-
If someone wants to establish tunnel with data integrity, encryption, authentication, and anti-replay functions while configuring VPN utilizing IPsec - ESP (Encapsultaing Security Payload) should be used
-
SSO reduces the resiliency and availability of systems if the identity provider goes offline.
-
Role based access control - An access control model where resources are protected by ACLs that are managed by administrators and that provide user permissions based on job functions.
-
Discretionary access control - Owner
-
Mandatory Based access control - Computer (Strongest) (Label)
-
Attribute-based access control - Dynamic, If-then ( provides the most detailed and explicit type of access control over a resource )
-
Security control for Backup generators would be a Compensating control type
- Compensating doesn't prevent an attack
- Restoring using other means
- Restore from backup
- Backup power system
- Hot site
-
Data sovereignty - Data that resides in a country is subject to the laws of that country.
-
Spimming - Spim is a type of spam targeting users of instant messaging (IM) services, SMS, or private messages within websites and social media.
-
Vulnerability + Threat = Risk
-
Conduct credentialed scan to most accurately determine the network's vulnerability posture. In most enterprise networks, if a vulnerability exists on one machine, it also exists on most other workstations since they use a common baseline or image. If the scanner failed to connect to the workstations, an error would have been generated in the report.
-
PGP (Pretty Good Privacy) is an asymmetric
-
Network Tap is a Passive type of monitoring.
-
Relying parties (RPs) provide services to members of a federation.
-
An identity provider (IdP) provides identities, makes assertions about those identities, and releases information about the identity holders.
-
DNS blackholing is a process that uses a list of known domains/IP addresses belonging to malicious hosts and uses an internal DNS server to create a fake reply
-
Banner Grabbing is a technique used to gain information about a computer system on a network and the services running on its open ports.
-
Passive scanning is a method of vulnerability detection that relies on information gleaned from network data that is captured from a target computer without direct interaction.
-
PIV - Personal Identity Verification
-
Infrastructure as Code (IaC) - utilizes a well-written set of carefully developed and tested scripts to orchestrate runbooks and generate consistent server builds across an enterprise.
| Symmetric Algos | Asymmetric Algos |
|---|---|
| RC4 | ECC |
| DES | PGP |
| 3DES | RSA |
| AES | Diifie-Hellman |
| QUAD | El Gamal |
| Blowfish | DSA |
| Twofish |
-
A jumpbox is a system on a network used to access and manage devices in a separate security zone. This would create network segmentation between the supplier's laptops and the rest of the network to minimize the risk. A jump-box system is a hardened and monitored device that spans two dissimilar security zones and provides a controlled means of access between them.
-
Order of Evidence Collection: Processor Cache > RAM > Swap file > Hard Drive or USB Drive
-
War walking - act of searching for Wi-Fi wireless networks
-
Degaussing is the process of reducing or eliminating an unwanted magnetic field (or data) stored on tape
-
Purging is a step up from clearing. It includes using logical methods, like above, and physical methods to make it hard to recover data.
-
DPO (Data Protection Officer) - responsible for overseeing data protection strategy and implementation to ensure compliance with GDPR requirements.
-
Data Owner - responsible for the protection of privacy and website user rights.
-
Data steward - this role is primarily responsible for data quality. This involves tasks such as ensuring data is labeled and identified with appropriate metadata and that data is collected and stored in a format and with values that comply with applicable laws and regulations.
-
Data custodian - This includes responsibility for enforcing access control, encryption, and backup/recovery measures.
-
Data controller - the entity responsible for determining why and how data is stored, collected, and used and for ensuring that these purposes and means are lawful.
-
Data processor - an entity engaged by the data controller to assist with technical collection, storage, or analysis tasks.
-
The Authentication Header (AH) protocol provides data origin authentication, data integrity, and replay protection
-
Encapsulating Security Payload (ESP) is a member of the Internet Protocol Security (IPsec) set of protocols that encrypt and authenticate the packets of data between computers using a Virtual Private Network (VPN).
-
The Secure Real-time Transport Protocol is a profile for Real-time Transport Protocol intended to provide encryption, message authentication and integrity, and replay attack protection to the RTP data in both unicast and multicast applications.
-
RAID 0 - Complete data loss
-
RAID 1 - One goes down, only one remains (One disk failure)
-
RAID 5/6 - Two simaltaneous disk failures
-
RAID 10 - 4 or more Disk Failures
-
RAID 10 is Faster than RAID 5
-
RAID 6 gives better fault tolerance than RAID 5
-
WPA3 uses SAE (Simultaneous Authentication of Equals)