701 - Section 1 Flashcards

1
Q

What is OCSP?

A

Online certificate, status protocol

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What does CIA stand for?

A

Confidentiality, integrity, availability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are the control categories?

A

Technical, managerial, operational, physical

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Controls implemented using systems, operating system controls, firewalls, and antivirus are example of what type of control?

A

Technical

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Administrative controls associated with security design and implementation security, Pop policies and standard operating procedures are what type of control?

A

Managerial

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Controls implemented by people instead of Systems, security guards and awareness programs are what type of control?

A

Operational

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What control limits physical access for example a guard, shack, fences, and locks and or bad readers?

A

Physical

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are the different control types?

A

Preventative, deterrent, detective directive, corrective, and compensating

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What control type blocks access to a resource by using such things as firewall rules following security policy a guard shack which checks all identification and or door locks?

A

Preventative

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What type of control type discourages and intrusion attempt, but does not directly prevent access. These make an attacker think twice by using such things as application, splash screens, thread of demotion, front reception, desk, and posted warning signs?

A

Deterrent

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Name the control type that identifies and logs and intrusion attempt, but may not prevent access it assist with finding the issue, for example collecting and reviewing system logs review login reports regularly patrol, the property and enabling motion detectors

A

Detective

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is the control type that applies to control after an event has been tested, it reverses the impact of an event and allows to continue operating with minimal downtime. Examples include back up restoration creating new policies for reporting security issues contacting law enforcement, and a fire extinguisher.

A

Corrective

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What control type uses other means when existing controls aren’t sufficient and may be temporary. Examples include a firewall blocking a specific application instead of patching the application implementing a separation of duties require simultaneous guard duties and using a generator after a power outage.

A

Compensating

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What control type directs a subject towards security compliance and is a relatively weak security control. Examples include storing all sensitive files and a protective folder, creating compliance policies and procedures training users on proper security policy or posting a sign for authorized personnel only.

A

Directive

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What does CIA stand for?

A

Confidentiality, integrity, availability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

In the CIA triad, which one allows only for certain information to be known by certain people and or preventing unauthorized information disclosure?

A

Confidentiality

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

In the CIA Triad, which one insures data is stored and transferred as intended, and that any modification to the data would be identified?

A

Integrity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

And the CIA Triad, which one ensures information is accessible to authorize users and is always at the users fingertips?

A

Availability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Name three ways that confidentiality is achieved?

A

Encryption, access controls, two factor authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Name four ways that integrity is achieved?

A

Hashing, digital signatures, certificates, non-repudiation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

How is availability achieved?

A

Redundancy, fault tolerance, patching

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What does non-repudiation add to cryptography?

A

Proof of integrity, proof of origin with high assurance of authenticity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What does proof of integrity offer?

A

It verifies the data does not change and it remains accurate and consistent

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

En cryptography what do we use to ensure proof of integrity?

A

A hash

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

True or false a hash associates data with an individual?

A

False… A hash only tells you if the data has changed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Public/private keys are what type of key?

A

Asymmetric

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

A non-repudiation, how do we achieve proof of origin?

A

By proving the message was not changed, integrity… By proving the source of the message, authentication… And by making sure the signature isn’t fake, non-repudiation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

What are the A’s in the AAA framework?

A

Authentication, authorization, accounting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

In the AAA framework which one proves you are who you say you are?

Which one controls the access that you have?

Which one logs resources used?

A

Authentication
Authorization
Accounting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

What do Systems use to authenticate?

A

A digitally signed certificate on the device

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

What do organizations use to assist with certificate authentication?

A

A trusted certificate authority

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

What does using an authorization model do for you?

A

It adds a layer of it of abstraction which reduces complexity, and it provides for easier to understand administration that scales very well

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

What compares with where you want to be with where you are currently at?

A

Gap analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

True or false, a gap analysis is a easy process?

A

False a gap analysis is an extensive process that requires much planning and communication with stakeholders

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

In gap analysis, what does a standard framework provide?

A

It provides a known baseline and an end goal

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

What are the three high-level steps to a gap analysis?

A

Evaluation of people and processes, comparing and contrasting to identify weaknesses, and the final analysis and report

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

What is a holistic approach to network security where everything must be verified and nothing is inherently trusted?

A

Zero trust

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

What are the two planes of operation in zero trust?

A

Data and control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

Which of the planes defines policy rules and determines how packets should be forwarded?

A

Control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

Which plane processes, the frames packets, and network data?

A

Data plane

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

What acts as the gatekeeper, by allowing monitoring and terminating connections?

A

The policy enforcement point

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

Where is the process for making an Authentication decision?

A

Policy decision point

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

What evaluates each access decision based on policy and other information sources and provides grant deny or revoke access?

A

Policy engine

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

What communicates with the policy enforcement point and generates access, tokens or credentials and allows or disallows access?

A

Policy administrator

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

The policy engine and policy administrator make up what?

A

The policy decision point

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

What sits between the Untrust d external world and the trusted enterprise world and communicates with the policy decision point?

A

The policy enforcement point

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

How is threat scope reduction achieved?

A

By decreasing the number of possible entry points

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

What is a security zone? What are examples?

A

A broad category that provides a security related foundation. Examples include trusted and Untrust, internal and external network, and grouping by organization, for example marketing, accounting, HR

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

What are seven examples of physical security?

A

Barricades, access control, vestibules, fencing, video, surveillance, guards, and access badges, lighting sensors 

50
Q

What are four methods for disruption and deception?

A

Honey pots, honey nets, honey files, honey tokens

51
Q

What is a honeypot?

A

A single device that is used to attract attackers and trap them there

52
Q

What is a Honeynet?

A

It is a real deception network with servers, workstations, router, switches, and firewalls, and with one or more honeypots

53
Q

What is a honey file?

A

Files that are used to attract attackers, an alert can be added, for when the file is accessed creating a virtual bear trap.

54
Q

What are honey tokens?

A

These are traceable data that will be used to track the attackers. Examples of honey tokens are fake API credentials, fake email, addresses, etc..

55
Q

What is change management?

A

Change management is the formal process for applying a change to a system within an organization.

56
Q

What are the steps for the change approval process?

A

Completing the requested forms, determining the purpose of the change, identifying the scope of the change, scheduling a date and time for the change, performing an impact analysis, performing a risk assessment, receiving approval, and user acceptance testing

57
Q

Within the change process, what is the difference between ownership and stakeholders?

A

Ownership are the people who need the change to be made, and they own the process. Stay holders are the people who will be impacted by the change and they will have input regarding the change.

58
Q

Within change process, what is the impact analysis?

A

It is the process to identify risks and to identify the scope of the change

59
Q

Within the change process, what is the backout plan used for?

A

It will be used in the event of a complete failure of the implementation of the change, and it provides a roadmap to revert the changes

60
Q

What is technical change management?

A

It is putting the change management process into action and or executing the plan

61
Q

What are the technical considerations within technical change management?

A

The allow and or denial list, restricted activities/defining the scope, expected system downtime, expected system, restarts, legacy applications with little or no support, system dependencies, documentation

62
Q

What all does PKI encompass?

A

The policies, procedures, hardware, software, and people to create distribute, manage, store, and revoke digital certificates

63
Q

What does PKI provide?

A

Trust in the people and the devices

64
Q

What is symmetric encryption and what is asymmetric encryption?

A

Symmetric encryption is the use of a single shared key to encrypt and decrypt data. Asymmetric encryption is the use of a private and public key to encrypt and decrypt data.

65
Q

What is a disadvantage and an advantage to symmetric encryption?

A

Disadvantage, it does not scale very well. Advantage is it is very fast to use with less overhead than asymmetric encryption. It is often combined with a symmetric encryption.

66
Q

What is the key escrow? And why is it necessary?

A

It is someone else, a third party, who holds the private keys. It is necessary in the event someone within the organization may require access to a person’s data for legitimate reasons

67
Q

True or false the private key can be distributed to anyone?

A

False… the private key should be kept private and in the hands of only the person it belongs to and or the key escrow. the public key can be provided to anyone.

68
Q

How does basic asymmetric encryption work?

A

Person one send an email to person too. Person one combines the content with person twos public key to create a cipher-text. When person to receives the cipher-text, they use their private key to decrypt the cipher-text into the original format.

69
Q

How do you protect #DATA at rest on storage devices?

A

Use encryption

70
Q

What are two types of database encryption?

A

Transparent encryption, which encrypts all database information with a symmetric key or record level encryption, which encrypts individual columns, using separate symmetric keys for each column

71
Q

What type of encryption protects data traversing the network? Provide examples

A

Transport encryption, examples include browsers using HTTPS, VPNs using SSL/TLS for client based VPNs, IPsec used for site to site VPN

72
Q

Explain encryption algorithms

A

There are many many different ways to encrypt data and the same algorithm, must be used during encryption and decryption which is agreed-upon before the encryption occurs. there are advantages and disadvantages between the different algorithms, for example security level, speed, complexity of implementation

73
Q

True or false the cryptographic process is very transparent, with the only unknown being the private key

A

True

74
Q

What do larger key lengths do for encryption?

A

They help prevent brute force attacks for symmetric encryption 128 bit or larger is common and these numbers get larger and larger as time goes on. With asymmetric encryption the keys are larger as they require prime numbers with common key lengths of 3072 bits or larger.

75
Q

What two processes help with a weak key that is by itself not very secure and subject to brute force attacks?

A

Key stretching, and key strengthening. By performing multiple hashing processes on a weak key, it makes it stronger.

76
Q

What are some of the different methods to exchange keys?

A

Out of band key exchange where the key is physically provided to the other person, for example in person or by courier.
In band key exchange where the key is provided on a shared network and the key is protected with additional encryption, for example, using asymmetric encryption to deliver a symmetric key.
Creating an symmetric key from a symmetric key

77
Q

How does real time encryption/decryption work?

A

The client encrypts a random symmetric key with a servers public key. The server will then decrypt this shared key and use it to encrypt the data. This is known as a session key

78
Q

How is a symmetric key created from an asymmetric key?

A

Object one combines their private key with object twos public key to create a symmetric key

79
Q

What is a TPM and what are some of the characteristics of it?

A

A TPM provides cryptography hardware on a device. Some characteristics are it provides a random number/key generators, persistent memory that has unique keys burned in during the manufacturing process and versatile memory to allow for storage of secure keys.

80
Q

What is an HSM and how is it used?

A

Hardware, security module, it is high-end cryptographic hardware and it is used in large computing environment to securely store many cryptographic keys.

81
Q

What manages all organization keys from a centralized manager?

A

A key management system

82
Q

What are some of the services that a key management system provides?

A

Creation of keys for a specific service, associates keys with specific users, rotates keys on regular intervals and provides logging for key use and important events

83
Q

What is a protected area for for our security needs that often implemented as a hardware processor, which is isolated from the main processor?

A

A secure enclave

84
Q

What are the security features of a secure enclave?

A

It has its own boot ROM, a true random number generator, real time memory encryption, performs AES encryption in the hardware

85
Q

What is the process of making something unclear and much more difficult to understand?

A

Obfuscation

86
Q

What is the obfuscation used within an image?

A

Steganography

87
Q

In steganography, what is the cover text?

A

The container document or file

88
Q

What are common steganography techniques?

A

Using an image, using invisible watermarks on printed documents, embedding network based messages in TCP packets

89
Q

What are other steganography types?

A

Audio and video

90
Q

What is the type of obfuscation of replacing sensitive data with a non-sensitive placeholder?

A

Tokenization

91
Q

What is tokenization commonly used for and how does it work?

A

Credit card processing. It uses a temporary, one time usage, pre established token in place of the sensitive data which is sent for reverse DNS look up at time of usage.

92
Q

What form of obfuscation is used to hide some of the original data and or sensitive data? Provide examples

A

DATA masking… using Asterix in place of sensitive characters or only showing part of the sensitive data

93
Q

What is a hash?

A

A short string of text that represents a larger set of data

94
Q

What is a another term for hash?

A

A message digest or a fingerprint

95
Q

What is a collision?

A

Two separate sets of data that produce the same hash value. A hash value should be unique.

96
Q

What are two practical uses of hashing?

A

Verifying a downloaded file and password storage

97
Q

What is meant by salting a hash?

A

Adding random data to a password when hashing

98
Q

What are two purposes of salting a hash?

A

The same password will create a different hash for each salted value, and it will slow down a brute force attack

99
Q

What type of attack won’t work with salted ashes?

A

A rainbow table

100
Q

What is the key structure of Blockchain?

A

A distributed ledger that everyone on the Blockchain network maintains.

101
Q

What are the five steps to a Blockchain transaction?

A

A transaction is requested, the transaction is sent to every computer on the Blockchain network, the verify transaction is added to the ledger, a secure hash is calculated from the previous blocks of track transaction data in the ledger, and that hash is added to the new block, the block is distributed throughout the chain.

102
Q

How can a Blockchain be rejected?

A

If any blocks are altered, it’s hash, and all of the subsequent ashes in the chain are automatically recalculated. This alter chain will no longer match the other chains.

103
Q

What is a public key certificate?

A

The binding of a public key with a digital signature that also contains other details about the keyholder.

104
Q

What are the two methods for adding trust to a signature?

A

A certificate authority, and a web of trust

105
Q

What is a web of trust?

A

When person 1 trust persons 2 and person 2 trust person 3 then person 1 trust person 3

106
Q

What is the standard format for a digital certificate?

A

X. 509.

107
Q

What are some of the other details stored with a digital certificate?

A

Serial number, version, signature, algorithm, issuer, name of the certificate holder, public key

108
Q

How is root of trust established?

A

When someone or something trustworthy provides their approval

109
Q

What entities can provide root of trust?

A

A certificate authority, an HSM, a secure, enclave, or any trusted component

110
Q

What is the CA role when fulfilling a certificate request for a website?

A

They will vet the request by confirming the owner/requester. There will be additional information that they will require for verification.

111
Q

What are the steps for a CA to sign a certificate?

A

A certificate signing request is generated, the CA validates the request and the CA digitally signs the certificate and returns it to the applicant

112
Q

What are the three ways to establish digitally signed certificates?

A

A third-party CA, an organizational in-house CA, self signed certificates

113
Q

In all instances of digital certificates, what is required in the browser?

A

Installation of the CA certificate/trusted chain on all devices

114
Q

What is another name for wild card certificates?

A

Subject, alternative name, SAN

115
Q

What is the purpose of a SAN?

A

It allows a certificate to support many different domains

116
Q

What is a wildcard domain?

A

A wildcard domain will apply to all server names in a domain for example *.google.com

117
Q

How is a certificat revocation handled and by whom?

A

A certificate revocation list, which is maintained by the certificate authority. This list is changing all of the time.

118
Q

What does OCSP stand for?

A

Online certificate, status protocol

119
Q

What does OCSP stapling provide?

A

It provides scalability for OCSP checks

120
Q

How does OSCP work?

A

The certificate holder verifies their own status and this information is stored on the certificate holders server. This status is then attached or stapled to the SSL/TLS handshake.

121
Q

How does OSCP stapling work?

A

The certificate holder verifies their own status and this information is stored on the certificate holders server. This status is then attached or stapled to the SSL/TLS handshake.

122
Q

What are advantages and disadvantages to 0SCP

A

Advantages are that it’s easy to support over the Internet and it is more efficient than downloading a CRL. Disadvantages are that not all browsers and/or applications support OCP, and if they do some, don’t bother checking.