Sec+ preparation: First test exam

Intro

Let’s jump into next day of preparing for SEC+.

Before beginning I just want to give credit to Master OTW at Hackers-Arise. I really enjoy how he describes concepts of various topics. Real professional.

You can purchase Security+ SY0-701 boot camp here

Some Questions and answers

These questions and answers will make you undestand how CompTIA Security+ exam feels like.

###Question######Answer###
Which of the following options BEST describe Steganography?a method used to hide data within a file
Which of the following is the MOST likely motivation that drives shadow IT?circumventing departmental security controls
At the beggining of a project, the project manager is asked to prioritize individual project risks for assessment by the likelihood of their occurence. What should the project manager do?Perform a qualitative risk analysis

Terminology that was used

SLA—Service level agreement. An agreement between a company and a vendor that stipulates performance expectations, such as minimum uptime and maximum downtime levels. Organizations use SLAs when contracting services from service providers such as Internet Service Providers (ISPs).

AUP—Acceptable use policy. A policy defining proper system usage and the rules of behavior for employees. It will often describe the purpose of computer systems and networks, how users can access them, and the responsibilities of users when accessing the systems.

NDA—Non-disclosure agreement. An agreement that is designed to prohibit personnel from sharing proprietary data. It can be used with employees within the organization and with outside organizations. It is commonly embedded as a clause in a contract.

MOU - (Memorandum of Understanding) is a written agreement between two or more parties that defines their working relationship, expectations, and responsibilities. While not legally binding, it serves as a formal, non-binding document outlining the parties' intentions and the scope of their collaboration

MTBF—Mean time between failures. Provides a measure of a system’s reliability and is usually represented in hours. The MTBF identifies the average (the arithmetic mean) time between failures. Higher MTBF numbers indicate a higher reliability of a product or system.

MTTR—Mean time to recover. Identifies the average (the arithmetic mean) time it takes to restore a failed system. Organizations that have maintenance contracts often specify the MTTR as a part of the contract.

RPO—Recovery point objective. A term that refers to the amount of data you can afford to lose by identifying a point in time where data loss is acceptable. It is often identified in a BIA. Compare with RTO.

RTO—Recovery time objective. The maximum amount of time it should take to restore a system after an outage. It is derived from the maximum allowable outage time identified in the BIA. Compare with RPO.

Smishing - SMS (short message service) + phishing

MITRE - it’s an organization which is responsible to maintain Common Vulnerabilities and Exposures (CVE) database. So vulnerabilities like CVE-2017-0143 comes from MITRE.

WAF—Web application firewall—A firewall specifically designed to protect a web application. A WAF inspects the contents of traffic to a web server, can detect malicious content such as code used in a cross-scripting attack, and block it.

SPF - The Sender Policy Framework (SPF) is an email authentication protocol designed to prevent email spoofing, a common technique used in phishing attacks and email spam. As an integral part of email cybersecurity, SPF enables the receiving mail server to check whether incoming email comes from a domain authorized by that domain’s administrators.

DNSSEC—Domain Name System Security Extensions. A suite of extensions to DNS used to protect the integrity of DNS records and prevent some DNS attacks.

PCI DSS - (Payment Card Industry Data Security Standard) is a set of security standards designed to ensure the secure handling of cardholder data, including credit and debit card information. It's a globally recognized standard, mandated by major payment brands like Visa, Mastercard, and American Express, for all entities that store, process, or transmit cardholder data.

CASB—Cloud access security broker. A software tool or service that enforces cloud-based security requirements. It is placed between the organization’s resources and the cloud, monitors all network traffic, and can enforce security policies.

HIDS—Host-based intrusion detection system. HIDS is software installed on a system to detect attacks. A HIDS is used to monitor an individual server or workstation. It protects local resources on the host such as the operating system files, and in some cases, it can detect malicious activity missed by antivirus software. Compare with HIPS, NIDS, and NIPS.

NIDS—Network-based intrusion detection system. A device that detects attacks and raises alerts. A NIDS is installed on network devices, such as routers or firewalls and monitors network traffic. It can detect network-based attacks.

NIPS—Network-based intrusion prevention system. A device that detects and stops attacks in progress. A NIPS is placed inline (also called in-band) with traffic so that it can actively monitor data streams, detect malicious content, and stop attacks in progress.

RA—Recovery agent. A designated individual who can recover or restore cryptographic keys. In the context of a PKI, a recovery agent can recover private keys to access encrypted data, or in some situations, recover the data without recovering the private key. In some cases, recovery agents can recover the private key from a key escrow.

OCSP—Online Certificate Status Protocol. An alternative to using a CRL. It allows entities to query a CA with the serial number of a certificate. The CA answers with good, revoked, or unknown.

CSR—Certificate signing request. A method of requesting a certificate from a CA. It starts by creating an RSA-based private/public key pair and then including the public key in the CSR. Most CAs require CSRs to be formatted using the Public-Key Cryptography Standards (PKCS) #10 specification.

CA—Certificate Authority. An organization that manages, issues, and signs certificates and is part of a PKI. Certificates are an essential part of asymmetric encryption, and they include public keys and details on the owner of the certificate and the CA that issued the certificate. Certificate owners share their public key by sharing a copy of their certificate. Compare with PKI.

SED—Self-encrypting drive. A drive that includes the hardware and software necessary to encrypt a hard drive. SEDs include all the encryption circuitry built into the drive, and they automatically encrypt the drive without user action. Users typically enter credentials to decrypt and use the drive. Compare with FDE.

Elasticity - Cloud elasticity is the ability of a cloud system to rapidly scale computing resources (like CPU, memory, and storage) up or down in response to changing demand.

PEAP—Protected Extensible Authentication Protocol. An extension of EAP sometimes used with 802.1X. PEAP provides an extra layer of protection for EAP and it is sometimes used with 802.1X. PEAP requires a certificate on the 802.1X server. Compare with EAP, EAP-TLS, EAP-TTLS, and EAP-FAST.

IPS—Intrusion prevention system. A preventive control that can stop an attack in progress. It is similar to an active IDS except that it’s placed inline with traffic. An IPS can actively monitor data streams, detect malicious content, and stop attacks in progress. It can be used internally to protect private networks, such as those holding SCADA equipment. Compare with IDS.

ISA - An Interconnection Security Agreement (ISA) is a document that defines the security requirements for a connection between two information systems, often between an agency and an external system.

BCP—Business continuity plan. A plan that helps an organization predict and plan for potential outages of critical services or functions. It includes disaster recovery elements that provide the steps used to return critical functions to operation after an outage. A BIA is a part of a BCP, and the BIA drives decisions to create redundancies such as failover clusters or alternate sites. Compare with BIA and DRP.

Table-top exercise - A tabletop exercise—or table top exercise—is an interactive, discussion-based session that prepares key team members for an emergency, disaster, or crisis.

Zone based firewalls:

1. Zone - A zone is a logical area in which the devices having the same trust levels reside. After creating a zone, an interface is assigned to a zone. By default, traffic is not allowed from one zone to another.

For example, first, we create a zone called inside then if the router interface fa0/0 resides on the most trusted network which we name as inside, then fa0/0 is assigned to the inside zone.

Important concepts

  • Data on a VPN is considered data in transit.

  • Incremental backups are performed on weeknights. Incremental backup backs up only files that have been modified since the last full or incremental backup.

  • All things shares the kernel.

Thoughts after test exam

There are lots of acronyms used. I think it is really important to learn as much acronyms as possible. Some of the questions includes acronyms and answers are acronyms, so it is really important to understand them.

Sometimes you can find part of the answer in a question itself. I felt how questions are formulated and it does not look so scary as I thought it would look. So that’s a good part.

I see that I must spend some time for learning acronyms.

Anyways, I know that I’ll be able to pass the exam.

Some more test exams are waiting in the future.

1
Subscribe to my newsletter

Read articles from Jonas Satkauskas directly inside your inbox. Subscribe to the newsletter, and don't miss out.

Written by

Jonas Satkauskas
Jonas Satkauskas