CYSA study guide UPDATED ACTUAL Questions and CORRECT Answers
GAPP Generally Accepted Privacy Principles
Vulnerability Weakness in a device, system or application
Threat exploits the vulnerability
Risk Combination of both Threat and Vulnerability
individual groups and organization that are attempting to
Adversarial Threats
deliberately undermine the securityof an organization
Accidental Threats
Occur when equipment, software, or environmental con-
Structural Threats trols fail due to the exhaustion of resources, exceeding
their operational capability, or simply failing due to age
occur when natural or man-made disasters occur that are
Environmental Threats
outside the control of the organization
Qualitative Risk High, Medium, Low Risk
is the process of numerically analyzing the effect of iden-
tified risks on overall project objectives. The key benefit of
this process is that it produces quantitative risk informa-
tion to support decision making in order to reduce project
uncertainty.
Quantative Risk Analysis
These techniques include the probability distribution,
data gathering and representation techniques, sensitivity
analysis, expected monetary value analysis, decision tree
analysis, tornado diagrams and expert judgment.
NAC Network Access control
What is NAC controls access to the organization network
802.1X is a common standard used for NAC
- Common standard that is used by NAC
, - basically authenticates the user using an authenticator
What does the 802.1x protocol do which sends the request to the RADIUS server that con-
tains the user details
-802.1X protocols
AGENT BASED NAC -require that the device requesting access to the network
run special software designed to communicate w the NAC
service
conduct authentication in the browser and do not require
AGENTLESS BASED NAC
special software
think of captive portals that hotels use for their authenti-
cation
IN BAND NAC
deny access until authentication can be proven
Relies on existing network and has device communicate to
out of band NAC
authentication servers (like 802.1x)
only check the characteristics of each packet against the
Packet Filtering firewall
fire wall rules w out any additional intelligence
beyond packet filters and maintains information ab the
Stateful Inspection Firewall
state of each connection
NGFW(NEXT gen firewall) incorperate even more information of each request
are specialize firewalls designed to protect against web
Web application firewalls application attacks like SQL injection and Cross site script-
ing
Network Segmentation Can be done using firewalls to separate different networks
A jump box server connects two or more networks, allow-
Jump box server ing users to connect from one network and then "jump"
to another.
Honeypots
2/5
GAPP Generally Accepted Privacy Principles
Vulnerability Weakness in a device, system or application
Threat exploits the vulnerability
Risk Combination of both Threat and Vulnerability
individual groups and organization that are attempting to
Adversarial Threats
deliberately undermine the securityof an organization
Accidental Threats
Occur when equipment, software, or environmental con-
Structural Threats trols fail due to the exhaustion of resources, exceeding
their operational capability, or simply failing due to age
occur when natural or man-made disasters occur that are
Environmental Threats
outside the control of the organization
Qualitative Risk High, Medium, Low Risk
is the process of numerically analyzing the effect of iden-
tified risks on overall project objectives. The key benefit of
this process is that it produces quantitative risk informa-
tion to support decision making in order to reduce project
uncertainty.
Quantative Risk Analysis
These techniques include the probability distribution,
data gathering and representation techniques, sensitivity
analysis, expected monetary value analysis, decision tree
analysis, tornado diagrams and expert judgment.
NAC Network Access control
What is NAC controls access to the organization network
802.1X is a common standard used for NAC
- Common standard that is used by NAC
, - basically authenticates the user using an authenticator
What does the 802.1x protocol do which sends the request to the RADIUS server that con-
tains the user details
-802.1X protocols
AGENT BASED NAC -require that the device requesting access to the network
run special software designed to communicate w the NAC
service
conduct authentication in the browser and do not require
AGENTLESS BASED NAC
special software
think of captive portals that hotels use for their authenti-
cation
IN BAND NAC
deny access until authentication can be proven
Relies on existing network and has device communicate to
out of band NAC
authentication servers (like 802.1x)
only check the characteristics of each packet against the
Packet Filtering firewall
fire wall rules w out any additional intelligence
beyond packet filters and maintains information ab the
Stateful Inspection Firewall
state of each connection
NGFW(NEXT gen firewall) incorperate even more information of each request
are specialize firewalls designed to protect against web
Web application firewalls application attacks like SQL injection and Cross site script-
ing
Network Segmentation Can be done using firewalls to separate different networks
A jump box server connects two or more networks, allow-
Jump box server ing users to connect from one network and then "jump"
to another.
Honeypots
2/5
