Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
30 Cards in this Set
- Front
- Back
|
Regarding auditing (NIST standards), what is the process of exercising one or more assessment objects under specified conditions to compare actual and expected behaviors? |
Testing
|
|
|
Regarding auditing (NIST standards), what is the process of checking, inspecting, reviewing, observing, studying or analyzing one or more assessment objects to facilitate understanding, achieve clarification, or obtain evidence?
|
Examination
|
|
|
Regarding auditing (NIST standards), what is the process of conducting discussions with individuals o groups within an organization to facilitate understanding, achieve clarification, or identify the location of evidence. |
Interviewing |
|
|
What is the difference between a vulnerability assessment and penetration testing? |
VA - Done by admins PT - Done by hired hackers |
|
|
For Penetration testing, what are white, grey, and black box? |
White: have full knowledge of network Grey: limited knowledge (costs less than black box) Black: no knowledge (hacker approach) |
|
|
What are the 3 types of pentesting? |
1. Physical Security
2. Operational Security 3. Electronic Security |
|
|
What is NIST's 800-137 that includes: Define Establish Implement Analyze/Report Respond Review/Update |
CM - Continuous Monitoring |
|
|
Define: Emergency Reboot Cold Start |
System Reboot: System shuts itself down safely and restarts.
Emergency Reboot: System can't recover and basically restarts in "special or safe mode" Cold Start: User intervention (manual reboot) |
|
|
What is superzapping? |
A utility to bypass access controls of an operating system. Administrators can use these for quick changes. Nothing is logged, so attackers can use them for malicious purposes. |
|
|
What is it called when a packet is modified to have the same destination and origin address? |
Denial Of Service |
|
|
What is another name for a Browsing Attack? |
Shoulder surfing |
|
|
Juggernaut and Hunt are tools used for what kind of attack? |
Session Hijacking |
|
|
What is Kerckhoff's principle and why is it relevant? |
The only secret portion to a cryptosystem should be the key so that the algorithms can be stronger |
|
|
What is required for a secure Vernam cipher? |
The pad must be used just one time |
|
|
What are the RMF Steps? |
Cat Sat On it's Assets All Morning... CSOAAM |
|
|
How are Type 1 and Type 2 Hypervisors different? What is the industry standard? |
Type 1 - standard, installed from scratch Type 2: installed over Windows |
|
|
Vulnerability Assessment |
prioritized list of vulnerabilities and are generally for clients who already understand they are not where they want to be in terms of security. The customer already knows they have issues and simply need help identifying and prioritizing them. |
|
|
Interface Testing |
check & verify interactions errors are handled properlyuser interrupts any transaction |
|
|
Misuse Case Testing |
use case from the point of view of an Actor hostile to the system under design |
|
|
Penetration Tests |
designed to achieve a specific, attacker-simulated goal and should be requested by customers who are already at their desired security posture. A typical goal could be to access the contents of the prized customer database on the internal network, or to modify a record in an HR system. |
|
|
Real User Monitoring (RUM) / End user experience monitoring (EUM) |
web monitoring that aims to capture and analyze every transactions Passive monitoring, relying on web monitoring services that continuously observe system in action, tracking availability, functionality and responsiveness |
|
|
Synthetic performance monitoring |
script of user action to track performance from external, so better to assessing site availability and network problems |
|
|
Security Metrics |
data collected from one or more security control, such as . the number and severity of vulnerabilities revealed . number of unauthorized access attempts . configuration baseline information . contigency plan testing dates and results . number of employees who are current on awareness training requirements . risk tolerance thresholds . risk score associated |
|
|
Various of test |
Checklist Test - Copies of BCP are distributed to the different departments and functional areas for review Structured walk through test - representative from each department or functional area come together and go over the plan Parallel test - perform test on alternate offisite facility Full interruption test - original site is shut down, and processing takes place at alternate site |
|
|
Zero Knowledge test |
Team does not have any knowledge of the target and must start from ground zero |
|
|
Partial knowledge |
Some information about the target |
|
|
Full knowledge |
intimate knowledge of the target |
|
|
Blind test |
Assessor only have publicly available data to work with |
|
|
Double blind test / Stealth assessment |
security staff is not notified |
|
|
Targeted Test |
external consultant and staff carrying out focused test on specific area of interest |
