Architecture and Design

Question 1

Staging/Sandboxing

Answer 1

Staging environments can mimic the actual production environment, leading to realistic test environment that minimizes the risk of failure during a push to the production environment

good for testing and patches

Question 2

Tokenization

Answer 2

An example of deidentification control; all or part of the data in a field is replaced with a randomly generated token

ex. protecting PHI data

Question 3

What type of cloud would you use if you want to purchase cloud storage resources that will be dedicated soley for your organizations use?

Answer 3

Private Cloud

Question 4

SHA-1 creates what fixed output? (bit)

Answer 4

160-bit fixed output

Question 5

SHA-2 creates what fixed output? (bit)

Answer 5

256-bit fixed output

Question 6

MD-5 creates what fixed output? (bit)

Answer 6

128-bit fixed output

Question 7

RIPEMD creates what fixed output? (bit)

Answer 7

160-bit fixed output

Question 8

Defense in depth

Answer 8

the concept of layering various network appliances and configurations to create a more secure and defensible architecture

Question 9

Data in transit

(or data in motion)

Answer 9

occurs when data is transmited over a network

Question 10

Data at rest

Answer 10

data is in persistent storage media using whole disk encryption, database encryption, and file- or folder-level encryption

Question 11

Data in use

Answer 11

when data is present in volatile memory, such as system RAM or CPU registers and cache

Question 12

What is a reverse proxy commonly used for?

Answer 12

Directing traffic to internal services if the contents of the traffic comply with the policy

Positioned at the cloud network edge and directs traffic to cloud services

Question 13

Symmetric or Asymmetric?

Blowfish

Answer 13

Symmetric-key block cipher

Question 14

Symmetric or Asymmetric?

ECC

Answer 14

Asymmetric

allow the use of shorter key for the same strength that an RSA key would require, reducing the computation overhead required to encrypt and decrypt data

Question 15

Symmetric or Asymmetric?

PGP

Answer 15

Aymmetric

Question 16

Symmetric or Asymmetric?

RSA

Answer 16

Asymmetric

Question 17

Data soverignty

Answer 17

refers to a jurisdiction preventing or restricting processing and storage from taking place on systems that do not physically reside within that jurisdiction

(like France or the European Union)

Question 18

Symmetric or Asymmetric?

Diffie-Hellman

Answer 18

Asymmetic

Question 19

Symmetric or Asymmetric?

AES

Answer 19

Symmetric

Question 20

Symmetric or Asymmetric?

RC4

Answer 20

Symmetric

Question 21

What are the two types of containment?

regarding attacks

Answer 21

Segmentation and Isolation

Question 22

Hypervisor

(virutal machine monitor)

Answer 22

a process that creates and runs virtual machines (VMs)

allows one host computer to support multiple guest VMs by sharing its resources, like memory and processing

Question 23

Stream cipher vs. Block cipher

Answer 23

A block cihper is used to encrypt multiple bits at a time before moving to the next set of data

A stream cipher encrypt a single bit (or byte) at a time during their encryption process

Question 24

Which is faster?

Asymmetric vs. Symmetric

Answer 24

Symmetric encryption is faster than asymmetric encryption

Question 25

Non-repudiation

Answer 25

when a sender cannot claim they didn’t send an email when they did

Question 26

Which protocol is paired with OAuth2 to provide authentication of users in a federated identity management solution?

Answer 26

OpenID Connect

OAuth2 is explicitly designed to authorize claims and not to authenticate users.

OpenID Connect is an authentication protocol that can be implemented as special types of OAuth flows with precisely defined token fields

Question 27

Rapid Elasticity

Answer 27

used to describe scalable provisioning or the capability to provide scalable cloud computing services

rapid elasticity is very critical to meet the fluctuating demands of cloud users

Question 28

Data Wiping

Answer 28

occurs by using a software tool to overwrite the data on a hard drive to destroy all electronic data on a hard disk or other media

may be performed with a 1x, 7x, or 35x overwriting, with a higher number of times being more secure

Question 29

Degaussing

Answer 29

involves demagnetizing a hard drive to erase its stored ddata

you CANNOT reuse a hard drive once it has been degaussed

classified as a form of PURGING

Question 30

Purging

Answer 30

removing sensitive data from a hard drive using the device’s interal electronics or an outside source sush as a degausser, or by using a cryptographic erase function if the drive supports one

Question 31

Shredding

Answer 31

involves the physical destruction of the hard drive

Question 32

CER

Crossover Error Rate

Answer 32

describes the point where the False Reject Rate (FRR) and False Accept Rate (FAR) are equal

describes the overall accuracy of a biometric system

Question 33

UPS

Uninterruptible Power Supply

Answer 33

making certain that power isn’t disupted during an outage and can be maintained for a short time until alternate power like a generator can come online is critical

Question 34

Faraday Cage

Answer 34

invloves placing wire mesh around an area or device to block electromagnetic signals

Question 35

RAID 0

Answer 35

provides data striping across multiple disks (or only 2?) to increase performance

Question 36

RAID 1

Answer 36

provides redundancy by mirroring the data identically on two hard disks

Question 37

RAID 5

Answer 37

provides redundancy by striping data and parity data across the disk drives

requires minimum of 3 disk drives

Question 38

RAID 6

Answer 38

provides redundancy by striping and double parity data across the disk drives

requires at least 4 hard disks

Question 39

RAID 10

Answer 39

creates a striped RAID of two mirrored RAIDS (combines RAID 1 & RAID 0)

requires at least 4 hard disks

Question 40

IaaS, SaaS, IPSECaaS, Paas, FaaS

Question 41

CSR

Certificate Signing Request

Answer 41

CSR is what is submitted to the CA to request a digital certificate

Question 42

OCSP

Answer 42

a status of certificates that provide validity such as good, revoked or unknown

Question 43

Fuzzing

Answer 43

an automated software testing technique that invovles providing invalid, unexpected, or random data as inputs to a computer program

the program is monitored for exceptions such as crashes, failing built-in code assertions, or potential memory leaks

Question 44

Attestation

Answer 44

prove the hardware is really yours, a system you can trust

easy when it’s just your computer, more difficult when there are 1,00

remote attestation

Question 45

Federation

Answer 45

allows members of one organization to authenticate using the credentials of another organization

Question 46

RP

Relying parties

Answer 46

provide services to members of a federation

Question 47

VM escape

Answer 47

leveraging access from a single virtual machine to other machines on a hypervisor

Question 48

VM sprawl

Answer 48

when the number of virtual machines on a network reaches a point where the administrator can no longer manage them effectively

Question 49

Hardware write blocker

Answer 49

primary purpose is to intercept and prevent (or ‘block’) any modifying command operation from every reaching the storage device

hardware and software write blockers are designed to ensure that forensic software and tool scannot change a drive inadvertently by accessing it

Question 50

Hardware write blocker

Answer 50

primary purpose is to intercept and prevent (or ‘block’) any modifying command operation from every reaching the storage device

hardware and software write blockers are designed to ensure that forensic software and tool scannot change a drive inadvertently by accessing it