5 Security Operations

Question 1

an encryption algorithm is a

Answer 1

complex mathematical formula

Question 2

an encryption key is the

Answer 2

password

Question 3

The decryption algorithm and decryption key

Answer 3

reverse the process

Question 4

Protecting data at rest (stored) - 3 main areas

Answer 4

1 file encryption
2 disk encryption
3 device encryption

Question 5

Protecting data in transit (moving over a network) - 4 main areas

Answer 5

1 HTTPS
2 email
3 mobile applications
4 VPN

Question 6

2 main categories of encryption algorithms

Answer 6

symmetric and asymmetric

Question 7

Symmetric Encryption uses

Answer 7

• AES (Advanced Encryption Standard) algorithm
• encrypt and decrypt with the same (shared) key

Question 8

Asymmetric Encryption uses

Answer 8

• RSA (Rivest-Shamir-Adleman) algorithm
• asymmetric algorithms use different keys for encryption and decryption (must be from the same pair)

Question 9

Hash Functions (Message Digests) are

Answer 9

• one-way functions that transform a variable-length input into a unique, fixed-length output

Question 10

Common Hash Functions (6)

Answer 10

1 MD5 (Message Digest 5)
2 SHA 1 (Secure Hash Algorithm)
3 SHA 2
4 SHA 3
5 RIPEMD (Race Integrity Primitives Evaluation Message Digest)
6 HMAC (Hash-based Message Authentication Code)

Question 11

SHA 1

Answer 11

• 160-bit hash value
• no longer secure

Question 12

SHA 2

Answer 12

• produce different lengths (including 224, 256, 384, and 512 bit)
• some vulnerabilities but still widely used

Question 13

SHA 3

Answer 13

• uses Keccak algorithm to produce a hash of any desired length
• length is set by the person computing the hash, so is still fixed length

Question 14

RIPEMD

Answer 14

• alternative to SHA (due to trust issues with the US gov - SHA)
• 4 variants - 128 (no longer secure), 160 (widely used - bit coin transactions), 256, and 320 bit)

Question 15

HMAC

Answer 15

• combines symmetric cryptography with hashes to provide authentication and integrity for messages (protects against packet loss/tampering)
• sender uses a secret key (shared) a hash function (agreed upon)

Question 16

Data Lifecycle (6)

Answer 16

1 Create
2 Store
3 Use
4 Share
5 Archive
6 Destroy

Question 17

Data Sanitization Techniques (3)

Answer 17

1 Clearing (overwrite)
2 Purging (cryptographic functions,
degaussing)
3 Destroying

Question 19

Military data classifications (4)

Answer 19

1 top secret
2 secret
3 confidential
4 unclassified

Question 20

Business data classifications (4)

Answer 20

1 highly sensitive
2 sensitive
3 internal
4 public

Question 21

3 different types of information classification by external groups

Answer 21

1 PII
- information traceable to a specific person
2 PHI (HIPAA)
- medical records
3 PCI (Payment Card Information)
- numbers

Question 22

Logs (3 objectives from analyzing them)

Answer 22

1 Accountability (identity attribution)
- who caused the event?
- specific person, IP address, geographic area, etc

2 Traceability
- can help uncover all related events (path through distributed systems)

3 Auditability
- provide clear documentation of the event

Question 23

SIEM (Security Information and Event Management) - 2 major functions

Answer 23

1 central, secure collection point for logs
2 apply AI to correlate all the log entries
- detect patterns of potential malicious activity

Question 24

Social Engineering 6 approaches

Answer 24

1 Authority
2 Intimidation
3 Consensus/Social Proof
4 Scarcity
5 Urgency
6 Familiarity

Question 25

Phishing

Answer 25

• purpose is to elicit sensitive info
• often used in the reconnaissance phase of a larger attack
• credential harvesting/re-use (tricked into providing username and password at low-risk site - people often use the same credentials across many sites)

Question 26

Spear Phishing

Answer 26

• targeted small audience
• uses common lingo
• invoice scams

Question 27

Whaling/Whale Phishing

Answer 27

• targets senior leadership
• sending fake court documents (subpoena threatening lawsuit)

Question 28

Pharming

Answer 28

• begin with phishing and direct to a fake website
• may use typo squatting to make the URL seem very similar
  Variation: DNS poisoning - redirects to the fake site without the phishing

Question 29

Vishing

Answer 29

• voice phishing
• might pose as the help desk asking for credentials

Question 30

Smishing

Answer 30

• SMS
• often use spoofing

Question 31

Security and Awareness Training
2 important components

Answer 31

1Security Training
- imparts detailed knowledge
2 Security Awareness
- reminds employees about their learning

Question 32

Security Training Methods (4)

Answer 32

1 instruction in on-site classes
2 integration with existing programs (orientation, etc)
3 education through online computer-based training providers
4 participation in vendor-provided classroom training