• Implicit Deny → It ensures that anything not specifically allowed in the rules is blocked
  • Private IP Addresses
    • 10.x.x.x → 10.0.0.0/8 → 255.0.0.0 → Class A
    • 172.16.x.x to 172.31.x.x → 172.16.0.0/12 → 255.240.0.0 → Class B
    • 192.168.x.x → 192.168.0.0/16 → 255.255.0.0 → Class C
  • Difference between Dictionary & Rainbow table
    • Dictionary → List of potential passwords (words)
    • Rainbow Table → Precomputed table containing hash of potential passwords
  • Skimming vs Card Cloning
    • Skimming → Capturing credit card data at Point of Sale (POS)
    • Card Cloning → Making a copy of credit card
  • STIX & TAXII → Threat Feed
    • Refer Notes
  • Difference between SOAR & SIEM
    • Security orchestration, automation, and response (SOAR) services are designed to integrate with a broader range of both internal and external applications.
    • SOAR includes security operations automation
  • Windows SAM → Database in Windows that stores user account information, including usernames & hashed passwords.
  • Intelligence Fusion → Combines all this data to create a picture of likely threats and risks for an organization
  • Maneuver → A threat hunting concept that involves thinking like a malicious actor to help recognize indicators of compromise that might otherwise be hidden
  • Types of DDOS → Operational, Network, Application
    • Application (DDoS) → aimed at applications
    • Network DDOS → A network DDoS would be aimed at network technology, either the devices or protocols that underly networks.
    • OT DDOS → An operational technology (OT) DDoS targets SCADA, ICS, utility or similar operational systems.
  • Difference between Vulnerability Scan & Penetration Testing
    • Vulnerability Scan → Vulnerability scans use automated tools to look for known vulnerabilities in systems and applications and then provide reports to assist in remediation activities.
    • Penetration Testing → Penetration tests seek to actually exploit the vulnerabilities and break into systems.
    • Security audits → Security audits usually focus on checking policies, incident reports, and other documents.
  • Known Vs Unknown Environment
    • An unknown environment test is also called black-box or a zero-knowledge test because it does not provide information beyond the basic information needed to identify the target.
    • A known environment, or white-box test, involves very complete information being given to the tester.
  • SOAR Functionalities
  • Bluejacking vs Bluesnarfing vs Bluebugging
    • Bluejacking → Practice of sending unsolicited messages to nearby bluetooth devices
    • Bluesnarfing → Unauthorized access to, or theft of info from a bluetooth device
    • Bluebugging → Gains access to the phone & install a backdoor
  • Spyware & Adware are both common examples of PUPs
  • Pharming Attack Techniques
    • changing the local hosts file
    • exploiting a trusted DNS server.
  • Fileless viruses often take advantage of PowerShell to perform actions once they have used a vulnerability in a browser or browser plug-in to inject themselves into system memory.
  • Cross-site request forgery (XSRF or CSRF) takes advantage of the cookies and URL parameters legitimate sites use to help track and serve their visitors.
  • A botnet that uses Internet Relay Chat (IRC) as its command-and-control channel & IRC’s default port is TCP 6667
  • LDAP focuses on input validation & filtering the output rather than parameterization
  • SSL stripping attack is a on-path attack → An SSL stripping attack requires attackers to persuade a victim to send traffic through them via HTTP while continuing to send HTTPS encrypted traffic to the legitimate server by pretending to be the victim.
  • U.S. Trusted Foundry program → Intended to prevent supply chain attacks by ensuring end-to-end supply chain security for important integrated circuits and electronics.
  • Information Sharing and Analysis Centers (ISACs) help critical infrastructure owners and operators protect their facilities, personnel and customers from cyber and physical security threats and other hazards.
    • ISACs collect, analyze and share actionable threat information to their members and provide members with tools to mitigate risks and enhance resiliency
  • Filesystem Permissions:
    • 0 → — → No permission
    • 1 → –x → Execute
    • 2 → -w- → Write
    • 3 → -wx → Write + Execute
    • 4 → r– → Read
    • 5 → r-x → Read + Execute
    • 6 → rw- → Read + Write
    • 7 → rwx → Read + Write + Execute
  • Threat Actors Vs Threat Vectors
    • Threat Actors → Individuals or entities initiating attacks
    • Threat Vectors → Methods used to carry out attacks
  • Subnet Calculation Formula
    • /32 → 1
    • /31 → 2
    • /30 → 4
    • /29 → 8
  • Power Outage → PDU, UPS, Generator
    • Power Distribution Unit (PDU) → A device that distributes electrical power to multiple devices from a single source.
      • No battery backup; power is only distributed.
      • May provide surge protection, overload protection, and monitoring capabilities.
    • Uninterruptible Power Supply (UPS) → A device that provides emergency power to connected equipment when the input power source fails.
      • Continues to supply power to connected devices during short-term outages.
    • Generator → A device that converts mechanical energy into electrical energy.
      • Typically used as a backup power source for extended outages.
      • Provides long-term backup power during extended outages.
  • Air Gap is more efficient than separating in VLAN for preventing the malware.
  • Using both server-side execution and validation requires more resources but prevents client-side tampering with the application and data.
  • An Arduino is a microcontroller well suited for custom development of embedded systems.
    • They are small, inexpensive, and commonly available.
  • If key length is increased by 1, potential factors will increase in factors of 2 (Twice as much)
  • Prime factorization algorithms and elliptic curve cryptography are believed to be vulnerable to future quantum computing–driven attacks against cryptographic systems.
  • Account Usage Auditing → Provide a warning that someone’s account is being used when they are not actually using it
  • Both Advanced Encryption Standard (AES) and Data Encryption Standard (DES) are block ciphers.
  • RADIUS provides AAA
  • Datacenter
    • Hot aisle/cold aisle is a layout design for server racks and other computing equipment in a datacenter.
    • The goal of a hot aisle/cold aisle configuration is to conserve energy and lower cooling costs by managing airflow.
    • An infrared camera will detect heat levels on the aisles. Although the rest of the options are potential issues for a datacenter, an infrared camera won’t help with them.
  • Software-defined networking (SDN) makes the network very scalable.
  • A cloud access security broker (CASB) is used to monitor cloud activity and usage and to enforce security policies on users of cloud services.
  • Microservice architectures build applications as a set of loosely coupled services that provide specific functions using lightweight protocols.
  • Infrastructure as code (IaC) is the process of managing and provisioning computer datacenters through machine-readable definition files, rather than physical hardware configuration or interactive configuration tools.
  • RTOS Security → Using secure firmware, as well as using an RTOS with time and space partitioning, are both common methods to help ensure RTOS security.
  • Homomorphic encryption can perform computations on the ciphertext without access to the private key that the ciphertext was encrypted with.
  • Tape backups are the most common solution for cold backups off-site.
  • An advantage of compiling software is that you can perform static code analysis.
  • Version Numbering → ensures that the proper current version of software components is included in new releases and deployments
  • NIC Teaming → Greater throughput and fault tolerance
  • USB data blockers are used to ensure that cables can only be used for charging, and not for data transfer.
  • The Linux kernel uses user-driven events like keystrokes, mouse movement, and similar events to generate randomness (entropy).
  • OpenID vs OAuth
    • OpenID → OpenID is an authentication protocol that allows users to log in to multiple applications or websites using a single set of credentials.
      • Logging in to different websites using a Google or Facebook account. → Single sign-on (SSO)
    • OAuth → OAuth is an authorization protocol used for providing client applications delegated access to server resources on behalf of a user.
      • Allowing a mobile app to access your Google Drive files without sharing your Google password.
  • FIDO U2F → An open standard provided by the Fast IDentity Online Alliance, is a standard for security keys
  • Load Balancer Algorithms
    • Least connection-based → takes load into consideration and sends the next request to the server with the least number of active sessions
    • Round Robin → simply distributes requests to each server in order
    • Weighted Time → Uses health checks to determine which server is currently responding the quickest, and routing traffic to that server.
    • Source IP Hash → Uses a unique hash key generated from the source and destination IP addresses to track sessions, ensuring that interrupted sessions can be seamlessly reassigned to the same server, thus allowing the sessions to continue uninterrupted.
  • Global Positioning System (GPS) data and data about local Wi-Fi networks are the two most commonly used protocols to help geofencing applications determine where they are.
  • Hashing → Hashing is commonly used in databases to increase the speed of indexing and retrieval since it is typically faster to search for a hashed key rather than the original value stored in a database
  • Secrets management services provide the ability to store sensitive data like application programming interface (API) keys, passwords, and certificates
  • The three channels that do not overlap are 1, 6, and 11 in the U.S. installations of 2.4 GHz Wi-Fi networks
  • Infrared (IR) is the only line-of-sight method on the list
  • Digital certificates use the X.509 standard (or the PGP standard) and allow the user to digitally sign authentication requests.
  • Microsoft System Center Configuration Manager (SCCM) → provides remote control, patch management, software distribution, operating system deployment, network access protection, and hardware and software inventory.
  • Heuristic vs Anomaly-based detection
    • Heuristic: Heuristic IPS uses algorithms and rules to detect potentially malicious behavior, often identifying new and unknown threats. However, it does not specifically create a baseline of normal activity.
      • Heuristic IPS technology uses artificial intelligence to identify attacks that have no prior signature.
    • Anomaly-based: Anomaly-based IPS establishes a baseline of normal network behavior and then monitors traffic to detect and block deviations from this baseline. This makes it the best fit for the requirement of observing normal network activity and blocking deviations
  • Checksum vs Hash
  • Windows Log Files & Linux Log Files
  • Containment vs Isolation
  • Types of dashboard in SIEM
  • Multiple files could have the same checksum value, whereas a hashing algorithm will be unique for each file that it is run against. → Hashing > Checksum
    1. CentOS and Red Hat both store authentication log information in /var/log/secure instead of /var/log/auth.log used by Debian and Ubuntu systems.
  • grep "Failed password" /var/log/auth.log → Command used check for bruteforce attack in Linux systems
    1. Mapping networks using ping relies on pinging each host, and then uses time-to- live (TTL) information to determine how many hops exist between known hosts and devices inside a network. When TTLs decrease, another router or switch typically exists between you and the device.
  • Zero-wiping a drive can be done using dd → dd if=/dev/zero of=/dev/sda bs=4096
  • The Content-Addressable Memory (CAM) tables on switches contain a list of all the devices they have talked to.
  • Content Filter → A content filter is specifically designed to allow organizations to select both specific sites and categories of content that should be blocked.
  • The Windows swapfile is saved in the root of the drive by default. → C:/pagefile.sys
  • A system crash, or system dump, file contains the contents of memory at the time of the crash
    • The infamous Windows blue screen of death results in a memory dump to a file, allowing analysis of memory contents.
  • Anti-forensics activities follow lateral movement in the Cyber Kill Chain model. It helps to remember that after an attacker has completed their attack, they will attempt to hide traces of their efforts, and then may proceed to denial-of-service or exfiltration activities in the model.
  • Jurisdictional boundaries exist between states and localities, as well as countries, making it challenging for local law enforcement to execute warrants and acquire data from organizations outside of their jurisdiction in many cases.
  • Virtual machine forensics typically rely on a snapshot gathered using the underlying virtualization environment’s snapshot capabilities. This will capture both memory state and the disk for the system and can be run on an independent system or analyzed using forensic tools.
  • The Volatility framework is a purpose-built tool for the acquisition of random access memory (RAM) from a live system.
  • Standards:
    • ISO 27001 → International standard for information security management systems (ISMS)
      • Specifies requirements for establishing, implementing, maintaining, and continually improving an information security management system (ISMS).
    • ISO 27002 → An international standard for implementing and maintaining information security systems
      • Provides guidelines and best practices for organizational information security standards and information security management practices.
    • ISO 27017 → An international standard for cloud security
      • Provides guidelines for information security controls applicable to the provision and use of cloud services.
    • ISO 27018 → Establishes guidelines to protect personal data in cloud computing environments.
    • ISO 27019 → Provides guidelines for information security management in the energy utility industry, focusing on process control systems.
    • ISO 27031 → Provides guidelines for ICT readiness for business continuity to ensure information and communication technology systems can support business operations in the event of disruptions.
    • ISO 27032 → Provides guidelines for improving the state of cybersecurity, emphasizing the protection of cyberspace, including critical information infrastructure.
    • ISO 27033 → Provides guidelines for improving the state of cybersecurity, emphasizing the protection of cyberspace, including critical information infrastructure.
    • ISO 27701 → extends the ISO 27001 and 27002 standards to include detailed management of PII (Personally Identifiable Information) and data privacy
    • ISO 29100 → Establishes a high-level framework for protecting personally identifiable information (PII) and provides a privacy framework.
    • NIST 800-12 → A general security standard and it is a U.S. standard, not an international one
    • NIST 800-14 → A standard for policy development, and it is also a U.S. standard, not an international one
    • ISO 22301 → An international standard that outlines how organizations can ensure business continuity and protect themselves from disaster
    • NIST CSF → Cybersecurity Framework
      • A voluntary framework that provides a set of standards, guidelines, and best practices for managing cybersecurity risks.
      • Offers a risk-based approach for managing and reducing cybersecurity risks, focusing on critical infrastructure.
    • NIST SP 800-37 → Outlines the Risk Management Framework (RMF) for federal information systems to ensure they are secure and risk-managed.
    • NIST SP 800-115 → Provides technical guidance on conducting security testing and assessments.
    • NIST SP 800-122 → Offers guidelines for protecting the confidentiality of personally identifiable information (PII).
    • NIST SP 800-128 → Details best practices for security-focused configuration management of information systems.
    • NIST SP 800-137 → Provides guidance for continuous monitoring of information systems and organizations to maintain security posture.
    • NIST SP 800-145 → Defines cloud computing and its essential characteristics, service models, and deployment models.
  • Change management is the process of documenting all changes made to a company’s network and computers.
  • Privacy Roles:
    • Data Owner → Responsible for the data’s overall management and governance, including its security and integrity.
      • Data owners assign labels such as top secret to data
      • A data controller or data owner is the organization or individual who collects and controls data.
      • Determines data usage policies, sets data access permissions, and is accountable for the data’s accuracy and appropriateness.
      • Ultimate responsibility for maintaining confidentiality, integrity, and availability
      • Ex. Department head deciding access to datasets
    • Data Processor → An entity or individual that processes data on behalf of the data controller
      • Data processors are service providers that process data for data controllers.
      • Follows data controller instructions, ensures regulatory compliance
      • Ex. Cloud service provider handling client data
    • Data Steward → Ensures data quality and fitness for purpose
      • A data steward carries out the intent of the data controller and is delegated responsibility for the data.
      • Oversees data governance policies, ensures data quality, and manages data assets to ensure they meet business needs.
      • Ex. A data quality analyst who reviews data entries for accuracy and consistency.
    • Data Custodians → Responsible for the safe custody, transport, storage of data, and the implementation of business rules.
      • Custodians assign security controls to data.
      • Manages and protects data, ensures proper handling and safeguarding of data, and maintains data integrity and availability.
      • Ex. IT professional managing data backups
    • Privacy Officer → A privacy officer ensures that companies comply with privacy laws and regulations.
      • Ex. Compliance officer ensuring adherence to GDPR/HIPAA
    • System administrators are responsible for the overall functioning of IT systems.
  • Security program administrators often use different types of training to ensure that trainees who react and respond differently to training are given training that helps them.
  • Customer data can include any information that a customer uploads, shares, or otherwise places in or creates via a service.
  • Standard for Attestation Engagements (SSAE)
    • SOC 2 engagement assesses the security and privacy controls that are in place, and a Type 2 report provides information on the auditor’s assessment of the effectiveness of the controls that are in place.
    • An SOC 1 report assesses the controls that impact the accuracy of financial reporting. Type 1 reports a review auditor’s opinion of the description provided by management about the suitability of the controls as designed.
  • Predictive analysis for Threat Intelligence come from:
    • Large Security Datasets
    • Behavior Patterns
    • Current Security Trends
  • Polymorphism → Technique created by malware creators to shift the signature of malware to prevent detection by antivirus tools.
  • ISACs (Information Sharing and Analysis Centers) → Collaborative industry organizations that analyze and share cybersecurity threat information within their industry verticals in USA
  • Shimming & Refactoring
  • DVR → Ability to record video in CCTV
  • IP Spoofing is a technique used by attackers to create IP packets with a forged source IP address. → MITM Attack
  • Use secure firmware to secure RTOS
  • CIA & DAD Triad
    • Confidentiality → Disclosure
    • Integrity → Alteration
    • Availability → Denial
  • Breach Impact
    • Financial Risk → Risk of monetary damage to the organization as a result of data breach
    • Reputational Risk → Occurs when the negative publicity surrounding a security breach causes the loss of goodwill among customers, employees, suppliers & stakeholders
    • Identity Theft → Use of exposed PII information in attacks
    • Strategic Risk → Risk that organization will become less effective in meeting its major goals & objectives as a result of the breach
      • Strategic risk affects business plans
    • Operational Risk → Risk to the organization’s ability to carry out its day-to-day operations
      • Operational risk affects inefficiency & delay within the organization
    • Compliance Risk → Occurs when a security breach causes an organization to violate legal or regulatory requirements
      • Ex. HIPAA → Health Information
  • Security Groups → Works as a virtual firewall for instances allowing rules to be applied to traffic between instances
  • SSH Tunneling → also known as SSH port forwarding
    • A technique used to securely transmit data between a local and a remote host over an unsecured network
    • It leverages the Secure Shell (SSH) protocol’s encryption capabilities to create an encrypted tunnel for transmitting network traffic.
  • Difference between MDM & UEM
    • MDM → Primarily manages mobile devices such as smartphones and tablets.
      • Functions → Device Inventory, Device Configuration, Security Management, App Management, Monitoring
    • UEM → Manages a wide range of endpoint devices, including mobile devices, desktops, laptops, IoT devices, and wearables.
      • Functions → Device Management, Application Management, Content Management, Identity Management, Policy Management, Automation
  • Asymmetric Vs Symmetric Encryption Advantages & Disadvantages
    • Symmetric Advantages
      • Faster compared to asymmetric encryption due to simpler algorithms and operations.
      • More efficient for bulk encryption and large data sets.
      • Shorter key lengths provide equivalent security levels compared to asymmetric encryption.
      • Widely used for securing data in transit and at rest.
    • Symmetric Disadvantages
      • Key Distribution
      • Challenges in managing and storing keys securely.
      • Less scalable for secure communication among multiple parties compared to asymmetric encryption.
      • Does not inherently provide mechanisms for verifying sender identity or message integrity without additional protocols.
    • Asymmetric Advantages
      • No need to securely distribute keys; each user has a public-private key pair.
      • Offers better security because the private key never leaves the owner’s possession.
      • Provides digital signatures for verifying the sender’s identity and integrity of the message.
      • Supports secure communication between multiple parties without requiring pre-shared secrets.
    • Asymmetric Disadvantages
      • Slower compared to symmetric encryption due to more complex algorithms.
      • Requires longer key lengths for equivalent security levels compared to symmetric encryption.
      • Less efficient for bulk encryption and large data sets.
  • Which is the most commonly used certificate format → PEM
  • 802.11x vs CHAP vs Kerberos
    • 802.1X → Wi-Fi Authentication
      • EAP Methods (EAP-TLS, PEAP, etc.)
      • Network Access Control (NAC)
      • When 802.1X is enabled, devices connecting to the network do not gain access until they provide the correct authentication credentials.
      • This 802.1X standard refers to the client as the supplicant, the switch is commonly configured as the authenticator, and the back-end authentication server is a centralized user database such as Active Directory.
    • CHAP → Network Authentication
      • Challenge-Response
      • Authentication for point-to-point connections
      • Mutual authentication, challenge-response mechanism
    • Kerberos → Network Authentication
      • Network authentication protocol
      • Ticket-based authentication, SSO, mutual authentication
    • RADIUS → Centralized authentication, authorization, and accounting
      • Centralized management, extensibility, supports various authentication methods
  • CSA’s Cloud Control Matrix → A framework designed to provide fundamental security principles to guide cloud vendors and customers in assessing the overall security risk of a cloud service
  • Smart Card vs Proximity Cards
    • Proximity Cards → A proximity card is a contactless card that usually utilizes RFID to communicate with the reader on a physical access system.
      • These are commonly used to access secured rooms (such as server rooms) or even a building itself (such as at a mantrap)
  • Hash Algorithm Sizes

Cynthia needs to prevent drones from flying over her organization’s property. What can she do? When you are concerned about application security, what is the most important issue in memory management? Yasmine wants to implement a cloud-based authorization system. What protocol is she most likely to apply? What is the purpose of Unified Extensible Firmware Interface (UEFI) Secure Boot? What is the size of the wrapper applied by TKIP around the WEP encryption utilizing a key that is derived from the MAC address of the machine and the packet’s serial number?

What containment techniques is the strongest possible response to an incident? When conducting forensic analysis of a hard drive, what tool would BEST prevent changing the contents of the hard drive during your analysis?

  • Hardware write blocker

  • Forensic drive duplicator

  • Software write blocker

  • Degausser

Acronyms

  • ASP → Active Server Pages
    • A server side scripting environment developed by Microsoft
    • .aspx
  • CAR → Corrective Action Report
    • A document that records the actions taken to eliminate the causes of an existing nonconformity or other undesirable situation to prevent its recurrence
  • CP → Contingency Planning
    • The process of developing proactive strategies & procedures to ensure an organization can effectively respond to & recover from unexpected events or emergencies that may disrupt normal operations
    • Contingency plans are designed to minimize the impact of disruptions on critical business functions and services.
  • CRC → Cyclic Redundancy Check
    • An error detection code used to detect accidental changes to raw data in storage or transmission
    • It generates a fixed-size checksum based on the data content & appending it to the data
    • Upon receiving the data, the checksum is recalculated, & if the checksum does not match the appended checksum, an error is detected.
  • CSU → Channel Service Unit
    • A networking device used to interface a digital communication channel with a data terminal equipment (DTE) such as a router or a multiplexer
  • DEP → Data Execution Prevention
    • A security feature implemented to prevent execution of code from certain regions of memory
  • DER → Distinguished Encoding Rules
    • Used to encrypt data in consistent binary format
    • A binary encoding format for data structures defined by ASN.1.
  • DKIM → Domain Keys Identified Mail
    • An email authentication method used to detect email spoofing by allowing the receiver to check the email claimed to have come from specific domain authorized by owner of that domain
    • Validates integrity & authenticity of email message
  • DMARC → Domain-based Message Authentication, Reporting & Conformance
    • An email authentication protocol that builds on SPF (Sender Policy Framework) and DKIM (Domain Keys Identified Mail) to provide domain owners with the ability to protect their domains from unauthorized use, such as email spoofing
  • DNAT → Destination Network Address Translation
    • Form of NAT where the destination address of IP packet is modified as it passes to router or firewall
    • It is used to direct incoming traffic to correct internal host or service
  • DSL → Digital Subscriber Line
    • A family of technologies that provide internet access by transmitting digital data over the wires of local telephone network
  • ECB → Electronic Code Book
    • A mode of operation for block ciphers, such as AES → Plaintext is divided into blocks & each block is encrypted independently using the same key
  • EFS → Encrypted File System
    • A feature on windows OS that allows users to encrypt individual files or folders on NTFS (New Technology File System) volume
  • ERP → Enterprise Resource Planning
    • A software system that integrates core business processes & functions into single unified platform
  • ESN → Electronic Serial Number
    • A unique identification number assigned to a mobile device for identification on cellular networks
  • ESSID → Extended Service Set Identifier
    • A unique identifier assigned to a wireless network to differentiate it from other wireless networks
  • GRE → Generic Routing Encapsulation
    • A tunneling protocol used to encapsulate & carry arbitrary network protocols over IP
    • Usage: Site-to-Site VPNs, dynamic routing, network virtualization.
  • IDF → Intermediate Distribution Frame
    • A key component of structured cabling systems, serving as an intermediate point for distributing network connections within a building or campus
  • ISA → Interconnection Security Agreement
    • A formal agreement between organizations that governs the security requirements and responsibilities when connecting their information systems or networks.
  • ISFW → Internal Segmentation Firewalls
    • Use firewalls to segment & control traffic within organization’s internal network
  • MBR → Master Boot Record
    • The MBR is the first sector of a storage device, typically a hard disk.
    • It contains the boot loader and the partition table for the device.
  • MPLS → Multiprotocol Label Switching
    • A high-performance telecommunications technique that directs data from one network node to the next based on short path labels rather than long network addresses.
  • NTLM → New Technology LAN Manager
    • A suite of security protocols used to provide authentication, integrity, and confidentiality to users in Windows-based systems
  • NFV → Network Function Virtualization
    • A network architecture concept that uses virtualization technologies to manage and deploy network functions through software rather than dedicated hardware appliances.
  • NTFS → New Technology File System
    • A file system developed by Microsoft that is used by the Windows NT operating system for storing and retrieving files on a hard disk.
  • OVAL → Open Vulnerability & Assessment Language
    • An open standard developed to promote sharing and standardization of security content.
  • PAC → Proxy Auto Configuration
    • A technology that allows web browsers and other user agents to automatically determine the appropriate proxy server for fetching a URL
  • PAM → Pluggable Authentication Modules
    • A flexible mechanism for authenticating users in a Linux or UNIX environment
  • PAT → Port Address Translation
    • A type of Network Address Translation (NAT) where multiple devices on a local network can be mapped to a single public IP address but with a different port number assignment
  • PBX → Private Branch Exchange
    • A private telephone network used within an organization that allows internal communication and provides connectivity to external telephone networks
  • PED → Portable Electronic Device
    • Any small electronic device that is easily transportable and typically powered by a battery
  • POTS → Plain Old Telephone Service
  • PPTP → Point To Point Tunneling Protocol
    • A network protocol used to create VPNs (Virtual Private Networks) over IP networks
  • RTBH → Remotely Triggered Black Hole
    • A security technique used to mitigate large-scale Distributed Denial of Service (DDoS) attacks by diverting malicious traffic away from the intended target network
  • SCAP → Security Content Automation Protocol
    • A suite of standards used to automate the management and reporting of security vulnerabilities and configuration compliance
  • SCEP → Simple Certificate Enrollment Protocol
    • A protocol that simplifies the process of obtaining and managing digital certificates in a network environment.
  • SDP → Service Delivery Platform
    • A set of components that provides a framework for the creation, delivery, management, and monetization of services in telecommunications and enterprise environments
  • SMB → Server Message Block → Port 445
    • A network protocol primarily used for providing shared access to files, printers, and serial ports, as well as miscellaneous communications between nodes on a network
  • SOAP → Simple Object Access Protocol
    • A messaging protocol specification for exchanging structured information in the implementation of web services in computer networks
  • SPF → Sender Policy Framework
    • An email validation system designed to prevent email spoofing
  • STP → Shielded Twisted Pair
    • A type of copper cabling used in telecommunications and data communications
    • It consists of pairs of insulated copper wires twisted together, with an additional shielding to provide extra protection from electromagnetic interference (EMI) and radio frequency interference (RFI).
  • TGT → Ticket Granting Ticket
    • A temporary set of credentials issued by the Key Distribution Center (KDC) that allows a user to obtain additional service tickets without repeatedly re-entering their password
  • TSIG → Transaction Signature
    • A security feature used in DNS to authenticate and verify the integrity of DNS messages between servers
  • UAT → User Acceptance Testing
    • A crucial phase in software development where end-users validate that the system meets their requirements and functions as expected in their real-world scenarios
  • VLSM → A technique used in IP addressing to create subnets with different sizes within a given network

PBQ

  • The PBQ were hard, I got 4 questions, one is attack vector and how to mitigate, one is reading the scanning and chose the appropriate method, one is setting up fire wall with 3 servers and 2 routers this is hardest, one is related to data classification like PII, Confidential and what method to destroying it
  • chmod → command in Unix/Linux is used to change the file permissions for a file or directory
    • chmod u+x file.txt → Adds execute permission for the user.
    • chmod g-w file.txt → Removes write permission for the group.
    • chmod o=r file.txt → Sets read-only permission for others.
  • chown → command in Unix/Linux is used to change the owner and/or group of a file or directory.
    • chown alice file.txt → Changes the owner of file.txt to alice.
    • chown alice /path/to/directory → Changes the owner of the directory and its contents recursively to alice (with -Roption).
    • chown -R bob:staff /home/bob → Recursively change the owner to bob and the group to staff for the directory
  • Cryptography
    • Alice creates the SHA-1 hash of the original message (ABC) & then encrypts it with Alice’s Private Key to create Digital Signature
    • Next, Alice attaches the Digital Signature to the original message & delivers to Bob
    • Bob decrypts the original message containing Digital Signature using Alice’s Public Key → Resulting in the hash of the original message → (ABC)
    • Bob then performs a comparison of the hash & finds his computed hash is XYZ → Therefore, Bob can NOT confirm message’s integrity