Usually Forget

WPS

Wifi Protected Setup - deprecated

Bluesmacking

Bluetooth DOS

BlueJacking

sending unsolicited messages to bluetooth

BlueSnarfing

Unauthorized access to bluetooth

Bluebugging

Gaining remote control of bluetooth device

Wireless disassociation

Dos attack on wireless devices & AP with de authentication frame

IV attack

WEP vulnerability-based wireless attack

Pass the hash 

authenticate to remote server w/o extracting clear text password from digest

Geofencing

Tech that provides control over usage of mobile devices within a designated area

UPS

Uninterrupted power service for short term power backup

PIN

bluetooth pairing security

EAP-TLS

deprecated wireless authentication protocol by Cisco

PEAP

Protected EAP

LEAP

wireless LAN EAP by Cisco

SEH

Structured Exception Handling - Windows specific

AIS

Automated Indicator Sharing - Initiative by US gov for real time sharing of cyber threat indicators

TTP

Tactics, techniques, and procedures

FRR

False Rejection Rate

AML/KYC

Anti Money Laundering/Know your customer 

Netflow

Tool for Network monitoring and analyzing

UTM

Unified threat management

Legal Holds

Process of securing and preserving evidence for a security incident

Common Signs of Insider Threat

Unusual Data transfers & frequent unauthorized access

Pros of using Agent

Consistent, more detailed info about client

Pros of Agentless

Uses less memory & supported by wide range of devices

Attestation

Verifying integrity, authenticity, & affirming the accuracy and completeness of compliance reports

DKIM

protocol that uses a cryptographic signature to associate the domain name with an email

MTA

Mail transfer Agent → transfer/route emails between servers

DMARC

Specify policies on how to handle mail that doesn’t authenticate

SPF

Sender Policy Framework → which emails are authorized to send emails

FIDO

Fast Identity Online → Passwordless authentication

SMTP

Send emails

IMAP

open service port that is commonly used for email clients to retrieve emails - commonly used to perform eavesdropping, data theft, or malware delivery attacks

POP3

open service port that is commonly used for email clients to retrieve email messages from a server - commonly used to perform eavesdropping, data theft, or malware delivery attacks

Virtual Desktop Infrastructure

Hosts desktop env. on central server to allow users to connect from any device

SASE

Secure Access Service Edge → Cloud-native framework to converge WAN w/ security control

Port 20/21

FTP Port

Port 23

Telnet Port

Port 25

SMTP Port

Port 53

DNS Port

Port 88

tcp/udp - Kerberos authentication service port

Port 389

LDAP Port

Port 636

LDAPS Port

Port 3389

RDP Port

Port 5060

VoIP Port

DAC

Based on user identity

Port Security

regulates based on physical addresses

ICS/SCADA

Industrial Control System

HMI

Human Machine Interface → allows direct operator access in ICS

PLC

Programmable Logic Controllers → Embedded devices connecting to actuators & sensors

Distributed Control Systems

Real-time info & remote system control

Chain of Custody

Securing and preserving evidence for a security incident for use in legal proceedings

Replication

Create copies of data in real-time/near real-time

Ephemeral

lasting for a temporary time

Port 1433

Micorsoft SQL Server Port

SNMP

Simple Network Management Protocol → managing and monitoring network devices and enables the sending and receiving alerts about performance and status

Watering Hole

Compromising and EXISTING website

802.1X

governs port based network access with EAP based exchange(use with RADIUS protocol for authentication)

Jailbreaking vs rooting vs sideloading

Jailbreaking is to pass software restrictions for IOS, rooting is jailbreaking for android, sideloading is downloading unverified apps

Differential backups

What’s different - Saving data changed since the last full backup

EF

impact on ASSET VALUE

enumeration

tracking equipment and access controls

audit committee

Overseeing an organization's internal controls and financial reporting

checksum

like hashing to detect accidental data corruption

reflected attack

attacker spoofs the source IP address of a victim to send a request to a third-party server, causing the server to respond to the victim instead of the attacker

Risk analysis

determine financial impact of specific risks

Risk assessment

evaluating and prioritizing identified risks based on their potential impact and likelihood of occurrence

Pros/Cons Microservices

Ability to Scale/Complexity of interactions

Baselines

Configuration

What system is integrated into larger/more complicated systems?

embedded systems

How to secure embedded systems ?

RTOS

Which of the following statements BEST explains the importance of automating resource provisioning?

It helps in rapid scaling of resources based on demand

Cons of NGFW

not optimized for high throughput

SWG

Secure web gateways

Espionage

cyber spying

CVE format

2022-12345

CVSS format

10.0-AV:N/AC:L/PR:N/UI:N

Hubs

Layer 1 - broadcasting data to all connected devices without security features

Switches and bridges

data link layer (Layer 2) - suitable for internal network traffic but lack the routing capabilities and access controls

Routers

Network Layer(Layer 3) - implement access control policies and use routing protocols to ensure data confidentiality

DLP systems

can take corrective and preventative actions, such as alerting administrators or blocking user actions and implements data security policies

Failovers

temporary means to prevent complete failure

Which of the following statements BEST explains the importance of training employees about the incident response process?

Training ensures that incident response team members quickly react to an incident

Credential replay

attackers reusing previously captured user credentials to gain unauthorized accessSCADA

SCADA cons

Limited security update capabilities

cons of embedded or real-time systems

Memory constraints

replay attack

application attack that involves capturing and retransmitting data

Environmental variables

the unique characteristics of an organization's infrastructure that can affect vulnerability assessments and risk analysis

COPE

Corporate Owned Personally Enabled

COBE

Corporate Owned Business Only

credential stuffing attack

automated attack that uses a list of usernames-passwords from one breach on a lot of other websites

Control plane

To enforce security policies across the network

Data plane

To process and transmit data between systems

Which of the following activities is MOST crucial for ensuring that known vulnerabilities in software or hardware are addressed before they can be exploited by attackers?

Applying security updates

How does NGFW interact with applications ?

add security by identifying and blocking malicious content at the application layer; does NOT specifically block known harmful websites

Root of Trust

can be a piece of hardware or software based

FIPS

- specifies requirements for cryptographic modules used within federal computer systems

ISO/IEC 27001

standard for information security management systems

NIST Special Publication 800-63

provides guidelines for digital identity

QoS

prioritize network traffic and allocate bandwidth based on different criteria, such as application type or data type