Ch. 5 - Security Operations Flashcards

1
Q

An algorithm that uses one key to encrypt and a different key to decrypt the input plaintext.

A. Symmetric Encryption
B. Asymmetric Encryption
C. Hash
D. Checksum

A

B. Asymmetric Encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

A digit representing the sum of the correct digits in a piece of stored or transmitted digital data, against which later comparisons can be made to detect errors in the data.

A. Symmetric Encryption
B. Asymmetric Encryption
C. Hash
D. Checksum

A

D. Checksum

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

The altered form of a plaintext message so it is unreadable for anyone except the intended recipients. In other words, it has been turned into a secret.

A. Plaintext
B. Ciphertext
C. Classified
D. Cipher Script

A

B. Ciphertext

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

A process and discipline used to ensure that the only changes made to a system are those that have been authorized and validated.
Consists of the following: Identification, Baseline, Change Control, and Verification & Audit.

A. Change Management
B. Data Security Lifecycle
C. Configuration Management
D. Patch Management

A

C. Configuration Management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

It is the process of converting a ciphertext message back
into plaintext through the use of the cryptographic algorithm and the appropriate key for decryption (which is the same for symmetric encryption, but different for asymmetric encryption).

A. Encryption
B. Decryption
C. Encapsulation
D. Decapsulation

A

B. Decryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

The process and act of converting the message from its plaintext to ciphertext.

A. Encryption
B. Decryption
C. Encapsulation
D. Decapsulation

A

A. Encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

A reference to the process of applying secure configurations (to reduce the attack surface) and locking down various hardware, communications systems, and software, including operating system,
web server, application server, application, etc. Normally performed based on industry guidelines and benchmarks.

A. Patching
B. Hacking
C. Hashing
D. Hardening

A

D. Hardening

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

The process of using a mathematical algorithm against data to produce a numeric value that is representative of that data.

A. Symmetric Encryption
B. Asymmetric Encryption
C. Hashing
D. Checksum

A

C. Hashing

Source CNSSI 4009-2015

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

The systematic notification, identification, deployment, installation and verification of operating system and application software code revisions. These revisions are known as patches, hot fixes, and service packs.

A. Change Management
B. Data Security Lifecycle
C. Configuration Management
D. Patch Management

A

D. Patch Management

Source: CNSSI 4009

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

A message or data in its natural format and in readable form; extremely vulnerable from a confidentiality perspective.

A. Plaintext
B. Ciphertext
C. Classified
D. Cipher Script

A

A. Plaintext

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

The first stage of change management, wherein a change in procedure or product is sought by a stakeholder.

A. Rollback
B. Request for Change (RFC)
C. Approval
D. Request to Modify (RTM)

A

B. Request for Change (RFC)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Tactics to infiltrate systems via email, phone, text, or social media, often impersonating a person or agency in authority or offering a gift. A low-tech method would be simply following someone into a secure building.

A. Hacking
B. Impersonating
C. Social Engineering
D. Phishing

A

C. Social Engineering

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

An algorithm that uses the same key in both the encryption and the decryption processes.

A. Symmetric Encryption
B. Asymmetric Encryption
C. Hash
D. Checksum

A

A. Symmetric Encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Phishing attacks that attempt to trick highly placed officials or private individuals with sizable assets into authorizing large fund wire transfers to previously unknown entities.

A. Whaling
B. Spear Phishing
C. Snarfing
D. Vishing

A

A. Whaling

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which process consists of the following components:
Request for Change, Approval, and Rollback

A. Change Management
B. Data Security Lifecycle
C. Configuration Management
D. Patch Management

A

A. Change Management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Create, Store, Use, Share, Archive, and Destroy are components to which of the following:

A. Change Management
B. Data Security Lifecycle
C. Configuration Management
D. Patch Management

A

B. Data Security Lifecycle