1. General Security Concepts

Question 1

1.1 Categories of Controls

Answer 1

Technical, Managerial, Operational, Physical

Question 2

1.1 Control Types

Answer 2

Preventative, Deterrent, Detective, Corrective, Compensating, Directive

Question 3

1.1 Operational vs. Managerial control categories

Answer 3

managerial is policies and training, operational is changes in daily operating procedures such as recovery plans, audits, and change management

Question 4

1.2 AAA

Answer 4

Authentication, Authorization, Accounting

Question 5

1.2 Gap analysis

Answer 5

evaluate current posture against standards

Question 6

1.2 Gap analysis steps

Answer 6

1. establish a baseline
2. identify gaps
3. analyze cause
4. develop an action plan

Question 7

1.2 Zero-trust control plane vs data plane

Answer 7

Control plane are policies and configurations such as RBAC, reducing threat scope, and adaptive identity of users

Data plane: technologies such as firewall and network data.

Question 8

1.2 PEP vs. PDP

Answer 8

PEP is the gatekeeper (inline network) and communicates with PDP

PDP is made up of the Policy Administrator and Policy Engine, not inline

Question 9

1.2 Physical security sensors

Answer 9

infrared, pressure, microwave, ultrasonic

Question 10

1.2 Deception and disruption technology

Answer 10

Honeypot, Honeynet, Honeyfile, Honeytoken

Question 11

1.3 what is ownership in change management?

Answer 11

refers to who delegates responsibilities for change, not necessarily who does the change

Question 12

1.3 Technical implications of change management

Answer 12

Restricted activities such as configuration settings, downtime, service restarts, legacy applications, dependencies

Question 13

1.4 CA vs RA

Answer 13

RA is an intermediary between users and CA

Question 14

1.4 OCSP (relates to certificates)

Answer 14

Online Certificate Status Protocol, internet protocol to determine cert revocation

Question 15

1.4 Self-signed certificate

Answer 15

Can still verify the source because of the key pair usage, but the source is not necessarily trusted by the CA. Used in internal networks for development and testing

Question 16

1.4 CSR (relates to certificates)

Answer 16

Certificate Signing Request, block of code to request cert from CA

Question 17

1.4 Key Escrow

Answer 17

keys stored with a third party

Question 18

1.4 AES key length

Answer 18

128, 192, 256

Question 19

1.4 RSA key length

Answer 19

2048, 4096

Question 20

1.4 TPM

Answer 20

Trusted Platform Module, security chip that provides tamper resistance for cryptographic activity

Question 21

1.4 Secure Enclave

Answer 21

Area within CPU that is an isolated environment. runs things like Face ID.

Question 22

1.4 HSM

Answer 22

Hardware Security Module, dedicated hardware device for managing digital keys

Question 23

1.4 KMS

Answer 23

Key Management System, framework for managing key lifecycle

Question 24

1.4 Data Masking

Answer 24

Obscures data by altering values, static (copy of data) and dynamic (altered as it is accessed in real time)

Question 25

1.4 Tokenization

Answer 25

replaces sensitive data with non-sensitive, like card number tokens

Question 26

1.4 Key Stretching

Answer 26

running data through an algorithm multiple times

Question 27

1.4 How are digital signatures produced?

Answer 27

a hash is created and then encrypted with private key. People use public key to decrypt, and then hash their message to compare to the original hash.