FINAL FOREAL CYBER

Cryptography

The science of encrypting and hiding information.

Cyphers

Methods of moving letters around or jumbling them in a different sequence.

Cryptanalysis

The process of analyzing available information to retrieve the encrypted message.

Differential cryptanalysis

Analyzing differences between input plaintext and output ciphertext to determine the key used.

Linear cryptanalysis

A method that uses plaintext and ciphertext together to deduce the encryption key.

Cryptographic operations

Actions to hide data, resist forgery, prevent unauthorized changes, enforce policy, and exchange keys.

Algorithm and key

Components used to perform cryptographic operations.

Encryption

A cryptographic operation that converts plaintext into ciphertext.

Hashing

A process that takes input and reduces it to a unique, irreversible number known as a hash.

Digital signatures

A cryptographic technique for verifying the authenticity and integrity of a message.

Substitution

The replacement of items with different items in the encryption process.

Transposition

The rearrangement of the order of items in the encryption process.

Keyspace

The set of all possible key values for a cryptographic system.

Diffusion

A property where a change in plaintext results in multiple changes in ciphertext.

Confusion

The randomization of output where each ciphertext character relies on various parts of the key.

Obfuscation

The process of masking an item to make it unreadable but still usable.

Perfect forward secrecy

A property that ensures a derived key remains secure even if the originating key is compromised.

Security through obscurity

A security principle that relies on keeping the design or implementation secret.

Transposition cipher

A cipher that changes the order of letters with the same letters.

Plaintext

The original unencrypted data.

Ciphertext

The output data that has been encrypted.

Algorithm

A step-by-step procedure for solving a problem in a finite number of steps.

Symmetric algorithm

An algorithm where the same key is used for both encryption and decryption.

Asymmetric algorithm

An algorithm that uses a pair of keys (public and private) for encryption and decryption.

Key

A special piece of data used in the encryption and decryption processes.

Exclusive OR (XOR)

A bitwise function applied to data that relies on the secrecy of the key.

Shift cipher

A cipher where a letter is shifted a specified number of places in the alphabet.

ROT 13

A letter rotation of 13 positions in the alphabet.

Vigenere cipher

A polyalphabetic substitution cipher that depends on a password.

Key management

The processes of exchange, storage, safeguarding, and revocation of keys.

Salting

A technique that provides sufficient input for low entropy items to hash functions.

Hashing function

A mathematical function that produces a unique output for a given input.

One way function

A function where retrieving the plaintext from ciphertext is not feasible.

Hash

The output of a hashing algorithm for a specific input.

MAC (Message Authentication Code)

A code used to verify the integrity and authenticity of a message.

HMAC

Hash-based message authentication code, a specialized type of MAC.

Collision attack

A method where an attacker finds two different inputs that produce the same hash value.

Message digest

The output hash created from data input into a hashing algorithm.

MD2

A hashing algorithm that produces a 128-bit hash from input data of any length.

MD4

A fast hashing algorithm that is vulnerable to attacks.

MD5

A hashing algorithm known for its vulnerability to collision attacks.

SHA (Secure Hash Algorithm)

A set of hash algorithms designed by NIST.

SHA-1

A hashing function that produces a 160-bit hash and is used in DSA.

SHA-2

An improved hashing algorithm with no known collision attacks against SHA-256.

SHA-3

A hashing algorithm different from previous versions, resistant to known attacks.

RIPEMD

A hashing function designed for integrity evaluation, known for collision problems.

DES (Data Encryption Standard)

A symmetric block cipher that segments data into specified block sizes.

3DES

An encryption method that applies the DES algorithm three times with three keys.

AES

An advanced encryption standard that supports message authentication.

RC4

A fast stream cipher that encrypts plaintext bit by bit.

Blowfish

A block cipher that encrypts a 64-bit input block into 32-bit words.

Twofish

A block cipher using 128-bit blocks and variable length keys.

ECB (Electronic Codebook)

The simplest cipher operation mode, encrypting each block separately.

CBC (Cipher Block Chaining)

A block mode where each block is XORed with the previous ciphertext before encryption.

Counter Mode (CTM)

Uses a counter function to generate a nonce for each block encryption.

What are two main types of intrusion detection systems

Network based and host based

Which of the following is not a capability of network based IDS

It cannot decrypt or read encrypted traffic

What are honeypots

A system simulating traffic to attract attackers

Connecting to a server and sending a request to identify a version is what?

Banner grabbing

What is IPS

Intrusion Prevention system

NIDS

Network intrusion Detection System, this collects traffic

System used to consolidate security analytics from several sources and identity pattterns

SIEM - Security and Information Event Systems

What is wireshark?

A protcol analyzer

Software that merely listens to traffic and does not create traffic is what

Passive

Anomalies in privilaged user account activity are

Indicators of compromise

Small software update to address an urgent or specific problem is called

Hotfix

In a UNIX OS, which runlevel describes single user mode?

1E

File permissions under UNIX consists of what three types?

Read, write, executeE

What is the mechanism that allows for centrailized mamagnment and configuration of computers and remote users in AD evniorment called?

Group policies

Updating software loaded on a nonvolatile RAM is called

Firmware update

Shadow file on a UNIX system contains what

Password associated with user account

Firmware implementation on modern PC hardware is

UEFI - Unified extensible firmware Interface

Software designed to prevent damage from malicous software or files

Antivirus software

SYN Flood is example of what attack

Denial of service attack

An attack which attaker listens to traffic across a network, wants to view passwords or user id’s

Sniffing attack

Which attack takes advantage of trusted relationship between two systems

Spoofing

What type of attack does an attacker re-send series of commands and codes used in a finacial transaction to cause transaction to be conducted multiple times

Replay

An attack which attacker attemps to lie and misrepresent themselves in order to gain access to info that can be useful in an attack

Social engineering

Attack that is designed to deny system access to its files and spread across a network causing destruction

Ransomware

Example of attack that can compromise confidentiality of communications following exchange of public keys over an untrusted network

Man in the middle attack

Best way to minimize possible avenues of attack for your system

ensure all patches have been downloaded that system offers

War driving attack is a attempt to exploit what

Wireless networks

Malicious code that is set to execute its payload on specific date or time is known as

A time bomb

To secure communications during remote access use..

SSH

Which of the following is not a packet capture tool

dd

If performing tests of system with no knowledge of internal workings of system

Black box testing

Tool not used for ip investigations

Chmod, linux permissions

to search system to find files containing a phrase, what tool what be best to use?

Grep

routine audits do not typically audit

Virus code

Used to anazlyze previosly collected packets data on a network, editing some data as well

tcpreplay

Not used in penetration testing

Cuckoo

Kind of vulnerability is never mitigated by patching software

Zero Day

Biggest reasons why spam is prevalent today

The use of zombie botnets

What does keyword secure in a cookie do

Prevents the cookie from passing over HTTP connections

Why is an open email relay bad

It will allow anyone to send spam through the server

Code signing

Provides method to demonstrate code integrity

Why is HTML e-mail dangerous

Allows the launching of malicous code from preview pane

What kind of attack might a client use agianst other clients of a bulltin board web aplication that does not validate input

Cross-site Scripting attack

A protocol encrypted by default

SFTP (Secure Shell File Transfer Protocol)

Used to determine type of contents of an email message

MIME