Potent Protocols
This transfer protocol typically uses ports 20 and 21
What is FTP?
This centralized system allows for a user to authenticate once and be granted access to all resources that the user has rights
What is Single Sign On? (SSO)
This log type in Windows deals with OS activity and it's component services.
What is a system log?
This cloud model is often shared between two or more organizations, often in same industry
What is a Community Cloud?
This team typically serves as oversight to both red and blue teams, and has the power to direct and halt hacking activities if they go beyond scope.
What is the white team?
This protocol is used to ensure all logging sources are synchronized to the same time source
What is Network Time Protocol (NTP)
Upon login, a user is presented with this document to read and agree to before allowed access to organization's resources.
What is an Acceptable Use Policy? (AUP)
For Non-Windows hosts, events are managed and logged by this.
What is syslog?
This cloud model is often less expensive than others, but does run the risk of "multitenant solutions"
What is a public cloud?
This exercise is typically facilitator led, where staff practice responses to a particular risk scenario.
What is a tabletop exercise?
These protocols enable the use of Virtual Private Networks (VPN). You must name all three for full points, but individual protocols are worth 100 each.
What are IPsec, SSH, and TLS?
This security measure requires a user to engage in at least two different authentication methods.
What is Multi-Factor Authentication?
In addition to making sure logs are synchronized to the same time source, logs should be accounted for any variation in this.
What are Time Zones?
Also can be termed as a "Virtual Private Cloud," this cloud service model allows for rapid generation of virtual servers, application and any other required functions.
What is Infrastructure as a Service? (IaaS)
This type of attack relies on over filling an application's designated memory allotment
What is a buffer overflow attack?
This protocol is typically used to transfer STIX
What is Extensible Markup Language? (XML)
This type of software collects data in one or more of the following methods: Listener/collector, sensor and agent based
What is a Security Incident and Event Manager? (SIEM)
This type of cloud software is typically enterprise management software designed to mediate access to cloud services by users across all types of devices
What is a Cloud Access Security Broker? (CASB)
This archaic communication method, now readily on the decline, is often used as a command and control platform.
What is Internet Relay Chat?
This protocol allows compatible scanners to determine whether a computer meets a configuration baseline
What is Security Content Automation Protocol?
This framework can ensure that email messaging is secured against spoofing when authentication fails, typically by flagging, quarantining or rejecting messages.
What is Domain-Based Message Authentication, Reporting and Conformance? (DMARC)
This security data can be used to detect pass the hash and golden ticket attacks.
What are Windows Security Logs?
Cloud storage containers are often referred to as these.
What are buckets or blobs?
This threat actor type has the potential to be the most devastating, but can be deflected with good security, account control and monitoring policy
What is an insider threat?