Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
26 Cards in this Set
- Front
- Back
|
What is Asset Identification?
|
A thorough asset inventory to identify mission critical systems and items. Used to prioritize assets.
|
|
|
What is Risk Assessment?
|
To minimize impact of risks on an organization. Mitigation, assignment and acceptance.
|
|
|
What is Exposure Factor (EF)?
|
Percentage of asset value loss that would occur if a risk was realized.
|
|
|
What is Single Loss Expectancy (SLE)?
|
Potential dollar value loss from a single risk realization incident. Calculate by multiplying EF by asset value
|
|
|
What is Annual Loss Expectancy (ALE)?
|
Potential dollar value loss per year per risk. Calculate by multiplying SLE by ARO.
|
|
|
What is a Threat?
|
Person or tool that can take advantage of a vulnerability.
|
|
|
What is a Vulnerability?
|
Weakness, error or hole in the security protection of a system, network, computer, software, etc
|
|
|
What is a Port Scanner?
|
Vulnerability assessment tool that sends probes or test packets to a target system's ports in order to learn about the status of the ports. Can create an inventory of services
|
|
|
What is a Vulnerability Scanner?
|
A tool used to scan a target system for known holes, weaknesses or vulnerabilities. Have a db of attacks, probes, scripts etc.
|
|
|
What is a Protocol Analyzer?
|
A tool used to examine the contents of network traffic.
Capture network traffic and generate statistics for creating reports. |
|
|
What is Open Vulnerability and Assessment Language (OVAL)?
|
International security community standard designed ot promote and exchange standardized security content across all platforms and for all tool sets and services.
|
|
|
What is Network Mapper?
|
Specialized tool that borrows features from port scanners and protocol analyzers in order to actively or passively build a logical infrastructure map of a network.
|
|
|
What is a Performance Monitor?
|
Monitors changes to the approved system baseline
|
|
|
What is Systems Monitor?
|
Used to watch over system metrics, such as CPU usage, active processes, memory consumption, free drive space, system temperatures, etc.
|
|
|
What is Performance Baseline?
|
Expected level of system performance as measured through a performance monitoring tool. A policy extracted from real activity levels.
|
|
|
What is Behavior based detection?
|
Relies on establishing a baseline or definition of normal and benign. The tool then can detect activities that vary from the standard of normal.
Strengths: Can identify malware, monitor for malware activities, learn about malware, not OS specific. Weaknesses: false alarms, slow, costly, needs retraining. |
|
|
What are Signature Based Detection?
|
Relies on a database of signatures or patterns of known malicious or unwanted activity. Can quickly and accurately detect an event from the database.
Strengths: Accurate detection because of prior detection, low false positives, detailed text logs, uses little resources. Weaknesses: Polymorphic viruses immune, rule sets need constant updating, inability to detect new attacks, based on passive monitoring. |
|
|
What is Anomaly based detection?
|
Relies on definitions of all valid forms of activities. From that it can detect anomalies.
Good for detecting protocol and port exploitation, new expoits or buffer overflow, DoS attacks on payloads or volume, normal network failures, varients of existing attacks in new environments. |
|
|
How do you calculate ALE?
|
SLE x ARO
|
|
|
How do you calculate SLE?
|
Asset value x Probability
|
|
|
What is Ping?
|
Monitoring tool that tests network connectivity by sending echo request to host.
|
|
|
What is Tracert/traceroute?
|
Monitoring tool that traces route a packet takes. Good to find out where something is getting hung up.
|
|
|
What is Nslookup?
|
Monitoring tool that is used to troubleshoot DNS.
|
|
|
What is Netstat?
|
Monitoring tool that displays ports computer is listening to, routing table, interface stats
|
|
|
What is IPConfig/IFconfig?
|
Monitoring tool that displays TCP/IP settings
|
|
|
What do you monitor in Performance Monitoring?
|
RAM, logical and physical drives, CPU, and Protocols.
|
