Shared Flashcard Set

Details

Security+ 601
CompTIA Security+ 601
82
Other
Not Applicable
04/26/2021

Additional Other Flashcards

 


 

Cards

Term
The Gramm-Leach-Bliley Act (GLBA)
Definition
The Gramm-Leach-Bliley Act (GLBA) is a United States federal law that requires financial institutions to explain how they share and protect their customers’ private information
Term
The Health Insurance Portability and Accountability Act (HIPPA)
Definition
The Health Insurance Portability and Accountability Act (HIPPA) is a US law designed to provide privacy standards to protect patients’ medical records and other health information provided to health plans, doctors, hospitals, and other health care providers.
Term
Sarbanes-Oxley (SOX)
Definition
Sarbanes-Oxley (SOX) is a United States federal law that set new or expanded requirements for all US public company boards, management, and public accounting firms.
Term
The Family Educational Rights and Privacy Act (FERPA)
Definition
The Family Educational Rights and Privacy Act (FERPA) of 1974 is a United States federal law that governs the access to educational information and records by public entities such as potential employers, publicly funded educational institutions, and foreign governments.
Term
Direct object references
Definition
Direct object references are typically insecure when they do not verify whether a user is authorized to access a specific object.
Term
Security assertions markup language (SAML)
Definition
Security assertions markup language (SAML) is an XML-based framework for exchanging security-related information such as user authentication, entitlement, and attributes. SAML is often used in conjunction with SOAP. SAML is a solution for providing single sign-on (SSO) and federated identity management.
Term
SAML transaction
Definition
It allows a service provider (SP) to establish a trust relationship with an identity provider (IdP) so that the SP can trust the identity of a user (the principal) without the user having to authenticate directly with the SP.
Term
SHA-1 output
Definition
SHA-1 creates a 160-bit fixed output.
Term
SHA-2 output
Definition
SHA-2 creates a 256-bit fixed output.
Term
NTLM output
Definition
NTLM creates a 128-bit fixed output
Term
MD-5 output
Definition
MD-5 creates a 128-bit fixed output
Term
Rapid elasticity
Definition
Rapid elasticity is used to describe the scalable provisioning or the capability to provide scalable cloud computing services. Rapid elasticity is very critical to meet the fluctuating demands of cloud users. The downside of rapid elasticity implementations is that they can cause significant loading of the system due to the high resource number of allocation and deallocation requests.
Term
System on a chip
Definition
A system on a chip is an integrated circuit that integrates all or most components of a computer or other electronic system. These components almost always include a central processing unit, memory, input/output ports, and secondary storage – all on a single substrate or microchip, the size of a coin.
Term
RIPEMD output
Definition
RIPEMD creates a 160-bit fixed output.
Term
The benefit of Elliptic curve cryptography (ECC)
over non-ECC cryptography
Definition
An application that can achieve the same level of security provided by non-ECC cryptography while using a shorter key length. For example, an ECC algorithm using a 256-bit key length is just as strong as an RSA or Diffie-Hellman algorithm using a 3072-bit key length.
Term
Elliptic curve cryptography (ECC)
Definition
lliptic curve cryptography (ECC) is an approach to public-key cryptography based on the algebraic structure of elliptic curves over finite fields.
Term
Full packet capture
Definition
Full packet capture records the complete payload of every packet crossing the network.
Term
Integer overflows
Definition
Integer overflows and other integer manipulation vulnerabilities frequently result in buffer overflows. An integer overflow occurs when an arithmetic operation results in a large number to be stored in the space allocated for it. Integers are stored in 32 bits on the x86 architecture; therefore, if an integer operation results in a number greater than 0xffffffff, an integer overflow occurs, as was the case in this example.
Term
SQL injection
Definition
SQL injection is an attack that injects a database query into the input data directed at a server by accessing the application's client-side.
Term
Password spraying
Definition
Password spraying is a type of brute force attack in which multiple user accounts are tested with a dictionary of common passwords.
Term
The beacon's protocol
Definition
A beacon can be sent over numerous protocols, including ICMP, DNS, HTTP, and numerous others. Unless you specifically knew the protocol being used by the suspected beacon, filtering out beacons by the protocol seen in the logs could lead you to eliminate malicious behavior prematurely. Other factors like the beacon's persistence (if it remains after a reboot of the system) and the beacon's interval (how much time elapses between beaconing)are much better indicators for fingerprinting a malicious beacon. The removal of known traffic by the script can also minimize the amount of data the cybersecurity analyst needs to analyze, making it easier to detect the malicious beacon without wasting their time reviewing non-malicious traffic.
Term
Randomized one-time use pad
Definition
The only truly unbreakable encryption is one that uses a one-time use pad. This ensures that every message is encrypted with a different shared key that only the two owners of the one-time use pad would know. This technique ensures that there is no pattern in the key for an attacker to guess or find. Even if one of the messages could be broken, all of the other messages would remain secure since they use different keys to encrypt them. Unfortunately, one-time use pads require that two identical copies of the pad are produced and distributed securely before they can be used.
Term
Segmentation-based containment
Definition
Segmentation-based containment is a means of achieving the isolation of a host or group of hosts using network technologies and architecture.
Term
IPv6 and IPSec
Definition
IPv6 includes IPSec built into the protocol by default. Additionally, IPv6 also provides an extended IP address range for networks, eliminating the need for using NAT.
Term
A SYN flood
Definition
A SYN flood is a variant of a Denial of Service (DOS) attack where the attacker initiates multiple TCP sessions but never completes the 3-way handshake. This uses up resources on the server since it cannot complete the handshake and keeps resources reserved for the attacker’s computer while it awaits the handshake's completion.
Term
Infrastructure as a Service (Iaas)
Definition
Infrastructure as a Service (Iaas) is focused on moving your servers and computers into the cloud. If you purchase a server in the cloud and then install and manage the operating system and software on it, this is Iaas.
Term
Digital Signature Algorithm (DSA)
Definition
The Digital Signature Algorithm (DSA) is a Federal Information Processing Standard for digital signatures. The algorithm uses a key pair consisting of a public key and a private key
Term
Symmetric Algorithms
Definition
ES, RC4, and DES are all symmetric algorithms.
Term
A cognitive password
Definition
A cognitive password is a form of knowledge-based authentication that requires a user to answer a question, presumably something they intrinsically know, to verify their identity. If you post a lot of personal information about yourself online, this type of password can easily be bypassed. For example, during the 2008 elections, Vice Presidential candidate Sarah Palin's email account was hacked because a high schooler used the "reset my password" feature on Yahoo's email service to reset her password using the information that was publically available about Sarah Palin (like her birthday, high school, and other such information).
Term
Preservation of evidence
Definition
A cybersecurity analyst must preserve evidence during the containment, eradication, and recovery phase. They must preserve forensic and incident information for future needs, prevent future attacks or bring up an attacker on criminal charges.
Term
Asset management
Definition
The process used to conduct an inventory of critical systems, components, and devices within an organization.
Term
Stream ciphers
Definition
RC4, or Rivest Cipher 4, is a symmetric stream cipher used in WEP and TLS.
Term
Block ciphers
Definition
AES, Blowfish, and DES are all block ciphers.
Term
OCSP
Definition
OCSP is a protocol used to query CA about the revocation status of a certificate.
Term
Wildcards
Definition
Wildcards are certificates that allow your company unlimited subdomains on a parent domain.
Term
Continuous deployment of software
Definition
Continuous deployment is a software development method in which app and platform updates are committed to production rapidly.
Term
Continuous delivery of software
Definition
Continuous delivery is a software development method in which app and platform requirements are frequently tested and validated for immediate availability.
Term
Continuous integration of software
Definition
Continuous integration is a software development method in which code updates are tested and committed to development or build server/code repositories rapidly.
Term
Sensitive Personal Information (SPI)
Definition
Information about an individual's race or ethnic origin is classified as Sensitive Personal Information (SPI).Sensitive personal information (SPI) is information about a subject's opinions, beliefs, and nature afforded specially protected status by privacy legislation. As it cannot be used to identify somebody or make any relevant assertions about health uniquely.
Term
When weak SSLv3.0/TLSv1.0 protocol is used
Definition
This vulnerability should be categories as a web application cryptographic vulnerability. This is shown by the weak SSLv3.0/TLSv1.0 protocol being used in cipher block chaining (CBC) mode. Specifically, the use of the 3DES and DES algorithms during negotiation is a significant vulnerability. A stronger protocol should be used, such as forcing the use of AES.
Term
Iris scan
Definition
Iris scans rely on the matching of patterns on the surface of the eye using near-infrared imaging, and so is less intrusive than retinal scanning (the subject can continue to wear glasses, for instance) and much quicker. Iris scanners offer a similar level of accuracy as retinal scanners but are much less likely to be affected by diseases. Iris scanning is the technology most likely to be rolled out for high-volume applications, such as airport security. There is a chance that an iris scanner could be fooled by a high-resolution photo of someone's eye.
Term
Context-based authentication
Definition
Context-based authentication can consider several factors before permitting access to a user, including their location (e.g., country, GPS location, etc.), the time of day, and other key factors to minimize the threat of compromised credentials from being utilized by an attacker.
Term
SQL injection
Definition
SQL injection is a code injection technique that is used to attack data-driven applications. SQL injections are conducted by inserting malicious SQL statements into an entry field for execution. For example, an attacker may try to dump the contents of the database by using this technique. A common SQL injection technique is to insert an always true statement, such as 1 == 1, or in this example, 7 == 7.
Term
Header manipulation
Definition
Header manipulation is the insertion of malicious data, which has not been validated, into an HTTP response header.
Term
XML Injection
Definition
XML Injection is an attack technique used to manipulate or compromise an XML application or service's logic. The injection of unintended XML content and/or structures into an XML message can alter the application's intended logic.
Term
Cross-Site Scripting (XSS)
Definition
Cross-Site Scripting (XSS) attacks are a type of injection in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in a browser-side script, to a different end-user.
Term
Data wiping of a hard drive
Definition
Data wiping or clearing occurs by using a software tool to overwrite the data on a hard drive to destroy all electronic data on a hard disk or other media. Data wiping may be performed with a 1x, 7x, or 35x overwriting, with a higher number of times being more secure. This allows the hard drive to remain functional and allows for hardware reuse.
Term
Degaussing a hard drive
Definition
Degaussing a hard drive involves demagnetizing a hard drive to erase its stored data. You cannot reuse a hard drive once it has been degaussed. Therefore, it is a bad solution for this scenario.
Term
Purging a hard drive
Definition
Purging involves removing sensitive data from a hard drive using the device's own electronics or an outside source (like a degausser). A purged device is generally not reusable.
Term
Shredding of a hard drive
Definition
Shredding involves the physical destruction of the hard drive. This is a secure method of destruction but doesn’t allow for device reuse.
Term
Secure LDAP (LDAPS) 
Definition
The Lightweight Directory Access Protocol (LDAP) uses a client-server model for mutual authentication. LDAP is used to enable access to a directory of resources (workstations, users, information, etc.). TLS provides mutual authentication between clients and servers. Since Secure LDAP (LDAPS) uses TLS, it provides mutual authentication.
Term
Discretionary access control (DAC)
Definition
Discretionary access control (DAC) stresses the importance of the owner. The original creator of the resource is considered the owner and can then assigned permissions and ownership to others. The owner has full control over the resource and can modify its ACL to grant rights to others. This is the most flexible model and is currently implemented widely in Windows, Unix, Linux, and macOS systems.
Term
An exact data match (EDM)
Definition
An exact data match (EDM) is a pattern matching technique that uses a structured database of string values to detect matches. For example, a company might have a list of actual social security numbers of its customers. But, since it is not appropriate to load these numbers into a DLP filter, they could use EDM to match the numbers' fingerprints instead based on their format or sequence.
Term
Document matching
Definition
Document matching attempts to match a whole document or a partial document against a signature in the DLP.
Term
Statistical matching
Definition
Statistical matching is a further refinement of partial document matching that uses machine learning to analyze various data sources using artificial intelligence or machine learning.
Term
Classification techniques
Definition
Classification techniques use a rule based on a confidentiality classification tag or label attached to the data. For example, the military might use a classification based DLP to search for any files labeled as secret or top secret.
Term
A buffer overflow
Definition
A buffer overflow occurs when a program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold. Since buffers are created to contain a finite amount of data, the extra information can cause an overflow into adjacent buffers, corrupting or overwriting the valid data held in them. Although it may occur accidentally through programming error, buffer overflow is an increasingly common security attack on data integrity. In buffer overflow attacks, the extra data may contain codes designed to trigger specific actions, in effect sending new instructions to the attacked computer that could, for example, damage the user's files, change data, or disclose confidential information. Programs should use the variable size validation before writing the data to memory to ensure that the variable can fit into the buffer to prevent this type of attack.
Term
PHI (Protected Health Information)
Definition
Hospital patient records are most accurately categorized as PHI.
Term
Recovery point objective (RPO)
Definition
Recovery point objective (RPO) describes a period of time in which an enterprise's operations must be restored following a disruptive event, e.g., a cyberattack, natural disaster, or communications failure. RPO is about how much data you afford to lose before it impacts business operations. For example, at Dion Training, if 1 hour of data loss occurred, that means that any student progress within the last hour would be lost once the organization restored a server from a known good backup.
Term
A dictionary attack
Definition
A dictionary attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by trying hundreds or sometimes millions of likely possibilities, such as words in a dictionary. The key to answering this question is that they were using passwords from a list. In cryptography, a brute-force attack consists of an attacker submitting many passwords or passphrases with the hope of eventually guessing correctly. A dictionary attack is a specific form of a brute-force attack that uses a list.
Term
A session hijacking attack
Definition
A session hijacking attack compromises the session token by stealing or predicting a valid session token to gain unauthorized access to the webserver.
Term
A man-in-the-middle attack (MITM
Definition
A man-in-the-middle attack (MITM), also known as a hijack attack, is an attack where the attacker secretly relays and possibly alters the communications between two parties who believe that they are directly communicating with each other.
Term
The white team
Definition
he white team acts as the judges, enforces the rules of the exercise, observes the exercise, scores teams, resolves any problems that may arise, handles all requests for information or questions, and ensures that the competition runs fairly and does not cause operational problems for the defender's mission.
Term
The single loss expectancy (SLE)
Definition
The single loss expectancy (SLE) is the amount that would be lost in a single occurrence (AV) times the risk factor (RF). The annual loss expectancy (ALE) is the total cost of a risk to an organization annually. This is determined by multiplying the SLE by the annual rate of occurrence (ARO).
SLE = AV x RF = $120,000 x 0.3 = $36,000

ALE = SLE x ARO = $36,000 x 0.25 = $9,000
Term
A machine learning (ML) system
Definition
A machine learning (ML) system uses a computer to accomplish a task without being explicitly programmed. In the context of cybersecurity, ML generally works by analyzing example data sets to create its own ability to classify future items presented. If the system was presented with large datasets of malicious and benign traffic, it will learn which is malicious and categorize future traffic presented to it.
Term
Artificial Intelligence
Definition
Artificial Intelligence is the science of creating machines to develop problem-solving and analysis strategies without significant human direction or intervention. AI goes beyond ML and can make a more complicated decision than just the classifications made by ML
Term
A deep learning system
Definition
A deep learning system can determine what is malicious traffic without having the prior benefit of being told what is benign/malicious
Term
A generative adversarial network
Definition
A generative adversarial network is an underlying strategy used to accomplish deep learning.
Term
A directory traversal attack
Definition
A directory traversal attack aims to access files and directories stored outside the webroot folder. By manipulating variables or URLs that reference files with “dot-dot-slash (../)” sequences and its variations or using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system, including application source code or configuration and critical system files. The example output provided comes from a remote code execution vulnerability being exploited in which a directory traversal is used to access the files.
Term
Desktop as a Service (DaaS)
Definition
Desktop as a Service (DaaS) provides a full virtualized desktop environment from within a cloud-based service. This is also known as VDI (Virtualized Desktop Infrastructure) and is coming in large enterprise businesses focused on increasing their security and minimizing their operational expenses. Shadow PC (shadow.tech) provides a version of DaaS for home users who want to have a gaming PC without all the upfront costs.
Term
Acceptable use policy/rules of behavior
Definition
Agreed-upon principles set forth
by a company to govern how the employees of that company may use
resources such as computers and Internet access.
Term
Annual loss expectancy (ALE)
Definition
A calculation used to identify risks and
calculate the expected loss each year.
Term
Annualized rate of occurrence (ARO)
Definition
A calculation of how often a threat
will occur. For example, a threat that occurs once every five years has an
annualized rate of occurrence of 1/5, or 0.2.
Term
Asset value (AV)
Definition
The assessed value of an item (server, property, and so on) associated with cash flow.
Term
Exposure factor (EF)
Definition
The potential percentage of loss to an asset if a threat is realized.
Term
Interconnection security agreement (ISA)
Definition
The potential percentage of loss to an asset if a threat is realized.
Term
Business partners agreement (BPA)
Definition
An agreement between partners in
a business that outlines its responsibilities, obligations, and sharing of profits and losses.
Term
Business impact analysis (BIA)
Definition
A study of the possible impact if a
disruption to a business’s vital resources was to occur.
Term
Maximum tolerable downtime (MTD)
Definition
The maximum period of time that a business process can be down before the survival of the organization is at risk.
Term
Meantime between failures (MTBF)
Definition
The measurement of the anticipated
lifetime of a system or component.
Term
Meantime to failure (MTTF)
Definition
The measurement of the average of how long it takes a system or component to fail.
Term
Meantime to restore (MTTR)
Definition
The measurement of how long it takes to
repair a system or component once a failure occurs.
Supporting users have an ad free experience!