- decks
- flashcards
- learners
Decks in this class (131)
Security controls 1.1
Technical controls 1,
Managerial controls 2,
Operational controls 3
11
cards
Preventive Control types (1.1)
Firewall category 1,
On boarding policy category 2,
Guard shack category 3
4
cards
Deterrent control types (1.1
Splash screen type 1,
Demotion type 2,
Reception desk type 3
4
cards
Detective control types (1.1)
System logs 1,
Property patrols 2,
Review login reports 3
4
cards
Corrective control (1.1)
Backup recovery 1,
Contacting law enforcement 2,
Policies for reporting issues 3
4
cards
Compensating control (1.1)
Block instead of patch 1,
Power generator 2,
Separation of duties 3
4
cards
Directive control type (1.1)
File storage polices 1,
Authorized user only sign 2,
Compliance policy 3
4
cards
CIA Triad 1.2
The cia triad definition 1,
Elements of confidentiality 2,
Integrity 3
4
cards
Confidentiality (1.2)
Elements of confidentiality 1,
Encryption 2,
Access controls 3
4
cards
Integrity (1.2)
Elements of integrity 1,
Hashing 2,
Digital signatures 3
5
cards
Availability (1.2)
Availability 1,
Redundancy 2,
Fault tolerance 3
4
cards
Non repudiation (1.2)
Non repudiation 1,
Proof of integrity 2,
Proof of origin 3
5
cards
Acronyms
Aaa 1,
3des 2,
Acl 3
324
cards
Authentication, Authorization, & Accounting 1.2
Elements of aaa framework 1,
Authenticating people ex see video 2,
Authenticating systems process 3
7
cards
Gap Analysis 1.2
What is a gap analysis 1,
Choosing the framework 2,
Evaluate people and processes 3
5
cards
Zero Trust 1.2
Zero trust 1,
Planes of operation 2,
Extend the physical architecture ...
8
cards
Physical Security 1.2
Barricades bollards 1,
Access control vestibules see exa...,
Fencing 3
7
cards
1.2 Deception & Disruption
Honeypots 1,
Honeynets 2,
Honeyfiles 3
4
cards
Change management steps 1.3
Change management 1,
Change approval process 2,
Ownership 3
9
cards
Technical change management steps 1.3
Technical change management 1,
Allow list deny list 2,
Restricted activities 3
9
cards
Public Key Infrastructure 1.4
Public key infrastructure pki 1,
Symmetric encryption definition a...,
Asymmetric encryption 3
6
cards
Encrypting data 1.4
Encrypting stored data overview 1,
Database encryption 2,
Transparent encryption 3
10
cards
Key Exchange 1.4
Key exchange importance 1,
Out of band key exchange 2,
In band key exchange 3
6
cards
Encryption technologies 1.4
Trusted platform module tpm 1,
Hardware security module hsm 2,
Key management system 3
7
cards
Obfuscation 1.4
Obfuscation 1,
Steganography 2,
Common steganography techniques 3
7
cards
Hashing & digital signatures 1.4
Hashes 1,
A hash example see video 2,
Collision importance 3
9
cards
Blockchain technology 1.4
Blockchain 1,
The blockchain process see video 2
2
cards
Certificates 1.4
Digital certificates 1,
What s in a digital certificate s...,
Root of trust 3
12
cards
2.1 Threat Actors
Threat actors 1,
Attributes of threat actors 2,
Motivations of threat actors 3
15
cards
2.2 Common Threat Vectors
Threat vectors 1,
Message based vectors 2,
Phishing attacks see video example 3
13
cards
2.2 Phishing
Phishing see video examples 1,
Buisness email compromise traits 2,
Tricks and misdirection of phishi...
4
cards
Impersonation 2.2
Pretext see slide for quote examp...,
Impersonation 2,
Eliciting information 3
6
cards
Watering Hole Attacks 2.2
Watering hole attack 1,
Executing the watering hole attack 2,
Because that s where the money is...
4
cards
Other Social engineering attacks (2.2)
Misinformation disinformation 1,
The misinformation process 2,
Brand impersonation 3
3
cards
Memory Injections 2.3
Finding malware 1,
Memory injection 2,
Dll injection 3
3
cards
Buffer Overflows 2.3
Buffer overflows see video example 1
1
cards
Race Conditions 2.3
Race condition 1,
Race condition example see video 1,
Race conditions can cause big pro...
3
cards
Malicious Updates 2.3
Downloading and updating 1,
Software updates see video example 1,
Automatic updates 2
3
cards
2.3 Operating system vulnerabilities
Operating systems 1,
A month of os updates 2,
Best practice for os vulnerabilit...
3
cards
2.3 SQL Injection
Code injection 1,
Building a sql injection see video 2,
Sql injection 3
4
cards
2.3 Cross Site Scripting
Cross site scripting 1,
Cross site scripting attack 2,
Non persistent reflected xss atta...
7
cards
2.3 Hardware Vulnerabilities
Hardware vulnerabilities 1,
Firmware 2,
End of life 3
4
cards
2.3 Virtualization Vulnerabilities
Virtualization security 1,
Vm escape protection 2,
Escaping the vm 3
4
cards
2.3 Cloud specific Vulnerabilities.
Security in the cloud 1,
Attack the device 2,
Attack the application 3
3
cards
Supply chain vulnerabilities 2.3
Supply chain risk 1,
Service providers 2,
Target service provider attack se...
7
cards
Misconfiguration vulnerabilities 2.3
Open permissions 1,
Unsecured admin accounts 2,
Insecure protocols 3
5
cards
Mobile device vulnerabilities 2.3
Mobile device security 1,
Jailbreaking rootingus 2,
Sideloading 3
4
cards
Zero-day vulnerabilities 2.3
Vulnerabilities 1,
Zero day attacks 2,
Zero day attacks in the wild see ...
3
cards
An overview of Malware 2.4
Malware 1,
Malware types and methods 2,
How you get malware 3
6
cards
2.4 Viruses and worms
Virus 1,
Virus types 2,
Fileless virus see video example 3
5
cards
2.4 Spyware and Bloatware
Spyware 1,
Protecting against spyware 2,
Bloatware 3
5
cards
2.4 Other Malware Types
Keyloggers 1,
Logic bomb 2,
Real world logic bombs 3
6
cards
2.4 Physical attacks
Physical attacks 1,
Brute force 2,
Rfid cloning 3
4
cards
2.4 Denial of Service
Denial of service 1,
A friendly dos 2,
Distributed denial of service ddos 3
4
cards
2.4 DNS attacks
Dns poisoning 1,
Domain hijacking 2,
Url hijacking 3
4
cards
2.4 Wireless Attacks
Wireless deauthentication 1,
80211 management frames 2,
Protecting against deauth attacks 3
5
cards
2.4 On Path Attacks
On path network attack 1,
On path browser attack 2
2
cards
2.4 Replay attacks
Replay attack 1,
Browser cookies and session ids 2,
Pass the hash 3
6
cards
2.4 Malicious Code
Exploiting a vulnerability 1,
Malicious code 2,
Malicious code examples 3
3
cards
2.4 Application attacks
Injection attacks 1,
Sql injection 2,
Buffer overflows 3
11
cards
2.4 Cryptographic Attacks
Cryptographic attacks 1,
Birthday attack 2,
Collisions 3
5
cards
2.4 Password attacks
Plaintext unencrypted passwords 1,
Hashing a password 2,
A hash example 3
6
cards
2.4 Indicators of compromise
Indicators of compromise ioc 1,
Account lockout 2,
Concurrent session usage 3
9
cards
2.5 Segmentation and Access Control
Segmenting the network 1,
Access control lists acls 2,
Examples of allow and deny lists 3
3
cards
2.5 Mitigation techniques
Patching 1,
Encryption 2,
Monitoring 3
6
cards
2.5 Hardening techniques
System hardening 1,
Encryption 2,
The endpoint 3
9
cards
3.1 Cloud Infrastructure
Cloud responsibility matrix 1,
Hybrid considerations 2,
Third party vendors in the cloud 3
6
cards
3.1 Network Infrastructure concepts
Physical isolation 1,
Physical segmentation 2,
Logical segmentation with vlans 3
4
cards
3.1 other Infrastructure concepts
Attacks can happen anywhere 1,
On premises security 2,
Centralized vs decentralized 3
10
cards
3.1 Infrastructure Considerations
Availability 1,
Resilience 2,
Cost 3
12
cards
3.2 Secure Infrastructures
Device placement 1,
Security zones 2,
Attack surface 3
5
cards
3.2 Intrusion prevention
Failure models 1,
Device connections 2,
Intrusion prevention system ips 3
5
cards
3.2 Network appliances
Jump server 1,
Proxies 2,
Forward proxy steps and defenitio...
10
cards
3.2 Port Security
Port security 1,
Eap 2,
Ieee 8021x 3
4
cards
3.2 Firewall Types
The universal security control 1,
Network based firewalls 2,
Utm all in one security appliance 3
6
cards
3.2 Secure communication
Vpn 1,
Encrypted tunnel 2,
Ssl tls vpn secure sockets layer ...
11
cards
3.3 Data types and classifications
Data types 1,
Classifying sensitive data 2,
Data classifications 3
3
cards
3.3 States of Data
Data at rest 1,
Data in transit 2,
Data in use 3
5
cards
3.3 Protecting data
Geographic restrictions 1,
Protecting data 2,
Encryption 3
9
cards
3.4 Resiliency
High availability 1,
Server clustering 2,
Load balancing 3
11
cards
3.4 Capacity planning
Capacity planning 1,
People 2,
Technology 3
4
cards
3.4 Recovery Testing
Recovery testing 1,
Tabletop exercises 2,
Fail over 3
5
cards
3.4 Backups
Backups 1,
Onsite vs offsite backups 2,
Frequency 3
8
cards
3.4 Power resiliency
Power resiliency 1,
Ups 2,
Generators 3
3
cards
4.1 Secure Baselines
Secure baselines 1,
Establish baselines 2,
Deploy baselines 3
4
cards
4.1 Hardening targets
Hardening targets 1,
Mobile devices 2,
Workstations 3
10
cards
4.1 Securing wireless & Mobile
Site surveys 1,
Wireless survey tools 2,
Mobile device management mdm 3
8
cards
4.1 Wireless Security settings
Securing a wireless network 1,
The wpa2 psk problem 2,
Wpa3 and gcmp 3
11
cards
4.1 Application Security
Secure coding concepts 1,
Input validation 2,
Secure cookies 3
7
cards
4.2 Asset management
Acquisition procurement process 1,
Assignment accounting 2,
Monitoring asset tracking 3
6
cards
4.3 Vulnerability scanning
Vulnerability scanning 1,
Static code analyzers 2,
Dynamic analysis fuzzing 3
5
cards
4.3 Threat intelligence
Threat intelligence 1,
Open source intelligence osint 2,
Proprietary third party intellige...
5
cards
4.3 Penetration testing
Penetration testing 1,
Rules of engagement 2,
Exploiting vulnerabilities 3
5
cards
4.3 Analyzing Vulnerabilities
Dealing with false information 1,
Prioritizing vulnerabilities 2,
Cvss 3
9
cards
4.3 Vulnerability remediation
Patching 1,
Insurance 2,
Segmentation 3
9
cards
4.4 Security monitoring
Security monitoring 1,
Monitoring computing resources 2,
Log aggregation 3
8
cards
4.4 Security tools
Security content automation proto...,
Using scap 2,
Benchmarks 3
11
cards
4.5 Firewalls
Network based firewalls 1,
Next generation firewalls ngfw 2,
Ports and protocols 3
6
cards
4.5 Web filtering
Content filtering 1,
Url scanning 2,
Agent based 3
8
cards
4.5 Operating system security
Active directory 1,
Group policy 2,
Security enhanced linux selinux 3
3
cards
4.5 Secure Protocols
Unencrypted network data 1,
Protocol selection 2,
Port selection see example in not...
5
cards
4.5 email security
Email security challenges 1,
Mail gateway 2,
Sender policy framework spf 3
5
cards
4.5 Monitoring data
Fim file integrity monitoring 1,
Data loss prevention dlp 2,
Data loss prevention dlp systems 3
7
cards
4.5 Endpoint Security
The endpoint 1,
Edge vs access control 2,
Posture assessment 3
8
cards
4.6 Identity and Access Management
Identity and access management iam 1,
Permission assignments 2,
Identity proofing 3
10
cards
4.6 Access controls
Access control 1,
Least privilege 2,
Mandatory access control mac 3
8
cards
4.6 Multifactor Authentication
Multifactor authentication 1,
Something you know factor 2,
Something you have factor 3
7
cards
4.6 Password Security
Password complexity and length 1,
Password age and expiration 2,
Password managers 3
7
cards
4.7 Scripting and automation
Scripting automation 1,
Automation benefits 2,
Cases for automation 3
4
cards
4.8 Incident response
Security incidents 1,
Nist sp800 61 2,
Preparing for an incident 3
10
cards
4.8 Incident planning
Exercising 1,
Tabletop excuses 2,
Simulation 3
5
cards
4.8 Digital Forensics
Digital forensics 1,
Legal hold 2,
Chain of custody 3
7
cards
4.9 Log data
Security log files 1,
Firewall logs 2,
Application logs 3
12
cards
5.1 Security policies
Security policy guidelines 1,
Information security policies 2,
Acceptable use policies aup 3
10
cards
5.1 Security Standards
Security standards 1,
Password 2,
Access control 3
5
cards
5.1 Security procedures
Change management 1,
Change control 2,
Onboarding 3
7
cards
5.1 Security considerations
Regulatory 1,
Legal 2,
Industry 3
4
cards
5.1 Data roles & Responsibilities
Data responsibilities 1,
Data roles 2
2
cards
5.2 Risk Management
Risk identification 1,
Performing a risk assessment 2,
Ad hoc assessments 3
4
cards
5.2 Risk Analysis
Qualitative risk assessment 1,
Quantitative risk assessment 2,
Impact 3
6
cards
5.2 Risk Management Strategies
Risk management strategies 1,
Risk reporting 2
2
cards
5.2 Business impact analysis
Recovery 1
1
cards
5.3 Third Party Assessment
Third party risk 1,
Penetration testing 2,
Right to audit clauses 3
10
cards
5.3 Agreement types
Common agreements 1,
Non disclosure agreement nda 2
2
cards
5.4 Compliance
Compliance 1,
Compliance reporting 2,
Regulatory compliance 3
7
cards
5.4 privacy
Privacy legal implications 1,
Gdpr general data protection regu...,
Data subject 3
6
cards
5.5 Audits and Assessments
Audits and assessments 1,
Internal audits 2,
External audits 3
3
cards
5.5 Penetration tests
Physical penetration testing 1,
Pentesting perspectives 2,
Working knowledge 3
6
cards
5.6 Security Awareness
Phishing campaigns 1,
Anomalous behavior recognition 2,
Reporting and monitoring 3
5
cards
5.6 User training
Security awareness training 1,
User guidance and training 2
2
cards
1.1 Compare and contrast types of secuirty controls
Blank 1
1
cards
More about
SY0 701
- Company name Unspecified
- Training purpose Unspecified
- Industry Unspecified
- Number of employees who could use this Unspecified
The creator of this class did not yet add a description for what is included in this class.
How studying works.
Brainscape's adaptive web mobile flashcards system will drill you on your weaknesses, using a pattern guaranteed to help you learn more in less time.
Add your own flashcards.
Either request "Edit" access from the author, or make a copy of the class to edit as your own. And you can always create a totally new class of your own too!
What's Brainscape anyway?
Brainscape is a digital flashcards platform where you can find, create, share, and study any subject on the planet.
We use an adaptive study algorithm that is proven to help you learn faster and remember longer....
