SSCP
networking or system logs that record various events as they occur. Everything that happens on a network—an individual logging in, developing an application, accessing a database, and sending an email—can be recorded
event logs
unknown user is identified as a known user by mistake
false acceptance
known user is not identified and rejected by mistake
false rejection
specifically deals with protecting data in any of its three states: in process, in transit, and at rest
data level access control
an essential line of defense within a network system. They separate networks from each other and specifically separate interior networks from untrusted networks such as the Internet
firewall
access control list tools that compare incoming access requests to a set of rules
firewalls and routers
Subjects with access to information at a certain security level cannot write that information to a lower security level
no write down
access control that is applied to an object. access is granted by the identity of the subject users are able to give one another access, have the 'discretion' to change permissions on a file
discretionary access control
In this mode, the original IP packet, including the payload, is encapsulated into a new packet with a new header. used for network-to-network, gateway-to-gateway, or firewall-to-firewall communication
tunnel mode
a mathematical function that may both encrypt and decrypt a message
two way algorithm
patches provided by third-party individuals or organizations for commercial software
unofficial patch
various cloud providers are providing Infrastructure as a Service (IaaS) disaster recovery sites
virtual site/cloud site
Ports 0-1023
well known ports
targeting of senior executives within an organization, usually through officially appearing emails
whaling
network consisting totally of wireless devices.
wireless network
prevent the writing of any information on the hard drive during an investigation
write block hard disk controller
when doing forensics this device physically blocks the signals from a computer to the storage device that would cause a change to the data on that storage device
write blocker
What is the certificate standard used by PKI?
x.509 v3
access control that is applied to a subject. access is granted by the administrator for each object
nondiscretionary access control
a message in readable format. May also be represented in other code formats, such as binary, Unicode, and ASCII
plaintext or clear text
type of fiber-optic cable uses a plastic core that allows for larger-diameter fibers
plastic optical fibers
a specifically jacketed cable with a fire retardant plastic jacket
plenum cable
detailed steps that provide direction when performing a task
procedures
used to intercept packets flowing along the network. Data that is transmitted across the network may be intercepted by a personal computer with a network interface card set in promiscuous mode
protocol analyzer or packet sniffer
Which of the following is the third canon of the (ISC)2 Code of Ethics?
provide competent and diligent service
Trojan software is loaded by the user, either willingly or through other practices, and once installed, functions as ransomware
rogue software
access control by placing subjects in privilege level groups
role based access control
the number of times an encryption process may be performed inside an algorithm
rounds
authentication factor that includes any information committed to memory or in written form, such as passwords, PINs
something you know
the user or system (actively) requesting access.
subject
When detected, this means that the failure of an application or system was not critical in nature.
syslog 3 error
What are the three possible round counts for the key lengths of AES?
10 , 12 , 14
minimum distance between hq and dr
20 miles
preprocessing processing postprocessing
3 P's of data processing within an application
default port for TLS encrypted SMTP
465
refers to wireless security provided by the WPA2 encryption method.
802.11i
can be implemented on a wireless access point to eliminate the risk of static password-guessing attacks
802.1x
the IEEE standard known as port-based network access control which is used to leverage authentication already present in a network to validate clients connecting over hardware devices, such as wireless access points or VPN concentrators
802.1x
small applications that are downloaded to the client computer during a web session...........can do harm unintentionally due to poor programming or poor design, while others are malicious
Add-ons two kinds of add-ons: java applets ActiveX
controls to regulate actions taken by individuals
Administrative Access Controls
can be established between two firewalls. The first firewall, which is facing a untrusted network such as the Internet, screens unwanted traffic but allows desired traffic to access the demilitarized zone subnetwork. The second firewall protects the internal enterprise network.
DMZ
This service always a logical network topology of a bus
Ethernet
an IEEE 802.3 standard that supports a number of different media standards such as coaxial, fiber-optic, and shielded and unshielded twisted-pair cable....... referred to as a "best effort" communication method
Ethernet
a digital mathematical function that combines ones and zeros from two different sources in a specific pattern to result in a predictable one or zero. It is a simple binary function in which two binary values are added together. the addition of 0+0 or 1+1 always outputs a 0 the addition of 0+1 or 1+0, output will always be a 1
Exclusive or (XOR)
Designates a fully shielded twisted-pair cable where internal twisted pairs are individually shielded and the entire cable bundle is encased by an external shield. The F designates foil, while the S indicates a braided shield.
F/FTP and S/FTP
Designates a twisted-pair cable with foil shielding that encases all of the twisted pairs.
F/UTP
a standard approved by the secretary of commerce as compulsory and a binding standard for federal agencies.
FIPS (Federal Information Processing Standards)
an act responsible for developing information security standards and guidelines.
FISMA (Federal Information Security Management Act)
the most difficult attack. The attacker has little or no information other than the ciphertext. The attacker attempts to use frequency of characters, statistical data, trends, and any other information to assist in placing the ciphertext.
ciphertext-only attack
created by physically connecting to endpoints through a series of wires and mechanical switches where the signal voltage generated at one endpoint is received by the other endpoint.
circuit switched
a threshold of activity established above the baseline that, after crossed, sets off an operator alarm or alert
clipping level
a cloud vulnerability since a number of clients may all be running on the same hardware, issues could come up if one client runs into legal trouble or gets hacked etc
cloud client encroachment
a cloud vulnerability that encompasses not only the financial viability of a cloud provider but also their ability to provide adequate safeguards and security controls on the cloud equipment
cloud vendor reliability
refers to using a combination of servers or systems to reduce the risk associated with a single point of failure
clustering
constructed as a large copper central conductor encased in a nonconductive dielectric material that is then encased within a braided copper shield and covered with a plastic casing.........much less resistant to interference and cross talk................capable of handling much greater current loads and is therefore ideal for radio antenna lead cables....................much more expensive than twisted pair and requires a much wider bend radius
coaxial cable
a method through which the author is authenticated and confirmed as the original provider of the software................accomplished by the software author using a cryptographic hash algorithm to process the software code to obtain a hash value or message digest
code signing
a facility that has power, heating, ventilation and air-conditioning, and little else. It does not have communications or computer equipment
cold site
occurs when two or more entities, such as business partners or service providers, participate in overseeing the activities of a shared or common network or environment.
collaborative monitoring
when two different plaintext documents create the same output hash value
collision
when one or more individuals or companies conspire to create fraud
collusion
This is a type of hacker who may be hired by a third party to infiltrate a target for a specific agenda
commercial hacking
The cloud model in which similar entities or groups of users access a semi-private cloud environment that has been established for their particular purpose.
community cloud
a device, procedure, or mechanism that addresses the inherent weakness of the primary control
compensating control
a secondary control placed into use if the first or primary control is disabled or no longer usable. In this case, a hotel room door has a lock; the chain is a secondary
compensating control
the application of tools that allow for the centralized management of settings, firewall rules, and configuration files that allow networking items to perform their assigned tasks
configuration management consists of identification control accounting auditing
increases the complexity of an encrypted message by modifying the key during the encryption process, thereby increasing the work factor required in cryptanalysis.
confusion
When a storage device is taken in as evidence, what is the first step performed by the forensic personnel after starting the chain of custody form and writing out the evidence collection form
connect the device to a write blocker
involves the policy, process, and technology used to detect risk issues within an organization's IT infrastructure
continuous monitoring
When implementing LAN-based security like traffic management in a software-defined network, where are decisions about where traffic is to be sent made?
control plane
part of the router that is concerned with determining the path that should be used to forward a data packet
control plane
mechanisms utilized during the risk management process to reduce the ability of a threat to exploit a vulnerability, which would result in harm to the organization
controls; 3 types: administrative logical physical
involves the transmission of multimedia and data on the same network
convergence of network communications
a simple example of device authentication that is comprised by a text file used by Web sites
cookies
[ALE1 - ALE2] - CCM
cost benefit equation
a stream cipher that separates the keystream from the data to encrypt several blocks in parallel
counter
Any means of communication other than the standard channel of communication
covert channel
controversial name claimed by both black hat and white hat computer system intruders. White hats claim that only black hats should be called this
cracker
tricks the user's web browser, by issuing unauthorized commands, to perform undesired actions so that they appear as if an authorized user is performing them
cross-site request forgery
based on inserting a client-side script into a genuine website. This is possible due to poor application or website design, such as limited data validation in websites. Scripts are then executed on other hosts that access the same website.
cross-site scripting
The point at which a security system has an equal FRR and FAR
crossover error rate
the study of the techniques used to determine methods to decrypt encrypted messages, including the study of how to defeat encryption algorithms, discover keys, and break passwords
cryptanalysis
a science that deals with the encryption and decryption of plaintext messages using various techniques such as hiding, encryption, disguising, diffusion, and confusion
cryptology
involves everything in the cryptographic process, including the unencrypted message, the key, the initialization vector, the encryption algorithm, the cipher mode, the key origination, and the distribution and key management system as well as the decryption methodology.
cryptosystem
The text produced by a cryptographic algorithm through the use of a key or other method. The ciphertext cannot be read and must be decrypted prior to use
cyphertext or cryptogram
differ greatly from one organization to the next because each generates different types and volumes of data but generally, organizations opt to classify the most sensitive information first and work down to publicly available information
data classification process
a cloud vulnerability where company data may remain on cloud storage devices after a cloud size is reduced.
data clearing and cleansing
data that is currently in use or being acted upon by an application
data in process
data transmitted from one location to another
data in transit
the big data storage location where all of the raw data is housed until it is needed for mining or processing
data lake
estimated percentage of loss should a specific threat exploit the vulnerability of an asset
exposure
the harm or amount of loss that might be experienced by an asset during a risk event.
exposure factor
a condition where a known good user is denied access to the system. This is known as a false negative error
false negative
when no alert takes place, but actual malicious events are occurring
false negative
If an attacker is both identified and authenticated correctly and allowed into the system
false positive
Which term is used when an event triggers an IDS alert, but the event was not malicious?
false positive
designed as a shield to prohibit a device from transmitting or receiving radio signals.
faraday bag
allows users to be identified and authenticated to multiple networks or systems. like SSO but for multiple organizations
federated access or federation
an association of nonrelated third-party organizations that share information based upon single sign-on and one-time authentication of a user
federation
Windows New Technology File System (NTFS) allows filenames to extend up to 235 characters. These extremely long filenames are usually abbreviated on directory displays and in other presentations, thus hiding the fact that there may be a double file extension or other hidden filenames
file extension attack
A type of virus that specifically infects executable files to make them unusable or permanently damaged
file infecting virus
a single string of information collected from a remote computing device for the purpose of identification
fingerprint
a list of statements used to determine how to filter traffic and what can pass between the internal and external networks
firewall rules
known in the software industry as a rapid repair to an identified problem.
fix
a legal requirement for participants of a lawsuit to retain and preserve records and evidence
litigation hold
a technique of utilizing various servers and systems in an array to spread the workload
load-balancing clustering
a script or malware usually installed by a disgruntled employee or insider to cause harm based on a certain event occurring
logic bomb
very typical of the use of JBOD (just a bunch of disks) technology in the hard drive array. It may start small and grow larger as disks are added
loose coupled cluster
a database term that refers to recording transactions and creating a transaction log
journaling
trusted third party authentication
kereberos and certifications
when two different cryptographic keys generate the same ciphertext from the same plaintext.
key clustering
a shared master key that is used to encrypt and exchange session keys between two parties
key encrypting key
A virus created through the use of macro programs usually found in Microsoft Office applications
macro virus
What is the most significant risk when browsing the internet?
malicious mobile code
software specifically intended to cause harm
malware
a malicious actor is inserted into a conversation. At least one side of the conversation believes that they are talking to the appropriate or original party
man-in-the-middle
access control that labels the subject and object permissions are set by the operating system based upon the files classification
mandatory access control
TCP/IP Suite
maps to the OSI model Application maps to application, presentation and session Transport maps to transport Internet maps to network Network Access maps to data link and physical In TCP/IP the IP address provides the packet routing information and TCP provides the guaranteed delivery and request for resend for error correction.
Throughout a computer network there are a number of cache locations. Domain Name System (DNS) name servers and Address Resolution Protocol (ARP) make use of cache memory locations for short-term storage of information. Anytime erroneous information is placed into the cache or if the cache is corrupted
cache poisoning
a type of wireless implementation of a "guest logon page" used by many public wireless networks like a hotel can be quite dangerous because it may actually be the front for a very devious individual who is running a rogue access point
captive portal
refers to the fact that the device is listening to the media at all times. specifically listening for the transmission of other devices
carrier sense
contains a system of radio towers referred to as a cellular base stations and featuring directional radio transceivers and antennas to form of geographic cell. Each cell borders other cells to maintain continuous coverage over a large geographic area
cellular network
the technique of having one central authentication server providing user lookup services and allowing or disallowing access to the data and resources
centralized authentication
all keys are stored in a centralized storage location or key escrow
centralized key management
_____________ always contain the owner's public key
certificate
a trusted entity that obtains and maintains information about the owner of a public key. Issues, manages, and revokes digital certificates.
certificate authority
requires that a valid digital certificate be maintained on a machine or device from which the user authenticates
certificate-based authentication accomplished through a commercial certificate issued by certificate authorities (CAs) such as VeriSign or through internal corporate CAs managed by the organization
refers to a forensic principle whereby each movement or transfer of data must be recorded and logged appropriately. If this is disrupted by any means, evidence may not be presented in court
chain of custody
a system that records a request, processes requests, elicits a denial or authorization, and records the outcome of the change to a configuration item
change management
needs to ensure that any pre-existing interoperability capabilities are maintained or re-established after a change is implemented, especially if that interoperability is used as part of a core business function
change management
How does discretionary access control determine whether a subject has valid permission to access an object?
check for the user identity in the object's ACL
enables individuals to review the continuity plan or disaster recovery plan to ensure that all procedures and critical areas within their responsibility are addressed
checklist test
the process in which keys required to decrypt encrypted data are held in a secure environment in the event that access is required to one or more of the keys
key escrow
the process of securely distributing a key between one communication entity and the other
key exchange
has a direct impact on the amount of processing time required to defeat the cryptosystem the number of bits in the length of a key. So, a 128-bit key has 128 individual digits in its length
key length
the input required by a cryptographic algorithm
key or cryptovariable
Refers to a set of cryptographic keys. Refers to the public and private key in public key infrastructure (PKI) and in a asymmetric cryptosystem
key pairs
the process used to replace an old asymmetric key pair set with a new key pair set
key rotation
the number of keys that can be created based upon the key length in bits A key is a binary number used to control the encryption and decryption processes of symmetric encryption
key space
perform a large number of hashing calculations on the original key or password in an effort to increase the workload required to crack or break the key through brute force.
key stretching
program that usually incorporates a method of transmitting keystrokes to a remote location
keylogger
attacker has access to both the plaintext and the ciphertext. The goal of the attacker is to determine the original key used to encrypt the ciphertext
known plaintext attack
an individual should only have enough access to perform their job effeciently
least priviledge
Original botnets were linked by Internet relay chat (IRC), which was a number of Internet-connected computers communicating with other similar machines.
legal botnet
a disaster that is local in nature and affects only a small part of the operation
level 1
a disaster situation that affects a significant amount of the organization
level 2
a very serious situation requiring the relocation of IT operations to an off-premises alternate site
level 3
an estimate of the maximum time the business process may be down or offline before the organization becomes unable to recover
maximum tolerable downtime
the attacker has access to the encryption mechanism and the public key or the private key and can process ciphertext in an attempt to determine the key or algorithm
chosen ciphertext attack
the attacker has access to the algorithm, the key, or even the machine used to encrypt a message. The attacker processes plaintext through the cryptosystem to determine the cryptographic result.
chosen plaintext attack
a block cipher mode that combines or XORs plaintext messages with the initialization vector block by block
cipher block chaining
a stream cipher that consists of a number of different block sizes to encrypt one character at a time, bit by bit
cipher feedback
a standardized collection of algorithms that include an authentication method, encryption algorithm, message authentication code, and the key exchange algorithm to be used to define the parameters for security and network communication between two parties
cipher suite
Cloud providers, us charging methods that monetize the use of cloud services and assets. Not unsimilar to the charging methods utilized by utility companies, the cloud client pays for exactly what they use.
measured service
each node communicates with all of the other nodes. Mesh networks are redundant and usually very fast. They are referred to as "self-healing" because if one communication path fails, another communication path is immediately available
mesh technology network
every node is connected to every other node provides great redundancy and speed, usually at a very large expense
mesh topology
authentication and integrity verification mechanism similar to a hash code or message digest the sender encrypts a small block of data with a shared secret key
message authentication code
The output of a hashing algorithm that is always an established length based on the output specifications of the hashing algorithm
message digest
features the immediate writing of data to two different locations requires the use of two identical storage devices the most expensive type of backup/restoration system
mirrored backup
a corporate initiative that manages the growing use of Bring Your Own Device (BYOD) policies in the workplace. It addresses both the requirement of the organization for network security and the protection of corporate information as well as recognizing the desire for the organization's members to use their personal devices in the workplace
mobile device management
a site usually based in 18-wheeler trailers
mobile site
alternative processing plan ensures that an organization is split and divided amongst multiple physical locations instead of being housed in a single facility
multi-site
type of fiber-optic cable uses a much larger-diameter core than single mode. Light is allowed to refract and reflect, subsequently increasing the light degradation of signal loss. standard outer jacket color is orange
multimode fiber optic
attacks different parts of the host system, such as a boot sector, executable files, and application files. This type of virus will insert itself into so many places that, even if one instance of the virus is removed, many still remain
multipartite virus
five actions of an incident response plan
prevent, protect, detect, analyze, respond and resolve
activities used to avoid a threat
prevention
Three categories of of security
prevention detection and recovery
A term that describes the confidentiality of information in regards to peoples control over that information
privacy
10.0.0.0-10.255.255.255 172.16.0.0-172.31.255.255 192.168.0.0-192.168.255.255
private IP address ranges
cloud that is hosted within an organization and the general public is restricted from access.
private cloud
means a user or attacker acquires privileges they are not entitled to
privilege escalation
super-users or administrators who have an elevated level of rights, privileges, and access capability to applications and data
privileged account
network card is set in such a way that it accepts any packet that it sees on the network, even if that packet is not addressed to that network interface card.
promiscuous mode
test case, or prototype, is used to prove the veracity of an idea.
proof of concept
By encrypting a message with his private key, Bob has proven that he is the only person who could have sent the message. Logic follows that if Bob's public key can successfully decrypt the message, only Bob using his private key could have encrypted it. Therefore, only Bob could have sent the message
proof of origin
uses increased intelligence and packet inspection methodology to better protect the internal network. A ______ is always described as an intermediary between two systems, hosts, or networks. In effect, a ___________ isolates the internal network from the external untrusted network by intercepting communications
proxy firewall
Modern computers cannot create true random numbers. At some point numbers begin to repeat. Users of cryptographic systems must be very careful about the information source on which to base the random number generator.
pseudorandom number
hosted by cloud service providers and made available either as a free service or as a pay-per-use service
public cloud
consists of software, hardware, organizations, and trust architectures used to validate ownership of a public key by an individual or organization. effective because all of the parties involved trust the issuer of a digital certificate. The ownership of public keys is validated through the trust placed in a certificate authority.
public key infrastructure
this statement identifies a particular policy topic
purpose statement
a subjective valuation system in which asset value is determined based on other factors rather than accounting costs
qualitative risk analysis
a quality team tests how the application interacts with databases and other applications
quality acceptance testing
analyzing cost factors to determine the appropriate cost for protection of the asset, measured in $
quantitative risk analysis
concept takes advantage of the dual nature of light at the quantum level where it both acts as a wave and is a particle
quantum cryptography
a series of precomputed hash values along with the associated plaintext prehashed value Since passwords are stored on systems as hash values, if an attacker obtains access to the list of hashed passwords, they could process them against a _________to obtain the original password
rainbow table attack
pre-computed hash values intended to provide a reverse lookup method for hash values
rainbow tables
________________is the basis of most forms of cryptography. Without _________, most forms of modern cryptography would not be possible and cracking encryption would be significantly simpler. The use of ________________ increases the complexity of the ciphertext output. Thus it makes the act of cryptanalysis or cryptography cracking significantly more difficult. Without ___________, cryptography would be more predictable and thus much easier to break
randomness
malware often delivered through a Trojan attack that disables a system and advises the user to pay to release the system
ransomware
allows the subscriber to purchase additional capability based on user requirements
rapid elasticity
determine if the controls are installed and set up correctly, operating effectively, and meeting the risk mitigation requirements as established by the risk management plan for the system. (RMF)
step 4 assess
Authorization occurs when an acceptable level of risk is achieved based upon the implementation of controls. (RMF)
step 5 authorize
the ongoing assessment of the baseline operation of a control and its risk mitigation effectiveness (RMF)
step 6 monitor
the use of several storage servers managed and interconnected together to increase performance, capacity, or reliability
storage clustering
two major categories of data encryption for data-at-rest in the cloud
storage level encryption volume storage encryption
malicious code software that requires an action to reproduce. Usually attach themselves to executable programs and thereby reproduce and spread every time the executable is launched
virus
Typically email warnings concerning potential attacks. The spread of the email warnings actually creates a denial-of-service attack among many users
virus hoax
access control list that inspects data coming into a network, on a host computer, or currently in storage against a type of list called a signatures list
virus protection software
A specific identifiable string of characters that characterizes it as a virus or family of viruses
virus signature
usually carried out by sending a fake email that instructs the target to call a specific phone number
vishing
a technique of representing complex data in a visual form rather than a tabular form such as a list.
visualization
any flaw or weakness that may be attacked or exploited by a threat
vulnerability
provide the ability to scan a network and search for weaknesses that may be exploited by an attacker.
vulnerability scanner
The marking of symbols to advertise the availability of Wi-Fi networks and to indicate whether they are open
warchalking
The act of searching for wireless communications by driving through an area using antennas, software, and a portable computer
wardriving
a computer facility that is contractually available and has some power, heating, ventilation and air-conditioning, connectivity, and basic networking equipment.
warm site
all members have an equal share in trust relationship
web of trust
only entities such as a source address, a destination address, and a packet type may be allowed access. Anything not on the list is denied
whitelist
each node is immediately available and can forward messages to other nodes. Can be implemented in an ad hoc communication relationship.
wireless mesh network
data that is sitting in storage
data at rest
cryptography concept that is based on trap-door, one-way functions
Asymmetric
information confidentiality. It does this by enforcing security through two rules called no read up and no write down
Bell LaPadula
Uses the initials of the creators, Carlisle Adams and Stafford Tavares, and is available for royalty-free use symmetric algorithm
CAST
The version of Advanced Encryption Standard (AES) that is used by WPA-2
CCMP (Counter Mode Cipher Block Chaining Message Authentication Code Protocol)
paid to infiltrate systems, break applications, and create reports concerning their activities. These individuals conduct penetration tests under strict guidelines and contractual relationships for the benefit of their employer
CEH (certified ethical hacker), aka white hat hacker
involves the communication of a random challenge number from the server to the connecting client. The client then processes the random number along with the hash of the user's password to create a response. The response is sent to the server. The server computes the expected response. If the submitted response from the client matches the expected response exactly, then the user is authenticated
CHAP (challenge handshake authentication protocol)
three main components of a smart lock or an electronic access control (EAC) lock
Credential reader, locking mechanism, door closed sensor
Spreading knowledge and experience across multiple workers to perform mission critical tasks
Cross training
symmetric cryptographic algorithm broken in 1999 replaced by AES in 2002
DES (data encryption standard)
a different logical address is given to a host at each logon
DHCP (Dynamic Host Configuration Protocol)
allows users to apply encryption to individual files, directories, or the entire drive...........only available on hard drives and USB drives formatted with Microsoft New Technology Filesystem
EFS (encrypting file system)
the bulk encryptor of an IPSec VPN. Uses the keys managed by IKE
ESP (Encapsulating Security Payload)
the encryption mechanism in IPsec. It provides for a header and a trailer that encapsulates the packet. Within the header are various fields that include authentication as well as integrity for the packet.
ESP (Encapsulating Security Payload)
a contractual agreement presented when a software application is installed.
EULA (end-user license agreement)
Diffie-Hellman key exchange algorithm could be extended to support an entire public key cryptosystem used for encrypting and decrypting messages Advantage this had over RSA is that it was made freely available to the public
ElGamal
implemented by assigning a job name label to subjects
RBAC
replaced WEP in 2003
WPA
a physical asset
tangible
defines the identification, maintenance, and risk protection of hardware or information assets.
asset management
the cost (in dollars) that can be lost if a risk event happens
single loss expectancy
a technology that was implemented by Microsoft to customize controls, icons, and other features to increases the usability of web-enabled systems prescreened prior to downloading using Authenticode certificates to identify and authenticate the author
ActiveX
a list that specifies the actions that a user or system is granted to perform
ACL (access control list)
Rijndael cipher makes use of a 128-bit block size in three different wavelengths of 128, 192, and 256 bits symmetric algorithm
AES (advanced encryption standard)
responsible for establishing the initial connection and the authentication of end-points. Uses the keys managed by IKE.
AH (authentication header)
supports access control, packet origination authentication, and connectionless integrity.... used with IPsec and provides authentication of the sender as well as an integrity hash of the packet
AH (authentication header)
formula used to calculate the total amount of potential risk calculated for a single asset and a specific threat.
AV * EF * ARO
formula for calculating annualized loss expectancy
AV x EF x ARO = ALE
defines the acceptable use of organizational hardware and information assets
Acceptable use policy
OSI model
Application, Presentation, Session, Transport, Network, Data Link, Physical
What is the new technique of controlling access to the content of big data information collections?
Apply security controls to the output of data-mining operations.
an application that distributes the workload of processing the data across a large number of virtual machines
MapReduce framework
an individual at a certain security level may not read information at a lower level and the individual may not create (write) information at a higher level than their security level
Biba model
Provides good encryption rates with no effective cryptanalysis symmetric algorithm
Blowfish
if a business is providing different services for the same client, each branch or department is isolated from the other with no knowledge of the other departments' activities
Brewer Nash model
a program whereby the organization owns and controls the device while the user may use the device for personal purposes as well as business activities1
COPE
a document crafted and published by certificate authorities (CAs) which detail the standards, process, practices, and algorithms they use in their certificate operations
CPS (certificate practice statement)
evidence from the most volatile to the least volatile
CPU, cache, and register contents Routing tables, ARP cache, process tables, kernel statistics Random access memory (RAM) Temporary file system/swap space/page files Data on hard disk Network archive data/storage area networks/network attached storage Remote-based cloud storage Data contained on archival media, disk-based backup, tape-based backup, USB drives
Certificates that have been compromised or have expired are placed on __________
CRL (certificate revocation list)
a media access control protocol used to announce that a device is wishing to transmit on the media. The device will transmit or broadcast a tone prior to transmission. The tone is referred to as a jamming signal and will be received by all other devices connected to the media. After waiting a brief interval to ensure that all other devices are aware of the device's desire to transmit, the device begins transmitting
CSMA/CA
As in CSMA, a device may begin transmitting at the same time another device transmits. When this happens, two frames will be transmitted simultaneously and a "collision" will occur. Each of the two devices will wait a random period of time and then retransmit. The random timer prohibits each of the two devices from immediately retransmitting and causing a collision once again
CSMA/CD
This model enforces data integrity by checking, screening, or formatting data prior to it being placed in the object, such as a database
Clark Wilson model
levels included in the commercial business/private sector data classification
Confidential Private Sensitive Public
What makes up the CIA triad?
Confidentiality Integrity Availability
incident response information that should be recorded
Date and time of incident Type of incident or incident level Incident summary Incident discovery information Actions taken by individuals Contact information for individuals involved After-action report
The two participants each create two numbers. One number is kept secret while the other number is exchanged in the clear with the other participant. These numbers are used in the mathematical function and will result in both participants arriving at the same final number. The final number will represent a shared secret key.
Diffie Hellmann
a means by which a symmetric key is securely exchanged over an insecure communication medium when both sides of the communication do not have key pair sets
Diffie-Hellmann
based on a series of one-way operations that prevent any middle-man eavesdropping attacks from being able to predict the resultant exchanged symmetric key
Diffie-Hellmann
a program designed to change the risk culture from reactive to proactive and accurately forecast and mitigate the risk on any key programs
Enterprise Risk Management (ERM)
the first action to take during incident response?
Follow the procedures in the incident response plan.
EU law that is the successor to Directive 95/46 EC and is intended to unify the data protection personal information rights within the 28 European Union member states
GDPR (General Data Protection Regulation)
United States federal law concerning banking regulations, banking mergers and acquisitions, and consumer privacy regulations
GLBA (gramm leach bliley act)
a secret key is appended to the original message and then hashed by the sender. The original message and the _____ value are then sent separately to the receiver.
HMAC (keyed-hash message auth code)
Mali uses an authentication token that requires her to push a button each time she wishes to login to a system. What type of token is she using?
HOTP
stores and maintains data in a very large format system
Hadoop distributed file system
encryption progression for wireless products
Here is a simplified summary of the encryption progression for wireless products: Wired Equivalent Privacy (WEP) came first and was ultimately broken by a bad implementation of RC4. The Wi-Fi Alliance introduced Wi-Fi Protected Access (WPA) as an intermediate measure, which uses the Temporal Key Integrity Protocol (TKIP) for security. Wi-Fi Protected Access II (WPA2) replaced WPA and has become the IEEE 802.11i standard, which consists of the AES algorithm operating in counter mode and is referred to as the Cipher Block Chaining Message Authentication Code Protocol (CCMP).
security practitioner can send a ping message to a device to determine if it is working
ICMP (Internet Control Message Protocol)
submitted as a possible replacement for DES. It operates using a 120-bit key on 64 bit blocks. During encryption it performs eight rounds of calculations. It is currently unpatented and free for public use. symmetric algorithm
IDEA (international data encryption algorithm)
The IPsec protocol requires that a symmetric session key be available for encryption purposes.
IKE (internet key exchange)
component of IPSec that handles key generation and distribution
IKE (internet key exchange)
a versatile Internet security protocol that is based on an established connection from host to host in transport mode or network to network in tunnel mode can provide communications between two hosts (transport mode), between two security gateways or routers (tunnel mode), and between gateway and host (network to host) Often used with tunneling protocols like L2TP to provide encryption
IPsec
address space of 32 bits vs an address space of 128 bits
IPv4 vs IPv6 addresses
component of IPSec which provides for the support of multiple simultaneous VPNs
ISAKMP (Internet Security Association Key Management Protocol)
examines products and approves them based on testing
ISO
a group of standards that offers guidance to IT security management organizations
ISO 27000
a security code of practice and guidelines for IT security management
ISO 27002
a framework based upon a broad scope of various factors within the organization
ISO 27005
primarily monitors the organization's applications, databases, websites, servers, and networks
ISOC (information security operations center)
adds to the power of a password or key so that the same text encrypted by the same key will not create the same ciphertext. It creates complexity during the encryption process.
IV (initialization vector)
the cloud provider supplies the capability of creating cloud based networks utilizing standard or virtualized networking components
IaaS
the practice of applying certain policies during the creation and maintenance of information
Information Life Cycle Management
the guarantee that the user or subject has been proven to be who they say they are
assurance of accountability
By design, these are always created in a sandbox in which to execute an __________ on a client machine. This prohibits the _________ from being able to attack either the host machine or an application.
Java Applets
download into a sandbox and execute in a protected environment where they cannot affect the underlying applications or hardware environment
Java Applets
Periodically changing roles to prevent one person from having full control of a critical position
Job rotation
security procedures for every network device
Keep the firmware upgraded Change the default password Use advanced configuration settings Establish a baseline Create configuration backups
allows single sign-on in a distributed environment. An attractive feature is that it does not pass passwords over the network. The design is also unique in that most of the work is provided by the host workstations and not the server. uses a key distribution center (KDC) to maintain the entire access process the KDC authentication server authenticates (steps 1 and 2) the principal (which can be a user, a program, or a system) and provides it with a ticket-granting ticket, or TGT (step 3). After the ticket-granting ticket is issued, it can be presented to the ticket-granting server, or TGS (step 4) to obtain a session ticket to allow access to specific applications or network resources The ticket-granting server sends the user the session ticket granting access to the requested resource (step 5). The user then presents the session ticket to the resource requesting access (step 6). think of the amusement park example; buy a ticket to get in, then buy ticket to ride rides etc.
Kerberos
Microsoft and Cisco have reached an agreement to combine their respective tunneling protocols into one protocol.....a combination of PPTP and L2F.........does not provide security encryption, so it requires the use of such security protocols as IPsec to provide end-to-end or tunneling encryption.........uses UDP and port 1701 for connections.
L2TP (layer 2 tunneling protocol)
a standardized directory protocol that allows queries to be made of a directory database. microsoft implementation is Active Directory (AD). operates at port 389
LDAP (lightweight directory access protocol)
was created by Cisco as a method of creating tunnels that do not require encryption. Used primarily for dial-up connections......provides authentication only.......uses port 1701
LDF (layer 2 forwarding)
TCP/IP aka
Link - physical and data link Internetworking - network Host-to-host - transport Process - session, presentation, application
a perpetrator will bring something to the scene and take something with them when they leave
Locards principle
controls to keep digital threats at bay
Logical Access Control
A term that refers to the minimum amount of people to perform a highly sensitive action.
M of N control multiple agents with the capability (M), and the minimum number of these agents (N) in order to perform the task
determines which objects a subject can access through the use of classification labels
MAC (mandatory access control)
physical address of the directly connected device and consists of a manufacturer's identification as well as a unique number identifying the device
MAC address (media access control)
a method whereby known MAC addresses are allowed and those that are not wanted are not allowed on the network sometimes used as a method of determining which Wi-Fi user may enter a network. Because Mac addresses can be spoofed, it is not 100 percent reliable
MAC filtering
very large geographic network that connects groups of smaller networks or connects directly to end users
MAN
a tool that can scan a system and find missing updates and security misconfigurations. It can be used to determine the security state of a PC in accordance with Microsoft security recommendations and offers specific remediation guidance
MBSA (Microsoft baseline security analyzer)
the transfer of data to, from, and between clouds securely and reliably regardless of data file size
MFT (managed file transfer)
a collection of information stored in a database of network devices such as routers, switches, and servers and can be accessed using SNMP
MIB (management information base)
an agreement between parties as to facts, conditions, parameters, or intents. However, it is not a legally binding contract
MOU (memorandum of understanding)
what is the best security mechanism to minimize risk when browsing the Internet
Minimizing support of mobile code
a technology that uses a set of protocols to enforce a policy for endpoint access to a network
NAC
will quarantine any system that is out of compliance with the baseline established for the network
NAC (network access control)
used to extend the number of usable Internet addresses. primarily performed by a firewall or router at the boundary or outer parameter of the network. The firewall or router translates the extra traffic IP addresses to a nonroutable internal IP address.
NAT (network address translation)
a popular vulnerability scanner that checks for misconfigurations, default passwords, and the possibility of hidden denials of service. In operation, determines which ports are open on the target and then tries various exploits on the open ports.
Nessus
software application for probing computer networks, providing detection and discovery of hosts and services running on ports, and determining operating systems. In operation, sends special packets to target nodes and analyzes the response.
Nmap
Internet protocol used to determine the status of a certificate. At any time a party to a transaction may verify the status of a certificate by issuing a request to a _____ server
OCSP (online certificate status protocol)
provides a variety of services so that the application data can be transmitted across the network. This layer may also provide access control methodology, such as identification, authentication, and availability of remote applications; hashing for integrity; and the checking of digital signatures.
OSI Application Layer 7
addresses traffic to a physical link address......... switches operate here.......data information is formatted as frames.......concerned with directing data to the next physically connected device.
OSI Data Link Layer 2
determines the routing of data across a network utilizing a logical address referred to as an Internet Protocol (IP) address devices such as routers read the destination IP address and make use of a routing table on the router to determine the next device in the network to send the packet....moves data as packets
OSI Network Layer 3
All of the physical connections to the network are found at this layer...........All data is represented by bits; and the 1s (ones) and 0s (zeros) become a voltage or flash of light or maybe even a modulated radio signal............cables, connectors, interface cards, network taps, hubs, fiber-optic cables, and repeaters operate at this level..........where we connect everything together using wires, radio signals, or fiber optics.
OSI Physical Layer 1
sometimes referred to as the translation layer because of the change in data at this layer..........For instance, an IBM application may provide data which is formatted using the Extended Binary Coded Decimal Interchange Code (EBCDIC). The receiving application may require the data to be presented to it in American Standard Code for Information Interchange (ASCII) code
OSI Presentation Layer 6
maintains an open logical communication line between the two host machines. The analogy may be similar to maintaining an open telephone line
OSI Session Layer 5
moves data packaged in segments..........provides end-to-end and reliable communications services and includes error detection and recovery methods. Two primary protocols are utilized at this layer; UDP and TCP.........if one host machine receives a message that it does not understand, it can request for the information to be resent
OSI Transport Layer 4
may also be used to hide the internal network. Where NAT can use a number of public IP addresses, this uses a single external address and shares the port with the entire network. Because it uses only a single port, it is much more limited and typically used only on small and home-based networks
PAT (port address translation)
provides for e-mail confidentiality through random symmetric keys and use of public keys
PGP (pretty good privacy)
supports encapsulation in a single point-to-point environment a favorite protocol for network communications, one of its major weaknesses is that all channel negotiation is done in the clear. After the tunnel is created, the data is encrypted. Developed by Microsoft, it is supported on most of the company's products. It is assigned to port 1723 and uses TCP for connections
PPTP
provides the user with a virtual computer
PaaS
restrict access to physical components
Physical Access Control
A measure of satisfaction of the overall user experience of the computer network or transmission medium refers to the prioritization of some packets over others. This affects the quality and user experience with regard to VoIP and multimedia on a congested network
QoS
What standards-based technology is supported on most platforms and is used as a remote authentication service
RADIUS
a protocol and system that allows user authentication of remote and other network connections
RADIUS (Remote Authentication Dial-In User Service)
a method of storing data across several different hard disks. Using this system, data is written to a series of hard disks in such a manner as to provide either speed or data redundancy
RAID (redundant array of independent disks)
This configuration stripes data across multiple hard drives. The benefit is speed and access. There is no data redundancy
RAID 0
This configuration features writing identical data to two different storage locations such as cloud storage or local hard drives. It offers a simple data redundancy configuration by having identical information written to two different locations
RAID 1
This configuration stripes data across multiple disk drives at the bit level. It is difficult to implement and generally not used.
RAID 2
This configuration stripes data across multiple drives at the bit level and uses a separate disk drive for the parity bit. This RAID level is rarely used.
RAID 3
This configuration is similar to RAID-3, but it stripes data across multiple drives at the block level. It also uses a separate disk for the parity bit. very rarely used in a production environment
RAID 4
Uses a technique of striping data across multiple drives and incorporating the parity bit on each of the drives. If a drive fails, the data may be reconstructed using the data and parity bit contained on the other drives. A minimum of three drives must be used in this implementation.
RAID 5
Using this technique, the system writes data to separate hard disk drives. Requires writing data to two disks at the same time.
RAID mirroring The advantage to mirroring is data redundancy. The disadvantage is that both drives must write at the same time, thus reducing the writing speed
performed by adding a separate bit to the data to provide data integrity
RAID parity
a method of writing information to all disks at the same time
RAID striping The advantage of striping is speed because a part of the information is written to each disk at the same time
very popular software stream cipher was the backbone of several encryption protocols, including SSL/TLS, Wired Equivalent Privacy (WEP), and Wi-Fi Protected Access (WPA). has known weaknesses and major organizations have recommended disabling it symmetric algorithm
RC4
Consists of a variable block size of 32, 64, or 128 bits and a variable key length from 0 to 2040 bits symmetric algorithm
RC5
routing protocol that makes routing and forwarding decisions based on a metric derived from the number of other routes than must be crossed to reach a destination
RIP (routing information protocol)
part of a business continuity plan. It is the date or time of the last known good data that can be used as a backup to restore systems
RPO (recovery point objective)
the amount of data loss that can be experienced before the loss is too great to survive as an organization
RPO (recovery point objective)
the estimated time by which the affected process will be restored. or used to determine the maximum time a data recovery process will take.
RTO (recovery time objective)
What is the best means to restore the most current form of data when a backup strategy is based on starting each week off with a full backup followed by a daily differential?
Restore the initial week's full backup and then the last differential backup before the failure.
a commercially available network security scanner that provides advanced vulnerability scanning across the network, the Web, and virtual and database environments. Used to continually monitor the network environment, it may be used to detect vulnerabilities on a real-time basis and recommend remediation based on risk analysis of critical assets.
Retina
provides end-to-end protection of email messages
S/MIME
provides each party with the symmetric session key. Each party will also agree upon the encryption algorithm to be utilized during the session.
SA (security association)
a security clearance stating you are part of a special program that has highly sensitive information
SAP (special access programs)
a security clearance stating you have been "read on" to a specific information set
SCI (sensitive compartmented information)
refers to the virtualization of networking, which grants more control and flexibility over networking than using the traditional hardware-only means of network management
SDN (software defined network)
a virtualization methodology in which the actual data flow across the network is separated from the underlying hardware infrastructure and allows networks to be defined almost instantaneously in response to consumer requirements.
SDN (software defined networking)
the central operational application that allows network administrators to design the virtualized network system using underlying hardware infrastructure
SDN controller
SHA-224, SHA-256, SHA-384, and SHA-512
SHA-2 family members; each includes the hash digest bit length output in their name, SHA-3 is the same way and with the same bit length numbers
provide real-time logging and analysis of security events
SIEM
software products are combined with hardware monitoring devices to provide real-time analysis of security alerts
SIEM (Security Information and Event Management)
detailed view of the network device(s) monitor network usage and performance, user access, and detect potential or existing network faults
SNMP (simple network management protocol)
when enabled, collects the management information database from the device locally and makes it available to the SNMP manager when it is queried
SNMP agent
a computer that is used to run one or more network management systems
SNMP manager
a document issued by NIST with recommendations and guidance for federal agencies.
SP (special publications)
a unique value assigned to a communication between two parties. It is a tag that identifies preselected encryption rules and algorithms when more than one transmission session is being conducted.
SPI Security Parameter Index
a tunneling protocol that uses encryption to establish a secure connection between two systems........provides an information exchange protocol for such standards as Telnet, FTP.........assigned to port 22 and uses TCP for connections
SSH (Secure Shell)
a form of VPN based on a Transport-layer standard for encryption that is commonly used for Application-layer protocol protection
SSL VPN
utilizes symmetric cryptography after a handshake session during which secure key material (a random number) is sent from the client to the server using the asymmetric public and private keys of the server. The SSL/TLS communication is always set up between the server and the Internet browser on the client.
SSL and TLS (successor to SSL)
makes available a software application that is hosted on a remote server and made available on demand by the user
SaaS
component of the trusted computing base consisting of hardware, software and firmware elements that implements an authorized control list (ACL) database
Security Kernel
Which disaster recovery/emergency management plan testing type is considered the most cost-effective and efficient way to identify areas of overlap in the plan before conducting a more demanding training exercise?
Structured walk-through
4 components of a public key infrastructure implementation
Symmetric encryption, asymmetric encryption, hashing, and digital certificates
operates in a similar manner to RADIUS. It is a central point for user authentication.....widely implemented by Cisco
TACACS+ (Terminal Access Controller Access Control System)
referred to as connection-oriented because it provides guaranteed and reliable communication between devices on the network. requires that the receiving host acknowledge every packet that it receives. Packets may be received out of order and may be re-sequenced by the receiving host
TCP (transmission control protocol)
utilizes a dynamically changing 128-bit key for every packet
TKIP (temporal key integrity protocol)
dedicated microprocessor that is mounted on a device's main circuit board and serves as a cryptoprocessor provide services for: Trusted Boot Protection Encryption Key Storage Password Protection Device Identification
TPM (trusted platform module)
three-way handshake used for a TCP session
The first step of the handshake is where the host sends the server a packet with the SYN, or synchronize, flag turned on or "set." The server responds with a packet that has both the acknowledgment ACK and SYN flags set. Finally, the host responds with a packet that has the ACK flag set. At this point, the TCP session has been established
What is the prime objective of code signing?
To verify the author and integrity of downloadable code that is signed using a private key
Access control which prevents one person from performing an action by separating each task i.e. two people needing to turn a key at same time in order to launch a missile
Two man rule
Uses 128-bit blocks in a key structure of 128, 192, or 256 bits, and is less popular than Blowfish symmetric algorithm
Twofish
referred to as a connectionless protocol. Connectionless refers to sending information without first verifying that the connection exists between the hosts ideal for transmission of voice or media
UDP (user datagram protocol)
may be considered as a network of interconnected hosts that act as if they're connected physically even though there is no such connection between them. differ from subnets in that they do not provide security
VLAN
VLANs that are created through a switch are not natively secure because the data within one VLAN could possibly be exposed to other network segments. Attack that could be the result of this
VLAN hopping
the result of an attack upon a virtual machine whereby the attacker is successful in bouncing out of or escaping the virtual environment and controlling the hypervisor
VM escape
a private network connection that is established through a public network
VPN
a converged network communications concept includes support for real-time chat, video conferencing, voice and video mail, and file exchange
VoIP
used to regulate traffic to and from web servers and specialized web applications. It utilizes specialized rules such as content filtering, access control, and intelligent rulesets that are customized specifically for the web application operates at layer 7 of OSI model protects against content-based attacks such as cross site scripting (XSS), injection attacks, and HTTP forgery attacks.
WAF (web application firewall)
a network node that converts wired network packets into wireless communications. They may be mounted on ceilings, on walls, or on desktop devices.
WAP
used to mitigate the possibility of rogue access points
WIPS (wireless intrusion prevention system)
used to mitigate the possibility of rogue access points in wireless deployments
WIPS (wireless intrusion prevention system)f
utilizes standard short-distance cellular radio transmitters, receivers, and transceivers (cellular telephones, laptops, and cellular-enabled devices) to communicate to wired LANs through access points
WLAN
utilizes radio transmitters and receivers to communicate to wired LANs through access points or directly to wireless endpoints. eliminates the requirement for the leased lines of a MAN
WMAN
uses Advanced Encryption Standard (AES) as the encryption algorithm utilizes AES operating in counter mode with a 48-bit initialization vector. A significant cryptoanalysis Work Factor (WF) is required to brute-force crack the algorithm password release in 2004
WPA2
utilizes standard cellular radio transmitters, receivers, and transceivers (cellular telephones, laptops, and cellular-enabled devices) to communicate to wired LANs through access points or directly to wireless endpoints
WWAN
intended as a much stronger and robust geographically based system covering a much larger physical area than Wi-Fi covers
WiMAX
certificate standard used by PKI
X.509 v3
specifies a standard for the public key infrastructure Certificate revocation lists as well as the structure of a trusted system of certificate authorities are included in _________
X.509 version 3
managed device
a part of the network that requires some form of monitoring and management, such as, for example, routers, switches, servers, workstations, printers, UPSs, and other devices
the main benefit or distinction of symmetric encryption
a single shared key can perform both encryption and decryption operations
determine if the current account access rights and privileges match the current role and requirements of the existing position
account audit
a procedure undertaken immediately upon resignation or termination of an account owner
account deactivation
an organized disassembling of rights and privileges of the user account
account deprovisioning
refers to the access enabled or available for any user account
account entitlement
verifying that the account belongs to the stated individual through the use of various authentication tests and audit techniques
account proofing
verifies that only the authorized person is able to use a specific user account
account/identity proofing
this statement identifies who are responsible for compliance
accountability statement
form of monitoring which involves the injection of packets into communications in order to measure performance of various elements in the network
active monitoring
provides for communication between two or more endpoints where no centralized access point is involved
ad hoc mode
refers to continuous hacking processes often carried out by rogue governments or nation states against other nations, organizations, or large businesses
advanced persistent threat
a type of spyware that, while making an advertising statement or showing a banner, solicits clicks from the end user. When the user clicks the banner, a Trojan or virus is be downloaded immediately, infecting the user's machine
adware
a networking term that describes how an internal network can be totally isolated from the outside world. With no connections in or out of it, there is a complete isolation zone around the network perimeter
air gap
refers to the technique of maintaining a host, network, or electronic storage mechanism that is physically separated from the outside world (Internet) by not having any inbound or outbound connections
air gap
a mathematical function that produces a binary output based on the input of either plaintext or ciphertext
algorithm
constructed in such a manner as to be highly resistant to removal by anti-malware software
armored virus
should be no closer to the original site than 20 miles
alternate site proximity
the total cost (in dollars) for all of the SLEs occurring during the year
annualized loss expectancy
the probability of an event occurring during a year. 100% is equal to one even a year
annualized rate of occurrence
the best answer for the security tool which is used to detect KNOWN examples of malware
anti-virus/anti-malware software
log contains various events logged in real time by applications, databases, or other programs. It is generated by many applications that will be recorded in the application log
application log
utilizes two keys: a public key and a private key. Either key can be used to encrypt or decrypt a message. A message encrypted with the user's public key can be decrypted only by the user's private key and vice versa. This process is very slow
asymmetric algorithm Rivest, Shamir, and Adleman (RSA) Diffie-Hellman ElGamal Elliptic curve cryptography (ECC)
two different but mathematically related keys are used. Each user has both a public key and a private key. The private key can be used to mathematically generate the public key. This is a one-way function. It is mathematically infeasible to determine the private key based only upon the possession of the public key. On many occasions, both keys are referred to as a key pair. It is important for the owner to keep the private key secret
asymmetric key
Digital certificates are based on what type of cryptography?
asymmetric public key
SQL injection
attacker inserts a SQL escape character, a combination of SQL characters, or part of the SQL script into a website form field. If the form field offers limited data validation, the insertion may return database information or an error code, which may be useful to the attacker.
this statement identifies a target group
audience statement
offer crucial information about the actions and activities on an organization's network
audit logs
What security task is performed when a CA issues a certificate?
authentication
represents the source of information presented for either identification or authentication
authentication factor
what mechanism performs identification claims?
authentication factor
makes or defines the determination as to what attributes of a subject or object determine whether access is granted or denied
authorization policy
this statement identifies the individual responsible for the policy
authorization statement
originally allowed the programmer access to the application around the normal access controls Usually delivered by Trojan malware, a Trojan payload installs a malware application that creates the ___________ or access port, for the attacker.
backdoor
term used when LIMITING the amount of network traffic a specific protocol or application is allowed to generate or consume in order to keep the remainder of the network's capacity for other communications
bandwidth throttling
Data transmitted that occupies the entire frequency range of the media. No other data is transmitted concurrently.
baseband
an established criteria for measuring normal events as well as normal activity and traffic on the network
baseline
A baseline may be established as the normal or minimal criteria that must be met by the policy.
baselines
Systems that allow public access and that are hardened against attack
bastion host
IDS and IPS utilize four methods of network monitoring
behavior based detection signature based detection anomaly based detection (similar to behavior based) heuristic based detection
detection mechanism that recognizes various software behaviors and matches them to a library of expected behaviors of known harmful software
behavorial-based detection
primarily against a hash value in that it is easier and faster to determine collisions based on two plaintext messages equaling the same hash value than it is trying to determine the original plaintext for a given hash value. This attack relies on the statistical probability that two events will happen at the same time and that it will be faster to achieve a result using that method rather than having to exploit every possibility such as using brute force
birthday attack
ensures that every bit is recorded correctly during an investigation
bit copy software technique
Prior to analysis, data should be copied from a hard disk utilizing....
bit-by-bit copy software
everything you wish to deny must be listed
blacklist
An algorithm that works on a fixed block of characters. Generally utilize standard block sizes such as 128, 192, 256, or 512 encrypts one entire block at a time
block cipher (block algorithm)
A form of a Bluetooth attack in which the attacker accesses and uses all phone features.
bluebugging
Uses Bluetooth to send unsolicited messages to Bluetooth-enabled devices such as mobile phones, tablets, and laptop computers.
bluejacking
The unauthorized use of Bluetooth to access information from a wireless device.
bluesnarfing
This type of virus infects the storage device's master boot record
boot sector virus
term used in virtualization to describe a networking configuration for guest OSes
bridging
Cloud services, whether private cloud offerings within an organization's IT department, non-fee-based free public clouds, or subscription-based services offered by large cloud providers, all include ease of access and use normal network connections
broad network access
popular with cable television and networking providers, is used to multiplex a very large number of signals on a single media.
broadband
all possible keys are tried until one is found that decrypts the ciphertext
brute-force attack
occurs when more data is placed into a memory location, referred to as a buffer, than the memory location can accept
buffer overflow
one of the earliest and most commonsense designs for local area network layout and design. Featured terminators at each end, and computer hosts as well servers were connected to the wire through what was known as "drops."
bus topology
a set of procedures, programs, and supporting plans that have been established to maintain the operations of the organization in the event of disruption or interruption
business continuity plan
first step in creating a business continuity plan. all assets are identified and possible threats categorized performed to determine the resulting impact to the business of the full or partial loss of an operational functional unit of the business
business impact analysis
the threat evaluation process performed when designing a business continuity plan (BCP) or disaster recovery plan (DRP) evaluates risk in light of work process and is similar in nature to the technique used when designing security policies
business impact analysis
How does IPSec verify that data arrived at the destination without intentional or accidental corruption
by using a randomized hashing operation known as HMAC. Hash-based Message Authentication Code (HMAC)
responsible for the actual transmission of traffic to the next device along the path toward the destination. The ___________ is also known as the forwarding plane. The ____________ is the actual transmission of packets through a router or switch
data plane
If you need to change cloud systems, this allows you to extract your data from one system and import it into another
data portability
every server or application is required to verify the identification and authentication of the user requesting access
decentralized authentication
The end user's private key is always kept private, so they are the only entity in possession of it.
decentralized key management
the art and science of reading various dots and dashes produced by an electromagnetic Morse code receiver or by visually identifying flag signals or flashing signal lights
decoding
Ciphertext is processed through an encryption algorithm using a reverse process, which results in plaintext
decryption
the use of multiple devices from different vendors to enhance security
defense diversity
refers to the use of a number of controls placed in sequence through which a threat must penetrate.
defense in depth or layered security
A term that describes the violation of non-repudiation
deniability
this statement identifies the items and actions directed by the policy
detail statement
activities used to identify a threat
detection
What is the primary benefit of a security camera for physical security
detective
commonly used in a brute-force attack against passwords
dictionary attack
A full backup may be created once a week, then daily backups must be made of the transactions for each day. But this type of backup records all of the transactions since the full backup
differential backup
the study of changes in information as it is processed through a cryptographic system
differential cryptanalysis
increases the complexity of an encrypted message. process of encryption in which the entire hash output for each character modification of the original message is changed
diffusion
created when a subject's public key is signed by a CA's private key
digital certificate
Would you agree with me that if a public-key is public, therefore anyone can access it? Also, if there is a piece of information that everybody can access, doesn't it therefore make sense that someone might be able to fake this piece of information? This is the exact problem that we have in public-key cryptography, which uses both public and private keys. What if Amazon wasn't really Amazon, or Sears wasn't really Sears? The question is, how do I know that you are the real owner of the public key? There must be some way of branding your name on a public key so that absolutely, without a doubt, it links you or "binds" you to that key. There should be no doubt that you own that key
digital certificate these certificates solve this problem A digital certificate is like a notary public of the cryptographic world. A third-party verifies that the public key is yours and that you are in fact you. As long as everyone trusts this third party, the system works.
the primary method of authentication in a typical PKI deployment
digital certificates
widely used to sign messages. Provides both proof of origin (and therefore nonrepudiation) and message integrity does not provide confidentiality
digital signatures
identification data that is covertly included in either image data or audio/video data. May be used to verify the authenticity or integrity of an object file or to indicate the identity of the owners
digital watermark
Designed to force or direct a radio signal in one direction.
directional antenna
a type of web attack using HTTP in which the attacker escalates their privileges to climb to a parent directory, or higher-level directory, out of the original website directory
directory traversal
a documented set of procedures used to recover and restore IT infrastructure, data, applications, and business communications after a disaster event
disaster recovery plan
What is the type of access control in the default access control method found in Microsoft Windows which allows users to share files?
discretionary access control
features two extensions within a filename, but only the final file extension is operative
double file extension attack
attackers have already identified the target and either jam the target with powerful conflicting signals on the 2.4 GHz and 5.0 GHz bands, thus disrupting communications, or attempt to intercept communications
drive-by attack
an access mechanism whereby two individuals must work together to gain access
dual control
contains two network interface cards (NICs), one connected to the external network and one connected to the internal network
dual-homed firewall *dual or multihomed always refers to the use of two or more network interface cards on a device
ensures an activity is performed correctly
due diligance
Ports 49152-65535
dynamic or private ports
dynamically detect malware and are described as an anti-malware protection system...........used to monitor and protect network, email, endpoint, mobile, and content assets
dynamic threat analysis appliance
a legal tool used by opposing counsel to obtain requested information that may contain evidence or other useful information for a lawsuit. It is not the information itself. It is the process of obtaining the information
eDiscovery
the legal process by which law enforcement officials, including attorneys, can make formal requests, sometimes with a search warrant, to obtain digital information in relation to a legal action, investigation, or court proceeding
eDiscovery
a block cipher mode that uses very short messages usually smaller than 64 bits
electronic codebook
another name for transmitting data offsite to either a physical storage location or a cloud storage location
electronic vaulting
detection of potential threat realization (i.e. compromise attempts)
elevated
a method of applying discrete logarithm mathematics in order to obtain stronger encryption from shorter keys using this method an RSA 160-bit key provides the same protection as an RSA 1,024-bit key.
elliptic curve cryptography
the act of placing restricted data inside a larger packet and placing a special destination address on the packet so that it may be routed to the intended receiver
encapsulation
the action of changing a message from one format to another using a coding method. i.e. alphabet represented by 1's and 0's in ASCII or dots and dashes using Morse code
encoding
he process whereby ciphertext is created by processing a plaintext message through an encryption algorithm and utilizing an encryption key and possibly an initialization vector that results in encrypted text
encryption
the most important concern when using a cloud solution as a component of a backup strategy
encryption of transfer and storage
the process of taking a deliberate action to permanently remove or destroy the data stored on a storage device
endpoint data sanitiztion
consists of an endpoint-mounted firewall, host intrusion detection systems (HIDSs), and antivirus software
endpoint defense
this statement identifies the consequences of violating the policy
enforcement statement
a one-time key generated at time of need for a specific use or for use in a short or temporary time frame.
ephemeral key
a data storage and data identification technology used to provide high-availability and data reliability to cloud-stored data. Like RAID but in the cloud
erasure coding
The frequency of these errors (false positive, false negative) is referred to as an error rate
error rate
any observable occurrence in a system or network
event
stores cookie data in several locations the website client can access. Should cookies be cleared by the end user, the data can still be recovered and reused by the website client
evercookie
a rogue Wi-Fi access point that appears to be a legitimate access point that is part of an enterprise network on the premises but has actually has been set up to eavesdrop on wireless communications.
evil twin
part of the router that receives arriving packets and routes them through an output interface to the destination address. Utilizes destination addresses obtained by the control plane and maintained in routing tables
forwarding plane
the study of how often various characters show up in a language
frequency analysis
the contiguous copy of the entire system and data
full backup
a complete power up of an alternate site, switch over and power down of the primary site
full interruption test
features full-time members who respond to incidents on a daily basis. Very large corporations, financial institutions, banks, and other organizations require full-time response teams based on the frequency of incidents
full time incident response team
address specific issues or concerns of the organization. They may be used to define requirements related to particular areas of security, such as access control, acceptable use, change management requirements, hardware and software updates, and other operational concerns. An example of a functional policy is a Bring Your Own Device (BYOD) policy
functional policy
report to other managers and departments throughout the organization and become members of incident response teams when they are required
functional response team
accepted or tolerable risk
guarded
suggested steps for performing a task that leave room for discretionary judgement
guidelines
a broad term that can refer to individuals who only want to disrupt normal operations to terrorists waging a type of cyber war against a target and anything in between
hacker
a person or group that exploits a weakness in technology in order to draw attention to a personal message or agenda
hacktivist
A one-way mathematical algorithm in which a hash value or message digest is a fixed-size output.
hash function
When crafting a digital signature, what are the initial steps in the process performed by the sender
hash the message and then encrypt the digest with the private key
type of cryptography that does not use an encryption algorithm a one-way function cannot be used in a reverse function to derive the original document always produce a fixed-length output regardless of the size of the original document provides message integrity
hashing
A learning and statistical assumption technique used in making very fast decisions with relatively little information.
heuristic-based detection
trust relationship with a top entity and subordinates
hierarchical trust
a method whereby numbers of host machines may be logically or physically connected so that all of their resources (such as CPU, RAM, hard drive, and network communications capability) can be shared among all of the hosted virtual machines
host clustering
a patch that can be applied to piece of hardware or software without the requirement to power down or reboot the product
hot patch
a fix that may be applied to a piece of hardware or software that is currently online and in use
hotfix
a physical location available for immediate switchover of processing operations
hotsite aka backup site
consist of combining two forms of cloud deployments offer a great degree of flexibility to an organization
hybrid cloud
based upon initializing an encrypted session utilizing asymmetric encryption to encrypt and send a symmetric key to the other party both asymmetric cryptography as well as symmetric cryptography are used in the same encrypted session
hybrid cryptography
consists of wireless devices connecting to an access point that then interfaces with a standard wired network.
hybrid wireless network
a means to encapsulate SCSI signaling into an IP packet in order to traverse a standard IP network rather than a traditional SCSI ribbon cable
iSCSI (IP Small Computer System Interface) iSCSI is to SCSI as VoIP is to telephones.
the best means of risk mitigation
implementing safeguards
a type of access rule that states that if a subject is not listed on the access control list, access is denied. This type of rule is usually at the bottom of the rules list in either a router or a firewall. Its purpose is to act as a catchall
implicit deny
the catchall that prohibits the passage of anything that has not been ethically or explicitly authorized.
implicit deny
the most important foundational security concept upon which most other security ideas and solutions are based
implicit deny
refers to anti-malware that has been released onto the Internet. Imagine that this malware is roaming free and is being exchanged through unsuspecting host relationships, indiscriminate clicking email links, and other types of actions that spread the malware through the Internet.
in the wild
refers to transmitting, or sending, a key over the existing communication connection. Eavesdropping and man-in-the-middle are typical attacks on key exchanges
in-band key exchange
an event with the potential to cause harm to the organization. Usually considered an intrusion by an outside force, but it may also be caused by an internal user. May also be intentional or unintentional.
incident
a set of established responsibilities, criteria, and procedures to be initiated upon the discovery of an incident. Involves the IT assets of an organization
incident response plan
defines how an organization will respond to security violations and intrusions
incident response plan
an assortment of multidisciplined individuals from across the organization who aid in the mitigation of harm and the containment of an incident.
incident response team
daily backups are stored in separate files In the event of a restoration, each of the files must be added to the others and finally to the full backup to form a contiguous data file containing not only all of the existing information from Sunday but also the information from the rest of the week.
incremental backup
worse than no countermeasure at all because it provides a false sense of security
ineffective countermeasure
risks to IT hardware, software, and information assets are identified and threats and vulnerabilities are reduced to an acceptable level
information risk management
standard also provides for the communication of numerous wireless devices connecting through network access points (APs)
infrastructure mode
an unencrypted random number that is used to create complexity during the encryption process.
initialization vector
used as common components of encryption algorithms because they increase the chaos in encrypted output
initialization vector (IV)
all of the items that must be considered, such as laws, policy, goals and objectives, availability, costs, and other input
input constraints
may be performed by a disgruntled employee, third-party contractor, or anyone with direct inside access to an organization's network or host workstations
insider attack
a nonphysical asset
intangible
access control list tool that inspects packets on a network, and takes a predetermined action to stop the attack
intrusion prevention system IDS and IPS have become one HIDPS and NIDPS
means that all of the devices on the wire or network are transmitted the same time. has no mediating controller and therefore is called contention-based access and nondeterministic. It is the least effective of any of the transmission protocols because none of the devices have any means of determining when to transmit data.
multiple access
Most often describes multiple virtual machines residing on one host. In cloud hosting, the virtual machines may not be owned or controlled by the same organization. can also refer to several users accessing a single instance of an application or virtual device.
multitenancy
requires both entities to prove themselves to each other simultaneously
mutual authentication
Countries around the world that sponsor cyber terrorism may plant advanced persistent threats (APTs) in foreign government or foreign commercial enterprises for intelligence gathering purposes. Cyberwarfare is a term to describe these activities
nation state
How is granular control of objects and resources implemented within a mandatory access control environment?
need to know
In organizations that enforce _________________, individuals are not automatically given access to sensitive information simply because they possess the appropriate security credentials and clearance. It is based on a case by case basis
need to know
Subjects cannot read information classified at a higher level than theirs
no read up
a method of asserting that the sender of a message cannot deny that they have sent it assertion is created by associating something that only the sender possesses, for example, their private key
non-repudiation
standard benign operations
normal
5 levels of risk
normal - standard benign operations guarded - accepted or tolerable risk elevated - detection of potential threat realization (i.e. compromise attempts) substantial - security violations have occurred, but have not interrupted mission critical functions severe - mission critical functions have been significantly affected or interrupted
Information concerning network operation data volume and other considerations is communicated from the hardware layer to the applications and business logic. This allows operators to monitor network operations.
northbound APIs
"monitor" an attack while it's in progress
not advisable to do this, the organization could face legal consequences. Incident response activities should start immediately after an incident has been discovered
What is the purpose of a baseline in relation to security monitoring?
notices trends away from normal
the (passive) resource or asset of which a subject is requesting access. These roles may change or flip..
object
an object such as a document is labeled (classified) in some manner to illustrate the status of the information. For instance, it may be labeled company confidential, sensitive, or unclassified
object classification
Designed to provide a 360° pattern and provide an even signal in all directions
omnidirectional antenna
When should security training take place
on hire and yearly
Users can subscribe to services by simply selecting from cloud provider menus
on-demand self service
The concept is that a real or virtual paper pad contains codes or keys on each page that are random and do not repeat. Each page of the pad can be used once for a single operation, and then it is discarded—never valid or to be reused again. The one-time use of an encryption key is the most secure form of encryption possible
one time pad
takes the input of a plaintext message and outputs a ciphertext message it is mathematically infeasible to determine the original plaintext message from the ciphertext message. primarily used in hashing or for verifying the integrity of a message
one way algorithm
users in one domain may access resources in a second domain. But since this is a one-way relationship, users in the second domain may not access resources in the first domain.
one way trust
used to clarify and provide a clear direction on operational topics such as access to specific database information, application software, or networking facilities
operational policy sometimes referred to as system-specific policies
established by a person or group with a high level of authority, such as a senior manager or corporate office, and it's usually very broad in nature, impacting the entire organization, corporate division, geographic area, or a country-specific working group
organizational policy
term used to describe the transmission of key material through any other means. This may include notes, handwritten messages, security transfer pouches, or verbal exchange, to name a few
out-of-band key exchange
transmitting a message or date by any means other than through a normal channel of communication normally used to describe a method of exchanging passwords by not sending them over the same channel as the encrypted message.
out-of-band transmission
a stream cipher that allows the keystream to be prepared and stored in advance, prior to the encryption operation
output feedback
contract out network and system monitoring as well as the response to intrusions
outsource response team
firewall that passes data based upon packet addressing information. It does not analyze the data included in a packet but simply forwards the packet based upon an application or port designation
packet filter firewall
Devices such as routers use the destination address and forward the packet to the next router until the packet eventually arrives at its destination.
packet switched
software applications are run in parallel with the actual business environment to test how well they will perform
parallel test
best characterized by a vehicle located within close proximity to a transmission source, such as in the parking lot of an organization. The attacker usually has sophisticated radio monitoring equipment
parking lot attack
also known as a reciprocal site involves an agreement between two companies to share resources in the event of a disaster
partner site/contracted or mutual site
necessary to support file transfer when a client is located behind a firewall that does not allow inbound initiated contact
passive FTP
necessary to support file transfer when a client is located behind a firewall that does not allow inbound initiated contact.
passive ftp
collects data about objects, events, and packets that are natively present in the environment, rather than injecting new elements.
passive monitoring
lock an account after a preset number of password logon attempts. Using this technique prohibits brute-force attacks.
password attacks
specifies how often passwords must be changed, password complexity, how passwords are audited, and other password characteristics.
password policy
a piece of software intended to update an application, operating system, or control program to improve its usability and performance.
patch
should be applied regularly as available from the manufacturer. should be tested on simulated production equipment prior to being distributed to production
patches
the harmful code contained within any malware
payload
a property that states that a session key won't be compromised if one of the long-term keys used to generate it is compromised in the future
perfect forward secrecy
a connection between endpoints where the carrier configures the circuit routes to provide the requested speed and bandwidth through their equipment.
permanent virtual circuit
most important asset in any orginization
personnel
a type of social engineering attack to obtain access credentials, such as usernames and passwords. In practice, it's a type of attack that redirects the user to an unexpected website destination. Can be conducted either by changing the hosts file on a victim's computer or by exploiting a vulnerability in DNS server software
pharming
an attack that attempts to obtain personal information, credit card information, or login information by masquerading as a legitimate entity
phishing
what are the three types of controls
physical logical administrative
similar to a buffer overflow attack. The pointer is used to index the process within a process stack. The attacker attacks the pointer through buffer overflow techniques to change it to point at the malicious code
pointer overflow
changes slightly as it replicates throughout the system. This makes it difficult for scanners to detect this type of virus because of different variations
polymorphic virus
Cloud systems make use of virtualization to allow total hardware usage allocation. This means that rather than have one server with one client that uses the server 60 percent of the time, the same server might have several virtual machines running that use 95 percent of the hardware capability and can be adjusted for workloads very rapidly
pooling of resources
NIST SP 800-37 rev 1, 4 steps in risk assesment
prepare, conduct, communicate and maintain
continuously monitor intrusions based upon a variety of signatures, behavioral characteristics, or heuristics
real time monitoring difference between real-time monitoring and active monitoring is that real-time monitoring is continuously listening to the traffic on the network and automatically sending alerts based upon some criteria
activities used to return operations to normal after an incident
recovery
The abstract machine concept that mediates all access by subjects to objects (part of the TCB)
reference monitor
Ports 1024-49151
registered ports
performs data acquisition and validation services of public key owners on behalf of the certificate authority.
registration authority
when a fix for a current problem creates problems in prior versions of the product
regression
a cloud vulnerability since data stored on a cloud server system based in Spain may come under the jurisdiction of the Spanish legal system
regulations and jurisdiction
created by government or by an industry specific group to control a process
regulatory agency
a position that is responsible for communicates issues, problems, and concerns and coordinates the services of the help desk group to facilitate software deployment.
release coordinator
required when the user is in a remote location from the company network
remote authentication
involves the capture of portions of a message by an attacker who then plays the message back at a later time to convince the host receiver that it is still communicating with the original sender.
replay attack
directly attacks the antivirus program, potentially destroying the virus definition database file. The virus disables the antivirus program yet makes it appear as if it is working, thus providing a false sense of security
retrovirus
not only does the user authenticate to the system when requesting access, they also have knowledge that the system they are contacting is in fact a genuine site.
reverse authentication can be done using images or personal security questions
act of decomposing an item to determine its construction and method of operation
reverse engineering
form of social engineering which tricks a victim into contacting the attacker to ask for technical support
reverse social engineering
provided a solution to the problem of who talks next. When a token was circulated around a closed loop ring, each node could determine exactly when they could transmit next. This was referred to as a deterministic system has been almost totally eliminated and replaced by Ethernet technology
ring topology
the likelihood of a threat exploiting a vulnerability and resulting in a loss.
risk
an organization acknowledges a risk and makes a conscious decision to just live with it,
risk acceptance
analytical method of identifying both threats and asset vulnerabilities and determining the likelihood and impact should the threat event occur and exploit the identified vulnerability
risk analysis
eliminating a risk situation. For instance, if you never climbed a ladder, you would never fall off
risk avoidance
The amount of impact or damage a threat may cause to an asset
risk impact
NIST SP 800-37 Revision 1 offers a six-step process for implementing information security and risk management activities into a cohesive system development life cycle
risk management framework
alters elements throughout the enterprise to minimize the ability of a threat to exploit a vulnerability
risk reduction
the process whereby a control is put in place to reduce risk
risk reduction
lists and categorizes each discovered or encountered risk within a properly implemented enterprise risk management (ERM)
risk register
When the responsibility for the payment of loss is placed on a third party
risk transference; done through outsourcing and insurance
documents the plan for implementing preferred risk mitigation strategies for dealing with identified risks
risk treatment schedule
a very old attack where malicious software allows the attacker to take root control of an operating system..............disguises itself by appearing as authentic operating system software to hide from antivirus/anti-malware software. Grants the attacker high-level authority with the ability to change system parameters and remotely execute files.
rootkit
a networking device used for connectivity between two or more networks.......provide routing based on IP addresses.... communicate with each other to determine the best path for packets.........The hop counter on a packet begins at 15 and decrements each time it crosses a _____. If the hop counter gets to 0, the packet is dropped. This prevents packet loops.
router
access control by limiting access based on set guidelines such as time or attempts
rule based access control
typically a set of conditions that, if applied in good faith, may temporarily or indefinitely protect the organization from legal action or penalties imposed by a new regulation or law.
safe harbor provision
any device, procedure, or action that provides a degree of protection to an asset
safeguard
the process of adding additional bits of data to a cleartext key or password prior to it being hashed
salt
refers to a machine or virtual network that is totally isolated from the production environment
sandbox
A program that has the ability to extract data displayed on a screen or output device.
screen scraper
This type of cable features shielding encasing each of the twisted pairs as well as the outer bundle of twisted pairs. This eliminates EMI between the twisted-pair sets and prevents EMI from entering or exiting the cable bundle
screened shielded twisted pair
Usually an unskilled, inexperienced, immature hacker who utilizes hacking tools and scripts
script kiddie
a software development process proposed by Microsoft to reduce software maintenance costs and increase the reliability and security of software
security development lifecycle (SDL)
records events related to resource use, such as creating, opening, and deleting files or manipulating other objects
security log
usually a form of server product that centrally manages the security settings and security components of network-based endpoint computers
security management software
a specific update to an application, operating system, or control program in response to the identification of a vulnerability.
security patch
must be in alignment with the mission, objectives, nature, and culture of a business. Organizational policies are not based on best practices.
security policy
where one person is required to complete each part of a task. Using the example of key escrow, one person might access the key contained in key escrow while a second person must decrypt the files using the retrieved key. And a third person may verify that each of the other two persons performed their actions correctly
separation of duties
made up of a number of updates, enhancements, fixes, or patches that are delivered by the manufacturer in the form of a single executable file
service pack
encryption keys used for a single communication session. At termination of the communication session, the key is discarded.
session key
restrict or allow actions during a specific communication session. These controls terminate when the session is terminated.
session level access control
mission critical functions have been significantly affected or interrupted
severe
utilizes a common ground shield encasing the twisted strands.
shielded twisted pair
Best practice for restoration of a device after an incident
should include reimaging from a standard image or from a known good backup
an entry in a database describing a violation or exploit which is used to match real-time events in order to detect and record attacks by the continuous monitoring solution
signature
the means of incident or violation detection which is based on a collected sample of the unwanted activity
signature-based detection
patterns of known malware
signature-based malware protection
the user in a trusted domain requests access to a resource in the trusting domain
simple trust relationship
A typical emergency situation may be practiced. Features actual steps that would be taken during an actual emergency or disaster
simulation test
type of fiber-optic cable has a small-diameter glass core that decreases the number of light reflections. This allows for greater transmission distances, up to 80 kilometers (km) standard outer jacket color is yellow most expensive type of cabling
single mode fiber optic
an identification authentication technique whereby the user signs on one time and has access to multiple applications
single sign-on
the virtual environment tool that allows for testing and experimentation within a guest OS while providing a means to roll-back to a previous stable state in just seconds
snapshot
a series of steps in which software is loaded on a server and distributed
software deployment
authentication factor that includes the use of a biometric system to verify the user's physical characteristics such as fingerprints, palm scans, iris or retina scans, facial feature scans
something you are
authentication factor that makes use of various traits exhibited by the individual. These traits include voice patterns, heart rhythms, handwriting analysis, and keyboard typing characteristics.
something you do
authentication factor that includes credit cards, digital proximity cards, radio-frequency identification (RFID) devices, hardware tokens, photo ID badges, and smartphones for SMS/text messages.
something you have
authentication factor that uses a geolocation or geotagging system to physically locate the user by recognizing the user access point or terminal, IP address, satellite triangulation, or cell towers in use.
somewhere you are
Information is sent to the underlying hardware infrastructure with provisioning and deployment instructions.
southbound APIs
receipt of unwanted or unsolicited emails
spam other variations: spim (spam over instant messaging) spit (spam over internet telephony)
directed attack on an individual or group of individuals with the goal of gathering personal or corporate information
spear phishing
a system in which part of a secret is shared among two or more individuals
split knowledge
mishandling of electronically stored information
spoliation of evidence
where the attacker appears to be someone or something else in order to mislead another person or device
spoofing attack
malicious software that is placed on the host computer and monitors actions and activities and often creates a log of some sort
spyware
this statement identifies the regulations or laws that pertain to the policy
standards or mandate statement
each node is connected to a central device such as a switch or router. Although the use of a centralized connection devices inserts a single point of failure, the flexibility of this type of network design allows for shorter cable runs and ease of network deployment most common topology in modern networks
star topology
compares existing conversations with new packets entering the firewall connecting for the first time. The new packets are compared against rulesets for a decision about whether to allow or deny
stateful packet inspection firewall
do not track the continuity of conversations and only make allow or deny decisions based upon simple rulesets
stateless firewall
masks itself as another type of program to avoid detection, usually by changing the filename extension or modifying the filename
stealth virus
simply hiding one message inside another known as hiding in plain sight
steganography
This evaluation is used to determine the asset value and potential risks to the system (risk management framework or RMF)
step 1 categorize
Baseline security controls are selected based on the category of the system. (RMF)
step 2 select
the selected security controls are installed and properly initiated throughout the system (RMF)
step 3 implement
XORs the bits of a plaintext message one at a time with a keystream to create ciphertext an algorithm that performs encryption on a continuous bit-by-bit basis. Used when encryption of voice, music, or video is required. This algorithm is very fast.
stream cipher (stream algorithm)
disaster recovery/emergency management plan testing type is considered the most cost-effective and efficient way to identify areas of overlap in the plan before conducting a more demanding training exercise
structured walk through test
person or system requiring access to the classified object or data. Generally, this technique is referred to as issuing a clearance level
subject labeling
covers up numbers in the address that are not required. When a network is subnetted, it is divided into smaller components, or subnets, with a smaller number of host machines available on each subnet.
subnet mask
This makes the broadcast domain much smaller and have fewer hosts. The advantage to this is much better network performance because you are reducing overall network traffic while also making the network more secure and manageable this can be done for a network logically, topologically, physically within a building, by workgroups, or by a building within a campus
subnetting
security violations have occurred, but have not interrupted mission critical functions
substantial
the process of replacing one letter for another. For instance, when using the Caesar cipher disk, the inner disk is rotated three places, ROT-3, and the corresponding letter can be used as a substitute in the encrypted text
substitution
what kind of cipher is the Caesar Cipher
substitution cipher
backup personnel are available in the event that key personnel are lost or unavailable
succession planning
access control list tool that routes network communications based upon the Media Access Control (MAC) address of a device creates a map table identifying the device with the MAC address in the specific port
switch some combine the ability to switch MAC addresses as well as route IP addresses, these are Layer 3 switches
dynamically configures the circuit routes each time the circuit is used by the end user.
switched virtual circuit
uses a symmetric key and operates at extreme speeds. Both the sender and the recipient require the same secret key. This can create a disadvantage in key distribution and key exchange.
symmetric algorithm
sometimes called private key or secret key cryptography, uses a single shared encryption key to both encrypt and decrypt data. provides very fast encryption
symmetric cryptography
a key used with a symmetric encryption algorithm that must be kept secret. Each party is required to have the same key, which causes key distribution to be difficult with symmetric keys
symmetric key
provides an extra defense within a Windows-based system against password-cracking software makes use of strong encryption techniques that make cracking encrypted account passwords more difficult and time-consuming than cracking non-encrypted account passwords
syskey
This is the highest alert, possibly affecting major sections of the network or applications
syslog 0 emergency
This indicates a major problem, such as the loss of a central application or communication method
syslog 1 alert
This represents the loss of a backup or secondary device.
syslog 2 critical
Warnings are usually set to indicate that a threshold is near. For instance, server utilization is at 90 percent.
syslog 4 warning
These messages indicate potential problems that should be investigated.
syslog 5 notice
These are status messages and no action is usually required.
syslog 6 info
Debug messages are utilized by developers and programmers.
syslog 7 debug
The Value of the Information (this may be different depending on the organization) and the Method of Accessing the Information (This is how the info is made available)
system level access control
individuals assigned to the test being conducted will assemble in a conference room. Here they will review the continuity plan or disaster recovery plan and proceed through the plan step-by-step, outlining their personal responsibilities
tabletop test/structured walkthrough test
event data analysis
the process of taking raw data from numerous sources, assimilating and processing it, and presenting the result in a way that can be easily interpreted and acted upon
the method of placing plaintext horizontally into a grid and then reading the grid virtually. This ______________ the letters and characters.
transposition
any incident or event that represents the probability to harm an organization
threat
the path which a threat takes to cause an action.
threat vector
the pathway to a target or the method used by the attacker to infect a target
threat vector
a drive array that is usually provided by a single manufacturer and features a proprietary physical backplane, which maintains connectivity to both drives and controller nodes
tight coupled cluster
What is the goal of event data analysis?
to interpret collected events and take appropriate action
based upon a one-time password. Because the password is used only once, it is very difficult for a hacker to obtain it. A token, or token device, is usually a small hardware device that displays a number
token-based access control
used to manage the priority of traffic on corporate LANs. a network traffic management technique that prioritizes packets in accordance with a network traffic profile. It is used to optimize or guarantee the delivery of some packets prior to others
traffic shaping
trust relationship that shares info over a middle entity
transitive trust
refers to the encryption of data in transit. IPsec is a very popular use of this
transport encryption
In this mode of IPsec, the packet contents are protected while the original IP header is exposed for internal routing. used for host to host, peer-to-peer, and endpoint-to-endpoint communication
transport mode
similar to several parallel bus structures, each containing networking items, one placed on top of the other. The top-level bus drops to a server. The server then connects below it to another bus, which contains hosts or workstations. This is a layered approach to a bus structure, but it still maintains the same problems as a bus topology
tree topology
used to combine multiple distinct physical network topologies into a single network structure
tree topology
malware that is disguised as a usable program
trojan
when no malicious events are taking place and no alerts are being triggered
true negative
when malicious events are taking place and an alert is triggered to notify the incident response team
true positive
A special, logical and compartmentalized computer that is in charge of enforcing access control
trusted computer base
contains the user requesting access to a resource in another domain. The domain containing the resource "trusts" the domain containing the user. Therefore, the user's domain is referred to as a ____________
trusted domain
otherwise referred to as the resource domain, contains the resource to which access is desired
trusting domain
How is a backup strategy tested to verify that it is a viable tool for recovery after a disaster?
try to use the backup. Restore files from it, if the files are restored properly it is a viable backup
the act of adjusting a device such as an intrusion detection system or intrusion prevention system to detect events, intrusions, and other anomalies that have exceeded the clipping level set for the device
tuning
both domains trust each other and each user in either domain may access the resources of the other
two way trust
used to describe a relationship between two entities where resources from either side can be accessed by users from either side.
two-way trust
This cable features numerous individual copper cable strands twisted together.
unshielded twisted pair
industry slang used to describe the installation of any software that either fixes a vulnerability or increases the usability or functionality of the product
update and upgrade
a team tests the software against specific scenarios
user acceptance testing
the rights and privileges assigned to a user
user entitlement
primarily running an application, database, or operating system that is completely separate from the hardware on which it is running
virtualization
the time and effort that it would take to break a specific encrypted text
work factor
a type of software that replicates itself without assistance infects host computers as well as networks by leaving a copy of itself in each location or host machine. The primary use is to create a denial of service (DOS) attack
worm
consisting of multiple parallel metal rods called dipole elements in a line. As opposed to a simple dipole antenna, this design achieves a high degree of directionality and gain
yagi antenna
a type of attack in which the attacker uses a previously unknown attack technique or exploits a previously unknown vulnerability
zero-day attack
a technique used to completely erase a key from an electronic device or a memory module such as a hard drive, smart card, or USB drive so that magnetic information may not be retrieved by any known method
zeroisation, aka clearing
generally described as a compromised computer that may be controlled under remote control
zombie
