2nd Part Flashcards

1
Q

What is Risk Management?

A

It is the process of identifying risks, analyzing, treating, monitoring, and reporting new risks in an organization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are some types of Risk Assessment frequency?

A

Risk Assessment frequency is how often a risk assessment is performed.

  1. Ad hoc Risk assessment - This kind of risk assessment is performed during some specific event or situation that can introduce new risks to the organization and change the nature of existing risks.
  2. Reoccurring Risk Assessment
  3. One-time Risk Assessment
  4. Continuous Risk Assessment
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is Risk Identification and how we do the business impact analysis of these risks?

A

It is the process of identifying all the risks that can impact an organization.
Business impact analysis of these risks is done by finding out these terms:

  1. Recovery time objective - It is the maximum time for which a service can remain down
  2. Recovery point objective - It is the maximum amount of data in time that an organization can afford to lose.
  3. MTTR - Mean time to repair
  4. MTBF - Mean time between failures
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is Risk Register and what kind of information is included in these registers?

A

Risk Register is file that will keep track of all the organization’s risks and the information regarding these risks.
It is a key tool in Risk Management -

It has information like following -

Risk description, its impact, likelihood, risk level/threshold, Risk KRI (Key risk indicators), Risk owner.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is Risk appetite of an organization and what kind of risk appetite does organizations have?

A

Risk appetite is the maximum level of residual risk that an organization can take to maximize its profits.

Organizations have mainly 3 kinds of risk appetite -

  1. Neutral risk appetite
  2. Conservative risk appetite
  3. Expansionary risk appetite
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are 2 kinds of Risk analysis that we can perform in an organization?

A

Qualitative risk analysis- This analysis is done based on the risk impact and its likelihood.

Impact is in terms of cost and the business function that it will impact.

Quantitative risk analysis-

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is Quantitative risk analysis and how it is performed?

A

Quantitative risk analysis involves finding out risk in numbers.
It is performed by finding the following terms:

  1. Single loss Expectancy
  2. Exposure factor - Proportion of an asset that is lost in an event.
  3. Annualized rate of occurrence
  4. Annualized Loss Expectancy
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are different kinds of Risk management strategies?

A

Risk mitigation

Risk Acceptance

Risk transfer - like transferring it to insurance

Risk Avoidance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is Risk monitoring and reporting?

A

It involves continuously tracking identified risks, assessing new risks, executing response plans, and evaluating their effectiveness during a project’s lifecycle.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are 3rd party vendor risks?

A

These are potential security and operational challenges introduced by external entities (vendors, suppliers or service providers)

  • there are hardware supply chain risks
  • software supply chain risks
  • MSP (Managed Service provider) risk
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are supply chain attacks and how can we protect from them?

A

Supply Chain attacks are attacks that are targeted on a weaker link in the supply chain.

To protect from these-

  • Regularly monitor and audit
  • Do vendor due diligence
  • Education and collaboration with other companies
  • Incorporating contractual safeguards
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

How can we perform a vendor assessment?

A
  • Penetration testing
  • review your contract with the vendor and make sure we have a Right To Audit clause.
  • there should be internal testing by vendor
  • there should also be a independent assessment
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is MD5 algorithm?

A

MD5 is a hashing algorithm. It creates a key digest of 128 bits.
Because the key digest value is short, that is why it is susceptible to Hashing Collision attack.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is SHA algorithm?

A

SHA stands for Secure hashing

SHA1 creates a message digest of 160 bits

SHA2 has many hashing algorithms in it like following -
SHA224
SHA256
SHA348
SHA512

SHA3 also goes from 224 bit message digest to 512 but it uses 120 rounds of computation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is RIPEMD hashing algorithm?

A

RIPEMD stands for Race Integrity Primitive Evaluation Message Digest.
This is not very popular.
comes in 160, 256 and 320 message digest version

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is HMAC (Hash-Based Message Authentication code)?

A

It is a widely used in different protocols like IPsec, Oauth, TLS etc and can be used for providing integrity and some level of authenticity. It is also used in APIs for authentication.

It works by combining the hashing functions with a shared secret key between two parties. (Hast of meaase and the key might be sent to the recipient for integrity and authenticity)

Normally it is paired with other algorithms and has name like -
HMAC-MD5
HMAC-SHA1
HMAC-Sha256

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What are digital signatures?

A

In Digital signatures, hash of a file is created and then it is encrypted with the private key of message sender. This Cipher text is called Digital Signature.
So a digital signature needs a hashing algorithm and a public/asymmetric algorithm.

Few algorithms used in Digital signatures -

  • DSA - Digital Signature Algorithm
  • RSA
  • Elliptic Curve Cryptography version of either DSA or SHA
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What are Birthday attack (related to hashing collision) and pass the Hash attack?

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What are few ways to increase the strength of our hashes?

A
  1. Key Stretching
  2. Salting
  3. Peppering

With Salting and Peppering, we can prevent Rainbow attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What is PKI?

A

Public Key Infrastructure is an entity that relates a public key to someone’s identity and creates trust within networks for exchanging the information securely.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What is certificate Authority?

A

It is an entity that issues digital certificates and keeps the level of trust between all of the certificated authorities around the world.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What is an key escrow?

A

It is a 3rd party entity with which we can keep our cryptographic keys secure.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What is a digital certificate?

A

It is a digitally signed document that binds a public key with a user’s identity.
The user could be a person, server or any other device.

The certificates commonly use x.509 standard.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

What is a wildcard certificate?

A

A wildcard certificate is an certificate that is valid for more than one system that falls under the same root domain.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

What is SAN (Subject Alternate name) field in a certificate?

A

A certificate that specifies what additional domains and IP addresses are going to be supported.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

What is single sided certificate and dual sided certificate?

A

Dual sided certificate - when both endpoints on the connection authenticate to each other.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

What is Self Signed certificate?

A

Digital certificate that is signed by the same entity whose identity it certifies.
It is not vouched by a 3rd party.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

What is certificate signing request?

A

A block of encoded text that contains information about the entity requesting the certificate.
The CSR is used by the CA to create digital certificate.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

What is registration authority?

A

This is the entity that requests identifying information from the user and forwards that certificate request up to the certificate authority to create the digital certificate.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

What is certificate revocation list?

A

It is list that contains certificates that has been revoked by the CA.
When we connect to a website, our browser go to the CA to get the public key for the web server. Before giving the public key back to the browser, CA first checks whether the certificate associated with the public key is still valid.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

What is OCSP and OCSP stapling?

A

OCSP - Online certificate status protocol - it allows to determine the revocation status of any digital certificate using its serial number.

30
Q

What is Block chain?

A

It is a shared immutable ledger for recording transactions, tracking assets and building trust.

There is a concept of smart contracts in them too.

31
Q

What TPM?

A

TPM stands for Trusted Platform Module.
It is a dedicated micro-controller designed to secure hardware through integrated cryptographic keys.

31
Q

What is HSM?

A

Hardware Security Module -
It is a key Management System.
It is a physical device that safeguards and manages digital keys, primarily used for mission-critical situations like financial transactions.

32
Q

What is a Secure enclave?

A

Secure enclave can be software based or hardware based (like Intels Software Guard Extension- SGX).
Their function is provide a Trsuted Execution Environment (TEE) for Sensitive data so it can run in isolation and stay protected even if the sorrunding environment gets compromised.

It is isolated from the main processor.

  • our iphone biometrics are saved in it.
33
Q

What is Obfuscation?

A

Process of obscuring information.

It make use of following techniques -

  • Masking
  • Tokenization
  • Steganography
34
Q

What is Steganography?

A

It is all about concealing message within another.

35
Q

What are some cryptographic attack?

A

Downgrade attack -
Collision attack -
Threats related to quantum computing

36
Q

What is meta data?

A

Meta Data is the data that has the information about the actual data like data type, file name, owner etc

37
Q

What is RTP and SRTP protocol?

A

RTP stands for Real Time Protocol - it is a protocol that is used to transport audio and video traffic over the internet.
RTPS - Real Time Protocol Secure is secure version of RTP that encrypts audio and video data with TLS and it uses UDP transport protocol for delivery.

38
Q

What is SIP protocol?

A

SIP stands for Session Initiation Protocol.
It is the protocol that is responsible for establishing, maintaining and terminating the audio/video connection.
Normally SIP messages contain meta data.

39
Q

What is SCP protocol?

A

SCP stands for Secure Copy and it underlying protocol is SSH and it is used to securely coping some file over the internet.

40
Q

What port number is used by TFTP - Trivial File Transfer Protocol?

A

TFTP uses port number 69

41
Q

What is difference between SFTP and FTPS?

A

SFTP uses SSH for transferring files and FTPS - File Transfer Protocol Secure secures files transfer using TLS.

42
Q

What protocol numbers are used by SMTP, POP3, IMAP3?

A

SMTP - Simple Mail Transfer Protocol - It uses port number 25 for sending unencrypted emails and port number 587 for encrypted emails.

POP3 - Post Office Protocol uses port number 110 for unsecure connection and port number 995 for secure-connection

IMAP3 uses port number 143 for unencrypted emails and 993 for encrypted emails.

43
Q

What is port number is used by Kerbros in ADDS (Active Directory Domain Service), RDP, and LDAP (light weight Directory Access protocol)

A

Kerbros uses TCP port 88
LDAP uses port number 389 (plaintext) and port number 636 (Encrypted)

RDP uses port number 3389

44
Q

What is open SSH?

A

It is a suite of tools that is simplifies the used of SSH protocol to connect to remote servers securely.

We can enable passwordless authentication with SSH.

Command to create cryptographic keys -

ssh-keygen -t rsa

Command to send the private key to s remote server -

ssh-copy-id mandy_server

45
Q

What is DHCP snooping?

A

It is a feature that we can enable in switches to protect against rouge DHCP servers.

Using this feature, the switch port to which actual DHCP sever is connected is trusted. New DHCP clients will only accept their IPs from this port.

46
Q

What is the name of the common DNS software that is used on the internet?

A

BIND - Berkley Internet Domain Name - It is mostly run on unix systems.

47
Q

What port number is used by DNS?

A

DNS uses TCP port 53 for port transfers.
And UDP port 53 for domain name resolution.

48
Q

How can we protect against DNS poisoning attacks?

A

To protect from Poisoning attacks, DNSSEC is used that is basically a (resource record signature) / digital signature that helps with authenticating.

49
Q

What are nslookup and dig command?

A

nslookup is used in windows to query DNS servers.
dig is a command used in Linux systems.

50
Q

What command can we use to print the routing table in Linux and Windows?

A

route print

51
Q

What are Web application firewalls?

A

WAF are used to protect web applications/severs to threats.

52
Q

What are some of the common features of NGFW?

A

Deep packet inspection at the application layer level.
URL filtering, content filtering.

53
Q

What is difference intranet and extranet?

A

Intranet is only accessible to internal employees.
Extranet is accessible to external people too but who are authorized.

54
Q

What is concept of east to west traffic?

A

It is a concept of network diagrams in which servers traffic flow from east to west.

55
Q

What is unified threat management?

A

UTM combines a number of security controls in one. For example - a single device can perform packet inspection, url filtering, content filtering, block attacks like DDOS etc.

56
Q

What is a jump server?

A

Jump server device is used to connect users/ devices from one zone to another in a very secure manner.

57
Q

What is difference between acquisition and procurement?

A

Acquisition is process of acquiring something.
Procurement involves a number of different processes in it.
It is also the process of acquiring something, including proceeding steps that will be covered in another question.

58
Q

What are the main payment methods for purchasing goods/services?

A
  1. Company credit card
  2. Individual purchase
  3. Use of purchase order or PO
59
Q

What is a purchase order/PO?

A

PO is a kind of contract/ signed document that is sent by the purchase department of one company to another service or goods provider that legally makes a company to a provide at a certain time.

60
Q

What are some of the steps involved in procurement?

A
  1. Approval -
    Before we can place an order, first it will require approval. During approval process, concerned entity will check whether the cost of service or good is within their budget.

There will also check whether it aligns with the organization goals and if it is compatible with existing organization operations.

61
Q

What are common mobile asset deployment models?

A

BYOD - Bring Your Own device - this one is most cost effective. But in terms of security, it is not very secure. Before allowing some BYOD device to access company data, it should be first checked for minimum version requirements and it should go through specific security checks.

CYOD - Choose Your Own Device - In this model, employees are given option of choosing a device.

COPE - Corporate Owner Personally Enabled - This model lets employees use company device for personal use if user is ok with that.

62
Q

What is asset management?

A

Assessment management process entails a number of processes in it. It make sure all the assets in the organization are accounted for and organization is getting the maximum output from these assets.

Asset management accomplishes main 2 tasks -

  1. Asset assignment/Accounting
  2. Asset monitoring/tracking
63
Q

Define asset management processes - Asset assignment/accounting and asset monitoring/tracking?

A

Asset assignment/accounting means all the assets (doesn’t matter whether it is a physical document or digital asset like some application license) are assigned to someone and then they are documented in some ledger.

Asset monitoring/tracking means documenting asset specifications like version number or other specification so that we can find easily track assets that are at the end of their life or the assets that have versions that contain vulnerabilities.
Tracking part mean knowing the exact location of a asset.

Another part of asset management is Enumeration is identifying assets and counting their numbers. It can help us find any assets that are not part of the organization.

64
Q

What are 3 parts of asset disposal and decommissioning as described in NIST Special Publication 800-88?

A
  1. Sanitization
  2. Destruction
  3. Certification
65
Q

Define sanitation techniques for asset disposal.

A
  1. Overwriting - It involves overwriting data multiple time. It can single pass, 7 pass, 35 pass.
  2. Degaussing - It involves the process of strong magnetic field.
  3. Encryption techniques -
    It involves destroying the encryption keys.
  4. (less secure than encryption techniques) Secure Erase - This process completely deletes the data from a storage while ensuring it can’t be recovered.
    Secure erase feature is normally added at the firmware level.
66
Q

What are the destruction techniques in Asset disposal?

A

Shredding
Pulverizing
Melting
Incinerating

67
Q

What is certification process in asset disposal?

A

It is an act of proof that the data or hardware has been securely disposed of.

In Data life-cycle, organization should have data retention policies.
Data retention tells how long data should be kept.

68
Q

What is change management?

A

It is the process of implementing changes in an organization.
It is organization’s strategy to transition from its existing stage to an desired stage.
It make sure changes are made in a controlled environment after considering all its implications on other organization processes.

69
Q

What are some of the pre-processes in change management processes?

A
  1. First a need for change is identified and then a change ticket is submitted and this change request goes for approval.
    So who approves these change request - CAB (Change Advisory Board).

Then CAB conducts other assessments related to this change.
For example - They make sure that this change will bring an positive outcome to the organization or department. This change will be compatible with the current organization operations.

Also, there is always a change owner associated with a change who is responsible for change initiation and other functions.

Also, it is important to talk with stakeholders about this change and keep them updated about the change.

70
Q

Who is CAB, Change Owner, and Stakeholders in Change Management?

A

CAB stands for Change Advisory Board. This is a group of individuals from various parts of the organization who are responsible for evaluation of proposed changes.

Change Owner - this is the person or group who is responsible for initiating the change and will explain how this change is to be beneficial and if there could be any implications of this change.

Stakeholders - Stakeholder is any individual or group who is to be impacted by the change.
Normally there are 3 kinds of stakeholders -
1. Technical stakeholders
2. Business Stakeholders
3. End user-based stakeholders.

71
Q

Define impact analysis part of change management?

A

Impact analysis involves analyzing the impacts of proposed change and asking a number of questions like following -

  1. What could go wrong?
  2. What would be the immediate effects?
  3. How would the log term operations be impacted?
  4. Are there unforseen changes that might cause an issue?
72
Q

What are 5 main Change Management processes?

A
  1. Preparation - It involves engaging with stakeholders, ensuring preparedness, gathering necessary resources.
  2. Vision for Change -
  3. Implementation
  4. Verification
  5. Documentation
73
Q

What are some of the must-have parts of change management?

A
  1. Scheduled maintenance window
  2. Creation of a Backout plan
  3. Testing for results
  4. Use of standard operating procedures. SOP is a step by step instruction that guides the carrying out of a specific task to maintain consistency and efficiency.
74
Q

What are some of the technical implication of changes?

A
  1. Deny/Allow list
  2. Restricted Activities - make sure changes are not bringing any restricted activities in organization processes.
  3. Downtime
  4. Service and application restarts
  5. Legacy applications
  6. Dependencies