Areas of focus

Question 1

An authentication mechanism that involves receiving a one-time use shared secret password that does expire

Answer 1

Time-based One-Time Password (TOTP)

Question 2

Command used in forensic data acquisition to forensically create a bit by bit copy of a hard drive to a disk image

Answer 2

dd

Question 3

GNU Privacy Guard (GPG)

Answer 3

Asymmetric - A newer and updated version of the PGP encryption suite that uses AES for its symmetric encryption functions

Question 4

Blowfish

Answer 4

Symmetric - Block cipher that uses 64-bit blocks and a variable length encryption key to encrypt plaintext into ciphertext

Question 5

International Data Encryption Algorithm (IDEA) -

Answer 5

Symmetric - block cipher which uses 64-bit blocks to encrypt plaintext into ciphertext

Question 6

Elliptic Curve Cryptography (ECC)

Answer 6

Asymmetric - Algorithm that is based upon the algebraic structure of elliptic curves over finite fields to define the keys. With a 256-bit key is just as secure as RSA with a 2048-bit key. Most commonly used for mobile devices and low-power computing

Question 7

Asymmetric Algorithms are known as…

Answer 7

Public Key Cryptography

Question 8

Triple DES (3DES) -

Answer 8

Symmetric - Encryption algorithm which uses three separate symmetric keys to encrypt, decrypt, then encrypt the plaintext into ciphertext in order to increase the strength of DES

Question 9

Used to perform the sanitization of flash-based devices such as SSDs or USB devices

Answer 9

Secure Erase utility

Question 10

A network traffic filter that controls incoming and outgoing traffic.

Answer 10

Access Control List

Question 11

The order of volatility for evidence collection

Answer 11

Processor cache, RAM, Swap File, Hard/removable drive

Question 12

Primary role is to ensure that the organization processes sensitive personal data in compliance with applicable data protection rules

Answer 12

Data protection officer

Question 13

Overwriting a storage device by setting all bits to the value of zero. Not as effective on SSDs or hybrid drives, and takes a longer amount of time.

Answer 13

Zero-fill utility

Question 14

An access model that is controlled by the system but utilizes a set of permissions instead of a single data label to define the permission level

Answer 14

Role-Based Access Control (RBAC)

Question 15

Algorithm that creates a fixed-length 160-bit hash value unique to the input file

Answer 15

Secure Hash Algorithm (SHA-1)

Question 16

Occurs when the outcome from an execution process is directly dependent on the order and timing of certain events. Those events fail to execute in the order and timing intended by the developer

Answer 16

Race condition

Question 17

Diffie-Hellman

Answer 17

Asymmetric - Used to conduct key exchanges and secure key distribution over an unsecured network. Used for the establishment of a VPN tunnel using IPSec

Question 18

Twofish

Answer 18

Symmetric - block cipher that replaced blowfish and uses 128-bit blocks and a 128-bit, 192-bit, or 256-bit encryption key to encrypt plaintext into ciphertext

Question 19

Act of removing data in such a way that it cannot be reconstructed using any known forensic techniques

Answer 19

Purging (Sanitizing)

Question 20

Rivest Cipher (RC4)

Answer 20

Symmetric - stream cipher using a variable key size from 40-bits to 2048-bits that is used in SSL and WEP

Question 21

A software development method where application and platform requirements are frequently tested and validated for immediate availability. A human is still required to approve the release into the production environment.

Answer 21

Continuous Delivery

Question 22

Database used for managing the entities in a communication network

Answer 22

Management information base (MIB)

Question 23

A model developed by Lockheed Martin that describes the stages by which a threat actor progresses a network intrusion: Recon, Weaponization, Delivery, Exploitation, Installation, C2, Actions on Objectives

Answer 23

Kill Chain Framework

Question 24

A knowledge base maintained for listing and explaining specific adversary tactics, techniques, and common knowledge or procedures

Answer 24

MITRE ATT&CK Framework

Question 25

An approach to computer security that attempts to unify endpoint security technology such as AV and host intrusion prevention, user or system authentication, and network security enforcement.

Answer 25

Network Access Control

Question 26

A device that looks like a USB thumb drive and is used as a software key in cryptography

Answer 26

Pluggable Authentication Module

Question 27

Algorithm that creates a fixed-length 128-bit hash value unique to the input file

Answer 27

Message Digest 5 (MD5)

Question 28

Form of access control where the original creator of the resource is considered the owner and can then assign permissions and ownership to others. The most flexible model and is currently implemented in Windows, Unix, Linux and macOS systems

Answer 28

Discretionary Access Control

Question 29

A senior role with ultimate responsibility for maintaining the confidentiality, integrity and availability of the information asset. Responsible for labeling the asset and ensuring that it is protected with appropriate controls

Answer 29

Data owner

Question 30

Tool used to display all current TCP/IP network configurations on a Windows system

Answer 30

ipconfig

Question 31

Utilizes complex mathematics to create sets of objects and
subjects to define how they interact

Answer 31

Lattice-based Access Control

Question 32

Commaned used to display and troubleshoot DNS records

Answer 32

nslookup

Question 33

Pretty Good Privacy (PGP)

Answer 33

Asymmetric - An encryption program used for signing, encrypting, and decrypting emails. Used by IDEA algorithm.

Question 34

Sanitizes a self-encrypting drive by erasing the media encryption key and then reimaging the drive.

Answer 34

Cryptographic Erase utility

Question 35

Disposal technique that uses only logical techniques to remove data, such as overwriting a hard drive with a random series of ones and zeros. Some tools may be able to recover data.

Answer 35

Clear or Clearing

Question 36

Protocol used to collect information about CPU utilization and memory usage from network devices

Answer 36

SNMP

Question 37

DLP concept where pattern matching technique uses a structured database of string values to detect matches.

Answer 37

Exact data match - think SSNs xxx-xx-xxxx

Question 38

A framework for analyzing cybersecurity incidents and intrusions by exploring the relationships between four core features: adversary, capability, infrastructure, and victim. Uses graphical depictions

Answer 38

Diamond Model of Intrusion Analysis

Question 39

Data Encryption Standard (DES)

Answer 39

Symmetric - Encryption algorithm which breaks the input into 64-bit blocks and uses transposition and substitution to create ciphertext using an effective key strength of only 56-bits

Question 40

Exposes the hard drive to a powerful magnetic field which in turn causes previously-written data to be wiped from the drive

Answer 40

Degaussing

Question 41

Command used to display the network address and subnet mask for the wired network connection on a Linux system

Answer 41

ip

Question 42

Advanced Encryption Standard (AES)

Answer 42

Symmetric - Symmetric block cipher that uses 128-bit, 192-bit, or 256-bit blocks and a matching encryption key size to encrypt plaintext into ciphertext. The standard used for U.S. government data

Question 43

A role focused on the quality of the data and associated metadata

Answer 43

Data steward

Question 44

Used to encrypt multiple bits at a time before moving to the next set of data. Generally have fixed lengths.

Answer 44

Block cipher

Question 45

A hardware-based cryptographic processing component that is a part of the motherboard.

Answer 45

Trusted Platform Module

Question 46

Provides multiple security features such as anti-virus, anti-spam, content filtering and web filtering in a single device or network appliance

Answer 46

Unified Threat Management

Question 47

RSA

Answer 47

Asymmetric - Algorithm that relies on the mathematical difficulty of factoring large prime numbers. Widely used for key exchange, encryption, and digital signatures. Can use key sizes of 1024-bits to 4096-bits

Question 48

Attempts to access a pointer that references an object at a particular memory location

Answer 48

Dereferencing

Question 49

A role responsible for handling the management of the system on which the data assets are stored

Answer 49

Data Controller/Custodian

Question 50

A software development method where application and platform updates are committed to production rapidly. Focuses on automated testing of code in order to get it ready for release. Test and release process into the production environment is automated, making the changes available for immediate release once the code is committed.

Answer 50

Continuous Deployment

Question 51

An error-detecting code commonly used in digital networks and storage devices to detect accidental changes to raw data.

Answer 51

Cyclical Redundancy Check

Question 52

Containment strategy accomplished by means of achieving the isolation of a host or group of hosts using network technologies and architecture.

Answer 52

Segmentation

Question 53

Tool used for capturing Windows memory data for forensic analysis

Answer 53

Memdump

Question 54

A software development method where code updates are tested and committed to a development or build server/code repository rapidly. Allows for testing and committing updates multiple times per day.

Answer 54

Continuous Integration

Question 55

Encrypts a single bit or byte at a time during the encryption process.

Answer 55

Steam cipher

Question 56

An access model that is dynamic and context-aware using IF-THEN statements. Provides the most detailed and explicit type of access control over a resource.

Answer 56

Attribute-Based Access Control (ABAC)

Question 57

Containment strategy that involves removing an affected component from whatever larger environment it is a part of.

Answer 57

Isolation

Question 58

An identity and access management control that relies upon using a certificate-based authentication mechanism

Answer 58

Smart cards - including PIV (personal identify verification) and CAC (common access control) devices.

Question 59

An authentication mechanism that involves receiving a one-time use shared secret password, usually through a token-based key fob or smartphone app that does not expire

Answer 59

HMAC-based One-time Password (HOTP)

Question 60

Command used to display network statistics

Answer 60

netstat

Question 61

An access control policy where the computer system determines the access control for an object. Relies on security labels being assigned to every user (called a subject) and every file/folder/device or network connection (called an object). Data labels create trust levels for all subjects and objects.

Answer 61

Mandatory Access Control (MAC) - Implemented through the Rule-based and the Lattice-based access control methods. THE STRONGEST LEVEL OF PROTECTION

Question 62

Label-based access control that defines whether access should be granted or denied to objects by comparing the object label and the subject label

Answer 62

Rule-based Access Control (NOT RBAC)