1.1

Question 1

CIA Triad

Answer 1

-confidentiality
-availability
-integrity

Question 2

confidentiality

Answer 2

Involves using techniques to allow only approved subjects with the ability to view information

Question 3

what technique does confidentiality generally use?

Answer 3

cryptography

Question 4

what does confidentiality measure?

Answer 4

Measures an attacker’s ability to get unauthorized access to data or information from an application or
system

Question 5

confidentiality info includes:

Answer 5

-passwords
-cryptographic keys
-personally identifiable (PII)
-personal health info (PHI)
-intellectual property (IP)

Question 6

examples of confidentiality:

Answer 6

• Using an IPsec virtual private network (VPN)
• Leveraging mutual Transport Layer Security (TLS) between a web browser and web server or controller
• Storing sensitive data or credentials in a mobile device partition or secure enclave
• Implementing Advanced Encryption Standard (AES) encryption on data at rest
  in storage (file, block, object, databases, etc.)

Question 7

integrity

Answer 7

Involves safeguarding against improper information
modification or destruction

Is a property that data or information have not been
altered or damaged in an unauthorized way

Question 8

examples of integrity:

Answer 8

• An operating system that performs a mathematical checksum when a file is moved or copied from one volume to another
• A frame check sequence conducted on an Ethernet frame when sent from one MAC address to another
• A hashed message authentication code applied to advertisements sent between neighbor systems such as routers or gateways
• Implementation of a mandatory access model technique such as Biba or ClarkWilson

Question 9

Availability

Answer 9

the process of ensuring timely
and reliable access to and use of information

Question 10

availability is a property of:

Answer 10

data, information, applications, systems, or services that are accessible and usable upon demand by an authorized subject

Question 11

high availability

Answer 11

a failover feature to
ensure availability during device or
component interruptions both, planned and unplanned

Question 12

examples of availability:

Answer 12

Implementing security controls that protect systems and services from spoofing, flooding, denial-of service (DDoS), poisoning, and other attacks that negatively affect the ability to deliver data, content,
or services

Question 13

non-repudiation

Answer 13

refers to enforcing the
inability of a subject to deny that they participated in a digital transaction, agreement, contract, or communication such as an email

Question 14

non-repudiation example:

Answer 14

if you take a pen and sign a
(legal) contract, your signature is a nonrepudiation device

Question 15

what is the 3 components of AAA?

Answer 15

-Authentication
-Authorization
-Accounting

Question 16

Authentication

Answer 16

the process of validating that an
entity (user, application, or system) is who or what they claim to be

-mandatory

Question 17

Authorization

Answer 17

the process of granting an
authenticated entity permission to access a resource or perform a specific function

-optional

Question 18

Accounting

Answer 18

– basically, when did the entity begin, when did it end, and how long did they do it?

Question 19

Character mode

Answer 19

sends keystrokes
and commands (characters) to a
network admission device for the
purpose of configuration or
administration on THAT same device

Question 20

Packet (or network) mode

Answer 20

occurs when the network admission device serves as an authentication proxy on behalf of services in other networks such as the web, File Transfer Protocol (FTP), domain name system (DNS), etc.

Question 21

Transmission Control Protocol (TCP)

Answer 21

three-way communication handshake before the
authentication process

Question 22

Accounting is generally implemented for two use cases:

Answer 22

• Monitoring, visibility, and reporting
• Billing, chargeback, and reporting

Question 23

Remote Authentication Dial-in User Service (RADIUS)

Answer 23

one of the most popular Internet Engineering Task Force (IETF)-based AAA services, and it is known for exceptional accounting capabilities

Question 24

authenticating people

Answer 24

confirming that they are who they claim to be

This confirms only those with authorized credentials
gain access to secure systems

Question 25

the most common factors for authenticating people:

Answer 25

Usernames/webmail/email and a password

Question 26

The subjects that can also be authenticated besides people are often called “non-person entities” (NPEs):

Answer 26

• Laptops and pads
• Mobile devices
• Gateways and load balancers
• Robotics systems
• Embedded devices
• Internet of Things (IoT) endpoints

Question 27

Endpoint (or device) authentication

Answer 27

a security technique designed to ensure that only authorized devices can connect to a given network, site, or service

Question 28

Endpoint fingerprinting

Answer 28

one way to enable authentication of non-traditional network
endpoints such as smart card readers, HVAC systems, medical equipment, and IP-enabled door
locks

Question 29

endpoint authentication methods

Answer 29

• A shared secret key stored on endpoints (wireless) or infrastructure devices
• An X.509 v3 device certificate stored in a software application
• A cryptographic key, certificate, or other credential stored at the hardware level in a trusted platform module
• A key stored in a hardware security module (HSM)
• A protected access file (PAC) in a Cisco infrastructure

Question 30

Authorization model: Discretionary access control (DAC)

Answer 30

grants access control decisions to the resource owners and custodians

**most prone to privilege creep

Question 31

DAC offers:

Answer 31

flexibility and allows resource owners to have fine-grained control over access, but it can also
result in inconsistent access control decisions

Question 32

privilege creep

Answer 32

gradual accumulation of access rights beyond what individuals need to do their job

Question 33

Authorization model: Role-based access control (RBAC)

Answer 33

grants access based on predefined roles or job titles

Users are assigned roles, and access rights are associated with these roles

Question 34

examples of RBAC

Answer 34

• Various roles in a hospital or medical center
• Built-in roles in a database management system

Question 35

Authorization model: Mandatory access control (MAC)

Answer 35

a strict mathematical model where access to resources is
determined by the system based on predefined security labels and rules

**This is a “non-discretionary” model

Question 36

examples of principals that are assigned security clearances or classification levels:

Answer 36

-top secret
-secret
-confidential

Question 37

Authorization model: Attribute-based access control (ABAC)

Answer 37

grants access based on a combination of characteristics associated with users,
resources, and environmental conditions

Question 38

ABAC attributes can include:

Answer 38

user attributes (job title, department)
resource attributes (sensitivity level,
classification)
environmental attributes (time of access, location)

Question 39

Authorization model: Attribute-based dynamic access control (ABDAC)

Answer 39

combines the principles of attribute-based access
control (ABAC) with dynamic access control (DAC)

It considers dynamic factors such as risk assessment, user attributes, resource attributes, and contextual
information to make access control decisions in real time

Question 40

Access control rules define:

Answer 40

conditions or criteria that
must be met for access to be granted

Question 41

access control rules can be based of several factors:

Answer 41

user attributes,
resource attributes
time of access

Question 42

Access decisions are made by:

Answer 42

comparing these rules
against the context of the access request – usually IP transport and network layer header metadata

Question 43

security control categories (4):

Answer 43

-technical
-managerial
-operational
-physical

Question 44

technical controls

Answer 44

Are security mechanisms that the specific systems run – either manually or, more often,
automated and orchestrated

Question 45

technical controls deliver:

Answer 45

confidentiality, integrity, authenticity, and availability protections

Question 46

common technical controls:

Answer 46

*Identity and access management (IAM) engines
*Infrastructure security and device
hardening
*Cryptographic key management and HSMs
*Cloud-based threat modeling tools
*SIEM and SOAR systems

Question 47

managerial (administrative) controls

Answer 47

define policies, procedures, best practices, and guidelines

Question 48

examples of managerial controls

Answer 48

• No piggybacking (tailgating)
• Acceptable use policies
• Best practices and guidelines
• Password policies
• Screening, hiring, and termination procedures
• Mandatory vacations
• Training and awareness

Question 49

operational controls

Answer 49

support ongoing maintenance,
due care, and continual improvement

Question 50

examples of operational controls:

Answer 50

• Optimizing the change and configuration management database
• Performing tested patch management
• Conducting awareness and training
• Monitoring physical and environmental controls
• Conducting incident response and disaster planning testing and drills
• Performing software assurance initiatives
• Managing mobile devices and mobile applications on an ongoing basis

Question 51

physical controls

Answer 51

are introduced to protect the
campus, facility, environment, and people

Question 52

examples of physical controls

Answer 52

• Various physical barriers
• Guards and security teams
• Cameras and surveillance equipment
• Different types of sensors and alarms
• Locking mechanisms
• Secure safes, cabinets, cages, and areas
• Mantraps and Faraday cages
• Fire detection and suppression systems
• Environmental controls

Question 53

security control types (6):

Answer 53

-Preventative
-Deterrent
-Detective
-Corrective
-Compensating
-Directive

Question 54

Preventative

Answer 54

Stops an attacker
from successfully
conducting an exploit
or advanced
persistent threat

Question 55

Deterrent

Answer 55

Discourages an
attacker from initiating or
continuing an attack

Question 56

Detective

Answer 56

Identifies an attack
that is occurring as
well as the steps of
the kill chain

Question 57

Corrective

Answer 57

Restores a system to
state before the negative event
occurred; can simply rectify or correct an identified problem

Question 58

Compensating

Answer 58

Aids controls that are
already in place or provides a temporary stopgap solution

Question 59

Directive

Answer 59

Consists of mandatory policies
and regulations that are in place to maintain consistency and compliance