Scribd Logo
Upload

Welcome to Scribd!

  • Appb

    Uploaded by

    Manel Mendoza
    15 views3 pages
    Some questions

    Original Title

    9781587147036_appb

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Some questions

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    15 views3 pages

    Appb

    Uploaded by

    Manel Mendoza
    Some questions

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 3

    APPENDIX B

    Memory Tables and Lists


    Chapter 1
    The following are examples of security mechanisms designed to preserve confidentiality:

    ■ Encryption (in motion and at rest)


    The following are the different components of STRIDE:

    ■ ______________: You must consider if the system or applications require nonrepudiation


    controls, such as system logs, web access logs, and audit trails. Another consideration is
    that an application should run with the user’s privileges, not more.
    ■ ______________: It is very important that you ensure in any application or system that
    users cannot elevate their privileges. Many organizations develop an authorization matrix
    to ensure that only authorized users and roles can access privileged functionality.
    ■ ______________: Sometimes referred to as identify spoofing. Attackers can disguise
    themselves as someone else. They can also disguise their systems as some other systems.
    For instance, in many distributed denial-of-service (DDoS) attacks, attackers can spoof
    the source of the attacks (that is, the IP addresses of the attacking machines or bots) in
    order to carry out the attack and maintain anonymity. This is why systems should have
    protection in place against spoofing attacks—and not just for DDoS. In general, users
    should not be able to become any other users or assume the attributes of other users,
    period.
    ■ ______________: You must make sure that a system or application does not disclose infor-
    mation that is not intended. For example, a web application should not store usernames
    and passwords in its source. Also, user credentials should not be stored in logs or in any
    other configuration or troubleshooting feature in plain text.
    ■ ______________: This ties into the discussion earlier in this chapter about integrity. Users
    must not be able to tamper with data, applications, or systems. In threat modeling, you
    must understand what threats could allow an attacker to tamper with data, applications,
    or systems in your organization.
    ■ ______________: You should evaluate what threats can cause a denial-of-service condi-
    tion. This is beyond just performance testing and should employ methodologies such as
    fuzzing (sending random data to an application or protocol).
    4 CCNA Cyber Ops SECOPS 210-255 Official Cert Guide

    Chapter 3
    The following are some of the most common evasion techniques against traditional IDS and
    IPS devices:

    ■ ______________: When the attacker evades the IPS box by sending fragmented packets.
    ■ Using low-bandwidth attacks: ______________
    ■ ______________: Using spoofed IP addresses or sources, as well as using intermediary
    systems such as proxies to evade inspection.
    ■ Pattern change evasion: ______________
    ■ Encryption: ______________

    Chapter 5
    The following are the most common incident response team structures:

    ■ _______________________________
    ■ _______________________________
    ■ _______________________________

    The following are the most common incident response team staffing models:

    ■ _______________________________
    ■ _______________________________
    ■ _______________________________

    The VERIS schema is divided into the following five main sections:

    ■ ________________________________
    ■ _______________________________
    ■ _______________________________
    ■ _______________________________
    ■ _______________________________
    Appendix B: Memory Tables and Lists 5

    Chapter 7
    Table 7-4 PCI Data Security Standard—High-Level Overview
    Goals PCI DSS Requirements
    Build and maintain a secure network and
    systems
    2. Do not use vendor-supplied defaults for
    system passwords and other security
    parameters.
    3. Protect stored cardholder data.

    4. Encrypt transmission of cardholder data


    across open, public networks.
    Maintain a vulnerability management program

    7. Restrict access to cardholder data by


    business need to know.

    8. Identify and authenticate access to system


    components.

    9. Restrict physical access to cardholder


    data.
    10. Track and monitor all access to network
    resources and cardholder data.

    11. Regularly test security systems and


    processes.
    Maintain an information security policy

    Chapter 9
    While studying for the CCNA Cyber Ops SECFND exam, you learned about the concept of
    the 5-tuple. As a refresher, the 5-tuple refers to the following five elements:

    ■ _________________________
    ■ Source port
    ■ _________________________
    ■ Destination port B
    ■ _________________________

    You might also like