosts per subnet, reserved addresses

Data is on a storage drive, network and in a CPU. It is protected by encryption and has different permissions for users

True

Data that resides in a country is subject to the laws of that country Data masking Data in use Data at rest Data sovereignty

Data sovereignty

Data masking

Hide some of original data with obfuscation, protects PII. Last 4 digits on a receipt for credit card but the rest not shown

Original information is plain text, encrypted form is ciphertext

True data encryption

changing one character of the input and many characters change of the output

diffusion, Confusion is the encrypted data is drastically different than the plain text

Data at wha, encrypts entire data, applies permissions with ACL’s and authorized users and is on a storage device

Data at rest

Data in use is data over network without much protection, includes network based protection, need to provide transport encryption like TLS or IPSec

False, data in transit Data in use is actively processing in memory. Data is always decrypted and attackers take straight from RAM

Replace sensitive data with a non sensitive place holder. Storing a ssn number as a different number. Common with credit card

Tokenization

IRM information rights management

Limits the scope of what someone can do with a document

Examines everything going into and out of a device

Endpoint dlp

Located between users and the internet , block custom defined data strings, prevent file transfers to cloud storage, block virus/malware

Cloud based dlp

Data in Motion is on your network and data at rest is on your server

True

Views information within encrypted data to see if anything malicious is in it. Has to be specially configured and done with your device trusting browser Tls inspection IPSec Dlp endpoint DLL injection

Tls inspection

TLS encryption works if Browser checks a web servers certificate was signed by a trusted CA

True

It's a special list of things that a computer or a program can do. Instead of going into the computer and telling it exactly what to do, you can use this just like you use the menu at a restaurant, to ask the computer to do specific tasks. This tells the computer how to do those tasks, and it gives you back the results, just like a waiter brings you the food you ordered from the menu.

API

Authentication to legitimate users, authorization for users to have limited roles, and uses a WAF for security CPU Vulnerabilities Syslog API

API

Multiple honey pots is called what?

honey net

Bait for honeynet is called honeyfiles

True

Trying to get machine to think malware is actually something good through machine learning so it won’t be able to identify it

Fake telemetry

Dns that gives out incorrect ip addresses, attacker can redirect to malicious site, can also redirect malicious domains to being ip addresses which is good, can integrate with firewalls

Dns sinkhole

You only handle development is software as a service

False, PaaS

Broad description of cloud models, services delivered over the internet, IT function changed into service

Xaas anything as a service

Handle aspects of tech for clients, can be cloud service provider, provides network connect management/disaster recovery/growth management, can focus on IT security

MSP managed service provider

Latency with cloud too far away, limited bandwidth, difficult to protect data and requires internet connectivity are issues for which type of computing? Cloud Edge Fog Network

Cloud, massive data storage and instant computing power

30 billion IoT devices, processes data locally/on the device, storage, no latency or network requirements, does not need cloud to process data is fog computing

False, Edge computing Fog is cloud + IoT to extend cloud

What type of computing has no latency because data is local, no bandwidth requirements, minimizes security concerns, and provides long term analysis Cloud Fog Edge Network

Fog

Applications run on a remote server, VDI/DaaS instead of physical devices, only local devices are KB/mouse/screen

Thin client, minimal OS on client but needs big network connectivity

Runs many different OS on the same hardware, each app has its own OS

Virtualization

Isolated process in a sandbox, apps can’t interact with each other, uses host kernel and secure separation between applications

Container

One big application that does everything, contains all decision making process/code challenges

Monolithic

API

is the glue for micro services, built in containment, outage containment and scalable

Serverless architecture where apps split into individual functions, ran in a stateless computer container, managed by third party and May only run for 1 event

Function as a Service

Transit gateway, pool of resources created in a public cloud, many are created, cloud router, on different subjects and connected through vpn Azure FaaS SIAM VPC

Virtual private cloud

Azure

specifies which resources can be provisioned and amazon specifies resources/permitted actions-list users, allow api access from ip address range

Service integration and management

Many different service providers (multi sourcing) integrates diverse providers

Directly programmable, agile to make changes dynamically, centrally managed with open standards, no human intervention

Software defined networking, control and data plane

Needs to see data to secure it, devices include: NGF/WAF/Siem, encapsulates data with VXLAN/TLS, monitor application traffic with real time traffic flow, can control traffic flow via api is what?

Software Defined Visibility

I’m virtualization you have built too many servers/networks and firewalls, can’t tell which VM’s are for which apps

VM Sprawl

VM escape protection

Breaking out of VM and interact with host operating system or hardware, huge exploit because control virtual network

A sandbox is an isolated testing environment

True

Dismantling and removing an application instance is de provisioning and provisioning is deploying an app (web server, database server etc)

True

elasticity

increases or decreases available resources as the workload changes Scalability increases workload in a given infrastructure

SQL databases with client sending detailed requests for data, limit client interactions is what? Stored procedures Memory management Code reuse Dead code

Stored procedures

Cryptographic nonce is Taking perfectly readable code and turning it into nonsense. True or False

False, obfuscation

Code reuse is when the results aren’t used anywhere else in the application

False, dead code Code reuse is using old code to build new applications, watch for security risks

Helps protect against malicious users, attackers may not use your interface is what type of validation point? Input Server side Client side Version control

Server side, checks occur on server

What Validation point has end user app make validation decisions, filter legit input from users, provide additional speed Input Server side Client side Version control

Client side, use both server and client but server is more important

Extend functionality of a programming language

Third party libraries

A windows 10 exploit affects all windows 10 users unless the computers are running different software/applications with uniques binaries. What is the name of this preventive measure

Software diversity

Constantly written code that is merged into the central repository many times a day, need to document security baselines Continuous delivery Continuous deployment Continuous Integration Continuous scripting

Which Continuous is more automation, auto deploy to production, no manual checks

continuous deployment Continuous delivery automated testing and release processes, click button and deploy application

All usernames and passwords of a organizations database, authentication requests reference this, Kerberos or ldap Attestation SMS Federation Directory services

Directory services

Provide network access to others, partners/suppliers/customers etc, must establish trust

Federation

Attestation

Prove that hardware is yours , remote has operational report to verification server

This is authentication to a specialized app on mobile device

Push notification Login factor sent to phone with predefined phone number is SMS and

True or false, Authentication apps are pseudo random token generators, physical or software token generators

True

Secret key and time of day, key configured ahead of time with time stamp

Time based one time password algorithm

HOTP one time password

Once a session with one login attempt, includes: HMAC algorithm (keyed hash) token based (hash different each time) hardware/software tokens

You can authenticate with both phone calls giving you a code and smart cards and a static code such as a pin or a password/phrase

True

False rejection rate is the likelihood that an unauthorized user will be accepted, not sensitive enough

False, false acceptance rate False rejection rate is likelihood that an authorized user will be rejected, too sensitive

Defines overall accuracy of a biometric system, rate at which FAR and FRR are equal, adjust sensitivity to equalize both values is what?

True, Crossover Error Rate

Authorization is proving who you say you are with a password and other factors

False, authentication Authorization is the accesses you have based on your identification and authentication

Internal monitoring and management, need internal expertise, external access must be granted and managed is what authentication? Cloud On premise Multi factor Biometric

On premise

What authentication factor is completing a series of patterns? Something you do Something you know Something you have Something you are

Something you know

Multiple links in network in case a link fails RAID Geographic dispersal Load balancing Multipath I/O

Multipath I/O Ex. multiple fibre channels with multiple switches in case of failure

Raiders 0 is no fault tolerance

True

NICs talk to each other broadcasts

False, Multicast

Ups is a short term backup power supply and a generator is long term

True

Hot swappable

Replace a faulty power supply without powering down

Provide multiple power outlets (in a rack) Include monitoring and control by managing power capacity and enable or disable indv outlets

PDU

duplicates data from one data center to another

Use SAN-SAN

This includes redundancy by maintaining one VM and replicate all others (one big file) maintain copies anywhere

VM replication

Cloud storage is faster than on premise

False, cloud is always slower than local

All files changes since the last full back up Full Incremental Differential Non authoritative

Differential, Incremental is all files changed since last incremental backup

Incremental is the fastest back up

True

A copy is an exact duplicate of a systemat one point in time

True

A disk is sequential storage, easy to ship and store, 100gb

False, magnetic tape Disk is faster and deduplicate/compress

Run os from removable media, portable Non persistence Live boot media Diversity Order of restoration

Love boot media

What should be restored first? Application Server Hardware Database

Database

All cryptography is temporary

True, additional CA’s can provide additional protection

Embedded systems

Hardware and software designed for a specific function like digital watch, medical imaging system etc

Multiple components running on a single chip

System on a chip Small form factor

Integrated circuit that can be configured after manufacturing. Common in infrastructure (firewall, routers)

FPGA

Cellular networking that runs at 10Gbits per second

Uses to provide information to a cellular network provider from IoT devices, contains mobile details and embedded systems 5G Subscriber Identity Module Narrowband Zigbee

SIM

Communicates analog signals over a slim range of frequencies, conserves frequency over long distance 5G Subscriber Identity Module Narrowband Zigbee

Narrowband, used with IoT devices and SCADA

Single cable with a digital signal, bidirectional Baseband Subscriber Identity Module Narrowband Zigbee

Baseband 100base-to, 1000base-t, 10gbase-t

IoT networking, IEEE 802.15.4 PAN, alt. To WiFi and Bluetooth(less power consumption)

Zigbee

Embedded systems are not usually ran on a fully capable computer, they have limited features/communication (low cost)

True Raspberry pie etc

What is a common constraint of embedded systems? Power CPU RAM Network

Power, cpu and network

Embedded systems commonly use authentication for security

False, typically none

Concealing an important facility in plain sight, blends into local environment

Industrial camouflage

Chemical fire you would use what to stop?

DuPont FM-200 (halon)

Site surveys, damage assessments you would use this Proximity reader Bollard Faraday cage Drone

Drone

Blocks electromagnetic fields, microwave oven inside

Faraday cage

Physically secure cabled network, protect cables/fiver and data, can’t cut the cables PDS Dual power PDU Hot swappable

PDS Protected distribution system

Physical separation between networks, in shared environments; stock markets, SCADA, airplanes etc have these for protection

Air gap

Remove magnetic field, destroys drive data and renders drive unusable

Degaussing

Wiping data is is removing it from an existing data store

False, purge Wipe is unrecoverable removal of data in a storage device, to be able to reuse on another system

What are added to encrypt a text?

Key Cypher is the algorithm used to encrypt

Already built in and generates hashes from passwords Key stretching library Cryptographic key Homomorphic encryption Public/private sharing

Key stretching library

Used to secure IoT devices with limited power/CPU,

LW Crypt

Homomorphic encryption

Perform calculations while data is encrypted, directly on encrypted data, can only decrypt with price key

Single key to encrypt/decrypt data, if it gets out you need another key, secret key algorithm, doesn’t scale well

Symmetric encryption

Public key cryptography with 2 or more keys (public/private) need both to encrypt/decrypt. Both mathematically related

Asymmetric encryption

Key generation

combines a large random (prime) number with a key generation program to create a private and public key

Elliptic curve cryptography

Instead of numbers these use smaller keys than large prime numbers, smaller storage, perfect for phones

These can be a digital signature; authentication, non repudiation and integrity

Hashes

Verifies a downloadable file, compares downloaded file hash with the posted hash value Collision Practical hashing Salt Elliptical curve

Practical hashing

Digital signature does what Proves message not changed (integrity) Verify signature (non repudiation) Sign with private key Verify with public key

All the above

Don’t send the symmetric key over net, uses phone or in person is in band key exchange

False, out of band In band is on network with additional encryption, use asymmetric to deliver symmetric key

Session keys are permanent

False, they are ephemeral (temporary) and need to be changed often

You can decrypt a web servers data if you have the private key and capture traffics. SPOF. Use this to change the method of key exchange

Pfs, Uses elliptic curve or diffie helman for ephemeral key exchange

Steganography

is security through obscurity

Name 3 types of steganography

-embed messages in tcp packets -place in image -invisible watermarks -digital audio files -sequence of images

0’s and 1’s and combos of them used to search large data bases Steganography Post quantum cryptography NTRU Quantum superposition

Quantum superposition

Crypto system not vulnerable to quantum computing. Instead of using prime numbers it uses closest vector problem.

NTRU

random stream Quibits (key) across quantum network, if both keys are identical then it wasn’t viewed during transmission, someone seeing it would modify data stream and keys not be the same

QKD

Stream cyphers are mostly used with asymmetric encryption

False, symmetric

Block cyphers

What are symmetric encryption that are often 64 or 128 bit and each bit is encrypted or decrypted separately

Simplest encryption mode, each block encrypted with same key

ECB

Each plaintext block is XORed with previous cipher text. First block is IV and adds randoms

CBC

CTR

Acts as a stream cipher, encrypts successive values

Galois/ Counter Mode

Encryption with authentication, part of block mode, efficient without latency, used in packet used data;IPSec, tls etc

A block chain is a distributed ledger that keeps track of transactions, replicates to anyone

True

Low Power devices/low latency need larger symmetric key sizes and use ECC for asymmetric encryption

False, use smaller key sizes High resiliency needs larger key sizes

Match these to the below; integrity, authentication, non repudiation Validate content with hashes Password hashing digital signature

Integrity- Validate content with hashes Auth-Password hashing Non repudiated-digital signature

Public key encryption and digital signing of mail content S/MIME SRTP NTPsec HMAC

S/MIME

FTPS is SSH file over FTP

False, FTP over SSL SFTP is SSH file over FTP

SASL

Provides authentication using many different methods is

Users access of data and applications is what?

endpoint DLP is preventing data being lost

Kernel

This has complete control of OS

Specification for cryptographic functions used by apps within os, random number generator, versatile memory

TPM

This verifies a boot loader with a signed trustee certificate or digital signature Hardware module Trusted Boot Boot integrity Secure boot

Secure boot

Bootlisder verifies digital signature of os kernel, kernel verifies other components, then checks every driver if trusted Hardware module Trusted Platform Module Trusted Boot Secure boot

Trust boot

Remote Attestation

Device provides operational report to a verification server

Sending random input to an application; robustness testing, fault injecting, negative testing Fuzzing Secure cookies Salting Hashing

Fuzzing (dynamic analysis)

These prevent XSS attacks, add to web server configuration, only allow local script sites Fuzzing Secure cookies Salting HTTP secure headers

HTTP secure headers

Decisions in os, application hash, certificates, path and network zones are examples of what? Fuzzing Allow lists Salting HTTP secure headers

Allowed lists

Help identify security flaws, can automate finding a hidden vulnerability in a source code

Static application security testing

Registry

Primary configuration database for windows

Encryption for this prevents access to application database files

Disk

FDE, SED, Opal storage specification -Hardware based full disk encryption, no OS -encrypt everything on drive, bit locker

Full disk encryption- encrypt everything on drive, bit locker -Self encryption drive-Hardware based full disk encryption, no OS Opal Storage-

send to server with lowest use Weighted round Robin Round Robin Dynamic round round robin Active/active load balancing

Dynamic round Robin Round Robin, Each server is selected in turn Weighted round Robin prioritizes a server

extranet

Private network for partners/ vendors, suppliers, needs additional authentication is what? Intranet is private network for internal use only, vpn access only

North/south traffic is the ingress/egress to an outside device, internal web server inside data center communicating to an external web server

True, East to west is traffic flow in a data centers, 2 web servers inside same data center communicating to each other

Encryption/decryption access device, used with client software built into os, many deployment options

Concentrator

Language commonly in web browsers, includes api and web cryptography, create vpn tunnel without a separate vpn application

HTML5 vpn

Everything sent from remote user is sent to vpn concentrator and the concentrator decides where the data goes Split Full Site to site L2TP

Full

Always on, firewall acts as vpn concentrator between remote user and corporate resources L2TP Site to site Full Split

Site to site

Connecting sites over a layer 3 network as if they were connected at layer 2, implemented with IPSec Site to site Full L2TP Split

L2TP

IPsec

Security for layer 3, authentication and encryption for every packet, confidentiality and integrity

Transport mode encrypts both the data and IP header

False, tunnel mode

Use this if you only care about integrity of data, hash of packet and shared key, prevent replay attack ESP AH L2TP IPSec

AH, ESP encrypts and authenticates, more common to use, combined with AH for the integrity

802.1D

Prevents switching loops

BPDU guard ,

This bypasses listening and learning states, spanning tree control protocol, work stations don’t send these

Ip tracking on layer 2 device, switch is a firewall for tus, switch watches these conversations, filters invalid information

DHCP snooping

Descruces process of controlling traffic flows, many methods is

QoS

No NAT, no ARP, IPSec built in for ipv4 security

False, ipv6 security

Port redirection, software based and limited functionality

Port mirror

These limit the number of broadcasts per second, can also control multicast and unicast traffic, managed by values Switches STP BPDU guard NGFW

Switches, managed

Filter traffic by port number or application, encrypt traffic between vpn sites, layer 3 device, incorporating NAT WAF Network based firewall Stateless firewall NGFW

Network based

Application layer, all data is in every packet, each packet analyzed State full firewall Network based firewall Stateless firewall NGFW

NGFW

Applies rules to https, allows or denies based on input, used for payment cards, sQl injection WAF Network based firewall Stateless firewall NGFW

WAF

Firewall ACL’s are from top to bottom

True, also includes implicit deny

True or false, Opening source firewalls include application controls and high speed hardware

False, proprietary Open source is traditionally firewall function

Appliance provide faster throughput for firewall then host based

True, Host based can view non encrypted data

This access control is Connecting internal network to the internet, mostly with firewalls, access control is inside or outside and trying to reach resources/access can be through location or user groups etc

Edge

integrated with Active Directory and makes health checks during login and log off is what?

Agentless nac dissolvable agents- Not Installing permanent software, performs posture assessment and terminates when done

These are useful fit caching information, access control, url filtering and content scanning

Proxies

Internal proxy commonly to protect and control user access to the internet Application proxy Forward proxy Reverse proxy Open proxy

Forward proxy

Inbound traffic from Internet to your internal service Application proxy Forward proxy Reverse proxy Open proxy

Reverse proxy

3rd party uncontrolled proxy, significant security concern, used to circumvent existing security controls Application proxy Forward proxy Reverse proxy Open proxy

Open proxy

Connects an ips, redirects traffic by examining a copy of traffic. Does this through port mirror or network tap, does not block, just prevents In band response Passive monitoring In line monitoring Out of band response

Passive monitoring

Out of band response

Malicious traffic is identified, limits traffic , iPs sends tcp reset frame to disable traffic flow and prevent anymore malicious traffic

Ips sits physically in-line, all traffic goes through it first, prevents any malicious traffic from getting into netwok, drops bad traffic

In band response

High end cryptographic hardware, secures storage, offloads cpu overhead from other devices, used in large environments with clusters and redundant power

Hardware Security module

Access secure network zones, highly secured device, ssh/tunnel/vpn to this, security concern

Jump server

This is Proprietary consoles (firewall, ips) siem consoles (Syslog servers) aimed include correlation engine to compare diverse sensor data

Collector

WPA2-CCMP

Data confidentiality with aes, message integrity with cbc-mac

WPA3 PSK has a brute force problem

False, WPA2 PSK

WPA changes PSK to include mutual authentication, creates shared session key that isn’t shared over the network, no hashes/handshakes is now in WPA3 for SAE

True

Diffie Hellman derive key exchange with authentication component, everyone uses different session key, even with PSK is SAE

True, dragon fly handshake

This security mode authenticates users individually with an authentication server (radius) is WPA-PSK

False, WPA3 enterprise/802.1x

Allows for easy set up of mobile device through pin configured on access point entered on phone/push button on access point Eap PEAP WPS EAP-FAST

WPS

Authentication framework, many ways to authenticate based on RFC standard, integrates with 802.1x.

Eap

PSK is used in conjunction with access to to a database, radius/ldap/TACACS

False, 802.1x (port based network access control)

Authentication server and supplicant share a protected access credential (pac) (shared secret) needs radius server, authenticates over tls. *makes sure supplicant and authenticator can communicate in a tunnel Eap-fast PEAP Eap Captive portal

Eap-fast

Encapsulates eap in a tls tunnel, user authenticates with MSCHAPv2, user can authenticate with GTC. Uses digital certificates for authentication Eap-fast PEAP Eap Captive portal

PEAP

Requires digital certificate in AS and other devices. Uses mutual auth in order for a tls tunnel. Required PKI and legacy devices may not be able to use Eap-fast PEAP Eap Eap tls

Eap tls

Radius federation is members of an organization can authentication to network of another organization, uses 802.1x (NAC)

True

Supplicant- the client authenticator- device that provide access authentication server- validates client credential

True

Eap-ttls

Supports other authentication protocols in a tls tunnel, needs one digital certificate on AS, used by all is what?

For wireless packet analysis, you can’t hear everything on the network if you are transmitting data

True

Configures, updates, and maintain all access points in an infrastructure Controller ESSID 802.1x Eap-tls

Controller

Connections to buildings are point to multi point

False, point to point Multi point is full connectivity between nodes

WiFi is WAN

Blue tooth is PAN- high speed communication over short distance WiFi is LAN

DOS/frequency jamming, remote capture, stolen device, replay attack or man in the middle are common attacks against what? RFC NFC Bluetooth GPS

NFC

Mobile device management

Manage company owned and user owned mobile devices

Secure access to data, protect data from outsiders, file sharing and viewing, DLP for mobile devices

Mobile content management

Context aware auth

Authentication that combines multiple contexts; ip address, gps, other devices, emerging tech, what devices you frequent etc

Separate enterprise mobile apps and data, creates a virtual area for company data with limited sharing. Storage segments the data is what?

Containerization

Shrinks PCI express, security; key generation, digital signatures, authentication, secure storage

MicroSD HSM

Provision, update and remove apps, creates enterprise catalog, monitor application use, remote wipe MicroSD UEM MAM SEAndroid

Mobile application management

Addresses broad scope of system security for Linux/kernel/user space/policy configuration MicroSD UEM MAM SEAndroid

SEAndroid

Move from user assigned control to object labels and minimum user access

SEAndroid manages android deployments

Applications can be used across different platforms by using this MicroSD UEM MAM SEAndroid

UEM

Rooting (android)/jailbreaking (Apple)

Install custom firmware, uncontrolled access, side load apps. You don’t need access to os

Company buys device, used as corporate and personal device, org has full control of device

Corporate owned personally enabled

Apps/data separate from mobile device, centralized app development, data separate from device Corporate owned VDI/VMI COPE CYOD

Virtual desktop infrastructure

Company owns device and is not for personal use use is CYOD

False, corporate owned CYOD is similar to COPE but you choose your device

HA across zones are Availability zones, isolated locations with cloud region, independent power, build apps to be highly available, load balancers

True

This allows different os and applications to communicate across platforms, validates security controls

Integration/auditing resource policies- Identity access management, map job functions to roles, provide access to cloud resources, centralize user accounts

API keys, password, certificates, difficulty to manage, authorize access to this, manage access control policy, provide audit trail Secrets management Resource policies HA across zones Integration

Secret management

Iam, bucket policies, globally blacking public access, don’t put data in cloud unless it needs to be there are examples of what? Resource policies Permissions Replication Cloud storage

Permission

Data already encrypted when sent to the cloud and performed by the application is client side encryption

True, Server side encryption encrypts data in cloud and is encrypted when stored on a disk

is micro service architecture that view’s special api queries and monitors incoming/outgoing data

API inspection and integration

Manages computing resources such launchers/removesa vm or container, allocates resources Iaas Security groups Virtual private cloud endpoint Container security

Iaas

Dynamic resource allocation

Provisioned resources when needed, scaled up or down, ongoing monitoring

Instance awareness

Granular security controls, identifies specific data flows, files shares and defines set policies, denies certain uploads

Allows private cloud subnets to communicate to other cloud services, does not need internet connectivity

Virtual private cloud endpoint

Bugs, Insufficient security controls, Mia configurations are security issues for what? Virtualization Cloud computing Container Man I. The middle

Container

Cloud access security broker

Keeps data secure in the clouds, organization has defined security policies, implemented as client software, determines authorization of apps, compliance, threat prevention

This is one of the most common cloud security issues Wireless Applications Storage RAM

Applications misconfiguration

Protects uses and devices regardless of activity/location, examines api applications, examines JSON strings and api requests

Next gen secure web gateway SWG

Attributes

Identifier or property of an entity, name/email/department name etc., one or more can be used for identification

-ssh-keygen

Create a public/private key pair

Copy the public key to the ssh server -ssh-copy-id host@user -ssh-I’d user-copy@host -keygen-copy-id user@host -ssh-copy-id user@host

-ssh-copy-id user@host

-ssh user@host

No password prompt

Used exclusively by services running on a computer, no interactive, web/data base server, access defined for specific action is what kind of account?

Service accounts

What adds location metadata to a document or file, location based access rules, time based access rules?

Geotagging geofencing is automatically allowing or restricting access when the user is in a specific location, don’t allow to run unless near office

All passwords in one location, credentials encrypted with unique passwords is a password vault

True

Use personal knowledge as an authentication factor

Knowledge based authentication

Static kba questions are based on an identity verification service, street number etc

False, dynamic Static kba is pre configured shared secrets, used with password recovery (make and model of first car)

TPM

as a cryptographic processor that will generate random numbers or key generators, persistent memory with unique keys burned in?

Larg number of servers woukusing encryption would use an HSM, centralized storage

True

Encrypted authentication protocol that utilizes a 3 way handshake is PAP

False, CHAP Pap is basic in the clear, weak and non encrypted

After a link is established, server sends a challenge Client responds with a password hash calculated from the challenge and password Server compares received hash with stored hash 3 way handshake Trusted Platform process Password vault process Radius

3 way handshake

Used commonly with point to point tunneling and has security issues with DES, easy to brute force IPsec MS-CHAP L2tp 802.1x

MS-CHAP, micro soft version of chap Use L2TP, IPsec, 802.1x or another secure authentication method

Common AAA protocol, supported on a wide variety of platforms, centralize authentication for users, on any server

Radius

Network authentication protocol that you do not need to reauthenticate with and is used with Microsoft

Kerberos

Integrates with eap and prevents access to network until authentication succeeds 802.1x Radius Tacacs LDAP

802.1x Used in conjunction with either radius, Tacacs or ldap

Routers/switches/firewalls, sever authentication, remote vpn, 802.1x would authenticate with Kerberos

False, radius

Open standards for authentication and authorization, can authenticate from 3rd party, one standard does it all, issues with mobile apps Federation SAML O auth SASL

Security assertion markup language

Authorization framework, determine resources a user will be able to access, created by Google and others, openid connect handles SSO, authorization but not auth,

O auth

Users receive rights for authorization through what? ACL’s Windows groups Access control models Chmod a-w

access control models

Os limits operation of object based on security clearance, every object gets a label, admin decides who gets security access DAC Mac Rbac ABAC

Mac

Used in most os, spreadsheet/owner controls who has access, flexible but weak security

Discretionary access control

Rbac

is used in windows that use groups for access control

Users can have complex relationships to applications and data, many parameters DAC Mac Rbac ABAC

Attributes based access control Ex resource info, ip address, time of day, data relationship

Generic term for following rules, access comes through system enforced rules, rule is associated with object

Rule based access control

Stores files and access to them, done through acls/user rights/central files, handles encryption and decryption

File system security

Difficult to apply old methods of authentication to new methods of working, constantly changing cloud, conditions, controls allow or block, can make complex access rules

Conditional access

Managing super user access with admin and root, store privileged accounts in digital vault, centralized passwords/automation/manage each user access/tracking and Audit

Privileged access management

Policies, procedures, hardware, software, people and digital certificates

PKI

Public key certificate that binds with digital signature from CA RA PKI CA Digital certificates

Digital certification

Key pair send the public key to the CA

Certificate signing request

Built in browser is commercial certificate

True, Private certificates are in house with internal ca, for large organizations

Everyone receives certificates from multiple CA’s

False, one

Entity requesting certificate needs to be verified, approval or rejection, responsible for revocations RA PKI CA CSR

Registration authority

Common name FQDN for certificate

Manages certification revocation list CRL PKI CA CSR

DV, EV, wildcard domain and SAN are what type of tickets? Web server ssl Web server user Code signing Root

Web server ssl

Owner of certificate has some control over dns domain

Domain validation

Additional checks have verified the certificate owners identity, show green name on address bar, ssl now outdated Ev DV San Wildcard

Extended validation certificate

Ext to x.509 certificate, lists addition identification information, certificate support many different domains Ev DV San Wildcard

Subject alternative name

Certificate are based on name of server, apply to all server names in a domain Ev DV San Wildcard

Wildcard

Developers provide level of trust/apps signed by developers, users os examines developer signature bf validate software Code signing Web signing ssl Root Self signed

Code signing certificate

Public key certificate that identifies root ca, issues other certificates Code signing Web signing ssl Root Self signed

Root certificate

Internal certificate not signed by public ca, build your own ca Code signing Web signing ssl Root Self signed

Self signed certificate

Putting a certificate on a device that you signed is what type of certificate?

machine and computer certification User certificates is an id card with additional authentication factor

Cryptography in an email platform with public key cryptography, public key encrypts email/private key decrypts is what certificate?

email certificate

X.509

Structure of certification is standardized, format of file can take many forms

Format designed to transfer syntax for data structures, specifically coding format, binary, common with Java

Distinguished encoding rules

Common format, base64 encoded der certificate, format from CA’s, on many platforms, ASCII X.509 DER PEM PKCS #12

Privacy enhanced mail N64 pikachu unreal in smash

PKCS #12

Personal information exchange syntax standard, rfc standard, format for many x.509 certificates, used to transfer public/private key, PFX

Windows x.509 ext, encoded as der or as ascii pem format, public key and private is transferred in .pfx format CER PKCS #12 PAM PKCS #7

Certificate

Cryptographic message syntax standard, store I. ASCII (human readable format), no private keys, wide platforms supported CER DER PEM PKCS #7

PKCS #7

Encrypts emails, received encrypted emails, digital signatures/private key digitally signs, non repudiated/integrity CER Email certificates PEM PKCS #7

Email certificate

Offline CA’s are bad and cannot be trusted

True

Provides scalability for these checks, CA responds to these client requests, doesn’t scale well, certificate holder verified status, in TLS handshake Pinning Certificate chaining Key escrow OCSP stapling

Online certificate status protocol stapling

Proves you are communicating on trustworthy tls server, this has expected certificate or public key to an application, keys don’t match then it shuts down Pinning Certificate chaining Key escrow OCSP stapling

Pinning

Cross certifying CA’s are for scalability with mesh

False, don’t scale well

Someone else holds encryption keys

Key escrow

List of all veers between server and root CA, starts with SSL cert and ends with root, anything in between us this

Certificate chaining

Web of trust is a single CA issues certain to intermediate CA’s

False, hierarchical Web of trust is alt to traditional PKI

Takes advantage of ICMP TTL exceeded error message, TTL is hops, TTL=1 first router, TTL=2 2nd router is what command?

Tracert (windows) or trace route

This device filters icmp

Firewall

This command learns about devices, port scan for device and open ports, can determine OS, service scans and has additional scripts/vulnerability scanning

Nmap

Pathping

First phase runs a trace route to build map, 2nd phase measures round trip time and packet loss at each hop

TCP/IP packet assembler/analyzer that is a ping that can send anything

Hping

#hping3 - - desport 80 10.1.10.1 modifies IP/TCP/UDP/ICMP values and is easy to flood and DoS

True

Show all active connections

Netstat -a

Netstat -n

Do not resolve names

Netcat

Read or write to the network, open port and send or receive traffic, listens on port number/transfer data/scans port, becomes backdoor

Locate active devices, arp, ICMP requests, tcp ack, ICMP timestamp is what?

ip scanners

Arp determined Mac address based on ip address

True

ARP -a

View local arp table

View devices routing table, find out which way the packers will go Give windows and Linux commands

Route Route print (windows) Netstat -r (Linux)

Cur1

Client url, retrieve data using a url, web pages, ftp, grabs raw data from search

Gathers osint, finds associated ip addresses, names from linked in, pho keys by email domain, dns brute force is what command?

theHarvester

Combine many recon tools into a single framework, non and intrusive scanning options

Sn1per

What Run port scans from different hosts, port scan proxy, ip is hidden scan source?

Scanless

Dnseum

Enumerated dns information, view host from dns servers, find host names on Google

Nessus

Industry leader in vulnerability scanning, checklist of issues/extensive reporting

Cuckoo

Sandbox for malware, virtual environments, api calls and network traffic/memory analysis, traffic captures, screenshots

View first part of a file

Head

- head -n 5 syslog uses n to specify what?

Number of lines

Tail

View last part of a file

Cat

Link together in a series Concatenate

- cat file1.txt file2.txt copies a file to a screen and - cat file1.txt file2.txt > both.txt copies a file to another file

True

Change mode of a file system object, set for file owner (u) group (g) others (o) or all (a)

Chmod X= execute

-chmod 744 first.txt is user to read write execute, group is read only and other is read only

True

Type of change mode to All users, no writing to first text

Chmod a-w first.txt

Owner of script.sh can execute the file Scanless Cur1 Chmod u+x Chmod a-w

Chmod u+x script.sh

Add entries to system log, syslog is what?

Logger

-logger “This information is added to syslog” is useful for including information in a local or remote syslog file, included as part of automation script and log an important event. True or false

True

Command line for system administrators, .ps1 file extensions SSH Power shell Python OpenSSL

Windows power shell

Toolkit and crypto library for this, create/manage x.509 certificates and requests and CRLs, supports many hashing protocols, encryption

OpenSSL

Packet replay utilities that edit packet captures, check ip signatures/firewall rules, looks at traffic in Netflix and evaluates security performance devices is what?

tcpreplay

captures packers from command line and displays packers on screen and write packers to a

tcpdump Wire shark is a graphical packet analyzer that gathers frames on network and can be built into the device with extensive decodes

Includes an ibm mainframe and data definition, bit by bit copy of a drive

Create a disk image is - dd if=/dev/sda of=/tmp/sda-image.img Restore from an image is -dd if=/tmp/sda-image.img of=/dev/sda memdump

True

Winhex

Universal hexadecimal editor for windows os that edits disks/files/ram, clones disks, hard drive cleaning is

Ftk imager

Access data forensic drive imaging tool, widely supported, full disk encryption, import other image formats

Perform digital forensics of hard drives, extract many different data types

Autopsy

Metasploit

Attack known vulnerabilities is what?

Ñame 2 nist sp800-61 security incidents handling guide incident life cycle stages

Preparation Detection analysis Containment, eradication, and recovery Post incident activity

This monitoring detects configuration changes like system files

Host based

Phased approach to fixing a system after an attack

Reconstitution

Performing a full scale disaster drill before an event Walkthrough Exercise Tabletop exercise Simulation

Exercise

Not having to physically go through a disaster drill Walkthrough Exercise Tabletop exercise Simulation

Table top exercise

Include responses, test processes before an event and go through each step to identify faults Walkthrough Exercise Tabletop exercise Simulation

Walkthrough

Testing an event like phishing email is which prevention exercise

Simulation

Using paper when a computer goes down is an example of what plan?

Coop (continuity of operation planning)

Determines actions of an attacker: identify point of intrusion, understand methods to move around, look at security techniques to block future attacks Diamond model of intrusion Incident response Mitre attack Siem

Mitre attack

Apply scientific principles to intrusion analysis/measurements and looks simple but is complex, adversary deploys capability over some infrastructure against a victim

Diamond model of intrusion

Diamond models co sits of what?

adversary, infrastructure, victim and capability

Cyber kill chain, name 2

Reconnaissance- gather intel weaponization- build deliverables to include a backdoor delivery- deliver executable over email exploit- execute code on victims device installation- malware installed on os command and control- C2 channel created for remote access actions on objectives - attacker can remotely carry out objectives Is what?

A vulnerability exists but you didn’t detect it is a false negative

True

Switches, routers, ap’s, vpn concentrators and infrastructure devices are what kind of logs? Network System Applications Security

Network logs

Os, security events, requires filtering, extensive Network System Applications Security

System

Windows event viewer, Linux macOS parse log details on siem, specific to this log Network System Applications Security

Application

Blocked and allowed traffic, exploit attempts, blockier categories, dns sinkhole, firewalls and critical protection information Network System Applications Security

Security

Ip address, access errors, unauthorized attempts, server start up and shut down activity Network System Authentication Web

Web log files

View lookup requests, ip address of the request, malware sites and queries to bad urls, block or modify bad requests Network DNS Authentication Web

Dms log files

Know who logged in or who didn’t, account name, source ip, auth method, identify brute force and multiple failures, Network System Authentication Web

Authentication log files

Store all contents of memory into diagnostic file, reste in windows task manager, some apps have their own of this log file

Dump log files

View inbound and outbound call info, audit trail, includes sip information VoIP and call manager System Dump DNS

VoIP logs

Rsyslog is a popular Syslog daemon with additional filtering/storage and NXlog is a collection from many diverse log types

False, syslog-ng, Rsyslog is a rocket fast system for log processing

Linux log, stored in binary, optimized for storage and provides method for querying system journal with search and filter

Jountslalctl

Bandwidth monitoring is percentage of use over time

True, snmp, Netflix, SFlow, ipfix

Describes other data sources like mobile/web/files etc Jountslalctl Metadata Rsyslog NXlog

Metadata

This gathers traffic flow by a probe watching network and summary records sent to collector

Netflow

Templates used to describe data, newer Netflow is what?

ipfix Sflow is sample of actual network traffic, embedded in routers/switches

Protocol analyzer

This solves complex application issues, gathers network packet, and views detailed traffic information

End user device like a pc is an endpoint

True

Decisions made into os, only allow apps with unique identifiers, allow digitally signed apps from publishers, only run apps in folders or network zone are Kernel Macro CRL Approval lists

approval lists

Enable it disable phone and tablet functionality, regardless of physical location

Mobile device manager

Block transfer of pii or sensitive information

DLP

Content filtering

Limit access to untrusted websites, block know malicious sites, blocklists share suspicious site urls

Admin isolate compromised device with malicious software from everything else/network is containments

False, isolation Containment is running app in sandbox, limit interaction with os and multi device security

Sepárate network, prevent unauthorized movement and limit scope of breach is segmentation

True

Includes run books of linear checklist steps to perform and playbooks with conditional steps to follow with a data breach, integrates 3rd party tools and data sources

Security orchestration automation and response

Collect and protect information relating to an intrusion, RFC 3227 guideline for evidence collection

Digital forensics

Legal technique to preserve relevant information, hold notifications, electronically stored information, ongoing preservation

Legal hold

Not all data can be used in a court of law, legal authorization, laboratories, technical qualifications

Admissibility

Control evidence by maintaining integrity, use hashes and everyone contacts evidence/labels everything, Digital forensics Legal hold Admissibility Chain of custody

Chain of custody

Fat time is stored in gmt

False, ntfs Fat is stored in local time

Below is least volatile to most CPU registers, cpu cache Router table, arp cache, kernel, memory Temporary file systems Disk Remote logging/monitoring data Physical config, network topology Archival media

False, most to least

How long data sticks around

volatility

Changes constantly and is difficult to capture, memory dump

RAM

Swap/pagefile

Used by different os system, place to store ram when memory is deleted, more space on storage drive, portions of application, similar to ram dump

Snapshot

Associated with virtual machines, original image is full back up, each of these is incremental from the last

Artifacts

Digital items left behind, every contact leaves a trace, log info/flash memory etc

CPU cache is long term instruction storage

False, short term

A legal agreement to have the option to perform a security audit at any time

Right to audit clause

Data in different of these may be bound by different rules, data stored in cloud may not be located in same country, data center can determine its treatment Forensic cloud Right to audit clause Regulatory/jurisdiction Data breach notification law

Regulatory/jurisdiction

Protects against accidental changes during transmission, relatively simple integrity check, not designed to replace hash Checksum Provenance Preservation E-discovery

Checksum

Documentation of authenticity, chain of custody for data handling, blockchain tech Checksum Provenance Preservation E-discovery

Provenance

Handling evidence, manage collection process, live collection Checksum Provenance Preservation E-discovery

Preservation

Gathers data required by legal process Checksum Provenance Preservation E-discovery

E-discovery

Focus on key threat activity for a domain, prevent hostile intelligence operations is

strategic intelligence/counter intelligence

Technical controls are controls that are implemented by people, security guards/awareness programs

False, Operational Technical is systems like firewalls or antivirus

This type of Control addresses security design, security policies, SOP’s Technical On premise security Managerial Peap

Managerial

Physical contrincante access, door lock, security guard, firewall Preventive Detective Corrective Deterrent

Preventive

May not prevent access, identifies and records any intrusion attempt, motion detector, ips/ids Preventive Detective Corrective Deterrent

Detective

Designed to mitigate damage, ips can block attacker, backups mitigate ransomware, or storm Preventive Detective Corrective Deterrent

Corrective

May not directly prevent access, discourage intrusion attempts, warning sign, login banner Preventive Detective Corrective Deterrent

Deterrent

Doesn’t prevent attack, restore using other means, restore from backup, hot site, backup power system Preventive Physical Corrective Compensating

Compensating

Fences, locks, mantraps, real world security Preventive Physical Corrective Compensating

Physical

Compliance

Meeting standards of laws, policies, and regulations, across many aspects of business, penalties and scope

Ray regulation for data protection, control export of personal data, individual has control of their personal data, details privacy rights for user

General Data Protection Regulation

Payment card industry, data security standard for protecting credit cards GDPR PCI DSS Security framework Compliance

PCI DSS

What is this? Build and maintain secure network systems Protect cardholder data Maintain vulnerability management program Implement strong access control measure regular monitor networks Maintain information security policy

PCI DSS

6 steps for NIST RMF

Categorize- define environment Select- pick appropriate controls Implement- define proper implementation Asses- determine if controls are working Authorize- make a decision to authorize a system Monitor- check for ongoing compliance

Practical and actionable tasks for it professionals for cyber defense is what?

center for internet security

Cis is the alignment of standards, guidelines, and practices to framework core

False, framework profile inside Nist CSF

Ido/iec 27001

Standard for an information security management system 27 ISO

Ido/iec 27002

Code of practice for information security controls

Ido/iec 27701

Privacy information management

ISO 31000

International standards for risk management practices

Type 1 audit tests controls in place at a particular point in time

True Type 2 tests controls over a period of at least 6 consecutive months

Cloud controls Matrix

Cloud specific security controls, controls are mapped to Standards, best practices and regulations

Enterprise architecture

Methodology and tools, asses internal it groups and cloud providers, determine security capabilities, build road map

This hardens what, banner information, directory browsing for info leakage , run permissions from non privileged account, configure ssl, monitor log files

Web server

This gardens what, updates/patches, user account with password complexity, limit network access, anti virus/malware Web server Os Application Network infrastructure

This hardens what, runtime/programming language b/w web server and database, disable unnecessary services, security patches, limit rights and access from other devices Web server Os Application Network infrastructure

Application

This hardens what, switches/routers, embedded os with purpose built in device, don’t use default configuration, manufacturer security updates etc

Network infrastructure

What use is allowed for assets of the company is what?

acceptable use policy

Job rotation so no one has total control, mandatory vacations, separation of duties, clean desk policy are examples of least privilege

False, business policies

NDA, prevents use of confidential information, social media analysis AUP Personnel security procedures Business policies User training

Personnel security procedures

Gamification, capture the flag/hacking, phishing simulation, computer based training are examples of what? AUP Personnel security procedures Business policies User training

User training

An adverse action is someone failing a background check

True

Mínimum terms for services provided, used between customers and service providers

Service level agreement

Don’t make decisions based on incorrect data, used with quality management systems like 6 sigma, calculate measurements uncertainty BPA MOU MSA EOSL

Measurement system analysis

Manufacturer stop selling product, no more support for product BPA MOU MSA EOSL

End of life or end of service life

Rules, processes. And accountability associated with an Organization’s data Data governance Data steward Data classification Data retention

Data governance

Manages governance process, data accuracy/privacy/security, associate’s sensitivity labels to the data, ensure compliance with applicable laws

Data steward

Identify data types and compliance Data governance Data steward Data classification Data retention

Data classification

Keep files that change frequently for version control/files change often, recover from virus infection, often legal requirements with different storages Data governance Data steward Data classification Data retention

Data retention

Passwords must be embedded in the application, everything needs to be on the client side, not the server side

False, server side not client side

Personnel accounts have no privileged access to os

True

Web server rights and permissions will be the same as the data base server

False, different

An account that has Elevated access to one or more systems, complete access to drivers, not used for normal administration, highly secured is what?

an admin/root account

Change control steps. Name 2

Analyze risk associated with change Create a plan Get end user approval Present proposal to change control board Backout plan if change doesn’t work Document changes

Theft of ideas/inventions/creative expressions is intellectual property theft

True

Every project has a plan with risk, document risk with each step and apply solutions, monitor results Risk register Risk control assessment Risk matrix Inherent risk

Risk register

Risk matrix

View results of risk assessment, risk based on color, likelihood of an event with potential impact,

Impact + likelihood, risk exists in absence of controls

Inherent risk

Inherent risk +control effectiveness, risk after controls are considered, models based on on including additional controls Risk register Risk matrix Inherent risk Residual risk

Residual risk

Risk determined, cybersecurity requirements, formal audit, security based on requirements, exist controls are good or not

Risk control assessment

Co Stanton changing backfield, overwhelming amount of information, knowledge is key Risk awareness Risk matrix Inherent risk Risk control assessment

Risk awareness

Likelihood, annual rate of occurrence, single loss expectancy, annual loss expected are types of what? Risk awareness Risk matrix Quantitative risk Risk control assessment

Quantitative risk

Impact

Life, property, safety, finance, reputation is what?

What recovery plans should consider in unique environments? Name 2

Application Personnel Equipment Work environment

Récords are sorted and stored Distribution Use Maintenance Disposition

Distribution

Use

Make business decisions

Maintenance

Ongoing data retrieval and data transfers is what?

Disposition

Archiving or disposal of data is called what?

Notices

Data classification that is property of an org, including trade secrets and unique data to org

Proprietary

Hashing and masking are examples of what?

Anonymous zation

manages the purposes and means by which personal data is processed

Data controller

is responsible for data accuracy, privacy and security

Data custodian or steward

Data that is property of an organization

Proprietary

Security admin needs to search a storage drive to get email messages and browser histories. Which?

Autopsy

Using an automated teller machine with a pin and debit card Something you know Something you have Something you are Something you do

Something you have/know

Airport check in process requires photo identification Something you know Something you have Something you are Something you do

Something you are

Door to data center requires a id card and handprint Something you know Something you have Something you are Something you

Something you are/have

Main door to a building uses 2 separate keys on a key ring Something you know Something you have Something you are Something you

Something you have

A users browser will only send session keys over an encrypted connection Code signing Input validation Static cookie analysis Secure cookies Fuzzing

Secure cookies

A security admin is gathering data from a compromised host. Which should be gathered first? Any previous backups Memory dump Drive image Default router configuration /tmp directory contents

Memory dump

A company loses $1,000 each time a tablet is stolen RPO SLE MTBF RTO ALE

SLE, Singletary loss expectancy Losing a device

A team in the security department is responsible for scanning and exploiting vulnerabilities on the company network Blue White Purple Green Red

Red

A Linux admin is downloading an updated version of her Linux distribution. The download site shows a link to the ISO and SHA256 hash value. Which describes the use of the hash value? Verified the file was not corrupted during file transfer Provides a key for decrypting the ISO download Authenticates the site as an official ISO distribution site Confirms that the file does not contain any malware

Verified the file was not corrupted during file transfer

Attackers ability to reconnect to a compromised host is what part of kill chain process? Persistence Weaponization Reconnaissance Pivoting

Persistence

Banner grabbing

Probing a server to elicit a response to identify the server application and version number or how server is configured

Arp is an easily configurable backdoor

False, Netstat

X.509 links the identity of a user to a public key, while PGP links the identity to a private key

False

Verification is a stage in a key’s life cycle

False

Guaranteeing the identity of e commerce sites and the other websites that gather and store confidential information is the purported of what? CA Server certificates RA Root CA

Server certificate

All certificates use PEM which converts information into binary

False, DER (distinguished encoding rules)

PGP is under what kind of model? GPG Web of trust Hierarchical Chain of trust

Web of trust

Tokens can be allowed to continue without expiring in HTOP

True

Key stretching

Putting initial key through thousands of rounds of hashing

Provide google credentials and can simultaneously log into Twitter because they have a trusted network between the 2 is federated

True

Access control model that is not rule based Rbac Mac ABAC Dac

Dac

Access model that is strict and inflexible, contains labels similar to security clearances

Mac

Access model that is complex for defining rules that allow or deny access Rbac Dac ABAC Mac

ABAC

X.500

Principle directory standard

Way of binding an ldap(SMTP, or IMAP) directory server with client and server agreeing upon mutually supported security mechanism Open auth Sasl Ldaps Saml

Sasl (simple authentication and security layer) Allows client and server applications to authenticate each other

Saml tokens are written in what?

X.500

Active Directory is a database stored on one or more servers called this

Domain controllers

Linux command that allows you to gain access while logged into your normal user account

This is executed in the hosts memory and cpu but not installed to a local disk Hotp Totp Persistent agent Dissolvable agent

Dissolvable agent

duplicates data for FT (mirroring) Raid 1 Raid 0 Raid 5 Multiple raids

Raid 1

requires additional disk for redundancy Raid 5 Raid 1 Raid 3 Raid 0

RAID 5

Sneaky friend adds special tools to a programs room without program knowing and can change how the program works

DLL Injection

What weakness is exploited in a MD5 hash?

Collision

What is a problem with symmetric encryption? Difficult to maintain secure distribution and storage of key Public key can’t be use to decrypt private key Private key can’t decrypt public key A lot of computing overhead

Difficult to maintain secure distribution and storage of key

Asymmetric key is faster than symmetric

False

CTR and GCM allow block ciphers to behave like stream ciphers

True

GCM

Type of ctr mode and combines cipher text with messages authentication code GMAC similar to HMAC

Functions like a stream cipher, each block is combined with a nonce (non repeating) counter value

CTR

CBC applies same key to each plaintext block

False, ECB CBC improves ciphertext integrity with IV to first plaintext block to ensure the key produces a unique ciphertext from plaintext

This means a key should not be derivable from the ciphertext Diffusion Obstruction Confusion Masking

Confusión

Diffusion

If one bit of the plaintext is changed, many bits in cipher text should change is what?

What ensures identical plaintext’s produce different ciphertext a?

Iv, salt, nonce

Digital envelopes

Used both symmetric and asymmetric encryption

Used crypto algorithms to generate unique value from file contents. If file changed so does this

Checksum

A stream cipher is padded to the correct size if there is not enough data in the plain text

False, block cipher

the state when data is present in volatile memory, like RAM or CPU register is what type of data?

Data in use

Having am the same public key as someone but a different private key is what encryption?

Asymmetric

Crypto hash algorithm produces a fixed length string from a variable length string Collision Checksum Passed hash Message digest

Message digest

a special box that helps keep your toys organized and safe. you play with your toys (which are like apps or programs), the box makes sure your toys are being used safely. It checks who is playing with them, makes sure they're being used in the right way, and keeps an eye out for any problems or things that shouldn't happen. Is what? API CASB SWG XSS

CASB Just like your toy box helps keep your toys safe and organized, a CASB helps keep computer programs and apps safe when they are used on the internet or in the cloud.

gatekeeper/super hero for the computer that keeps you safe when you go online to play games/watch videos. So, when you want to go on the internet (like going to a playground), the superhero gatekeeper stands at the entrance. It checks everything you want to do on the internet to make sure it's safe and good for you. It helps stop any bad stuff from getting to your computer, like mean bugs or things that might make your computer sick.

SWG (next gen secure web gateway) Just like a superhero protects a city, the SWG helps protect your computer when you're playing and exploring things on the internet.

X.509 links identity to a private key

False, public PGP for private

Purpose for which a certificate was issued

Standard extensions

RA informs user whether a certificate is valid, revoked or suspended

False, they are only for registration process

These are like extra labels you add to a treasure map (CA) to give more details on the information it’s protecting is extensions

Extensions

Like an ID cards helps people know who you are/can trust you. This helps computers and programs trust each other with these types of certificates (ID’s)

X.509

a special robot is very good at noticing and understanding what's going on in the moment. It's like when you're playing a game, and you quickly notice if someone joins in or if the game rules change. Is what?

Instance awareness – that's being instance aware, just like the smart toy robot that knows what's happening around it.

helps computers and devices connect to and access things stored in the cloud (like data or applications) without having to physically be where those things are located. It creates a magical connection that allows you to reach and use cloud stuff from wherever you are, just like the magic door on your backpack brings your toys to you! API VPC Netflow Sfix

Virtual private cloud endpoints

System or technology’s ability to stay up and running for a long time without interruption

Highly available

Gaining administrative access to system files and settings that are usually restricted in order to modify os, install custom software etc for greater control and customization of device

Rooting/jailbreaking

Linux command that allows you to gain root access while logged into your normal user account

Removing all data from mobile device, always have a backup is what?

Remote wipe

Instead of authenticating with just a password, this authentication adds additional information like location, device info, time of access, behavior pattern and network information to be able to sign in EV Rbac PAM Context aware authentication

Context aware authentication

Bad person puts bad code into a website and when you visit it bad things happen to your computer. Like a diary for friends that someone writes mean things

Cross site scripting/xss attack

Used in wireless networks and PPP connections. It is a framework for standards on different methods of authentication L2tp EAP SASL Ipsec

EAP

Your computer wants to connect to a Wi-Fi network or another computer, it does a secret handshake with the network or the other computer. This helps in making this handshake more secure by creating a safe tunnel for the handshake to happen. It's like having a secret passage where only the right computers can go through is eap-fast

True

is like a digital backpack where you can keep secret keys, certificates, and other important stuff for your computer. It helps keep everything safe and organized so only the right people can use them is PKCS #12

True

is like a digital envelope for messages. It helps keep information secure when it's sent from one place to another on the internet. It's like putting your message in a special, locked box so only the person you want to open it can read it. SWG PKCS #7 Mail gateway API

PKCS #7

These attacks bypass maximum failed login restrictions

Rainbow table

An attacker compromises a public CA and issues unauthorized X.509 certificates for Company.com. In the future, Company.com wants to mitigate the impact of similar incidents. Which of the following would assist Company.com with its goal? Cert. with EV Cert. pinning Cert. chaining Cert. stapling

Certificate pinning

What is the term used to describe the process of validating a digital certificate by verifying a chain of trust through a series of certificates?

Certificate chaining

What is the term for the practice where a web server provides a digital certificate directly to a client, rather than the client retrieving it from a certificate authority during the TLS/SSL handshake? A) certificate pinning B) Certificate Chaining C) Certificate Stapling D) eap-fast

Certificate stapling

What security practice involves associating a specific digital certificate with a particular server or service, allowing client applications to verify the server's authenticity by checking if the presented certificate matches the pre-configured one? A) Certificate EV B) Certificate stapling C) Certificate Pinning D) OSCP stapling

Certificate pinning

What type of digital certificate provides additional verification steps beyond basic domain ownership, often including thorough validation of the requesting entity's legal identity and business details? A) DV certificate B) CSR C) RA D) Certificate EV

Certificate with Extended Validation

A security analyst is reviewing an assessment report that includes software versions, running services, supported encryption algorithms, and permission settings. Which of the following produced the report? Nmap Vulnerability scanner IP Scanner TLS Inspection

Vulnerability scanner

Port,/network/vulnerability scanning, banner grabbing, fingerprinting, social engineering and packet sniffing are examples of what?

Active reconnaissance

A systems administrator found a suspicious file in the root of the file system. The file contains URLs, usernames, passwords, and text from other documents being edited on the system. Which of the following types of malware would generate such a file?

Keylogger

A security administrator wants to implement a company-wide policy to empower data owners to manage and enforce access control rules on various resources. Which of the following should be implemented? Rbac Mac ABAC Dac

Dac

Which encryption program is commonly used for securing emails and files by providing a method for end-to-end encryption and digital signatures?

PGP

Which of these would best describe the use of a nonce? -Information is hidden inside of an image -Information encrypted with a public key is decrypted with a private key -Prevents replay attacks during authentication -The sender of an email can be verified

-Prevents replay attacks during authentication

A system administrator is implementing a fingerprint scanner to provide access to the data center. Which of these metrics would be the most important to minimize so that unauthorized persons are prevented from accessing the data center? You Answered TOTP HOTP FAR FRR

False Acceptance Rate

Which set of security standards is designed to ensure that all companies that accept, process, store, or transmit credit card information maintain a secure environment?

PCI DSS

What is the term for activities undertaken to prevent, detect, and respond to intelligence activities conducted by adversaries or competitors against an organization or government?

Focus on key threat activity for a domain

Strategic intelligence

Swap/pagefile

In computer systems, what is the term used for a reserved space on the hard drive that is used as virtual memory when the physical RAM is fully utilized?

What term is commonly used to refer to a set of documented procedures and steps that system administrators or operators follow to perform routine operational tasks and address common issues in an IT environment? A) CI B) playbook C) Runbook D) continuous deployment

Runbook

Playbook

What term is commonly used to describe a documented set of strategies, actions, and procedures that are planned and organized in advance for a specific purpose, often used in cybersecurity incident response?

Which framework provides a knowledge base of tactics and techniques used by adversaries in the cybersecurity domain, offering a comprehensive resource for understanding, preventing, and mitigating cyber threats?

Mitre attack

Which framework provides a set of guidelines and best practices for improving the cybersecurity posture of an organization, with a focus on risk management and a lifecycle approach to managing information security? A) ISO/IEC 27001 B) PCI DSS C) NIST Framework D) COBIT

Nist framework

Which model is commonly used in cybersecurity to analyze and understand cyber threats by considering four key elements: adversaries, infrastructure, capabilities, and victim organizations?

Diamond Model of Intrusion Analysis

STIX/TAXI Model

commonly used in cybersecurity to standardize the exchange of threat intelligence information, providing a structured language and transport mechanism for sharing information about cyber threats

Which document from the National Institute of Standards and Technology (NIST) provides guidance on how organizations can effectively respond to and recover from computer security incidents?

B) NIST SP800-61

Which forensic imaging tool is commonly used for creating forensic images of digital devices, allowing investigators to capture and analyze data from storage media in a forensically sound manner?

Ftk imager

Which forensic tool is often used for computer forensics and data recovery, providing features such as disk editing, data interpretation, and file recovery in a hexadecimal and ASCII visualization?

Winhex

Which command-line tool is commonly used in Unix-like operating systems for copying and converting data, often used in forensic imaging to create bit-for-bit copies of disks or partitions?

Which open-source software toolkit is commonly used for implementing the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, providing encryption, decryption, and other cryptographic functions for secure communication over a computer network?

Open ssl

Chmod

In Unix-like operating systems, what command is used to change the permissions of a file or directory?

Which command-line tool is commonly used for network testing and packet crafting, allowing users to send custom ICMP, UDP, or TCP packets to a target host for network analysis and troubleshooting?

HPing

Which version of the tools is an extended and improved version, offering additional features for network testing and packet crafting, including support for various protocols and sophisticated packet manipulation capabilities?

Hping3

organizational structure of a Public Key Infrastructure (PKI) where multiple levels or tiers of Certificate Authorities (CAs) are arranged with each level providing a different level of trust and validation?

C) Hierarchical PKI

Which PKI (Public Key Infrastructure) model relies on the concept of users personally verifying the identities of others and vouching for the authenticity of their public keys, creating a decentralized and trust-based network? A) Hierarchical PKI B) 2 way trust PKI C) Web of Trust PKI D) Federated PKI

C) Web of Trust PKI

What is the primary purpose of a Public Key Infrastructure (PKI) in computer security? A) To manage passwords B) To encrypt files C) To establish secure communication and verify the identities of users or entities D) To monitor network traffic

C) To establish secure communication and verify the identities of users or entities

In a network security context, what is the primary function of a jump server or jump host? A) To host website content B) To facilitate secure communication between two networks C) To jump between different Wi-Fi networks D) To manage email communication

B) To facilitate secure communication between two networks

What does passive monitoring refer to in the context of network security? A) intercepting and modifying data traffic B) Monitoring network traffic without interacting with data C) Initiating automated security scans on network devices D) Blocking incoming traffic from specific IP addresses

B) Monitoring network traffic without actively interacting or altering the data

What is the primary benefit of using OCSP Stapling in the context of web security? A) Faster web page loading times B) Improved server authentication C) Enhanced data encryption D) More efficient DNS resolution

A) Faster web page loading times

In cryptography, what does the term "key escrow" refer to? A) Storing cryptographic keys in a secure physical vault B) Backing up cryptographic keys to a secure cloud storage C) Providing a trusted third party with a copy of the encryption keys D) Changing cryptographic keys periodically for added security

C) Providing a trusted third party with a copy of the encryption keys

In the realm of cryptography, what term describes a set of rules used for encoding and representing data structures in a binary format, often utilized in the encoding of digital certificates? A) PKCS #12 B) CER C) PEM D) DER

Distinguished Encoding Rules

You're working with a secure email system that uses a format for encoding certificates and keys. What term best describes this encoding method, often used for cryptographic purposes in emails and various applications?

Privacy-Enhanced Mail

You're tasked with securely storing a user's private key, public key, and potentially additional certificates in a single file format. What standard would you choose for this purpose?

D) PKCS #12

You need to share a digital certificate that only contains the public key and is intended for use in a specific application. What file format would be most suitable for this scenario? A) DER B) PEM C) CER D) PFX

CER

You're involved in a project where multiple digital signatures and certificates need to be bundled together for secure transmission. Which file format would you choose to achieve this, ensuring integrity and authenticity of the signatures? A) PKCS #7 B) PKCS #12 C) PEM D) CER

A) PKCS #7

You're setting up security measures for a website where the main concern is ensuring a secure connection and encrypted data transfer. What type of SSL/TLS certificate would be most appropriate for this scenario, considering cost-effectiveness and quick issuance? A) EV (Extended Validation) Certificate B) DV (Domain Validation) Certificate C) SAN (Subjective Alternative Name) D) Wildcard Certificate

You're launching an e-commerce website and want to establish a high level of trust with your customers. What type of SSL/TLS certificate would you choose to display a green address bar in web browsers, providing a visual indicator of enhanced security and identity verification? A) DV B) EV C) SAN D) wildcard

You're managing a server that hosts multiple websites with different domain names. To secure all these domains with a single SSL/TLS certificate, ensuring compatibility and ease of management, which certificate type would you choose? A) DV (Domain Validation) Certificate B) EV (Extended Validation) Certificate C) Wildcard Certificate D) Subject Alternative Name (SAN) Certificate

SAN

You're responsible for securing various subdomains of a website, and you want to simplify certificate management while ensuring all subdomains are protected. What type of SSL/TLS certificate would you choose for this scenario? A) DV (Domain Validation) Certificate B) EV (Extended Validation) Certificate C) SAN (Subject Alternative Name) Certificate D) Wildcard Certificate

Wildcard

You're tasked with implementing a robust security strategy for a company that involves generating, distributing, storing, and retiring cryptographic keys. What phase of the key management lifecycle would you focus on when ensuring that keys are securely created and made available for use across various applications and services? A) Key Generation B) Key Distribution C) Key Storage D) Key Retirement

You're the IT administrator for a large e-commerce website, and your company needs to secure online transactions. Considering the need for widespread trust and compatibility with major web browsers, which type of certificate authority would you choose to issue SSL/TLS certificates for your website? A) Private Certificate Authority B) Self-Signed Certificate Authority C) Commercial Certificate Authority D) Public Certificate Authority

CCA

In a large organization with a complex network infrastructure, you want to streamline the process of validating and verifying users before issuing digital certificates. Which entity would you designate to handle the user identity validation process and act as an intermediary between users and the certificate authority? A) Certificate Authority B) Registration Authority C) Certificate Revocation Authority D) Certificate Repository

You're responsible for securing access to critical systems within your organization. You want to implement a solution that provides just-in-time privileged access, session recording, and periodic credential rotation for administrators. Which security approach would you choose to achieve these goals? A) Role-Based Access Control (RBAC) B) Multi-Factor Authentication (MFA) C) Privileged Access Management (PAM) D) Identity and Access Management (IAM)

PAM

You're responsible for designing a Single Sign-On (SSO) solution for your organization, where users need seamless access to multiple applications. Additionally, you want to ensure secure authentication without the need for storing passwords on each application. What standard would you consider for achieving this SSO functionality? A) OAuth B) LDAP C) SAML (Security Assertion Markup Language) D) Kerberos

SAML

You're developing a mobile application that needs to access a user's social media data without requiring them to share their login credentials. Additionally, you want to ensure that the user has control over the data shared. What authorization framework would you implement for secure and delegated access to the user's social media account? A) SAML (Security Assertion Markup Language) B) JWT (JSON Web Token) C) OAuth (Open Authorization) D) Kerberos

OAuth

You're tasked with enhancing the security of a company's laptops to protect sensitive data and prevent unauthorized access. What hardware-based security solution would you recommend to store cryptographic keys, secure the boot process, and enable features like full disk encryption on these laptops? A) USB Token B) HSM (Hardware Security Module) C) TPM (Trusted Platform Module) D) Smart Card

TPM

Your organization has adopted a cloud-first strategy, and employees use various cloud services for collaboration. However, you want to ensure visibility, control, and data security across these cloud applications. What solution would you implement to enforce security policies, monitor user activities, and protect sensitive data in the cloud?

CASB

Your organization is focused on providing a secure and productive web experience for employees. You need a solution that goes beyond traditional web filtering, offering advanced threat protection, real-time content analysis, and user behavior monitoring. Which security solution would you choose to address these requirements for secure web access? A) IPSEC B) CASB C) Next-Gen Secure Web Gateway (SWG) D) API

SWG

Your organization is hosting critical applications on a cloud platform and wants to establish private and direct connectivity to specific AWS services without using public IPs. You also aim to enhance security by avoiding exposure to the public internet. What AWS feature would you leverage to achieve this secure and private communication? A) SWG B) faas C) Azure D) Virtual Private Cloud Endpoint

VPC

In the context of Android security, what is the primary role of SEAndroid, and how does it enhance the security posture of the Android operating system? A) SEAndroid is a kernel-level security module that enforces Mandatory Access Controls (MAC) to restrict app permissions. B) SEAndroid provides secure boot functionality, ensuring the integrity of the Android system during the boot process. C) SEAndroid is a runtime encryption technology that protects sensitive data within Android applications. D) SEAndroid is a secure enclave within the Android framework that handles cryptographic operations for secure communication.

A) SEAndroid is a kernel-level security module that enforces Mandatory Access Controls (MAC) to restrict app permissions.

Your organization encourages employees to use mobile devices for work-related tasks, and you want to ensure secure access to corporate applications and data. However, you also want to maintain separation between work and personal data on employees' devices. Which mobile security approach would you implement to achieve this balance of security and user privacy? A) Mobile Device Management (MDM) B) Mobile Application Management (MAM) C) Mobile Threat Defense (MTD) D) Containerization

MAM

Your organization is implementing a wireless network, and you prioritize a secure and efficient authentication method for users connecting to the Wi-Fi. Considering the need for a quick and secure EAP method, especially in environments where certificate-based authentication might be challenging, which EAP method would you choose for this wireless network? A) EAP-TLS (Extensible Authentication Protocol-Transport Layer Security) B) EAP-FAST (Extensible Authentication Protocol-Flexible Authentication via Secure Tunneling) C) EAP-TTLS (Extensible Authentication Protocol-Tunneled Transport Layer Security) D) PEAP (Protected Extensible Authentication Protocol)

Eap-fast

Your organization is implementing secure Wi-Fi access for employees, and you want a method that provides strong authentication while ensuring ease of deployment. Considering the need for a widely supported and secure EAP method that doesn't require client-side certificates, which EAP method would you choose for this wireless network? A) EAP-TLS (Extensible Authentication Protocol-Transport Layer Security) B) EAP-FAST (Extensible Authentication Protocol-Flexible Authentication via Secure Tunneling) C) PEAP (Protected Extensible Authentication Protocol) D) EAP-TTLS (Extensible Authentication Protocol-Tunneled Transport Layer Security)

PEAP

In a corporate environment with a diverse range of devices and operating systems, you need to implement a secure Wi-Fi authentication method that supports a variety of client devices. Additionally, you want to provide a method that allows for the use of username and password without requiring client-side certificates. Which EAP method would you choose for this wireless network? A) EAP-TLS (Extensible Authentication Protocol-Transport Layer Security) B) EAP-FAST (Extensible Authentication Protocol-Flexible Authentication via Secure Tunneling) C) PEAP (Protected Extensible Authentication Protocol) D) EAP-TTLS (Extensible Authentication Protocol-Tunneled Transport Layer Security)

Eap-ttls

You're tasked with implementing a secure Wi-Fi network for a residential community, where users have varying levels of technical expertise. You want a password-based authentication method that offers strong security and is resistant to certain types of attacks. What authentication method would you choose to ensure both security and user-friendliness in this scenario? A) eAP-FAST (Wired Equivalent Privacy) B) PEAP (Wi-Fi Protected Access - Pre-Shared Key) C) EAP-TLS (Extensible Authentication Protocol-Transport Layer Security) D) SAE (Simultaneous Authentication of Equals)

SAE

A copy of traffic is sent to an IDS/IPS Passive monitoring In-line monitoring Out of band response In band response

Passive monitoring, port mirror network tap

In a network security setup, you want to deploy a monitoring solution that allows real-time analysis of traffic passing through the network, enabling immediate threat detection and response. What type of monitoring would you choose to inspect and analyze network traffic as it flows through the security appliance, ensuring minimal latency in detecting and preventing potential threats? A) Passive Monitoring B) Inline Monitoring C) Out-of-Band Monitoring D) in band monitoring

In-line monitoring

In an organization where employees need secure access to various web applications, you want to implement a solution that provides additional security layers, including content filtering, authentication, and protection against application-layer attacks. What type of security solution would you deploy to act as an intermediary between users and web applications, offering advanced security features while ensuring seamless access to authorized applications? A) Firewall B) VPN (Virtual Private Network) C) IDS/IPS (Intrusion Detection System/Intrusion Prevention System) D) Application Proxy

Application proxy

the core component of an operating system that manages resources and facilitates communication between software and hardware?

Kernel

In a secure communication setup, which encryption method allows computations to be performed on encrypted data without decrypting it?

c) Homomorphic encryption

Software-Defined Visibility

provides a centralized and programmable view of network traffic, allowing for enhanced monitoring and analysis

SSRF

In a cybersecurity scenario, an attacker tricks a server into making unintended requests to internal resources. What vulnerability is being exploited?

In the realm of authentication protocols, which mechanism provides a framework for client-server communication, allowing authentication without exposing the user's password? a) SSL/TLS b) OAuth c) SASL (Simple Authentication and Security Layer) d) Kerberos

SASL

What is edge access managed primarily through?

Firewall rules

Evaluate operational status of a system or network Dissolvable agent Persistent agent Posture assessment Health check

Health check Game operation

Evaluate security or compliance with security policies if a system or device Dissolvable agent Persistent agent Posture assessment Health check

Posture assessment

In an enterprise environment with a diverse range of devices and operating systems, you want to ensure continuous monitoring and enforcement of security policies, even when devices are off the corporate network. Additionally, you aim to facilitate remote troubleshooting and push security updates seamlessly. What security solution would you implement to achieve ongoing endpoint visibility and control?

Persistent agent

In a guest network environment where temporary and limited access is granted to devices, you want to ensure that security policies are applied without requiring the installation of permanent software on guest devices. Additionally, you aim to provide a seamless and non-intrusive experience for guests. What approach would you choose for enforcing security policies in this scenario? A) non Persistent Agent B) Intrusion Prevention System (IPS) C) Dissolvable Agent D) Network Segmentation

Dissolvable agent

In a Bring Your Own Device (BYOD) environment where users connect a variety of personal devices to the corporate network, you want to enforce security policies without requiring the installation of agents on every device. Additionally, you aim to streamline the onboarding process for new devices. What NAC approach would you choose for achieving this goal? A) Persistent Agent B) Dissolvable Agent C) Network Segmentation D) Agentless NAC

Agentless nac

A network administrator has implemented a group of servers that are configured as a unit and work together to provide network services as a means of fault tolerance. In the event of a node failure, the data on one node is made available to another node seamlessly. What is this called?

Clustering

While browsing a website, you come across a form that allows users to submit comments. A friend shares a link to a different website, and when you click it, you notice that it automatically submits a comment on the original site without your knowledge. What security vulnerability is demonstrated in this scenario? a) Cross-Site Scripting (XSS) b) Cross-Site Request Forgery (CSRF) c) SQL Injection d) Session Hijacking

CSRF

You're sending a sensitive file to your colleague, and you want to ensure that the file's integrity is maintained during transit. Which cryptographic technique would you employ to generate a fixed-size string (hash) unique to the file's content, allowing your colleague to verify its integrity upon receipt?

Message digest

You discover that an attacker has gained unauthorized access to your network and obtained hashed password values. Instead of cracking the actual passwords, the attacker tries to use the obtained hashes to authenticate to various services. What type of attack is the intruder attempting?

Pass the hash

You're working on automating tasks within a Microsoft Office application, such as Excel or Word. Which programming language is specifically designed for this purpose, allowing you to write macros and automate repetitive actions within the Office suite?

VBA

NGFW’s are network based firewalls

True Ips, content filtering, control traffic flow based on apps like YouTube etc

Your company's website is experiencing an increase in malicious traffic and attempted SQL injection attacks. To enhance security, you decide to implement a protective barrier that filters and monitors HTTP traffic between your web application and the internet. What security measure are you likely to deploy?

WAF

Validates DNS responses

DNSSEC Original authentication, data integrity with Public Key Crypt, signed by trustee 3rd party

A sneaky person tricks a website to having something on the web page it shouldn’t when people visit. Like a mirror that shows cute animals but a fairy instead changes it to show toys

Non persistent XSS attack

IOS devices take less time to update than android

True

Ally has an application on her phone for a particular store she often visits. The app has a feature that turns on as soon as she walks into the store, showing her information on her past purchases, weekly sales, product suggestions, and more. The feature relies upon GPS positioning, creating a sort of virtual boundary based on real-world geography. What is this technique called? Geofencing GPS tagging Ips services Geolocation

Geofencing

Your company has a workforce that operates remotely from various locations. Employees need secure access to internal resources such as file servers and company applications. Considering the importance of providing secure remote access without the need for specialized client software and the need for broad device compatibility, which VPN technology would you implement for this scenario? A) IPsec VPN B) MPLS VPN C) SSL VPN D) PPTP VPN

SSL VPN

In a modern workplace where employees use a mix of devices, including laptops, tablets, and smartphones, you're tasked with implementing a VPN solution that provides secure access to internal resources. Your goal is to ensure accessibility from any device without requiring specific client installations. What VPN technology would be most suitable for achieving this device-agnostic and user-friendly secure access? A) IPsec VPN B) MPLS VPN C) SSL VPN D) HTML5 VPN

HTML5 VPN

During a security assessment, an attacker manipulates user input in a web application, causing the system to misinterpret data and potentially leading to unauthorized access. What is the specific term for this security threat?

XML injection

Monitor the server load and distribute to the server with lowest use is weighted round Robin

False, dynamic round Robin Weighted prioritizes the server use

In a large-scale cloud environment, your organization is managing multiple virtual machines to support critical applications. To enhance performance and optimize resource allocation, you want to ensure that certain VMs consistently share the same physical host. What cybersecurity concept would you leverage to achieve this specific placement and minimize potential security risks?

Affinity rules

Primary configuration database for windows, hierarchical, shows a before and after changes

Registry

In a corporate environment where sensitive data is stored on laptops and mobile devices, you want to implement a security measure that ensures the confidentiality of data, especially in the event of device loss or theft. What solution would you deploy to encrypt the entire contents of the storage drive, protecting the data from unauthorized access even if the physical device falls into the wrong hands? A) Antivirus Software B) Network Firewall C) Full Disk Encryption (FDE) D) Intrusion Detection System (IDS)

FDE

In an organization where data security is a top priority, you're responsible for managing a fleet of laptops and storage devices. Given the need to protect sensitive information at rest, what technology would you choose to ensure that the data stored on these devices is automatically and transparently encrypted, without relying on additional software or user intervention? A) homomorphic encryption B) FDE C) SED D) File-Level Encryption

SDE, Self-Encrypting Drives

In an enterprise setting with a focus on securing stored data on client devices, you want to deploy a solution that provides hardware-based encryption and seamless integration with existing management systems. Your goal is to enhance data security and maintain centralized control over encryption policies. What technology would you implement for encrypting data on storage devices, ensuring compatibility with enterprise management tools? A) BitLocker B) Opal Storage C) VeraCrypt D) FileVault

Opal storage

In the development lifecycle of a critical software application, the security team wants to identify potential vulnerabilities by subjecting the application to a variety of unexpected and invalid inputs. The goal is to discover and address any weaknesses in the application's input handling. What technique would the security team most likely employ for this purpose? A) Penetration Testing B) Static Code Analysis C) Threat Modeling D) Fuzzing

Fuzzing

Static code analysis

In a corporate environment where data security and system integrity are paramount, you want to implement a solution that ensures the secure boot process of devices and protects cryptographic keys used for disk encryption. Additionally, you aim to enhance the overall security posture of the organization's computing infrastructure. What hardware-based security measure would you deploy to achieve these goals? A) Hardware Security Module (HSM) B) Secure Boot C) Intrusion Detection System (IDS) D) Trusted Platform Module (TPM)

TPM

HSM focuses on cryptographic operations and key management/is a standalone device. TPM focuses on secure platform with secure boot and is integrated on multiple devices

True

In an organization where data integrity and system security are paramount, you're tasked with implementing measures to prevent the execution of unauthorized or tampered code during the startup process. Additionally, you want to ensure that only trusted firmware and operating system components are loaded. What technology or process would you implement to achieve a secure and trustworthy boot sequence in this scenario? A) Digital Signatures B) Virtual Private Network (VPN) C) Trusted Platform Module (TPM) D) Secure Boot

Secure boot

In a high-security environment where protecting against advanced persistent threats and unauthorized system modifications is critical, you need a mechanism that verifies the integrity of the entire boot process, including the BIOS/UEFI firmware and the operating system. What security feature would you deploy to ensure that the system only boots from a known and trusted state, helping to prevent compromise from the early stages of system startup? A) boot integrity B) Measured boot C) Secure Boot D) Trusted Boot

Trusted Boot

In a highly regulated industry where compliance with stringent security standards is mandatory, you need to implement a solution that not only verifies the integrity of the system during boot but also generates a secure record or log of the boot process. This record will be crucial for audit trails and compliance reporting. What technology would you deploy to ensure a comprehensive and verifiable measurement of the entire boot sequence? A) Secure Boot B) Intrusion Prevention System (IPS) C) Measured Boot D) Endpoint Detection and Response (EDR)

Measured boot

In a large enterprise where protecting against advanced threats and rapidly responding to potential security incidents are top priorities, you want a solution that provides real-time visibility into endpoint activities, enables threat detection, and allows for swift response actions. What security technology would you deploy to enhance your organization's ability to detect and respond to security incidents at the endpoint level? A) Firewall B) Antivirus Software C) Virtual Private Network (VPN) D) Endpoint Detection and Response (EDR)

EDR

Endpoint detection and response primarily looks at signatures for detecting threats

False, it does but also looks at other types like behavioral and machine learning

n a scenario where an organization relies on cryptographic hash functions for data integrity verification, an attacker aims to find a collision—a situation where two different inputs produce the same hash value. The attacker is specifically looking for a point where the collision probability becomes surprisingly high. What type of attack is the adversary attempting in this situation, and why is it called that? A) Brute Force Attack B) Birthday Attack C) Man-in-the-Middle Attack D) Denial-of-Service Attack

Birthday attack

In a network security environment where an Intrusion Detection System (IDS) is in place to analyze network traffic for malicious patterns, an attacker is attempting to manipulate or obfuscate the network packets to avoid detection. The goal is to deliver a payload or execute malicious actions while bypassing the detection mechanisms. What type of attack is the adversary engaging in, and what is the primary objective of this technique? A) Spoofing Attack B) Evasion Attack C) Phishing Attack D) Denial-of-Service (DoS) Attack

Evasion attacks

In a web application where users can input comments and interact with dynamic content, an attacker identifies a vulnerability that allows injecting malicious scripts into the comments section. The scripts execute within the browsers of other users who view the comments. What type of attack is the adversary exploiting, and what is the potential impact of this attack on the affected users? A) Cross-Site Request Forgery (CSRF) B) SQL Injection Attack C) Cross-Site Scripting (XSS) D) Man-in-the-Middle (MitM) Attack

XSS

In an online forum where users can share links and discuss various topics, an attacker crafts a malicious link containing a script. The attacker then tricks a user into clicking on the link. When the user clicks the link, the script executes in the context of the user's browser. What type of Cross-Site Scripting attack is demonstrated in this scenario, and why is it considered "non-persistent"? A) Stored XSS Attack B) DOM-Based XSS Attack C) Non-Persistent (Reflected) XSS Attack D) Self-XSS Attack

Non persistent XSS attack

In a non-persistent XSS attack, the malicious script is delivered to the victim as part of a crafted URL or input, and it is not stored permanently on the target server. The script is reflected back to the user without being saved on the server, making it non-persistent. The attack relies on tricking users into clicking on specially crafted links or interacting with manipulated input fields.

True

In a persistent (stored) XSS attack, the malicious script is permanently stored on the target server, often within a database or another storage mechanism. The script is then served to users whenever they view the affected content, making it more dangerous as it can impact multiple users over an extended period. In this scenario, the injected script in the comment section can affect anyone who views that specific blog post

True

In a popular online blogging platform where users can create and share posts, an attacker discovers a vulnerability that allows them to inject a malicious script directly into the comment section of a blog post. The injected script becomes part of the permanently stored content. What type of Cross-Site Scripting attack is the adversary exploiting in this scenario, and how does the persistent nature of the attack affect potential victims? A) Non-Persistent (Reflected) XSS Attack B) DOM-Based XSS Attack C) Persistent (Stored) XSS Attack D) Self-XSS Attack

Persistent XSS attack

In a Windows-based environment with a client-server application, an attacker gains access to a user's computer and identifies a vulnerability in a legitimate application that loads dynamic link libraries. The attacker exploits this vulnerability to inject a malicious this into the memory space of the target process. What type of attack is the adversary conducting? A) SQL Injection Attack B) Cross-Site Scripting (XSS) Attack C) DLL Injection Attack D) Man-in-the-Middle (MitM) Attack

DLL injection

In a DLL injection attack, an attacker injects a malicious DLL into the address space of a running process. This technique is often used to execute arbitrary code within the context of a trusted application, potentially leading to unauthorized access, data theft, or further exploitation of the compromised system. In this scenario, the injected DLL could manipulate the behavior of the legitimate application, allowing the attacker to control or monitor the affected process.

True

In a scenario where an e-commerce website handles sensitive customer information and experiences frequent web application attacks, the security team is tasked with implementing a solution to protect against common web exploits. What security technology would be most effective in inspecting and filtering HTTP traffic, blocking malicious requests, and preventing attacks such as SQL injection and cross-site scripting (XSS) on the website? A) IPS B) IDS C) SWG D) (WAF

Web Application Firewall

In a secure communication system, an organization is transmitting sensitive data over a network using a block cipher. To enhance the confidentiality of the transmitted information, the security team decides to implement a mode of operation that XORs each plaintext block with the previous ciphertext block before encryption. What cryptographic mode is being employed to achieve this chaining effect, and why is it chosen for this scenario? A) Electronic Codebook (ECB) B) Cipher Block Chaining (CBC) C) Counter (CTR) Mode D) Galois/Counter Mode (GCM)

CBC

CBC mode, each plaintext block is XORed with the previous ciphertext block before encryption. This chaining effect adds an extra layer of security, making it more resistant to certain attacks, such as pattern recognition in identical plaintext blocks. CBC is a commonly used mode of operation for block ciphers in situations where chaining is beneficial

Trye

In a corporate environment that extensively uses Microsoft Office applications, a team of employees needs to automate repetitive tasks in Excel, such as data manipulation and report generation. The goal is to enhance efficiency and accuracy in their workflows. Which programming language, often integrated into Microsoft Office applications, would be most suitable for creating custom macros and automating tasks in this scenario? A) Python B) SQL C) VBA D) Java

VBA

In a company where secure access to sensitive systems and applications is crucial, the IT department is implementing a multi-factor authentication solution. The team wants to ensure that even if a password is compromised, an additional layer of time-sensitive authentication is in place. What technology would they likely incorporate into their authentication process to generate temporary codes that expire after a short duration, providing an additional layer of security? A) SMS-based One-Time Passwords (OTP) B) Biometric Authentication C) Time-based One-Time Password (TOTP) D) Hardware Token

TOTP

In a highly secure online banking application, the development team is implementing a two-factor authentication mechanism to enhance account security. They want to ensure that each authentication code is unique and verifiable, with a focus on counter-based synchronization. What technology would they likely choose to generate one-time passwords that are based on a secret key and a counter, providing a strong and time-independent authentication method? A) Time-based One-Time Password (TOTP) B) Biometric Authentication C) HMAC-based One-Time Password (HOTP) D) SMS-based One-Time Passwords (OTP)

HOTP

In a biometric authentication system deployed at a high-security facility, the management is concerned about the risk of unauthorized access. They want to evaluate the system's performance in terms of mistakenly accepting an impostor. What metric would the security team measure to assess the system's likelihood of incorrectly granting access to someone who is not the legitimate user? A) True Acceptance Rate (TAR) B) False Rejection Rate (FRR) C) False Acceptance Rate (FAR) D) Genuine Acceptance Rate (GAR

FAR

In an access control system where employees use fingerprint biometrics to gain entry to a secure facility, the security team is concerned about instances where legitimate users are incorrectly denied access. What metric would the security team focus on to measure the frequency of rejecting valid users, and how would they refer to this metric? A) True Acceptance Rate (TAR) B) False Acceptance Rate (FAR) C) False Rejection Rate (FRR) D) Genuine Acceptance Rate (GAR)

FRR

In a biometric identification system used for employee authentication in a corporate setting, the security team is evaluating the system's overall performance. They want to find the point where the rates of false acceptance and false rejection are equal. What specific metric would they use to determine this equal error rate, and why is it important for optimizing the system's accuracy? A) True Acceptance Rate (TAR) B) False Acceptance Rate (FAR) C) False Rejection Rate (FRR) D) Crossover Error Rate (CER)

CER

Striping without parity. High performance, no fault tolerance. In a media production company where high-performance is critical for video editing workflows, the IT team is tasked with configuring storage for a new server. The primary requirement is to achieve maximum data transfer speeds and storage capacity. What RAID level would be most suitable for this scenario, considering that redundancy is not a priority, and the focus is on maximizing storage performance? A) RAID 1 B) RAID 5 C) RAID 0 D) RAID 10

RAID 0

Mirroring. Duplicates data for fault tolerance, but requires twice the disk space. In a business environment where data redundancy and fault tolerance are of utmost importance, a company wants to ensure that critical files and applications are protected against disk failures. What RAID level would the IT team likely choose to provide mirroring of data, offering an exact copy of each disk in the array and the ability to continue operations even if one disk fails? A) RAID 0 B) RAID 1 C) RAID 5 D) RAID 10

RAID 1

With Parity. Faul Tolerant, only requires an additional disk for redundancy. In a corporate server environment where both data redundancy and optimized storage capacity are crucial considerations, the IT team is tasked with configuring a storage solution. The goal is to provide fault tolerance and maintain data accessibility even in the event of a single drive failure. What RAID level would be most suitable for achieving these objectives while maximizing storage efficiency? A) RAID 1 B) RAID 0 C) RAID 5 D) RAID 10

RAID 5

In an enterprise setting where both performance and fault tolerance are paramount, the IT team is planning the storage infrastructure for a mission-critical database server. The team wants to ensure a balance between high data transfer speeds and redundancy. What RAID configuration would be a suitable choice, allowing for striping and mirroring, and providing fault tolerance by creating a mirrored set of striped disks? A) RAID 0+1 B) RAID 1+0 C) RAID 5+1 D) RAID 10

RAID 1 + 0

This raid type combines RAID methods to increase redundancy

Múltiple RAID types

In a secure communication system where resource efficiency and strong encryption are key considerations, a company is implementing a new cryptographic algorithm for securing sensitive data during transmission. The goal is to achieve high-level security with smaller key sizes, reducing computational overhead. What cryptographic algorithm would be a suitable choice for this scenario, offering a higher level of security with shorter key lengths compared to traditional methods like RSA? A) RSA B) Diffie-Hellman C) Elliptic Curve Cryptography (ECC) D) AES

ECC

In a real-time communication application where low latency and efficiency are critical, the development team is looking for a symmetric key encryption method that can encrypt and decrypt data on the fly. The application involves the continuous streaming of data, and the team wants a solution that allows for efficient processing without the need to buffer large blocks of data. What type of encryption algorithm would be most suitable for this scenario? A) Block Cipher B) Asymmetric Key Encryption C) Stream Cipher D) Elliptic Curve Cryptography (ECC)

Stream cipher

In a secure file storage system where data is stored in fixed-size blocks, the development team is tasked with implementing a symmetric key encryption method to protect the confidentiality of each block. The goal is to ensure that each block of data is individually encrypted and decrypted. What type of encryption algorithm would be most suitable for this scenario, providing a systematic approach to secure each fixed-size block of data independently? A) Stream Cipher B) Asymmetric Key Encryption C) Block Cipher D) Elliptic Curve Cryptography (ECC)

Block cipher

In a scenario where a company is encrypting large volumes of identical data blocks independently for storage, the development team is considering different encryption modes. They want a simple and straightforward approach where each block is encrypted individually without any dependencies on other blocks. What encryption mode would be most suitable for this scenario, offering ease of implementation and parallel processing for encrypting and decrypting each block independently? A) Cipher Block Chaining (CBC) B) Electronic Codebook (ECB) C) Counter (CTR) Mode D) Galois/Counter Mode (GCM)

ECB

In a secure communication system where confidentiality is crucial, a company is transmitting sensitive data over a network. The development team wants to ensure that each block of data is dependent on the previous block during encryption, adding an extra layer of security. What cryptographic mode would be most suitable for this scenario, providing a chaining effect that helps prevent certain types of attacks, such as pattern recognition in identical plaintext blocks? A) Electronic Codebook (ECB) B) Cipher Block Chaining (CBC) C) Counter (CTR) Mode D) Galois/Counter Mode (GCM)

CBC

In a software development project, a team is reviewing code for potential vulnerabilities. They come across a section where a pointer is accessed without being properly initialized, leading to a situation where it points to memory location zero. What type of software vulnerability is the team identifying, and why is it considered risky in terms of system stability and security? A) Buffer Overflow B) Cross-Site Scripting (XSS) C) Null Pointer Dereference D) SQL Injection

Null pointer dereference

Null pointer dereference occurs when a program attempts to access or manipulate data through a pointer that has not been initialized (i.e., it points to a null or invalid memory location). This can lead to crashes, unexpected behavior, and potentially open avenues for attackers to exploit the application

True

Adding different input and output to data for randomization. If 2 identical bits are put in then it’s a 0. If 2 different bits then it is a 1

XOR

is when rate of false rejections and false acceptance are equal

Crossover error rate (CER)

Best method to handle input validation?

Fuzzing

encrypts your message bit by bit, with each bit's transformation depending on the previous ones and the secret key stream. It's like a magical dance that only you and your friend know, keeping your message safe from prying eyes! Block cipher GCM Stream cipher IV

a stream cipher

is putting data into usually 128 bits in a block and encrypting each block with complex math equations unless you have the symmetric key

Block cipher

Electronic Codebook (ECB) is a mode of operation for block ciphers where each block of plaintext is independently encrypted using the same key. The key remains constant for all the blocks. This simplicity in applying the same key to each block makes ECB straightforward, but it has certain vulnerabilities

True

is a mode of operation for block ciphers. It turns a block cipher into a stream cipher, allowing the encryption of individual bits or bytes of plaintext independently. The basic idea is to use a counter value as an input to the block cipher, generating a stream of pseudorandom bits that can be XORed with the plaintext to produce the ciphertext. The counter is incremented for each block, ensuring uniqueness and avoiding the weaknesses associated with modes like Electronic Codebook (ECB

CTR

Order of volatility from most

-CPU register/cache -Router table, arp cache, kernel stats, memory -temporary systems -disk -remote logging and monitoring data -physical configuration, network topology -archival media

In essence, elasticity is about adapting in real-time to fluctuating demand, while scalability is about designing a system's capacity to handle growth over the long term

True

Which below is a data steward not responsible for? Compliance Accuracy Privacy Security

It is responsible for all, Associates sensitivity labels to data

Tests controls in place at a particular point in time

Type I audit Type II at least 6 consecutive months

Admissibility

evidence or information may be considered if it meets the criteria set by legal rules and is allowed to be presented in court.

It is a legal requirement that prevents the destruction, alteration, or deletion of potentially relevant information, ensuring its integrity and availability for legal proceedings

Legal hold

What is the incident response lifecycle?

-Preparation -Detection and analysis -containment, eradication, and recovery -post incident activity

protocol used in public key infrastructure to determine the revocation status of an SSL/TLS digital certificate. web server itself periodically contacts this server, obtains the status, and attaches that status to its own certificate

Online Certificate Stapling process

Hashing a hashed password multiple times through

Key stretching

Bios provides software security

True, Secure boot specifically

A boot loader verifying a digital signature of the OS kernel is what Secure boot Trusted boot Boot integrity Measured boot

Trusted boot

Calculates if changes happened on OS, stores hash, boot drivers and everything else loaded prior in the process, includes remote attestation for a report to verification server Boot integrity Secure boot Measured boot Trusted boot

Measured boot

Took user by network admins to create connections between 2 machines

Netcat

Access control that allows users to assign permissions

Dac

What requires both server and client certificates?

Eap-tls

Non transitive trust is if A trusts B, and B trusts C, then A would trust C also

False, transitive Non transitive would mean A only trusts B, even if B trusts C, A would not trust C

CSR Cert signing request

When you provide a public key to the certificate authority (CA) to be signed

Securely taking with customers on a scheduled conference call would use what protocol?

SRTP

Securely synchronizes the time across all of your devices and port number

NTPsec 123

Port 389

LDAP 636 is secure

.security administrator, is concerned about the potential for data exfiltration using external storage drives. Which of the following would be the BEST way to prevent this method? A. Create an operating system security policy to prevent the use of removable media B. Monitor removable media usage in host-based firewall logs C. Only allow applications that do not use removable media D. Define a removable media block rule in the UTM

C. Only allow applications that do not use removable media

IPS at your company has found a sharp increase in traffic from all-in-one printers. After researching, your security team has found a vulnerability associated with these devices that allows the device to be remotely controlled by a third-party. Which category would BEST describe these devices? IoT RTOS MFD SoC

Multifunction device

A security incident has occurred on a file server. Which of the following data sources should be gathered to address file storage volatility? (Select TWO) Partition data Kernel statistics ROM data Temporary file systems Process table

Patroon data and temporary file systems are part of file storage subsystem

A security team has been provided with a non-credentialed vulnerability scan report created by a third-party. Which of the following would they expect to see on this report? A summary of all files with invalid group assignments A list of all unpatched operating system files The version of web server software in use A list of local user accounts

The version of the web server software in use

A security administrator is concerned about data exfiltration resulting from the use of malicious phone charging stations. Which of the following would be the BEST way to protect against this threat?

USB data blocker

A file server has a full backup performed each Monday at 1 AM. Incremental backups are performed at 1 AM on Tuesday, Wednesday, Thursday, and Friday. The system administrator needs to perform a full recovery of the file server on Thursday afternoon. How many backup sets would be required to complete the recovery? 2 3 4 1

4 Each incremental backup will archive all of the files that have changed since the last full or incremental backup. To complete this full restore, the administrator will need the full backup from Monday and the incremental backups from Tuesday, Wednesday, and Thursday

A security administrator needs to identify all references to a Javascript file in the HTML of a web page. Which of the following tools should be used to view the source of the web page and search through the file for a specific filename? (Select TWO) tail openssl scanless grep Nmap curl head

Grep, curl

A user has assigned individual rights and permissions to a file on their network drive. The user adds three additional individuals to have read only access to the file. Which of the following would describe this access control model? DAC MAC ABAC RBAC

Dac

A security administrator needs to identify all computers on the company network infected with a specific malware variant. Which of the following would be the BEST way to identify these systems?

DNS sinkhole A DNS (Domain Name System) sinkhole can be used to redirect and identify devices that may attempt to communicate with an external command and control (C2) server. The DNS sinkhole will resolve an internal IP address and can report on all devices that attempt to access the malicious domain

Which part of the PC startup process verifies the digital signature of the OS kernel?

The Trusted Boot portion of the startup process verifies the operating system kernel signature and starts the ELAM (Early Launch Anti-Malware) process

. A corporate security team would like to consolidate and protect the private keys across all of their web servers. Which of these would be the BEST way to securely store these keys? Use an HSM Implement full disk encryption on the web servers Use a TPM Upgrade the web servers to use a UEFI BIOS

HSM

The security policies in a manufacturing company prohibit the transmission of customer information. However, a security administrator has received an alert that credit card numbers were transmitted as an email attachment. Which of the following was the MOST likely source of this alert message? IPS DLP SMTP PCI DSS

DLP

Port numbers and their secure numbers for: RTP (SRTP) NTP (NTPsec) HTTP (HTTPS LDAP (LDAPS) DNS DHCP

RTP (SRTP) 5004 NTP (NTPsec) 123, HTTP (HTTPS) 80, 443 LDAP (LDAPS) 389, 636 DNS- 53 DHCP- 67/68

Retrieves a web page and displays as html at the command line

Curl (client url)

HPing

This modifies all IP TCP, UDP, and ICMP values

What is a generic framework for adding auth to different protocols like LDAP, SMTP, IMAP?

SASL (simple auth security layer) SAML (Security Assertion Markup Language) is a security/authentication focused on web based single sign on and federated identity

Adhering to a layered security approach, a controlled access facility employs security guards who verify the authorization of all personnel entering the facility. Which of the following terms BEST describes the security control being employed? Corrective Deterrent Compensating Administrative

Admin

Mark is currently configuring a new e-commerce server. He’s concerned about security issues, so which of the following would be the best location to place his e-commerce server? DMZ Intranet Extranet Guest network

DMZ

Which of these should be used for remote access authentication for users who have smart cards? EAP-TLS CHAP PEAP MS-CHAPv2

Eap-tls

You’re wanting to integrate users’ accounts with other resources from the web. In order to do so, you need to allow authentication to be used across different domains and while doing so, you mustn’t expose your users’ passwords to these services. Of the listed principles, which would be the most effective to accomplish this goal? Kerberos SAML SASL OAuth

OAuth

Why would a company want to utilize a wildcard certificate for their servers? To extend the renewal data of the certificate To secure the certificate's private key To reduce the certificate management burden To increase the certificate's encryption key length

To reduce the certificate management burden A wildcard certificate is a public key certificate which can be used with multiple subdomains of a domain. This saves money and reduces the management burden of managing multiple certificates, one for each subdomain. A single Wildcard certificate for *.diontraining.com, will secure all these domains (www.diontraining.com, mail.diontraining.com, ftp.diontraining.com, …). The other options provided are not solved by using a wildcard certificate

Secure Enclave

All data on a mobile device is encrypted is what?

Msp needs a secure method of connecting to the web servers of a remote client Proxy server Jump server IPS HSM

Jump server

Ddos has caused a critical service to be unavailable for 90% of the business day. Asset value Single loss expectancy Risk appetite Exposure factor Key risk indicator

Exposure factor

An attacker has circumvented a web-based application to send commands directly to a database. Which of the following would describe this attack type?

SQL injection

Which of the following would be the MOST significant security concern when protecting against organized crime? -Require identification cards for all employees and guests -Prevent users from posting passwords near their workstations -Maintain reliable backup data -Use mantraps at all data center locations

Maintain reliable backup data

A system administrator has added a new user to the network and has categorized this user to have “secret” level access. With this setting, the user will be able to access all files and folders with secret level access and lower. Which of the following describes this access control method? Rule-based Discretionary Mandatory Role-based

Mac

To upgrade an internal application, the development team provides the operations team with a patch executable and instructions for backing up, patching, and reverting the patch if needed. The operations team schedules a date for the upgrade, informs the business divisions, and tests the upgrade process after completion. Which of the following describes this process? You Answered Continuity planning Usage auditing Agile Change management

Change management

A security administrator has installed a network-based DLP solution to determine if file transfers contain PII. Which of the following describes the data during the file transfer? In-transit Highly available In-use At-rest

In transit

A coworker is connecting to a secure website using HTTPS. The coworker informs you that before the website loads, their web browser displays an error that the site certificate is invalid and the site is not trusted. Which of the following is most likely the issue? -The web server is currently unavailable. -The web browser is requiring an update. -A web proxy is blocking the connection. -The server is using a self-signed certificate.

Server is using a self signed certificate

IPsec is a VPN protocol, not a remote access and authentication protocol

True

RFC 3227

Guidelines for evidence collection and archiving, digital forensic process

Message digests work as support for what?

many hashing protocols A doctor with a hash brown as a nurse assisting him

Key management life cycle 6 stages

Key generation Certificate generation Distribution Storage Revocation Expiration

To create a key pair, send the private key to the CA to be signed

False, public key

Company engineers regularly participate in a public Internet forum with other engineers throughout the industry. Which of the following tactics would an attacker MOST likely use in this scenario? Watering Hole Attack Hybrid Warfare Pharming Credential Harvesting

Watering hole attack

Which of the following is unique to a stream cipher? It uses AES encryption It is used in HTTPS It encrypts 128 bytes at a time. It performs bit-level encryption

Bit level encryption

A systems administrator is configuring a new network switch for TACACS+ management and authentication. Which of the following must be configured to provide authentication between the switch and the TACACS+ server CHAP Shared Secret SNMPv3 SSH

Shared secret

Provenance

This is the original data and shows where the data has gone (chain of custody for data handling) block chain tech

A security engineer is configuring a wireless network that must support mutual authentication of the wireless client and the authentication server before users provide credentials. The wireless network must also support authentication with usernames and passwords. Which of the following authentication protocols MUST the security engineer select? EAP EAP-FAST PEAP EAP-TLS

Peap

Diamond model of intrusion analysis is what?

Adversary (develops) Capability (exploits) Victim (connects to) Infrastructure (uses)

OAuth (Open Authorization) is an open standard for authorization that allows users to grant third-party applications limited access to their resources without sharing their credentials (like passwords) directly with the third-party application. It's commonly used for enabling secure access to APIs and web services, particularly in scenarios involving user authentication and authorization.

True

Security assertion markup language

An open standard for authentication and authorization, can authenticate through a 3rd party, not good for mobile apps

SWG stands for Secure Web Gateway. It is a security solution designed to protect users and devices within an organization from web-based threats and enforce security policies for internet traffic. SWGs act as intermediaries between users and the internet, monitoring and filtering web traffic to prevent access to malicious or unauthorized websites and content

True

Key stretching library, Ext of Unix crypt library, generate hashes from passwords, blowfish cipher to perform multiple rounds of hashing

Bcrypt

Change the method of key exchange, can’t decrypt with private server key/every session uses a different private key for the exchange, uses ECC or diffie is what?

Perfect forward secrecy

Use a different encryption key for each session is what?

An authentication program performs a hash of all passwords is data in what?

Data in use

Each time a spreadsheet is updated, all other cells with formulas auto update is what data?

Data in use

The Vice President of Sales has asked the IT team to create daily backups of the sales data. The Vice President is an example of A. Data owner B. Data protection officer C. Data controller D. Data processor

Data owner

A company has been informed of a hypervisor vulnerability that could allow users on one virtual machine to access resources on another virtual machine. Which of the following would BEST describe this vulnerability? A. Containerization B. VM sprawl C. SDN D. VM escape

VM escape A VM (Virtual Machine) escape is a vulnerability that allows communication between separate VMs

Vala, a security analyst, has received an alert from her IPS regarding active exploit attempts from the Internet. Which of the following would provide detailed information about these exploit attempts? A. Netstat B. Nmap C. Nessus D. Wireshark

Wireshark

Defines how much data loss would be acceptable during a recovery

RPO

RTO Recovery time objectives

Defines minimum objectives required to get up and running to a particular service level

A recent security audit has discovered email addresses and passwords located in a packet capture. Which of the following did the audit identify? A. Weak encryption B. Improper patch management C. Insecure protocols D. Open ports

Insecure protocols

. An IPS report shows a series of exploit attempts were made against externally facing web servers. The system administrator of the web servers has identified a number of unusual log entries on each system. Which of the following would be the NEXT step in the incident response process? A. Check the IPS logs for any other potential attacks B. Create a plan for removing malware from the web servers C. Disable any breached user accounts D. Disconnect the web servers from the network

D. Disconnect the web servers from the network Disconnect the web servers from the network The unusual log entries on the web server indicate that the system may have been exploited. In that situation, the servers should be isolated to prevent access to or from those systems

Raid 0 is striping with parity

False, RAID 5 Raid 0 is striping with no parity

Minimization

Which of the following would limit the type of information a company can collect from their customers

This command can be used to perform a reverse-lookup of the IPv4 address and determine the IP address block owner that may be responsible for this traffic.

dig (Domain Information Groper)

. A hacker is planning an attack on a large corporation. Which of the following would provide the attacker with details about the company’s domain names and IP addresses? A. Information sharing center B. Vulnerability databases C. Automated indicator sharing D. Open-source intelligence

. Open-source intelligence describes reconnaissance gathering from publicly available sources. In this example, information about domain names and IP address would be easily retrieved from a query to a public DNS (Domain Name System) server.

A security administrator would like to test a server to see if a specific vulnerability exists. Which of the following would be the BEST choice for this task?

Metasploit exploitation framework that can use known vulnerabilities to gain access to remote systems. Metasploit performs penetration tests and can verify the existence of a vulnerability

Which of the following would be the BEST way to protect credit card account information when performing real-time purchase authorizations? A. Masking B. DLP C. Tokenization D. NGFW

Tokenization, technique that replaces user data with a non-sensitive placeholder, or token. Tokenization is commonly used on mobile devices to purchase using a credit card without transmitting the credit card number

. A government transport service has installed access points that support WPA3. Which of the following technologies would provide enhanced security for PSK while using WPA3? A. 802.1X B. SAE C. WEP D. WPS

SAE

.security administrator has identified the installation of a RAT on a database server and has quarantined the system. Which of the following should be followed to ensure that the integrity of the evidence is maintained? A. Perfect forward secrecy B. Non-repudiation C. Chain of custody D. Legal hold

Chain of custody

o process the company payroll, a manager logs into a third-party browser-based application and enters the hours worked for each employee. The financial transfers and physical check mailings are all provided by the third-party company. The manager does not maintain any servers or virtual machines within his company. Which of the following would BEST describe this application model? A. PaaS B. Private C. SaaS D. IaaS

SaaS

Which of the following BEST describes the modification of application source code that removes white space, shortens variable names, and rearranges the text into a compact format? A. Confusion B. Obfuscation C. Encryption D. Diffusion

Obfuscation

Which of the following would be the MOST likely result of plaintext application communication? A. Buffer overflow B. Replay attack C. Resource exhaustion D. Directory traversal

Replay attack

What can be used to monitor and alert if there are any changes to a file?

file integrity check (i.e., Tripwire, System File Checker, etc.)

company disposed of seven-year-old printed customer account summaries that were no longer required for auditing purposes. A recent online search has now found that images of these documents are available as downloadable torrents. Which of the following would MOST likely have prevented this information breach? A. Pulping B. Degaussing C. NDA D. Fenced garbage disposal areas

Pulping

Pulping places the papers into a large washing tank to remove the ink, and the paper is broken down into pulp and recycled. The information on the paper is not recoverable after pulping.

True

application developer is creating a mobile device app that will include extensive encryption and decryption. Which of the following technologies would be the BEST choice for this app? A. AES B. Elliptic curve C. PFS D. PGP

Elliptic curve ECC (Elliptic Curve Cryptography) uses smaller keys than non-ECC encryption and has smaller storage and transmission requirements. These characteristics make it an efficient option for mobile devices

The ARO (Annualized Rate of Occurrence) describes the number of instances that an event would occur in a year. For example, if the organization expect to lose seven laptops to theft in a year, the ARO for laptop theft is seven.

True

Responsible for the organization’s data privacy – Sets policies, implements processes and procedures Data protection officer Data steward Data custodian Data controller

Data protection officer

Defines payroll amounts and timeframes, processes payroll and stores employee information

Payroll controller and processor

What is the information lifecycle?

Creation and receipt Distribution Use Maintenance Disposition

Get up and running quickly, get back to a particular service level is MTTR

False, recovery time objective

How much data loss is acceptable, bring the system back online, how far back data goes is what?

True, RPO

Confusion

Concept with data encryption where the encrypted data is drastically different than the plain text

In a zero trust architecture, which component acts as a gatekeeper between untrusted systems and trusted enterprise resources? Oscp Sender Policy framework End point detection and response Policy enforcement point

Policy enforcement point, A policy enforcement point allows, monitors, and terminates connections between the trusted and untrusted systems.

Attacker emails a link that if clicked on will run a java script that sends credentials/session IDs/cookies to the attacker

Non persistent XSS attack When you buy something from a website and a attacker puts a js in so they can steal your information to be able to authenticate back to that website and buy stuff with your information

When a website’s browser has a video from YouTube on it or has pictures loaded from insta, this is a what?

Cross site Most are unauthenticated

What is for randomizing encryption schemes like ciphers, WEP and SSL?

IV salt is a type of nonce used with password randomization to make the password hash unpredictable

Your organization requires support for specific authentication methods beyond username/password Eap-tls Eap-ttls Peap Eap-fast

Eap-ttls

How a process can affect customer privacy is what?

Privacy impact assessment (PIA)

Maintenance

Information life cycle stage that deals with retrieval of information and data transfers

Information life cycle stage about how Information is processed, stored and sorted

Distribution

RPO is how much time to recover to a certain point, not complete recovery

False, RTO (recovery time objective) RPO is minimum amount of data to get back online

EU protection/privacy for data

GDPR

Which best sends data to a specific remote port Netcat Route Grep Dig Tail

Netcat

Ip sec, FTPs, NTPsec, ssh -Encrypt all data sent to terminal console -encrypt all voip phone call audio -gather performance metrics from switches and routers -Send files from workstation to a server -auto set time snd date on laptop -connect 2 sites using encrypted tynnel -securely authenticate users to a network resource

1. SSH 2. SRTP 3. SNMPv3 4. FTPS 5. NTPsec 6. IPsec 7. Ldaps

Security admin wants to block users from visiting known malicious internet locations. Which provide this? Honeypot DNS sinkhole DLP Fake telemetry Embedded system

DNS sinkhole

An application developer has embedded a certificate in a mobile app. Which best describes the app use of the certificate Self signed Stapling Pinning Hashing

Pinning

Security assertion markup language (SAML)

Open standard to be able to gain authentication and authorization to a 3rd party’s resources Not for mobile apps

Security admin needs to modify a portion of a systems boot sector. Which is the best for the task? Ftk imager Winhex Memdump Autopsy Dd

Winhex

Which is the way to save energy in a data center? Air gap Hot and cold aisles East and west Ingress and egress

Hot and cold aisles

Which of the following would be most likely to verify the entity requesting a certificate? OCSP Common name RA CRL

Ñame 3 business policies

Job rotation, mandatory vacation, separation of duties, dual control, clean desk policy

Framework Core

This identifies, protects, detects, responds and recovers

Security in cloud computing, not for profit organization

Cloud security alliance (CSA)

Controls that are implemented by people is managerial controls

False, operational Managerial is security designs and and implementations, policies and SOP’s

Récord custodians are instructed to preserve data is what?

Hold notification

But for bit copy and preserves all data, even if it as deleted

Forensic clone (disc)

Ñame 2 types of data found in the RAM/memory dump

Browsing history, clipboard information, encryption keys, command history

Ñame 2 artifact locations

Log information Flash memory Prefetch cache files Recycle bins Browser bookmarks and logins

What is a difficulty with digital forensics in the cloud?

Devices are not totally in your control There may be limited access Associate data with a specific user

What kind of attack is this, a virus alert appears in your browser from Microsoft with a phone number to call for support Vishing Hoax Spoofing On path

Hoax

A computer room in a library that has a web server and a database server in it would use what 3 security controls? Locking cabinets Environmental sensors Biometric reader FDE Cable lock Smart card Video surveillance

Locking cabinets Environmental sensors Video surveillance

A library employee is offsite using his laptop that contains PII. What 2 security controls should he use? Environmental sensors Video surveillance Biometric reader Locking cabinets Smart card FDE Cable lock

FDE Biometric reader

An open area with laptop computers for a newspaper reading lab would use cable locks as security controls

True

What secure network protocol would use to accept customer purchases from your primary website?

HTTPS

Your login will not work unless you are connected to the VPN is something you can do

False, somewhere you are

What 2 protocols use TLS to provide secure communication?

HTTPS, FTPS

Daniel needs to know how often a firewall is expected to fail between repairs Mtbf RTO Mttr MTTF

MTBF

What would provide a list of internal windows devices that have not installed the latest security patches and verification of encrypted data transfers?

CASB

Name an an example of an approval list

application hash- only allows apps with unique identifier Certificate- has to be digitally signed from publisher Path-only applications from specific folders Network zone- only from a specific zone

This typically has allowed lists built in Firewall Os Embedded system Concentrator

An online web conference is sent in real time to attendees is data in what? In use In transit At rest

In transit

Authentication attempts to an AAA server is data what? In transit In use At rest

In transit

An org is using the SSAE SOC 2 type II framework. Which is associated with this framework?

System audit

A company is creating a security policy that will protect all corporate mobile devices Cope Cyod Mdm Mcm

Mdm

The user adds 3 additional individuals to read only access to the file Mac ABAC Rbac Dac

Dac

These need different tables for different hashing methods and aren’t useful if passwords are salted

Rainbow tables

A security would like to verify systems can’t be accessed by former employees -Confirm that no authorized accounts have admin access -Validate lock out policy -Validate process/procedure for all outgoing employees -Create a report with all authentication for 24 hour period

Validate process/procedure for all outgoing employees

This views data trends, alerts and correlations(view data in different ways)

SIEM

NXlog

Syslog daemon that collects many diverse logs

Memory is the 2nd most volatile

True

Which risk management strategy would include purchase and installation of an NGFW? Transference Mitigation Acceptance Risk avoidance

Mitigation

Mitre Attack

-identify point of intrusion -understand method used to move around -identify potential security techniques to block future attacks

Which person in an org is responsible for managing access rights? Data processor Data owner Privacy officer Data custodian

Data custodian

Vm in a screened subnet with guest login and no password would be the most likely reason? Server is a Honeypot Server is a Cloud storage Server is a VPN concentrator Server is a sandbox for 3party programming

Server is a Honeypot

Company would like to securely deploy applications without overhead if installing a vm for each system. Containerization Iaas Segmentation Virtualization

Containerization

How many drives does each below need? Raid 0 Raid 1 Raid 5

2 2 3

Choose 3 security features for tablet and 3 for desktop with browser based front end with 2 authentication forms: Remote wipe, FDE, environmental factors, face recognition, locking cabinets, host based firewall, anti malware, smart card

Tablet: remote wipe, FDE, face recognition Desktop: host based firewall, anti malware, smart card

Sales information is uploaded daily from a remote site using a satellite network is what type of data in?

Data in Transit

Maintain uptime when power surges cause physical damage to one of the power supplies in a system Dual power supplies PDU PDS Hot swappable

dual power supplies

This command would allow you to use a reverse lookup of an IPv4 address and see the IP address block owner

Dig

Which would provide an attacker details about a company’s domain name and ip address? Information sharing center Vulnerability database AIS Open source intelligence

Open source intelligence

Standard format and transfer mechanism for distributing security intelligence b/w different organizations Information sharing center AIS IOC Vulnerability database

Automated indicator sharing

. To process the company payroll, a manager logs into a third-party browser-based application and enters the hours worked for each employee. The financial transfers and physical check mailings are all provided by the third-party company. The manager does not maintain any servers or virtual machines within his company. Which of the following would BEST describe this application model? A. PaaS B. Private C. SaaS D. IaaS

SaaS

Modifies application source code and removes white spaces, shortens variable names and rearranges the text in compact form Confusion Obfuscation Encryption Diffusion

Obfuscation

These logs may contain information about recent traffic flows to systems outside of corporate network

Hips Host based firewall

An app developer is creating a mobile device app that will include extensive encryption and decryption is what?

Elliptic curve, efficient for mobile devices

Tests Security devices by checking ips signatures and firewall rules, test ip flow/Netflow devices, evaluates performance of security devices

Tcprelay

View’s application traffic, traffic patterns, identifies unknown traffic, verifies packet filtering and security controls

Wire shark

Copy information in a system memory to the standard output stream

Memdump

Certificate chaining starts with the SSL certificate and ends with the root certificate. What is a certificate in between the 2 called?

Chain certificate or intermediate certificate

Common attack for this is the attacker making their system appear trusted with false ip addresses, caller id numbers and other ways to gain access to systems or information

Spoofing

Encrypted data is drastically different than the plaintext is obfuscation

False, confusion Obfuscation makes things unclear

CA verifies the entity requesting the certificate

False, RA Certificate Authority deploys and managements certificates

Company is required to maintain 7 years of tax records. Which is best? A. Created automated script to remove tax info more than 7 years old B. Print and store all tax records in 7 year span C. Allie users to down tax records from account login D. Create separate daily backup archive for all applicable tax records

D. Create separate daily backup archive for all applicable tax records

Security solution for end user devices to protect against malicious software and threats

Endpoint detection response

It is common for vulnerability scans to show vulnerabilities that don’t actually exist and can be dismissed once the alert has been properly researched

True, especially with non credentialed scans

Used with dedicated network exclusively to manage manufacturing equipment, power and water management systems

Industrial control system ICS

Which is a common way to prevent exploitation of a root certificate? Certificate chaining CRL Certificate pinning Offline CA

Offline CA, can’t hack if offline

Security admin thinks a user installed a rogue AP on corporate network. Which can confirm? Utm log WAF log Switch log DLP log

Switch log

Incident response team is validating their disaster recovery plans without making changes to the infrastructure. Table top exercise Simulation Passive reconnaissance Exercise

Table top exercise

Simulation often changes an existing system or infrastructure in order to properly test a simulated disaster

True

Evaluates security of existing source code

Static code analyzer

This would provide a specific filter that would prevent a web server from processing added data

Input validation

Contract of long term temp employee is ending. Which is most important of off boarding process? -Perform on demand audit of user privileges -Archive decryption keys with user account -Document outstanding tasks -Obtain signed AUP

Archive decryption keys with user account

System admin needs to provide os access to a web server executable. User Privileged Service Guest

Service

Company maintains a scheduling app and a database in a virtualized cloud based environment. Which is best backup? Full Snapshot Differential Incremental

Snapshot VM’s and virtual clouds specifically for this

In an environment with discretionary access control, which controls the rights and permissions associated with a file or directory? Admin Owner Group System

Owner D.O. Chiedo

Determining if file transfers contain PII. Which describes data during a file transfer? In use In transit At rest Highly available

In transit

System dev life cycle that focuses on creating content as quick as possible and refining the content until the final product is complete

Agile

.. in a file path

Parent directory Associated with directory traversal

Merges developed code, tests for issues, and auto moves the newly developed application to production without human intervention Continuous deployment Continuous of operations Continuous delivery Continuous integration

Continuous deployment

Code constantly written and merged into central repository many times a day

Continuous integration

An attacker sending a HTTP suspicious WebDAV (packet) is trying to do what?

Trigger the IPs

Accesses a connection on a remote machine SSH Netcat Nmap LW thin client

Netcat, also creates open connections and reads and writes information to the network

Most effective use of asymmetric encryption Real time video encryption Store passwords Protect data on mobile devices Securely derive a session key

Securely derive a session key

It manager wants to prevent 3rd parties from gaining access to to info if a laptop is stolen. Which is best? Remote wipe FDE Biometrics Bios user password

FDE

This firewall allows or denies based on expected input. Blocks unexpected input to exploit an application

Web application firewall

-Physically disconnected the Ethernet cable on the database server -Disabled the unknown account • -Configured a firewall rule to prevent file transfers from the server Which incident response process? A. Eradication B. Containment C. Lessons learned D. Preparation

B. Containment

Disconnecting compromised devices from the network, blocking malicious traffic is which of the incident response lifecycle? Detection analysis Containment Eradication Recovery

Containment

Eradication is finding/eliminating the root cause of a security incident

True

Which of the following is an authentication attribute? Something you have Somewhere you are Something you know Something you are

Somewhere you are

What type of wireless network security limits access using physical hardware addresses? Geofencing WPS Geotagging Mac filtering

Mac filtering

A system administrator has replaced a storage drive and restored a server from backup using a full backup and multiple additional tape sets. Which of the following would BEST describe this backup type? Differential Snapshot Full Incremental

Incremental

A system administrator would like to identify all known vulnerabilities on a remote device. Which of the following would be the BEST choice for this task? Scanless Grep Nessus Dnseum

Nessus

An attacker has circumvented a security control by modifying their MAC address. Which of the following would describe this attack type? Rogue AP Cloning Man in the middle Jamming

Cloning

Which of these best describes authentication that is genuine with high confidence? Hashing Non repudiation Integrity AH

Non repudiation

Which of the following would be the best way to prevent a worm entering the network through a USB flash drive Screened subnet NGFW DLP WAF

DLP

Which of the following is commonly used to verify device drivers during Windows startup?

ELAM

A company has determined that laptops valued at $50,000 have been stolen over the last calendar year. Which of the following would describe this value? ALE ARO SLE CER

Annual loss expectancy

Infrastructure is handled by the provider in SaaS

True, you use both the providers software and infrastructure IaaS you would only use the providers infrastructure but be in charge of your own software

Saas is like going to a restaurant and they make your meal for you PaaS is like going to an open kitchen where you have full access to cook your own meal

True

Which control is security designs and and implementations, policies and SOP’s

Managerial

This allows, monitors, and terminates connections between the trusted and untrusted systems.

A policy enforcement

PII and PHI are classified/private information

False, sensitive

Buying cybersecurity insurance is which risk management strategy?

Transference Mitigation would be investing in security systems

is public discourse correlated to real world behavior/hate you they hack you/social media as barometer

Sentiment analysis

SSL, intermediary and root certificate make up what?

Certificate chain

Both sides agree to contents, includes a confidentiality statement, informal letter of intent, not signed contract

Memorandum of understanding

BPA

Business partnership agreement Going into business together, owner stake, financial contract, decision agreements, contingency preparation

Name 2 control objectives for PCI DSS

-build and maintain a secure network and systems -protect cardholder data -maintain a vulnerability management program -implement strong access control measures -regularly monitor and test networks -maintain an information security policy

Records custodians are instructed to preserve data is what?

Hold notification

In a legal hold, what has many different data sources and types/a unique workflow and retention requirements?

Electronically stored information ESI

Record time offsets from the OS

True, Windows registry

/var/log Event Viewer

Log store for Linux Windows

In volatility ñame all in the 2nd and fifth most volatile

2. Router table, kernel statistics, memory, process, ARP cache 5. Remote logging and monitoring data

What do you connect to a disk?

Imaging device with write protection

What transfers pages of RAM to a storage device?

Swap/pagefile Place to store ram when memory is depleted

Deleted files Hidden data Hardware or software corruption Storage device is physically damaged

Data recovery process

The 2 parties can verify non repudiation through a use of what?

Message authentication code MAC

CASB

CASB you implement to -enforce security policies, -monitor user activities, -and protect sensitive data in the cloud?

Which logs are stored in binary format?

System

Determines route a packet takes to a destination is what command?

Traceroute Maps entire path

This command performs port, os and service scans and additional scripts

Nmap

ARP on local subnet, ICMP requests, TCP ACK, and ICMP timestamp requests are techniques for what tool?

Ip scanner

Uses cmdlets to extend command line functions

Windows power shell

To create a key pair you send the private key to the CA to be signed

False, public

Security + Flashcards

(1111 cards)