2nd Part Flashcards

Question 1

Q

What is Risk Management?

Answer

A

It is the process of identifying risks, analyzing, treating, monitoring, and reporting new risks in an organization.

Question 2

Q

What are some types of Risk Assessment frequency?

Answer

A

Risk Assessment frequency is how often a risk assessment is performed.

Ad hoc Risk assessment - This kind of risk assessment is performed during some specific event or situation that can introduce new risks to the organization and change the nature of existing risks.
Reoccurring Risk Assessment
One-time Risk Assessment
Continuous Risk Assessment

Question 3

Q

What is Risk Identification and how we do the business impact analysis of these risks?

Answer

A

It is the process of identifying all the risks that can impact an organization.
Business impact analysis of these risks is done by finding out these terms:

Recovery time objective - It is the maximum time for which a service can remain down
Recovery point objective - It is the maximum amount of data in time that an organization can afford to lose.
MTTR - Mean time to repair
MTBF - Mean time between failures

Question 4

Q

What is Risk Register and what kind of information is included in these registers?

Answer

A

Risk Register is file that will keep track of all the organization’s risks and the information regarding these risks.
It is a key tool in Risk Management -

It has information like following -

Risk description, its impact, likelihood, risk level/threshold, Risk KRI (Key risk indicators), Risk owner.

Question 5

Q

What is Risk appetite of an organization and what kind of risk appetite does organizations have?

Answer

A

Risk appetite is the maximum level of residual risk that an organization can take to maximize its profits.

Organizations have mainly 3 kinds of risk appetite -

Neutral risk appetite
Conservative risk appetite
Expansionary risk appetite

Question 6

Q

What are 2 kinds of Risk analysis that we can perform in an organization?

Answer

A

Qualitative risk analysis- This analysis is done based on the risk impact and its likelihood.

Impact is in terms of cost and the business function that it will impact.

Quantitative risk analysis-

Question 7

Q

What is Quantitative risk analysis and how it is performed?

Answer

A

Quantitative risk analysis involves finding out risk in numbers.
It is performed by finding the following terms:

Single loss Expectancy
Exposure factor - Proportion of an asset that is lost in an event.
Annualized rate of occurrence
Annualized Loss Expectancy

Question 8

Q

What are different kinds of Risk management strategies?

Answer

A

Risk mitigation

Risk Acceptance

Risk transfer - like transferring it to insurance

Risk Avoidance

Question 9

Q

What is Risk monitoring and reporting?

Answer

A

It involves continuously tracking identified risks, assessing new risks, executing response plans, and evaluating their effectiveness during a project’s lifecycle.

Question 10

Q

What are 3rd party vendor risks?

Answer

A

These are potential security and operational challenges introduced by external entities (vendors, suppliers or service providers)

there are hardware supply chain risks
software supply chain risks
MSP (Managed Service provider) risk

Question 11

Q

What are supply chain attacks and how can we protect from them?

Answer

A

Supply Chain attacks are attacks that are targeted on a weaker link in the supply chain.

To protect from these-

Regularly monitor and audit
Do vendor due diligence
Education and collaboration with other companies
Incorporating contractual safeguards

Question 12

Q

How can we perform a vendor assessment?

Answer

A

Penetration testing
review your contract with the vendor and make sure we have a Right To Audit clause.
there should be internal testing by vendor
there should also be a independent assessment

Question 13

Q

What is MD5 algorithm?

Answer

A

MD5 is a hashing algorithm. It creates a key digest of 128 bits.
Because the key digest value is short, that is why it is susceptible to Hashing Collision attack.

Question 14

Q

What is SHA algorithm?

Answer

A

SHA stands for Secure hashing

SHA1 creates a message digest of 160 bits

SHA2 has many hashing algorithms in it like following -
SHA224
SHA256
SHA348
SHA512

SHA3 also goes from 224 bit message digest to 512 but it uses 120 rounds of computation.

Question 15

Q

What is RIPEMD hashing algorithm?

Answer

A

RIPEMD stands for Race Integrity Primitive Evaluation Message Digest.
This is not very popular.
comes in 160, 256 and 320 message digest version

Question 16

Q

What is HMAC (Hash-Based Message Authentication code)?

Answer

A

It is a widely used in different protocols like IPsec, Oauth, TLS etc and can be used for providing integrity and some level of authenticity. It is also used in APIs for authentication.

It works by combining the hashing functions with a shared secret key between two parties. (Hast of meaase and the key might be sent to the recipient for integrity and authenticity)

Normally it is paired with other algorithms and has name like -
HMAC-MD5
HMAC-SHA1
HMAC-Sha256

Question 17

Q

What are digital signatures?

Answer

A

In Digital signatures, hash of a file is created and then it is encrypted with the private key of message sender. This Cipher text is called Digital Signature.
So a digital signature needs a hashing algorithm and a public/asymmetric algorithm.

Few algorithms used in Digital signatures -

DSA - Digital Signature Algorithm
RSA
Elliptic Curve Cryptography version of either DSA or SHA

Question 18

Q

What are Birthday attack (related to hashing collision) and pass the Hash attack?

Question 19

Q

What are few ways to increase the strength of our hashes?

Answer

A

Key Stretching
Salting
Peppering

With Salting and Peppering, we can prevent Rainbow attack

Question 20

Q

What is PKI?

Answer

A

Public Key Infrastructure is an entity that relates a public key to someone’s identity and creates trust within networks for exchanging the information securely.

Question 21

Q

What is certificate Authority?

Answer

A

It is an entity that issues digital certificates and keeps the level of trust between all of the certificated authorities around the world.

Question 22

Q

What is an key escrow?

Answer

A

It is a 3rd party entity with which we can keep our cryptographic keys secure.

Question 23

Q

What is a digital certificate?

Answer

A

It is a digitally signed document that binds a public key with a user’s identity.
The user could be a person, server or any other device.

The certificates commonly use x.509 standard.

Question 24

Q

What is a wildcard certificate?

Answer

A

A wildcard certificate is an certificate that is valid for more than one system that falls under the same root domain.

Question 25

Q

What is SAN (Subject Alternate name) field in a certificate?

Answer

A

A certificate that specifies what additional domains and IP addresses are going to be supported.

Question 26

Q

What is single sided certificate and dual sided certificate?

Answer

A

Dual sided certificate - when both endpoints on the connection authenticate to each other.

Question 27

Q

What is Self Signed certificate?

Answer

A

Digital certificate that is signed by the same entity whose identity it certifies.
It is not vouched by a 3rd party.

Question 28

Q

What is certificate signing request?

Answer

A

A block of encoded text that contains information about the entity requesting the certificate.
The CSR is used by the CA to create digital certificate.

Question 29

Q

What is registration authority?

Answer

A

This is the entity that requests identifying information from the user and forwards that certificate request up to the certificate authority to create the digital certificate.

Question 30

Q

What is certificate revocation list?

Answer

A

It is list that contains certificates that has been revoked by the CA.
When we connect to a website, our browser go to the CA to get the public key for the web server. Before giving the public key back to the browser, CA first checks whether the certificate associated with the public key is still valid.

Question 31

Q

What is OCSP and OCSP stapling?

Answer

A

OCSP - Online certificate status protocol - it allows to determine the revocation status of any digital certificate using its serial number.

Question 32

Q

What is Block chain?

Answer

A

It is a shared immutable ledger for recording transactions, tracking assets and building trust.

There is a concept of smart contracts in them too.

Question 33

Q

What TPM?

Answer

A

TPM stands for Trusted Platform Module.
It is a dedicated micro-controller designed to secure hardware through integrated cryptographic keys.

Question 34

Q

What is HSM?

Answer

A

Hardware Security Module -
It is a key Management System.
It is a physical device that safeguards and manages digital keys, primarily used for mission-critical situations like financial transactions.

Question 35

Q

What is a Secure enclave?

Answer

A

Secure enclave can be software based or hardware based (like Intels Software Guard Extension- SGX).
Their function is provide a Trsuted Execution Environment (TEE) for Sensitive data so it can run in isolation and stay protected even if the sorrunding environment gets compromised.

It is isolated from the main processor.

our iphone biometrics are saved in it.

Question 36

Q

What is Obfuscation?

Answer

A

Process of obscuring information.

It make use of following techniques -

Masking
Tokenization
Steganography

Question 37

Q

What is Steganography?

Answer

A

It is all about concealing message within another.

Question 38

Q

What are some cryptographic attack?

Answer

A

Downgrade attack -
Collision attack -
Threats related to quantum computing

Question 39

Q

What is meta data?

Answer

A

Meta Data is the data that has the information about the actual data like data type, file name, owner etc

Question 40

Q

What is RTP and SRTP protocol?

Answer

A

RTP stands for Real Time Protocol - it is a protocol that is used to transport audio and video traffic over the internet.
RTPS - Real Time Protocol Secure is secure version of RTP that encrypts audio and video data with TLS and it uses UDP transport protocol for delivery.

Question 41

Q

What is SIP protocol?

Answer

A

SIP stands for Session Initiation Protocol.
It is the protocol that is responsible for establishing, maintaining and terminating the audio/video connection.
Normally SIP messages contain meta data.

Question 42

Q

What is SCP protocol?

Answer

A

SCP stands for Secure Copy and it underlying protocol is SSH and it is used to securely coping some file over the internet.

Question 43

Q

What port number is used by TFTP - Trivial File Transfer Protocol?

Answer

A

TFTP uses port number 69

Question 44

Q

What is difference between SFTP and FTPS?

Answer

A

SFTP uses SSH for transferring files and FTPS - File Transfer Protocol Secure secures files transfer using TLS.

Question 45

Q

What protocol numbers are used by SMTP, POP3, IMAP3?

Answer

A

SMTP - Simple Mail Transfer Protocol - It uses port number 25 for sending unencrypted emails and port number 587 for encrypted emails.

POP3 - Post Office Protocol uses port number 110 for unsecure connection and port number 995 for secure-connection

IMAP3 uses port number 143 for unencrypted emails and 993 for encrypted emails.

Question 46

Q

What is port number is used by Kerbros in ADDS (Active Directory Domain Service), RDP, and LDAP (light weight Directory Access protocol)

Answer

A

Kerbros uses TCP port 88
LDAP uses port number 389 (plaintext) and port number 636 (Encrypted)

RDP uses port number 3389

Question 47

Q

What is open SSH?

Answer

A

It is a suite of tools that is simplifies the used of SSH protocol to connect to remote servers securely.

We can enable passwordless authentication with SSH.

Command to create cryptographic keys -

ssh-keygen -t rsa

Command to send the private key to s remote server -

ssh-copy-id mandy_server

Question 48

Q

What is DHCP snooping?

Answer

A

It is a feature that we can enable in switches to protect against rouge DHCP servers.

Using this feature, the switch port to which actual DHCP sever is connected is trusted. New DHCP clients will only accept their IPs from this port.

Question 49

Q

What is the name of the common DNS software that is used on the internet?

Answer

A

BIND - Berkley Internet Domain Name - It is mostly run on unix systems.

Question 50

Q

What port number is used by DNS?

Answer

A

DNS uses TCP port 53 for port transfers.
And UDP port 53 for domain name resolution.

Question 51

Q

How can we protect against DNS poisoning attacks?

Answer

A

To protect from Poisoning attacks, DNSSEC is used that is basically a (resource record signature) / digital signature that helps with authenticating.

Question 52

Q

What are nslookup and dig command?

Answer

A

nslookup is used in windows to query DNS servers.
dig is a command used in Linux systems.

Question 53

Q

What command can we use to print the routing table in Linux and Windows?

Answer

A

route print

Question 54

Q

What are Web application firewalls?

Answer

A

WAF are used to protect web applications/severs to threats.

Question 55

Q

What are some of the common features of NGFW?

Answer

A

Deep packet inspection at the application layer level.
URL filtering, content filtering.

Question 56

Q

What is difference intranet and extranet?

Answer

A

Intranet is only accessible to internal employees.
Extranet is accessible to external people too but who are authorized.

Question 57

Q

What is concept of east to west traffic?

Answer

A

It is a concept of network diagrams in which servers traffic flow from east to west.

Question 58

Q

What is unified threat management?

Answer

A

UTM combines a number of security controls in one. For example - a single device can perform packet inspection, url filtering, content filtering, block attacks like DDOS etc.

Question 59

Q

What is a jump server?

Answer

A

Jump server device is used to connect users/ devices from one zone to another in a very secure manner.

Question 60

Q

What is difference between acquisition and procurement?

Answer

A

Acquisition is process of acquiring something.
Procurement involves a number of different processes in it.
It is also the process of acquiring something, including proceeding steps that will be covered in another question.

Question 61

Q

What are the main payment methods for purchasing goods/services?

Answer

A

Company credit card
Individual purchase
Use of purchase order or PO

Question 62

Q

What is a purchase order/PO?

Answer

A

PO is a kind of contract/ signed document that is sent by the purchase department of one company to another service or goods provider that legally makes a company to a provide at a certain time.

Question 63

Q

What are some of the steps involved in procurement?

Answer

A

Approval -
Before we can place an order, first it will require approval. During approval process, concerned entity will check whether the cost of service or good is within their budget.

There will also check whether it aligns with the organization goals and if it is compatible with existing organization operations.

Question 64

Q

What are common mobile asset deployment models?

Answer

A

BYOD - Bring Your Own device - this one is most cost effective. But in terms of security, it is not very secure. Before allowing some BYOD device to access company data, it should be first checked for minimum version requirements and it should go through specific security checks.

CYOD - Choose Your Own Device - In this model, employees are given option of choosing a device.

COPE - Corporate Owner Personally Enabled - This model lets employees use company device for personal use if user is ok with that.

Answer 64

A

Assessment management process entails a number of processes in it. It make sure all the assets in the organization are accounted for and organization is getting the maximum output from these assets.

Asset management accomplishes main 2 tasks -

Asset assignment/Accounting
Asset monitoring/tracking

Answer 65

A

Asset assignment/accounting means all the assets (doesn’t matter whether it is a physical document or digital asset like some application license) are assigned to someone and then they are documented in some ledger.

Asset monitoring/tracking means documenting asset specifications like version number or other specification so that we can find easily track assets that are at the end of their life or the assets that have versions that contain vulnerabilities.
Tracking part mean knowing the exact location of a asset.

Another part of asset management is Enumeration is identifying assets and counting their numbers. It can help us find any assets that are not part of the organization.

Answer 66

A

Sanitization
Destruction
Certification

Answer 67

A

Overwriting - It involves overwriting data multiple time. It can single pass, 7 pass, 35 pass.
Degaussing - It involves the process of strong magnetic field.
Encryption techniques -
It involves destroying the encryption keys.
(less secure than encryption techniques) Secure Erase - This process completely deletes the data from a storage while ensuring it can’t be recovered.
Secure erase feature is normally added at the firmware level.

Answer 68

A

Shredding
Pulverizing
Melting
Incinerating

Answer 69

A

It is an act of proof that the data or hardware has been securely disposed of.

In Data life-cycle, organization should have data retention policies.
Data retention tells how long data should be kept.

Answer 70

A

It is the process of implementing changes in an organization.
It is organization’s strategy to transition from its existing stage to an desired stage.
It make sure changes are made in a controlled environment after considering all its implications on other organization processes.

Answer 71

A

First a need for change is identified and then a change ticket is submitted and this change request goes for approval.
So who approves these change request - CAB (Change Advisory Board).

Then CAB conducts other assessments related to this change.
For example - They make sure that this change will bring an positive outcome to the organization or department. This change will be compatible with the current organization operations.

Also, there is always a change owner associated with a change who is responsible for change initiation and other functions.

Also, it is important to talk with stakeholders about this change and keep them updated about the change.

Answer 72

A

CAB stands for Change Advisory Board. This is a group of individuals from various parts of the organization who are responsible for evaluation of proposed changes.

Change Owner - this is the person or group who is responsible for initiating the change and will explain how this change is to be beneficial and if there could be any implications of this change.

Stakeholders - Stakeholder is any individual or group who is to be impacted by the change.
Normally there are 3 kinds of stakeholders -
1. Technical stakeholders
2. Business Stakeholders
3. End user-based stakeholders.

Answer 73

A

Impact analysis involves analyzing the impacts of proposed change and asking a number of questions like following -

What could go wrong?
What would be the immediate effects?
How would the log term operations be impacted?
Are there unforseen changes that might cause an issue?

Answer 74

A

Preparation - It involves engaging with stakeholders, ensuring preparedness, gathering necessary resources.
Vision for Change -
Implementation
Verification
Documentation

Answer 75

A

Scheduled maintenance window
Creation of a Backout plan
Testing for results
Use of standard operating procedures. SOP is a step by step instruction that guides the carrying out of a specific task to maintain consistency and efficiency.

Answer 76

A

Deny/Allow list
Restricted Activities - make sure changes are not bringing any restricted activities in organization processes.
Downtime
Service and application restarts
Legacy applications
Dependencies

Brainscape's Knowledge GenomeTM

2nd Part Flashcards

Brainscape's Knowledge Genome^TM