1.4-2.2

Question 1

tpm

Answer 1

trusted platform module. cryptographic processor, random number generator, key generator. password protected

Question 1

hsm

Answer 1

hardware security module. high end cryptographic hardware, stores thousands of crypto keys. used for multiple devices or in large environments.

Question 2

key management system

Answer 2

on premises or cloud based. manage from a centralized manager(third party software) all key from one console.

Question 3

secure enclave

Answer 3

the tpm for mobile devices. does all encryption and other security features.

Question 4

obfuscation

Answer 4

process of making something unclear. how receipts only give last 4 of credit card

Question 5

steganography

Answer 5

concealed writing. message is invisible. invisible watermarks

Question 6

audio steganography

Answer 6

modify the digital audio file, secret message within the audio.

Question 7

video steganograpy

Answer 7

a sequence of images, use image steganography on a larger scale.

Question 8

tokenization

Answer 8

replace sensitive data with a non sensitive placeholder. ssn 111-12-1111 is now 235-45-4581

Question 9

data masking

Answer 9

data obfuscation, may only be hidden from view, control the view based on permissions.

Question 10

collision

Answer 10

different inputs create same hash

Question 11

salting

Answer 11

random data added to a password when hashing.

Question 12

blockchain

Answer 12

a distributed ledger, keep track of transactions with inherent security options.

Question 13

Open public ledger

Answer 13

A public ledger is an open-access network; anyone can join at any time. The public ledger is fully decentralized, and no single entity controls the blockchain network.

Question 14

self signed

Answer 14

Internal certificates don’t need to be signed by public CA. Build your own CA.

Question 15

root of trust

Answer 15

inherently trusted component. trusted from someones elses.

Question 16

certificate signing requests

Answer 16

send your public and private key with your identifying info. to the CA to be signed that is the (Certificate Signing Request, (CSR))

The CA validates the request

CA digitally signs the certificate with their private key.

Question 17

wildcard certificates

Answer 17

allows a certificate to support many different domains.

Question 18

threat actors

Answer 18

the entity responsible for an event that has an impact on the safety of another entity.

Question 19

what are attributes of threat actor

Answer 19

internal/external
resources/funding
level of sophistication/capability

Question 20

nation states

Answer 20

external entity
-govt and national security.

Question 21

hacktivist

Answer 21

a hacker with a purpose.
-motivated by philosophy, revenge

Question 22

organized crime

Answer 22

professional criminals.
-motivated by money
-Very sophisticated

Question 23

shadow IT

Answer 23

going rogue
-working around the internal IT organization
-builds their own infrastructure.

Question 24

threat vectors

Answer 24

method used by attacker to gain access or infect target.

Question 25

file based vector

Answer 25

adobe pdf, zip/rar, microsoft office

Question 26

vulnerable software vectors

Answer 26

client-based. such as an -infected executable, or known or unknown vulnerabilities
agentless- meaning the attacker would infect the server

Question 27

msps

Answer 27

managed service providers.

Question 28

smishing

Answer 28

sms phishing

Question 29

vishing

Answer 29

voice phishing