SSCP

¡Supera tus tareas y exámenes ahora con Quizwiz!

networking or system logs that record various events as they occur. Everything that happens on a network—an individual logging in, developing an application, accessing a database, and sending an email—can be recorded

event logs

unknown user is identified as a known user by mistake

false acceptance

known user is not identified and rejected by mistake

false rejection

specifically deals with protecting data in any of its three states: in process, in transit, and at rest

data level access control

an essential line of defense within a network system. They separate networks from each other and specifically separate interior networks from untrusted networks such as the Internet

firewall

access control list tools that compare incoming access requests to a set of rules

firewalls and routers

Subjects with access to information at a certain security level cannot write that information to a lower security level

no write down

access control that is applied to an object. access is granted by the identity of the subject users are able to give one another access, have the 'discretion' to change permissions on a file

discretionary access control

In this mode, the original IP packet, including the payload, is encapsulated into a new packet with a new header. used for network-to-network, gateway-to-gateway, or firewall-to-firewall communication

tunnel mode

a mathematical function that may both encrypt and decrypt a message

two way algorithm

patches provided by third-party individuals or organizations for commercial software

unofficial patch

various cloud providers are providing Infrastructure as a Service (IaaS) disaster recovery sites

virtual site/cloud site

Ports 0-1023

well known ports

targeting of senior executives within an organization, usually through officially appearing emails

whaling

network consisting totally of wireless devices.

wireless network

prevent the writing of any information on the hard drive during an investigation

write block hard disk controller

when doing forensics this device physically blocks the signals from a computer to the storage device that would cause a change to the data on that storage device

write blocker

What is the certificate standard used by PKI?

x.509 v3

access control that is applied to a subject. access is granted by the administrator for each object

nondiscretionary access control

a message in readable format. May also be represented in other code formats, such as binary, Unicode, and ASCII

plaintext or clear text

type of fiber-optic cable uses a plastic core that allows for larger-diameter fibers

plastic optical fibers

a specifically jacketed cable with a fire retardant plastic jacket

plenum cable

detailed steps that provide direction when performing a task

procedures

used to intercept packets flowing along the network. Data that is transmitted across the network may be intercepted by a personal computer with a network interface card set in promiscuous mode

protocol analyzer or packet sniffer

Which of the following is the third canon of the (ISC)2 Code of Ethics?

provide competent and diligent service

Trojan software is loaded by the user, either willingly or through other practices, and once installed, functions as ransomware

rogue software

access control by placing subjects in privilege level groups

role based access control

the number of times an encryption process may be performed inside an algorithm

rounds

authentication factor that includes any information committed to memory or in written form, such as passwords, PINs

something you know

the user or system (actively) requesting access.

subject

When detected, this means that the failure of an application or system was not critical in nature.

syslog 3 error

What are the three possible round counts for the key lengths of AES?

10 , 12 , 14

minimum distance between hq and dr

20 miles

preprocessing processing postprocessing

3 P's of data processing within an application

default port for TLS encrypted SMTP

465

refers to wireless security provided by the WPA2 encryption method.

802.11i

can be implemented on a wireless access point to eliminate the risk of static password-guessing attacks

802.1x

the IEEE standard known as port-based network access control which is used to leverage authentication already present in a network to validate clients connecting over hardware devices, such as wireless access points or VPN concentrators

802.1x

small applications that are downloaded to the client computer during a web session...........can do harm unintentionally due to poor programming or poor design, while others are malicious

Add-ons two kinds of add-ons: java applets ActiveX

controls to regulate actions taken by individuals

Administrative Access Controls

can be established between two firewalls. The first firewall, which is facing a untrusted network such as the Internet, screens unwanted traffic but allows desired traffic to access the demilitarized zone subnetwork. The second firewall protects the internal enterprise network.

DMZ

This service always a logical network topology of a bus

Ethernet

an IEEE 802.3 standard that supports a number of different media standards such as coaxial, fiber-optic, and shielded and unshielded twisted-pair cable....... referred to as a "best effort" communication method

Ethernet

a digital mathematical function that combines ones and zeros from two different sources in a specific pattern to result in a predictable one or zero. It is a simple binary function in which two binary values are added together. the addition of 0+0 or 1+1 always outputs a 0 the addition of 0+1 or 1+0, output will always be a 1

Exclusive or (XOR)

Designates a fully shielded twisted-pair cable where internal twisted pairs are individually shielded and the entire cable bundle is encased by an external shield. The F designates foil, while the S indicates a braided shield.

F/FTP and S/FTP

Designates a twisted-pair cable with foil shielding that encases all of the twisted pairs.

F/UTP

a standard approved by the secretary of commerce as compulsory and a binding standard for federal agencies.

FIPS (Federal Information Processing Standards)

an act responsible for developing information security standards and guidelines.

FISMA (Federal Information Security Management Act)

the most difficult attack. The attacker has little or no information other than the ciphertext. The attacker attempts to use frequency of characters, statistical data, trends, and any other information to assist in placing the ciphertext.

ciphertext-only attack

created by physically connecting to endpoints through a series of wires and mechanical switches where the signal voltage generated at one endpoint is received by the other endpoint.

circuit switched

a threshold of activity established above the baseline that, after crossed, sets off an operator alarm or alert

clipping level

a cloud vulnerability since a number of clients may all be running on the same hardware, issues could come up if one client runs into legal trouble or gets hacked etc

cloud client encroachment

a cloud vulnerability that encompasses not only the financial viability of a cloud provider but also their ability to provide adequate safeguards and security controls on the cloud equipment

cloud vendor reliability

refers to using a combination of servers or systems to reduce the risk associated with a single point of failure

clustering

constructed as a large copper central conductor encased in a nonconductive dielectric material that is then encased within a braided copper shield and covered with a plastic casing.........much less resistant to interference and cross talk................capable of handling much greater current loads and is therefore ideal for radio antenna lead cables....................much more expensive than twisted pair and requires a much wider bend radius

coaxial cable

a method through which the author is authenticated and confirmed as the original provider of the software................accomplished by the software author using a cryptographic hash algorithm to process the software code to obtain a hash value or message digest

code signing

a facility that has power, heating, ventilation and air-conditioning, and little else. It does not have communications or computer equipment

cold site

occurs when two or more entities, such as business partners or service providers, participate in overseeing the activities of a shared or common network or environment.

collaborative monitoring

when two different plaintext documents create the same output hash value

collision

when one or more individuals or companies conspire to create fraud

collusion

This is a type of hacker who may be hired by a third party to infiltrate a target for a specific agenda

commercial hacking

The cloud model in which similar entities or groups of users access a semi-private cloud environment that has been established for their particular purpose.

community cloud

a device, procedure, or mechanism that addresses the inherent weakness of the primary control

compensating control

a secondary control placed into use if the first or primary control is disabled or no longer usable. In this case, a hotel room door has a lock; the chain is a secondary

compensating control

the application of tools that allow for the centralized management of settings, firewall rules, and configuration files that allow networking items to perform their assigned tasks

configuration management consists of identification control accounting auditing

increases the complexity of an encrypted message by modifying the key during the encryption process, thereby increasing the work factor required in cryptanalysis.

confusion

When a storage device is taken in as evidence, what is the first step performed by the forensic personnel after starting the chain of custody form and writing out the evidence collection form

connect the device to a write blocker

involves the policy, process, and technology used to detect risk issues within an organization's IT infrastructure

continuous monitoring

When implementing LAN-based security like traffic management in a software-defined network, where are decisions about where traffic is to be sent made?

control plane

part of the router that is concerned with determining the path that should be used to forward a data packet

control plane

mechanisms utilized during the risk management process to reduce the ability of a threat to exploit a vulnerability, which would result in harm to the organization

controls; 3 types: administrative logical physical

involves the transmission of multimedia and data on the same network

convergence of network communications

a simple example of device authentication that is comprised by a text file used by Web sites

cookies

[ALE1 - ALE2] - CCM

cost benefit equation

a stream cipher that separates the keystream from the data to encrypt several blocks in parallel

counter

Any means of communication other than the standard channel of communication

covert channel

controversial name claimed by both black hat and white hat computer system intruders. White hats claim that only black hats should be called this

cracker

tricks the user's web browser, by issuing unauthorized commands, to perform undesired actions so that they appear as if an authorized user is performing them

cross-site request forgery

based on inserting a client-side script into a genuine website. This is possible due to poor application or website design, such as limited data validation in websites. Scripts are then executed on other hosts that access the same website.

cross-site scripting

The point at which a security system has an equal FRR and FAR

crossover error rate

the study of the techniques used to determine methods to decrypt encrypted messages, including the study of how to defeat encryption algorithms, discover keys, and break passwords

cryptanalysis

a science that deals with the encryption and decryption of plaintext messages using various techniques such as hiding, encryption, disguising, diffusion, and confusion

cryptology

involves everything in the cryptographic process, including the unencrypted message, the key, the initialization vector, the encryption algorithm, the cipher mode, the key origination, and the distribution and key management system as well as the decryption methodology.

cryptosystem

The text produced by a cryptographic algorithm through the use of a key or other method. The ciphertext cannot be read and must be decrypted prior to use

cyphertext or cryptogram

differ greatly from one organization to the next because each generates different types and volumes of data but generally, organizations opt to classify the most sensitive information first and work down to publicly available information

data classification process

a cloud vulnerability where company data may remain on cloud storage devices after a cloud size is reduced.

data clearing and cleansing

data that is currently in use or being acted upon by an application

data in process

data transmitted from one location to another

data in transit

the big data storage location where all of the raw data is housed until it is needed for mining or processing

data lake

estimated percentage of loss should a specific threat exploit the vulnerability of an asset

exposure

the harm or amount of loss that might be experienced by an asset during a risk event.

exposure factor

a condition where a known good user is denied access to the system. This is known as a false negative error

false negative

when no alert takes place, but actual malicious events are occurring

false negative

If an attacker is both identified and authenticated correctly and allowed into the system

false positive

Which term is used when an event triggers an IDS alert, but the event was not malicious?

false positive

designed as a shield to prohibit a device from transmitting or receiving radio signals.

faraday bag

allows users to be identified and authenticated to multiple networks or systems. like SSO but for multiple organizations

federated access or federation

an association of nonrelated third-party organizations that share information based upon single sign-on and one-time authentication of a user

federation

Windows New Technology File System (NTFS) allows filenames to extend up to 235 characters. These extremely long filenames are usually abbreviated on directory displays and in other presentations, thus hiding the fact that there may be a double file extension or other hidden filenames

file extension attack

A type of virus that specifically infects executable files to make them unusable or permanently damaged

file infecting virus

a single string of information collected from a remote computing device for the purpose of identification

fingerprint

a list of statements used to determine how to filter traffic and what can pass between the internal and external networks

firewall rules

known in the software industry as a rapid repair to an identified problem.

fix

a legal requirement for participants of a lawsuit to retain and preserve records and evidence

litigation hold

a technique of utilizing various servers and systems in an array to spread the workload

load-balancing clustering

a script or malware usually installed by a disgruntled employee or insider to cause harm based on a certain event occurring

logic bomb

very typical of the use of JBOD (just a bunch of disks) technology in the hard drive array. It may start small and grow larger as disks are added

loose coupled cluster

a database term that refers to recording transactions and creating a transaction log

journaling

trusted third party authentication

kereberos and certifications

when two different cryptographic keys generate the same ciphertext from the same plaintext.

key clustering

a shared master key that is used to encrypt and exchange session keys between two parties

key encrypting key

A virus created through the use of macro programs usually found in Microsoft Office applications

macro virus

What is the most significant risk when browsing the internet?

malicious mobile code

software specifically intended to cause harm

malware

a malicious actor is inserted into a conversation. At least one side of the conversation believes that they are talking to the appropriate or original party

man-in-the-middle

access control that labels the subject and object permissions are set by the operating system based upon the files classification

mandatory access control

TCP/IP Suite

maps to the OSI model Application maps to application, presentation and session Transport maps to transport Internet maps to network Network Access maps to data link and physical In TCP/IP the IP address provides the packet routing information and TCP provides the guaranteed delivery and request for resend for error correction.

Throughout a computer network there are a number of cache locations. Domain Name System (DNS) name servers and Address Resolution Protocol (ARP) make use of cache memory locations for short-term storage of information. Anytime erroneous information is placed into the cache or if the cache is corrupted

cache poisoning

a type of wireless implementation of a "guest logon page" used by many public wireless networks like a hotel can be quite dangerous because it may actually be the front for a very devious individual who is running a rogue access point

captive portal

refers to the fact that the device is listening to the media at all times. specifically listening for the transmission of other devices

carrier sense

contains a system of radio towers referred to as a cellular base stations and featuring directional radio transceivers and antennas to form of geographic cell. Each cell borders other cells to maintain continuous coverage over a large geographic area

cellular network

the technique of having one central authentication server providing user lookup services and allowing or disallowing access to the data and resources

centralized authentication

all keys are stored in a centralized storage location or key escrow

centralized key management

_____________ always contain the owner's public key

certificate

a trusted entity that obtains and maintains information about the owner of a public key. Issues, manages, and revokes digital certificates.

certificate authority

requires that a valid digital certificate be maintained on a machine or device from which the user authenticates

certificate-based authentication accomplished through a commercial certificate issued by certificate authorities (CAs) such as VeriSign or through internal corporate CAs managed by the organization

refers to a forensic principle whereby each movement or transfer of data must be recorded and logged appropriately. If this is disrupted by any means, evidence may not be presented in court

chain of custody

a system that records a request, processes requests, elicits a denial or authorization, and records the outcome of the change to a configuration item

change management

needs to ensure that any pre-existing interoperability capabilities are maintained or re-established after a change is implemented, especially if that interoperability is used as part of a core business function

change management

How does discretionary access control determine whether a subject has valid permission to access an object?

check for the user identity in the object's ACL

enables individuals to review the continuity plan or disaster recovery plan to ensure that all procedures and critical areas within their responsibility are addressed

checklist test

the process in which keys required to decrypt encrypted data are held in a secure environment in the event that access is required to one or more of the keys

key escrow

the process of securely distributing a key between one communication entity and the other

key exchange

has a direct impact on the amount of processing time required to defeat the cryptosystem the number of bits in the length of a key. So, a 128-bit key has 128 individual digits in its length

key length

the input required by a cryptographic algorithm

key or cryptovariable

Refers to a set of cryptographic keys. Refers to the public and private key in public key infrastructure (PKI) and in a asymmetric cryptosystem

key pairs

the process used to replace an old asymmetric key pair set with a new key pair set

key rotation

the number of keys that can be created based upon the key length in bits A key is a binary number used to control the encryption and decryption processes of symmetric encryption

key space

perform a large number of hashing calculations on the original key or password in an effort to increase the workload required to crack or break the key through brute force.

key stretching

program that usually incorporates a method of transmitting keystrokes to a remote location

keylogger

attacker has access to both the plaintext and the ciphertext. The goal of the attacker is to determine the original key used to encrypt the ciphertext

known plaintext attack

an individual should only have enough access to perform their job effeciently

least priviledge

Original botnets were linked by Internet relay chat (IRC), which was a number of Internet-connected computers communicating with other similar machines.

legal botnet

a disaster that is local in nature and affects only a small part of the operation

level 1

a disaster situation that affects a significant amount of the organization

level 2

a very serious situation requiring the relocation of IT operations to an off-premises alternate site

level 3

an estimate of the maximum time the business process may be down or offline before the organization becomes unable to recover

maximum tolerable downtime

the attacker has access to the encryption mechanism and the public key or the private key and can process ciphertext in an attempt to determine the key or algorithm

chosen ciphertext attack

the attacker has access to the algorithm, the key, or even the machine used to encrypt a message. The attacker processes plaintext through the cryptosystem to determine the cryptographic result.

chosen plaintext attack

a block cipher mode that combines or XORs plaintext messages with the initialization vector block by block

cipher block chaining

a stream cipher that consists of a number of different block sizes to encrypt one character at a time, bit by bit

cipher feedback

a standardized collection of algorithms that include an authentication method, encryption algorithm, message authentication code, and the key exchange algorithm to be used to define the parameters for security and network communication between two parties

cipher suite

Cloud providers, us charging methods that monetize the use of cloud services and assets. Not unsimilar to the charging methods utilized by utility companies, the cloud client pays for exactly what they use.

measured service

each node communicates with all of the other nodes. Mesh networks are redundant and usually very fast. They are referred to as "self-healing" because if one communication path fails, another communication path is immediately available

mesh technology network

every node is connected to every other node provides great redundancy and speed, usually at a very large expense

mesh topology

authentication and integrity verification mechanism similar to a hash code or message digest the sender encrypts a small block of data with a shared secret key

message authentication code

The output of a hashing algorithm that is always an established length based on the output specifications of the hashing algorithm

message digest

features the immediate writing of data to two different locations requires the use of two identical storage devices the most expensive type of backup/restoration system

mirrored backup

a corporate initiative that manages the growing use of Bring Your Own Device (BYOD) policies in the workplace. It addresses both the requirement of the organization for network security and the protection of corporate information as well as recognizing the desire for the organization's members to use their personal devices in the workplace

mobile device management

a site usually based in 18-wheeler trailers

mobile site

alternative processing plan ensures that an organization is split and divided amongst multiple physical locations instead of being housed in a single facility

multi-site

type of fiber-optic cable uses a much larger-diameter core than single mode. Light is allowed to refract and reflect, subsequently increasing the light degradation of signal loss. standard outer jacket color is orange

multimode fiber optic

attacks different parts of the host system, such as a boot sector, executable files, and application files. This type of virus will insert itself into so many places that, even if one instance of the virus is removed, many still remain

multipartite virus

five actions of an incident response plan

prevent, protect, detect, analyze, respond and resolve

activities used to avoid a threat

prevention

Three categories of of security

prevention detection and recovery

A term that describes the confidentiality of information in regards to peoples control over that information

privacy

10.0.0.0-10.255.255.255 172.16.0.0-172.31.255.255 192.168.0.0-192.168.255.255

private IP address ranges

cloud that is hosted within an organization and the general public is restricted from access.

private cloud

means a user or attacker acquires privileges they are not entitled to

privilege escalation

super-users or administrators who have an elevated level of rights, privileges, and access capability to applications and data

privileged account

network card is set in such a way that it accepts any packet that it sees on the network, even if that packet is not addressed to that network interface card.

promiscuous mode

test case, or prototype, is used to prove the veracity of an idea.

proof of concept

By encrypting a message with his private key, Bob has proven that he is the only person who could have sent the message. Logic follows that if Bob's public key can successfully decrypt the message, only Bob using his private key could have encrypted it. Therefore, only Bob could have sent the message

proof of origin

uses increased intelligence and packet inspection methodology to better protect the internal network. A ______ is always described as an intermediary between two systems, hosts, or networks. In effect, a ___________ isolates the internal network from the external untrusted network by intercepting communications

proxy firewall

Modern computers cannot create true random numbers. At some point numbers begin to repeat. Users of cryptographic systems must be very careful about the information source on which to base the random number generator.

pseudorandom number

hosted by cloud service providers and made available either as a free service or as a pay-per-use service

public cloud

consists of software, hardware, organizations, and trust architectures used to validate ownership of a public key by an individual or organization. effective because all of the parties involved trust the issuer of a digital certificate. The ownership of public keys is validated through the trust placed in a certificate authority.

public key infrastructure

this statement identifies a particular policy topic

purpose statement

a subjective valuation system in which asset value is determined based on other factors rather than accounting costs

qualitative risk analysis

a quality team tests how the application interacts with databases and other applications

quality acceptance testing

analyzing cost factors to determine the appropriate cost for protection of the asset, measured in $

quantitative risk analysis

concept takes advantage of the dual nature of light at the quantum level where it both acts as a wave and is a particle

quantum cryptography

a series of precomputed hash values along with the associated plaintext prehashed value Since passwords are stored on systems as hash values, if an attacker obtains access to the list of hashed passwords, they could process them against a _________to obtain the original password

rainbow table attack

pre-computed hash values intended to provide a reverse lookup method for hash values

rainbow tables

________________is the basis of most forms of cryptography. Without _________, most forms of modern cryptography would not be possible and cracking encryption would be significantly simpler. The use of ________________ increases the complexity of the ciphertext output. Thus it makes the act of cryptanalysis or cryptography cracking significantly more difficult. Without ___________, cryptography would be more predictable and thus much easier to break

randomness

malware often delivered through a Trojan attack that disables a system and advises the user to pay to release the system

ransomware

allows the subscriber to purchase additional capability based on user requirements

rapid elasticity

determine if the controls are installed and set up correctly, operating effectively, and meeting the risk mitigation requirements as established by the risk management plan for the system. (RMF)

step 4 assess

Authorization occurs when an acceptable level of risk is achieved based upon the implementation of controls. (RMF)

step 5 authorize

the ongoing assessment of the baseline operation of a control and its risk mitigation effectiveness (RMF)

step 6 monitor

the use of several storage servers managed and interconnected together to increase performance, capacity, or reliability

storage clustering

two major categories of data encryption for data-at-rest in the cloud

storage level encryption volume storage encryption

malicious code software that requires an action to reproduce. Usually attach themselves to executable programs and thereby reproduce and spread every time the executable is launched

virus

Typically email warnings concerning potential attacks. The spread of the email warnings actually creates a denial-of-service attack among many users

virus hoax

access control list that inspects data coming into a network, on a host computer, or currently in storage against a type of list called a signatures list

virus protection software

A specific identifiable string of characters that characterizes it as a virus or family of viruses

virus signature

usually carried out by sending a fake email that instructs the target to call a specific phone number

vishing

a technique of representing complex data in a visual form rather than a tabular form such as a list.

visualization

any flaw or weakness that may be attacked or exploited by a threat

vulnerability

provide the ability to scan a network and search for weaknesses that may be exploited by an attacker.

vulnerability scanner

The marking of symbols to advertise the availability of Wi-Fi networks and to indicate whether they are open

warchalking

The act of searching for wireless communications by driving through an area using antennas, software, and a portable computer

wardriving

a computer facility that is contractually available and has some power, heating, ventilation and air-conditioning, connectivity, and basic networking equipment.

warm site

all members have an equal share in trust relationship

web of trust

only entities such as a source address, a destination address, and a packet type may be allowed access. Anything not on the list is denied

whitelist

each node is immediately available and can forward messages to other nodes. Can be implemented in an ad hoc communication relationship.

wireless mesh network

data that is sitting in storage

data at rest

cryptography concept that is based on trap-door, one-way functions

Asymmetric

information confidentiality. It does this by enforcing security through two rules called no read up and no write down

Bell LaPadula

Uses the initials of the creators, Carlisle Adams and Stafford Tavares, and is available for royalty-free use symmetric algorithm

CAST

The version of Advanced Encryption Standard (AES) that is used by WPA-2

CCMP (Counter Mode Cipher Block Chaining Message Authentication Code Protocol)

paid to infiltrate systems, break applications, and create reports concerning their activities. These individuals conduct penetration tests under strict guidelines and contractual relationships for the benefit of their employer

CEH (certified ethical hacker), aka white hat hacker

involves the communication of a random challenge number from the server to the connecting client. The client then processes the random number along with the hash of the user's password to create a response. The response is sent to the server. The server computes the expected response. If the submitted response from the client matches the expected response exactly, then the user is authenticated

CHAP (challenge handshake authentication protocol)

three main components of a smart lock or an electronic access control (EAC) lock

Credential reader, locking mechanism, door closed sensor

Spreading knowledge and experience across multiple workers to perform mission critical tasks

Cross training

symmetric cryptographic algorithm broken in 1999 replaced by AES in 2002

DES (data encryption standard)

a different logical address is given to a host at each logon

DHCP (Dynamic Host Configuration Protocol)

allows users to apply encryption to individual files, directories, or the entire drive...........only available on hard drives and USB drives formatted with Microsoft New Technology Filesystem

EFS (encrypting file system)

the bulk encryptor of an IPSec VPN. Uses the keys managed by IKE

ESP (Encapsulating Security Payload)

the encryption mechanism in IPsec. It provides for a header and a trailer that encapsulates the packet. Within the header are various fields that include authentication as well as integrity for the packet.

ESP (Encapsulating Security Payload)

a contractual agreement presented when a software application is installed.

EULA (end-user license agreement)

Diffie-Hellman key exchange algorithm could be extended to support an entire public key cryptosystem used for encrypting and decrypting messages Advantage this had over RSA is that it was made freely available to the public

ElGamal

implemented by assigning a job name label to subjects

RBAC

replaced WEP in 2003

WPA

a physical asset

tangible

defines the identification, maintenance, and risk protection of hardware or information assets.

asset management

the cost (in dollars) that can be lost if a risk event happens

single loss expectancy

a technology that was implemented by Microsoft to customize controls, icons, and other features to increases the usability of web-enabled systems prescreened prior to downloading using Authenticode certificates to identify and authenticate the author

ActiveX

a list that specifies the actions that a user or system is granted to perform

ACL (access control list)

Rijndael cipher makes use of a 128-bit block size in three different wavelengths of 128, 192, and 256 bits symmetric algorithm

AES (advanced encryption standard)

responsible for establishing the initial connection and the authentication of end-points. Uses the keys managed by IKE.

AH (authentication header)

supports access control, packet origination authentication, and connectionless integrity.... used with IPsec and provides authentication of the sender as well as an integrity hash of the packet

AH (authentication header)

formula used to calculate the total amount of potential risk calculated for a single asset and a specific threat.

AV * EF * ARO

formula for calculating annualized loss expectancy

AV x EF x ARO = ALE

defines the acceptable use of organizational hardware and information assets

Acceptable use policy

OSI model

Application, Presentation, Session, Transport, Network, Data Link, Physical

What is the new technique of controlling access to the content of big data information collections?

Apply security controls to the output of data-mining operations.

an application that distributes the workload of processing the data across a large number of virtual machines

MapReduce framework

an individual at a certain security level may not read information at a lower level and the individual may not create (write) information at a higher level than their security level

Biba model

Provides good encryption rates with no effective cryptanalysis symmetric algorithm

Blowfish

if a business is providing different services for the same client, each branch or department is isolated from the other with no knowledge of the other departments' activities

Brewer Nash model

a program whereby the organization owns and controls the device while the user may use the device for personal purposes as well as business activities1

COPE

a document crafted and published by certificate authorities (CAs) which detail the standards, process, practices, and algorithms they use in their certificate operations

CPS (certificate practice statement)

evidence from the most volatile to the least volatile

CPU, cache, and register contents Routing tables, ARP cache, process tables, kernel statistics Random access memory (RAM) Temporary file system/swap space/page files Data on hard disk Network archive data/storage area networks/network attached storage Remote-based cloud storage Data contained on archival media, disk-based backup, tape-based backup, USB drives

Certificates that have been compromised or have expired are placed on __________

CRL (certificate revocation list)

a media access control protocol used to announce that a device is wishing to transmit on the media. The device will transmit or broadcast a tone prior to transmission. The tone is referred to as a jamming signal and will be received by all other devices connected to the media. After waiting a brief interval to ensure that all other devices are aware of the device's desire to transmit, the device begins transmitting

CSMA/CA

As in CSMA, a device may begin transmitting at the same time another device transmits. When this happens, two frames will be transmitted simultaneously and a "collision" will occur. Each of the two devices will wait a random period of time and then retransmit. The random timer prohibits each of the two devices from immediately retransmitting and causing a collision once again

CSMA/CD

This model enforces data integrity by checking, screening, or formatting data prior to it being placed in the object, such as a database

Clark Wilson model

levels included in the commercial business/private sector data classification

Confidential Private Sensitive Public

What makes up the CIA triad?

Confidentiality Integrity Availability

incident response information that should be recorded

Date and time of incident Type of incident or incident level Incident summary Incident discovery information Actions taken by individuals Contact information for individuals involved After-action report

The two participants each create two numbers. One number is kept secret while the other number is exchanged in the clear with the other participant. These numbers are used in the mathematical function and will result in both participants arriving at the same final number. The final number will represent a shared secret key.

Diffie Hellmann

a means by which a symmetric key is securely exchanged over an insecure communication medium when both sides of the communication do not have key pair sets

Diffie-Hellmann

based on a series of one-way operations that prevent any middle-man eavesdropping attacks from being able to predict the resultant exchanged symmetric key

Diffie-Hellmann

a program designed to change the risk culture from reactive to proactive and accurately forecast and mitigate the risk on any key programs

Enterprise Risk Management (ERM)

the first action to take during incident response?

Follow the procedures in the incident response plan.

EU law that is the successor to Directive 95/46 EC and is intended to unify the data protection personal information rights within the 28 European Union member states

GDPR (General Data Protection Regulation)

United States federal law concerning banking regulations, banking mergers and acquisitions, and consumer privacy regulations

GLBA (gramm leach bliley act)

a secret key is appended to the original message and then hashed by the sender. The original message and the _____ value are then sent separately to the receiver.

HMAC (keyed-hash message auth code)

Mali uses an authentication token that requires her to push a button each time she wishes to login to a system. What type of token is she using?

HOTP

stores and maintains data in a very large format system

Hadoop distributed file system

encryption progression for wireless products

Here is a simplified summary of the encryption progression for wireless products: Wired Equivalent Privacy (WEP) came first and was ultimately broken by a bad implementation of RC4. The Wi-Fi Alliance introduced Wi-Fi Protected Access (WPA) as an intermediate measure, which uses the Temporal Key Integrity Protocol (TKIP) for security. Wi-Fi Protected Access II (WPA2) replaced WPA and has become the IEEE 802.11i standard, which consists of the AES algorithm operating in counter mode and is referred to as the Cipher Block Chaining Message Authentication Code Protocol (CCMP).

security practitioner can send a ping message to a device to determine if it is working

ICMP (Internet Control Message Protocol)

submitted as a possible replacement for DES. It operates using a 120-bit key on 64 bit blocks. During encryption it performs eight rounds of calculations. It is currently unpatented and free for public use. symmetric algorithm

IDEA (international data encryption algorithm)

The IPsec protocol requires that a symmetric session key be available for encryption purposes.

IKE (internet key exchange)

component of IPSec that handles key generation and distribution

IKE (internet key exchange)

a versatile Internet security protocol that is based on an established connection from host to host in transport mode or network to network in tunnel mode can provide communications between two hosts (transport mode), between two security gateways or routers (tunnel mode), and between gateway and host (network to host) Often used with tunneling protocols like L2TP to provide encryption

IPsec

address space of 32 bits vs an address space of 128 bits

IPv4 vs IPv6 addresses

component of IPSec which provides for the support of multiple simultaneous VPNs

ISAKMP (Internet Security Association Key Management Protocol)

examines products and approves them based on testing

ISO

a group of standards that offers guidance to IT security management organizations

ISO 27000

a security code of practice and guidelines for IT security management

ISO 27002

a framework based upon a broad scope of various factors within the organization

ISO 27005

primarily monitors the organization's applications, databases, websites, servers, and networks

ISOC (information security operations center)

adds to the power of a password or key so that the same text encrypted by the same key will not create the same ciphertext. It creates complexity during the encryption process.

IV (initialization vector)

the cloud provider supplies the capability of creating cloud based networks utilizing standard or virtualized networking components

IaaS

the practice of applying certain policies during the creation and maintenance of information

Information Life Cycle Management

the guarantee that the user or subject has been proven to be who they say they are

assurance of accountability

By design, these are always created in a sandbox in which to execute an __________ on a client machine. This prohibits the _________ from being able to attack either the host machine or an application.

Java Applets

download into a sandbox and execute in a protected environment where they cannot affect the underlying applications or hardware environment

Java Applets

Periodically changing roles to prevent one person from having full control of a critical position

Job rotation

security procedures for every network device

Keep the firmware upgraded Change the default password Use advanced configuration settings Establish a baseline Create configuration backups

allows single sign-on in a distributed environment. An attractive feature is that it does not pass passwords over the network. The design is also unique in that most of the work is provided by the host workstations and not the server. uses a key distribution center (KDC) to maintain the entire access process the KDC authentication server authenticates (steps 1 and 2) the principal (which can be a user, a program, or a system) and provides it with a ticket-granting ticket, or TGT (step 3). After the ticket-granting ticket is issued, it can be presented to the ticket-granting server, or TGS (step 4) to obtain a session ticket to allow access to specific applications or network resources The ticket-granting server sends the user the session ticket granting access to the requested resource (step 5). The user then presents the session ticket to the resource requesting access (step 6). think of the amusement park example; buy a ticket to get in, then buy ticket to ride rides etc.

Kerberos

Microsoft and Cisco have reached an agreement to combine their respective tunneling protocols into one protocol.....a combination of PPTP and L2F.........does not provide security encryption, so it requires the use of such security protocols as IPsec to provide end-to-end or tunneling encryption.........uses UDP and port 1701 for connections.

L2TP (layer 2 tunneling protocol)

a standardized directory protocol that allows queries to be made of a directory database. microsoft implementation is Active Directory (AD). operates at port 389

LDAP (lightweight directory access protocol)

was created by Cisco as a method of creating tunnels that do not require encryption. Used primarily for dial-up connections......provides authentication only.......uses port 1701

LDF (layer 2 forwarding)

TCP/IP aka

Link - physical and data link Internetworking - network Host-to-host - transport Process - session, presentation, application

a perpetrator will bring something to the scene and take something with them when they leave

Locards principle

controls to keep digital threats at bay

Logical Access Control

A term that refers to the minimum amount of people to perform a highly sensitive action.

M of N control multiple agents with the capability (M), and the minimum number of these agents (N) in order to perform the task

determines which objects a subject can access through the use of classification labels

MAC (mandatory access control)

physical address of the directly connected device and consists of a manufacturer's identification as well as a unique number identifying the device

MAC address (media access control)

a method whereby known MAC addresses are allowed and those that are not wanted are not allowed on the network sometimes used as a method of determining which Wi-Fi user may enter a network. Because Mac addresses can be spoofed, it is not 100 percent reliable

MAC filtering

very large geographic network that connects groups of smaller networks or connects directly to end users

MAN

a tool that can scan a system and find missing updates and security misconfigurations. It can be used to determine the security state of a PC in accordance with Microsoft security recommendations and offers specific remediation guidance

MBSA (Microsoft baseline security analyzer)

the transfer of data to, from, and between clouds securely and reliably regardless of data file size

MFT (managed file transfer)

a collection of information stored in a database of network devices such as routers, switches, and servers and can be accessed using SNMP

MIB (management information base)

an agreement between parties as to facts, conditions, parameters, or intents. However, it is not a legally binding contract

MOU (memorandum of understanding)

what is the best security mechanism to minimize risk when browsing the Internet

Minimizing support of mobile code

a technology that uses a set of protocols to enforce a policy for endpoint access to a network

NAC

will quarantine any system that is out of compliance with the baseline established for the network

NAC (network access control)

used to extend the number of usable Internet addresses. primarily performed by a firewall or router at the boundary or outer parameter of the network. The firewall or router translates the extra traffic IP addresses to a nonroutable internal IP address.

NAT (network address translation)

a popular vulnerability scanner that checks for misconfigurations, default passwords, and the possibility of hidden denials of service. In operation, determines which ports are open on the target and then tries various exploits on the open ports.

Nessus

software application for probing computer networks, providing detection and discovery of hosts and services running on ports, and determining operating systems. In operation, sends special packets to target nodes and analyzes the response.

Nmap

Internet protocol used to determine the status of a certificate. At any time a party to a transaction may verify the status of a certificate by issuing a request to a _____ server

OCSP (online certificate status protocol)

provides a variety of services so that the application data can be transmitted across the network. This layer may also provide access control methodology, such as identification, authentication, and availability of remote applications; hashing for integrity; and the checking of digital signatures.

OSI Application Layer 7

addresses traffic to a physical link address......... switches operate here.......data information is formatted as frames.......concerned with directing data to the next physically connected device.

OSI Data Link Layer 2

determines the routing of data across a network utilizing a logical address referred to as an Internet Protocol (IP) address devices such as routers read the destination IP address and make use of a routing table on the router to determine the next device in the network to send the packet....moves data as packets

OSI Network Layer 3

All of the physical connections to the network are found at this layer...........All data is represented by bits; and the 1s (ones) and 0s (zeros) become a voltage or flash of light or maybe even a modulated radio signal............cables, connectors, interface cards, network taps, hubs, fiber-optic cables, and repeaters operate at this level..........where we connect everything together using wires, radio signals, or fiber optics.

OSI Physical Layer 1

sometimes referred to as the translation layer because of the change in data at this layer..........For instance, an IBM application may provide data which is formatted using the Extended Binary Coded Decimal Interchange Code (EBCDIC). The receiving application may require the data to be presented to it in American Standard Code for Information Interchange (ASCII) code

OSI Presentation Layer 6

maintains an open logical communication line between the two host machines. The analogy may be similar to maintaining an open telephone line

OSI Session Layer 5

moves data packaged in segments..........provides end-to-end and reliable communications services and includes error detection and recovery methods. Two primary protocols are utilized at this layer; UDP and TCP.........if one host machine receives a message that it does not understand, it can request for the information to be resent

OSI Transport Layer 4

may also be used to hide the internal network. Where NAT can use a number of public IP addresses, this uses a single external address and shares the port with the entire network. Because it uses only a single port, it is much more limited and typically used only on small and home-based networks

PAT (port address translation)

provides for e-mail confidentiality through random symmetric keys and use of public keys

PGP (pretty good privacy)

supports encapsulation in a single point-to-point environment a favorite protocol for network communications, one of its major weaknesses is that all channel negotiation is done in the clear. After the tunnel is created, the data is encrypted. Developed by Microsoft, it is supported on most of the company's products. It is assigned to port 1723 and uses TCP for connections

PPTP

provides the user with a virtual computer

PaaS

restrict access to physical components

Physical Access Control

A measure of satisfaction of the overall user experience of the computer network or transmission medium refers to the prioritization of some packets over others. This affects the quality and user experience with regard to VoIP and multimedia on a congested network

QoS

What standards-based technology is supported on most platforms and is used as a remote authentication service

RADIUS

a protocol and system that allows user authentication of remote and other network connections

RADIUS (Remote Authentication Dial-In User Service)

a method of storing data across several different hard disks. Using this system, data is written to a series of hard disks in such a manner as to provide either speed or data redundancy

RAID (redundant array of independent disks)

This configuration stripes data across multiple hard drives. The benefit is speed and access. There is no data redundancy

RAID 0

This configuration features writing identical data to two different storage locations such as cloud storage or local hard drives. It offers a simple data redundancy configuration by having identical information written to two different locations

RAID 1

This configuration stripes data across multiple disk drives at the bit level. It is difficult to implement and generally not used.

RAID 2

This configuration stripes data across multiple drives at the bit level and uses a separate disk drive for the parity bit. This RAID level is rarely used.

RAID 3

This configuration is similar to RAID-3, but it stripes data across multiple drives at the block level. It also uses a separate disk for the parity bit. very rarely used in a production environment

RAID 4

Uses a technique of striping data across multiple drives and incorporating the parity bit on each of the drives. If a drive fails, the data may be reconstructed using the data and parity bit contained on the other drives. A minimum of three drives must be used in this implementation.

RAID 5

Using this technique, the system writes data to separate hard disk drives. Requires writing data to two disks at the same time.

RAID mirroring The advantage to mirroring is data redundancy. The disadvantage is that both drives must write at the same time, thus reducing the writing speed

performed by adding a separate bit to the data to provide data integrity

RAID parity

a method of writing information to all disks at the same time

RAID striping The advantage of striping is speed because a part of the information is written to each disk at the same time

very popular software stream cipher was the backbone of several encryption protocols, including SSL/TLS, Wired Equivalent Privacy (WEP), and Wi-Fi Protected Access (WPA). has known weaknesses and major organizations have recommended disabling it symmetric algorithm

RC4

Consists of a variable block size of 32, 64, or 128 bits and a variable key length from 0 to 2040 bits symmetric algorithm

RC5

routing protocol that makes routing and forwarding decisions based on a metric derived from the number of other routes than must be crossed to reach a destination

RIP (routing information protocol)

part of a business continuity plan. It is the date or time of the last known good data that can be used as a backup to restore systems

RPO (recovery point objective)

the amount of data loss that can be experienced before the loss is too great to survive as an organization

RPO (recovery point objective)

the estimated time by which the affected process will be restored. or used to determine the maximum time a data recovery process will take.

RTO (recovery time objective)

What is the best means to restore the most current form of data when a backup strategy is based on starting each week off with a full backup followed by a daily differential?

Restore the initial week's full backup and then the last differential backup before the failure.

a commercially available network security scanner that provides advanced vulnerability scanning across the network, the Web, and virtual and database environments. Used to continually monitor the network environment, it may be used to detect vulnerabilities on a real-time basis and recommend remediation based on risk analysis of critical assets.

Retina

provides end-to-end protection of email messages

S/MIME

provides each party with the symmetric session key. Each party will also agree upon the encryption algorithm to be utilized during the session.

SA (security association)

a security clearance stating you are part of a special program that has highly sensitive information

SAP (special access programs)

a security clearance stating you have been "read on" to a specific information set

SCI (sensitive compartmented information)

refers to the virtualization of networking, which grants more control and flexibility over networking than using the traditional hardware-only means of network management

SDN (software defined network)

a virtualization methodology in which the actual data flow across the network is separated from the underlying hardware infrastructure and allows networks to be defined almost instantaneously in response to consumer requirements.

SDN (software defined networking)

the central operational application that allows network administrators to design the virtualized network system using underlying hardware infrastructure

SDN controller

SHA-224, SHA-256, SHA-384, and SHA-512

SHA-2 family members; each includes the hash digest bit length output in their name, SHA-3 is the same way and with the same bit length numbers

provide real-time logging and analysis of security events

SIEM

software products are combined with hardware monitoring devices to provide real-time analysis of security alerts

SIEM (Security Information and Event Management)

detailed view of the network device(s) monitor network usage and performance, user access, and detect potential or existing network faults

SNMP (simple network management protocol)

when enabled, collects the management information database from the device locally and makes it available to the SNMP manager when it is queried

SNMP agent

a computer that is used to run one or more network management systems

SNMP manager

a document issued by NIST with recommendations and guidance for federal agencies.

SP (special publications)

a unique value assigned to a communication between two parties. It is a tag that identifies preselected encryption rules and algorithms when more than one transmission session is being conducted.

SPI Security Parameter Index

a tunneling protocol that uses encryption to establish a secure connection between two systems........provides an information exchange protocol for such standards as Telnet, FTP.........assigned to port 22 and uses TCP for connections

SSH (Secure Shell)

a form of VPN based on a Transport-layer standard for encryption that is commonly used for Application-layer protocol protection

SSL VPN

utilizes symmetric cryptography after a handshake session during which secure key material (a random number) is sent from the client to the server using the asymmetric public and private keys of the server. The SSL/TLS communication is always set up between the server and the Internet browser on the client.

SSL and TLS (successor to SSL)

makes available a software application that is hosted on a remote server and made available on demand by the user

SaaS

component of the trusted computing base consisting of hardware, software and firmware elements that implements an authorized control list (ACL) database

Security Kernel

Which disaster recovery/emergency management plan testing type is considered the most cost-effective and efficient way to identify areas of overlap in the plan before conducting a more demanding training exercise?

Structured walk-through

4 components of a public key infrastructure implementation

Symmetric encryption, asymmetric encryption, hashing, and digital certificates

operates in a similar manner to RADIUS. It is a central point for user authentication.....widely implemented by Cisco

TACACS+ (Terminal Access Controller Access Control System)

referred to as connection-oriented because it provides guaranteed and reliable communication between devices on the network. requires that the receiving host acknowledge every packet that it receives. Packets may be received out of order and may be re-sequenced by the receiving host

TCP (transmission control protocol)

utilizes a dynamically changing 128-bit key for every packet

TKIP (temporal key integrity protocol)

dedicated microprocessor that is mounted on a device's main circuit board and serves as a cryptoprocessor provide services for: Trusted Boot Protection Encryption Key Storage Password Protection Device Identification

TPM (trusted platform module)

three-way handshake used for a TCP session

The first step of the handshake is where the host sends the server a packet with the SYN, or synchronize, flag turned on or "set." The server responds with a packet that has both the acknowledgment ACK and SYN flags set. Finally, the host responds with a packet that has the ACK flag set. At this point, the TCP session has been established

What is the prime objective of code signing?

To verify the author and integrity of downloadable code that is signed using a private key

Access control which prevents one person from performing an action by separating each task i.e. two people needing to turn a key at same time in order to launch a missile

Two man rule

Uses 128-bit blocks in a key structure of 128, 192, or 256 bits, and is less popular than Blowfish symmetric algorithm

Twofish

referred to as a connectionless protocol. Connectionless refers to sending information without first verifying that the connection exists between the hosts ideal for transmission of voice or media

UDP (user datagram protocol)

may be considered as a network of interconnected hosts that act as if they're connected physically even though there is no such connection between them. differ from subnets in that they do not provide security

VLAN

VLANs that are created through a switch are not natively secure because the data within one VLAN could possibly be exposed to other network segments. Attack that could be the result of this

VLAN hopping

the result of an attack upon a virtual machine whereby the attacker is successful in bouncing out of or escaping the virtual environment and controlling the hypervisor

VM escape

a private network connection that is established through a public network

VPN

a converged network communications concept includes support for real-time chat, video conferencing, voice and video mail, and file exchange

VoIP

used to regulate traffic to and from web servers and specialized web applications. It utilizes specialized rules such as content filtering, access control, and intelligent rulesets that are customized specifically for the web application operates at layer 7 of OSI model protects against content-based attacks such as cross site scripting (XSS), injection attacks, and HTTP forgery attacks.

WAF (web application firewall)

a network node that converts wired network packets into wireless communications. They may be mounted on ceilings, on walls, or on desktop devices.

WAP

used to mitigate the possibility of rogue access points

WIPS (wireless intrusion prevention system)

used to mitigate the possibility of rogue access points in wireless deployments

WIPS (wireless intrusion prevention system)f

utilizes standard short-distance cellular radio transmitters, receivers, and transceivers (cellular telephones, laptops, and cellular-enabled devices) to communicate to wired LANs through access points

WLAN

utilizes radio transmitters and receivers to communicate to wired LANs through access points or directly to wireless endpoints. eliminates the requirement for the leased lines of a MAN

WMAN

uses Advanced Encryption Standard (AES) as the encryption algorithm utilizes AES operating in counter mode with a 48-bit initialization vector. A significant cryptoanalysis Work Factor (WF) is required to brute-force crack the algorithm password release in 2004

WPA2

utilizes standard cellular radio transmitters, receivers, and transceivers (cellular telephones, laptops, and cellular-enabled devices) to communicate to wired LANs through access points or directly to wireless endpoints

WWAN

intended as a much stronger and robust geographically based system covering a much larger physical area than Wi-Fi covers

WiMAX

certificate standard used by PKI

X.509 v3

specifies a standard for the public key infrastructure Certificate revocation lists as well as the structure of a trusted system of certificate authorities are included in _________

X.509 version 3

managed device

a part of the network that requires some form of monitoring and management, such as, for example, routers, switches, servers, workstations, printers, UPSs, and other devices

the main benefit or distinction of symmetric encryption

a single shared key can perform both encryption and decryption operations

determine if the current account access rights and privileges match the current role and requirements of the existing position

account audit

a procedure undertaken immediately upon resignation or termination of an account owner

account deactivation

an organized disassembling of rights and privileges of the user account

account deprovisioning

refers to the access enabled or available for any user account

account entitlement

verifying that the account belongs to the stated individual through the use of various authentication tests and audit techniques

account proofing

verifies that only the authorized person is able to use a specific user account

account/identity proofing

this statement identifies who are responsible for compliance

accountability statement

form of monitoring which involves the injection of packets into communications in order to measure performance of various elements in the network

active monitoring

provides for communication between two or more endpoints where no centralized access point is involved

ad hoc mode

refers to continuous hacking processes often carried out by rogue governments or nation states against other nations, organizations, or large businesses

advanced persistent threat

a type of spyware that, while making an advertising statement or showing a banner, solicits clicks from the end user. When the user clicks the banner, a Trojan or virus is be downloaded immediately, infecting the user's machine

adware

a networking term that describes how an internal network can be totally isolated from the outside world. With no connections in or out of it, there is a complete isolation zone around the network perimeter

air gap

refers to the technique of maintaining a host, network, or electronic storage mechanism that is physically separated from the outside world (Internet) by not having any inbound or outbound connections

air gap

a mathematical function that produces a binary output based on the input of either plaintext or ciphertext

algorithm

constructed in such a manner as to be highly resistant to removal by anti-malware software

armored virus

should be no closer to the original site than 20 miles

alternate site proximity

the total cost (in dollars) for all of the SLEs occurring during the year

annualized loss expectancy

the probability of an event occurring during a year. 100% is equal to one even a year

annualized rate of occurrence

the best answer for the security tool which is used to detect KNOWN examples of malware

anti-virus/anti-malware software

log contains various events logged in real time by applications, databases, or other programs. It is generated by many applications that will be recorded in the application log

application log

utilizes two keys: a public key and a private key. Either key can be used to encrypt or decrypt a message. A message encrypted with the user's public key can be decrypted only by the user's private key and vice versa. This process is very slow

asymmetric algorithm Rivest, Shamir, and Adleman (RSA) Diffie-Hellman ElGamal Elliptic curve cryptography (ECC)

two different but mathematically related keys are used. Each user has both a public key and a private key. The private key can be used to mathematically generate the public key. This is a one-way function. It is mathematically infeasible to determine the private key based only upon the possession of the public key. On many occasions, both keys are referred to as a key pair. It is important for the owner to keep the private key secret

asymmetric key

Digital certificates are based on what type of cryptography?

asymmetric public key

SQL injection

attacker inserts a SQL escape character, a combination of SQL characters, or part of the SQL script into a website form field. If the form field offers limited data validation, the insertion may return database information or an error code, which may be useful to the attacker.

this statement identifies a target group

audience statement

offer crucial information about the actions and activities on an organization's network

audit logs

What security task is performed when a CA issues a certificate?

authentication

represents the source of information presented for either identification or authentication

authentication factor

what mechanism performs identification claims?

authentication factor

makes or defines the determination as to what attributes of a subject or object determine whether access is granted or denied

authorization policy

this statement identifies the individual responsible for the policy

authorization statement

originally allowed the programmer access to the application around the normal access controls Usually delivered by Trojan malware, a Trojan payload installs a malware application that creates the ___________ or access port, for the attacker.

backdoor

term used when LIMITING the amount of network traffic a specific protocol or application is allowed to generate or consume in order to keep the remainder of the network's capacity for other communications

bandwidth throttling

Data transmitted that occupies the entire frequency range of the media. No other data is transmitted concurrently.

baseband

an established criteria for measuring normal events as well as normal activity and traffic on the network

baseline

A baseline may be established as the normal or minimal criteria that must be met by the policy.

baselines

Systems that allow public access and that are hardened against attack

bastion host

IDS and IPS utilize four methods of network monitoring

behavior based detection signature based detection anomaly based detection (similar to behavior based) heuristic based detection

detection mechanism that recognizes various software behaviors and matches them to a library of expected behaviors of known harmful software

behavorial-based detection

primarily against a hash value in that it is easier and faster to determine collisions based on two plaintext messages equaling the same hash value than it is trying to determine the original plaintext for a given hash value. This attack relies on the statistical probability that two events will happen at the same time and that it will be faster to achieve a result using that method rather than having to exploit every possibility such as using brute force

birthday attack

ensures that every bit is recorded correctly during an investigation

bit copy software technique

Prior to analysis, data should be copied from a hard disk utilizing....

bit-by-bit copy software

everything you wish to deny must be listed

blacklist

An algorithm that works on a fixed block of characters. Generally utilize standard block sizes such as 128, 192, 256, or 512 encrypts one entire block at a time

block cipher (block algorithm)

A form of a Bluetooth attack in which the attacker accesses and uses all phone features.

bluebugging

Uses Bluetooth to send unsolicited messages to Bluetooth-enabled devices such as mobile phones, tablets, and laptop computers.

bluejacking

The unauthorized use of Bluetooth to access information from a wireless device.

bluesnarfing

This type of virus infects the storage device's master boot record

boot sector virus

term used in virtualization to describe a networking configuration for guest OSes

bridging

Cloud services, whether private cloud offerings within an organization's IT department, non-fee-based free public clouds, or subscription-based services offered by large cloud providers, all include ease of access and use normal network connections

broad network access

popular with cable television and networking providers, is used to multiplex a very large number of signals on a single media.

broadband

all possible keys are tried until one is found that decrypts the ciphertext

brute-force attack

occurs when more data is placed into a memory location, referred to as a buffer, than the memory location can accept

buffer overflow

one of the earliest and most commonsense designs for local area network layout and design. Featured terminators at each end, and computer hosts as well servers were connected to the wire through what was known as "drops."

bus topology

a set of procedures, programs, and supporting plans that have been established to maintain the operations of the organization in the event of disruption or interruption

business continuity plan

first step in creating a business continuity plan. all assets are identified and possible threats categorized performed to determine the resulting impact to the business of the full or partial loss of an operational functional unit of the business

business impact analysis

the threat evaluation process performed when designing a business continuity plan (BCP) or disaster recovery plan (DRP) evaluates risk in light of work process and is similar in nature to the technique used when designing security policies

business impact analysis

How does IPSec verify that data arrived at the destination without intentional or accidental corruption

by using a randomized hashing operation known as HMAC. Hash-based Message Authentication Code (HMAC)

responsible for the actual transmission of traffic to the next device along the path toward the destination. The ___________ is also known as the forwarding plane. The ____________ is the actual transmission of packets through a router or switch

data plane

If you need to change cloud systems, this allows you to extract your data from one system and import it into another

data portability

every server or application is required to verify the identification and authentication of the user requesting access

decentralized authentication

The end user's private key is always kept private, so they are the only entity in possession of it.

decentralized key management

the art and science of reading various dots and dashes produced by an electromagnetic Morse code receiver or by visually identifying flag signals or flashing signal lights

decoding

Ciphertext is processed through an encryption algorithm using a reverse process, which results in plaintext

decryption

the use of multiple devices from different vendors to enhance security

defense diversity

refers to the use of a number of controls placed in sequence through which a threat must penetrate.

defense in depth or layered security

A term that describes the violation of non-repudiation

deniability

this statement identifies the items and actions directed by the policy

detail statement

activities used to identify a threat

detection

What is the primary benefit of a security camera for physical security

detective

commonly used in a brute-force attack against passwords

dictionary attack

A full backup may be created once a week, then daily backups must be made of the transactions for each day. But this type of backup records all of the transactions since the full backup

differential backup

the study of changes in information as it is processed through a cryptographic system

differential cryptanalysis

increases the complexity of an encrypted message. process of encryption in which the entire hash output for each character modification of the original message is changed

diffusion

created when a subject's public key is signed by a CA's private key

digital certificate

Would you agree with me that if a public-key is public, therefore anyone can access it? Also, if there is a piece of information that everybody can access, doesn't it therefore make sense that someone might be able to fake this piece of information? This is the exact problem that we have in public-key cryptography, which uses both public and private keys. What if Amazon wasn't really Amazon, or Sears wasn't really Sears? The question is, how do I know that you are the real owner of the public key? There must be some way of branding your name on a public key so that absolutely, without a doubt, it links you or "binds" you to that key. There should be no doubt that you own that key

digital certificate these certificates solve this problem A digital certificate is like a notary public of the cryptographic world. A third-party verifies that the public key is yours and that you are in fact you. As long as everyone trusts this third party, the system works.

the primary method of authentication in a typical PKI deployment

digital certificates

widely used to sign messages. Provides both proof of origin (and therefore nonrepudiation) and message integrity does not provide confidentiality

digital signatures

identification data that is covertly included in either image data or audio/video data. May be used to verify the authenticity or integrity of an object file or to indicate the identity of the owners

digital watermark

Designed to force or direct a radio signal in one direction.

directional antenna

a type of web attack using HTTP in which the attacker escalates their privileges to climb to a parent directory, or higher-level directory, out of the original website directory

directory traversal

a documented set of procedures used to recover and restore IT infrastructure, data, applications, and business communications after a disaster event

disaster recovery plan

What is the type of access control in the default access control method found in Microsoft Windows which allows users to share files?

discretionary access control

features two extensions within a filename, but only the final file extension is operative

double file extension attack

attackers have already identified the target and either jam the target with powerful conflicting signals on the 2.4 GHz and 5.0 GHz bands, thus disrupting communications, or attempt to intercept communications

drive-by attack

an access mechanism whereby two individuals must work together to gain access

dual control

contains two network interface cards (NICs), one connected to the external network and one connected to the internal network

dual-homed firewall *dual or multihomed always refers to the use of two or more network interface cards on a device

ensures an activity is performed correctly

due diligance

Ports 49152-65535

dynamic or private ports

dynamically detect malware and are described as an anti-malware protection system...........used to monitor and protect network, email, endpoint, mobile, and content assets

dynamic threat analysis appliance

a legal tool used by opposing counsel to obtain requested information that may contain evidence or other useful information for a lawsuit. It is not the information itself. It is the process of obtaining the information

eDiscovery

the legal process by which law enforcement officials, including attorneys, can make formal requests, sometimes with a search warrant, to obtain digital information in relation to a legal action, investigation, or court proceeding

eDiscovery

a block cipher mode that uses very short messages usually smaller than 64 bits

electronic codebook

another name for transmitting data offsite to either a physical storage location or a cloud storage location

electronic vaulting

detection of potential threat realization (i.e. compromise attempts)

elevated

a method of applying discrete logarithm mathematics in order to obtain stronger encryption from shorter keys using this method an RSA 160-bit key provides the same protection as an RSA 1,024-bit key.

elliptic curve cryptography

the act of placing restricted data inside a larger packet and placing a special destination address on the packet so that it may be routed to the intended receiver

encapsulation

the action of changing a message from one format to another using a coding method. i.e. alphabet represented by 1's and 0's in ASCII or dots and dashes using Morse code

encoding

he process whereby ciphertext is created by processing a plaintext message through an encryption algorithm and utilizing an encryption key and possibly an initialization vector that results in encrypted text

encryption

the most important concern when using a cloud solution as a component of a backup strategy

encryption of transfer and storage

the process of taking a deliberate action to permanently remove or destroy the data stored on a storage device

endpoint data sanitiztion

consists of an endpoint-mounted firewall, host intrusion detection systems (HIDSs), and antivirus software

endpoint defense

this statement identifies the consequences of violating the policy

enforcement statement

a one-time key generated at time of need for a specific use or for use in a short or temporary time frame.

ephemeral key

a data storage and data identification technology used to provide high-availability and data reliability to cloud-stored data. Like RAID but in the cloud

erasure coding

The frequency of these errors (false positive, false negative) is referred to as an error rate

error rate

any observable occurrence in a system or network

event

stores cookie data in several locations the website client can access. Should cookies be cleared by the end user, the data can still be recovered and reused by the website client

evercookie

a rogue Wi-Fi access point that appears to be a legitimate access point that is part of an enterprise network on the premises but has actually has been set up to eavesdrop on wireless communications.

evil twin

part of the router that receives arriving packets and routes them through an output interface to the destination address. Utilizes destination addresses obtained by the control plane and maintained in routing tables

forwarding plane

the study of how often various characters show up in a language

frequency analysis

the contiguous copy of the entire system and data

full backup

a complete power up of an alternate site, switch over and power down of the primary site

full interruption test

features full-time members who respond to incidents on a daily basis. Very large corporations, financial institutions, banks, and other organizations require full-time response teams based on the frequency of incidents

full time incident response team

address specific issues or concerns of the organization. They may be used to define requirements related to particular areas of security, such as access control, acceptable use, change management requirements, hardware and software updates, and other operational concerns. An example of a functional policy is a Bring Your Own Device (BYOD) policy

functional policy

report to other managers and departments throughout the organization and become members of incident response teams when they are required

functional response team

accepted or tolerable risk

guarded

suggested steps for performing a task that leave room for discretionary judgement

guidelines

a broad term that can refer to individuals who only want to disrupt normal operations to terrorists waging a type of cyber war against a target and anything in between

hacker

a person or group that exploits a weakness in technology in order to draw attention to a personal message or agenda

hacktivist

A one-way mathematical algorithm in which a hash value or message digest is a fixed-size output.

hash function

When crafting a digital signature, what are the initial steps in the process performed by the sender

hash the message and then encrypt the digest with the private key

type of cryptography that does not use an encryption algorithm a one-way function cannot be used in a reverse function to derive the original document always produce a fixed-length output regardless of the size of the original document provides message integrity

hashing

A learning and statistical assumption technique used in making very fast decisions with relatively little information.

heuristic-based detection

trust relationship with a top entity and subordinates

hierarchical trust

a method whereby numbers of host machines may be logically or physically connected so that all of their resources (such as CPU, RAM, hard drive, and network communications capability) can be shared among all of the hosted virtual machines

host clustering

a patch that can be applied to piece of hardware or software without the requirement to power down or reboot the product

hot patch

a fix that may be applied to a piece of hardware or software that is currently online and in use

hotfix

a physical location available for immediate switchover of processing operations

hotsite aka backup site

consist of combining two forms of cloud deployments offer a great degree of flexibility to an organization

hybrid cloud

based upon initializing an encrypted session utilizing asymmetric encryption to encrypt and send a symmetric key to the other party both asymmetric cryptography as well as symmetric cryptography are used in the same encrypted session

hybrid cryptography

consists of wireless devices connecting to an access point that then interfaces with a standard wired network.

hybrid wireless network

a means to encapsulate SCSI signaling into an IP packet in order to traverse a standard IP network rather than a traditional SCSI ribbon cable

iSCSI (IP Small Computer System Interface) iSCSI is to SCSI as VoIP is to telephones.

the best means of risk mitigation

implementing safeguards

a type of access rule that states that if a subject is not listed on the access control list, access is denied. This type of rule is usually at the bottom of the rules list in either a router or a firewall. Its purpose is to act as a catchall

implicit deny

the catchall that prohibits the passage of anything that has not been ethically or explicitly authorized.

implicit deny

the most important foundational security concept upon which most other security ideas and solutions are based

implicit deny

refers to anti-malware that has been released onto the Internet. Imagine that this malware is roaming free and is being exchanged through unsuspecting host relationships, indiscriminate clicking email links, and other types of actions that spread the malware through the Internet.

in the wild

refers to transmitting, or sending, a key over the existing communication connection. Eavesdropping and man-in-the-middle are typical attacks on key exchanges

in-band key exchange

an event with the potential to cause harm to the organization. Usually considered an intrusion by an outside force, but it may also be caused by an internal user. May also be intentional or unintentional.

incident

a set of established responsibilities, criteria, and procedures to be initiated upon the discovery of an incident. Involves the IT assets of an organization

incident response plan

defines how an organization will respond to security violations and intrusions

incident response plan

an assortment of multidisciplined individuals from across the organization who aid in the mitigation of harm and the containment of an incident.

incident response team

daily backups are stored in separate files In the event of a restoration, each of the files must be added to the others and finally to the full backup to form a contiguous data file containing not only all of the existing information from Sunday but also the information from the rest of the week.

incremental backup

worse than no countermeasure at all because it provides a false sense of security

ineffective countermeasure

risks to IT hardware, software, and information assets are identified and threats and vulnerabilities are reduced to an acceptable level

information risk management

standard also provides for the communication of numerous wireless devices connecting through network access points (APs)

infrastructure mode

an unencrypted random number that is used to create complexity during the encryption process.

initialization vector

used as common components of encryption algorithms because they increase the chaos in encrypted output

initialization vector (IV)

all of the items that must be considered, such as laws, policy, goals and objectives, availability, costs, and other input

input constraints

may be performed by a disgruntled employee, third-party contractor, or anyone with direct inside access to an organization's network or host workstations

insider attack

a nonphysical asset

intangible

access control list tool that inspects packets on a network, and takes a predetermined action to stop the attack

intrusion prevention system IDS and IPS have become one HIDPS and NIDPS

means that all of the devices on the wire or network are transmitted the same time. has no mediating controller and therefore is called contention-based access and nondeterministic. It is the least effective of any of the transmission protocols because none of the devices have any means of determining when to transmit data.

multiple access

Most often describes multiple virtual machines residing on one host. In cloud hosting, the virtual machines may not be owned or controlled by the same organization. can also refer to several users accessing a single instance of an application or virtual device.

multitenancy

requires both entities to prove themselves to each other simultaneously

mutual authentication

Countries around the world that sponsor cyber terrorism may plant advanced persistent threats (APTs) in foreign government or foreign commercial enterprises for intelligence gathering purposes. Cyberwarfare is a term to describe these activities

nation state

How is granular control of objects and resources implemented within a mandatory access control environment?

need to know

In organizations that enforce _________________, individuals are not automatically given access to sensitive information simply because they possess the appropriate security credentials and clearance. It is based on a case by case basis

need to know

Subjects cannot read information classified at a higher level than theirs

no read up

a method of asserting that the sender of a message cannot deny that they have sent it assertion is created by associating something that only the sender possesses, for example, their private key

non-repudiation

standard benign operations

normal

5 levels of risk

normal - standard benign operations guarded - accepted or tolerable risk elevated - detection of potential threat realization (i.e. compromise attempts) substantial - security violations have occurred, but have not interrupted mission critical functions severe - mission critical functions have been significantly affected or interrupted

Information concerning network operation data volume and other considerations is communicated from the hardware layer to the applications and business logic. This allows operators to monitor network operations.

northbound APIs

"monitor" an attack while it's in progress

not advisable to do this, the organization could face legal consequences. Incident response activities should start immediately after an incident has been discovered

What is the purpose of a baseline in relation to security monitoring?

notices trends away from normal

the (passive) resource or asset of which a subject is requesting access. These roles may change or flip..

object

an object such as a document is labeled (classified) in some manner to illustrate the status of the information. For instance, it may be labeled company confidential, sensitive, or unclassified

object classification

Designed to provide a 360° pattern and provide an even signal in all directions

omnidirectional antenna

When should security training take place

on hire and yearly

Users can subscribe to services by simply selecting from cloud provider menus

on-demand self service

The concept is that a real or virtual paper pad contains codes or keys on each page that are random and do not repeat. Each page of the pad can be used once for a single operation, and then it is discarded—never valid or to be reused again. The one-time use of an encryption key is the most secure form of encryption possible

one time pad

takes the input of a plaintext message and outputs a ciphertext message it is mathematically infeasible to determine the original plaintext message from the ciphertext message. primarily used in hashing or for verifying the integrity of a message

one way algorithm

users in one domain may access resources in a second domain. But since this is a one-way relationship, users in the second domain may not access resources in the first domain.

one way trust

used to clarify and provide a clear direction on operational topics such as access to specific database information, application software, or networking facilities

operational policy sometimes referred to as system-specific policies

established by a person or group with a high level of authority, such as a senior manager or corporate office, and it's usually very broad in nature, impacting the entire organization, corporate division, geographic area, or a country-specific working group

organizational policy

term used to describe the transmission of key material through any other means. This may include notes, handwritten messages, security transfer pouches, or verbal exchange, to name a few

out-of-band key exchange

transmitting a message or date by any means other than through a normal channel of communication normally used to describe a method of exchanging passwords by not sending them over the same channel as the encrypted message.

out-of-band transmission

a stream cipher that allows the keystream to be prepared and stored in advance, prior to the encryption operation

output feedback

contract out network and system monitoring as well as the response to intrusions

outsource response team

firewall that passes data based upon packet addressing information. It does not analyze the data included in a packet but simply forwards the packet based upon an application or port designation

packet filter firewall

Devices such as routers use the destination address and forward the packet to the next router until the packet eventually arrives at its destination.

packet switched

software applications are run in parallel with the actual business environment to test how well they will perform

parallel test

best characterized by a vehicle located within close proximity to a transmission source, such as in the parking lot of an organization. The attacker usually has sophisticated radio monitoring equipment

parking lot attack

also known as a reciprocal site involves an agreement between two companies to share resources in the event of a disaster

partner site/contracted or mutual site

necessary to support file transfer when a client is located behind a firewall that does not allow inbound initiated contact

passive FTP

necessary to support file transfer when a client is located behind a firewall that does not allow inbound initiated contact.

passive ftp

collects data about objects, events, and packets that are natively present in the environment, rather than injecting new elements.

passive monitoring

lock an account after a preset number of password logon attempts. Using this technique prohibits brute-force attacks.

password attacks

specifies how often passwords must be changed, password complexity, how passwords are audited, and other password characteristics.

password policy

a piece of software intended to update an application, operating system, or control program to improve its usability and performance.

patch

should be applied regularly as available from the manufacturer. should be tested on simulated production equipment prior to being distributed to production

patches

the harmful code contained within any malware

payload

a property that states that a session key won't be compromised if one of the long-term keys used to generate it is compromised in the future

perfect forward secrecy

a connection between endpoints where the carrier configures the circuit routes to provide the requested speed and bandwidth through their equipment.

permanent virtual circuit

most important asset in any orginization

personnel

a type of social engineering attack to obtain access credentials, such as usernames and passwords. In practice, it's a type of attack that redirects the user to an unexpected website destination. Can be conducted either by changing the hosts file on a victim's computer or by exploiting a vulnerability in DNS server software

pharming

an attack that attempts to obtain personal information, credit card information, or login information by masquerading as a legitimate entity

phishing

what are the three types of controls

physical logical administrative

similar to a buffer overflow attack. The pointer is used to index the process within a process stack. The attacker attacks the pointer through buffer overflow techniques to change it to point at the malicious code

pointer overflow

changes slightly as it replicates throughout the system. This makes it difficult for scanners to detect this type of virus because of different variations

polymorphic virus

Cloud systems make use of virtualization to allow total hardware usage allocation. This means that rather than have one server with one client that uses the server 60 percent of the time, the same server might have several virtual machines running that use 95 percent of the hardware capability and can be adjusted for workloads very rapidly

pooling of resources

NIST SP 800-37 rev 1, 4 steps in risk assesment

prepare, conduct, communicate and maintain

continuously monitor intrusions based upon a variety of signatures, behavioral characteristics, or heuristics

real time monitoring difference between real-time monitoring and active monitoring is that real-time monitoring is continuously listening to the traffic on the network and automatically sending alerts based upon some criteria

activities used to return operations to normal after an incident

recovery

The abstract machine concept that mediates all access by subjects to objects (part of the TCB)

reference monitor

Ports 1024-49151

registered ports

performs data acquisition and validation services of public key owners on behalf of the certificate authority.

registration authority

when a fix for a current problem creates problems in prior versions of the product

regression

a cloud vulnerability since data stored on a cloud server system based in Spain may come under the jurisdiction of the Spanish legal system

regulations and jurisdiction

created by government or by an industry specific group to control a process

regulatory agency

a position that is responsible for communicates issues, problems, and concerns and coordinates the services of the help desk group to facilitate software deployment.

release coordinator

required when the user is in a remote location from the company network

remote authentication

involves the capture of portions of a message by an attacker who then plays the message back at a later time to convince the host receiver that it is still communicating with the original sender.

replay attack

directly attacks the antivirus program, potentially destroying the virus definition database file. The virus disables the antivirus program yet makes it appear as if it is working, thus providing a false sense of security

retrovirus

not only does the user authenticate to the system when requesting access, they also have knowledge that the system they are contacting is in fact a genuine site.

reverse authentication can be done using images or personal security questions

act of decomposing an item to determine its construction and method of operation

reverse engineering

form of social engineering which tricks a victim into contacting the attacker to ask for technical support

reverse social engineering

provided a solution to the problem of who talks next. When a token was circulated around a closed loop ring, each node could determine exactly when they could transmit next. This was referred to as a deterministic system has been almost totally eliminated and replaced by Ethernet technology

ring topology

the likelihood of a threat exploiting a vulnerability and resulting in a loss.

risk

an organization acknowledges a risk and makes a conscious decision to just live with it,

risk acceptance

analytical method of identifying both threats and asset vulnerabilities and determining the likelihood and impact should the threat event occur and exploit the identified vulnerability

risk analysis

eliminating a risk situation. For instance, if you never climbed a ladder, you would never fall off

risk avoidance

The amount of impact or damage a threat may cause to an asset

risk impact

NIST SP 800-37 Revision 1 offers a six-step process for implementing information security and risk management activities into a cohesive system development life cycle

risk management framework

alters elements throughout the enterprise to minimize the ability of a threat to exploit a vulnerability

risk reduction

the process whereby a control is put in place to reduce risk

risk reduction

lists and categorizes each discovered or encountered risk within a properly implemented enterprise risk management (ERM)

risk register

When the responsibility for the payment of loss is placed on a third party

risk transference; done through outsourcing and insurance

documents the plan for implementing preferred risk mitigation strategies for dealing with identified risks

risk treatment schedule

a very old attack where malicious software allows the attacker to take root control of an operating system..............disguises itself by appearing as authentic operating system software to hide from antivirus/anti-malware software. Grants the attacker high-level authority with the ability to change system parameters and remotely execute files.

rootkit

a networking device used for connectivity between two or more networks.......provide routing based on IP addresses.... communicate with each other to determine the best path for packets.........The hop counter on a packet begins at 15 and decrements each time it crosses a _____. If the hop counter gets to 0, the packet is dropped. This prevents packet loops.

router

access control by limiting access based on set guidelines such as time or attempts

rule based access control

typically a set of conditions that, if applied in good faith, may temporarily or indefinitely protect the organization from legal action or penalties imposed by a new regulation or law.

safe harbor provision

any device, procedure, or action that provides a degree of protection to an asset

safeguard

the process of adding additional bits of data to a cleartext key or password prior to it being hashed

salt

refers to a machine or virtual network that is totally isolated from the production environment

sandbox

A program that has the ability to extract data displayed on a screen or output device.

screen scraper

This type of cable features shielding encasing each of the twisted pairs as well as the outer bundle of twisted pairs. This eliminates EMI between the twisted-pair sets and prevents EMI from entering or exiting the cable bundle

screened shielded twisted pair

Usually an unskilled, inexperienced, immature hacker who utilizes hacking tools and scripts

script kiddie

a software development process proposed by Microsoft to reduce software maintenance costs and increase the reliability and security of software

security development lifecycle (SDL)

records events related to resource use, such as creating, opening, and deleting files or manipulating other objects

security log

usually a form of server product that centrally manages the security settings and security components of network-based endpoint computers

security management software

a specific update to an application, operating system, or control program in response to the identification of a vulnerability.

security patch

must be in alignment with the mission, objectives, nature, and culture of a business. Organizational policies are not based on best practices.

security policy

where one person is required to complete each part of a task. Using the example of key escrow, one person might access the key contained in key escrow while a second person must decrypt the files using the retrieved key. And a third person may verify that each of the other two persons performed their actions correctly

separation of duties

made up of a number of updates, enhancements, fixes, or patches that are delivered by the manufacturer in the form of a single executable file

service pack

encryption keys used for a single communication session. At termination of the communication session, the key is discarded.

session key

restrict or allow actions during a specific communication session. These controls terminate when the session is terminated.

session level access control

mission critical functions have been significantly affected or interrupted

severe

utilizes a common ground shield encasing the twisted strands.

shielded twisted pair

Best practice for restoration of a device after an incident

should include reimaging from a standard image or from a known good backup

an entry in a database describing a violation or exploit which is used to match real-time events in order to detect and record attacks by the continuous monitoring solution

signature

the means of incident or violation detection which is based on a collected sample of the unwanted activity

signature-based detection

patterns of known malware

signature-based malware protection

the user in a trusted domain requests access to a resource in the trusting domain

simple trust relationship

A typical emergency situation may be practiced. Features actual steps that would be taken during an actual emergency or disaster

simulation test

type of fiber-optic cable has a small-diameter glass core that decreases the number of light reflections. This allows for greater transmission distances, up to 80 kilometers (km) standard outer jacket color is yellow most expensive type of cabling

single mode fiber optic

an identification authentication technique whereby the user signs on one time and has access to multiple applications

single sign-on

the virtual environment tool that allows for testing and experimentation within a guest OS while providing a means to roll-back to a previous stable state in just seconds

snapshot

a series of steps in which software is loaded on a server and distributed

software deployment

authentication factor that includes the use of a biometric system to verify the user's physical characteristics such as fingerprints, palm scans, iris or retina scans, facial feature scans

something you are

authentication factor that makes use of various traits exhibited by the individual. These traits include voice patterns, heart rhythms, handwriting analysis, and keyboard typing characteristics.

something you do

authentication factor that includes credit cards, digital proximity cards, radio-frequency identification (RFID) devices, hardware tokens, photo ID badges, and smartphones for SMS/text messages.

something you have

authentication factor that uses a geolocation or geotagging system to physically locate the user by recognizing the user access point or terminal, IP address, satellite triangulation, or cell towers in use.

somewhere you are

Information is sent to the underlying hardware infrastructure with provisioning and deployment instructions.

southbound APIs

receipt of unwanted or unsolicited emails

spam other variations: spim (spam over instant messaging) spit (spam over internet telephony)

directed attack on an individual or group of individuals with the goal of gathering personal or corporate information

spear phishing

a system in which part of a secret is shared among two or more individuals

split knowledge

mishandling of electronically stored information

spoliation of evidence

where the attacker appears to be someone or something else in order to mislead another person or device

spoofing attack

malicious software that is placed on the host computer and monitors actions and activities and often creates a log of some sort

spyware

this statement identifies the regulations or laws that pertain to the policy

standards or mandate statement

each node is connected to a central device such as a switch or router. Although the use of a centralized connection devices inserts a single point of failure, the flexibility of this type of network design allows for shorter cable runs and ease of network deployment most common topology in modern networks

star topology

compares existing conversations with new packets entering the firewall connecting for the first time. The new packets are compared against rulesets for a decision about whether to allow or deny

stateful packet inspection firewall

do not track the continuity of conversations and only make allow or deny decisions based upon simple rulesets

stateless firewall

masks itself as another type of program to avoid detection, usually by changing the filename extension or modifying the filename

stealth virus

simply hiding one message inside another known as hiding in plain sight

steganography

This evaluation is used to determine the asset value and potential risks to the system (risk management framework or RMF)

step 1 categorize

Baseline security controls are selected based on the category of the system. (RMF)

step 2 select

the selected security controls are installed and properly initiated throughout the system (RMF)

step 3 implement

XORs the bits of a plaintext message one at a time with a keystream to create ciphertext an algorithm that performs encryption on a continuous bit-by-bit basis. Used when encryption of voice, music, or video is required. This algorithm is very fast.

stream cipher (stream algorithm)

disaster recovery/emergency management plan testing type is considered the most cost-effective and efficient way to identify areas of overlap in the plan before conducting a more demanding training exercise

structured walk through test

person or system requiring access to the classified object or data. Generally, this technique is referred to as issuing a clearance level

subject labeling

covers up numbers in the address that are not required. When a network is subnetted, it is divided into smaller components, or subnets, with a smaller number of host machines available on each subnet.

subnet mask

This makes the broadcast domain much smaller and have fewer hosts. The advantage to this is much better network performance because you are reducing overall network traffic while also making the network more secure and manageable this can be done for a network logically, topologically, physically within a building, by workgroups, or by a building within a campus

subnetting

security violations have occurred, but have not interrupted mission critical functions

substantial

the process of replacing one letter for another. For instance, when using the Caesar cipher disk, the inner disk is rotated three places, ROT-3, and the corresponding letter can be used as a substitute in the encrypted text

substitution

what kind of cipher is the Caesar Cipher

substitution cipher

backup personnel are available in the event that key personnel are lost or unavailable

succession planning

access control list tool that routes network communications based upon the Media Access Control (MAC) address of a device creates a map table identifying the device with the MAC address in the specific port

switch some combine the ability to switch MAC addresses as well as route IP addresses, these are Layer 3 switches

dynamically configures the circuit routes each time the circuit is used by the end user.

switched virtual circuit

uses a symmetric key and operates at extreme speeds. Both the sender and the recipient require the same secret key. This can create a disadvantage in key distribution and key exchange.

symmetric algorithm

sometimes called private key or secret key cryptography, uses a single shared encryption key to both encrypt and decrypt data. provides very fast encryption

symmetric cryptography

a key used with a symmetric encryption algorithm that must be kept secret. Each party is required to have the same key, which causes key distribution to be difficult with symmetric keys

symmetric key

provides an extra defense within a Windows-based system against password-cracking software makes use of strong encryption techniques that make cracking encrypted account passwords more difficult and time-consuming than cracking non-encrypted account passwords

syskey

This is the highest alert, possibly affecting major sections of the network or applications

syslog 0 emergency

This indicates a major problem, such as the loss of a central application or communication method

syslog 1 alert

This represents the loss of a backup or secondary device.

syslog 2 critical

Warnings are usually set to indicate that a threshold is near. For instance, server utilization is at 90 percent.

syslog 4 warning

These messages indicate potential problems that should be investigated.

syslog 5 notice

These are status messages and no action is usually required.

syslog 6 info

Debug messages are utilized by developers and programmers.

syslog 7 debug

The Value of the Information (this may be different depending on the organization) and the Method of Accessing the Information (This is how the info is made available)

system level access control

individuals assigned to the test being conducted will assemble in a conference room. Here they will review the continuity plan or disaster recovery plan and proceed through the plan step-by-step, outlining their personal responsibilities

tabletop test/structured walkthrough test

event data analysis

the process of taking raw data from numerous sources, assimilating and processing it, and presenting the result in a way that can be easily interpreted and acted upon

the method of placing plaintext horizontally into a grid and then reading the grid virtually. This ______________ the letters and characters.

transposition

any incident or event that represents the probability to harm an organization

threat

the path which a threat takes to cause an action.

threat vector

the pathway to a target or the method used by the attacker to infect a target

threat vector

a drive array that is usually provided by a single manufacturer and features a proprietary physical backplane, which maintains connectivity to both drives and controller nodes

tight coupled cluster

What is the goal of event data analysis?

to interpret collected events and take appropriate action

based upon a one-time password. Because the password is used only once, it is very difficult for a hacker to obtain it. A token, or token device, is usually a small hardware device that displays a number

token-based access control

used to manage the priority of traffic on corporate LANs. a network traffic management technique that prioritizes packets in accordance with a network traffic profile. It is used to optimize or guarantee the delivery of some packets prior to others

traffic shaping

trust relationship that shares info over a middle entity

transitive trust

refers to the encryption of data in transit. IPsec is a very popular use of this

transport encryption

In this mode of IPsec, the packet contents are protected while the original IP header is exposed for internal routing. used for host to host, peer-to-peer, and endpoint-to-endpoint communication

transport mode

similar to several parallel bus structures, each containing networking items, one placed on top of the other. The top-level bus drops to a server. The server then connects below it to another bus, which contains hosts or workstations. This is a layered approach to a bus structure, but it still maintains the same problems as a bus topology

tree topology

used to combine multiple distinct physical network topologies into a single network structure

tree topology

malware that is disguised as a usable program

trojan

when no malicious events are taking place and no alerts are being triggered

true negative

when malicious events are taking place and an alert is triggered to notify the incident response team

true positive

A special, logical and compartmentalized computer that is in charge of enforcing access control

trusted computer base

contains the user requesting access to a resource in another domain. The domain containing the resource "trusts" the domain containing the user. Therefore, the user's domain is referred to as a ____________

trusted domain

otherwise referred to as the resource domain, contains the resource to which access is desired

trusting domain

How is a backup strategy tested to verify that it is a viable tool for recovery after a disaster?

try to use the backup. Restore files from it, if the files are restored properly it is a viable backup

the act of adjusting a device such as an intrusion detection system or intrusion prevention system to detect events, intrusions, and other anomalies that have exceeded the clipping level set for the device

tuning

both domains trust each other and each user in either domain may access the resources of the other

two way trust

used to describe a relationship between two entities where resources from either side can be accessed by users from either side.

two-way trust

This cable features numerous individual copper cable strands twisted together.

unshielded twisted pair

industry slang used to describe the installation of any software that either fixes a vulnerability or increases the usability or functionality of the product

update and upgrade

a team tests the software against specific scenarios

user acceptance testing

the rights and privileges assigned to a user

user entitlement

primarily running an application, database, or operating system that is completely separate from the hardware on which it is running

virtualization

the time and effort that it would take to break a specific encrypted text

work factor

a type of software that replicates itself without assistance infects host computers as well as networks by leaving a copy of itself in each location or host machine. The primary use is to create a denial of service (DOS) attack

worm

consisting of multiple parallel metal rods called dipole elements in a line. As opposed to a simple dipole antenna, this design achieves a high degree of directionality and gain

yagi antenna

a type of attack in which the attacker uses a previously unknown attack technique or exploits a previously unknown vulnerability

zero-day attack

a technique used to completely erase a key from an electronic device or a memory module such as a hard drive, smart card, or USB drive so that magnetic information may not be retrieved by any known method

zeroisation, aka clearing

generally described as a compromised computer that may be controlled under remote control

zombie


Conjuntos de estudio relacionados

First Year, First Semester Final Part 1

View Set

Chapter 38: Caring for Clients With Cerebrovascular Disorders

View Set

EAQ - Medical-Surgical Pharmacology

View Set

American Politics and the U.S. Constitution: Lesson 6, Unit 42-46 (WGU)

View Set

Quiz 9: the balanced scorecard, the triple bottom line, and business models

View Set

27 Amendments List US Constitution

View Set