Vanguard Interview Prep

CIA Triad

Confidentiality - Only those that are authorized can use/see data (ex encrypted customer data)

Integrity - Ensure data isn’t altered improperly (ex checksums/fingerprint)

Availability - Accessible when needed (redundant servers)

Authorization vs. Authentication

What you are allowed to do vs proving its you

Zero trust

Always verify

Firewall

Filters network traffic based on rules

IDS

Intrusion detection system, monitors traffic and alerts on suspicious activity, detection

IPS

Intrusion prevention system, detects and blocks malicious traffic

VPN

Virtual private network, creates encrypted connection over the internet using IPsec or SSL/TLS, protects data in transit over untrusted networks

TLS/HTTPS

Transport layer security encrypts data in transit between client and server (layer 6 of OSI model). HTTPS is HTTP secured with TLS, prevents eaves dropping and man-in-the-middle attacks. (Extra: Runs on port 443).

Defense in Depth

Layering multiple independent security controls so that if one fails, others still protect the system

Vulnerability vs Threat vs Risk

Vulnerability: weakness in a system

Threat: actor or event that could exploit that weakness

Risk: combination likelihood and impact of that happening

OSI Model

7-layer framework describing how data traveled across a network

Please Do Not Throw Sausage Pizza Away

Physical

Data Link

Network

Transport

Session

Presentation

Application

EXTRA: Common Ports

Ports identify which service traffic is destined for on a host

Port 22 = SSH.

Port 25 = SMTP (email).

Port 53 = DNS.

Port 80 = HTTP.

Port 443 = HTTPS.

Port 3306 = MySQL.

Port 3389 = RDP.

SIEM

Security information and event management - platform that combines, correlates, and analyzes log data across an organization in real time to detect threats and support incident response. (Ex Splunk & Microsoft Sentinel).

Brute Force Attack

Systematically trying every possible password combination until the correct one is found. MFA, rate limiting, and lockout policies combat against it.

Credential Stuffing

Using leaked data to attempt logins, automated at a massive scale.

SQL Injection

Injecting malicious SQL code into input fields to manipulate backend databases.

XSS (Cross Site Scripting)

Injecting malicious scripts into web pages viewed by others. Runs in victims browser potentially stealing session cookies or credentials.

DDoS Attack

Distributed Denial of Service - flooding a system with traffic from many sources simultaneously to overwhelm it and make it unavailable. Availability part of CIA triad.

Zero Day vulnerability

Zero days to patch vulnerability, very dangerous

Social engineering

Manipulating people instead of systems to gain unauthorized access or info. Phishing is the most common form.

Symmetric Encryption

Uses a single shared secret key for both encryption and decryption. Fast, good for large amounts of data. Challenge is securely sharing key.

Asymmetric Encryption

Uses a key pair, public key (shared freely) and private key to decrypt. Slower.

Hashing

One way function that converts input data into fixed-length digest. Cannot be reverse. Used for password storage and integrity verification. Common ales SHA-256, crypt, Argon2. MD5 and SHA-1 are broken.

Salt (cryptographic) - is a random value added to a password before hashing. Ensures two identical passwords produce different hashes. Helps randomness.

Public Key Infrastructure

System of certificates, certificate authorities (CAs), and processes that manage public/private key pairs and verify identities on the internet. TLS certificates are issued by CAs and prove a website is who it claims to be

Single Sign On (SSO)

Allows a user to authenticate once and gain access to multiple systems without re-entering credentials. Reduces password fatigue and centralized authentication. Common protocols: SAML, OAuth, OpenID Connect.

Privileged Access Management (PAM)

Controls and monitors access for accounts with elevated privileges (admins, service accounts). Includes just-in-time access (grant admin rights only when needed), session recording and adult trails. Critical at financial firms.

SOX Compliance

Sarbanes-Oxley Act requires public companies other maintain accurate financial records and strong internal controls. Enforces access control principals.

NIST Cybersecurity Framework

Voluntary framework with five core functions:

Identify → Protect → Detect → Respond → Recover.

Provides a common language for managing cyber risk across people, process, and technology. Reference by SEC and FINRA

FINRA

Financial Industry Regulatory Authority - non governmental regulator for broker-dealers in the US. Sets rules for data protection, record keeping, and cybersecurity at financial firms. Violation results in fines and sanctions.

Data Classification

Process of categorizing data by sensitivity level to determine appropriate handling, storage, and access controls. A foundation of any data protection program.

PII

Personally Identifiable Information - Any data that can be used to identify a specific individual - name, SSN, dob, account number, email, IP, etc. Breach of this info triggers notification requirements.

Incident Response Lifecycle

Structures process for handling security incident:

1. Prepare - plan, tools, train

2. Identify - detect and confirm

3. Contain - stop spread

4. Eradicate - remove threat

5. Recover - restore systems

6. Lessons Learned - prevent reoccurrence

Chain of Custody

Documented, unbroken record of who collected, handled, and transferred evidence during a security investigation. Critical for legal proceedings. Any break in CoC can make evidence inadmissible

Mean Time to Detect (MTTD)

Avg time between incident and when it is detected. Lower is better, improved by SIEM rules, threat hunting, and anomaly detection.

Forensic Imaging

Creating bit-for-bit copy of a storage device or system memory for investigation without altering the original. Preserves integrity, first step in digital forensics.