Download Cisco Cyberops Acronyms & Mnemonics: A Guide for Cybersecurity Pros and more Exams Cybercrime, Cybersecurity and Data Privacy in PDF only on Docsity!
Cisco Cyberops Acronyms and Mnemonics New Exam
100% Verified
Rabbits Were Delivering Expensive Instruments Carelessly, And Alice Acted - ANSWERThe Cyber Kill Chain defines seven steps-or phases-and sequences that a threat actor must go through to complete an attack. These include: Reconnaissance: The threat actor conducts research, gathers intelligence, and selectstargets.
Weaponization: The threat actor takes the information he has acquired during thereconnaissance phase and creates a weapon against targeted systems.
Delivery - The weapon is transmitted to the target using a delivery vector. Exploitation - The threat actor uses the weapon delivered to break the vulnerability andgain control of the target.
Installation - The threat actor establishes a back door into the system to allow forcontinued access to the target.
Command and Control (CnC) - The threat actor establishes command and control (CnC)with the target system.
Action on Objectives: The threat actor has successfully acted on the target system toachieve his original objective.
ACID -C - Capability ANSWER A - Adversary
I - Infrastructure D - Victim The "ACID" acronym is a play on the term "acid," which can symbolize the corrosive anddestructive nature of cyber attacks.
Here's how you can remember it with the ACID acronym: Adversary: The bad guys trying to breach your defenses, akin to corrosive acid. Capability: The tools and techniques the adversary uses, which can eat away at yoursecurity measures.
Infrastructure: The adversary's underlying systems and resources that enable theattack-the infrastructure that might carry the acid.
Dictim: The ultimate target of the attack, who gets "burned" by the adversary's ACID. IETF stands for. -community of network designers, operators, vendors, and researchers concerned with ANSWER Internet Engineering Task Force. an open international the evolution of Internet architecture and the smooth operation of the Internet ESP -confidentiality, integrity, and authentication. ANSWER Encapsulated Security Payload. An option within IPsec to provide
SMB -sharing files, printers, and other resources between nodes on a network, most ANSWER Server Message Block. It is a network protocol used primarily for especially in Microsoft Windows environments. EMM -designed to secure corporate data on employees' mobile devices. ANSWER Enterprise Mobility Management refers to services and technologies
randomizes memory addresses currently in use, which can help ensure that an attackercannot predict where their shellcode will reside within memory in order to execute it. Can be bypassed by using a technique known as egg-hunting. Which involves executinga code stub that will ID where the attacker's malciouis payload is located within memory. PCAP - ANSWER Packet Capture. Data packets flowing through a capture device or devices, are systematically recordedin a continuous and chronological manner, and hence are a representative of the network traffic and patterns for that period of time. A file containing packets captured from a protocol analyzer or sniffer. OSI All People Seem To Need Data Processing - ANSWER Application Presentation SessionTransport Network Data LinkPhysical
Prepare Incident Response Plan During Real Life Hack - ANSWER NIST Prepare IncidentResponse Plan DetectRespond
Recover Learn Handle Incident Response :Perfect Identification Can Diminish incidents. P.I.C.D. Prepare Intelligent Cyber Defenders - ANSWER Breakdown: P - Preparation (Conduct training on incident response) I - Identification (Identify, analyze and validate incidents) C - Containment (Contain, eradicate and recover from incidents) D - Documentation (Document how incidents are handled - post incident activities) Explanation: It starts with mnemonic "P.I.C.D." which stands as starting letters for first four phases,viz. "Prepares" reminds you that the first phase is Preparation, involving training."Intelligent" reminds you of the second phase of Identification, Analysis, and Validation of incidents. "Cyber" hints at the nature of the incidents being addressed."Containment" is the third phase, reminding you to implement procedures to contain, eradicate, and recover. "Defenders" suggests that those responding to incidents aredefending the organization's assets. "Documentation" reminds you of the final post-incident activities phase. GRE tunnel - ANSWER Generic Routing Encapsulation (GRE) tunnel
SPAN - ANSWER "Switched Port Analyzer." It is a feature that allows the monitoring orcapturing of traffic on one or more ports on a switch and sends that traffic to another port for analysis or inspection. ACL - ANSWER Access control list. a series of commands that control whether a deviceforwards or drops packets
SNMP - ANSWER Simple Network Management Protocol. allow administrators to manage network devices Retrieves information about the functioning of network devices WSA - ANSWER Web Security Appliance iptables - ANSWER internet protocol tables. This is an application that gives a way for Linux system administrators to establish ruleson network access that is part of the Linux kernel Netfilter modules
AVC -application layer data to identify the application instead of relying on TCP and UDP port ANSWER Application visibility and control. Cisco proprietary that looks at the numbers. Used with cisco NGFW. ASA - ANSWER Firewall appliance Cisco ASA supports logging capabilities: The Cisco ASA supports the following types of logging capabilities:
Console logging Terminal logging ASDM loggingEmail logging External syslogserver logging External SNMP logging to the serverLogging in a buffered way
ESA - The ANSWER E-mail Security Appliance PRI -the message priority or severity which will be logged. In ANSWER, the Priority value is part of the syslog message header. It decides The PRI includes two elements: Facility Severity ICMP -ping. Many DoS attacks use ICMP. It is common to block ICMP at firewalls and routers. If ANSWER Internet Control Message Protocol. Used for diagnostics such as ping fails, but other connectivity to a server succeeds, it indicates that ICMP is blocked. IPv4 -on the Internet. ANSWER Internet Protocol version 4. The dominant protocol for routing traffic
IPv6 -addressing the issue of IP address exhaustion. ANSWER Internet Protocol version 6. A new protocol developed to replace IPv4,
CVSS - ANSWER (Common Vulnerability Scoring System). A risk management
NAC - Network access control. Inspects clients for health and can restrict networkaccess to unhealthy clients to a remediation network. Clients run agents and these agents report status to a NAC server. NAC is used for VPN and internal clients. MACfiltering is a form of NAC.
MAC - Media Access Control HTTPS - Hypertext Transfer Protocol Secure VLAN - ANSWER Virtual local area network. A VLAN can logically group severaldifferent computers together, or logically separate computers, without regard to their physical location. It is possible to create multiple VLANs with a single switch. SOC - ANSWER Security Operations Center NIST Computer Security Incident Handling Guide -assists organizations in developing and improving their computer security incident ANSWER Purpose: The guide response capability, including incident handling procedures, incident response teamstructure, and incident handling tools and techniques.
Incident Handling Life Cycle: The guide identifies four major phases of the incidenthandling life cycle: a. Preparation: Creating an incident response capability with resources. b. Detection and Analysis: Detecting and analyzing potential incidents.c. Containment, Eradication, and Recovery: Containing the incident, mitigating its effects, and recovering from the incident. d. Post-Incident Activity: Learning from the incident and improving incident responsecapabilities.
Incident Response Team: The guide recommends establishing an incident responseteam with specific roles and responsibilities, such as team lead, incident handler, and
security analyst. Incident Response: It provides detailed procedures to respond to various types ofincidents, which include denial-of-service attacks, malicious code incidents, unauthorized access incidents, and data breaches. Incident Response Tools: It discusses various tools and technologies that may be usedfor incident handling; examples include intrusion detection systems, security information and event management systems, and forensic analysis tools. Coordination and Information Sharing: The guide emphasizes the importance ofcoordinating incident response activities with internal and external stakeholders, as well as sharing information about incidents and threats with relevant organizations. Metrics and Measurements: The guide suggests developing metrics and measurementsto evaluate the effectiveness of an organization's incident response capabilities and identify areas for improvement. TLS - ANSWER Transport Layer Security. Used to encrypt traffic on the wire. TLS is the replacement for SSL and like SSL it usescertificates issued by CAs. PEAP-TLS makes use of TLS to encrypt the authentication process and PEAP-TLS requires a CA to issue the certificates. Uses server name, trusted CA, and public key DoS - Denial of Service: An attack vector aimed at disrupting or making computersystems, networks, or services unavailable by overwhelming the system with a massive amount of traffic or requests. Resource exhaustion evasion technique SIEM - Security Information and Event ManagementReal-time reporting and long-term analysis of security events
Entries in an ARP table are time-stamped and are purged after the timeout expires. WinDBG - ANSWER Windows Debugger used by black hats to reverse engineer binary files when writing exploits OSSEC - ANSWER Open source host-based intrusion detection System(iDS) Sguil - ANSWER a cyberoperation analyst console. Cybersecurity analysts can use it to investigate and verify exploits. Snort - ANSWER Network Intrusion Detction System. A NIDS that uses rules to detect exploits. RADIUS acronym and features -Dial-In User Service. ANSWER RADIUS stands for Remote Authentication
Supports the following features: RADIUS authentication and authorization as one process Encrypts only the password. Utilizes UDP
Supports remote-access technologies, 802.1X, and Session Initiation Protocol (SIP) RADIUS Authentication definition and key components -protocol that permits central Authentication, Authorization, and Accounting ANSWER is a client-server management for computer access. The main components of RADIUS authentication include: RADIUS Client: Normally, the client is a NAS, which can be a router, switch, or wirelessaccess point, acting as an intermediary between the user/device and the RADIUS server. RADIUS Server: The central server, which is also referred to as the RADIUS server,maintains user credentials and authentication policies. It receives the access request from the RADIUS client, authenticates the user/device, and sends an accept or rejectmessage.
Authentication Process: The RADIUS client sends an Access-Request message to theRADIUS server with the credentials of the user-for example, username and password-each time a user or device attempts to gain access to the network. TheRADIUS server authenticates these details against its database and responds with an accept or reject message. AAA - ANSWER Authentication, authorization, and accounting. A group of technologies used in remote access systems. Authentication establishes who a user is. Authorization decides whether a user shallhave access. Accounting is keeping track of a user's access via logs. Sometimes known as the AAAs of security. VERIS - Vocabulary for Event Recording and Incident Sharing
supports a comprehensive set of authentication, authorization, and accounting (AAA),posture, and network profiler features in a single device.
SDLC - ANSWER Software Development Life Cycle. A software development process. Many different models are available. The waterfall model suits it because this is a successive process of developing softwarewhere progress is seen flowing from high order to low steadily downwards through well-identified phases. The major advantage of a waterfall approach is the orderlinesswhich can be brought out and easily documented also.
FMC - stands for "Cisco Firepower Management Center." It is a centralized management console for managing security appliances such as CiscoFirepower Threat Defense, Cisco Firepower Next-Generation Intrusion Prevention System, among other security products. The Firepower Management Center gives administrators a single place to configure,monitor, and analyze network security policies and events.
ELK - ANSWER Elasticsearch, Logstash, Kibana strong open source analytics platform components of :
- shipper
- broker and indexer3. search and storage
- web interface
An active fish speaks in continuous stream - ANSWER Cisco PSIRT process
- Awareness
- Active management3. Fixed Determined
- Communication plan
- Integration and migration6. Notification
- Feedback PSIRT - ANSWER Product Security Incident Response Team incident response teams from external outlook CSIRT -monitoring, discovering and responding to security incidents ANSWER Computer Security Incident Response Team, the group tasked with
incident response teams from an internal perspective MSIRT - ANSWER not a type of incident response team. "Microsoft Security Incident Response Team." This team inside Microsoft is responsiblefor coordinating the response to security incidents involving Microsoft products and services. They work to analyze and mitigate security threats, coordinate with internaland external stakeholders, and provide guidance to customers and partners regarding security issues. CERT - Computer Emergency Response Team. A team of individuals that react to
It's a command-line utility that is used to query DNS name servers for retrieving DNSinformation about domain names, such as IP addresses, mail exchange servers, and authoritative name servers. It's a multi-purpose tool widely used for troubleshootingDNS-related problems and gathering DNS-related data.
Reconnaissance step BYOD - ANSWER (bring your own device) The practice of allowing users to use their own personal devices to connect to anorganizational network.
The rights and activities that will be allowed within the corporate network. Safeguardsagainst any compromise of a personal device. Definition of the amount of access workers are allowed during connecting to corporate. IETF -organization, which develops and promotes voluntary Internet standards, particularly ANSWER the Internet Engineering Task Force is an open standards the standards that comprise the Internet protocol suite (TCP/IP). IETF guidelines most volatile to least volatile temporary file systemsremote logging and monitoring data archival media, tape or other backups memory registers, cachesphysical interconnections and topologies non-volatile media, fixed and removable routing table, ARP cache, process table, kernel statistics, RAM - ANSWER 1. (mostvolatile) memory registers, caches
- routing table, ARP cache, process table, kernel statistics, RAM
- temporary file systems
- non-volatile media, fixed and removable
- remote logging and monitoring data
- physical interconnections and topologies7. (least volatile) archival media, tape or other backups
SLAAC - ANSWER Stateless Address Autoconfiguration. A method that a device can learn its IPv6 addressing information without a DHCPv6server. IPv6 Router Advertisements are used in ICMPv6 message type and provides networkaddressing information to the host for SLAAC NSM - ANSWER Network Security Monitor two kinds of unreadable network traffic which could be eliminated from data collectedby NSM is IPsec and SSL traffic IPsec - ANSWER Internet Protocol Security. Used to encrypt traffic on the wire and can operate in both tunnel mode and transportmode. It leverages tunnel mode for VPN traffic. IPsec is baked into IPv6, but it can also function with IPv4, and it encompasses both AH and ESP. AH provides authenticationand integrity and ESP provides confidentiality, integrity, and authentication. IPsec uses port 500 for IKE w/VPN connections. This will help reduce the enormous amount of data collected and allow cybersecurityanalysts to focus on critical threats by eliminating some less important or unusable data from the datasets. For example, encrypted data, such as IPsec and SSL traffic, could beeliminated because it is unreadable in a reasonable time frame.
AMP - ANSWER Advanced Malware Protection Cisco AMP for Networks and AMP for Endpoints go beyond point-in-time detection andinclude mitigation capabilities.
