requirement to develop security policies for computer systems that process confidential info
1 of 41
ISAC
Information sharing centre for industry threat intel
2 of 41
What is Threat Hunting used for?
used to scan without disruption
3 of 41
What is steganogrophy?
steganogrophy - obscures presence of a message to encode messages within tcp
4 of 41
What is homomorphic encryption and EKU?
homomorphic encryption - used to encrypt sensitive data sets like healthcare info
EKU - extended Key Usage - defines what a key does what apps its to be used for
5 of 41
What is IAM and what does it require?
IAM - identity access management ( logon using access card and PIN)
6 of 41
What is CER and what it is a measure of?
CER - crossover error rate (Biometrics when FER and FAR matchup) Shows accuracy
7 of 41
What is a TGT?
TGT - ticket granting ticket - provides info about client suchas name IP timestamp and how long valid for, uses session key
8 of 41
What is a data steward and data custodian ?
data steward - ensures data has correct labels and correct metadata
data custodian - enforces access control encryption and backup measures
9 of 41
What is IRM
IRM - microsoft information rights management - stops info being forwarded or printed (anything to do with microsoft products)
10 of 41
What is DAC, SAML, LDAP ?
DAC - Directory access control - who can assign permissions
SAML - exchange autehntication information
LDAP - works from most specific to least CN to DC ( Suchas cn=jude-DC=Live.MDU.Local)
11 of 41
What is discretionary access control?
discrecionary access control - most flexible weakest access control and assigned by only one use
12 of 41
What is active passive clustering?
active passive clustering - fault tolerance and consistent
13 of 41
What is session affinity and session persistence?
session affinity - once session established it remains with the node that started it
session persistence - uses cookie
14 of 41
What is TAP and SIEM used for ?
TAP - active or passive access point (passive is most redundancy resiliant - redirects traffic if security sys goes down
SIEM - agent based and collector for log collection - uses correlation to diagnose incidents - all local to host
15 of 41
Waht are these firewalls?
application firewall
appliance firewall
packetfiltering firewall
application firewall - stateful multilayer - analyses code present in HTTP Packets to see if it matches datbase
appliance firewall - just basic firewall
packetfiltering firewall - only allows minimum information inbound
16 of 41
What is ROT?
ROT - root of trust is validating boot and OS Sys files
17 of 41
Waht does Wrapper do?
wrapper - hides all contents only header viewable
18 of 41
Waht are these?
edescovery
forensics
carving
legal hold
edescovery - filtering evidence
forensics - court of law evidence gather
carving - retrieving deleted files
legal hold - information that must be preserved
19 of 41
What are the requirements for Live aquisition?
live aquisition requires specialist programs
20 of 41
Whats an audit logging service used for ?
audit loggin service - to capture attempted and successful intrusions historically
21 of 41
What is MTA?
MTA - message transfer agents handles transmission between email
22 of 41
What does serverless approach require?
serverless approach - need containerisation for performing tasks, needs event orchestration
23 of 41
How are FOG nodes adn edge gateway used for exfiltration?
fog node - used for exfiltration as close to edge
edge gateway used for exfiltration as on edge
24 of 41
What is REST?
REST - representational state transfer - sumbits requests as HTTP an dis looser framework, makes easier for computers to communicate
Comments
No comments have yet been made