701 - Section 1

Question 1

What is OCSP?

Answer 1

Online certificate, status protocol

Question 2

What does CIA stand for?

Answer 2

Confidentiality, integrity, availability

Question 3

What are the control categories?

Answer 3

Technical, managerial, operational, physical

Question 4

Controls implemented using systems, operating system controls, firewalls, and antivirus are example of what type of control?

Answer 4

Technical

Question 5

Administrative controls associated with security design and implementation security, Pop policies and standard operating procedures are what type of control?

Answer 5

Managerial

Question 6

Controls implemented by people instead of Systems, security guards and awareness programs are what type of control?

Answer 6

Operational

Question 7

What control limits physical access for example a guard, shack, fences, and locks and or bad readers?

Answer 7

Physical

Question 8

What are the different control types?

Answer 8

Preventative, deterrent, detective directive, corrective, and compensating

Question 9

What control type blocks access to a resource by using such things as firewall rules following security policy a guard shack which checks all identification and or door locks?

Answer 9

Preventative

Question 10

What type of control type discourages and intrusion attempt, but does not directly prevent access. These make an attacker think twice by using such things as application, splash screens, thread of demotion, front reception, desk, and posted warning signs?

Answer 10

Deterrent

Question 11

Name the control type that identifies and logs and intrusion attempt, but may not prevent access it assist with finding the issue, for example collecting and reviewing system logs review login reports regularly patrol, the property and enabling motion detectors

Answer 11

Detective

Question 12

What is the control type that applies to control after an event has been tested, it reverses the impact of an event and allows to continue operating with minimal downtime. Examples include back up restoration creating new policies for reporting security issues contacting law enforcement, and a fire extinguisher.

Answer 12

Corrective

Question 13

What control type uses other means when existing controls aren’t sufficient and may be temporary. Examples include a firewall blocking a specific application instead of patching the application implementing a separation of duties require simultaneous guard duties and using a generator after a power outage.

Answer 13

Compensating

Question 14

What control type directs a subject towards security compliance and is a relatively weak security control. Examples include storing all sensitive files and a protective folder, creating compliance policies and procedures training users on proper security policy or posting a sign for authorized personnel only.

Answer 14

Directive

Question 15

What does CIA stand for?

Answer 15

Confidentiality, integrity, availability

Question 16

In the CIA triad, which one allows only for certain information to be known by certain people and or preventing unauthorized information disclosure?

Answer 16

Confidentiality

Question 17

In the CIA Triad, which one insures data is stored and transferred as intended, and that any modification to the data would be identified?

Answer 17

Integrity

Question 18

And the CIA Triad, which one ensures information is accessible to authorize users and is always at the users fingertips?

Answer 18

Availability

Question 19

Name three ways that confidentiality is achieved?

Answer 19

Encryption, access controls, two factor authentication

Question 20

Name four ways that integrity is achieved?

Answer 20

Hashing, digital signatures, certificates, non-repudiation

Question 21

How is availability achieved?

Answer 21

Redundancy, fault tolerance, patching

Question 22

What does non-repudiation add to cryptography?

Answer 22

Proof of integrity, proof of origin with high assurance of authenticity

Question 23

What does proof of integrity offer?

Answer 23

It verifies the data does not change and it remains accurate and consistent

Question 24

En cryptography what do we use to ensure proof of integrity?

Answer 24

A hash

Question 25

True or false a hash associates data with an individual?

Answer 25

False… A hash only tells you if the data has changed

Question 26

Public/private keys are what type of key?

Answer 26

Asymmetric

Question 27

A non-repudiation, how do we achieve proof of origin?

Answer 27

By proving the message was not changed, integrity… By proving the source of the message, authentication… And by making sure the signature isn’t fake, non-repudiation

Question 28

What are the A’s in the AAA framework?

Answer 28

Authentication, authorization, accounting

Question 29

In the AAA framework which one proves you are who you say you are?

Which one controls the access that you have?

Which one logs resources used?

Answer 29

Authentication
Authorization
Accounting

Question 30

What do Systems use to authenticate?

Answer 30

A digitally signed certificate on the device

Question 31

What do organizations use to assist with certificate authentication?

Answer 31

A trusted certificate authority

Question 32

What does using an authorization model do for you?

Answer 32

It adds a layer of it of abstraction which reduces complexity, and it provides for easier to understand administration that scales very well

Question 33

What compares with where you want to be with where you are currently at?

Answer 33

Gap analysis

Question 34

True or false, a gap analysis is a easy process?

Answer 34

False a gap analysis is an extensive process that requires much planning and communication with stakeholders

Question 35

In gap analysis, what does a standard framework provide?

Answer 35

It provides a known baseline and an end goal

Question 36

What are the three high-level steps to a gap analysis?

Answer 36

Evaluation of people and processes, comparing and contrasting to identify weaknesses, and the final analysis and report

Question 37

What is a holistic approach to network security where everything must be verified and nothing is inherently trusted?

Answer 37

Zero trust

Question 38

What are the two planes of operation in zero trust?

Answer 38

Data and control

Question 39

Which of the planes defines policy rules and determines how packets should be forwarded?

Answer 39

Control

Question 40

Which plane processes, the frames packets, and network data?

Answer 40

Data plane

Question 41

What acts as the gatekeeper, by allowing monitoring and terminating connections?

Answer 41

The policy enforcement point

Question 42

Where is the process for making an Authentication decision?

Answer 42

Policy decision point

Question 43

What evaluates each access decision based on policy and other information sources and provides grant deny or revoke access?

Answer 43

Policy engine

Question 44

What communicates with the policy enforcement point and generates access, tokens or credentials and allows or disallows access?

Answer 44

Policy administrator

Question 45

The policy engine and policy administrator make up what?

Answer 45

The policy decision point

Question 46

What sits between the Untrust d external world and the trusted enterprise world and communicates with the policy decision point?

Answer 46

The policy enforcement point

Question 47

How is threat scope reduction achieved?

Answer 47

By decreasing the number of possible entry points

Question 48

What is a security zone? What are examples?

Answer 48

A broad category that provides a security related foundation. Examples include trusted and Untrust, internal and external network, and grouping by organization, for example marketing, accounting, HR

Question 49

What are seven examples of physical security?

Answer 49

Barricades, access control, vestibules, fencing, video, surveillance, guards, and access badges, lighting sensors 

Question 50

What are four methods for disruption and deception?

Answer 50

Honey pots, honey nets, honey files, honey tokens

Question 51

What is a honeypot?

Answer 51

A single device that is used to attract attackers and trap them there

Question 52

What is a Honeynet?

Answer 52

It is a real deception network with servers, workstations, router, switches, and firewalls, and with one or more honeypots

Question 53

What is a honey file?

Answer 53

Files that are used to attract attackers, an alert can be added, for when the file is accessed creating a virtual bear trap.

Question 54

What are honey tokens?

Answer 54

These are traceable data that will be used to track the attackers. Examples of honey tokens are fake API credentials, fake email, addresses, etc..

Question 55

What is change management?

Answer 55

Change management is the formal process for applying a change to a system within an organization.

Question 56

What are the steps for the change approval process?

Answer 56

Completing the requested forms, determining the purpose of the change, identifying the scope of the change, scheduling a date and time for the change, performing an impact analysis, performing a risk assessment, receiving approval, and user acceptance testing

Question 57

Within the change process, what is the difference between ownership and stakeholders?

Answer 57

Ownership are the people who need the change to be made, and they own the process. Stay holders are the people who will be impacted by the change and they will have input regarding the change.

Question 58

Within change process, what is the impact analysis?

Answer 58

It is the process to identify risks and to identify the scope of the change

Question 59

Within the change process, what is the backout plan used for?

Answer 59

It will be used in the event of a complete failure of the implementation of the change, and it provides a roadmap to revert the changes

Question 60

What is technical change management?

Answer 60

It is putting the change management process into action and or executing the plan

Question 61

What are the technical considerations within technical change management?

Answer 61

The allow and or denial list, restricted activities/defining the scope, expected system downtime, expected system, restarts, legacy applications with little or no support, system dependencies, documentation

Question 62

What all does PKI encompass?

Answer 62

The policies, procedures, hardware, software, and people to create distribute, manage, store, and revoke digital certificates

Question 63

What does PKI provide?

Answer 63

Trust in the people and the devices

Question 64

What is symmetric encryption and what is asymmetric encryption?

Answer 64

Symmetric encryption is the use of a single shared key to encrypt and decrypt data. Asymmetric encryption is the use of a private and public key to encrypt and decrypt data.

Question 65

What is a disadvantage and an advantage to symmetric encryption?

Answer 65

Disadvantage, it does not scale very well. Advantage is it is very fast to use with less overhead than asymmetric encryption. It is often combined with a symmetric encryption.

Question 66

What is the key escrow? And why is it necessary?

Answer 66

It is someone else, a third party, who holds the private keys. It is necessary in the event someone within the organization may require access to a person’s data for legitimate reasons

Question 67

True or false the private key can be distributed to anyone?

Answer 67

False… the private key should be kept private and in the hands of only the person it belongs to and or the key escrow. the public key can be provided to anyone.

Question 68

How does basic asymmetric encryption work?

Answer 68

Person one send an email to person too. Person one combines the content with person twos public key to create a cipher-text. When person to receives the cipher-text, they use their private key to decrypt the cipher-text into the original format.

Question 69

How do you protect #DATA at rest on storage devices?

Answer 69

Use encryption

Question 70

What are two types of database encryption?

Answer 70

Transparent encryption, which encrypts all database information with a symmetric key or record level encryption, which encrypts individual columns, using separate symmetric keys for each column

Question 71

What type of encryption protects data traversing the network? Provide examples

Answer 71

Transport encryption, examples include browsers using HTTPS, VPNs using SSL/TLS for client based VPNs, IPsec used for site to site VPN

Question 72

Explain encryption algorithms

Answer 72

There are many many different ways to encrypt data and the same algorithm, must be used during encryption and decryption which is agreed-upon before the encryption occurs. there are advantages and disadvantages between the different algorithms, for example security level, speed, complexity of implementation

Question 73

True or false the cryptographic process is very transparent, with the only unknown being the private key

Answer 73

True

Question 74

What do larger key lengths do for encryption?

Answer 74

They help prevent brute force attacks for symmetric encryption 128 bit or larger is common and these numbers get larger and larger as time goes on. With asymmetric encryption the keys are larger as they require prime numbers with common key lengths of 3072 bits or larger.

Question 75

What two processes help with a weak key that is by itself not very secure and subject to brute force attacks?

Answer 75

Key stretching, and key strengthening. By performing multiple hashing processes on a weak key, it makes it stronger.

Question 76

What are some of the different methods to exchange keys?

Answer 76

Out of band key exchange where the key is physically provided to the other person, for example in person or by courier.
In band key exchange where the key is provided on a shared network and the key is protected with additional encryption, for example, using asymmetric encryption to deliver a symmetric key.
Creating an symmetric key from a symmetric key

Question 77

How does real time encryption/decryption work?

Answer 77

The client encrypts a random symmetric key with a servers public key. The server will then decrypt this shared key and use it to encrypt the data. This is known as a session key

Question 78

How is a symmetric key created from an asymmetric key?

Answer 78

Object one combines their private key with object twos public key to create a symmetric key

Question 79

What is a TPM and what are some of the characteristics of it?

Answer 79

A TPM provides cryptography hardware on a device. Some characteristics are it provides a random number/key generators, persistent memory that has unique keys burned in during the manufacturing process and versatile memory to allow for storage of secure keys.

Question 80

What is an HSM and how is it used?

Answer 80

Hardware, security module, it is high-end cryptographic hardware and it is used in large computing environment to securely store many cryptographic keys.

Question 81

What manages all organization keys from a centralized manager?

Answer 81

A key management system

Question 82

What are some of the services that a key management system provides?

Answer 82

Creation of keys for a specific service, associates keys with specific users, rotates keys on regular intervals and provides logging for key use and important events

Question 83

What is a protected area for for our security needs that often implemented as a hardware processor, which is isolated from the main processor?

Answer 83

A secure enclave

Question 84

What are the security features of a secure enclave?

Answer 84

It has its own boot ROM, a true random number generator, real time memory encryption, performs AES encryption in the hardware

Question 85

What is the process of making something unclear and much more difficult to understand?

Answer 85

Obfuscation

Question 86

What is the obfuscation used within an image?

Answer 86

Steganography

Question 87

In steganography, what is the cover text?

Answer 87

The container document or file

Question 88

What are common steganography techniques?

Answer 88

Using an image, using invisible watermarks on printed documents, embedding network based messages in TCP packets

Question 89

What are other steganography types?

Answer 89

Audio and video

Question 90

What is the type of obfuscation of replacing sensitive data with a non-sensitive placeholder?

Answer 90

Tokenization

Question 91

What is tokenization commonly used for and how does it work?

Answer 91

Credit card processing. It uses a temporary, one time usage, pre established token in place of the sensitive data which is sent for reverse DNS look up at time of usage.

Question 92

What form of obfuscation is used to hide some of the original data and or sensitive data? Provide examples

Answer 92

DATA masking… using Asterix in place of sensitive characters or only showing part of the sensitive data

Question 93

What is a hash?

Answer 93

A short string of text that represents a larger set of data

Question 94

What is a another term for hash?

Answer 94

A message digest or a fingerprint

Question 95

What is a collision?

Answer 95

Two separate sets of data that produce the same hash value. A hash value should be unique.

Question 96

What are two practical uses of hashing?

Answer 96

Verifying a downloaded file and password storage

Question 97

What is meant by salting a hash?

Answer 97

Adding random data to a password when hashing

Question 98

What are two purposes of salting a hash?

Answer 98

The same password will create a different hash for each salted value, and it will slow down a brute force attack

Question 99

What type of attack won’t work with salted ashes?

Answer 99

A rainbow table

Question 100

What is the key structure of Blockchain?

Answer 100

A distributed ledger that everyone on the Blockchain network maintains.

Question 101

What are the five steps to a Blockchain transaction?

Answer 101

A transaction is requested, the transaction is sent to every computer on the Blockchain network, the verify transaction is added to the ledger, a secure hash is calculated from the previous blocks of track transaction data in the ledger, and that hash is added to the new block, the block is distributed throughout the chain.

Question 102

How can a Blockchain be rejected?

Answer 102

If any blocks are altered, it’s hash, and all of the subsequent ashes in the chain are automatically recalculated. This alter chain will no longer match the other chains.

Question 103

What is a public key certificate?

Answer 103

The binding of a public key with a digital signature that also contains other details about the keyholder.

Question 104

What are the two methods for adding trust to a signature?

Answer 104

A certificate authority, and a web of trust

Question 105

What is a web of trust?

Answer 105

When person 1 trust persons 2 and person 2 trust person 3 then person 1 trust person 3

Question 106

What is the standard format for a digital certificate?

Answer 106

X. 509.

Question 107

What are some of the other details stored with a digital certificate?

Answer 107

Serial number, version, signature, algorithm, issuer, name of the certificate holder, public key

Question 108

How is root of trust established?

Answer 108

When someone or something trustworthy provides their approval

Question 109

What entities can provide root of trust?

Answer 109

A certificate authority, an HSM, a secure, enclave, or any trusted component

Question 110

What is the CA role when fulfilling a certificate request for a website?

Answer 110

They will vet the request by confirming the owner/requester. There will be additional information that they will require for verification.

Question 111

What are the steps for a CA to sign a certificate?

Answer 111

A certificate signing request is generated, the CA validates the request and the CA digitally signs the certificate and returns it to the applicant

Question 112

What are the three ways to establish digitally signed certificates?

Answer 112

A third-party CA, an organizational in-house CA, self signed certificates

Question 113

In all instances of digital certificates, what is required in the browser?

Answer 113

Installation of the CA certificate/trusted chain on all devices

Question 114

What is another name for wild card certificates?

Answer 114

Subject, alternative name, SAN

Question 115

What is the purpose of a SAN?

Answer 115

It allows a certificate to support many different domains

Question 116

What is a wildcard domain?

Answer 116

A wildcard domain will apply to all server names in a domain for example *.google.com

Question 117

How is a certificat revocation handled and by whom?

Answer 117

A certificate revocation list, which is maintained by the certificate authority. This list is changing all of the time.

Question 118

What does OCSP stand for?

Answer 118

Online certificate, status protocol

Question 119

What does OCSP stapling provide?

Answer 119

It provides scalability for OCSP checks

Question 120

How does OSCP work?

Answer 120

The certificate holder verifies their own status and this information is stored on the certificate holders server. This status is then attached or stapled to the SSL/TLS handshake.

Question 121

How does OSCP stapling work?

Answer 121

The certificate holder verifies their own status and this information is stored on the certificate holders server. This status is then attached or stapled to the SSL/TLS handshake.

Question 122

What are advantages and disadvantages to 0SCP

Answer 122

Advantages are that it’s easy to support over the Internet and it is more efficient than downloading a CRL. Disadvantages are that not all browsers and/or applications support OCP, and if they do some, don’t bother checking.