Chapter 1 - Security Governance Through Principles and Policies Flashcards

Question 1

Q

What does CIA stand for?

Answer

A

Confidentiality, Integrity and Availability

Question 2

Q

What does DAD stand for?

Answer

A

Disclosure, alteration, and destruction

Question 3

Q

Concepts to assess confidentiality

Answer

A

Sensitivity,
Discretion,
criticality,
concealment,
secrecy,
privacy,
seclusion,
isolation

Question 4

Q

Sensitivity

Answer

A

Quality of information, which could cause harm or damage if disclosed

Question 5

Q

Discretion

Answer

A

Act of decision where an operator can influence or control disclosure in order to minimize harm or damage

Question 6

Q

Criticality

Answer

A

Level of which information is missin critical is its measure of criticality. The. higher the level the more likly to maintain higher confidentiality

Question 7

Q

Concealment

Answer

A

Act of hiding or preventing disclosure

Question 8

Q

Secrecy

Answer

A

Acto of keeping something a secret or preventing the disclosure of information

Question 9

Q

Privacy

Answer

A

Refers to keeping information confidential

Question 10

Q

Seclusion

Answer

A

Involves storing in an out of the way location

Question 11

Q

Isolation

Answer

A

Act of keeping something separated from others

Question 12

Q

Integrity

Answer

A

Dependent on confidentiality and access control - Concepts include Accuracy, Truthfulness, Validity, Accountability, Responsibility, Completeness, Comprehensiveness

Question 13

Q

AAA Services

Answer

A

Identification, Authentication, Authorization, Auditing, Accounting

Question 14

Q

Defense in Depth

Answer

A

Also known as LAYERING. Is the use of multiple controls in a series. No one control can protects against all possible threats.

Question 15

Q

Abstraction

Answer

A

Used for efficiency. Similar elements are put into groups, classes, or roles.

Question 16

Q

Data Hiding

Answer

A

Preventing data from being discovered by positioning in a logical storage compartment that is not accessible or seen

Question 17

Q

Security through obscurity

Answer

A

Idea of not informing a subject about an object being present and hoping will not be discovered

Question 18

Q

Security governance

Answer

A

Collection of practices related to supporting, evaluating, defining, and directing the security efforts of an organization

Question 19

Q

Who is responsible for security governance?

Answer

A

Board of directors, CEO, CISO.

Question 20

Q

ATO

Answer

A

Authorization to operate. Failing to provide sufficient documentation to meet requirements of third party governance can result in loss of ATO.

Question 21

Q

Security Management Planning

Answer

A

Ensures creation, implementation and enforcement of a security policy. Aligns security functions to the strategy, goals, mission, and objectives of the organization.

Question 22

Q

COBIT 5 Principles

Answer

A

Created by ISACA, COBIT allows practitioners to govern and manage IT

framework help organizations optimize their IT management and governance processes by meeting contractual agreements and complying with the latest regulatory and legal requirements.

-meeting stakeholder needs,
-covering the enterprise end-to-end,
-applying a single integrated framework,
-enabling a holistic approach,
-and separating governance from management

Question 23

Q

AUP

Answer

A

Acceptable Use Policy defines what is and what is not acceptable activity practice or use of company equipment and resources.

Question 24

Q

Collusion

Answer

A

When several people work together to perpetrate a crime

Question 25

Q

What is important when addressing Multiparty Risk

Answer

A

When several entities or organizations are involved in a project use SLAs to address risks.

Question 26

Q

Risk Conceptual Formula

Answer

A

risk = Threat * Vulnerability or
risk = probability of harm * severity of harm

Question 27

Q

Six Elements of Quantitative Risk Analysis

Answer

A

1) Asset Vauation (AV)
2) Exposure Factor (EF)
3) Single Loss Expectancy (SLE)
4) Annualize Rate of Occurence (ARO)
5) Annualized Loss Expectancy (ALE)
6) Cost Benefit Analysis of countermeasures

Question 28

Q

Exposure Factor (EF)

Answer

A

% of loss that an organization would experience if a specific asset is violated by a realized risk

Question 29

Q

Single Loss Expectancy (SLE)

Answer

A

Potential loss associated with a single relaized threat against a specific asset

SLE = AV * EF

SLE is expressed in $$

Question 30

Q

Annualized Rate of Occurrence (ARO)

Answer

A

Expected frequency a specific threat or risk will occur per year

Question 31

Q

Annualized Loss Expectancy (ALE)

Answer

A

ALE = SLE * ARO
ALE = AV * EF * ARO

Question 32

Q

Risk Reponse

Answer

A

Mitigation or Reduction
Assignment or Transfer
Deterrence
Avoidance
Acceptance
Reject or Ignore

Question 33

Q

Total Risk

Answer

A

Total Risk = threats * vulnerabilities * asset value

Question 34

Q

Controls Gap

Answer

A

Controls Gap = Total Risk - Residual Risk

Controls Gap is the amount of risk that is reduced by implementing safeguards

Question 35

Q

ACS

Answer

A

Annual Cost to Safeguard

Question 36

Q

STRIDE

Answer

A

The STRIDE threat model is a developer-focused model to identify and classify threats under 6 types of attacks

Spoofing,
Tampering,
Repudiation,
Information Disclosure,
Denial of Service,
Elevation of Priviledges

To identify threats and vulnerabilities

And develop countermeasures

Question 37

Q

Potential Annual Cost of a Safeguard

Cost/Benefit Calculation or Analysis

Answer

A

[ALE Pre-Safeguard - ALE Post-Safeguard] - Annual Cost of Safeguard ACS =
Value of the safeguard to the company

Negative is Bad, Positive is Good

Question 38

Q

Types of Security Controls

Answer

A

Preventive
Deterrent
Detective
Compensating
Corrective
Recovery
DIrective

Question 39

Q

Preventive Controls

Answer

A

Deployed to thwart or stop unwanted or unathorized activity

Question 40

Q

Deterrent

Answer

A

Discourage security policy violations

Question 41

Q

Detective

Answer

A

Deployed to discover or detect unwanted or unauthorized activity

Question 42

Q

Compensating

Answer

A

deployed to provide various options to other existing controls to aid in enforcement and support of security policies

Question 43

Q

Corrective

Answer

A

Modifies the environment to return systems to normal after an unwanted or unauthorized activity has occurred

Question 44

Q

Recovery

Answer

A

Extension to corrective controls but have more advanced or complex activities. Looks to repair or restore resources, functions, and capabilities after a security policy violation.

Question 45

Q

Directive

Answer

A

Deployed to direct, confine, or control actions of subjects to force or encourage compliance with security policies.

Question 46

Q

Computer Fraud and Abuse Act

Answer

A

Amendment to The first major piece of US cybercribe -specific legislation. 1986

To address hacking with penalties

Question 47

Q

Federal Sentencing Guidelines

Answer

A

Provided punishment guidelines to help federal judges interpret computer crime laws

Question 48

Q

Federal Information Security Management Act (FISMA)

Answer

A

Required a formal Infosec operations for federal government

Question 49

Q

Copyright and the Digital Millennium Copyright Act

Answer

A

Covers literary, musical, and dramatic works. DMCA prohibits the circuvention of copy protection mechanisms placed in digital media and limits the liability of the internet service providers for the activities of their users.

Question 50

Q

Security Control Assessment (SCA)

Answer

A

Formal evaluation of a security infrastructure individual mechanisms against a baseline or reliability expectation.

Question 51

Q

RMM

Answer

A

Risk Maturity Model - Assess keyindicators and activities or a mature, sustainable, and repeatable risk management process

Question 52

Q

RMF

Answer

A

Risk Management Framework.

NIST RMF in SP 800-37 establishes mandatory security requirements for federal agencies.

Question 53

Q

What are the six cyclical phases of NIST RMF?

Answer

A

Prepare
Categorize
Select
Implement
Assess
Authorize
Monitor

Question 54

Q

Whaling

Answer

A

Type of spear phishing targeted at high value individuals

Question 55

Q

Smishing

Answer

A

SPam over instant messaging.

Question 56

Q

VIshing

Answer

A

Phishing over telephony or voice comm systems

Question 57

Q

Spoofed email

Answer

A

email with falsified source address. DMARC is used to filter spoofed messages

Question 58

Q

Hoax

Answer

A

Form of social engineering designed to convince targets to perform an action that will cause problems or reduce IT security

Question 59

Q

BCP

Answer

A

Business Continuity Planning - Four main steps 1) Project Scope and Planning, 2) Business impact analysis, 3) Continuity Planning, 4) Approval and implementation

Question 60

Q

BC and DR Terms

Answer

A

MTD - Max tolerable downtime
RTO
RPO
ARO - Annualized Rate of Occurence

Question 61

Q

BCP

Answer

A

Focuses on the whole business

Question 62

Q

DRP

Answer

A

Focuses on technical aspects of recovery

Question 63

Q

Criminal Law

Answer

A

Serve to protect society against computer crimes.

Question 64

Q

Civil Law

Answer

A

Provide for an orderly sociatey and governs matters that are not crimes but require an impartial arbiter to settle dispute.

Answer 65

A

Executive brand of the US government that requires agencies with a wide ranging set of responsibilites to ensure the government functions effectively

Answer 66

A

First major piece of cybercrime specific legislation. Covers computer crimes that cross state boundaries to avoid infringing on state rights. CFAA was amended in 1994.

Answer 67

A

Another amendement to CFAA designed to further extend to computer systems used in international commerce.

Answer 68

A

Passed in 2002. Requires federal agencies to implement an information security program to cover agency’s operations. Includes contractor activities.

NIST - National Institute of Standards and Technology is responsible for developing the implementation guidelines.
1) Periodic assessment of risk
2) Establish policies and procedures based on the risk assessments
3) Subordinate plans for adequate info security for networks, facilites, info systems, etc
4) Security awareness training
5) Periodic testing and evaluation
6) Process for planning, implementing, evaluating, and documenting remedial actions
7) Procedures for detecting, reporting, and responding to security incidents
8) Plans and procedures to ensure continuity of opertions for information systems

Answer 69

A

By President Barack Obama
2 key bills:
1) Federal Info Systems Modernization Act (confusingly FISMA) - Centralized federal cybersecurity under Homeland Security. Excludes defense related and national intelligence related cybersecurity issues.
2) Cybersecurity Enhancement Act - charges NIST with responsibility for coordinating nationwide work on voluntary cybersecurity standards. (i.e. NIST SP 800-53, SP 800-171, Cybersecurity Framework)
3) National Cybersecurity Protection Act - charged the Dept of Homeland Security with establishing a national cybersecurity and communication integrations center. Interface between federat agencies with civilian orgs to share cyber information.

Answer 70

A

Guarantees creators of original work of authorship - protect against duplication

Literary, Musical, Drama, Patomimes, Pictorical, Movies, sound, architectural works

For computers it is the source code

Protection period - works by one or more authors are protected 70 years after the last surviving author. Works for hire and anonymous works are provided protection for 95 years from the date of first publication or 120 years from the date of creation, which ever is shorter.

Answer 71

A

Limited the liability of internet service providers when their circuits were used by criminals to violate copyright laws.

Answer 72

A

Protects words, slogas, and logos used to identify a company, products and services

Answer 73

A

Protect intellectual property rights of inventors. 20 year period from the time of the invention (date of initial application)

Answer 74

A

Not published or made public. Kept a secret and control measure must be put in place.

Answer 75

A

Contractual
Shrink Wrap
Click Through
Cloud Services (click through to the extreme)

Answer 76

A

Controls exports of items that are specifically designated as military and defense items including technical inforation.

Answer 77

A

Covers export regulations of a broader set of items that are designated for commercial use but have military application.

Answer 78

A

Regulates export of encryption products

Answer 79

A

Limits the ability of federal government agencies to disclose private citizen information without prior written consent. Mandates agencies to maintain only records necessary for conducting business. Destroy records no longer needed. Provides formal procedure for individuals to gain access to their data and request incorrect records to be amended.

Only applies to government agencies

Answer 80

A

Makes it a crime to invade electronic privacy of an individual. Expands on the Federal Wiretap Act. Protects against the monitoring of email and voice mail communic

Answer 81

A

Amend ECPA to allow wiretaps for law enforcement with an appropriate court order regardless of technology use.

Answer 82

A

Extends definition of property to include proprietary economic information

Answer 83

A

Established strict security measures to protect patient medical records in terms on how it is processed and stored. It also clearly defines the rights of individuals who are the subject of medical records and requires organizations that maintain such records to disclose these rights in writing.

Answer 84

A

Amendment to HIPAA. Changed how the law applies to business associates, which are orgs that handle the protected PHI data from HIPAA covered entities. Covered entities and BAs must be governed by a written contract know as the BAA agreement. BAs are subject to HIPAA rules. HITECH also introduced data breach notification requirements. Breaches must notify individuals as well as the secretary of heal and human services and the media - breaches must affect more than 500 individuals.

Answer 85

A

COPPA demands websites that cater to children to have
1) Privacy notice that states the type of information collected and what its used for
2) Parents must have the opportunity to review any info collected and have the ability to delete
3) Parents must give verifiable consent to collect info for 13 and younger

Answer 86

A

Allowed commercial banks, investment banks, securities firms, and insurance companies were allowed to consolidate. Set limitations on the type of info that can be exchanged among subsidiaries and required the provision of privacy policies to all customers.

Answer 87

A

Providing Appropriate Tools Required to Intercept and Obstruct Terrorism..

Broadened powers of law enforcement when monitoring electronic communications.

Chnaged how government worked with ISPs. Can obtain user activity data via subpoena.

Answer 88

A

Key Provisions
-Lawfulness, Fairness and transparency
-Purpose Limitation
-Data Minimization
-Accuracy
-Storage Limitation - “right to be forgotten”
-Security
-Accountability

Answer 89

A

Any information that is not public or unclassified. PII, PHI, Proprietary

Answer 90

A

Top Secret, Secret, Confidential, Unclassified

Answer 91

A

No set standard. Typical, Confidential/Proprietary, Private, Sensitive, Public

Answer 92

A

Data at rest, in Transit, in use

Answer 93

A

A physical security control and means that systems and cables from the classified network never physically touch those from unclassified.

Answer 94

A

Data Loss Prevention

1) Network Based - scans all outgoing data. Placed on edge of network.

2) End Point - scans files stored on a system as well as files sent to other systems.

Answer 95

A

Is the data that remains on media after the data was supposedly erased.

Degaussers can be used to erase data on magnetic media only

For SSD must be destroyed

Answer 96

A

Only removes the directory or catalog link to the data. The actual data remains on the drive and over time slowly re written.

Answer 97

A

Or overwriting. Unclassified data is written over all addressable locations on the media. Example single character or bit pattern is writtne over the entire media. May still be possible to retrieve data using sophisticated lab or forensic techniques

Answer 98

A

More intense clearing process. Multiple clearing passess. Combines with degausing. Not trusted by the US government.

Answer 99

A

USe of strong magnetic field to erase media. Does not work with optical CDs, DVDs or SSDs

Answer 100

A

Destruction of the encryption key. For cloud this may be the only method or secure deletion.

Answer 101

A

Data protection method to provide copy right protection for copyrighted works.

Answer 102

A

Typically a small file that includes a terms of use and decryption key to grant access

Answer 103

A

Requires systems to be connected to the internet. Periodically connects to authentication server.

Answer 104

A

Combined with persistence it can track abuse such as concurrent use of product across different geos.

Answer 105

A

Subscription basis products limited to 30 days

Answer 106

A

Monitors all activities from on-prem to cloud traffic. Ensures policies such as encryption at rest on cloud is enforced. Or detecting Shadow IT.. Logs all activities. Includes authentication and authorization controls to cloud resources.

Answer 107

A

Process of using pseudonyms to represent other data. Its an alias. Useful for GDPR

Answer 108

A

Use of a token, random string of characters, to replace other data. Typically for Credit Card transactions.

Answer 109

A

Used when personal data is not needed. Process of removing all relevant data so that it is theoretically impossible to identify original subject or person.

Randomized masking - swaps data in individual columns so records no longer represent actual data.

Can not be reversed

Answer 110

A

Person who has ultimate org responsibility for data, CEO, Department Head.

Data Classification
Security Controls
Rules for appropriate use
Establish security requirements for system owners
Access and priviledges and access rights
Identification and assessment of common security controls where info resides

Answer 111

A

Individual who owns the asset or system that process sensitive data.

Develops and maintains security plan
Training personnel
Assist in identification, implementation, and assessment of common security controls.

Answer 112

A

Responsible for ensuring systems provide value to the organization

Use of governance methods like COBIT to help business owners and mission owners balance security control requirements with business and mission needs.

Answer 113

A

Data processor per GDPR is natural or legal person, public authority, agency or other body which processes personal data on behalf of the Controller

Data Controller - Controls / collects the processing of data

Answer 114

A

Data owners often delegate day to day tasks to data custodians. Custodians protect integrity and security of data. Store, protected, backed up, audited/logs. Typically IT.

Answer 115

A

Many orgs views any individual with elevated privileges to be administrators

Answer 116

A

Use of Imaging to establish systems baselines and then use of auditing processes to ensure no changes are made

NIST SP800-53 identifies baseline security controls

Answer 117

A

Tailoring modifies list of security controls baselines to align with organization mission.

Scoping is part of the tailoring process that reviews the baseline list of controls and selecting only those that apply to the IT systems trying to protect.

Answer 118

A

Confidentiality, Integrity, Authentication, and Non Repudiation

Data at Rest, in Motion and in Use

Answer 119

A

Symmetric and Asymmetric

Answer 120

A

Ensures data was not altered in transit. Created upon transmission of a message.

Answer 121

A

Provides assurance to the recipient of a message that it originated by the sender and not someone else masquerading. It also prevents sender from claiming they did not send.

Only achievable using Asymmetric or Public Key cryptosystems

Answer 122

A

The thought of allowing Algorithms to be public and known. The secret is kept in the keys themselves. Allows for more scrutiny on the algorithms and flush out exposures sooner for change and improvements.

Answer 123

A

Message prior to being encrypted. “P”

Answer 124

A

Message after encryption. “C”

Answer 125

A

All cryptographic algorithms rely on Keys. These are nothing more than a number. Large#

Answer 126

A

Range of values that are valid for use as a key for a specific algorithm.

Answer 127

A

The art of creating and implementing secret codes and ciphers

Answer 128

A

Study of methods to defeat codes and ciphers

Answer 129

A

combined Cryptography and Cryptoanalysis

Answer 130

A

Checks whether both values are true

Answer 131

A

Check whether at least one of the values is true

Answer 132

A

Reverses the value of the input

Answer 133

A

Returns true value only when one of the values is True

Answer 134

A

The remainder value left after a division operation

Answer 135

A

Mathematical operation that easily produces output values for each possible combination of inputs but makes it it impossible to retrieve the input values.

Answer 136

A

Method used to add randomness to encryption process. A nonce is a random number that acts as a placeholder for mathematical functions.

Answer 137

A

Appears in cyptography in cases where one individual wants to demonstrate knowledge of a fact (i.e. password or key) without actually disclosing the secret to the other individual.

Answer 138

A

Information or privilege required to perform an operation is divided among multiple users. Separation of duties and two-person control . Best example is KEY ESCROW - key is stored with third party for safekeeping. Environments where only one escrow recovery agent exists there is opportunity for fraud. M of N Control requires a min number of agents to work together,

Answer 139

A

The amount of time and effort required to perform a complete brute force attack against and encryption system

Answer 140

A

Not the same. Codes are crypto systems of symbols that represent word or phrases, are sometimes secret, but are not always meant to provide confidentiality. Ciphers are always meant to hid the true meaning of the message -work at the bits and blocks.

Answer 141

A

Use of encryption algorithm to rearrange the letters of a plaintext message forming ciphertext message.

Answer 142

A

Use of encryption algorithm to replace each character or bit with a different character

Answer 143

A

Powerful type of substitution cipher. Function. Ciphertext C = (PlainText P + EncrypKey K) Mode 26. key Must - Randomly generated, Physically Protected, Used only Once, must be as long at the message to be encrypted.

Answer 144

A

Also known as a book cipher. Key is often as long at the message itself and chosen from a common book newspaper or magazine.

Answer 145

A

Operate at the “chunk” or blocks level and apply the encryption to an entire message block at the same time. Transposition ciphers are examples.

Answer 146

A

operate on one character or bit at a time. Caesar cipher and one time pad are examples.

Answer 147

A

These are the two basic operations crypto algorithms use to obscure plain text messages.

Answer 148

A

pro - performance
cons - Key distribution, does not implement non-repudiation, algorithm is not scalable, keys must be regenerated often.

Answer 149

A

1) Addition of new users requires generation of only one public private key pair
2) Easy removal of users via a key revocation mechanism
3) Key generation is only needed when private key is compromised
4) Provides integrity, authentication and non repudiation
5) Simple key distribution
6) No preexisting communication link needs to exist

Major weakness is slow performance

Answer 150

A

Where Asymmetric cryptography is used to share symmetric private keys to enable a secure and performant communication.

Answer 151

A

Public key cryptosystems can provide digital signature capabilities when used in conjunction with message digest.

Message digest (also known as hash values or fingerprints) are summaries of a messsages content produced by a hashing algorithm.

Message digest are designed to protect the INTEGRITY of a piece of data. Detects changes or alterations.

Answer 152

A

Type of Crypto mode of operation.

Simplest mode in that it simply encrypts the block using a chosen secret.

Easy to break bc if eavesdrpped can easily build code book and decrypt.

Impractical and used only for short small amount os data exchanges.

Answer 153

A

Type of Crypto mode of operation

Each block of unencrypted text is XORed with the block of cyphertext immediately preceeding it before it is encrypted.

Errors are easy to propagae.

Answer 154

A

Streaming cipher version of CBC. Operates agains data produced in real time.

Answer 155

A

Same as CFB mode but instead of XORing and encrypted version of the previous block of the ciphertext, OFB XORs the plaintext with a seed value.

Answer 156

A

Similar to CFB and OFB as a stream cipher, but uses a simple counter that increments for each operatrion. Errors do not propagate.

Answer 157

A

Takes CTR and adds authenticity giving assurances to the integrity of the data received.

Answer 158

A

Similar to GCM it offer both authenticity and confidentiality. Combines CTR for confidentiality with Cipher Block Chaning Message Code algorithm for authenticity. Used only with block ciphers that have 128 bit block length and requires a nonce that must change for each transmission.

Answer 159

A

US gov published in 1977
No longer secure
64 Bit cipher
Five modes - ECB, CBC, CFB, OFB, and CTR

KEY Used is 56 bits long

Answer 160

A

Stronger adapted version of DES but also no longer considered adequate.

Answer 161

A

Developed in response to the insufficient key length of the DES algorithm.

Operates on 64 bit blocks of plain text. However it begins operation with a 128 Bit key.

Operates in DES, ECB, CBC, CFB, OFB, and CTR.

Answer 162

A

Another block cipher operates on 64 Bit blocks of text.

Allows use of variable length keys rainging from 32 bits to 448 bits. With more security eats away at performance.

Answer 163

A

Approved for use in US gov in FIPS 185, Escrowed Encryption Standard (EES). Operates on 64 Bits blocks of text. Uses 80 bit key and supports the four DES modes of operation.

It supports the escrow of encryption keys

Skipjack and the CLipper chip were not embraced by the crypto community due to mistrust of the escrow procedures from the US gov.

Answer 164

A

Ron Rivest of Rivenst-SHamir-Adleman Data Security
Symmtric Cipher

Answer 165

A

Stream cipher developed in 1987
Single round of encryption
Use variable key lengths - 40 to 2048 bits

Answer 166

A

Variable block sizes (32, 63 or 128 bits)
Key sizes between 0 to 2040

Answer 167

A

Next version of RC5
Uses 128 bit block size
Allows use of 128, 192 or 256 symmetric keys

Answer 168

A

Oct 2000 NIST announced Rijndael block cipher was chosed to replace DES. Allows use of 128, 192, and 256 Key sizes. Only allows 128 bit block processings.

Answer 169

A

Algorithms are another family of symmetric block cipers.

Two forms CAST -128 and CAST-256.

Answer 170

A

Offline distribution
Public Key Encryption
Diffie-Hellman

Answer 171

A

A protection measure that requires that a minimum number of agents (M) out of the total number of agents (N) work together to perform high-security tasks.

Answer 172

A

A process by which a cryptographic key is split into multiple key components, individually sharing no knowledge of the original key, which can be subsequently input into, or output from, a cryptographic module by separate entities and combined to recreate the original cryptographic key.

Answer 173

A

An initialization vector (IV) is an arbitrary number that can be used with a secret key for data encryption to foil cyber attacks. This number, also called a nonce (number used once), is employed only one time in any session to prevent unauthorized decryption of the message by a suspicious or malicious actor.

Answer 174

A

type of substitution cipher used for data encryption in which the original plaintext structure is somewhat concealed in the ciphertext by using several different monoalphabetic substitution ciphers rather than just one; the code key specifies which particular substitution is to be employed for encrypting each plaintext symbol.

Answer 175

A

is the practice of concealing information within another message or physical object to avoid detection. Steganography can be used to hide virtually any type of digital content, including text, image, video, or audio content. That hidden data is then extracted at its destination.

Content concealed through steganography is sometimes encrypted before being hidden within another file format. If it isn’t encrypted, then it may be processed in some way to make it harder to detect.

Answer 176

A

Most famous public key cryptosystem. RSA public key algorithm remain a worldwide standard today.

1977

Ronald Rivest, Adi Shamir and Leonard Adleman

Answer 177

A

Another asymmetric algorithm which takes the principles of DIffie Hellman key exchange (for Symmetric Key Exchanges) can be extended to support an entire public key cryptosystem.

Open to public domain

Downside is that it doubles the size of the message it encrypts.

Answer 178

A

ECC, an alternative technique to RSA, is a powerful cryptography approach. It generates security between key pairs for public key encryption by using the mathematics of elliptic curves.

Formulaic problem is more difficult and harder to break than RSA, Diffie-Hellman or ElGamal.

Key length is important but due to the nature of ECC, crypto key of 256 ECC is equivalent to a 3072bit RSA key.

Answer 179

A

Allows two individuals to generate a shared secret key over an insecure communication channel.

This is an example of public key cryptography.

Key exchange protocol, NOT an encryption protocol.

Used to establish a symmetric encryption communication channel. “Hybrid Cryptography”

Used in TLS

Answer 180

A

Real of digital signatures. Proof that a message originated from a specific user.

They take a potentially long message generate a unique output value derived from the content of the message. This is referred as a “message digest”

SHA
MD5
RIPEMD

Answer 181

A

!) The input can be of any length
2) The output has a fixed length
3) Easy to compute for any input
4) One way function (hard to determine input with the output)
5) Collision resistant

Answer 182

A

SHA 1 - 160 bit message digest.
Deprecated 2017

SHA 256 - 256 message digest, 512 block size
SHA 224 - 224 message digest using 512 block size. Truncated version of 256
SHA 512 - 512 message digest 1024 block size
SHA 384 is the truncated version of 512

SHA 2 Generally considered secure

Answer 183

A

Message Digest developed by Ronald Rivest same as RSA.128 bit 512 blocks.

No longer viable due to attacks

Answer 184

A

Used in Bitcoin

128 bit digest.

Not secure

Latest secure version is RIPEMD-160 - 160 bit hash

Answer 185

A

Ensures messages truly came from sender and no modifications in transit.

Ensures crypto goals of integrity, authentication and non repudiation

Answer 186

A

Hashed message authentication code - implements a partial digital signature, it guarantees the integrity of the message during transmission ,but does not provide non-repudiation. Relies on a shared key.

Answer 187

A

NIST specifies which digital signature algorithms are acceptable for federal use.

Today must use SHA-3

DSS also specifies acceptable encryption algorithms - DSA - Digital Signature Algorithm
RSA,
ECDSA - Elliptic Curve DSA.

Answer 188

A

Proving to the CA your identity

Answer 189

A

Provide your public key to the CA, who in turn provides you with a X.509 certificate signed with the CA Private Key

Answer 190

A

Domain Validation - CA validates certificate subject has control of domain name

Extended Validation - higher level of assurance that subject is a legitimate business

Answer 191

A

Check digital signature of the CA is authentic
You trust the CA
Certificate is no on a CRL (Certificate Revocation List)
Cert actually contains the data you are trusting

Answer 192

A

Instructs browsers to attach a cert to a subject for an extended period of time.

Answer 193

A

Compromised
Erroneously issued
Details of cert changed
Security association changed ( no longer work or employed by org)

Answer 194

A

Certificate Revocation List - Latency due to the need to download and sync

Online Certificate Status Protocol (OCSP) - Real time checks via an OCSP server. Burden this server, high activity.

Certificate Stapling is an extension to OCSP to relieve workload. Allows certificates to be “stapled” for a period of time typically 24 hrs where it can be reused.

Answer 195

A

Provides and effective way to manage encryption keys. Store and manage keys. SImple as a Yubikey or datacenter services offered through IaaS services.

Answer 196

A

Takes the best of both worlds of Synmetric and Assymtric keys and combines

Ephemeral Key is a temporary key exchanged once asymmetric crypto connection is established and exchange of a Symmtric key. Ease of deployement + performance.

Answer 197

A

Secure email system - 1991. Combines CA hierarch with Web of Trust concept. You must become trusted by one or more PGP users to begin using the system..

Answer 198

A

Secure/Multipurpose Internet Mail Extentions - Emerged as the defacto standard for encrypted emails.

Answer 199

A

AES
Rijindael
Blowfish
DES
3DES
Rivest Cipher 4
RC5
RC6
Skipjack
CAST 128
CAST 256
Twofish
IDEA

Answer 200

A

RSA
Merkle Hellman Knapsack
ElGamal
Elliptic Curve
Diffie-Hellman Key Exchange

Answer 201

A

SHA
MD5
RIPEMD

Answer 202

A

It is important to understand that beyond looking at the TLS version and ensuring it is one of those supported, one needs to also look at the cipher suite it support.

Cipher suites are combinations of encryption algorithms used together

Answer 203

A

1) Key Exchange Algorithm ( RSA, Diffie Hellman)
2) Authentication Algorithm
3) Bulk Encryption Algorithm
4) Hash Algorithm

Answer 204

A

Provides a mechanism for anonymous routing traffic across the internet using encryption and relay nodes. Leverages “perfect forward secrecy” where layers of encryption prevent nodes in the relay chain from reading anything bu what they need to manage traffic.

Answer 205

A

The art of using cryptographic techniques to embed secret messages within another message.

Answer 206

A

Link Encryption lower in the OSI layer

End to End Encryption higher in the OSI layer. Header, Trailer, address and routing data is not encrypted like Link Encrypt.

Answer 207

A

Architecture framework for secure communications over IP. Network traffic.

Set by Internet Engineering Task Force (IETF)

Two components 1) authentication header - message integrity and non repudiation, 2) encapsulating security payload - confidentiality and integrity of packet contents.

Answer 208

A

Transport Mode - only packet payload is encrypted. End to End encryption

Tunnel Mode - - entire packetincluding header is encrypted. Link encryption

Answer 209

A

Technology allows ability to perform computtion on data while it is encrypted.

Answer 210

A

Attacks logic of the algorithms

Answer 211

A

Exploits weaknesses in the implementation of the crypto system. Exploits software code.

Answer 212

A

attacks the hardware or OS for statistical weaknesses such as floating point errors or inability to produce truly random numbers.

Answer 213

A

Attempts every possible valid combination for keys or passwords.

The time required to discover a password/key is proportional to the length of it. There are way to shorten this via 1) Ranbow tables, 2) Specialized scalable computing hardware.

Answer 214

A

Compromise by causing external fault for example by using high voltage electricity, high/low temps, or other factors to cause malfunction.

Answer 215

A

Monitor system activity “footprints” to attack the information being actively encrypted.

Answer 216

A

Example of a side channel attack which measures how long crypto operations take to complete to undermine security

Answer 217

A

Combats brute force attacks. A cryptographic salt is a random value that is added to the end of a PW before the OS hashes the pw and stored.

Answer 218

A

Looks at the encrypted cyphertext message and counts the number of times a letter appears and determines the types of ciphers being used for example a transposition or substitution cipher.

Answer 219

A

Attacker has a copy of the encrypted message and the plain text. This allows to break weaker codes.

Answer 220

A

Attacker obtains cypher texts and corresponding plain texts of their own choosing to determine key

Answer 221

A

Attacker has the ability to decrypt chosen portions of the ciphertext and use the decrypted portions to discover the key

Answer 222

A

Attacks algorithms that use two rounds of encryption. Reason why 2DES was quickly deemed nonviable.

Attacker uses a known plain text and searches for every possible encryption (K1) and decryption keys (K2) to find a match.

Answer 223

A

Attacker sit in the middle of two communicating parties and intercepts all communication. This attackers sets up secure sessions with both the sender and recipient.

Answer 224

A

During a birthday attack, the attacker tries to find two different input messages that produce the same hash value, called a collision. By finding a collision, the attacker can deceive a system into believing that two other notes are identical. For instance, they can forge a digital signature or crack a password hash.

Answer 225

A

Attacks systems that dont incorporate temporal protections , ie. timestamps and expiration periods, challenge response mechanims and encrypting authentication session. Attacker intercepts an encrypted message and later replays it to open a new session.

Answer 226

A

PBKDF2
bcrypt
scrypt

For Key stretching

Answer 227

A

When subject A request Object B and in turn Subject B requests from Object C. In essense A receives data from C..

Serious security concern.

Answer 228

A

Fail Soft - Is to allow a system to continue to operate after a component failure

Must assess between Physical and Digital World

In the physical world if Human protection is prioritized - Fail Safe
If asset is the priority then - Fail Secure

In the physical world Fail Open is synonimous to Fail Safe and Fail Closed is synonimous to Fail Secure

In the Digital world the protection revolves around Availability and Confidentialigy/Integrity. Fail Open prioritizes Availability over C/I. Fail Closed prioritizes the reverse.

Answer 229

A

Dont Repeat yourself - eliminate redundant code
Computing Minimalism - code that uses lease amount of hw/sw resources
Rule of Least Power - use of least powerful programming language
Worse is Better - Quality does not mean increase in capabilities and function
You are not gonna need it - Dont add capabilities until is actually necessary

Answer 230

A

No longer a security perimeter
Never Trust Always Verify

Answer 231

A

Dividing an internal network into numerous subzones. Communications between zones are filtered and may require authentication, require session encryption and subject to allow list and block list controls.

Answer 232

A

Have developers integrate privacy protections early in design.

Proactive and not reactive
Preventive not remedeial
Privacy as a default
Privacy embedded in design
Full Functionality
End to End security
Visbility and transparency
Respect for user privacy

Answer 233

A

Traditional approach of trusting subjects and devices in a company’s security perimeter automatically.

No longer sufficient.

Answer 234

A

Confinement is making sure that an active process can only acces specific resources (such as memory)

Bounds is the limitation of authorization assigned to a process to limit the resources the process can interact with and the types of interactions

Isolation is the means by which confinement is implemented through the use of bounds.

Answer 235

A

Tokens - separate object with attributes
Capabilities List - maintains row of security attributes - look ups
Labels - permanent part of the object - attached - can not be altered.

Answer 236

A

Ways to formalize security policies in code. Provides set of rules that a computer can follow to implement fundamental security concepts, processes, and procedures of a security policy. Provides sw designers a mesurement for their implementations.

Answer 237

A

Combination of HW, SW and controls to meet enforce security policy.

Must be as small as possible.

Each TCB must adhere and enforce policy

Security Perimeter - is the boundary

Must establish Trusted Paths of communication in to out of perimeter

Trusted Shell - for communication command line operations

Reference Monitor - Validates access to every resource prior to granting access

Security Kernel - collection of components in the TCB that work together to implement reference monitor functions

Answer 238

A

Describes a system that is always secure no matter what state it is in.

State transistions

IF each posible state and transitions meet security policies

The system is called a secure state machine

Answer 239

A

Based on the state machine model , controls information flow and ensures all authorized flows and prevents unauthorized flows.

Used to establish relationship between two version or states

Answer 240

A

Concerned with how the actions of a subject at a higher security level affect the system state or the actions of a subject at a lower security level. Subject A/ High should not affect or interfere with actions of Subject B/Low.

Answer 241

A

Dictates how rights can be passed from one subject to another - Employs a directed graph.

Used to figure out when rights in the system can change and where leakage (unintended distribution of permissions) can occur.

4 Rules for Rights
1) Take Rule - Take rights
2) Grant Rule - Grant rights
3) Create Rule - Create rights
4) Remove Rule - Remove rights

Answer 242

A

Used by systems to quickly determine whether a requested action by a subject for an object is authorized.

Answer 243

A

From DoD - 1970
Multilevel security policy - Littice based

Prevents leaking or transfer of classified info to less secure clearance levels

Solely focused on Confidentiality

3 Principles
1) Simple Security Property - Subject may not read information at higher sensitivity level - No REad Up
2) *Star Security Property - Subject may not write information to a lower sensitivy level - No Write Down - “Confinement Property”
3) Discretionary Security Property - System uses an access matrix to enforce discretionary access control

First two states which the system can transition. All states end secure.

Answer 244

A

Focuses on Integrity

Prevents modification of objects by unauthorized subjects, prevent unauthorized modification of objects by authorized subjects, and protect internal and external object consistency.

Principles:
1). Simple Integrity Property - States subject cannot read an object at a lower integrity level - No Read Down
2) * Star Integrity Property - States subject cannot modify object at higher integrity level - No Write Up

Answer 245

A

Not a State machine, Not Latticed model

Enforces Data Integrity

It uses a three part subject/program/object relationship called - Access Control Triplet

2 Principles:
1) Well formed Transactions - Programs
2) Separation of Duties

Subject can only access object through a program, interface or access portal. No direct access to objects.

Answer 246

A

To address conflict of interest

Permits access controls to change dynamically based on user previous activity.

“chinese wall”, “ethical wall” , “cone of silence”

Answer 247

A

Integrity Model

Foundation for NonInterference concepts and model.

Based on predetermining the set or domain of objects that a subject can access. Subjects in one domain can not interfere those of other.

Answer 248

A

Integrity Model
Model is based on the idea of defining a set of system states, initial states, and state transitions. Through these predetermined states integrity is maintained and interference prohibited.

Answer 249

A

Focused on the secure creation and deletion of both subjects and objects

Securely create an object
Securely create a subject
Securely delete an object
Securely create a subject
Securely provide the read access right
Securely provide the grant access right
Securely provide the delete access right
Securely provide the transfer access right

Answer 250

A

Fo uses on assignment of object access rights to subjects as well as the resilience of those assigned rights. Extension of the Graham Denning Model

HRU access rights can be represented in a matrix

Answer 251

A

Buyers consider systems that have been subject to formal evaluation

Common Criteria offers a subjective product evaluation model, key objectives
1) add buyer confidence in security of product
2) elimination of duplicate evaluations
3) make evaluations cost effective and efficient
4) adherence to high and consistent standards
5) promote evaluation
6) functional evaluation and assurances of the target evaluation

TOE - target of evaluation
PP - Protection profile - specifies the requirements and protections to be evaluated
ST - Security Targets - vendor claims “I will provide”

EAL - Evaluation assurance levels 1-7

Answer 252

A

Authorization to Operate

Common Control Authorization - Security control is inherited from another provider

Authorization to Use - Issued when a 3rd party provider (i.e. cloud service) provides IT/IS servers that are deemed to have a risk acceptable level.

Denial of Authorization

Answer 253

A

To handle tow or more tasks simultaneously.

Answer 254

A

Means a CPU now a chip contains two/four/dozen or more independent cores that can operate simultaneously or independently.

Answer 255

A

A multiprocessor system harness the power of more than one processor to complete the execution of a multithreaded application.

Answer 256

A

This is at a process level.

Permits multiple concurrent tasks to be performed within a single process.

Unlike multitasking where multiple tasks consist of multiple processes.

Multithreading is used in applications where frequest context switching between multiple active processes causes excessive overhead. Switching between threads is more efficient.

Answer 257

A

Similar to multitasking

Is a way to batch or serialize multiple processes so that when one process stops to wait on a peripheral, its state is saved and the next process in line begins to process.

Answer 258

A

organize code and components in the OS into circles of priviledge.

Ring 0 - Kernel
Ring 1 Other OS components
Ring 2 Drivers protocols
Ring 3 User level programs and applications

0-2 priviledge mode
3 - User mode

Ensures right access to data by the right component in the runtime environment

Answer 259

A

Or Operating states are the various forms of execution which a process may run.

Ready State - Process is ready to resume or begin processing

Running State - Or problem state executes on the CPU and continues until finishes, its time slice expires or it is blocked. if stopped goes back to ready or if paused goes to Waiting

Waiting State - Waiting for I/O to be serviced before continuing.

Supervisory State - When process must perform an action that requires priviledges greater than the problem state’s set of priviledges.

Stopped State - Process finishes or must be terminated

Answer 260

A

Read Only Memory. Several types

1) PROM - Programable
2) ERPOM - Erasable. Ultraviolet EPROM can be erased with a light.
3) EEPROM - Electronically Erasable - Use electric voltages to force erasure
4) Flash Memory - Non volatile form of storage media that can be electronically erased and rewritten.

Answer 261

A

Random Access Memory

Real Memory - Main or primary memory

Cache RAM - takes data from slower device to temporary store for faster access.

Data is lost with loss of electrical power

Two types of RAM - Dynamic and Static

Dynamic leverages a charge to maintain bits 1 or 0. Bc the charge fades, the cpu needs to refresh to maintain data

Static RAM maintains the data with a logical device called “flip flop”. Does not incur CPU, performs faster, but is more expensive.

Answer 262

A

On board memory in CPU for the ALU ( arithmetic logical unit) to perform calculations or processes instructions.

Answer 263

A

Means to refer to various locations in memory

1) Register Addressing

2) Immediate Addressing - A way of referring to data that is supplied to the CPU as part of an instruction.

3) Direct Addressing - cpu is provided actual memory location to address. Must be on the same memory page.

4) Indirect Addressing - cpu is provided a memory address that contains another where the data resides.

5) Base+Offset - uses a value stored in one of the CPU registers as the base from which to begin counting to compute the desired memory location.

Answer 264

A

Used to refer to magnetic, optical or flash based media or other storage devices that contains data not immediately accessble to the CPU.

Data must first be read into real memory.

Virtual memory is a type of secondary memory.

Answer 265

A

Primary Memory = Primary Storage

Secondary Memory = Secondary Storage

Answer 266

A

Measure of how likely to lose data when power is turned off or cycled.

Answer 267

A

Most secondary storage is random

Tape is an example of sequential where you have to read through all data prior to the desired location.

Answer 268

A

where adversaries intercept electronic or radio frequencies - i.e. monitors, network cables, modems, mobile

TEMPEST countermeasures originally a government research aimed at protecting equipment from electro magnetic pulse during nuclear explosions, expanded to study this area of vulnerability.

Answer 269

A

Faraday Cage - external metal skin, wire mesh that surrounds room, buliding, etc

White Noise - broadcase of false traffic

Control Zone - Implementation of both Faraday and White noise to protect an area.

Answer 270

A

Also known as Microcode

Software stored in ROM

Answer 271

A

Embedded in motherboards EEPROM or flash chip.

Contain the OS independent privimitive instructions that a computer needs to start up and load the OS from disk.

Answer 272

A

Supports all same functions as BIOS + more, such as support for larger hard drives, faster boot times, enhanced security etc.

Answer 273

A

Process of updating the UEFI, BIOS, or firmware.

Hacker attacks on this is Phlashing

Answer 274

A

Check on a signed preapproved digital certificate.

Answer 275

A

Optional feature of UEFI that takes a hash calculation to ensure no components where compromised.

Answer 276

A

Single computer contains multiple processors created equally and controlled by a single OS

Answer 277

A

Processors operating independently with own OS and/or task instruction set, dedicated data bus and memory resources

Answer 278

A

Collection of AMP linked together to work on a single primary task.

Answer 279

A

A Programmable Logic Controller (PLC) is used to control a single device in a standalone manner

A Distributed Control System is used to interconnect several PLCs, but within a limited physical range in order to gain centralized control management and oversight through networking

SCADA (supervisory control and data acquisition) expanded to large scale physical areas to interconnect multiple DCSs and PLCs.

Answer 280

A

Edge performs processing on the distributed edge close to where data originates. Fog computing performs centralized processing of data collected by distributed sensors.

Answer 281

A

Offer computational means to control something in the physical world. Examples - prosthetics to provide human augmentation or assistance, collision avoidance, air traffic control, robot surgery etc.

Answer 282

A

This architecture constructs applications or functions out of existing but separate and distinct sw services.

New apps or functions need to be vetted.

Answer 283

A

Derivative of SOA. Is one element, feature, capability, business logic or function on a web.
Each must have clearly defined and secure APIs for cross I/Os

Answer 284

A

AWS CloudFormation, Terraform, or Puppet.

Answer 285

A

SW deployed that it is fooled to believe it is interacting with a full host OS. Instead any interactions with a supposedly OS is intercepted by isolation manager and recorded into a file. This fools the app to believe it is interacting with the OS.

This is sandboxing.

Transform app to be portable.

Evolved to containerization concept.

Answer 286

A

Hosting of desktop/workstations OS virtual machines on central servers that are remotely accessed.

Reduce security risk.

Answer 287

A

Occurs when software within a guest OS is able to breach the isolation protection provided by the hypervisor and violates the container of other guest OS or infiltrate the host OS.

Answer 288

A

Based on the concept of eliminating the duplication of OS elements in a virtual machine.

Answer 289

A

In PaaS the entire execution environment or platform is spun up to host an application and it is always running, consuming resources and racking up costs. With Serverless Architecture or FaaS, the functions run only when called and then terminate when operations complete.

Answer 290

A

Control over mobile devices and the access to content hosted on company systems as well as teh control of access to company data stored on mobile devices

Answer 291

A

Device management that limits which applications can be installed on a device.

Answer 292

A

Action of breaking the digital rights management (DRM) security on the bootloader or a mobile device in order to be able to operate the device with root or full system privileges.

Answer 293

A

Hardware security modules (HSMs) are hardened, tamper-resistant hardware devices that secure cryptographic processes by generating, protecting, and managing keys used for encrypting and decrypting data and creating digital signatures and certificates.

Answer 294

A

Inform and guide the design, development, implementation, testing and maintenance of a particular system.

Answer 295

A

Is a systematic effort to identify relationships between mission critical applications, processes, and operations and all necessary supporting elements.

Answer 296

A

when various technologies merge over time. This can be a single point of failure.

Answer 297

A

CPTED. Core principle is that the design of the physical enviornment can be managed, manipulated and crafted with intention in order to create behavioral effects or changes in people present in those areas that reduce crime as well as fear of crime.

Strategies
1) Natural access control
2) Natural surveillance
3) Natural territorial reinforcement

Answer 298

A

Deter
Deny
Detect
Delay
Determine
Decide

Answer 299

A

Elements include:
1) Entrance facility - where cable from provider connects to the internal cable plant

2) Equipment Room - main wiring closet for the building

3) Backbone distribution system - provides wired connections between the equipment room and telecommunications room, including cross floor connections

4) Wiring Closet - serves connection needs for a floor or section of a large building. Also known as IDF intermediate distrubtion fram, telecommuncations room, and intermediate distribution facilities.

5) Horizontal distribution system - provides connection between telecommunications room and work areas

Answer 300

A

Pertains to cameras and video surveillance. Evaluation of the way someone walks as a form of biometric authentication.

Answer 301

A

Sensitive Compartmented Information Facility. Used by government and military.

Provide a secure environment for highly sensitive data storage and computation.

Answer 302

A

Uninterrupted Power Supply

Double Conversion - takes power out of the wall outlet, store in battery, pulling power out to feed whatever devices connected. Ensures common, streamlined quality feed.

Line Interactive - Non in line. If the grid fails will automatically switch to the battery. Has surge protectory, battery charger/inverter and voltage regulator.

Answer 303

A

Fault - momentary loss of power
Blackout - complete loss of power
Sag - momentary low voltage
Brownout - prolonged low voltage
Spike - Momentary high voltage
Surge - Prolonged high voltage
Inrush - surge of power usually associated with power source connect
Ground - electrical circuit for alternate pathway to flow to earth.

Answer 304

A

Is the interference of power through some form of disturvance, interruption or fluctuation,

EMI is electromagnetic interference. Two types - Common mode noise and Traverse mode.

RFI or radio frequency interference

Answer 305

A

Technique to arrange server rakes in lines separated by ailes.

Answer 306

A

GUides and assists with sustaining personnel safety in the wake of a ddisaster.

Answer 307

A

Layer 7 - Application
Layer 6 - Presentation
Layer 5 - Session
Layer 4 - Transport
Layer 3 - Network
Layer 2 - Data Link
Layer 1 - Physical

Answer 308

A

Communcation between OSI layers occur through encap and deencap

Headers and footers

Peer layer communcations

Answer 309

A

Responsible for interfacing user application, network services or the OS with the protocol stack.

Answer 310

A

Formats data. Also responsible for encryption and compression

Answer 311

A

Responsible for establishing, maintaining and terminating communication sessions between two computers

Simplex
Half Duplex
Full Duplex

Answer 312

A

Manages the integrity of a connection and controllling the session.

TCP/ UDP/ TLS protocols operate in this layer

Answer 313

A

Reponsible for logical addressing and performin routing. Routers are the primary network hardware in this layer.

Distance vector vs link state

Answer 314

A

Formats packets to frames for transmission

Deals on actual physical addresses - MAC, NIC Ethernet

Protocols includ the Address Resolution Protocol ARP

Switches and bridges are the hardware devices in this layer

Answer 315

A

Converts frams into bits for transmission of the physical connection

Answer 316

A

Four layers instead of 7 in OSI

Application
Transport
Network Interface
Link

Answer 317

A

Examines contents of network traffic.

Also called sniffer, netowkr evaluator, network analyzer, traffic onitor, or packet capturing utility..

Places NIC in promiscuous mode.

Sets rules for capture and display filters.

Answer 318

A

Telnet, TCP Port 23 - SUpports remote connectivity for executing commands and running applications. No transfer of file support

FIle Transfer Protocol FTP - TCP Ports 20 and 21

Trivial FIle Transfer Protocol TFTP UDP Port 69

Simple Mail Transfer Protocol SMTP - TCP Port 25

Post Office Protocol POP3 TCP Port 110

Internet Message Access Protocol IMAP4 TCP Port 143

Dynamic Host Configuration Protocol DHCP - UDP Ports 67server and 68 for client

Hypertext transfer protocol HTTP TCP Port 80

HTTPS TCP Port 443

Line Printer Daemon LPC TCP Port 515

X Window TCP Port 6000-6063

NFS TCP Port 2049

SImple Network Management Protocol - SNMP UDP Port 161

Answer 319

A

Two primary protocols of TCP/IP is TCP (full duplex) and UDP (simplex)

Done using ports

Port numbers are 16 digit binary numbers totalling 2^16 or 65,536

Firlst 1024 are well known ports used by servers

From 1024 to 49151 are registered software ports used by networking software products

From 49153 to 65535 are random, dynamic or ephemeral ports used by clients.

3 way hand shack - client send SYNC, Server SYNC/ACK, and client ACK

Answer 320

A

TCP for data delivery. Guarantees data delivery. Retrys

UDP used when delivery of data is not essential. Best effort. No error detection or corrections, no sequencies, no flow control. Used for real time streaming - audio, video.

Answer 321

A

Computer name is a “temporary” Human Friendly covention assigned to an IP address

Answer 322

A

Temporary logical address assigned over or onto the MAC Address

Answer 323

A

Permanent physical address

Answer 324

A

Resolves human friendly domain name with IP address

DNS operates over TCP and UDP over port 53

Answer 325

A

Top Level Domain TLD - is the .com

Registered Domain - is the google

Subdomain or hostname is the www

FQDN can exceed 253 characters. Any sincle section cant exceed 63.

Answer 326

A

Creates an encypted session with a DNS server of TLS protected HTTP and uses that session as a form of VPN to protect then DNS query and response

Answer 327

A

Adds a DNS proxy between the client and the DNS resolvers so the identity of the requesting client is isolated from the DNS resolvers. Provides anonimity and privacy to the DNS queries.

Answer 328

A

DNS Poisoning
Rogue DNS Server
DNS Cache Poisoning
DNS Pharming
Altering the Host File
Corrupt the IP Configuration
DNS Query Spoofing
Use Proxy Falsification

Answer 329

A

Limit zone transfers from internal to external DNS servers

Require internal clients to resolve all domain naes through the internal DNS

Limit the external DNS servers from which internal DNS servers pull zone transfers

Deploy a network intrusion detection system NIDS

Harden DNS and clients systems

Use DNSSEC to secure infrastructure

Use DoH or ODoH on all clients

Answer 330

A

Malicious act of changing registration of a domain name without the authorization of the owner

Answer 331

A

takes advantage of user mistypes of the domain or IP and redirects traffic

Answer 332

A

takes advantage on similarities in character sets to register phony international domain names that to the naked eye look legitimate

Answer 333

A

Practice of displaying a link or adverstisement that looks like a well known product, service or site

Answer 334

A

Means to redirect a user’s click or selection on a web to an alternate malicious site

Answer 335

A

IPv4 uses 32 bits vs IPv6 uses 128

New with IPv6 : scoped addresses, autoconfiguration, and QoS

Concerns of Transition
1) More addresses that attackers can use
2) IPv6 requires that all security filtering and monitoring products be fully upgraded to IPv6
3) Loss or lack of NAT - reduces privacy due to the lack of masking of the actual IP address from private to public realms

Answer 336

A

Dual stack, tunneling, or NAT-PT. Network address translation Protocol translation.

Answer 337

A

IPSEC
Kerberos
SSH
Signal Protocol
Secure Remote Procedure Calls
Transport Layer Security. TLS

Answer 338

A

Benefits:
1) A wide range of protocols can be used at higher layers
2) Encryption can be in various layers
3) Flexibiity and resiliency in coplex network structures

Drawbacks:
1) Covert channels are allowed
2) Filters can be bypassed
3) Legally segmented network boundaries can be overstepped

Answer 339

A

Concept of controlling access to an environment through strict adherence to and enforcement of security policy. Automates detection and response. Reacts realtime. Monitors systems to be current on patches and updates and compliant with latest security confirutations. Keep unauthorized devices out of the network

Answer 340

A

Provides clients on a private network with internet access while protecting their identities.

Brainscape's Knowledge GenomeTM

Chapter 1 - Security Governance Through Principles and Policies Flashcards

Brainscape's Knowledge Genome^TM