CASP

Question 1

What is ISO 31000

Answer 1

A risk management framework.

Question 2

What type of risk can you not eliminate?

Answer 2

Residual risk

Question 3

What is residual risk?

Answer 3

Risk you cannot eliminate.

Question 4

What are two ways to measure risk?

Answer 4

Qualitative and quantitative.

Question 5

Which risk response is also included when risk mitigation is performed?

Answer 5

Acceptance

Question 6

What describes the probability of a threat being realized?

Answer 6

Likelihood

Question 7

What describes the amount of loss during a one year timespan?

Answer 7

ALE

Question 8

What is risk appetite?

Answer 8

An assessment of what level of residual risk is tolerable.

Question 9

What describes the amount of residual risk that is tolerable to the organization?

Answer 9

Risk appetite.

Question 10

What are the core functions of the NIST CSF?

Answer 10

NIST Cybersecurity Framework

Identify
Protect
Detect
Respond
Recover

Question 11

What are the required steps of the NIST RMF?

Answer 11

NIST Risk Management Framework Steps:

Prepare
Categorize
Select
Implement
Assess
Authorize
Monitor

Question 12

What are the steps of the risk management life cycle?

Answer 12

Risk Management Lifecycle:

Identify
Assess
Control
Review

Question 13

What is risk tolerance?

Answer 13

The thresholds that separate different levels of risk.

Question 14

Identify a popular risk framework.

Answer 14

NIST 800-37
COBIT
COSO
ISO 31000

Question 15

What phase of the risk management life cycle identifies effective means by which identified risks can be reduce?

Answer 15

Control

Question 16

What phase of the risk management life cycle identifies risk items?

Answer 16

Identify

Question 17

What phase of the risk management life cycle determines associated risk levels?

Answer 17

Assess

Question 18

What phase of the risk management life cycle determines if a risk level has changed?

Answer 18

Review

Question 19

What should include detailed descriptions of the necessary steps to complete a task?

Answer 19

Process

Question 20

What function of NIST CSF defines capabilities needed for the timely discovery of security incidents?

Answer 20

Detect

Question 21

What’s a formal mechanism for measuring performance of a program against desired goals?

Answer 21

KPI

Question 22

What program demonstrates a cloud service providers adherence to security?

Answer 22

CSA STAR

Cloud Security Alliance, Security Trust and Risk

Question 23

What standards were established by the AICPA to evaluate controls designed to protect technology and finance?

Answer 23

SOC

Question 24

What is the cybersecurity standards developed by the DoD?

Answer 24

CMMC

Cybersecurity Maturity Model Certification

Question 25

Which cloud represents the lowest amount of responsibility for the customer?

Answer 25

SaaS

Question 26

What describes when a customer is completely dependent upon a vendor for products or services?

Answer 26

Vendor lock in

Question 27

What describes when a copy of vendor-developed code is provided to a trusted third party?

Answer 27

Source code escrow

Question 28

What describes all of the suppliers, vendors, and partners needed to deliver a final product?

Answer 28

Supply chain

Question 29

What type of data sanitization involves multiple block level overwrites?

Answer 29

Clear

Question 30

What type of data sanitization is proof against all recovery techniques?

Answer 30

Purge

Question 31

What does “clearing” data do?

Answer 31

Multiple block level overwrites?

Question 32

What does “purging” data do?

Answer 32

Best recovery, even against cleanroom and material analysis.

Question 33

What is an attestation of compliance?

Answer 33

set of policies, contracts, and standards identified as essential in the agreement between two parties

Question 34

What is a set of policies, contracts, and standards identified as essential in the agreement between two parties?

Answer 34

Attestation of compliance

Question 35

What are the five levels of the CMMI?

Answer 35

Initial
Managed
Defined
Quantitatively Managed
Optimizing

Question 36

What’s a non regulatory agency in the US that establishes standards and best practices?

Answer 36

NIST

Question 37

Describe the relationship between regulations and standards?

Answer 37

Regulations are lawful mandates that state a standard must be followed, while standards are a set of practices that can be implemented to fulfill a regulation

Question 38

What regulation enforces rules for organizations related to the European Union?

Answer 38

GDPR

Question 39

Which US Federal law is designed to protect the privacy of children?

Answer 39

COPPA

Question 40

Which process is designed to provide assurance that information systems are compliant with federal standards?

Answer 40

Certification and Accreditation

Question 41

What describes the actions taken to ensure that a system continues to operate in a compliant way?

Answer 41

Continuous monitoring.

Question 42

What is authority to operate?

Answer 42

A formal letter of accreditation by a Certifying Authority upon successful review of an independent audit.

Question 43

What are the phases of the certification and accreditation process?

Answer 43

Initiation and planning
Certification
Accreditation
Continuous monitoring

Question 44

What is often referred to as the prudent man rule?

Answer 44

Due Care

Question 45

What is due care?

Answer 45

Prudent man rule

The reasonable and expected protections put in place to protect an asset.

Question 46

What is due diligence?

Answer 46

The ongoing and documented effort to continuously evaluate and improve asset protection.

Question 47

What is an MSA?

Answer 47

Master service agreement

Establishes an agreement between two entities to conduct business during a defined term.

Question 48

What is an NDA?

Answer 48

Non disclosure agreement.

Question 49

What is an MOU?

Answer 49

Memorandum of understanding
A contract that can establish ROE between two parties.
Difficult to enforce
Formal means to define roles and expectations

Question 50

What is an ISA?

Answer 50

Interconnection security agreement

Rules for two entities to connect and share data

Question 51

What is an OLA?

Answer 51

Operational level agreement

Internal documents established to define the essential operational needs for it to meet its SLAs

Question 52

What is a PLA?

Answer 52

Privacy level agreement

SLA but for data protection requirements

Question 53

What describes the identification of applicable laws depending upon the location of the organization, data, or customer/subject?

Answer 53

Legal Jurisdiction

Question 54

What describes when an organization’s legal team receives notification to preserve electronic information?

Answer 54

Lit hold

Question 55

What type of agreement is often an umbrella contract that establishes the agreement between two entities to conduct business?

Answer 55

Master Service Agreement

MSA

Question 56

What agreement governs services that are both measurable and repeatable?

Answer 56

SLA

Question 57

What are the steps of the NIST 800-34 for business continuity planning?

Answer 57

Develop the continuity planning policy statement
conduct the business impact analysis
identify preventive measures
create contingency strategies
develop an information systems contingency plan
ensure plan testing, training, and exercises
ensure plan maintenance

Question 58

What is the relationship between disaster recovery and business continuity plans?

Answer 58

Disaster recovery plans are focused on the immediate needs of a disaster and is a part of the business continuity plan which is broader and covers a longer time frame.

Question 59

What is the last step in a business continuity plan?

Answer 59

Plan maintenance

Question 60

What can be described as an analysis of a system’s requirements, functions, and interdependence used to characterize system contingency requirements an dpriorities in the event of a disruption?

Answer 60

BIA

Question 61

What generally defines the amount of data that can be lost without irreparable harm?

Answer 61

RPO

Recovery Point Objective

Question 62

Which type of assessment seeks to identify specific types of sensitive data?

Answer 62

PIA

Privacy impact assessmetnt

Question 63

Using other locations to manage a disaster response is known as what?

Answer 63

Alternate site

Question 64

What type of DR site has the lowest operating expense and complexity?

Answer 64

Cold site

Question 65

Which site is one that can be activated and used within minutes?

Answer 65

Hot site

Question 66

Which NIST publication has to do with incident response?

Answer 66

NIST 800-61

Question 67

What is NIST 800-61?

Answer 67

Incident Handling Guide

Question 68

What are the types of DR tests?

Answer 68

Checklist
Walkthrough
Tabletop
Parallel
Full Interruption

Question 69

Which type of DR test is the most disruptive?

Answer 69

Full interruption

Question 70

Which type of DR test is a meeting to review the plans and analyze their effectiveness against various scenarios?

Answer 70

Walk through

Question 71

Which type of DR test is used to determine whether all parties involved in the response know what to do and how to work together?

Answer 71

Tabletop

Question 72

What is a UTM?

Answer 72

Unified threat management - device or virtual appliance that provides multiple security services in a single solution.

Question 73

What types of services does a UTM typically offer?

Answer 73

Content filtering
DLP
SPAM
Antivirus
Web filtering
firewall

Question 74

Describe non-transparent vs transparent proxy.

Answer 74

Non-transparent requires clients to be manually configured with the proxy server as a target.

Transparent intercepts client traffic without the client having to be reconfigured.

Question 75

What is a resource record set?

Answer 75

A package of resource records created by the authoritative DNS server signed by a zone signing key.

Question 76

In DNS what is the difference between a zone signing key and a key signing key?

Answer 76

The zone signing key signs the resource record set, the key signing key signs the zone signing key so it can be easily revoked and re-established in case of compromise.

Question 77

What is an API gateway?

Answer 77

a mechanism allowing software interfaces to be detached from the main application

Question 78

What is an XML gateway?

Answer 78

An interface gateway that does not allow the extensibility as an API gateway but allows processing and firewall like inspection. More secure.

Question 79

What can be used to protect against DNS spoofing and DNS poisoning?

Answer 79

DNSSEC

Question 80

What is the difference in NetFlow and sFlow?

Answer 80

Netflow packets in a transmission are aggregated into a flow and then exported for processing and analysis. sFlow is a sampling of packets and not a true aggregate of flows.

Question 81

What are the typical capabilities of a SIEM?

Answer 81

Aggregation
Correlation
Alerting
Visibility
Compliance
Data Retention

Question 82

What are the two main components of a VPN?

Answer 82

The creation of a network tunnel between endpoints and the protection of the data within.

Question 83

What is the difference in L2TP and IPSec?

Answer 83

L2TP (layer two tunneling protocol) is the establishment of a vpn tunnel while IPSec is the encryption of the data within.

Question 84

What is a solution designed to validate an endpoint’s security before it gets onto the network?

Answer 84

Network access control

Question 85

What is a passive technology used to provide visibility into network traffic on a switch?

Answer 85

TAP

Test access port

Question 86

What version of SNMP should be used?

Answer 86

v3

Question 87

Why is a TAP preferable over a SPAN?

Answer 87

TAPs do not cause negative performance on the switch.

Question 88

What type of networking is called east-west and is based upon policies established through SDN to limit traffic between workloads?

Answer 88

Microsegmentation

Question 89

Which NIST SP talks about Zero Trust?

Answer 89

NIST SP 800-207

Question 90

What is NIST 800-207?

Answer 90

Zero Trust Architecture

Question 91

What are the planes in an SDN?

Answer 91

Control
Data
Management

Question 92

Which SDN plane controls where traffic should be switched?

Answer 92

Control Plane

Question 93

Which SDN plane handles the actual switching and security?

Answer 93

Data Plane

Question 94

Which SDN plane monitors traffic and network status?

Answer 94

Management Plane

Question 95

Which type of environment is characterized by having hosts and networks available for use by visitors?

Answer 95

Guest

Question 96

What is a specially configured, highly hardened system for performing administrative tasks?

Answer 96

Jump box

Question 97

What type of network segmentation differs from a traditional approach to provide higher security, granularity, and flexibility?

Answer 97

Microsegmentation

Question 98

What network implementation creates an SDN by utilizing existing physical equipment?

Answer 98

SDN Overlay

Question 99

What is vertical vs horizontal scaling?

Answer 99

Vertical scaling adds more power to an existing server, horizontal adds more servers.

Question 100

What is type 1 virtualization?

Answer 100

“bare metal” - installed directly to the hardware, esxi, hyperv

Question 101

What is type 2 virtualization?

Answer 101

Installed to the OS - vmware player, virtual box

Question 102

What describes improving performance by adding additional resources to an individual system?

Answer 102

Vertical scaling

Question 103

What describes improving performance by adding additional systems to distribute load?

Answer 103

Horizontal scaling

Question 104

What leverages the global footprint of cloud platforms by distributing and replicating the components of a service?

Answer 104

CDN

Content delivery network

Question 105

What design strategy often conflicts with IT approaches that look to consolidate platforms and reduce product portfolios?

Answer 105

Diversity

Question 106

Which type of virtualization allows the client to either access an application hosted on a server or stream the application from the server to the client for local processing?

Answer 106

Application virtualization

Question 107

What is the set of automated tasks to be performed as part of a cloud deployment?

Answer 107

Bootstrapping

Question 108

Describe the three main types of VDI

Answer 108

Hosted - provided by a third party that manages the entire infrastructure.

Centralized - all VDI instances are hosted within the enterprise, when an instance is requested a new one is created

Synchronized - lets work continue in a disconnected state with a local copy of the VDI that is then synchronized back up

Question 109

What is the difference in application virtualization and VDI?

Answer 109

VDI is a virtualization of the entire desktop or endpoint experience. Application virtualization is limited to just one application and may be referred to as “clientless”.

Question 110

What are the extensions of service oriented architecture?

Answer 110

People
Process
Platform
Practice

Question 111

What are some functions that can be performed via a Container API?

Answer 111

List logs generated by an instance
issue commands to the running container
create, update, and delete containers
list capabilities

Question 112

What environment is used to merge code from multiple developers to a single master copy?

Answer 112

Test

Question 113

What describes middleware software designed to enable integration and communication between a wide variety of applications throughout an enterprise?

Answer 113

Enterprise service bus

Question 114

What is shadow IT?

Answer 114

IT systems deployed without the approval of centralized IT to work around shortcomings, requirements, or bottlenecks.

Question 115

What are the steps of the SDLC?

Answer 115

Planning
Solution design
Coding
Testing
Release/ Deployment

Question 116

What is regression testing?

Answer 116

Evaluating whether changes in code have caused unintended bugs.

Question 117

What type of testing is to find issues where changes in code have caused previously working functions to fail?

Answer 117

Regression testing

Question 118

What type of testing involves pass/fail for one block of code?

Answer 118

Unit Test

Question 119

Which type of testing verifies that individual components of a system work together?

Answer 119

Integration testing

Question 120

Which development model includes phases that cascade with each phase only starting when the last finishes?

Answer 120

Waterfall

Question 121

What development model incorporates security as code and infrastructure as code?

Answer 121

SecDevOps

Question 122

What is the director services standard?

Answer 122

X.500

Question 123

How does kerberos work?

Answer 123

Clients request services from an application server, and both rely on an intermediary - the key distribution center.

User authenticates and is given a ticket granting ticket from the ticket granting server

This ticket granting ticket is used to request a ticket granting service

Question 124

What port does TACACS use?

Answer 124

49

Question 125

What is the certificate standard?

Answer 125

X.509v3

Question 126

What does OAuth provide?

Answer 126

Authorization, not authentication

Question 127

What is the port based network access control standard?

Answer 127

802.1x

Question 128

What is the device requesting access in network access control called?

Answer 128

Supplicant

Question 129

What is an HOTP?

Answer 129

HMAC based one time password. This is often what mfa fobs or smartphone authenticator apps use. They do not however have to expire.

Question 130

What is TOTP?

Answer 130

Time based one time password - a refinement of HOTP that forces each token to expire.

Question 131

In REST, what is a method to transfer claims between two parties?

Answer 131

JSON Web tokens which are signed and protected with a Message Authentication code, or encrypted

Question 132

When storing passwords, what method should not be used?

Answer 132

Encryption

Question 133

What is the term used to describe when credentials created and stored at an external provider are trusted for identification and authentication?

Answer 133

Federation

Question 134

Which access control is a modern, fine grained type of access control that uses XACML?

Answer 134

ABAC

Attribute based access control

Question 135

What authentication protocol is comparable to radius and used in Cisco devices

Answer 135

TACACS

Question 136

What authentication scheme uses an HMAC built from a shared secret plus a value derived from a device and server’s local timestamps?

Answer 136

TOTP

Time based one time password

Question 137

What is hardware root of trust?

Answer 137

Trust Anchor

Secure susbsystem that is able to provide attestation that the system hasn’t been changed.

Question 138

What is a TPM?

Answer 138

Trusted platform module

Hardware based storage of encryption keys, passwords, and other identification information.

Question 139

What is EAP?

Answer 139

extensible authentication protocol

provides a framework for deploying multiple types of authentication protocols and technologies

Question 140

What are the parts of OAuth.

Answer 140

Provider - the site that owns the data and the user account, such as Facebook or Google.

Resource Owner - the user with an account with a provider that can allow a client access to some part of their account.

Client - the site that wants to use some resource of the provider by getting permission and authorization from said provider. The client must be registered with the authorization server.

Question 141

What does SAML use for communication?

Answer 141

XML

Question 142

What does OAuth use for communication?

Answer 142

JSON

Question 143

What is the data lifecycle?

Answer 143

Create
Store
Use
Archive
Destroy

Question 144

In which stage of the data life cycle is data shared using various mechanism such as email?

Answer 144

Use

Question 145

What are the parts of data management?

Answer 145

Inventory, mapping, and integrity management.

Question 146

What data obfuscation method replaces sensitive data with an irreversible value?

Answer 146

Tokenization

Question 147

What data obfuscation method is designed to protect PII so that it can be shared?

Answer 147

Anonymization

Question 148

What are the types of data obfuscation methods?

Answer 148

Encryption
Format Conversion (encoding)
Tokenization
Scrubbing
Anonymization

Question 149

Which type of virtualization platform supports micro services and serverless architecture?

Answer 149

Containerization

Question 150

What is assigned to cloud resources through the use of tags?

Answer 150

Metadata

Question 151

Which type of cloud service model can be described as virtual machines and software running on a shared platform to save costs??

Answer 151

Multi-tenant

Question 152

What are four types of cloud storage models?

Answer 152

Object
File based
Block
Blob

Question 153

Which storage model typically supports cloud based applications needs to access documents, video, or image files?

Answer 153

Object

Question 154

Which storage model typically uses a traditional hierarchical system to store files by a path?

Answer 154

File-based

Question 155

Which storage model typically supports high performance, transactional applications such as databases?

Answer 155

Block

Question 156

Which storage model typically supports the storage of large amounts of unstructured data?

Answer 156

Blob

Question 157

What is blockchain?

Answer 157

An expanding list of transactional records which are secured using cryptography. Each block is hashed and the hash value of the previous block in the chain is included int he hash calculation of the next block which links them.

The ledger is distributed across a peer to peer network.

Every node has the ability to view every transaction.

Question 158

What is a system whereby multiple groups can calculate a function, but the function itself is only known by a single party?

Answer 158

Secure multi-party computation

MPC/SMPC

Question 159

Which technology is a ledger distributed across a p2p network?

Answer 159

blockchain

Question 160

What emulates a real life environment through computer generated sites and sounds?

Answer 160

Virtual reality

Question 161

What term describes computer generated images of a person that appear real?

Answer 161

deep fake

Question 162

What type of processing deconstructs knowledge into a series of smaller, simpler parts that can be interpreted?

Answer 162

Deep learning

Question 163

What type of computing uses information represented by spin properties and momentum of matter?

Answer 163

Quantum

Question 164

What kind of cert is used to identify a devices within an organization?

Answer 164

Trust certificate

Question 165

What is the current wifi standard to use?

Answer 165

WPA3

Question 166

What type of encryption does WPA2 use?

Answer 166

AES-CCMP

Question 167

What type of encryption does WPA3 use?

Answer 167

AES-GCMP

Question 168

What type of communication does NFC use?

Answer 168

RFID

Question 169

What is DoH?

Answer 169

DNS over HTTPS

Offers privacy between the user and the DNS server by encrypting the DNS requests

Question 170

What is sideloading?

Answer 170

Installing an apk file to android that’s not from the app store.

Question 171

What is a popular android unauthorized app store?

Answer 171

F-Droid

Question 172

What are two types of certificates commonly used to implement access controls for mobile devices?

Answer 172

Trust certificates, personal certificates

Question 173

Which standard is associated with Simultaneous authentication of equals?

Answer 173

WPA3

Question 174

Which device attack allows complete control of a device without the target being paired?

Answer 174

Blueborn attack

Question 175

What is the process of determining which additional software or scripts may be installed or run on a host beyond it baseline?

Answer 175

execution control

Question 176

What do BIOS and UEFI use?

Answer 176

BIOS uses the master boot record (MBR)

UEFI uses GUID partition table (GPT)

Question 177

What is secure boot?

Answer 177

secure boot is designed to prevent a computer from being hijacked by a malicious OS via digital certificates from valid OS vendors.

Question 178

What is measured boot?

Answer 178

uses platform configuration registers (PCRs) in the TPM at each stage in the boot process to check critical areas for change

Question 179

What modules does the secure boot attestation services?

Answer 179

NV-RAM which stores the OEMs secure boot info
signature database (db)
revoked signature database (dbx)
Key enrollment key (kek) database

Question 180

What is a hardware security module?

Answer 180

An HSM is a network appliance designed to perform centralized PKI for a network of devices. Can also be a plugin pcie card or usb connected.
Supposedly better than TPM.

Question 181

Which types of attacks on Android can bypass the protections of mandatory access control?

Answer 181

Interapp communication attacks

Question 182

Which control is designed to prevent a computer from being hijacked by a malicious OS?

Answer 182

Secure boot

Question 183

Which type of host protection should provide capabilities that directly align to the NIST cybersecurtiy framework core?

Answer 183

EDR

Question 184

What describes intentionally spreading data across different storage locations?

Answer 184

data dispersion

Question 185

What is bit splitting?

Answer 185

Aka cryptographic splitting

splitting encrypted data outputs into multiple parts which are subsequently stored in disparate storage locations and then encrypting the outputs a second time

Question 186

What are some FaaS?

Answer 186

functions as a service
AWS Lambda
Google Cloud Functions
Microsoft Azure functions

Question 187

What are some security concern with serverless computing?

Answer 187

ensuring that the clients accessing the services have not been compromised

entirely reliant on the service provider

Question 188

Which cloud computing practice eliminates the use of traditional virtual machines?

Answer 188

Serverless

Question 189

What is a critical component dictating the implementation of logging capabilities in the cloud?

Answer 189

Regulations

Question 190

What is an ASIC?

Answer 190

application specific integrated circuit, expensively designed single function system

Question 191

What is an FPGA?

Answer 191

field programmable gate array

A controller not fully set at the time of manufacture that can be programmed to perform a specific function

Question 192

What is SCADA vs ICS

Answer 192

ICS is industrial control systems, they provide mechanisms for workflow and process automation with machinery. They have embedded PLCs which are linked by a fieldbus or industrial ethernet. Human Machine interfaces provide access via control panel or software.

SCADA is supervisory control and data acquisition - it takes the place of a control server in large scale, multiple site ICSs. Typically runs as regular software.

Question 193

What is a PLC?

Answer 193

Programmable logic controller - act as a bridge between the real world and the digital world.

Question 194

Which component integrates practically all of the components of a traditional chipset?

Answer 194

system on a chip

Question 195

Which type of industrial computer is typically used to enable automation in assembly lines and is programmed using ladder langauge?

Answer 195

Programmable logic controller

Question 196

Which type of availability attack are industrial computers most sensitive to?

Answer 196

Denial of service

Question 197

What are two popular hashing algorithms?

Answer 197

MD5 and SHA

Question 198

What are SHA1 and SHA256’s output size?

Answer 198

160 bit and 256 bit

Question 199

What algorithm was designated SHA3?

Answer 199

Keccack

Question 200

What is RIPEMD?

Answer 200

Hashing algorithm designed at the same time as SHA1
Outputs 128, 160, 256, and 320 bits.
Used within PGP encryption.

Question 201

What is HMAC?

Answer 201

hash based message authentication code

a way to tell the message hasn’t changed and the sender knows the secret key

requires shared key

sender uses an HMAC function to produce a MAC by feeding it the message and a secret key. the receiver can re-do the HMAC function with the message and shared key and if it matches the MAC sent it’s good

Question 202

What is Poly1305?

Answer 202

MAC focused on speed that works well on older devices, often combined with Salsa20 and ChaCha

Question 203

What is a stream cipher?

Answer 203

data is encrypted one bit at a time
good for encrypting items where the length of the message is not known

uses an initializaiton vector to generate a unique keystream, which changes

Question 204

What is a block cipher

Answer 204

data is encrypted in equal sized blocks, data is padded if too short

Question 205

What are some stream ciphers and which are good?

Answer 205

RC4 - bad
Salsa20 - good
ChaCha - good, based off Salsa, combined with Poly1305 often

Question 206

What are some stream ciphers and which are good

Answer 206

3des - bad

AES - the best, can use variable block sizes

Question 207

What are the modes of cipher blocks and which are good?

Answer 207

Cipher block chaining (cbc) - bad
Electronic codebook - bad
Galois/Counter Mode (GCM) - good
Counter (CTR) - good
Output Feedback (OFB) - good

Question 208

Which MAC method is commonly used with Sals20?

Answer 208

Poly1305

Question 209

What is S/MIME?

Answer 209

Secure multipurpose internet mail extensions

Mail using digital certificates to encrypt email

Question 210

What are three signing methods?

Answer 210

RSA - factoring large prime numbers
DSA - digital signature algorithm, faster at generating slower at verifying
ECDSA - elliptic curve digital signature algorithm, utilizes properties of elliptic curves

Question 211

What are two key agreement methods?

Answer 211

Diffie-helman (DH)

Elliptic curve diffie hellman (ECDH)

Question 212

What are the parts of a cipher suite?

Answer 212

Key exchange, signature, bulk encryption, message authentication, elliptic curve

Question 213

What is EAP-TLS?

Answer 213

extensible authentication protocol transport layer security

one of the strongest types of authentication and is widely supported

encrypted tunnel between supplicant and server

both supplication and server are configured with certificates

Question 214

What is PEAP?

Answer 214

protected extensible authentication protocol

encrypted tunnel between supplicant and auth server

only requires server side public key

must use MS-CHAPv2 or EAP-GTC for its inner authentication method

Question 215

What is Eap TTLS?

Answer 215

uses server side cert, can use any inner authentication protocol

Question 216

What is EAP FAST?

Answer 216

eap with flexible authentication via secure tunneling

Question 217

What is IPSEC?

Answer 217

VPN

works at layer 3

provides both confidentiality and integrity by signing each packet

Question 218

What are the two modes of IPSEC?

Answer 218

Authentication header - provides integrity but does not encrypt the payload. Includes the IP header

ESP - encapsulation security payload - can be used to encrypt the packet and can provide confidentiality, authentication, and integrity. Excludes the IP header

Question 219

What is ECC?

Answer 219

Asymmetric encryption, has low overhead.

Question 220

What are the ECC implementations?

Answer 220

P256 - no longer recommended

P384 - can be used for top secret

Question 221

What takes a key generated from a user and repeatedly converts it to a longer and more random key?

Answer 221

Key stretching

Question 222

What are some key strethcing methods?

Answer 222

PBKDF2 - widely used

BCRYPT, adds salt

Question 223

What is the bulk encryption method used int he following cipher suite: ECDHE-RSA-AES128-GCM-SHA256

Answer 223

AES128-GCM

Question 224

What is the key exchange method used int he following cipher suite: ECDHE-RSA-AES128-GCM-SHA256

Answer 224

ECDHE

Question 225

What is the signing method used int he following cipher suite: ECDHE-RSA-AES128-GCM-SHA256

Answer 225

RSA

Question 226

What is the MAC method used int he following cipher suite: ECDHE-RSA-AES128-GCM-SHA256

Answer 226

SHA256

Question 227

What device used to provide strong authentication stores a user’s digital certificate, private key, and a PIN?

Answer 227

Smart Card

Question 228

What are the certificate life cycle management steps?

Answer 228

Generate
Provision
Discover
Inventory
Monitor
Protect
Renew
Revoke

Question 229

What is cert pinning?

Answer 229

techniques to ensure that when a client inspects a certificate, it is inspecting the proper certificate

Question 230

What is cert stapling?

Answer 230

having a web server periodically obtain a time-stamped ocsp response from the CA and returns this response in lieu of making the client contact OCSP itself

Question 231

What is HSTS?

Answer 231

HTTP strict transport security - a configuration to force https

Question 232

What entity is responsible for issuing certificates?

Answer 232

Certificate Authority

Question 233

What is a term to describe the requirement for both client and server devices to use certificates to verify identity?

Answer 233

Mutual authentication

Question 234

Describe threat vs adversary emulation.

Answer 234

Threat emulation is emulating known tactics techniques and procedures in a realistic way without emulating a specific threat actor

Adversary is threat emulation but mimicing a specific actor

Question 235

What is the cyber kill chain?

Answer 235

Developed by Lockheed Martin, steps an adversary must complete to achieve their goals

Reconnaissance
Weaponization
Delivery
Exploitation
Installation
Command and Control
Actions on Objectives

Question 236

What is a defensive approach that assumes breach?

Answer 236

Threat hunting

Question 237

What are some types of decoy files?

Answer 237

Honytoken

Canary file

Question 238

What are some deceptive security technologies?

Answer 238

Decoy files
Honeypot
Honeynet
Simulators
Dynamic network configurations

Question 239

What is a simple to deploy deceptive technology?

Answer 239

Simulator

Question 240

What is a sandbox application?

Answer 240

A self contained software application which includes all of the necessary components to operate on an immutable system.

Question 241

What is a self contained software application which includes all of the necessary components to operate on an immutable system.

Answer 241

A sandbox application.

Question 242

What ways can you fix buffer overflow?

Answer 242

Patching
Secure Coding
Address space layout randomization
Data execution protection

Question 243

What is data execution protection?

Answer 243

The operating system identifies areas of memory allowed and not allowed to contain executable code and prevents that code from executing out of bounds.

Question 244

What describes how software can be analyzed for open-source components?

Answer 244

Software composition analysis.

Question 245

What is the default tcpdump command?

Answer 245

tcpdump -i eth0

Question 246

What are some types of logs?

Answer 246

Network logs
Access logs
Vulnerability logs
Netflow logs

Question 247

What is NetFlow also known as?

Answer 247

IP Flow Information Export (IPFIX)

Question 248

What are the steps of the incident response process?

Answer 248

Preparation
Detection and Analysis
Containment
Eradication and Recovery
Post Incident Activity

Question 249

Alerts generated by IDS are more critical as they go down or up in value?

Answer 249

Down in value, 1 is critical

Question 250

What uses YARA rules most often?

Answer 250

Anti-virus

Question 251

What are the four steps of the forensic process?

Answer 251

Identification
Collection
Analysis
Reporting

Question 252

What are some file carving tools?

Answer 252

Foremost - linux

strings

Question 253

What are some binary analysis tools?

Answer 253

hexdump
Ghidra - written by NSA
GNU project debugger
OllyDBG - windows debugger
readelf 
objdump
strace - interactions between processes and the linux kernel
ldd - dependency display
file

Question 254

What can be used to inspect firmware images?

Answer 254

Binwalk

Question 255

What tool can read and write file metadata?

Answer 255

exiftool

Question 256

What term describes evidence handling from collection through presentation in court?

Answer 256

chain of custody

Question 257

What are some live collection tools?

Answer 257

netstat
ps
vmstat - real time I/O information
lsof - listopen files
netcat
conntrack - interact with connection tracking
tcpdump
wireshark

Question 258

What are some hashing utilities?

Answer 258

sha256sum

ssdeep - compare files