Cyber midterm

Inventory Assessment: What is on your network (IP addresses of users, devices, monitors, and WIFI connections)

Vulnerability scanning: Scan for system vulnerabilities, Ex: Nessus > Tenable

minimum configuration standards: Basics we need to protect the systems, Examples include Windows Defender, Antivirus, Passwords, Documentation, and Firewall.

documentation: “Business Analyst”

deployment: Push software out to inventory

ongoing management: Trouble Tickets

Categories, Hardening Techniques, Examples

ICS/SCADA Firmware updates: network segmentation, VLANs, air-gapping, Update firmware quarterly, isolate control systems from the corporate network, use VLANs to segregate traffic, physically isolate highly sensitive systems

Embedded systems: Disable unnecessary features, apply firmware updates. Turn off non-essential smart tv apps, disable unused ports, update smart light bulb firmware

(RTO) Real time monitoring: Data encryption, Implement intrusion detection systems, encrypt patient data in medical devices.

LOT Devices: Change default passwords, apply firmware updates, ensure network - level security. Use strong unique passwords for smart doorbells, update firmware for smart thermostats, ensure that smart cameras connect only to encrypted networks.

Point-to-Multipoint Layout: Each access point (Wireless V-LAN) would allow us to segment network security giving us access control. UAH has no need for re-authentication across access points (different buildings).

Multidevice Management (MDM) security feature concerns: application and content management

Remote Wipe: Erase the phone from a distance

Geofencing: virtual geographic boundary, enabling software to trigger a response when a mobile device enters or leaves a particular area.

Geolocation: Find device location via digital info

Screen locks: a security feature on a device (like a computer or phone) that requires a user to input a password, PIN, pattern, or biometric scan to access the device

BYOD: Bring your own device

CYOD: Choose your own device

COPE: Corporately owned personal Enabled

Secure Cookies: Text file saved to our computer, appended to when websites are visited, saves settings preferences permissions and data but aren’t always encrypted

Code Signing: Anything that goes in a system protected folder, unsigned will be flagged as a virus

Sandboxing: Serves as a tightly controlled set of resources for guest programs, adds an extra layer of security, Android and the discontinued (Rip) Dalvik VM

Monitoring: Identifies current issues and anticipated future vulnerabilities, Essential for maintaining the operational health of any digital Environment, and Cornerstone of security measures in modern enterprises (Example: Error.log)

SIEM tool, Security Information and Event Monitoring Tool: you can set up a SIEM tool to put an agent on each machine and it will send back the log files to the Central Repository.

IAAA: Identification, Authorization, Authentication, Accountability

Identification: Username

Authentication: Verifying using passwords/biometrics/etc

Authorization: Permissions are granted based on roles

Accountability: Tracks user Activity via logs

MFA: Password + OTP

RBAC: Permissions based on Job Roles

Least Privilege principal: Users get only necessary access.

Nonrepudiation: Can’t deny that shit happened

Mirror Access: copying what someone in a certain position has over to a new hire

Phishing: fake emails trick users into revealing credentials. 7% click 1-2% send money.

Brute Force Attacks: Automated guessing of passwords

Session Hijacking: Stealing an active session to bypass authentication

Privilege Escalation: Gaining unauthorized admin access, “Root Access, Sudo”

Zero-Day Exploits: Attacks on unknown vulnerabilities, present for 72 days before found

Write: Developers must write secure code to prevent cyberattacks

Input: Input validation - prevents malicious inputs (e.g., SQL injection, XSS).

Encoding: Output Encoding- Stops cross-site scripting (XSS)

Use: Use of prepared statements - Prevents SQL Injection (SQLI)

SQL Injection (SQLI): putting SQL into a input to fuck up shit

Cross site scripting: Manipulates input validation and injects JavaScript into an input

box. You can do that by doing a simple alert tag.

WEB Application Firewall (WAF): Blocks malicious HTTP Traffic (eg, SQL Injection, XSS)

Application Sandboxing: Isolates applications to prevent system-wide access

Patch management: Regularly updating software to fix vulnerabilities

Denial-of-Service (DoS) & Distributed DoS (DDoS): Overload a system with traffic, Attack on

availability

Rate limiting & Firewalls - prevent dos attacks

Mobile device management (MDM): Enforces security policies on mobile devices

Endpoint detection and response(EDR): Monitors and responds to endpoint threats

Extended detection and response(XDR): Combines EDR with network, cloud, and application

security. More expensive

Security teams must Detect, Contain, and Mitigate threats quickly

Penetration Testing: Simulates cyberattacks to find vulnerabilities (Active Exploitation,)

Intrusion Detection Systems (IDS): Detects suspicious network Activity (SNORT)

Plan of Action & Milestones (POAM): Documents identified risks and actions to fix them every

180 days

NIST Cybersecurity Framework (NIST CSF): A guide for identifying, protecting,

detecting, responding to, and recovering from cyber threats WATCH VIDEO?

ISO 27001: An international standard for information security management.

Risk Matrix: Assesses risk based on probability (likelihood) and impact (severity)

Gap Analysis: Identifies differences between current security measures and required

standards.

VirtualBox: Runs a guest Operating System on your Client

Client: Your Device

A company requires employees to log in with a password and a one-time code sent to their mobile phone, what authentication method is this?: multifactor authentication (MFA)

a financial services company wants to ensure that only authorized employees can access financial records, they must put in username and password and a OTP (One time password) sent to phone. which IAM component is that?: Authentication

A hacker steals a session token from a user and gains access to their banking website without knowing the password. What attack is this?: Session Hijacking

A hacker discovers a previously unknown vulnerability in a popular web browser and launches an attack before the developer releases a fix?: Zero-Day Exploits

Which method is the best defense against SQL-Injection?: Using Prepared SQL Statement (Also accept Input Validation)

A companies web app allows users to log in using username and password, the hacker inputs ‘ OR 1=1-- in the username field and gains unauthorized access. What did they use?: SQL Injection, SELECT * FROM TABLE WHERE USERNAME = ' INPUT ‘ ) → SELECT * FROM TABLE WHERE USERNAME = ' ‘ OR 1=1--‘ )

A company’s website is under attack by automated bots trying to inject Malicious SQL queries. What security tool can help?: Web Application Firewall

What is the main difference between EDR and XDR?: XDR integrates EDR but goes past the endpoint to the network cloud and application

A company provides employees with corporate smart phones but wants to ensure they can remotely wipe data if the device is lost of stolen?: Mobile Device Management (MDM)

Financial services company is about to launch a new online banking system, to ensure no security vulnerabilities exist they hire ethical hackers to try exploiting the systems defenses which security practice is being conducted?: Pen Testing

A company creates a document listing security weaknesses and assigns deadlines for fixing them?: POAM

A security team identifies all critical digital assets before implementing controls. which NIST CSF function does this align with?: Identify

A retail company follows the NIST CSF to improve its cybersecurity strategy, the first step they take is Identify all digital assets including databases servers and customer records, which function are they performing?: Identify

A company compares its existing security controls against the ISO 27001 requirements to find missing security Measures. What process is this?: Gap Analysis

A software developer needs to test an app on 3 OS, with one computer. What is the best solution?: Use a virtual machine to run different operating system environments

A Linux user wants to view the last 20 lines of a log file named error.log, but they do not want to edit the file. Which command should they use?: Tail

A system admin wants to org project files, they need to create a directory called “project x” inside of their var/www/html folder and then move that folder to another directory.: mkdir and mv

A user is experiencing network issues, and wants to check if their computer can reach googedotcom, Which command should they use?: Ping

A system admin wants to install a package called “They Not Like Us” on an ubuntu system, which command should they use?: sudo apt install They Not Like Us

A developer has a text file and they want to be able to execute the text file, which command should they use to change permissions?: chmod

A security researcher is testing malware in a VM and wants to quickly revert to a clean state after running the malware, which virtual box feature should they use?: Snapshot

A company wants to reduce hardware costs by running multiple independent environment on a single high-performance server, which benefit of virtualization addresses this need?: Reduce hardware costs

A company notices hundreds of failed log in attempts on an admin account within a short time, which security measure would be most affective in preventing this attack?: Captcha

what does LAMP in LAMP Stack stand for?: Linux, Apache, MySQL, PHP

A user modifies their smartphone OS to remove security restrictions, Allowing them to install unauthorized third party applications.: Jail Breaking

.