Ch 1. Mastering the Basics

Question 1

Use Case

Answer 1

used to identify and clarify requirements to achieve a goal

Question 2

Confidentiality

Answer 2

prevent the unauthorized disclosure of data

Question 3

Encryption

Answer 3

scrambles data to make it unreadable by unauthorized personnel

Question 4

What are the three elements of Access Controls?

Answer 4

Identification, Authentication, Authorization

Question 5

Steganography

Answer 5

practice of hiding data within data

Question 6

What are the three methods of Confidentiality?

Answer 6

Encryption, Access Controls, Steganography

Question 7

Integrity

Answer 7

provides assurances that data has not changed

Question 8

Hash

Answer 8

a number created by a executing a hashing algorithm against data

Question 9

Digital Signature

Answer 9

use certificates and a Public Key Infrastructure to verify integrity and provide authentication and N-R

Question 10

What are the two methods of Integrity?

Answer 10

Hashing and Digital Signatures

Question 11

Availability

Answer 11

indicates that data and services are available when needed

Question 12

Redundancy

Answer 12

adds duplication to critical systems and provides fault tolerance

Question 13

Patch

Answer 13

code that resolves software bugs

Question 14

What are the two methods of Availability?

Answer 14

Redundancy and Patching

Question 15

Risk

Answer 15

the possibility or likelihood of a threat exploiting a vulnerability resulting in a loss

Question 16

Threat

Answer 16

any circumstance or event that has the potential to compromise confidentiality, integrity, or availability

Question 17

Vulnerability

Answer 17

a weakness

Question 18

Security Incident

Answer 18

an adverse event that can negatively affect the confidentiality, integrity, or availability of an org’s IT and data

Question 19

Risk Mitigation

Answer 19

reducing risk through the implementation of controls, countermeasures, or safeguards

Question 20

Types of Control Implementation

Answer 20

Technical, Administrative, Physical

Question 21

Types of Control Goals

Answer 21

Preventative, Detective, Deterrent, Corrective, Compensating

Question 22

Hypervisor

Answer 22

the software that creates, manages, and runs the VM

Question 23

NIST

Answer 23

National Institute of Standards and Technology; publishes SPs in the 800 series

Question 24

Type I Hypervisor

Answer 24

run directly on the system hardware

Question 25

Type II Hypervisor

Answer 25

runs as software within a host operating system

Question 26

Application Cell

Answer 26

runs services or applications within isolated application containers

Question 27

Snapshot

Answer 27

provides with you with a copy of a VM at a moment in time

Question 28

VM Escape

Answer 28

an attack that allows an attacker to access the host system from within the virtual system

Question 29

VM Sprawl

Answer 29

occurs when an organization has many VMs that aren’t managed properly

Question 30

ICMP

Answer 30

Internet Control Message Protocol

Question 31

NIC

Answer 31

Network Interface Controller

Question 32

VDI/VDE

Answer 32

Virtual Desktop Infrastructure / Virtual Desktop Environment

Question 33

TCP

Answer 33

Transmission Control Protocol; allows comps to share resources across a network

Question 34

UDP

Answer 34

User Datagram Protocol; like TCP, but used for low latency and loss tolerant programs

Question 35

tracert

Answer 35

command used to trace the path of an IP packet

Question 36

ARP

Answer 36

Address Resolution Protocol; resolves IP addresses to MAC addresses and stores the results in an ARP cache