Master this deck with 185 terms through effective study methods.
Generated from uploaded pdf
Framework for security: Confidentiality, Integrity, Availability.
Authentication, Authorization, Accounting.
Proof of an action that cannot be denied.
Hardware and software mechanisms enforcing security.
Administrative controls guiding the security program.
Day-to-day procedures for managing security.
Stops incidents before they occur.
Identifies incidents as or after they occur.
Restores systems after an incident.
Discourages attacks by increasing perceived risk.
Alternative control when primary control is not feasible.
Guides behavior through policy.
No implicit trust; every access request is verified.
Users get minimum access needed for their role.
Prevents fraud by requiring multiple people for sensitive tasks.
Access limited to information required for a specific role.
Layered security approach to protect against failures.
Evaluates difference between current and desired security posture.
Potential danger to an asset.
Weakness that can be exploited by a threat.
Likelihood of a threat exploiting a vulnerability.
Unknown vulnerability with no available patch.
Pathway an attacker uses to reach a target.
Nation-state, criminal syndicate, hacktivist, insider threat, script kiddie.
Long-term, sophisticated attack typically by nation-states.
Decoy system to attract and trap attackers.
Control plane makes policy decisions; data plane enforces them.
Same key for both encryption and decryption.
Uses a public key for encryption and a private key for decryption.
Current gold-standard symmetric encryption algorithm.
DES is broken; 3DES applies DES three times for better security.
Asymmetric algorithm based on factoring large numbers.
Asymmetric algorithm using elliptic curve math for smaller keys.
Key exchange protocol for establishing shared secrets.
Secure hash algorithm producing a 256-bit hash.
Broken hash algorithm; should not be used for security.
Combines a hash function with a secret key for integrity and authenticity.
Proves integrity and non-repudiation of a message.
Encrypts data in fixed-size blocks.
Encrypts data one bit/byte at a time.
Adding random value to passwords before hashing.
Random value used to prevent replay attacks.
Each session uses a unique ephemeral key.
System for managing digital certificates.
Trusted entity that issues digital certificates.
Request to a CA for a digital certificate.
List of revoked certificates published by a CA.
Real-time protocol for checking certificate status.
Covers any single-level subdomain.
Covers multiple different domain names.
DV, OV, EV based on validation level.
Hiding data inside another file without altering its appearance.
Replaces sensitive data with a non-sensitive placeholder.
Replaces real data with fictional data for testing.
Third party holds encryption keys for access.
Types of evidence for verifying identity.
Requires two or more different authentication factors.
Time-based one-time password changing every 30 seconds.
Counter-based one-time password valid until used.
FAR, FRR, and CER measure biometric accuracy.
Access control decided by resource owner.
Access control enforced by system labels.
Access based on job role.
Access based on user and resource attributes.
Access controlled by administrator-defined rules.
Network authentication protocol using tickets.
Protocol for accessing directory services.
AAA protocol encrypting only the password.
AAA protocol encrypting the entire authentication packet.
Single set of credentials for multiple applications.
Standard for exchanging authentication data between systems.
Authorization framework allowing third-party access.
Authentication layer built on OAuth 2.0.
Trust relationship between identity systems of different organizations.
Management of privileged account access.
Standard, admin, service, guest, and shared accounts.
Framework for wireless and PPP authentication.
Encapsulates EAP inside an encrypted TLS tunnel.
Strongest EAP variant requiring both server and client certificates.
Standard for network access control using RADIUS.
Fraudulent communication to steal credentials.
Targeted phishing at specific individuals or organizations.
Spear phishing targeting high-level executives.
Voice phishing to extract personal information.
SMS phishing using fraudulent text messages.
Spoofing a business email to trick employees.
Creating a fabricated scenario to manipulate someone.
Unauthorized person follows an authorized person into a secure area.
Authorized person knowingly allows unauthorized entry.
Observing someone entering sensitive information.
Searching through trash for sensitive information.
Registering misspelled domains to capture traffic.
Compromising a trusted site to infect visitors.
Leaving infected media to entice victims.
Offering something in exchange for information.
Methods used in social engineering attacks.
Malware that attaches to files and spreads through execution.
Self-replicating malware that spreads across networks.
Malware disguised as legitimate software.
Malware providing remote control of a victim's system.
Malware that hides itself at the OS or firmware level.
Malicious code that executes under specific conditions.
Malware that encrypts files and demands payment for decryption.
Malware that monitors user data without consent.
Records keystrokes to capture sensitive information.
Network of compromised machines controlled by an attacker.
Malware using victim's resources to mine cryptocurrency.
Executes in memory without writing to disk.
Delivers unwanted advertisements to users.
Inserting code to intercept and redirect calls.
Inserting malicious SQL to manipulate a database.
Injecting scripts into web pages viewed by others.
Tricking a user's browser into sending a malicious request.
Accessing unauthorized data by changing parameters.
Accessing system files by manipulating file paths.
Overwriting memory by writing more data than a buffer holds.
Exploiting timing gaps between checks and actions.
Gaining higher privileges than authorized.
Using a password hash for authentication without cracking.
Requesting service tickets to crack offline.
Using pre-computed hashes to reverse-engineer passwords.
Systematically trying every password combination.
Trying common passwords across many accounts.
Using breached credentials to access other services.
Sending fake ARP replies to intercept traffic.
Corrupting DNS cache to redirect users.
Intercepting and possibly modifying traffic between parties.
Capturing and retransmitting valid transmissions.
Downgrading HTTPS to HTTP to intercept traffic.
DoS is single-source; DDoS uses multiple sources.
Small requests lead to large responses sent to a victim.
Flooding a server with incomplete TCP handshake requests.
Network segment between external firewall and internal network.
Dividing a network to limit lateral movement.
Logically segments a physical network at Layer 2.
Granular segmentation at the workload/application level.
Inspects packets individually without connection state awareness.
Tracks connection state to allow return traffic.
Combines multiple security features for enhanced protection.
Filters HTTP/HTTPS traffic to protect web applications.
IDS monitors and alerts; IPS monitors and blocks.
Monitors a single endpoint for security events.
Monitors network traffic across a segment.
Forward, reverse, and transparent proxies serve different purposes.
Translates private IP addresses to public for routing.
Hardened server used as a secure gateway.
Distributes incoming traffic across multiple servers.
Suite of protocols for securing IP communications.
VPN using TLS for secure remote access.
Only corporate traffic goes through the VPN.
Software-defined management of WAN connections.
Controls which devices can connect to the network.
Broken encryption standard for Wi-Fi; never use.
Uses AES encryption; vulnerable to certain attacks.
Improved Wi-Fi security resistant to offline attacks.
Convenience feature for adding devices; vulnerable to attacks.
Rogue AP mimicking a legitimate one to capture traffic.
Forces clients offline to capture WPA2 handshakes.
Unauthorized AP creating unmanaged entry points.
Web page requiring authentication before granting access.
IaaS, PaaS, SaaS define levels of customer control.
Public, private, hybrid, and community clouds.
Defines security responsibilities of provider and customer.
Security enforcement point for cloud services.
Combines SD-WAN with security functions in the cloud.
Cloud-hosted firewall service for internet-bound traffic.
Type 1 runs on hardware; Type 2 runs on an OS.
Attacker breaks out of a VM to access the hypervisor.
File Transfer Protocol using ports 20 and 21.
Secure Shell for encrypted remote access on port 22.
Unencrypted remote access protocol on port 23.
Protocol for email delivery on port 25.
Resolves hostnames to IP addresses on port 53.
Unencrypted web traffic on port 80.
Authentication protocol on port 88.
Email retrieval protocol on port 110.
Email retrieval protocol allowing multi-device access on port 143.
Directory services protocol on port 389.
Encrypted web traffic on port 443.
File and printer sharing protocol on port 445.
Establishes IPSec VPN tunnels on port 500.
Database service on port 1433.
Database service on port 3306.
VPN tunneling protocol on port 1701.
Remote Desktop Protocol on port 3389.