chapter 1: General Knowledge

Question 1

What is a wildcard certificate?

Answer 1

A wildcard certificate is a single Secure Sockets Layer (SSL) or Transport Layer Security (TLS) certificate that secures a domain and all of its subdomains.

Question 2

What is a Gap Analysis?

Answer 2

Control objectives and controls intended to meet the objectives

Question 3

What is git?

Answer 3

A distributed version control system that tracks versions of files.

Question 4

What are SOP’s?

Answer 4

Standard Operating Procedures, which describes the activities necessary to complete tasks in accordance with industry regulations, provincial laws or even just your own standards for running your business

Question 5

What are the main different types of security controls?

Answer 5

Technical, Administrative, and Physical

Question 6

What is the purpose of the Technical Security control?

Answer 6

Consists of the hardware and software components that protect a system against cyberattack. (i.e. Firewalls, Intrusion Detection Systems, Encryption, Identification and Authentication Mechanisms, etc.)

Question 7

What is the purpose of the Physical security control?

Answer 7

to protect an organization’s physical assets from theft, vandalism, or unauthorized access. (i.e. Locks and Keys, Access Cards and Badges, Biometric Systems, Backup Generators, Alarm Systems, etc.)

Question 8

What is a Brute Force attack?

Answer 8

a cyberattack that uses trial and error to gain access to an account or network by guessing passwords, login credentials, or encryption keys.

Question 9

What does Key Stretching do?

Answer 9

a cryptography technique that makes a weak key, such as a password or passphrase, more secure.

Question 10

What does Key Rotation do?

Answer 10

the process of regularly replacing encryption keys with new ones to reduce the risk of a key being compromised.

Question 11

What is salting?

Answer 11

a cybersecurity technique that adds a random string of characters to a password before it is hashed and stored, making it more difficult for attackers to access passwords.

Question 12

What is Symmetric Encryption?

Answer 12

a type of encryption key management solution where only one key (a secret key) is used to both encrypt and decrypt electronic data.

Question 13

What is Asymmetric Encryption?

Answer 13

also known as public key cryptography, is a process that uses a pair of related keys – one public key and one private key – to encrypt and decrypt a message and protect it from unauthorized access or use.

Question 14

What are Diffie-Hellman and RSA an example of?

Answer 14

methods used to securely exchange or establish secret keys across insecure networks.

Question 15

How does the Diffie-Hellman Key Algorithm work?

Answer 15

The Diffie–Hellman (DH) Algorithm is a key-exchange protocol that enables two parties communicating over public channel to establish a mutual secret without it being transmitted over the Internet. DH enables the two to use a public key to encrypt and decrypt their conversation or data using symmetric cryptography.

Question 16

How does the RSA Key Exchange work?

Answer 16

The sender encrypts the data with their public key, and the receiver decrypts it with their private key

Question 17

What is a backout plan?

Answer 17

a strategy for reversing changes made to a system if they cause issues.

Question 18

What is an impact analysis?

Answer 18

a process that examines the potential consequences of a change to a system, process, or project.

Question 19

What is a regression test?

Answer 19

a test to find out whether the updates or changes had caused new defects in the existing functions.

Question 20

What are the three categories of the CIA Triad?

Answer 20

Confidentiality, Integrity, and Availability

Question 21

What is a maintenance window?

Answer 21

a set time period when routine changes or planned outages can occur to systems and services.

Question 22

What does Confidentiality mean in the CIA Triad?

Answer 22

Protecting the privacy and proprietary information of an organization by controlling access to data and preventing unauthorized sharing

Question 23

What does Integrity mean in the CIA Triad?

Answer 23

Ensuring that data is accurate, authentic, and reliable, and that it’s protected from tampering or destruction

Question 24

What does Availability mean in the CIA Triad?

Answer 24

Ensuring that information is accessible and usable in a timely and reliable manner

Question 25

What is the purpose of the Administrative Security control?

Answer 25

to ensure that an organization’s security objectives are met, and that security practices are followed.

Question 26

What are the different types of functions of a security control?

Answer 26

• Preventive Controls
  Purpose: To prevent security incidents from occurring.
  Examples: Firewalls, encryption, access controls, security awareness training.
• Detective Controls
  Purpose: To detect and alert on security incidents that have occurred or are in progress.
  Examples: Intrusion Detection Systems (IDS), log monitoring, security audits, anomaly detection.
• Corrective Controls
  Purpose: To mitigate the impact of a security incident and restore systems to normal.
  Examples: Incident response plans, backups, patch management, disaster recovery plans.
• Directive Controls
  Purpose: To guide or dictate security behavior by establishing policies, guidelines, or rules.
  Examples: Security policies, standard operating procedures (SOPs), security awareness training programs, and acceptable use policies.

Question 27

What is Zero Trust?

Answer 27

no one is trusted by default from inside or outside the network, and verification is required from everyone trying to gain access to resources on the network.

Question 28

How does Public Key Cryptography work?

Answer 28

Public and Private Key Analogy

Public Key (Padlock): Imagine the recipient has a padlock (public key) that they send to the sender. This padlock can be locked by anyone but can only be unlocked by the recipient who holds the key (private key).
Private Key (Key): The recipient keeps this key private. When the sender locks a message with the padlock, only the recipient can unlock it with their private key.

In Practice:
Encryption: The sender uses the recipient’s public key (padlock) to encrypt the message.
Decryption: The recipient uses their private key (key) to decrypt the message.

Question 29

What are version control systems and what are they used for?

Answer 29

*Atomic Operations ensure data integrity during concurrent access.
*File Locking manages access to files in multi-process environments.
*Regression Testing ensures that new changes do not break existing functionality.
*Tagging and Labeling are methods of marking specific versions or milestones in the development process for better organization and management. Tagging is often used for marking specific releases, while labeling can be broader and more descriptive.

Question 30

What is the difference in File level, full disk, volume level and partial level encryptions

Answer 30

*File-Level Encryption: Encrypts individual files or folders. Provides selective encryption with granular control but can be complex to manage.
*Full-Disk Encryption: Encrypts the entire disk. Provides comprehensive protection but can impact system performance and recovery.
*Volume-Level Encryption: Encrypts specific volumes or partitions. Offers targeted protection with flexibility but requires managing multiple volumes.
*Partial Encryption: Encrypts specific data segments or portions. Provides fine-grained control but can be complex and challenging to integrate.

Question 31

What is TPM?

Answer 31

*Trusted Platform Module (TPM) is a hardware-based security feature that provides secure key storage, encryption, and platform integrity verification.
*Functions: Includes secure key storage, hardware-based encryption, platform integrity checks, and support for authentication.
*Benefits: Enhances security by protecting cryptographic keys and ensuring the integrity of the system.
*Use Cases: Commonly used in full-disk encryption, secure boot processes, and digital rights management. (Example: is a chip for PC)

Question 32

What is OCSP?

Answer 32

Online Certificate Status Protocol (OCSP) is a protocol used to check the revocation status of digital certificates in real time. It provides a way for clients to query a Certificate Authority (CA) to verify whether a certificate is still valid or has been revoked. (edited)

Question 33

What is TLS?

Answer 33

Transport Layer Security (TLS) is a cryptographic protocol that secures communications over a network by encrypting data transmitted between clients and servers. It ensures privacy, data integrity, and authentication, protecting information from interception and tampering.

Question 34

What is SSL?

Answer 34

Secure Sockets Layer (SSL) is a cryptographic protocol designed to secure communications over a network by encrypting data exchanged between clients and servers. It has been largely replaced by Transport Layer Security (TLS), which offers improved security features.

Question 35

What is a secure initiation manager, root of trust, a boot hash and a cryptographic boot manager

Answer 35

*A Secure Initiation Manager is responsible for securely initializing and verifying the integrity of a system’s boot process.
*The Root of Trust is a foundational component that provides a secure starting point for validating the system’s hardware and software
*Boot Hash is a cryptographic hash used to verify the integrity of the boot process.
*A Cryptographic Boot Manager oversees the secure boot process by ensuring that only authenticated and authorized software components are loaded during system startup.

Question 36

What is HSM?

Answer 36

is a physical device used to securely manage and protect digital encryption keys and perform cryptographic operations. It ensures sensitive data remains secure through tamper-resistant features and compliance with industry standards. (Example: is a Physical Device)

Question 37

What is Secure Enclave?

Answer 37

is a protected, isolated area within a computer’s processor that safeguards sensitive data and operations from unauthorized access. It ensures data protection, integrity, and secure authentication. (Example: uses Chip Soc)

Question 38

What is a screened Subnet?

Answer 38

is a network security setup that creates a buffer zone between an internal network and the internet. It isolates and protects internal systems by using firewalls to control traffic between the internet, the screened subnet, and the internal network. (Example: uses Firewall)

Question 39

What is a honeypot?

Answer 39

Is a fake, vulnerable system set up to attract and trap attackers. It helps security professionals monitor and analyze attack methods to improve defenses.

Question 40

What is Non-repudiation

Answer 40

is a security principle that prevents parties from denying their actions or agreements in a digital transaction. It’s a fundamental component of cybersecurity that ensures the integrity and authenticity of data and communications

Question 41

What is the AAA process.

Answer 41

Stands for Authentication, Authorization, and Accounting. It manages access to systems by verifying identities, controlling permissions, and tracking user activities.

Question 42

What is a Blockchain Ledger?

Answer 42

is a decentralized, immutable digital record of transactions maintained across a network of computers. It ensures transparency, security, and consistency through consensus mechanisms.

Question 43

what is a honeytoken?

Answer 43

A honeytoken is a fake or misleading piece of data that’s used to detect unauthorized access or malicious activity in a system or network. Honeytokens are designed to attract cyber criminals and reveal information about their methods.

Question 44

what is a honeyfile?

Answer 44

A honey file is a fake file located on a network file share. Honey files are designed to detect attackers who are accessing and potentially removing data from your network. Attackers will often find a file share on a network, zip the contents of the share into a folder, and dump the data for offline analysis.

Question 45

what is a honeynet?

Answer 45

A honeynet is a decoy network that cybersecurity teams use to study and catch hackers. Honeynets are designed to lure hackers away from a main network and into a fake network that looks like it has valuable resources.

Question 46

What is the difference between SHA-256, MD5, and SHA-256.

Answer 46

C. SHA‐256 is the current, secure hashing standard. While it is unlikely that a malicious actor would exploit known flaws in MD5 and SHA‐1, in most normal operations SHA‐256 remains the preferred option when it is available. The Advanced Encryption Standard (AES) is used for encryption, not hashing.