Shared Flashcard Set

Details

Practice Test Notes 1a
Security+
88
Computer Science
Professional
05/22/2020

Additional Computer Science Flashcards

 


 

Cards

Term
Virus Hoax
Definition
- Email containing warning asking user to delete files and forward warning
Term
Familiarity and Trust
Definition
- Private messaging can make sender seem familiar and trustworthy
Term
XSS
Definition

- Cross-site Scripting

- Dynamic web page vulnerability

Term
CSRF/ XSRF
Definition

- Cross-site Request Forgery

- Trick user into sending unauth command to web app

Term
Privilege Escalation
Definition

- App vulnerabilities

- Social eng

- misconfigurations

Term
Shimming
Definition

- Modify code to change external behavior to maintain compatibility between OS's

- Can be used to enable malware

Term
Refactoring
Definition

- Optimize existing code without changing external behavior

- Can be used to enable malware

Term
IP Spoofing
Definition
- Relies on falsifying source address
Term
WEP
Definition
- Susceptible to IV attacks
Term
WPS
Definition

- WiFi Protected Setup

- Simplifies config of new devices

Term
Deprecated WiFi Protocols
Definition
- WEP & WPS
Term
Bluetoothjacking
Definition
- Sending unsolicited messages over bluetooth
Term
Bluetoothsnarfing
Definition
- Gaining unauth access over bluetooth
Term
RFID
Definition
- For contactless payment transactions
Term
Wireless Disassociation Attack
Definition

- DoS

- Continually dropping and connecting from NW

- 802.11 management frame issue (no authN)

Term
KPA
Definition

- Known plaintext attack

- Has cipertext and some part of cleartext (crib)

Term
POODLE
Definition

- Crypto downgrade attack

- Susceptible to MITM

- Force "downgrade" of protocol to susceptible SSLv3

Term
Birthday Attack
Definition
- Probability that group of people share same birthday
Term
Replay Attacks
Definition
- Can be stopped with IPSec, Kerberos and CHAP
Term
APT
Definition

- Advanced Persistent Threat

- Nation/State threats

Term
OSINT
Definition

- Open-source Intel

- Gain advantage over competitors

- "Passive" recon in penetration testing

- Preparation for launching attack

Term
Active vs Passive
Definition

- Active means engaging with systems (ping, port scanners)

- Passive means not engaging with systems (wireshark)

Term
Pivoting
Definition
- Use one compromised systems as a platform for attack
Term
Violates Least Privilege
Definition
- Improperly configured accounts
Term
Integer Overflow
Definition
- Storing a numeric value larger than memory allocated
Term
VPN Types
Definition

- Remote-access (Computer to remote NW)

- Site-to-site (NW to NW)

Term
IPSec Modes
Definition

- Tunnel - entire packet incl header

- Transport - packet only (header clear)

Term
VPN Always-on
Definition
- May come down, but restarts automatically when packet appears for transit
Term
IDS Types
Definition

- Heuristic = Anomaly-based = Behavioral

- Signature-based

Term
IDS Port Mirroring
Definition

- Passive

- Out-of-band

Term
Transparent Proxy
Definition
- Does NOT modify client's req/resp
Term
Non-transparent Proxy
Definition
- Modifies client's req/resp
Term
2.4Ghz
Definition

- 11 channels

- 22 MHz 

Term
Dipole Antenna
Definition
- Indoor WiFi AP's
Term
360 Degree Antennas
Definition

- Dipole

- Omni-directional

Term
Highly Directional Long Range Antennas
Definition

- Dish

- Unidirectional

Term
Thin AP (TAP)
Definition

- Centralized management

- Doesn't work by-itself

- Simple radio and antenna that is controlled by a WAC

Term
Fat AP (FAP)
Definition

- Can work independently with complete features

- Typical for homes and small business

Term
SSL Decryptor Card
Definition
- Designed to decrypt SSL traffic so it can be viewed before processed
Term
Media GW
Definition
- Translates between different telecommunications formats
Term
HSM
Definition

- Hardware Security Module

- provide crypto functions

- processing/storage of crypto keys

Term
Wireless Scanner
Definition
- Good for site surveys
Term
NESSUS
Definition
- Vulnerability assessment and config compliance scanner
Term
Metasploit
Definition
- Framework for creating exploitation and penetration testing
Term
Metasploitable
Definition
- Linux distro for practicing penetration testing
Term
pfSense
Definition
- Open-source FW
Term
netstat
Definition
- n for numerical form (no DNS)
Term
ipconfig
Definition

- no params shows basic config for all adapters

- /all shows detailed configs for all adapters

Term
zenmap
Definition
- cross platform nmap
Term
netcat
Definition

- r/w to NW connections

- Like telnet to port

- port scanning

Term
Port Scanners
Definition
- nmap and netcat
Term
User Permission Issues
Definition

- Check application of Principle of Least Privilege

- Permissions auditing and review

Term
OCSP
Definition

- Online Certificate Status Protocol

- Provides revocation status of cert

- Fastest way to validate cert

Term
Weak Security Protocols
Definition

- DES

- SHA-1

- WEP

- WPS

Term
AUP
Definition
- Acceptable Use Policy
Term
Insider Threat Sec Measures
Definition

- DLP

- Principle of Least Privilege

- Usage auditing and review

Term
SFC
Definition

- Win System File Checker

- Checks file integrity and fixes corrupted files

- fsck in linux

Term
DEP
Definition

- Data Execution Prevention

- Ensures safe memory usage

Term
ANT
Definition

- Adaptive Network Topology

- Ultra low freq / low powered

- Connecting to fitness devices

Term
USB OTA
Definition

- USB On-the-go

- Direct communication between 2 USB devices

Term
WiFi Direct
Definition
- Direct connection between 2 wireless devices without using a WAP
Term
Mobile Device Policies
Definition

- BYOD (Bring your own device)

- CYOD (choose your own device) - company-approved device

- COPE - company owned personally enabled

- COBO - company owned business only

Term
VDI
Definition

- Virtual Desktop Infrastructure

- Can be used with mobile devices

Term
DNSSEC
Definition
- Secure DNS
Term
(S)RTP
Definition

- (Secure) Real-time Protocol

- real-time delivery of audio and video

Term
LDAPS
Definition
- Secure LDAP
Term
SFTP vs FTPS
Definition

- SFTP (ftp over ssh)

- FTPS (ftp over TLS/SSL)

Term
SNMP Versions
Definition

- SNMPv1 and v2 use cleartext

- SNPMv3 and v3 encrypt

Term
HTTP Security
Definition

- HTTPS

- HTTP over SSL

- HTTP over TLS

Term
POP3S
Definition

- SSL

- TLS

- TCP port 995

Term
Secure IMAP
Definition

- SSL

- TLS

- TCP port 993

Term
NTPSec
Definition
- Secure NTP
Term
SMTPS
Definition

- TLS-based

- Deprecated

Term
Regulatory Standards
Definition

- HIPAA - health

- SOX - finance

Term
Non-regulatory
Definition

- ITIL (IT Service Management) - specific to departments

- COBIT (Control Objectives for Information & Related Technologies) - Upper-level/corporate wide

Term
Aggregation Switch
Definition

- If router doesn't have a sufficient number of physical ports

- In parallel to increase throughput

- provide redundancy

Term
FDE
Definition
- Full Disk Encryption
Term
SED
Definition

- Self-encryption drives

- HW level encrypt/decrypt (FDE)

Term
TPM
Definition

- Trusted Platform Module

- Embedded crypto module

Term
UEFI
Definition

- Unified Extensible Firmware Interface

- More secure BIOS

Term
TPM Remote Attestation
Definition
- check system integrity with against remote trusted 3rd party
Term
RoT
Definition

- Root of Trust

- Source that can always be trusted

- HSM, TPM

Term
Trusted OS
Definition
- Equipped with enhanced security features
Term
ICS
Definition

- Industrial Control System

- remote control

- real-time monitoring

- info gathering

Term
SCADA
Definition
- ICS
Term
SoC
Definition

- System on a Chip

- all necessary circuitry and components on a single chip

- Raspberry PI

Term
RTOS
Definition

- Real-time OS

- low delay between execution of tasks

- missile guidance, vehicle braking

Term
MFD
Definition

- Multi-functioning Device

- Printer, fax, etc.

Supporting users have an ad free experience!