1. General Security Concepts

Question 1

1.1 Control Categories

Answer 1

Technical: firewall, encryption, etc.
Operational: backup and recovery plans, change management
Managerial: Policies, training and awareness, IRP
Physical: locks, guards, etc.

Question 2

1.1 Control Types

Answer 2

Preventative: firewalls, encryption
Deterrent: training, warning signs
Detective: IDS, logs
Corrective: backup and recovery, IRP
Compensating: new, stronger methods such as MFA
Directive: Security policies, SOPs

Question 3

1.1 Operational vs. Managerial control categories

Answer 3

managerial is policies and training, operational is changes in daily operating procedures such as recovery plans, audits, and change management

Question 4

1.2 AAA

Answer 4

Authentication, Authorization, Accounting

Question 5

1.2 Gap analysis

Answer 5

evaluate current posture against standards

Question 6

1.2 Gap analysis steps

Answer 6

1. establish a baseline
2. identify gaps
3. analyze cause
4. develop an action plan

Question 7

1.2 Zero-trust control plane vs data plane

Answer 7

Control plane are policies and configurations such as RBAC, reducing threat scope, and adaptive identity of users

Data plane: technologies such as firewall and network data.

Question 8

1.2 PEP vs. PDP

Answer 8

PEP is the gatekeeper (inline network) and communicates with PDP

PDP is made up of the Policy Administrator and Policy Engine, not inline

Question 9

1.2 Physical security sensors

Answer 9

infrared, pressure, microwave, ultrasonic

Question 10

1.2 Deception and disruption technology

Answer 10

Honeypot, Honeynet, Honeyfile, Honeytoken

Question 11

1.3 what is ownership in change management?

Answer 11

refers to who delegates responsibilities for change, not necessarily who does the change

Question 12

1.3 Technical implications of change management

Answer 12

Restricted activities such as configuration settings, downtime, service restarts, legacy applications, dependencies

Question 13

1.4 CA vs RA

Answer 13

RA is an intermediary between users and CA

Question 14

1.4 OCSP (relates to certificates)

Answer 14

Online Certificate Status Protocol, internet protocol to determine cert revocation

Question 15

1.4 Self-signed certificate

Answer 15

Can still verify the source because of the key pair usage, but the source is not necessarily trusted by the CA. Used in internal networks for development and testing

Question 16

1.4 CSR

Answer 16

Certificate Signing Request, block of code to request cert from CA

Question 17

1.4 CRL

Answer 17

Certificate Revocation List

Question 18

1.4 Key Escrow

Answer 18

keys stored with a third party

Question 19

1.4 AES key length

Answer 19

128, 192, 256

Question 20

1.4 RSA key length

Answer 20

2048, 4096

Question 21

1.4 TPM

Answer 21

Trusted Platform Module, security chip that provides tamper resistance for cryptographic activity

Question 22

1.4 Secure Enclave

Answer 22

Area within CPU that is an isolated environment. runs things like Face ID.

Question 23

1.4 HSM

Answer 23

Hardware Security Module, dedicated hardware device for managing digital keys

Question 24

1.4 KMS

Answer 24

Key Management System, framework for managing key lifecycle

Question 25

1.4 Data Masking

Answer 25

Obscures data by altering values, static (copy of data) and dynamic (altered as it is accessed in real time)

Question 26

1.4 Tokenization

Answer 26

replaces sensitive data with non-sensitive, like card number tokens

Question 27

1.4 Key Stretching

Answer 27

running data through an algorithm multiple times

Question 28

1.4 How are digital signatures produced?

Answer 28

a hash is created and then encrypted with private key. People use public key to decrypt, and then hash their message to compare to the original hash.

Question 29

1.4 Blockchain

Answer 29

A digital ledger or record of transactions. It is immutable. Used for things like cryptocurrency

Question 30

1.4 ECB

Answer 30

Electronic Code Block, one of the AES encryption modes.

Plaintext is divided into blocks of fixed sizes and encrypts each block using the same key.

Question 31

1.4 CBC

Answer 31

Cipher Block Chaining, one of the AES encryption modes

A block is salted with random characters from the previous block’s ciphertext. Identical plaintext block won’t produce identical ciphertext blocks.

Question 32

1.4 CFB

Answer 32

Cipher FeedBack, one of the AES encryption modes

A block cipher is turned into a stream cipher by encrypting individual characters instead of blocks. Previous ciphertext characters are used to produce the encryption.

Question 33

1.4 OFB

Answer 33

Output Feedback, one of the AES encryption modes.

Stream cipher, encrypts a previous ciphertext segment and XORs it with the plain text to produce the cipher.

Question 34

1.4 CTR

Answer 34

Counter Mode, one of the AES encryption modes

transforms block cipher into a stream cipher, encrypts a counter value concatenated with a nonce, and then combines with plaintext to produce ciphertext