Scribd Logo
Upload

Welcome to Scribd!

  • 28 views

    Security SY0-701 LMRG 2023-2

    Uploaded by

    alz3eeem.m

    Copyright:

    © All Rights Reserved
    Download as PDF or read online from Scribd
    Flag for inappropriate content

    You might also like

    Security SY0-701 LMRG 2023-2

    Uploaded by

    alz3eeem.m
    28 views22 pages

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF or read online from Scribd
    Flag for inappropriate content
    Download as pdf
    28 views22 pages

    Security SY0-701 LMRG 2023-2

    Uploaded by

    alz3eeem.m

    Copyright:

    © All Rights Reserved
    Download as PDF or read online from Scribd
    Flag for inappropriate content
    Download as pdf
    of 22
    The main goals of information security ar © Confidentiallty prevents unautho ¢ Integrity prevents unauthoriz © Availability ensures auth © Non-repudlation mean: neone who jormed some actio nding ar cannot later deny having tal t action © Digital signatures are commonly used to achieve non-repudiation ity controls are into four categories, ba upon how they function: ue Description Managerial | Procedural mechanisms that focus on the mechanics of the risk management process ‘Operational | Processes that we put in place to manage technology in a secure manner Technical Uses technological means to meat 2 security objective Physical Uses physical constraints to meet a security objective Security+ Last Minute Review Guide (SYO-701) Preventive | Stops an adversary from violating security policies. Deterrent Discourages an adversary from even attempting, ‘an attack, Detective Identifies potential violations of security policies. Corrective __| Restores the original state after a security incident. Compensating | fills the aap when itis not possible to implement required control. Directive Informs employees and othars what they should do to achieve security objectives. defense-In-depth prir overlapping om P ng against the During a gap analysis, nd examine the contr objectives. If there are any cases W ot meet the cont hose ontrol: y example objective, that of a gap. Cetra lier Infrared Datects the presence of people using heat action Pressure | Detocts shifting weight on a pressure plato Microwave | Detects people and objects present in an area Ultrasonic | Detects inaudible sound waves Zero Trust network access never grants nas ba 1 an IP address, but continuous! reevaluate Control Plane makes dec about acce Data Plane is where those s ar 4 YN Security+ Last Minute Review Guide (SYO-701) Core Zero Trust Logical Components Control Plane rom Symmetric encryption uses the samé for encryption and decryp' ermitt ‘om entering an area while hey should be use in asymmetric encryption, use public/private key pair. Keys are us ve their own s follows: ead ed SS Technology Honeypot _ | System that serves asa decoy to attract attackers: Honeynet__| Unused network designed to capture probing traffic ‘SenderEneryptswith..._| Recipient's public key | Sender's private key Recipient Decrypts with... | Recipient's private key | Sender’ public key Honoyfile | File that serves as.a decoy to attract attackers Anything encrypted with one key from a pair may only Sain thy tacterateh teed nares"? | be decrypted with the other key from that same pair ey pen Encryption protects sensitive information from ccretsenttay memteen] Paar unauthorized disclosure by making it unreadable to anyone without the approp decryption key POD keys, Sat Common use tion include: © Providing confidentiality for sensitive informatio © Confirming the integrity of stored or transmitted ic algorithms include AES ish, and Blowfish. DES and RC4 are not se: algorithms in ure, El Gamal, The Diffle-Hellman algorithm may be used for secure ‘change of symmetric keys. Hashes are one-way functions that produce a unique value for every input and cannot be d. Common hashin RIPEMD. The ML but has significant algorithms include SHA, HMAC, and hashing algorithm is still widely used curity vulnerabilit The hardware root of trust use ablished through the assurance that hardware has not been tampe ith. The boot process for a system is managed by the Unified Extensible Firmware Interface (UEFI) decreasing the amount of sensitive information maintained by the organization, data can't be eliminated, data obfuscation techniques may render it less sensitive, Data obi iscation techniques include: © Hashing ion to transform a value in our datas ponding hash value. © Tokenization replaces sensitive values with a okup table. s sensitive of sensitive © Data masking p: information by replaci fields with blank characters. © Steganography embeds information in an image, video, audio, or other binary file Key stretching is u passwords ina st of iterations of salt ys that to create encryption keys from ng manner. PBKDF2 uses thousands and hashing to generate t against attack. Blockchain creates a data s tamper with by using a public ledger. ‘ore that nobody can ibuted and immutable open Digital certificates are a secur unknown third party with a tr key belonging to an individ Digital certificates are issue Authority (CA). When creating a digital certificate, th: CA takes a copy of the subject's public key a h other certificate information and then digitally signs the cert using the CAs private key. When a user or application wishes to verify the they do so by validating the CA's public key. If the signat is trusted, the public key may then means ed copy of the p organization, or by a trusted Certificate stificate authorities may revoke a digital by placing it on the Certificate Revocation List (RL). However, this appro: low and is replaced by Online Certificate Status Protocol (OCSP) w provides real-time certificate verification Organizations not wishing to pure! certificate from a CAn certificates. These but will not be ti hase a digital te their own self-signed are fine for internal use isted by external users. Digital certificates issued by CAs come in three es. They differ in f verification the CA CA verifies that the certificate subject controls validation (DV) _| the domain name, Weakest form of validation. ‘Organization | CA verifies the name of the business purchasing validation (OV) _| the cettificate in addition to domain ownership. Extended CA performs additional checks to vetify the validation (EV) | physical presence of the oraanization at a 4 YN Security+ Last Minute Review Guide (SYO-701) should be familiar with the m ° of cybersecurity threa e © Natlon-state actors hack into fore ° jovernments or corporations. The motive canbe s tical oF nic ° © Unskilled attackers are generally low-skilled © Unsup ems king a quick thrill © Unsecure networks © Hacktivists u ing techniques to © Open service port: accomr al motivated by the © Default credentia greater goo © Supply chain vulnerabilities © Insider threats occur when an employee or other @ Human vectors individua h authorized access u that access financial gain. malware involved. Major malware types include: ! a tisk x ine us Virus ‘Spreads between systems based upon some user ‘ive informati action. outside of the organ Worm ‘Spreads between systems by exploiting Zero-day attacks exploit Trojan Masquerades as desirable software to trick users not known to other al installing Remote, horse that allows an attacker to gain remote Attackers may be internal to the organization ‘Access Trojan | access toa system. or external threats. They have varying level: Spyware | Monitors user activity, such as keystrokes and web sophistication and funding and may be motivated by tise Roylosuers art an cnanple of spyware: © Data exfiltration piona Rancomware | Encrypts user filos and demands a ransom before releasing the key. ° ruption Logic Bomb | Waits until certain conditions are met before ° 1 triggering a malicious action. & Financia gan . $ Phiosophicapottical belts feat |Seatromtersngls eretoer on ¢ Ethical intent Backdoor Provides an unauthorized mechanism for accessing — Beret __ ero cnroied uses titan taker Controls through the use of a command and control ‘mechanism. Commonly used in denial of service hreat ve Bloatware © Message- (Email, SMS, IM) Security+ Last Minute Review Guide (SYO-701) individuals to Soclal engineering att: gain unauthorized ace Social engineering atta en main mechanisms: authority, intimidation, consensus, scarcity, familiarity, trust, and urgency. Variants of social engineering attacks include ‘AtackType Description Phishing Solicits information via email ‘Spear Phishing | Solicits information via highly targeted email designed for one person. Whaling Targets high value individuals, such as senior ‘executives. Vishing ‘Solicits information via voice telephone calls ‘Smishing Solicits information via SMS text message. Protexting | Uses a fake scenario to manipulate someone into divulging confidential information Brand Mimics the identity of a trusted entity or brand Impersonation | to deceive individuals. Typosquatting | Registers misspellings of common domai names to attract trafic. Business Email | Impersonates a company executive or other Compromise | high-level employee in an attempt to deceive (BEC) ‘someone within the company. Commonly involves requests to transfor funds, fraudulont inyoives, or impersonating attorneys. Tailgating __| Accesses a building by having someone hold the door open. Dumpster | Discovers sensitive information discarded in tho Diving trash. ‘Shoulder Monitors user activity by watching them as they Surfing center/read information Watering Hole | Places malware on a site where users are known tovisit. Impersonation | Attacks where the attacker is able to appear toa remote user/system as another individual. Misinformation is t! without maliciou malicious intent dissemination of false information intent, while disinformation in are can Password attacks sock attack: ° ° ° Birt function The nitial req at conn re that they ‘ough a proxy and the attacker mmunication and inject communic: mmands, to defeat the security of on. Common pa sword-based ai include: Brute force attacks attempt to simply guess passwor eatedly. Dictionary attacks gu dictionary of words Password spraying attacks ks, using lists of common px Credential stuffing attacks tak: id passwords from a compromis attempt to use them to login at another site. nal Rainbow table attacks precompute the hashe of common passwords and use them against a olen password file. nay be defeated by using Pass the hash attacks reuse hashed credentials from one machine to login to another machine. day attacks seck to find collisions in hash where the hash fun different inpu e for tw b application security risks are: control Cryptographic failure: 3. Injection 4 ure design Security+ Last Minute Review Guide (SYO-701) Threats, Vulnerabilities, and Mitigations ities aad 'SQLinjection | Manipuletes web applications to send unauthorized ‘commands to the back-end database Overflow Places more data than expected ina memory buffer in an attempt to execute unauthorized code Remote code | Allows an attacker to execute code of their execution _| choosing without accessing the system directly Directory Embeds periods and slashes in URLS in an attempt traversal to navigate the web server’sfile system Privilege Exploits that allow an attacker to take a normal user ‘escalation _| account and manipulate t to gain administrative access. Often performed using a rootkit. Soseion Attacks where the adversary steals a cookie or hijacking ‘other session credential to take over a user's existing authenticated session. Attacks where the adversary tricks the user's browser into executing embedded scripts that are either stored on a web server (petsistent XSS) or use. input that is repeated as output (reflected XSS). ‘Attacks that depend! upon the timing of two operations, Race congition that occurs when a program ‘checks access permissions 100 far ahead of a resource request. Virtual machines allow ystem instances on a single physi fi virtualize for enforcing (Guoet Virtual ‘Machine in multiple 0 se hypervisor vironm olatio nt, t Type 1 Hypervisor Gucst Virtual Guest Virtual, ‘Machine ‘Machine Hypervicor Type 2 Hypervisor Guost Viral Guest Virtual Guest Virtual Machine Machine ‘Machine ther Applications Hypervisor Other Applications Host Operating Systom Physical Hardware ploying services in the cloud, o from three major cloud strat © Software as a Service (SaaS) appl sto the cloud. The or supplying data an plication, © Infrastructure as a Service (laaS) sells basic and storage. The building blocks, such as s customer manages the operating system and configures and ftware. © Platform asa Service (PaaS) provides the customer nment to run their own cern for the underlying with a managed envir software without cor loud services may b sed in several forms: e Public cloud pr services to many different custom many mers may share the same physical hardware © Private cloud environments dedicate hardw single user. © Hybrid cloud environments combine elem: public and priv ud in a single organization. © Community cloud envir similar to the public clou ecific set of cu nmeni but wi oar hac toa Indicators of compromise (IoC) are items of unusual activity that may suggest a security incident and requi further investigation. Examples of IoC include © Unexpected account lockout © Concurrent session usage © Blocked content © Impossible travel tim © Excessive resout © Resource inac le logging umption surity for a wirel etwork, you should use recent versions of WI-Fl Protected Access (WPA2 or WPA3). The original version of WPA, which used the Temporal Key Integrity Protocol (TKIP) is no When configuring s longer secure. WPA2 uses CCMP to provide security, while WPA3 uses Simultaneous Authentication of Equals (SAE), Network segmentation places different types of systems on different network segments, minimizing the likelihood of cross-infection. This may be done with physically separate networks or with virtual networks (VLANs). Extremely sensitive network segments may be separated by an alr gap, meaning they are not (VPs) 2 in cloud environments. ‘Access control lists (ACLs) form the basis of many access, management systems and provide a listing of subjec and their permissions on objects and groups of objects Personnel security principles include © Need to know requires a legitimate business need to information. © Least privilege grants individuals the minimum necessary permissions to perform their jobs. © Separation of duties blocks someone from having two sensitive priv bination. © Two-person control requires two people to perfc nsitive activity. © Mandatory vacations and job rotation seek to prevent fraudulent activity by uncovering malfeasance. Endpoint monitoring provides important operatio information to cybersecurity analysts because endpoint behavior is often the first indicator of a comprom Endpoint detection and response (EDR) systems provide this insight, while user and entity behavior analytics (EBA) solutions allow deeper behavioral inspection. Tool Intrusion Detection System Security+ Last Minute Review Guide (SYO-701) Description Monitors @ host or network for: intrusion and reports to administrators. Intrusion Monitors a host or network for signs of Prevention System | intrusion and attempts to block malicious traffic automatically. ‘Security ‘Aggregates and corrolatos security Information & information received from other systems. Event Management ‘System Firewall Restricts network trafic to authorized connections, ‘Application Allow | Limits applications to those on an List approved list. Application Deny List | Blocks applications on an unapproved list. ‘Sandboxing Provides a safe space to run potentially malicious code. DNS Sinkhole Uses faise DNS replies to block access 10 known malicious sites VPN Concentrator | Provides a central aggregation point {or VPN connections Proxy Server Makes requests to other servers on behalf of ‘an end usar, providing anonymization and performance enhancement. Data Loss Prevention | Blocks the exfiltration of sensitive information from an organization. Mail Gateway Screens inbound messages for malicious content Cloud Access ‘Service that intercepts requests headed for Security Broker | cloud services to confirm their compliance (case) with organizational security policies Hardware Security | Stores and manages encryption keys Module (HSM) Split tunnel VPNs rporate network VPNs send all traff Control to connec nly send traffic destined for the through the VPN while full tunnel through the VPN. Network Access 3 them g may includ hecking s screeni and device heal = = a TE a = f 7 ae ard Powerlesue See eee Loss of powor | Fauit Power loss/power flluro Low voltage Sag Undervoltage event High voltage Soke Surae Disturbance Transiont Noise Access control vestibules use a set of doub none at a time to restrict physical acces aining current and patched 1e most effective application is Input validation which ensur the expected pattern bef he core activities of identity and access manay © Identification where a us makes a clai © Authentication where the user proves the identit © Authorization wh nitted to F th stem confirms form the requested action 0k to limit plications, process resources, systen In access contr that subjects (e.9. u to objects (e.g. inf Security+ Last Minute Review Guide (SYO-701) Multifactor authentication (MFA) systems thentication technologies from two or n following categorie: © Something you know factors rely upon secret information, © Something you have f: possession of an object, such as a sm: © Something you are f ch ics of a persol fin ors rely print © Somewhere you are factors rely upon a user's p cal location. ntication tec! of errors. False positive errors occur when a system ct. It is measured using FAR). False negative errors ts a valid user, measured the false rejection rate (FRR). We evaluate the jectiveness of an authentication technology using the crossover error rate (CER), as shown in the diagram below: FAR FRR 2 S « 5 CER a Sensitivity Business continuity planning conducts a business Impact assessment and then implements contro d to keep the business running during adv tackups provide 2 Remember that there are tant disaster recovery contro najor categories of backup: ed FullBackup | Copies allfiles on a system. Differential | Copies all files on a system that have changed Backup since the most recent full backup. Incremental | Copies allfiles on a system that have changed Backup since the most recent full or incremental backup. impe three Disaster recovery sites fit into thr eG eed een ed Coldsite | Yes No. No. ‘Warmsite | Yes Yes No. Hot Site [Yes Yor Yes major ¢ .gories: ery plans require testing. There are four jor tost typ eed Tabletop Plan participants review the plan and their exercises specific role 3s.a group or individully. Simulation | DR team participates in a scenario-based exercise that uses the DR plan without implementing technical recovery controls. Parallel DR team activates alternate processing processing | eapabilties without taking down the primary site, Fall over DR team switches the primary site to a secondary site to simulate a disaster. TCP Three-Way Handshake DNS c ARP conver NAT conve Load balancers distri many identical servers, OSI Model Layer Description Application | Serves as the point of integration for user applications with the network Presentation | Transforms user-friendly data into machine-friendly data; encryption Session Establishes, maintains, and terminates sessions Transport _ | Manages connection integritys TCP, UDP, SSL, TLS Network | Routes packets over the network: IP, IOMP, BGP, IPSec, NAT Data Link | Formats packets for transmission; Ethernet, ARP, MAC addresses Physical Encodes data into bits for transmission over wire, nverts between main names. and IP addre tween public and private IP addresses, between MAC b fiber, or radio Network switches generally work at layer 2 ani connect directly to endpoints or oth Switches may also crea wit te virtual LANs (VLANs) ernal networks at layer 2. Security+ Last Minute Review Guide (SYO-701) Routers generally work at layer 3 and connect networks to each other. Firewalls are the primary network curity control used to separate networks c secutity levels. TLS should be used to secure net communications. $8L is no longer s IPSec uses Authentication Headers (AH) to provide authentication, integrity and non-repudiat Data at Rest Data stored on a system or media device Data in Transit | Data in motion over a network Data in Use Data being actively processed in memory of sensitive information i © Personally Identifiable Information (Pll) uniquely dividuals and is regulated by many state and local laws. The most wel 0 are the Europ ion’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). © Protected health Information (PHI) inc! individual health records and is regulated Health Insurance Portability and Accountability Act (HIPAA). © Payment card information (PC!) in and debit Payment Card Industry Data Security Standard (Pci Dss). © Proprietary Information in: maintained by an organiz: ludes credit trade secret 4 YN Security+ Last Minute Review Guide (SYO-701) Data retention standards describe how organization should preserve records. Data that is no RESTRICTED longer needed should be securely destroye The principle of data sovereignty says that data is CONFIDENTIAL subj the legal requirements of any jurisdi where it is collected, stored, processed, or ecurity frameworks provid ong the TOP SECRET CRITICAL CONFIDENTIAL transmitted. templates private _ for security activities. These include COBIT, NIST CSF and ISO 27001/2. UNCLASSIFIED PuBLic Due care is taking reasonable steps to protect the INFORMATION CLASSIFICATION interest of the organization. Due dillgence ensures those si ps ar out. he shared responsibility differ vendo bilities depending upon the cate respo service. las. Paas Saas = 3 Hardware Hardware DataCenter Data Center Data Center Customer Vendor Responsibilities Responsibil Security+ Last Minute Review Guide (SYO-701) Threat int it ligence allows an ¢ hanges in the threat lar nto learn ape, including attacker identit and techniques. C n threat intelligence s include: ° nt (OSINT) © Proprietary threat intelligenc © Vulnerability databa ° ° 23 Telnet 25 SMTP 53 ONS 80 HTTP. 10. POPS: 123 NIP 135, 137-139, 445 | Windows File Sharing 143 IMAP. 161/162 SNMP. aaa HTTPS: 636 LDAPS: 1433/1434 ‘SQL Server 1521 Oracle 1720 Ha23 1723 PPIP 3389 ROP ‘9100 HP JetDirect Printing Structured Threat Information eXpression (STIX) is used to provide a ized format for exchanging threat information, while the Trusted Automated eXchange of Intelligence Information (TAXII) defines a protocol for the transmission of this informa mponent: curity automation envir Enterr may deploy mobile devices in a var models: © Corporate-owned (CO) provides devic business use only © Corporate-owned, personally enabled (COPE) sers to mix business and personal use © Choose your own device (CYOD) allc ce for bu Companies should use mobile device management (MDM) tools to enforce a variety of mobile security controls, including ng application mote wiping of los olocation and ge g and olen de fencing services ° ° k ning techniq} © TCPSY! YN connectior Xmas FIN, PSH, and URG fla 4 YN Security+ Last Minute Review Guide (SYO-701) Network vulnerability scanning first c ctive services on the network and th vices for known vulnerabilities. Web application vulnerability scans use tools that specialize in probing n Vulnerability and Ass VAL) he Common Vulnerability Scoring System (CVSS) rates the b application weaknesses, rity of security vulnerabilities based upon eight cri 1. Attack Vector (AV) julnerability management workflow includes thre 2. Attack Complexity (AC ‘eps: detection, remediation, and validation. 3. Privileges Required (PR) ser Interaction (UI) lation of remediation includes verlfying the diation, rescanning the affected sys periodic auditing and Common parameters that you may nfiguring vulnerability scans inclu © Using credentialed scans to log onto ta systems and improve scan accuracy. © Using a combination of server-based scans that run over the network and agent-based scans tha -ombines all eight of these factors a om 0.0 to 10.0, with the followir severity descriptions: coo Rating run on the local system. © Using different scan pers stodetermine the [20 bene) external view that an outside attacker would see and | 0-88 Low the Internal view available to an insider or an attacker 5 4069 Medium that has already gained a foothold on the network 70-89 High | Active scanning techniques engage with the ta 90-100 Critica system to probe it for known vulnerabilities while passive scanning techniques are stealthier. Passi sans do not e je with the target system but a Does the vulnerability actually exist? to identify vulnerabilities by observing network traffic Yes No and other system characteristics. The Security Content Automation Protocol (SCAP) sg‘ provides a standard framework for vulnerability £5 sment. It includes the following components: EN © Common Vulne xposures (CVE) 3 © Common Vuine! coring System (CVSS) = © Common Configuration Enumeration (CCE) © Common Platform Enumeration (CPE) Bug bounty programs offer public rewards to security © Extensible Configuration Checklist Description _ researchers who submit reports of new vulnerabilitie Format (XCCDF) toa firm Security Information and event management (SIEM) systems aggregate and cor rity log information received from many di urces, Security orchestration, automation, and response (SOAR) systems U responses after s Management console Ll <->) Information Sources Security Devices

    You might also like