Begin security testing.

Turn over deliverables.

Sign a formal contract with non-disclosure.

Assess what the organization is trying to protect.

Threaten to publish the penetration test results if not paid.

Follow proper legal procedures against the company to request payment.

Tell other customers of the financial problems with payments from this company.

Exploit some of the vulnerabilities found on the company webserver to deface it.

Ignore the problem completely and let someone else deal with it.

Create a document that will crash the computer when opened and send it to friends.

Find an underground bulletin board and attempt to sell the bug to the highest bidder.

Notify the vendor of the bug and do not disclose it until the vendor gets a chance to issue a fix.

Split DNS

DNSSEC

DynDNS

DNS Scheme

It can accelerate benchmark tests and repeat them with a consistent test setup. But it cannot replace manual testing completely.

It is an option but it tends to be very expensive.

It should be used exclusively. Manual testing is outdated because of low speed and possible test setup inconsistencies.

Test automation is not usable in security due to the complexity of the tests.

It is a network fault and the originating machine is in a network loop

It is a worm that is malfunctioning or hardcoded to scan on port 500

The attacker is trying to detect machines on the network which have SSL enabled

The attacker is trying to determine the type of VPN implementation and checking for IPSec

SYN

ACK

FIN

PSH

RST

No response

Turtle Trojans

Ransomware Trojans

Botnet Trojan

Banking Trojans

Steganography

Public-key cryptography

RSA algorithm

Encryption

Netsh firewall show config

WMIC firewall show config

Net firewall show config

Ipconfig firewall show config

Host

Stateful

Stateless

Application

Set a BIOS password.

Encrypt the data on the hard drive.

Use a strong logon password to the operating system.

Back up everything on the laptop and store the backup in a safe place.

Segregation of duties

Undue influence

Lack of experience

Inadequate disaster recovery plan

Auditors want to discover if all systems are following a standard naming convention.

A web server was compromised and management needs to know if any further systems were compromised.

There is an emergency need to remove administrator access from multiple machines for an employee that quit.

There is a monthly requirement to test corporate compliance with host application usage and security policies.

Ciphertext-only attack

Chosen key attack

Rubber hose attack

Rainbow table attack

The victim user must open the malicious link with an Internet Explorer prior to version 8.

The session cookies generated by the application do not have the HttpOnly flag set.

The victim user must open the malicious link with a Firefox prior to version 3.

The web application should not use random tokens.

Security tokens

Heating and air conditioning

Smoke and fire alarms

Corporate security policy

Vulnerability assessment

Penetration testing

Risk assessment

Security auditing

The digital representation of the biometric might not be unique, even if the physical characteristic is unique.

Authentication using a stored biometric compares a copy to a copy instead of the original to a copy.

A stored biometric is no longer "something you are" and instead becomes "something you have".

A stored biometric can be stolen and used by an attacker to impersonate the individual identified by the biometric.

Input validation flaw

HTTP header injection vulnerability

0-day vulnerability

Time-to-check to time-to-use flaw

Collision resistance

Bit length

Key strength

Entropy

Investigate based on the maintenance schedule of the affected systems.

Investigate based on the service level agreements of the systems.

Investigate based on the potential effect of the incident.

Investigate based on the order that the alerts arrived in.

Defense in depth

Three-way handshake

Covert channels

Exponential backoff algorithm

CSIRT provides an incident response service to enable a reliable and trusted single point of contact for reporting computer security incidents worldwide.

CSIRT provides a computer security surveillance service to supply a government with important intelligence information on individuals travelling abroad.

CSIRT provides a penetration testing service to support exception reporting on incidents worldwide by individuals and multi-national corporations.

CSIRT provides a vulnerability assessment service to assist law enforcement agencies with profiling an individual's property or company's asset.

Harvesting

Windowing

Hardening

Stealthing

Poly key exchange

Cross certification

Poly key reference

Cross-site exchange

Key registry

Recovery agent

Directory

Key escrow

Incident response services to any user, company, government agency, or organization in partnership with the Department of Homeland Security

Maintenance of the nation’s Internet infrastructure, builds out new Internet infrastructure, and decommissions old Internet infrastructure

Registration of critical penetration testing for the Department of Homeland Security and public and private sectors

Measurement of key vulnerability assessments on behalf of the Department of Defense (DOD) and State Department, as well as private sectors

OWASP is for web applications and OSSTMM does not include web applications.

OSSTMM is gray box testing and OWASP is black box testing.

OWASP addresses controls and OSSTMM does not.

OSSTMM addresses controls and OWASP does not.

Application layers can be separated, allowing each layer to be upgraded independently from other layers.

It is compatible with various databases including Access, Oracle, and SQL.

Data security is tied into each layer and must be updated for all layers when any upgrade is performed.

Application layers can be written in C, ASP.NET, or Delphi without any performance loss.

Classical cipher

Block cipher

Modern cipher

Stream cipher

MD5

SHA-1

RC4

MD4

Buffer overflow

Cross-site request forgery

Distributed denial of service

Cross-site scripting

Micro

Worm

Trojan

Virus

Reports

Testing tools

Metrics

Taxonomy of vulnerabilities

Paros Proxy

BBProxy

BBCrack

Blooover

Fast processor to help with network traffic analysis

They must be dual-homed

Similar RAM requirements

Fast network interface cards

Moves the MBR to another location on the RAM and copies itself to the original location of the MBR

Moves the MBR to another location on the hard disk and copies itself to the original location of the MBR

Modifies directory table entries so that directory entries point to the virus code instead of the actual program

Overwrites the original MBR and only executes the new virus code

Polymorphic virus

Multipart virus

Macro virus

Stealth virus

Network firewalls can prevent attacks because they can detect malicious HTTP traffic.

Network firewalls cannot prevent attacks because ports 80 and 443 must be opened.

Network firewalls can prevent attacks if they are properly configured.

Network firewalls cannot prevent attacks because they are too complex to configure.

PSK (phase-shift keying)

FSK (frequency-shift keying)

ASK (amplitude-shift keying)

QAM (quadrature amplitude modulation)

Restore a random file.

Perform a full restore.

Read the first 512 bytes of the tape.

Read the last 512 bytes of the tape.

Scripting languages are hard to learn.

Scripting languages are not object-oriented.

Scripting languages cannot be used to create graphical user interfaces.

Scripting languages are slower because they require an interpreter to run the code.

USB Grabber

USB Dumper

USB Sniffer

USB Snoopy

The operating system performs a one-way hash of the passwords.

The operating system stores the passwords in a secret file that users cannot find.

The operating system encrypts the passwords, and decrypts them when needed.

The operating system stores all passwords in a protected segment of non-volatile memory.

white box

grey box

red box

black box

Unauthenticated access

Weak SSL version

Cleartext login

Web portal data leak

Social engineering

Network traffic sniffing

Man in the middle attacks

Publicly accessible sources

Network sniffing

Permission sets

Integrity checking hashes

Firewall alerts

WHOIS

IANA

CAPTCHA

IETF

limited to those functions required to do the job.

given root or administrative privileges.

trusted to keep all data and access to that data under their sole control.

given privileges equal to everyone else in the department.

Ping sweep of the 192.168.1.106 network

Remote service brute force attempt

Port scan of 192.168.1.106

Denial of service attack on 192.168.1.106

Results matching all words in the query

Results matching “accounting” in domain target.com but not on the site Marketing.target.com

Results from matches on the site marketing.target.com that are in the domain target.com but do not include the word accounting

Results for matches on target.com and Marketing.target.com that include the word “accounting”

Threat identification, vulnerability identification, control analysis

Threat identification, response identification, mitigation identification

Attack profile, defense profile, loss profile

System profile, vulnerability identification, security determination

Port scan targeting 192.168.1.103

Teardrop attack targeting 192.168.1.106

Denial of service attack targeting 192.168.1.103

Port scan targeting 192.168.1.106

Preventative

Detective

Offensive

Defensive

Smart card authentication

Security policy

Audit trail

Continuity of operations plan

Sarbanes-Oxley Act (SOX)

Gramm-Leach-Bliley Act (GLBA)

Fair and Accurate Credit Transactions Act (FACTA)

Federal Information Security Management Act (FISMA)

At least once a year and after any significant upgrade or modification

At least once every three years or after any significant upgrade or modification

At least twice a year or after any significant upgrade or modification

At least once every two years and after any significant upgrade or modification

Truecrypt

Sub7

Nessus

Clamwin

Penetration testing

Social engineering

Vulnerability scanning

Access control list reviews

Employers promote monitoring activities of employees as long as the employees demonstrate trustworthiness.

Employers use informal verbal communication channels to explain employee monitoring activities to employees.

Employers use network surveillance to monitor employee email traffic, network access, and to record employee keystrokes.

Employers provide employees written statements that clearly discuss the boundaries of monitoring activities and consequences.

Control Objectives for Information and Related Technology (COBIT)

Sarbanes-Oxley Act (SOX)

Health Insurance Portability and Accountability Act (HIPAA)

Payment Card Industry Data Security Standards (PCI DSS)

By implementing written security procedures, enabling employee security training, and promoting the benefits of security

By using informal networks of communication, establishing secret passing procedures, and immediately terminating employees

By sharing security secrets with employees, enabling employees to share secrets, and establishing a consultative help line

By decreasing an employee's vacation time, addressing ad-hoc employment clauses, and ensuring that managers know employee strengths

Regulatory compliance

Peer review

Change management

Penetration testing

Process

Procedure

Policy

Paradigm

guidelines and practices for security controls.

financial soundness and business viability metrics.

standard best practice for configuration management.

contract agreement writing standards.