Terms to Know 2

this AUDIT focus on firewalls, intrusion detection, multi- factor authentication

Test controls in place at particular point in time (narrower)

Test controls OVER a period of atleast 6 consective months (Wider), usually for LARGER Organizations

European Union Regulation

Set of rules and regulations that allow someone in the EU to control what happens to their private infomation

Data Protection and privacy for indidvuals in the EU

provide protection for credit card transactions

protects the privacy of students educational records

rules and regular protecting healthcare in the US

protect the privacy of patient medical information

protects privacy of an individual’s financial information held by financial institutions and others such as tax preparation companies)

dictates the requirments for storing and retaining documents relating to an organizations financial and business operations for any publically traded company alteast 75 millions/

Two common functions are visibility into application use and data security policy use. Other common functions are the verification of compliance with formal standards and the monitoring and identification of threats

An older security protocol that provides data encryption for wireless networks, but it is considered insecure due to vulnerabilities that allow it to be easily cracked.

includes stronger encryption methods and improved authentication mechanisms. It uses TKIP (Temporal Key Integrity Protocol) to provide per-packet key mixing and message integrity.

uses AES (Advanced Encryption Standard) for encryption, which provides stronger security

Uses SAE (Simultaneous Authentication of Equals) for stronger protection against brute-force attacks.

used in WPA3-Personal to provide a more secure key exchange process.

This is a password-based authentication protocol widely used within EAP frameworks. It offers better security than a simple username and password combination because it includes features like mutual authentication (both the client and server authenticate to each other).

used in with 802.1x/an authentication framework

created by Cisco, Microsoft and RSA Security

Authentication server uses a Digital certificate insteal of the PAC

Client doesnt use a certificate

ALSO uses TLS Tunnel

Strong security, wide adoption

support form most of industry

requires digital certificate on ALL devices

uses TLS tunnel after mutual authentication

need a Public Key Infrastructure (PKI)

not all deivces can support use of digital certificates

the one that supports MULTIPLE authentication methods within a encrypted tunnels

A command-line tool that captures and analyzes network traffic by displaying packets.

A Windows command used to encrypt or decrypt data, and wipe free space on a disk.

A tool to edit and replay captured network traffic.

command-line tool used for transferring data using various network protocols.

command will retrieve a web page and display it as HTML at the command line.

Used to collect the content within RAM on a given host.

A proprietary tool used to create forensic images of computer data without altering the original evidence.

Displays information about network interfaces and configures network interfaces on UNIX/Linux and macOS systems.

Password cracking software tool.

vulnerability scanner used to identify and fix security issues in a network.

works in conjunction with the Trusted Platform Module (TPM) to record the measurements (hashes) of all boot components, from the firmware to the bootloader and the operating system. These measurements are stored in the TPM to provide a detailed log of the boot process, which can be used to verify the integrity of the system.

part of the Windows boot process that occurs after Secure Boot. It verifies the digital signature of the operating system kernel before loading it

UEFI BIOS feature that ensures only software with valid digital signatures can execute during the boot process. It checks the digital signature of the bootloader to prevent unauthorized or malicious code from running.

To prevent rootkits and bootkits by ensuring that the bootloader and subsequent components have not been tampered with and are from a trusted source.

diagnostic testing sequence run by a computer's BIOS or UEFI firmware when the computer is powered on. It checks the hardware components such as the CPU, memory, disk drives, and other peripherals to ensure they are working correctly.

Adding random data, or salt, to a password when performing the hashing process will create a unique hash, even if other users have chosen the same password.

used in many operating systems, and this model allows the owner of the resource to control who has access.

is commonly used to monitor the input to web-based applications.

If you open the list of Wi-Fi networks on your laptop or phone, you'll see a list of SSIDs. A wireless router or access points broadcast SSIDs so nearby devices can find and display any available networks.Apr 24, 2024

The recovery after a breach can be a phased approach that may take months to complete.

exercise allows a disaster recovery team to evaluate and plan disaster recovery processes without performing a full-scale drill.

non-production network that has been specifically created to attract attackers. A honeynet is not commonly used to identify infected devices

provides documents for implementing and managing cloud-specific security controls.

would allow an attacker to access a system at any time without any user intervention. If there are inbound traffic flows that cannot be identified, it may be necessary to isolate that computer and examine it for signs of a compromised system.

on an email server could potentially be used to encrypt server-to-server communication, but the security administrator is looking for an encryption method between email clients.