Search Results

Network Standard Topologies Mesh Topology Description: Every system is connected to every other system, providing multiple paths for data transmission. Types: Full Mesh: Every node connects to every other node. Common in critical networks like bank n...

UDP/TCP While TCP focuses on reliability and comprehensive data communication, UDP aims for speed and simplicity. A TCP packet is called a segment and a UDP packet is called a datagram.  The choice between TCP and UDP will largely depend on the needs of t...

Synchronous vs Asynchronous Synchronous Communication: Relies on a timing or clocking mechanism. Can be based on either an independent clock or a time stamp embedded in the data stream. Typically supports very high rates of data transfer, e.g., networkin...

Network Segmentation Definition: A strategy that divides a network into multiple segments or sub-networks, each being a network segment. Benefits: Performance Enhancement: Organize systems such that those that communicate frequently are in the same segm...

Wireless Networks Li-Fi: Uses light for communication, boasting speeds that surpass Wi-Fi. Zigbee: A low-energy wireless protocol tailored for IoT devices. Satellite: Leverages orbiting satellites for communication. Zigbee Personal Area Net...

Content Delivery Networks (CDN) A decentralized server network crafted to curtail delays when loading web content. CDNs are geographically dispersed networks of proxy servers and data centers. Their primary objective is to deliver content quickly and efficie...

Intrusion Detection & Prevention Systems Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) are integral tools in network security. Both IDS and IPS analyze entire packets, including the header and payload, in search of recognized events...

Firewalls Network security devices that monitor and filter incoming and outgoing network traffic based on an organization's previously established security policies. Filters traffic based on predefined security rules. Help to protecting networked syst...

Exam Outline Control Physical and logical access to assets Manage identification and authentication of people, devices, and services Federate identity with a third party service (the federated identity model) Implement and manage authorization mechanisms...

Security Controls Overview Security controls can be: Implemented Via: Administratively Logically/Technically Physically Types: Preventative Detective Corrective Deterrent Compensating Directive Recovery Categories: Logical/...

Risk Definition: The potential that a threat can exploit a vulnerability and cause damage to assets. Can be measured both quantitatively (using specific values) and qualitatively (using subjective judgment). information Two main aspects to ri...

Common Attacks Spoofed Logon Screen Description: Fake login screen captures user credentials. Prevention: Secure endpoints to prevent these fake screens. Consider mechanisms like Ctrl + Alt + Delete to access the login screen. Sniffe...

Introduction Security assessment and testing programs provide a mechanism for validating the ongoing effectiveness of security controls. It's crucial for organizations to have a security assessment and testing program defined and operational. Remember: We ar...

CISSP Domain 7: Security Operations 7.1 Understand and Comply with Investigations 7.2 Conduct Logging and Monitoring 7.3 Perform Configuration Management 7.4 Apply Foundational Security Operations Concepts 7.5 Apply Resource Protection 7.6 Conduct Inci...

Limiting Access & Damage Apply the Need-to-Know & Least Privilege theory: Limit access to data and systems; ensure users only access what they require. Not only preventative, but they also restrict the severity of incidents. Separation of Duties Ens...

Configuration & Change Management Helps in preventing incidents and outages. Configuration Management Aims to ensure similar system configurations. Example: ">Ensure directory indexing is set to off" to prevent  Makes sure configurations are...

Intrusion Systems Intrusion Detection System (IDS) Response Mechanism Passive Response: Logs and sends notifications. Active Response (Reactive): Can actively change the environment in response to threats. Types of IDS HIS (Host-based IDS) M...

Log Files & Monitoring Log Files Purpose: Record data in databases or files. Types: Authentication logs, security logs, system logs, app logs, firewall logs, proxy logs, etc. Storage: Protect by centrally storing and restricting access. Integrity: Arc...

Computer Crime in the Context of CISSP CISSP mainly focuses on US law. A computer crime is a violation of a law or regulation directed against or directly involving a computer. Some types of computer crimes include: Military and Intelligence Business...

Difference between BCP and DRP BCP (Business Continuity Planning): Focuses on the whole business. Encompasses communications, processes, and more. DRP (Disaster Recovery Planning): Concentrated on the technical aspects of recovery. DRP falls ...