Architecture and Design

Question 1

What type of cloud storage is involved when you purchase said storage from a commercial service provider?

Answer 1

Public

Explanation - This is because the service is from a third-party service provider over the public internet. This makes them available to everyone who wants to purchase and use their service.

Question 2

What security method involves entering your username and password ONLY once and gain access to multiple applications?

Answer 2

SSO (I.e., Single Sign-On)

Explanation - This form of authentication allows a user to access multiple applications with one set of login credentials.

Question 3

What are considered symmetric algorithms?

Answer 3

AES
RC4
Blowfish

Question 4

What is considered an asymmetric algorithm?

Answer 4

Diffie-Hellman (DH)

Explanation - This is a method of securely exchanging cryptographic keys over a public channel.

Question 5

What type of threat relies on the crossing of an airgap between a business and an industrial control system network?

Answer 5

Directory Traversal

Explanation - The only way to cross an airgap is to have a physical device between these systems, such as using a removable media device to transfer files between them. A directory traversal is an HTTP attack that allows attackers to access restricted directories and execute commands outside of the web server’s root directory.

Question 6

What terminology best describes the overall accuracy of a biometric system?

Answer 6

Crossover Error Rate (CER)

Explanation - “CER” also known as the Equal Error Rate, is the point where the False Reject Rate (FRR) and False Accept Rate (FAR) are equal.

Question 7

What type of environment would you use if you wanted to ensure that any vendor patches are tested prior to deploying them into the production environment?

Answer 7

The “Staging” Environment

Explanation - Deploying changes in a staging or “sandbox”” environment provides the organization with a safe, isolated place for testing changes without interfering with production systems.

Note: This environment can mimic the actual production environment, leading to a realistic test environment that minimizes the risk of failure during a push to the production environment.

Question 7

What is an efficient method to use to sanitize an affected hard drive that uses self-encryption as part of its default configuration?

Answer 7

By performing a Crytographic Erase (CE) on the storage devices.

Explanation - Sanitizing a hard drive can be done using cryptographic erase (CE), secure erase (SE), zero-fill, or physical destruction. This is done by erasing the media encryption key and reimaging the drive.

Note: This is MOST effective when a hard drive already uses data at rest.

Question 8

What technology should a digital forensic investigator use after creating a disk image to verify the data integrity of a disk copy matches that of the original web server’s hard disk?

Answer 8

SHA-256

Explanation - The SHA-256 is the Secure Hash Algorithm with a 256-bit length output and is used to ensure the data integrity of a file has not been altered.