CISSP Flashcards

Question

Symmetric Encryption Ciphers mnemonic

Answer 1

3-hole Is Anything But Trusted Frantically Reverse Run Right (3DES, IDEA, AES, Blowfish, Twofish, Feistel, RC4, RC5, RC6)

Answer 2

Rugged Defensive Ends Easily Destroy Kickers (RSA, DSA, ECC, EG, DH, K)

Answer 3

DES with 3 keymodes only K1 is considered secure (until 2030)

Answer 4

International Data Encryption Algorithm IDEA I was born in 64, hope to Die before 128, Essentially secure, As expected it's proprietary 64 bit block size 128 bit key, (still secure but proprietary)

Answer 5

Advanced Encryption Standard A ROTS AddRoundKey, Rijndael, Open source, Transposition, Substitution

Answer 6

block cipher, uses Feistel, 64 bit blocks, 32 - 448 bit key lengths, NOT SECURE

Answer 7

similar to Blowfish but 128 bit blocks, key lengtsh of 128, 192, 256

Answer 8

splits plaintext into left and right halves, righ half doesn't change but is XOR'd with a subkey, then XOR's it again with the left block, recipient reversed XOR order

Answer 9

stream cipher 40-2048 bit key lengths - used by WEP/WPA/SSL/TLS NOT SECURE

Answer 10

Rivest Cipher remember key length similar to RC4 but with basic block sizes of 32,64,128 R for Roblox, 5 is for 5 lines need to remember below block cipher (Roblox) uses Feistel, 32/64/128 bit blocks, key length 0-2040 bits secure if high number blocks / keys

Answer 11

based on RC5 but meets AES requirements, 128 bit blocks, 128, 192, 256 bit key lengths, secure, but not widely used

Answer 12

Rivest Shamir Adleman, RSA block cipher, (Roblox) new keypair using very large prime numbers, (Supersized prime number keys) 1094-4096 bit keys ( of Amount) services authentication, key encryption, digital signatures, encryption uses AES symmetric encryption

Answer 13

Diffie-Helman, key exchange, earliest to allow unknown parties to establish shared key, after keys established, can be used for later encryption

Answer 14

Elliptic Curve Cryptography, logarithms applied to elliptical curves, proprietary, 256 bit ECC key is as strong as 3072 bit RSA key, power efficient

Answer 15

EIGamal, based on DH, used in GNU Privacy guard and PGP

Answer 16

Digital Signature Algo, uses different algo for signing and encryption than RSA, provides same level of security, 2 phase key gen, variant of EIGamal

Answer 17

KOPP"N Knapsack, one-way, public key for encryption, private key for decryption, NOT SECURE

Answer 18

Menacing Middle Stops Small Speedy Halfbacks Reversing Run (MD5, MD6, SHA1, SHA2, SHA3, HAVAL, RIPEMD, RIPEMD160)

Answer 19

128 bit fixed length has value widely used but can create collisions (2 different data can equal the same hash)

Answer 20

withdrawn due to flaws

Answer 21

Secure Hashing Algo, 160bit hash value, weak collision avoidance, still used alot

Answer 22

Secure Hashing Algo, newer and collision resistant, used some

Answer 23

Secure Hashing Algo, newest, not used much yet

Answer 24

Hash of Variable Length, MD length is variable 128/169/192/224/256 bits, not widely used

Answer 25

developed outside of defense to ensure no government backdoors, NOT SECURE

Answer 26

fixed RIPEMD but not widely used, secure

Answer 27

A technique used to increase the strength of stored passwords. it adds additional bits (called salts) and can help thwart brute force and rainbow table attacks.

Answer 28

Message Authentication Code hash function provides integrity, authenticity

Answer 29

Pretty Good Privace provides privacy, authentication, can also provide confidentiality, integrity, and non-repudiation

Answer 30

used for file, directory & whole disk encryption, email, uses Web of Trust model (if you trust me you trust those I trust)

Answer 31

S/MIME is an IETF standard that provides cryptographic security for electronic messaging uses PKI to encrypt and authenticate email

Answer 32

[LLITA,BFPSD] Large Lineman Interrupt Tackling Attempts, But Freaky Passers See Downfield TCP/IP / PDU / OSI Link & Physical / Bits / (OSI 1) Link & Physical / Frames / (OSI 2) Internetwork / Packets / (OSI 3) Transport / Segments / (OSI 4) Application / Data / (OSI 5-7)

Answer 33

Very Intelligent Quarterbacks Identify Top Pass Catchers Strethcing Defense Out Version IHL/IP Header Length QoS ID/Flags/Offset for fragmentation TTL Protocol number Checksum Source address Destination address Options

Answer 34

Vicious Tacklers Frighten Passers Needing To Score Deep Version Traffic class/ Priority Flow label (QoS) Payload length Next header TTL Source address Destination address

Answer 35

Internet-Games Involve People Chanting Pretentious R A P P (Electronic Discovery Reference Model) Information Governance Identification Preservation Collection Processing Review Analysis Production Presentation

Answer 36

In Practice All Players Try Something Not In Playbook IPA PT SNIP Identify Propose Assess risk, impact Provisional change approval Test the change Schedule the change Notification of change Implementation of change Post implementation reporting

Answer 37

Planning Recovery Rarely Matters Preparation Response Recovery Mitigation

Answer 38

P S B I R P I T T M Project Initiation Scoping Project BIA (business impact analysis) Identify Preventive Controls Recovery Strategy Plan Design Implementation Training Testing Maintenance

Answer 39

Best Coaches Intend Immediate Success Visionary Inspire Spur Stimulate Sacrifice Broken Access Control Cryptographic Failures Injection Insecure Design (new) Security Misconfiguration Vulnerable and Outdated Components Identification and Authentication Failures Software and Data Integrity Failures (new) Security Logging and Monitoring Failures Server-Side Request Forgery (new)

Answer 40

Every Win For Competitive Teams Forces Players Subserviance to Coaches Superior Schemes with Confidence Principles: (FF PEWT CCC SSS) 1 Face to Face communication is best 2 Frequent delivery 3 Primary measure of progress is working software 4 Early continuous delivery 5 Welcome changes 6 Trusted individuals 7 Cooperation between business and developers 8 Continuous attention to good design 9 Continuous improvement 10 Self-organizing teams produce best results 11 Simplicity 12 Sustainable development at constant pace How it works: Agile does not deliver prototypes, but breaks product down to individual features and features are continuously delivered does not follow rigid processes, but focuses on getting the product finished faster focus on user stories, small incremental deliveries less documentation, more focus on delivering right software

Answer 41

(PU CAFFE) - only somebody EXTREMEly stupid would eat at the pu caffe) Pair programming (continuous code reviewing, or taking code reviews to the EXTREME) Unit testing Code clarity and simplicity Avoidance of features until they are needed Flat management Frequent communication between dev and bus Expecting changes as problem is better understood "take away regularity of scrum and add alot of code reviewig you get Extreme Programming" Results in less errors, better code

Answer 42

PREE Planning Risk Analysis Engineering Evaluation angular aspect is progress diameter of spiral is cost

Answer 43

VOMIT SCiEnCE DB Validation Points Obfuscation / Camouflage Memory Management Input Validation Third Party Libraries and SDKs Stored Procedures Code Reuse / Dead Code Encryption Code Signing Error and Exception Handling Data Exposure (Applications) Balancing Time and Quality

Answer 44

Cybersecurity Framework NIST (I Protect Data Revealing Robberies) Identify Protect Detect Respond Recover

Answer 45

Risk Management Framework (RMF) NIST 800-37 Steps (Perilous Cases Start In An Angry Mob) Prepare - establish context and priorities Categorize - based on impact of loss Select - set of controls for a system based on risk assessment Implement - controls and describe how they fit Assess - controls for propiety Authorize - system of controls to determine if risk is acceptable / reasonable Monitor - system and controls for changes

Answer 46

[CAP] Continuous Audit Trail Automatic Expiration Persistent Online Authentication

Answer 47

Name / Block Size / Key Size(s) / Secure or Insecure 3D DIRRRT CCARBS 3DES / 64 / 112,168 / S DES / 64 / 56 / I IDEA (used in PGP) / 64 /128 / S RC4 (Rivest Cipher) / N/A stream cipher / 40-2048 / I RC5 / 32,64,128 / 0-2040 / S RC6 / 128 / 128,192,256 / S Twofish / 128 / 1-256 / S CAST-128 / 128 / 40-128 / S CAST-256 / 128 / 128,160,192,224,256 / S AES / 128 / 128,192,256 / S Rijndael / variable / 128,192,256 / S Blowfish / 64 / 32-448 / I Skipjack / 64 / 80 / S

Answer 48

Name / Hash value length(s) / Secure or Insecure MRS S2and3 H H MD 5or6 / 128 / 5-I, 6-S RIPEMD / 128,160,256,320 / 128 I, other S SHA1 / 160 / I SHA 2or3 / 224,256,384,512 / S HAVAL / 128,160,192,224,256 / S HMAC / variable / S

Answer 49

NIST DSA (FIPS 186-4) RSA (ANSI x9.31) ECDSA (ANSI x9.62)

Answer 50

[ACAD] ATO authorization to operate CCA common control authorization - used for inheritance when risk is acceptable ATU authorization to use - used when third party providers servers are acceptable risks or for reciprocity of another AO's ATO DOA denial of authoriztion

Answer 51

uses unsolicited replies

Answer 52

has a subset which is port-based (802.1X)

Answer 53

uses global rules applied to all users equally

Answer 54

grants access using predefined labels for specific labels MAC is based on a hierarchical model. The hierarchy is based on security level. All users are assigned a security or clearance level. All objects are assigned a security label. Users can only access resources that correspond to a security level equal to or lower than theirs in the hierarchy.

Answer 55

uses JSON web tokens provides authentication and profile information for internet SSO, it is built on OAuth 2.0 framework

Answer 56

restore normal business activity in the case of a disaster event

Answer 57

focused on keeping business functions uninterrupted

Answer 58

guides an organization through recovery of normal operations at the primary facility affected by disaster

Answer 59

The Kerberos protocol flow involves three secret keys: client/user hash, TGS secret key, and SS secret key. The basic protocol flow steps are as follows: C K C C K C T Step 1: Initial client authentication request: The user asks for a Ticket Granting Ticket (TGT) from the authentication server (AS). This request includes the client ID. Step 2: KDC verifies the client's credentials. The AS checks the database for the client and TGS's availability. If the AS finds both values, it generates a client/user secret key, employing the user's password hash. The AS then computes the TGS secret key and creates a session key (SK1) encrypted by the client/user secret key. The AS then generates a TGT containing the client ID, client network address, timestamp, lifetime, and SK1. The TGS secret key then encrypts the ticket. Step 3: The client decrypts the message. The client uses the client/user secret key to decrypt the message and extract the SK1 and TGT, generating the authenticator that validates the client's TGS. Step 4: The client uses TGT to request access. The client requests a ticket from the server offering the service by sending the extracted TGT and the created authenticator to TGS. Step 5: The KDC creates a ticket for the file server. The TGS then uses the TGS secret key to decrypt the TGT received from the client and extracts the SK1. The TGS decrypts the authenticator and checks to see if it matches the client ID and client network address. The TGS also uses the extracted timestamp to make sure the TGT hasn't expired. If the process conducts all the checks successfully, then the KDC generates a service session key (SK2) that is shared between the client and the target server. Finally, the KDC creates a service ticket that includes the client id, client network address, timestamp, and SK2. This ticket is then encrypted with the server's secret key obtained from the db. The client receives a message containing the service ticket and the SK2, all encrypted with SK1. Step 6: The client uses the file ticket to authenticate. The client decrypts the message using SK1 and extracts SK2. This process generates a new authenticator containing the client network address, client ID, and timestamp, encrypted with SK2, and sends it and the service ticket to the target server. Step 7: The target server receives decryption and authentication. The target server uses the server's secret key to decrypt the service ticket and extract the SK2. The server uses SK2 to decrypt the authenticator, performing checks to make sure the client ID and client network address from the authenticator and the service ticket match. The server also checks the service ticket to see if it's expired. Once the checks are met, the target server sends the client a message verifying that the client and the server have authenticated each other. The user can now engage in a secure session.

Answer 60

a post-exploitation attack technique that attempts to obtain a password hash of an Active Directory account that has a Service Principal Name (“SPN”). In such an attack, an authenticated domain user requests a Kerberos ticket for an SPN. Prevention: HER G (Hygiene, Extraction, Restrict, Governance) Practice good password hygiene for service accounts Use long passwords (at least 25 characters) for service accounts Regularly rotate passwords every 30 days Implement group managed service accounts (gMSAs) or third-party solutions for automated password management Institute proper governance for service accounts Keep track of service accounts and their usage Enforce the principle of least privilege for all service accounts Follow NIST guidelines for password security, prioritizing password length over complexity and avoiding frequent password changes Restrict access to the KRBTGT account password Limit access to the KRBTGT password hash to minimize vulnerability to Golden Ticket attacks Identify accounts with rights to extract password hashes and remove unnecessary permissions Regularly change the KRBTGT password to invalidate any existing Golden Tickets Use Microsoft’s KRBTGT account password reset script every 180 days Prevent the extraction of service accounts Create an inventory of all service accounts and their details Maintain documentation for when accounts should be reviewed, deactivated, or deleted Grant minimum privileges necessary for each service account Change default passwords of service accounts Use automated password management solutions to regularly rotate passwords Use separate accounts for different services Avoid using the same password for multiple service accounts Promptly decommission service accounts that are no longer needed Use tools to detect and manage inactive service accounts Monitor service accounts for suspicious activity Use a real-time auditing solution with machine learning for anomaly detection and response

Answer 61

brute-force attack on Kerberos has a distinct advantage over attacks on other authentication methods: no domain account is required to perform the attack, just a connection to the KDC there is a u in both enumeration and brute force and unrealistic solution: detect unrealistic amounts of AS-REQ requests without follow-up requests

Answer 62

attackers steal encrypted parts of a AS_REP message from user accounts in order to then crack them offline AS-REP ends with P and preauthentication starts with P solution: make sure all accounts in your domain have the Kerberos pre-authentication enabled

Answer 63

A golden ticket in Active Directory — much like its namesake for Willy Wonka's chocolate factory — grants the bearer unlimited access. A Golden Ticket attack abuses the Kerberos protocol, which depends on the use of shared secrets to encrypt and sign messages. P. L. Kurl is an oomploompa solution: PLKURL Protect against phishing attacks by training staff to identify suspicious emails and avoid sharing credentials. Limit user privileges to necessary roles and only use admin accounts for administrative tasks. Keep operating systems updated and disable plain text password storage in Active Directory to prevent Mimikatz-style attacks. Use a real-time auditing solution to respond to failed login attempts with custom scripts to disable accounts, stop processes, change firewall settings, or shut down servers to prevent brute force attacks. Regularly change the password for the KRBTGT user, doing it twice around 12-24 hours apart to avoid service disruptions. Look for signs of a Golden Ticket attack, such as nonexistent usernames, username and RID mismatches, modified group memberships, weaker encryption types, and ticket lifetimes exceeding the domain maximum.

Answer 64

Can detect fire at incipient stage using air ionization detection

Answer 65

activates in two steps. The pipes fill with water once the early signs of a fire are detected. The system does not dispense water until heat sensors on the sprinkler heads trigger the second phase.

Answer 66

an isolation breach in the distributed computing client could be catastrophic, allowing someone who compromises the controller to assume control of every device in the organization

Answer 67

Multistate systems are certified to handle data from different security classifications simultaneously by implementing protection mechanisms that segregate data appropriately.

Answer 68

Accreditation is the act of management formally accepting an evaluating system, not evaluating the system itself.

Answer 69

The TEMPEST program creates technology that is not susceptible to Van Eck phreaking attacks because it reduces or suppresses natural electromagnetic emanations.

Answer 70

The use of the Mimikatz tool is indicative of an attempt to capture user password hashes for use in a pass-the-hash attack against Microsoft Active Directory accounts.

Answer 71

In a zero-knowledge proof, one individual demonstrates to another that they can achieve a result that requires sensitive information without actually disclosing the sensitive information.

Answer 72

patching / updates authentication implementation disable unnecessary ports and services a dedicated VLAN for VoIP devices to help separate them from other networked devices the use of SIPS and SRTP, both secure protocols that will keep VoIP traffic encrypted IPS for VoIP is not a typical deployment in most organizations AIO book conflicts and says to use IDS / IPS

Answer 73

PEAP is the best solution. It encapsulates EAP in a TLS tunnel, providing strong encryption. EAP is not protected LEAP is a Cisco proprietary protocol that was originally designed to help deal with problems in WEP. LEAP’s protections have been defeated, making it a poor choice. EAP-TLS is secure but requires client certificates, making it difficult to deploy and manage.

Answer 74

Most modern platforms support TLS for best user experience and sufficient security

Answer 75

WPA3 SAE (simultaneous authentication of equals) is new and best, if need to worry about older devices, WPA2 PSK should be used

Answer 76

ARP and RARP operate at the Data Link layer

Answer 77

6 Presentation

Answer 78

PCS predefined rules to optimize performance continuous monitoring to support better performance self-learning techniques to respond to changes in the network

Answer 79

port based authentication (can be used on both wired and wireless) can be used with EAP technologies supported by 802.1AE, 802.1AR, 801.1AF

Answer 80

ensures that his VoIP session initialization is secure

Answer 81

based on AES

Answer 82

combine the ability to gather data from customers with an open network, so customer data will not be encrypted. This avoids the need to distribute network passwords but means that customers must ensure their own traffic is encrypted if they are worried about security.

Answer 83

Endpoint security solutions face challenges due to the sheer volume of data that they can create

Answer 84

large numbers of MAC addresses being used on a single port prevented by using port security on switch

Answer 85

will test systems before they are allowed on the network

Answer 86

tests after clients are already on the network

Answer 87

useful for when not possible to install a client

Answer 88

can determine more about a system than a clientless model can

Answer 89

SMS messages are not encrypted by default

Answer 90

MESS can be received by More than one phone, messages are not Encrypted messages can be Spoofed, messages are typically Stored on the recipient’s phone

Answer 91

PPTP, L2F, L2TP, IPsec TLS

Answer 92

encryption device-based authentication (for example, using certificates) SIM-based authentication

Answer 93

SCADA was never designed for an open network like TCP/IP, should have their own network

Answer 94

included in the WPA2 standard

Answer 95

connects endpoints to a central network

Answer 96

connects clients using a wireless access point but not to wired resources like a central network

Answer 97

directly connects two clients

Answer 98

uses a wireless access point to link wireless clients to a wired network

Answer 99

is equal to number of zones protected behind the firewall

Answer 100

An intrusion protection system can scan traffic and stop both known and unknown attacks. A web application firewall, or WAF, is also a suitable technology

Answer 101

Filters and Rules can be Bypassed network Segment boundaries can be bypassed Covert channels

Answer 102

normally done on switch

Answer 103

Electronic Communications Privacy Act of 1986 The ECPA, as amended, protects wire, oral, and electronic communications while those communications are being made, are in transit, and when they are stored on computers. The Act applies to email, telephone conversations, and data stored electronically. requires approvals for wiretaps, etc.

Answer 104

Communications Assistance for Law Enforcement Act (1979) requires that all communications carriers make wiretaps possible for law enforcement officials who have an appropriate court order

Answer 105

Electronic Communications Privacy Act of 1986 (ECPA) The ECPA, as amended, protects wire, oral, and electronic communications while those communications are being made, are in transit, and when they are stored on computers. The Act applies to email, telephone conversations, and data stored electronically.

Answer 106

promote the adoption and meaningful use of health information technology through funding.

Answer 107

Federal Information Security Management Act (FISMA) was originally passed in 2002 as part of the Electronic Government Act. FISMA defines a framework of guidelines and security standards to protect government information and operations. Defines CIA triad

Answer 108

The PCI DSS (Payment Card Industry Data Security Standard) is an information security standard designed to reduce payment card fraud by increasing security controls around cardholder data. Not enforced by gov entity PCI DSS controls cover any business that: Processes digital transactions and payments using cards. Stores credit card data. Transmits cardholder information to another entity. Has contact with protected cardholder data. If you are a merchant who accepts or processes payment cards, you must comply with the PCI DSS.

Answer 109

HeLPS IT COMMAnD (e,n not used) Human Resources e Legal Affairs Procurement - Equipment and Supplies Security IT members from each major area Transportation & Relocation Crisis Management Operations Assessment Management Media Relations Administrative Support n Damage Assessment

Answer 110

DIC Documentation of security policies Integration of security tools Consolidation of security functions

Answer 111

prepoderance of evidence

Answer 112

beyond a reasonable doubt

Answer 113

none, but should develop a standard for the organization based on needs

Answer 114

NIST 800-53 TPC VCS * Third party service providers or vendors – from janitorial services to software engineering -‐-‐ with physical or virtual access to information systems, software code, or IP. * poor Information security practices by lower-‐tier suppliers. * Compromised software or hardware purchased from suppliers. * software security Vulnerabilities in supply chain management or supplier systems. * Counterfeit hardware or hardware with embedded malware. * Third party data Storage or data aggregators. examples from practice tests: adversary tampering with hardware prior to shipment to end customer adversary using social engineering to compromise an employee of SaaS vendor to gain access to customer accounts

Answer 115

Family Educational Rights and Privacy Act (FERPA, 1974) The Family Educational Rights and Privacy Act (FERPA) is a federal law that affords parents the right to have access to their children’s education records, the right to seek to have the records amended, and the right to have some control over the disclosure of personally identifiable information from the education records

Answer 116

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that required the creation of national standards to protect sensitive patient health information from being disclosed without the patient's consent or knowledge. The Privacy Rule protects all "individually identifiable health information" held or transmitted by a covered entity or its business associate, in any form or media, whether electronic, paper, or oral. The Privacy Rule calls this information "protected health information (PHI)

Answer 117

requires that senior executives take personal responsibility for ensuring the due care that ordinary, prudent individuals would exercise in the same situation. The rule originally applied to financial matters, but the Federal Sentencing Guidelines applied them to information security matters in the United States in 1991.

Answer 118

The due care principle states that an individual should react in a situation using the same level of care that would be expected from any reasonable person. It is a very broad standard. prudent actions applicable to everyone

Answer 119

The due diligence principle is a more specific component of due care that states that an individual assigned a responsibility should exercise due care to complete it accurately and in a timely manner data gathering usually applicable to leaders, laws and regulations

Answer 120

The U.S. Federal Information Security Management Act (FISMA) applies to federal government agencies and contractors. Defines a framework of guidelines and security standards to protect government information and operations. FISMA requires all federal agencies to develop, document and implement agency-wide information security programs.

Answer 121

The European Union provides standard contractual clauses that may be used to facilitate data transfer.

Answer 122

If the data were being shared internally within a company, binding corporate rules would also be an option.

Answer 123

The EU/U.S. Privacy Shield was a safe harbor agreement that would previously have allowed the transfer but is no longer valid.

Answer 124

usually signed at start of employment not at termination

Answer 125

Sarbanes Oxley put strict reforms into place to improve financial disclosures and prevent fraudulent accounting practices requires the following committees within board of directors must be only outside (independent) directors (non-employees)

Answer 126

used to digitally label data and can be used to indicate ownership, as well as to assist a digital rights management (DRM) system in identifying data that should be protected

Answer 127

used to label data and might help a data loss prevention system flag it before it leaves your organizatio

Answer 128

Encrypting and labeling sensitive email will ensure that it remains confidential and can be identified.

Answer 129

Validation processes are conducted to ensure that the sanitization process was completed, avoiding data remanence

Answer 130

Business owners have to balance the need to provide value with regulatory, security, and other requirements.

Answer 131

Co Cla Set AS IS Control Selection Classifying the Data Sets the Rules for use and protection of data assisting with or Advising the System owners on security requirements data owners are likely to ask that those responsible for control selection to Identify a Standard to use

Answer 132

Data processors are required to perform specific actions under regulations like the EU GDPR.

Answer 133

are internal roles that oversee how data is used.

Answer 134

company is intentionally ending support and needs to address what happens to the devices next—secure disposal, destruction, or re-sale—depending on data security requirements and policies set by the company

Answer 135

when a device or software is no longer made or supported, in contrast to end of support, which may be when it is no longer serviced, including via patches, upgrades, or organizational maintenance

Answer 136

replaces data in a database field with a randomized string of characters that remains the same for each instance of that data

Answer 137

removes all personally identifiable data to ensure that the original subject cannot be identified

Answer 138

obscures some, but not all, data

Answer 139

uses a pseudonym or alias to replace other information

Answer 140

PIIT develops system security Plan Id's and Implements security controls ensures system users receive appropriate security Training

Answer 141

designed to scan for and flag sensitive data types using known formatting and structure

Answer 142

memory, as it can't be encrypted

Answer 143

disintegration

Answer 144

Isolation breach, an isolation breach in the distributed computing client could be catastrophic, allowing someone who compromises the controller to assume control of every device in the organization

Answer 145

used in pass the has attacks for AD accounts

Answer 146

A process by which a cryptographic key is split into multiple key components, individually sharing no knowledge of the original key, which can be subsequently input into, or output from, a cryptographic module by separate entities and combined to recreate the original cryptographic key.

Answer 147

A cryptographic scheme where a prover is able to convince a verifier that a statement is true, without providing any more information than that single bit (that is, that the statement is true rather than false).

Answer 148

an argument that establishes the validity of a proposition. Although proofs may be based on inductive logic, in general the term proof connotes a rigorous deduction.

Answer 149

the logical way in which mathematicians demonstrate that a statement is true

Answer 150

Software as a service (SaaS) allows users to connect to and use cloud-based apps over the Internet.

Answer 151

Platform as a service. Platform as a service (PaaS) is a complete development and deployment environment in the cloud

Answer 152

Infrastructure as a Service (IaaS) is a business model that delivers IT infrastructure like compute, storage, and network resources on a pay-as-you-go basis over the internet.

Answer 153

Containers as a service (CaaS) is a cloud service that allows software developers and IT departments to upload, organize, run, scale, manage and stop containers by using container-based virtualization. A CaaS provider will commonly provide a framework which allows users to make use of the service. Reduced cost – Using CaaS allows an organisation to pay for only the services used, such as load balancing, scheduling and compute instances. CaaS can also help clients reduce infrastructure, software licensing and operating costs.

Answer 154

protocol provides the ability to access resources from another service, focus on authorization - you've never signed up before

Answer 155

OpenID Connect standard to allow the use of an account from another service with an application, builds on oauth2 and adds authentication uses JSON Web Tokens (JWT) entitiies: relying party (target of access) IdP (identity provider) flows: authorization code flow - request -> IdP -> authorization token -> use consent request -> authorization code -> ID token *preferred and more secure implicit flow - relying party request includes scope values *good for javascript or other serverless / browser-based request, less secure because ID token can be manipulated by user hybrid flow (combo of two above)

Answer 156

cookies URL rewriting

Answer 157

Hardware Security Modules the most secure way to store keys associated with a CMS provides enhanced key management capabilities In addition to these advantages, an HSM can improve cryptographic performance for the organization due to dedicated hardware designed for just that purpose are often required to be FIPS certified.

Answer 158

lists the specific users who can use sudo lists the commands or directories that are allowed for them

Answer 159

implement RADIUS over TCP using TLS (UDP is default and does not support TLS)

Answer 160

do not impact accountability

Answer 161

Task-based access control, lists tasks for users

Answer 162

log in to third-party websites using existing credentials

Answer 163

Security Assertion Markup Language Standardized way to tell external applications and services that a user is who they say they are. (SAM is who he says he is) SAML makes single sign-on (SSO) technology possible by providing a way to authenticate a user once and then communicate that authentication to multiple applications (Sam can use SSO) primary role in online security is that it enables you to access multiple web applications using one set of login credentials (Sam uses SSO to sign on many places with one credential set) used to make authorization and authentication data

Answer 164

is a federation and not just SSO as it goes beyond simple SSO

Answer 165

ensuring the account has only the access required

Answer 166

Cross site scripting malware script in site (e.g. bulletin board) which is hidden but can be unintentionally run by others who access the site use script tags to prevent

Answer 167

Cross site request forgery, an attack that forces authenticated users to submit a request to a Web application against which they are currently authenticated. CSRF attacks exploit the trust a Web application has in an authenticated user. use session tokens / keys to prevent

Answer 168

eXtensible Access Control Markup Language and a processing model used to describe access controls, a means to send an individual's authentication information in a standard format (password, key or certificate), can also be used to enforce policies elements: subject element resources element action element

Answer 169

service provisioning markup language allow platforms to generate and respond to provisioning requests entities: RA - requesting authority PSP - provisioning service provider (software) PST - provisioning service target

Answer 170

simple object access protocol used for the exchange of information in decentralized, distributed application environments using XML over HTTP can transmit SOAP messages in any way that the applications require, as long as both the client and the server use the same method. components: message envelope - defines the messages allowed and how they will be processed by recipient encoding rules used to define data types conventions for remote procedures / how to interpret responses

Answer 171

Central Authentication Services is an SSO implementation

Answer 172

Kerberos is not an SSO implementation, but can be used as an SSO technology enabling component

Answer 173

awareness training

Answer 174

home organization of user

Answer 175

password length

Answer 176

token, something you have

Answer 177

PIV cards are used government-wide to control access to Federally Controlled Facilities and information systems at the appropriate security level. personal identity verification is a full multifactor authentication solution and is not a device

Answer 178

all subjects and objects have a label

Answer 179

prevented by using 128 bit or greater session ID's and session entropy (randomness)

Answer 180

randomness

Answer 181

false positive

Answer 182

false negative

Answer 183

False Rejection Rate / False negative

Answer 184

False acceptance rate / false positive

Answer 185

cross over error rate, where FRR = FAR aka EER (equal error rate) lower numbers indicate more accurate

Answer 186

only covers 1000 ports out of 65K

Answer 187

lack of proper exception handling

Answer 188

gaining access

Answer 189

Windows systems generate logs in the Windows native logging format. To send syslog events, Windows systems require a helper application or tool.

Answer 190

encryption

Answer 191

new bugs introduced by patches or configuration changes

Answer 192

Nikto, Burp Suite, and Wapiti

Answer 193

used to verify whether a desired functionality works

Answer 194

focuses on behaviors that are not what the organization desires or that are counter to the proper function of a system or application

Answer 195

used to determine how code handles variables that change over time

Answer 196

total cost of downtime includes: TDC = BL + RTC + WL BL(business lost) = business lost during outage $/hour RTC(recovery time cost) = number of personnel hours worked to recover from outge X recovery time WL(wages lost) = average wage per hour X total downtime

Answer 197

API's, UI's and physical interfaces

Answer 198

When a tester does not have raw packet creation privileges, such as when they do not have escalated privileges on a compromised host

Answer 199

require elevated privileges on most Linux systems due to the need to write raw packets

Answer 200

introduction to computer security

Answer 201

contingency planning as a contingency, Please Buy Personal Self Care Toiletries Mama 1. develop Policy 2. BIA 3. identify Preventive controls 4. create contingency Strategies 5. develop information system Contingency plan 6. Testing and training 7. plan Maintenance

Answer 202

Guide to Integrating Forensic Techniques into Incident Response

Answer 203

Assessing Security and Privacy Controls in Federal Information Systems and Organizations: Building Effective Assessment Plans - covers methods for assessing and measuring controls

Answer 204

nonroutable IP addresses (internal IP addresses)

Answer 205

Breach and Attack Simulation systems that combine red team (attack) and blue team (defense) techniques together with automation to simulate advanced persistent threats and other advanced threat actors when run against your environment

Answer 206

A red team is a group that pretends to be an enemy, attempts a physical or digital intrusion against an organization at the direction of that organization, then reports back so that the organization can improve their defenses. Red teams work for the organization or are hired by the organization.

Answer 207

A blue team is a group of individuals who perform an analysis of information systems to ensure security, identify security flaws, verify the effectiveness of each security measure, and to make certain all security measures will continue to be effective after implementation.

Answer 208

Security Orchestration, Automation, and Response. SOAR seeks to alleviate the strain on IT teams by incorporating automated responses to a variety of events. A SOAR system can also be programmed to custom-fit an organization's needs.

Answer 209

A purple team is a group of cyber security professionals who simulate malicious attacks and penetration testing in order to identify security vulnerabilities and recommend remediation strategies for an organization’s IT infrastructure. The term is derived from the color purple, which symbolizes the combination of both red and blue teams.

Answer 210

Real User Monitoring a passive monitoring technique that records user interaction with an application or system to ensure performance and proper application behavior RUM is often used as part of a predeployment process using the actual user interface

Answer 211

financial reporting (internal)

Answer 212

security (internal)

Answer 213

only cover a single point in time and are based upon management descriptions of controls

Answer 214

cover a period of time and do include an assessment of operating effectiveness

Answer 215

Statement on Standards for Attestation Engagements no. 18 (SSAE 18), is an auditing standard for service organizations. It is required by many industries and organization for vendors that provide them services. The examinations and audits of these Standards are known as SOC reports.

Answer 216

intended for distribution to third parties include the auditor’s opinions and management assertions, along with information about the service organization. SOC3 reports are specifically intended for external release

Answer 217

continuous integration and continuous deployment A continuous integration and continuous deployment (CI/CD) pipeline is a series of steps that must be performed in order to deliver a new version of software. CI/CD pipelines are a practice focused on improving software delivery throughout the software development life cycle via automation.

Answer 218

Security Content Automation Protocol A suite of specifications that standardize the format and nomenclature by which software flaw and security configuration information is communicated, both to machines and humans. Note: There are six individual specifications incorporated into SCAP: VCP VSOX CVE (common vulnerabilities and exposures); CCE (common configuration enumeration); CPE (common platform enumeration); CVSS (common vulnerability scoring system); OVAL (open vulnerability assessment language); and XCCDF (eXtensible configuration checklist description format).

Answer 219

The Extensible Configuration Checklist Description Format (XCCDF) is used to create security checklists in a standardized fashion. Used in vulnerability scanning

Answer 220

The Common Vulnerabilities and Exposures (CVE) database provides a consistent reference for identifying security vulnerabilities.

Answer 221

The Script Check Engine (SCE) is designed to make scripts interoperable with security policy definitions.

Answer 222

The Open Vulnerability and Assessment Language (OVAL) is used to describe the security condition of a system.

Answer 223

measures how many of the test cases have been completed and is used as a way to provide test metrics when using test cases

Answer 224

covers how much of the code has been tested

Answer 225

type of code coverage report covers how many lines of code were tested

Answer 226

uses simulated or recorded traffic and thus can be used to proactively identify problems can be used to detect functionality issues

Answer 227

works only after issues have occurred because it requires actual traffic can be used to detect functionality issues

Answer 228

verifies that every if statement was executed under all if and else conditions

Answer 229

verify that every line of code was executed during the test

Answer 230

verifies that every logical test in the code was executed under all sets of inputs

Answer 231

verifies that every function in the code was called and returns results

Answer 232

ITIL, which originally stood for IT Infrastructure Library, is a set of practices for IT service management and is not typically used for auditing.

Answer 233

Pair programming is an Agile software development technique originating from Extreme programming (XP) in which two developers team together on one computer. The two people work together to design, code and test user stories.

Answer 234

Federal Rules of Civil Procedure

Answer 235

The Project Management Body of Knowledge (PMBOK) provides a common core of project management expertise.

Answer 236

The Open Group Architecture Framework (TOGAF) focuses on IT architecture issues. Can be used for the following types: Business Architecture Data Architecture Application Architecture Technology Architecture uses Architecture Development Method (ADM)

Answer 237

User and entity behavior analytics (UEBA) solutions focus on the user uses algorithms and machine learning to detect anomalies in the behavior of not only the users in a corporate network but also the routers, servers, and endpoints in that network. good tool for detecting malicious insiders and compromised accounts

Answer 238

Endpoint detection and response (EDR) systems focus on endpoint devices.

Answer 239

all files changed since last full backup are copied even if copied in backups prior to current backup / archive bit is not changed / requires only the last differential backup + full backup during restoration

Answer 240

does not remove remnant data

Answer 241

automated technology moves database backups from the primary database server to a remote site on a scheduled basis

Answer 242

maintains a live database server at the backup site and mirrors all transactions at the primary site on the server at the backup site

Answer 243

The principle of least privilege says that an individual should only have the privileges necessary to complete their job functions. Least privilege is a result of invoking need to know restrictions

Answer 244

cybersecurity incident response team members - core: CISO Director of Security Ops IR Team lead Cybersecurity Analyst IT support Threat Intelligence Analyst extended: HR Legal counsel PR Business Unit Lead minimum: (e lips) engineering/technical staff legal representatives, information security professionals, public affairs staff, and senior management,

Answer 245

Any attempt to undermine the security of an organization or violation of a security policy

Answer 246

two-person control is best

Answer 247

The mitigation phase of incident response focuses on actions that can contain the damage incurred during an incident. This includes limiting the scope and or effectiveness of the incident.

Answer 248

The response phase includes steps taken to assemble a team and triage the incident.

Answer 249

Entitlement refers to the privileges granted to users when an account is first provisioned.

Answer 250

Tower of Hanoi consists of three pegs or towers with n disks placed one over the other. The objective of the puzzle is to move the stack to another peg following these simple rules. Only one disk can be moved at a time. No disk can be placed on top of the smaller disk algorithm: Move the top n-1 disks from the source peg to the helper peg. Afterward, move the nth disk from the source peg to the destination peg. Finally, move the rest n-1 disks from the helper peg to the destination peg. (n= number of disks) used to test problem solving ability

Answer 251

System Center Operations Manager in Windows, primarily used to monitor for health and performance

Answer 252

According to NIST SP 800-137, organizations should use the following factors to determine assessment and monitoring frequency: VV WORMCORT Volatility of security controls, Vulnerability information, Weaknesses identified in security controls, Organizational risk tolerance, Risk assessment Results, Monitoring strategy review output, Categorizations/impact levels for system security controls or specific assessments Objects providing critical functions, Reporting requirements. Threat information,

Answer 253

a process of trying to find defects in documents (such as source code or formal specifications) during various phases of the software development process

Answer 254

threat MOdeling prOcess Overview threat MOdeling cOmmOnly involves: Mooo at the dairy DA IR y M AC (y not used) Decomposing the Application to understand it and how it interacts with other components or users. Identifying and Ranking threats allows you to focus on the threats that should be prioritized. identifying how to Mitigate those threats finishes the process. Once complete, an organization can take action to handle the threats that were identified with Appropriate Controls.

Answer 255

single quotation in input field

Answer 256

dynamic application security testing (DAST) is used to verify the correct implementation of code

Answer 257

allows to store data using a key-value store

Answer 258

another example of a NoSQL database, but it uses nodes and edges to store data rather than keys and values

Answer 259

manages the deployment of code into production

Answer 260

does not respond to findings

Answer 261

used for constructing a db query, each parameter has a placeholder, which is then passed to the query

Answer 262

doesn't stop the attck because can be manipulated by user, only server side input validation will prevent sql injection

Answer 263

change advisory board

Answer 264

C/R DUM D/S Create / Receive Distribute Use Maintain Dispose / Store or ASU SAD Acquisition Storage Use Sharing Archival Disposal

Answer 265

records from their point of origination

Answer 266

moving the information once it has been created or received. This includes both internal and external distribution, as information that leaves an organization becomes a record of a transaction with others.

Answer 267

How we implement CIA triad over the data takes place after information is distributed internally, and can generate business decisions, document further actions, or serve other purposes

Answer 268

Modes: D Size Cups Mama (DSCM or DiSHM) Dedicated System High Compartmented Multi-level For Each Mode: Nice Cans Face Nookie Ass (NCFNA or SCANU) Signed NDA Clearance Formal Approval Need to Know All users

Answer 269

Signed NDA All Data Proper Clearance All Data Formal Access Approval All Data Valid Need to Know All Data All users can access All Data

Answer 270

Signed NDA All Data Proper Clearance All Data Formal Access Approval All Data Valid Need to Know Some Data All users can access Some Data

Answer 271

Signed NDA All Data Proper Clearance All Data Formal Access Approval Some Data Valid Need to Know Some Data All users can access Some Data

Answer 272

Signed NDA All Data Proper Clearance Some Data Formal Access Approval Some Data Valid Need to Know Some Data All users can access Some Data

Answer 273

communication, file transfer, network management POP3, SMTP, IMAP, SNMP, FTP, Telnet, HTTP, MIME, PGP (app), S/MIME (app), HTTPS (app), DNS, DHCP, NTP POP3 - Post Office Protocol version 3 SMTP - Simple Mail Transfer Protocol IMAP - Internet Message Access Protocol SNMP - Simple Network Management Protocol FTP - File Transfer Protocol MIME - Multipurpose Internet Mail Extensions HTTP - HyperText Transfer Protocol PGP - Pretty Good Privacy DNS - Domain Name Service DHCP - Dynamic Host Configuration Protocol NTP - Network Time Protocol

Answer 274

GIF, TIFF, JPG, MPEG, MIDI character encoding (ASCII, UNICODE, EBCDIC)

Answer 275

NetBIOS, NFS, PPTP, RPC, RTCP, SQL (NNPRRS), PAP NFS - UNIX stateless Network File System NetBIOS - MS network basic input output system PPTP - Point-to-Point Tunneling Protocol RPC - Remote Procedure Call RTCP - RTP (Real-time Transport Protocol) Control Protocol SQL - Structured Query Language PAP - Password Authentication Protocol

Answer 276

TRANsport / TRANsmission control protocol (TCP) TCP, UDP, SCTP, QUIC TCP - Transmission Control Protocol UDP - User Datagram Protocol SCTP - Stream Control Transmission Protocol QUIC

Answer 277

IP, RIP, ICMP, IGMP, OSPF IP - Internet Protocol RIP - Routing Information Protocol ICMP - Internet Control Message Protocol IGMP - Internet Group Management Protocol OSPF - Open Shortest Path First

Answer 278

ARP, RARP, SLIP, PPP, L2TP, Ethernet, ISDN, Wi-Fi, FCoE I SLAP a FEW (a not used) ISDN - Internet Services for Digital Network SLIP - Serial Line Internet Protocol L2TP - Layer 2 Tunneling Protocol ARP / RARP - (Reverse) Address Resolution Protocol PPP - Point-to-Point Protocol a FCoE- Fiber Channel over Ethernet Ethernet Wi-Fi

Answer 279

PCRAV Pinouts, voltages, cables, antennas, radio waves RS/EIA/TIA-422,423,449,485 10BaseX ISDN - Integrated Services Digital Network DSL - Digital Subscriber Line SONET - Synchronous Optical Networking

Answer 280

SSL2, SSL3, TLS (therefore the encryption in support of HTTPS, POP3S, FTPS) SSL - Secure Socket Layer TLS - Transport Layer Security

Answer 281

WEP, TKIP, CCMP WEP - Wire Equivalent Privacy TKIP - Temporal Key Integrity Protocol CCMP - Counter-Mode/CBC-MAC Protocol

Answer 282

IPSec Transport ESP IPSec Tunnel ESP (RC5, DES, AES)

Answer 283

SW: Gateways and Proxies

Answer 284

SSH (therefore, the encryption in support of S-FTP, S-HTTP, PGP, S/MIME)

Answer 285

since IPSec is built into IP6 network protocols, and can be used with IP5, think of that to remember that it's in the network layer IPSec Transport ESP IPSec Tunnel ESP (RC5, DES, AES)

Answer 286

HW: Router

Answer 287

HW: Bridge, L2 Switch

Answer 288

HW: Hub, repeater

Answer 289

Proxy Firewall

Answer 290

Circuit (SOCKS) Firewall

Answer 291

Packet Filter Firewal

Answer 292

The Extensible Authentication Protocol (EAP) is a framework protocol for wireless networks that can support multiple authentication mechanisms, including tokens, smart cards, certificates, one-time passwords, and public key encryption authentication

Answer 293

Password Authentication Protocol Old, not common to see, only used in legacy systems. It’s “in the clear”, no encryption authentication. It’s obviously a weak authentication scheme.

Answer 294

A three-way handshake (challenge/response) authentication protocol used for remote access connections. Both devices are configured with a password called a shared secret. For unique user authentication, this value is associated with a user account. The challenge/response authentication mechanism occurs in three steps: 1. The server generates a challenge message and sends it to the client. 2. The client responds with the username and a value created using a one-way hash function on the challenge message. 3. The server checks the response against its own value created using the same hash. If the values match, the client is authenticated. With CHAP, plaintext versions of the password are never sent; only the hashed challenge message is sent between devices.

Answer 295

Cisco created it using a modified version of the Challenge handshake does not require a digital certificate.

Answer 296

PEAP, or Protected EAP, was developed to protect EAP communication by encapsulating it with Transport Layer Security (TLS). * PEAP provides that protection as part of the protocol via a TLS tunnel. PEAP is widely supported by vendors for use over wireless networks. -Certificate on the server, and we send our EAP communication across that secure tunnel.

Answer 297

* This is still considered one of the most secure implementations, primarily because common implementations employ client-side certificates. This means that an attacker must also possess the key for the client-side certificate to break the TLS channel. * EAP-TLS for mutual authentication requires client and server certificates

Answer 298

EAP-FAST * EAP- It offers a lightweight tunneling protocol to enable authentication. The distinguishing characteristic is the passing of a Protected Access Credential (PAC) that is used to establish a TLS tunnel through which client credentials are verified. * EAP-FAST does not require certificates.

Answer 299

EAP-TTLS VEES * Variant of the EAP-TLS protocol. EAP-TTLS * Server authenticating to the client with a certificate, but the protocol tunnels the client side of the authentication * In EAP-TTLS, the authentication process is protected by the tunnel from man-in-the-middle attacks, and although client-side certificates can be used, they are not required, making this Easier to set up than EAP-TLS to clients without certificates. * EAP-TTLS Eliminates the requirement to deploy or use client certificates.

Answer 300

Allows users to use Normal credentials across trusted networks. Allows users in one organization to authenticate and access resources on another trusted organizations network using one set of credentials

Answer 301

Authentication standard that supports port-based authentication between authorization device and user

Answer 302

Microsoft's proprietary challenge-response authentication method used for remote access connections. MS-CHAP: * Encrypts the shared secret on each system so it is not saved in plaintext. * Provides a mechanism for changing the password over the remote connection. * Allows for mutual authentication, where the server authenticates to the client, if you use v2. Be aware that MS-CHAP and MS-CHAP v2 both have known security vulnerabilities and should be avoided if possible.

Answer 303

Lower latency for clients, especially for applications in which multiple round-trips are required to load content. Large scaling to better handle instantaneous high loads, such as the start of a product launch event. Reduce the traffic sent to the origin server, as requests are handled by the edge servers. Provides protection from DoS attacks

Answer 304

A content delivery network provides DDoS protection by design, by being able to absorb volumetric attacks. CDN also include always-on traffic monitoring, and real-time mitigation of common network-level attacks.

Answer 305

Allows to restrict access to content by country/region. With geo-filtering, it is possible to create rules on specific paths on the CDN endpoint to allow or block content in selected countries/regions.

Answer 306

1: Request forwarded to the edge server (DNS returns server based on the client location). 2/3: If data is not in the cache, it is requested to the origin server. 4: The result is returned to the client. The data is cached according to a TTL.

Answer 307

FCoE encapsulates FC frames inside ETH frames. SAN and LAN traffic terminate in the same port in the server (the CNA virtualizes a NIC/MAC address and HBA/WWN).

Answer 308

iSCSI can use the existing network infrastructure (standard Ethernet switches and NICs). FCoE requires CNAs and converged switches. In addition, iSCSI uses the IP protocol stack and traditional Ethernet. In contrast, FCoE does not use IP at all and uses enhanced Ethernet.

Answer 309

In computing, iSCSI (Listeni/aɪˈskʌzi/ eye-SKUZ-ee) is an acronym for Internet Small Computer Systems Interface, an Internet Protocol (IP)-based storage networking standard for linking data storage facilities. By carrying SCSI commands over IP networks, iSCSI is used to facilitate data transfers over intranets and to manage storage over long distances. iSCSI can be used to transmit data over local area networks (LANs), wide area networks (WANs), or the Internet and can enable location-independent data storage and retrieval.

Answer 310

Virtual Extensible LAN, can support up to 16 M segments It allows a single physical network to be shared by multiple different organizations, or “tenants,” without any one tenant being able to see the network traffic of any other.

Answer 311

40-250 kbps

Answer 312

9.8-100 kbps

Answer 313

868 mhz to 2.4 ghz

Answer 314

908.42 mhz in North America

Answer 315

An IoT standard based protocol. Zigbee is a standards-based wireless technology that enables wireless machine-to-machine (M2M) and IoT networks. It is designed for low-data rate, low-power applications, and is an open standard. Zigbee is a specification based on IEEE 802.15.4 Its networks are secured by 128-bit symmetric encryption keys. Zigbee has a defined rate of 250 kbps, best suited for intermittent data transmissions from a sensor or input device.

Answer 316

IoT standard based protocol. Simpler and less expensive than Zigbee. Z-Wave was created by a Danish company named Zensys. It uses the same AES-128 symmetric encryption as Zigbee. Like Zigbee, Z-Wave devices all link up together to form a mesh network. There's one central hub that connects to the internet and then the devices themselves don't have Wi-Fi at all, they use Z-Wave connectivity to talk to the hub either directly or through the mesh network. This is called a "source-routed mesh network topology." Z-Wave allows up to 232 nodes on the mesh network.

Answer 317

100 Mbps, whereas stationary devices can reach 1 Gbps

Answer 318

up to 10 Gbps

Answer 319

higher frequencies than previous cellular technologies, which has allowed for higher transmission speeds but at a reduced distance

Answer 320

In terms of speed 5G communication system is able to provide up to 100 gigabits per second which is 100 times faster than 4G communication system. 4G has very high latency compare to 5G. 5G Communication System will also able to fix the bandwidth issue with emerging technology such as driverless cars and connected home products.

Answer 321

MIME multipart/signed and multipart/encrypted framework S/MIME is an IETF standard that provides cryptographic security for electronic messaging

Answer 322

MIME Object Security Services (MOSS) is a protocol that uses the multipart/signed and multipart/encrypted framework to apply digital signature and encryption services to MIME objects. MOSS was never widely deployed and is now abandoned, largely due to the popularity of PGP.

Answer 323

Privacy-Enhanced Mail (PEM) is now a de facto file format for storing and sending cryptographic keys, certificates, and other data, based on a set of 1993 IETF standards defining "privacy-enhanced mail." While the original standards were never broadly adopted and were supplanted by PGP and S/MIME, current use involves the textual encoding they defined which became very popular. The PEM format was eventually formalized by the IETF in RFC 7468.

Answer 324

DomainKeys Identified Mail (DKIM) is an email authentication method designed to detect forged sender addresses in email (email spoofing), a technique often used in phishing and email spam. Works by leveraging PKI DKIM allows the receiver to check that an email that claimed to have come from a specific domain was indeed authorized by the owner of that domain.[1] It achieves this by affixing a digital signature, linked to a domain name, to each outgoing email message. DKIM is an Internet Standard.[3] It is defined in RFC 6376, dated September 2011, with updates in RFC 8301 and RFC 8463.

Answer 325

captive portal is a web page accessed with a web browser that is displayed to newly connected users of a Wi-Fi or wired network before they are granted broader access to network resources Limitations: CBDM may be Circumvented Dns tunneling Mac spoofing require web Browser

Answer 326

WPA3-Personal (WPA3-SAE). This mode focuses on improving protection for individual users by providing better security using SAE. SAE increases security over WPA2, even when using a simple password. Personal mode lets users choose easy-to-remember passwords while still providing increased security using perfect forward secrecy to protect data traffic. WPA3-Enterprise. Enterprise mode builds on top of the previous WPA2 Enterprise mode. However, enterprise mode requires the use of Protected Management Frames on all WPA3 connections. Enterprise mode also has multiple Extensible Authentication Protocol (EAP) methods for authentication, 128-bit authenticated encryption, 256-bit key derivation and confirmation, as well as 128-bit management frame protection. Wi-Fi Enhanced Open. This extra mode focuses on increasing privacy in open networks. Enhanced Open mode prevents passive eavesdropping by encrypting traffic even when a password isn't used. This mode uses 256-bit authenticated encryption, 384-bit key derivation and confirmation, as well as 256-bit management frame protection.

Answer 327

In cryptography, Simultaneous Authentication of Equals (SAE) is a password-based authentication and password-authenticated key agreement method SAE is a variant of the Dragonfly Key Exchange defined in RFC 7664,[2] based on Diffie–Hellman key exchange using finite cyclic groups which can be a primary cyclic group or an elliptic curve.[1] The problem of using Diffie–Hellman key exchange is that it does not have an authentication mechanism. So the resulting key is influenced by a pre-shared key and the MAC addresses of both peers to solve the authentication problem.

Answer 328

BiG SIS (i not used) Bigger session keys GCMP WPA2 uses AES for encryption, while WPA3 uses the more secure GCMP SAE protocol Individualized data encryption Stronger brute-force attack protection

Answer 329

Galois/Counter Modea mode of operation for symmetric-key cryptographic block ciphers which is widely adopted for its performance. GCM throughput rates for state-of-the-art, high-speed communication channels can be achieved with inexpensive hardware resources GCM mode is used in the IEEE 802.1AE (MACsec) Ethernet security, WPA3-Enterprise Wifi security protocol, IEEE 802.11ad (also dubbed WiGig), ANSI (INCITS) Fibre Channel Security Protocols (FC-SP), IEEE P1619.1 tape storage, IETF IPsec standards,[6][7] SSH,[8] TLS 1.2[9][10] and TLS 1.3.[11] AES-GCM is included in the NSA Suite B Cryptography and its latest replacement in 2018 Commercial National Security Algorithm (CNSA) suite.[12] GCM mode is used in the SoftEther VPN server and client,[13] as well as OpenVPN since version 2.4.

Answer 330

MAC flooding

Answer 331

attack works by forcing legitimate MAC table contents out of the switch and forcing a unicast flooding behavior potentially sending sensitive information to portions of the network where it is not normally intended to go solutions / network operators usually rely on the presence of one or more features in their network equipment: port security MAC filtering IEEE 802.1X

Answer 332

gain access to traffic on other VLANs that would normally not be accessible and is mitigated through proper vlan configuration switch spoofing - mitigated by ensuring that ports are not set to negotiate trunks automatically by disabling DTP on ports that are not meant to be trunks and explicitly configured as access ports double tagging - mitigated by not putting any hosts on VLAN 1 (The default VLAN). i.e., assign an access VLAN other than VLAN 1 to every access port, Change the native VLAN on all trunk ports to an unused VLAN ID and Explicit tagging of the native VLAN on all trunk ports. Must be configured on all switches in network autonomy

Answer 333

IP address spoofing or IP spoofing is the creation of Internet Protocol (IP) packets with a false source IP address, for the purpose of impersonating another computing system solutions: packet filtering and do not allow authentication based on IP address1

Answer 334

IEEE 802.1X is an IEEE Standard for port-based network access control (PNAC). It is part of the IEEE 802.1 group of networking protocols. It provides an authentication mechanism to devices wishing to attach to a LAN or WLAN

Answer 335

IEEE 802.3 is a working group and a collection of standards defining the physical layer and data link layer's media access control (MAC) of wired Ethernet

Answer 336

IEEE 802.15 is a working group of the Institute of Electrical and Electronics Engineers (IEEE) IEEE 802 standards committee which specifies Wireless Specialty Networks (WSN) standards. WPAN / Bluetooth

Answer 337

WPAN / Bluetooth

Answer 338

Mesh networking

Answer 339

7 is an inverted L (for LiFi) Visible Light Communication / LiFi

Answer 340

Multi-Gigabit/s Optical Wireless Communications

Answer 341

Secure Real-time Transport Protocol Secure Real-time Transport Protocol (SRTP) is a profile for Real-time Transport Protocol (RTP) intended to provide encryption, message authentication and integrity, and replay attack protection to the RTP data in both unicast and multicast applications between transport and application layer provides CREM confidentiality, replay protection encryption, message authentication

Answer 342

Session Initiation Protocol Secure a signaling protocol used for initiating, maintaining, and terminating communication sessions that include voice, video and messaging applications session layer to signal and control interactive communication sessions

Answer 343

E AIR SRTP is an RTP profile intended to provide Encryption, message Authentication and Integrity, and Replay attack protection to the RTP data. PI SIP TLS protocol aims primarily to provide Privacy and data Integrity between two or more communicating computer applications.

Answer 344

NAT maps public to private via IP address PAT maps public to private via port# PAT more efficient as it can use one public address for many different internal devices

Answer 345

PROcess / PROtect Protect Real Life Investment Revenue (id Priorities, id Risks, Likelihood, Impact, Resource priorities)

Answer 346

RIDEM (Replay, Impersonation, Modification, Eavesdropping, Denial of service)

Answer 347

address space layout randomization - memory protection for O/S

Answer 348

microservice architecture

Answer 349

FaaS (only functions)

Answer 350

add function via kernel modules

Answer 351

handles access between subjects and objects (concept, not physical component) aka abstract machine properties: always invoked tamper-resistant verifiable

Answer 352

leveraging distributed computing resources (of other entities) for complex problems

Answer 353

distributed computing environment - collection of systems that work together

Answer 354

programmable logic controllers, industrial digital computer for controlling manufacturing processes less than 1000's

Answer 355

the science of securing communications

Answer 356

(monoalphabetic / polyalphabetic) easily broken by frequency analysis

Answer 357

relationship between plaintext and cipher text

Answer 358

how order of plaintext should be dispersed throughout cipher text

Answer 359

uses a matrix (vigenere square) x axis is plain text / y axis is key

Answer 360

Cryptographic device that uses two concentric disks, each with an alphabet around the periphery

Answer 361

an example of perfect (unbreakable) encryption, which is achieved by using, only once, a random polyalphabetic key that is as long the message itself.

Answer 362

similar to Cipher Disk with 3x5 sets of rotors, large, heavy, expensive, hard to operate, mechanically complex and fragile

Answer 363

(Coordinating Committee of Multilateral Export Controls) - prevented export of critical technologies including encryption (1947-1994)

Answer 364

similar to COCOM for dual-use techonologies but added Iron Curtain countries as members (1996 - present)

Answer 365

Cryptanalysis attack that tries to uncover a mathematical problem from two different ends.

Answer 366

Hashed Message Authentication Code XOR and hash function

Answer 367

SYN, SYN/ACK, ACK, session

Answer 368

- Transport Mode (Only data encrypted) - Tunnel Mode (entire packet encrypted)

Answer 369

Nosetackles Can Easily Upend Any Puny Runningback Sneaking the Football or first 3 not used, Unskilled Attackers Pester Real Security Folks NS (not used anymore) CWR (not used anymore) ECE (not used anymore) URG urgent ACK acknowledgement PSH push RST reset SYN synchronizeing FIN finish

Answer 370

I Rarely Develop My Own 1 Initial -undocumented and not consistent 2 Repeatable - some processes are repeatable, process might be strictly controlled 3 Defined - documented processes and standards 4 Managed - metrics used for performance measurement and process users are competent 5 Optimizing - focus on continuous improvement

Answer 371

decentralized distributed computing fog computing is centralized distributed computing

Answer 372

centralized distributed computing

Answer 373

simplex mode (per port)

Answer 374

does not support edge/fog computing

Answer 375

make access control decisions based on content of communications

Answer 376

provides integrity and non-repudiation

Answer 377

evaluates the environment / situation then makes access decisions based on coded policies

Answer 378

OID does not include profile information

Answer 379

Attribute Based Access Control grants access based on attributes (often used in SDN's)

Answer 380

is a client

Answer 381

picks up where BCP leaves off, is site specific, only addresses disruption requiring relocation, may involve multiple ISCP's

Answer 382

a series of if/then rules codified in a knowledge base

Answer 383

when data from a higher classification is mixed with data from a lower classification

Answer 384

input validation

Answer 385

ALE = ARO*SLE [Ale = A RO SlE]

Answer 386

SLE = AV * EF SLE single loss expectancy AV asset value EF exposure factor ALE = ARO * SLE or ALE = ARO * AV * EF

Answer 387

[V -AA +AB -AC] Value = ALE BEFORE less ALE AFTER less Annual Cost of measure

Answer 388

TR [total risk exposure] = A T V ([asset value] [threat impact] [vulnerabilities likelihood])

Answer 389

SICA (scope, impact, continuity, approval)

Answer 390

SPAT (strategy, provisioning, approval, training)

Answer 391

a process of trying to find defects in documents (such as source code or formal specifications) during various phases of the software development process P O P Is Real Fedup [POPIRF] (planning, overview, prep, inspect, rework, followup)

Answer 392

[Dirty Rotten Mean REPublicans RECruit REMarkable Losers] detection, search for indicators, declaration of incident response, (initial response, contain damage) mitigation, (eradicate threat actor, determine details of attack and how to mitigate and perform mitigation) reporting, recovery, (restore full functionality of business process) remediation, (prevent future incidents) lessons learned (continuous improvement)

Answer 393

Process for Attack Simulation and Threat Analysis It's a bowl of spaghettios or alphabet soup DO DTS ADA TA VA AMS RAM (determine objectives, define tech scope, application decomp analysis, threat anal, vulnerability anal, attack modeling simulation, risk anal mngmt)

Answer 394

Software Assurance Maturity Model - from OWASP focused on secure software development Business functions: [Giving Developers Incentive Via Offers] Governance, Design, Implementation, Verification, Operations Each function has 3 security practices

Answer 395

[I Rarely Develop My Own] (initial, repeatable, defined, managed, optimized)

Answer 396

RoBBoT (Buffer overflow, Backdoors, TImeofchecktotimeofuse TOCTOU (asynchronous attack), Rootkits)

Answer 397

A DAM LIAR (alarm triggers, data reduction, analysis of logs, monitoring, logging, IDS, alert usage, review of logs)

Answer 398

IAACCCC (implicit deny, ACL, ACM, capability tables, constrained xfaces, content, context)

Answer 399

GOD HO ST GOS TA EN (GOvernance is Dynamic, HOlistic approach, STakeholder value, GOvernance Separate from mgmt, TAilored to entity, ENd to end)

Answer 400

[The Mother Fuckers Better Takeoff Running] (terrorism, military, financial, business, thrill, revenge)

Answer 401

CCDDDPR (corrective, compensating, detective, deterrent, directive, preventive, recovery)

Answer 402

DATa LIVe SUM (disclosure damage, age, timeliness, lifetime, implications of disclosure to business or national security, value, storage, usefulness, modification damage, )

Answer 403

BEETH (Backbone distribution, Entrance facility, Equipment room, Telecommunication room, Horizontal distribution)

Answer 404

VAT (vulnerabilities, assets, threats)

Answer 405

FF AI CLAN (FM200, FE13, Argonite, Inergen, CEA410/308, Low pressure water mist, Aragon, NAFSIII)

Answer 406

BIRDI (base+offset, immediate, register, direct, indirect)

Answer 407

RRSSW (ready, running, supervisory, stopped, waiting)

Answer 408

CAMO (compensation / recognition of excellence, auditing, monitoring, open communication)

Answer 409

ECCCCOG (ECB, CBC, CFB, CTR, CCM, OFB, GCM) ECB short only

Answer 410

IV initialization vectors CCO (CBC, CFB, OFB)

Answer 411

PD HML DREAD (Probability X Damage Potential, H/M/L, DREAD)

Answer 412

DREAD (damage, reproducibility, exploitability, affected users, discoverability)

Answer 413

BI FI MI SI (Bootsector Infection, File Infection, Macro Infection, Service Injection,

Answer 414

Bill Belichik Loves Great Head Coaches Big Nose Tackles (Bell-La Padula, BIBA, Lattice, Graham-Denning, HRU, Clark-Wilson, Brewer-Nash, Non-Interference, Take / Grant)

Answer 415

Subjects rows / Objects Columns

Answer 416

employees given minimum access to perform duties

Answer 417

separating duties as an internal control

Answer 418

For highly sensitive separation of duty tasks such as encryption key retrieval

Answer 419

CPU, RAM, Memory (Fast)

Answer 420

I/O controller, peripherals (mouse, USB, HD)

Answer 421

data execution prevention - prevents damage from malware by not allowing execution in Windows reserved memory locations

Answer 422

only o/s components needed are in a container

Answer 423

each node is both server and client, used mostly for file sharing (subset of grid computing)

Answer 424

high performance computing - similar to grid but not shared

Answer 425

pushing processing as close to client as possible

Answer 426

content distribution network - subset of edge computing multiple servers distributed across a large region which is optimized for users closest to a particular server

Answer 427

Supervisory Control and Data Acquisition - distributed computing for industrial controls

Answer 428

distributed network protocol used in SCADA

Answer 429

creating secure messages

Answer 430

the science of breaking encrypted communications

Answer 431

the generic term for a technique (or algorithm) that performs encryption

Answer 432

Message written lengthwise on a long thin piece of parchment wrapped around a certain size round stick. By itself it would make no sense, but if rewrapped around a stick of the same diameter it would be decipherable.

Answer 433

A substitution cipher that shifts characters a certain number of positions in the alphabet

Answer 434

set of cipher disks around axle

Answer 435

n(n-1)/2, where n = number of users

Answer 436

2n, where n = number of users

Answer 437

is proprietary

Answer 438

frequency analysis with two letter combos

Answer 439

Seeks to find the "difference" between related plaintexts that are encrypted

Answer 440

Known plaintext attack where the cryptanalyst finds large amounts of plaintext/ciphertext pairs created with the same key

Answer 441

Applies differential analysis with linear analysis

Answer 442

Please Do Not Try Stupid Passes Again 1 Physical 2 Data Link 3 Network 4 Transport 5 Session 6 Presentation 7 Application

Answer 443

physically secure area around system or imaginary boundary separating Trusted Computing Base TCB from rest of the system

Answer 444

minimizing data on portable devices

Answer 445

sense changes in magnetic or electrical fields

Answer 446

not knowing about what they are guarding is not a disadvantage of using guards

Answer 447

unable to prevent internal attacks

Answer 448

Identification & Authentication

Answer 449

Account access reviews

Answer 450

Mandatory Access Control subjects and objects all have labels

Answer 451

grants access based on roles for subjects

Answer 452

review of description provided by management, specific point in time

Answer 453

SOC Type I

Answer 454

Patch management system

Answer 455

can choose to do BCP/DRP, but they really should

Answer 456

asset value for risk assessment expressed in monetary units includes both replacement cost and value to the business

Answer 457

Cyber Supply Chain Security Principles: Since it's high level it's the BIG picture BIG (breaches happen so develop defenses for them, IT isn't only concern, Gaps will exist between physical and cybersecurity) 1. Develop your defenses based on the principle that your systems will be breached. When one starts from the premise that a breach is inevitable, it changes the decision matrix on next steps. The question becomes not just how to prevent a breach, but how to mitigate an attacker’s ability to exploit the information they have accessed and how to recover from the breach. 2. Cybersecurity is never just a technology problem, it’s a people, processes and knowledge problem. Breaches tend to be less about a technology failure and more about human error. IT security systems won’t secure critical information and intellectual property unless employees throughout the supply chain use secure cybersecurity practices. 3. Security is Security. There should be no gap between physical and cybersecurity. Sometimes the bad guys exploit lapses in physical security in order to launch a cyber attack. By the same token, an attacker looking for ways into a physical location might exploit cyber vulnerabilities to get access.

Answer 458

CA CA SP RC IP Which security measures will be in place for Continuity of Access? How employees will Access Business-critical applications and systems as the divestiture proceeds. (Critical App access) The buyer’s and seller’s Security Policies. Are their policies compatible, or will additional training be needed before employees transfer to the new business unit? Are there Regulatory and IT Compliance issues requiring additional training before the divestiture concludes? Are there issues with Intellectual Property custody and protection as per the divestiture agreement or not covered by the agreement.

Answer 459

It is more commonly used to help enterprise users sign in to multiple applications using a single login (i.e. provide sso for enterprise users)

Answer 460

PaaS focuses on code stack infrastructure, while CaaS offers more customization and control over applications and services. Pay for a period of time, no matter what is used. As a result, CaaS is better suited to emerging frameworks, such as microservices. Pay as you use. Timed use. CaaS must be started, stopped

Answer 461

vendor up to virtualization customer from o/s on up

Answer 462

vendor up to Security customer application only

Answer 463

vendor up to application (all)

Answer 464

a form of PaaS but only pay for what you use where normal PaaS you pay for a period not a timed amount use Vendor provides everything up to container, customer responsible for what's in the container

Answer 465

A type of network attack. It is interference that can be introduced to the cable that causes problems.

Answer 466

A type of network attack. It occurs when signals from two wires (or more) interfere with one another and distort the transmission.

Answer 467

Can be considered a type of network attack. It is the weakening of a signal as it travels down the cable and meets resistance.

Answer 468

A type of network attack where information remains intact, but privacy is compromised. It intercepts private data over cabling lines

Answer 469

Peaky blindER packets - to remember the solutions A type of network attack where the sequence ACK numbers cannot be attained. Packets are sent to the target to obtain a sampling of the sequence numbers so that the attacker can generate a valid sequence number for the attack. Mostly used to attack older machines. Newer machines use random sequence number generation. Solutions: PER use Packet filtering; use Encryption on routers for inbound traffic; and Reject packets with incorrect network origin.

Answer 470

A type of network attack which occurs when the attacker is on the same subnet as the victim. The attack sniffs the sequence and ACK numbers and uses them to hijack the session. Solutions: You don't have to be blind to give some EFS enable Encryption on a router for outside connections use ingress Filters on packets to filter inbound traffic use Secure protocols to connect to other systems

Answer 471

A type of network component attack where the attacker intercepts communications between two trusted hosts. The attacker gains the ability to view and change the information sent, and to forward it undetected. The attack can be accomplished using ARP cache poisoning or ICMP redirect. Solutions: MITM might SEEM like he's not there. SEEM prevented by using Secure connections (HTTPS, SSL, TLS, VPN), Endpoint detections, Education MFA,

Answer 472

A type of network component attack in which the attack is connected to a switch and "floods" the switch with a large number of different fake MAC address sources. Prevented by: Hey MAC, avoiding a flood is SIMPle. Segmentation of network IDS MAC address filtering: Port security

Answer 473

type of network component attack. It is a tagging attack that occurs when a user on a VLAN gets unauthorized access to another VLAN. Solutions: ISL (I Still Love) D FC (Deep Fried Chicken) Dynamic Trunking Protocol (DTP) on all non-trusted ports Following Configuration guidelines for the switch.

Answer 474

remember this one as it's Nested which is starts with the same letter as Native A type of network component attack where an attack can cause traffic to hop VLANS by injecting packets that are double-tagged in an 802.1Q VLAN. Clear the native VLAN from all 802.1Q trunks or pick an unusual VLAN as the native VLAN.

Answer 475

A type of network component attack where an attacker can send spoofed ARP messages in to a LAN, causing the ARP cache to associate the target's IP address with the attacker's computer. All packets meant for the target will then be sent to the attacker. ARP is the protocol used to map an IP address to the physical MAC address. Prevented by: Use your PENUS to plug the ARP Cache poison and penus both start with p Physical Security Encryption Network segmentation / isolation Using switch security / or DAI (dynamic arp inspection) Static ARP table

Answer 476

A type of ICMP network, Denial of Service (DoS) attack on a computer that involves sending malformed or oversized IMCP packets to a target. Hackers send several oversized packets, which can cause the victim's system to be unstable at the least, and possibly freeze up. Prevented by: Death starts with D... CBA, also it's one of the oldest attacks so should be easy as... ABC avoid legacy equipment and patching block incoming icmp checks to packet reassembly process to prevent large / malformed packets

Answer 477

U in smurf indicates UDP is used. Smurf's must be disabled from broadcasting ip addresses at each router and firewall. A type of ICMP, DDoS, network attack. The attacker sends a large amount of UDP echo traffic to an IP broadcast address, all of it having a fake source address, which will be the target of the system. As a DDoS attack the target system is flooded with spoofed ICMP packets. Prevented by: Smurfs is an old broadcast disable IP broadcasting addresses at each network router and firewall. Older routers are likely to enable broadcasting by default, while newer routers will likely already have it disabled

Answer 478

A type of ICMP network, DoS attack attacker sends a large amount of UDP traffic to ports 7 (Echo) and 19 (CHARGEN) Solutions: watching Fraggle Rock on my FUTON is FAB ulous FU TO NF AB solutions: Filtering UDP inbound Turn off source address spoofing by router configure routers to Not Forward packets directed to broadcast addresses. Until 1999, standards required routers to forward such packets by default. Since then, the default standard was changed to not forward such packets.[6] Configure hosts and routers to ignore packets where the source Address is a Broadcast address;

Answer 479

A type of ICMP network attack and an example of a MITM attack. A router sends an ICMP redirect request to a host when packets are routed via sub optimal paths, requesting the packets use the attacker's machine as a a default route. The attacker will forward all the redirected traffic to a router so that the victim will not know that his or her traffic has been intercepted. solutions: turn off redirect on hosts or network equipment IDS / IPS can prevent

Answer 480

A type of ICMP network attack that pings every IP address and keeps track of which IP address responds to the ping. This technique is also a basic network scanning technique used to map networks and can also be used to find networking devices. (aka port scannning) Prevented by blocking incoming ICMP

Answer 481

A type of network attack that occurs in the form of probing the TCP services on a machine by establishing the initial handshake for connection. It allows an attacker to test for vulnerabilities on a target system. The scan pings every address and port number combination and tracks which ports are open on each device as the pings are answered by open ports with listening services and not answered by closed ports.

Answer 482

DNS U Cache E A type of DNS attack where the attackers feed false information into the DNS cache. When the server refreshes its query, the attacker inserts his own access point in an attempt to harvest passwords from users through newly created fake website. Prevented by: DUCE DNSSEC Use most current version of DNS Configure DNS servers to not rely on trusts with other servers Education - don't click links in emails

Answer 483

A type of DNS attack that uses multiple compromised systems to send network traffic to a specific targeted system creating a Denial of Service (DoS) attack. a MIC can unDENIALbly Distribute your voice Mitigated by: MIC Monitoring network traffic volume IDS / IPS CDN

Answer 484

A type of DNS attack that takes advantage of the ability to embed URLs in web pages and emails.

Answer 485

A type of DNS attack where a hacker registers a domain name with no intent to use it but rather hold it as a hostage, to sell to a company or persons using the same domain name or type.

Answer 486

A type of DNS attack where an attacker registers a domain name of a web known company before the company itself has a chance to renew the domain name.

Answer 487

A type of wireless attack where an attacker drives around, using a laptop and a high-powered antenna to locate unsecured WLANs.

Answer 488

A type of wireless attack and a practice that is typically used to accompany war driving. After the war driver has located an unsecured WLAN, he write with chalk on the sidewalk the SSID and the types of security used on the network.

Answer 489

A type of wireless attack that is unauthorized access to a device using a Bluetooth connection. In this case the attacker is trying to access information on the device rather than send messages to the device. Prevented by: turn off bluetooth if not being used have a long password if possible for bluetooth turn off discovery when not needed

Answer 490

A type of wireless attack that happens when an unsolicited message is sent to a Bluetooth-enabled device for the purpose of adding a business card to the victims contact list. It can be prevented by putting the device into a non-discoverable mode.

Answer 491

A type of email attack where the sender addresses parts of the email with a header altered to appear as through the email originated from a different source. Since SMTP does not provide any authentication, it is easy to impersonate and forge emails. The email appears to come from one source when it actually comes from another.

Answer 492

A type of email, social engineering attack where the attacker tries to get a person to click on a link in an email that seems to be legitimate. Hackers are attempting to collect data and redirect the victim to the hacker's website.

Answer 493

A type of email attack used to target a specific person rather than many people. It targets the individual by learning about the person's habits and likes.

Answer 494

A type of email cyber attack used to target senior management, such as CEOs, CFOs, and other upper management roles.

Answer 495

A type of email attack where attackers send out non-requested emails on a mass basis.

Answer 496

A type of cyber attack where a hacker takes advantage of the three-way TCP handshake, and spams the victim with SYN packet's from a spoofed IP address. The victim responds with a SYN-ACK packet, but never gets a response. Eventually, it will reach its maximum number of uncompleted three-way handshakes and will refuse legitimate network connections. Mitigated by: In memory, SYNful pACKman eats cookies limiting memory for syn / ack use use of syn cookies

Answer 497

A type of cyber attack which tries all possible keys until one is found that decrypts the cypher text. This is why the key length is such an important factor in deterring the strength of the crypto system. The longer the key, the longer it takes to go through all of possible character combinations.

Answer 498

A type of cyber attack in the form of a DoS attack where the attacker sends SYN packets to a single server, overwhelming the victim system and blocking access to legitimate traffic. Solutions: Flooding put out the fires of hell where your half open soul is recycled into cookies FIReS Firewall Filtering Increase Backlog Queue Recycling the oldest half-open connection SYN Cookies (will lose some details but not enter DoS state)

Answer 499

A type of cyber attack that is a process in which a hacker sends malformed fragments of packets that when reassembled by the receiver, cause the receiver to crash or become unstable. Solutions (Fucking Pussy, for crying) Mitigated with firewall / IDS / IPS patching also helps prevent

Answer 500

The spoofing happening here must FADE. A type of cyber attack that hackers use to hide their trail or to masquerade as another computer in which they alter the IP address as it appears in the packet. Prevented by: FADE using Firewall Authentication of all IP addresses DNSSEC Ip Encryption

Answer 501

A type of cyber attack. In cryptography, this is a non-intrusive attack that uses information (timing, power consumption) gained from the physical implementation of the crypto system. This attack tries to figure out how a component works without trying to compromise any type of flaw or weakness.

Answer 502

Don't SIT, hijacking! A type of cyber attack where an intruder exploits a valid computer session to gain unauthorized access to the system. The attacker places himself in the middle of an active conversation between two computers, for the purposes of taking over the session of one of the two computers, thus receiving all data sent to that computer. TCP session hijacking takes advantage of predictable TCP sequence numbers Mitigated by: SIT Strong session managment (rotating keys, preventing predictable sequences, enforcing session timeouts) IDS / IPS Token based authentication

Answer 503

A type of cyber attack that is a process in which copies of a SIM chip are made, allowing another user to make calls as the original user.

Answer 504

Three types of attacks on wireless networks.

Answer 505

A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful SQL injection exploit can: FORMA Read sensitive data from the database, Modify database data (Insert/Update/Delete), execute Administration operations on the database (such as shutdown the DBMS), recover the content of a given File present on the DBMS file system and in some cases issue commands to the Operating system. Mitigation: DIPS Parameterized sql statements / queries secure Stored procedures Input validation, input list validation Do not use escaping for user supplied data whenever possible

Answer 506

A salami attack is a cybercrime that attackers typically use to commit financial crimes. Criminals steal money or resources from financial accounts on a system one at a time. This attack occurs when several minor attacks combine to form a powerful attack. Because of this type of cybercrime, these attacks frequently go undetected. Mitigation: I PAID for that salami. Periodic audits Anomaly detection (many small transactions going to one account) integrity checks Data validation

Answer 507

provides non-repudiation and integrity does not achieve confidentiality as anybody can use your public key to decrypt, must use recipient's public key to provide confidentiality

Answer 508

The Personal Information Protection and Electronic Documents Act is a Canadian law relating to data privacy. It governs how private sector organizations collect, use and disclose personal information in the course of commercial business.

Answer 509

Crime prevention through environmental design Strategies: Natural Access Control - guidance of people in and out by placement of doors, fences, lighting, and landscaping Natural Surveillance - make criminals feel uncomfortable by providing many observance opportunities (maximize visibility) Territorial Reinforcement - create physical designs that emphasize the organization's sphere of influence Maintenance - make environment look cared for which discourages crime (broken window theory - broken windows encourage crime)

Answer 510

One firewall between private network and external network, no dmz = total of 1 firewalls

Answer 511

one external firewall (with dmz stem) - private network = total of 1 firewalls

Answer 512

external firewall (1/3) - DMZ - internal firewall (2/3) - transaction subnet - internal firewall (3/3) - private network = total of 3 firewalls

Answer 513

external firewall - DMZ - internal firewall - private network = total of 2 firewalls

Answer 514

external firewall (with DMZ stem) - transaction subnet - internal firewall - private network = total of 2 firewalls

Answer 515

The right answer will provably encompass the other answers

Answer 516

The right answer will be the policy, nothing happens without a policy

Answer 517

overwrite and replace confidential data spaces with meaningless data using approved s/w or h/w - reasonable assurance that data will not be easily retrieved (not absolute)

Answer 518

completely overwrite all data with degaussing or firmware commands - data unrecoverable with high degree of confidence

Answer 519

physical destruction - no reuse of media

Answer 520

baseline identifies a purpose for change, not a primary reason

Answer 521

value of risk assessment diminishes over time, risk is never fully eliminated, risk must be re-evaluated after changes

Answer 522

confidential private sensitive public

Answer 523

top secret secret sensitive, not classified unclassified

Answer 524

Illegal hacking or just hacking

Answer 525

are not equal but have overlapping functions

Answer 526

PREPaRe the pen test. Planning - establish goals, scope and rules, management approval and document in writing Reconnaissance gather target intelligence - IP addresses, ports, network assets, host names, applications, employee information Exploit vulnerabilities - successful exploitation will be reported Provide Report - send report in secure method to stakeholders

Answer 527

Make sure what timing the question is asking. Is it asking which should happen first or last?

Answer 528

Capability Maturity Model Integration (aka CMM) - if hiring an outside development firm, can ask if they've been CMMI certified I,I Might Die Questioning Others (IMDQO) Incomplete (0) chaotic or ad hoc Initial (1) no effective management, no assurance of consistency or quality Managed (2) formal structure for change control and QA, repeatable processes Defined (3) formal procedures carried out in all projects, ability to be proactive Quantitatively Managed (4) metrics in place and used for self-improvement Optimizing (5) budgeted and integrated plans for continuous process improvement, can respond quickly to changes

Answer 529

Calculating risk is performed before any decision is made

Answer 530

4 / Transport

Answer 531

BCP / DRP is the high level countermeasure

Answer 532

Risk assessment

Answer 533

Choose the answer which makes the most sense economically

Answer 534

Is not the same as in access control, in cryptography it is means authenticity

Answer 535

High level policies are always more important

Answer 536

a stateful firewall is a network-based firewall that individually tracks sessions of network connections traversing it. Stateful packet inspection, also referred to as dynamic packet filtering,[1] is a security feature often used in non-commercial and business networks. Characteristics: state of pennsylvania (chili peppers lyric) is where we find the SHS CoW (o not used) Dung State table High security without performance degrading Scalable provides data for tracking Connectionless traffic stores and updates state / context of data Within packets Weaknesses: susceptible to DoS attacks (filling state table)

Answer 537

inspects packets transferred between computers. The firewall maintains an access-control list which dictates what packets will be looked at and what action should be applied, if any, with the default action set to silent discard packets inspected by SAH ALUF advantages: Scalable not Application dependent High performance weaknesses: cannot prevent Application vulnerabilities from being exploited Limited logging do not support advanced User authentication may not detect packet Fragment attacks

Answer 538

While a packet filtering firewall only examines an individual packet out of context, a stateful firewall is able to watch the traffic over a given connection, generally defined by the source and destination IP addresses, the ports being used, and the already existing network traffic.

Answer 539

due care must always be taken (by all people), not taking due care results in negligence due diligence may not be necessary but is best for the long term and maintains the due care effort due diligence makes sure the same incident doesn't happen twice, due diligence is generally taken by management, due diligence focuses on risk based decision making, not taking due diligence consequences depend on the situation

Answer 540

Bo Bacardi (BA RA RC DI) is our enterprise security architect. an integrated and comprehensive strategy for protecting the organization against cyber threats BO BA RA RC DI Identify Business Objectives, goals and strategy Identify Business Attributes that are required to achieve those goals Identify all the Risk Associated with the attributes that can prevent a business from achieving its goals Identify the Required Controls to manage the risk Define a program to Design and Implement those controls

Answer 541

Architecture is usually the top level and the top is sometimes known as the Capo. CA PA CAMP OA define Conceptual Architecture for business risk define Physical Architecture and map with conceptual architecture define Component Architecture and Map with Physical architecture define Operational Architecture

Answer 542

Can only happen after a general architecture

Answer 543

Sherwood Applied Business Security Architecture - tool for aligning security architecture with business strategy; each layer increases detail (Y axis) and decreases abstraction (policy to implementation) Matrix there's AMPPLe Time on the SABSA Primay CLOCC X axis: Assets (What), Motivation (Why), Process (How), People (Who), Location (Where), Time (When) (AMPPLT) Y axis: Contextual, Conceptual, Logical, Physical, Component, Operational (P CLOCC)

Answer 544

SABSA is SABEPESE SA BE PE SE Strategic Alignment - business drivers and regulatory requirements met by security architecture Business Enablement - core business processes are integrated withing the security operating model, standards based + risk based (can do new things) Process Enhancement - integrating security components into business processes (can do things better) Security Effectiveness - measured by security assessments

Answer 545

ISMS - (Information Security Management System) specifies the components of the security program ESA (Enterprise Security Architecture) - specifies how the components of the security program relate to the general business architecture and how the components are integrated in the business environment and is part of EA (enterprise architecture)

Answer 546

Outlines the essential components of a security program

Answer 547

m = agents, n = total pool of agents m of n agents must participate in the control in order to complete an action aka: quorum authentication

Answer 548

Hitler mad '39 a difficult time to manage information security risks Managing Information Security Risk 3 Tiers: Organizational view Mission / Business view Information Systems view Trust models

Answer 549

occurs in level 1-4

Answer 550

Information System Risk Management Should address: RR CORK CAP (risk reward cork cap) formal process of Risk identification approach of changing staff behavior / resource allocation in Response to risk analysis Connection between ISRM policy and strategic planning Objectives of ISRM team Responsibilities of ISRM team KPI's mapping of risk to internal Controls Acceptable level of risk mapping risks to Performance targets / budgets

Answer 551

Goal: Organization is protected in a cost effective way Principles: The risk management team's goal is to protect the organization in a cramped mine. CRAMPED MINe (e not used) mapping of legal / regulation Compliance to controls appropriate Resources / fund allocation security Awareness training ability to establish risk Mitigation in specific areas as necessary Procedures to identify and mitigate risks Establish risk acceptance level Documented risk assessment process development of Metrics / KPI's Integration of ISRM and change control process ability to identify and assess New risks

Answer 552

FARM PACT TR REDI SM Frame risk: PACT Priorities Assumptions Constraints Tolerance Assess risk: TR Threat and Vulnerability Identification Risk Determination Respond to risk: REDI Risk Response Identification Evaluation of Alternatives Risk Response Decision Implementation of Response Monitor risk: SM Risk Monitoring Strategy Risk Monitoring

Answer 553

potential cause of an unwanted incident which can result in harm negative effect of uncertainty on objectives (CIA are objectives)

Answer 554

weakness that may allow a threat to compromise security

Answer 555

likelihood of a threat exploiting a vulnerability and the corresponding impact the effect of uncertainty on objectives (ISO 31000)

Answer 556

instance of being susceptible to loss

Answer 557

a mechanism put into place to reduce risk

Answer 558

broader effort to evaluate an organization's risks (gather data)

Answer 559

specific tasks performed in a risk assessment to evaluate more narrowly defined risks (examine gathered data)

Answer 560

a risky goal is to skip BAIL provide economic Balance between threat impact and cost of countermeasure / control identify Assets and value of assets determine the business Impact of threats determine Likelihood a threat exploits a vulnerability

Answer 561

MOOR MULA AI Maintenance cost Operational losses without the asset value to Owners / users Replacement cost Market value Userfulness to organization Liabilities if asset is compromised Acquisition cost value to Adversaries Impact to brand / reputation if asset is lost

Answer 562

Guide for Conducting Risk Assessments Focuses on computer systems and IT security 30 days after assessing the risk, People Can Count Money from ART CRIME Steps: People Can Count Money Prepare Conduct Communicate Maintain Categories of Threat events: ART CRIME Attack impact / Results Tools of attack creation Coordinate campaign Reconnaissance malicious capability Insertion / delivery / Installation Maintain presence / capabilities Exploit / compromise

Answer 563

guys under 30 have 2 eyes (I's) popping on tripple d's but TV could be LIaR identify Threats identify Vulnerabilities determine Likelihood of occurrence determine Impact magnitude determine Risk

Answer 564

Facilitated Risk Analysis Process Intended for evaluating a single entity / system Based on experience of team members, not calculations

Answer 565

Operationally Critical Threat, Asset and Vulnerability Evaluation (Carnegie Mellon U) 80 percent of consequences come from 20 percent of the causes Intended for Information Security Qualitative and focused on speed Steps: EOS S MIRS E Octave Sounds Simply Melodic In Rhythmic Songs Phase 1 identify Enterprise Knowledge identify Operational Knowledge identify Staff Knowledge Phase 2 establish Security Requirements Phase 3 Map High-priority information assets to Information Infrastructure perform Infrastructure Vulnerability evaluation conduct Mulidimensional Risk analysis develop Protection Strategy

Answer 566

Failure Modes and Effect Analysis used for: PRO'S Product development, assurance Risk management and Operational environments, first developed for Systems engineering goal: identify most likely failure and fix possible causes or reduce impact of break uses failure modes and effect analysis, due to the depth it is usually only performed on critical functions application of method to chronic failure enables the determination of the point where failure is most likely steps: BIFCR (Bad Info Fouls Credible Reports) BD IF FE CD RA (Bad devices, I find, fail eventually causing destruction right away) Block Diagram of system / control consider Impact of Failure for each block table with Failures and their Effects Correct Design of system have engineers Review Analysis of the failure modes and effects

Answer 567

good for determining failure modes in complex multiple systems or subsystems start with a failure (as root of tree) and add possible causes (as branches to the root) and causes to each branch (as more branches or leaves), numbers representing probabilities for each item are added (often done with software) examples the methodology is good for: FISTU (and fault tree begin with F, the other item that matches F is not examples) False alarms Insufficient error handling Sequencing / order incorrect Timing output valid / Unexpected output

Answer 568

identifies vulnerabilities but does not assign probabilities of occurrences, etc. like a risk assessment

Answer 569

degree to which confidence is lacking in an estimate (expressed as a percent)

Answer 570

uses multiple rounds of questionnaires sent to a panel of experts to work toward a mutual agreement or consensus opinion often anonymous to prevent individuals being pressured by others

Answer 571

evaluation of control(s) to determine correct implementation, operational effectiveness and end results have been attained

Answer 572

did we implement the control properly

Answer 573

did we implement an appropriate control

Answer 574

continuously assessing the effectiveness of controls at mitigating all risks to tolerable levels with focus on effectiveness, change and compliance

Answer 575

theirs 161 links in our supply chain Supply Chain Risk Management Practices Create supply chain map

Answer 576

FDIPS US Federal Risk and Authorization Management Program (FedRAMP) US DOD Cybersecurity Maturity Model Certification (CMMC) ISO 27001 certification PCI DSS certification Service Organizational Control (SOC1 or SOC2)

Answer 577

Business Continuity Management - holistic management process covering BCP and DRP Lifecycle: PADIV continuity is similar to persistence Persistent Actions Don't Involve Variability Policy / Program management Analysis - BIA and Risk Assessment Design Implementation Validation - using TTE

Answer 578

TAP Technical Administrative Physical

Answer 579

California Consumer Privacy Act (2020) PII = first name, last name + (SSN or DL# or CC# with PIN) Has been copied by many different stats

Answer 580

Organization for Economic Co-operation and Development - helps different countries resolve issues with globalized economies Principles: Economics frequently involve Aid, cooperate with the cops U U AID COPS Use Limitation Accountability Individual Participation Data Quality Collection Limitation Openness - open communication of practices Purpose Specification Security Safeguards

Answer 581

SHIPP RT WE BANG Sexual Orientation Health ID numbers Political Phone Religious Trade Union Web Data (LICE - location, IP address, cookies, email) Ethnic Biometric Address Name Genetics

Answer 582

DF CRIP Data Protection Officer (DPO) right to be Forgotten Consent data breach Reporting (72 hours) right to be Informed right to restrict Processing

Answer 583

Transborder Data Flow

Answer 584

It's like there's 27005 treatments for risk. Crime Is Ever Evolving TREAT As-such Risk treatment (differs from NIST RMF in that risk communication is also an additional process where in NIST RMF it's only implied) Should be used with ISO 27001 security program Steps: C I E E T A (Crime Is Ever Evolving Treat As-such) Context Establishment risk Identification (risk analysis + assessment) risk Estimation (risk analysis + assessment) risk Evaluation (risk assessment) risk Treatment risk Acceptance

Answer 585

Factor Analysis of Information Risk framework - focuses on precise measurement of probabilities of incidents and their impacts Only international standard that is quantitative Focus not on possible threats but probable threats

Answer 586

consists of 800-30, 800-37 and 800-39

Answer 587

catalog of controls and how to select them to protect US Federal systems, has 20 families of controls and 1000+ controls in those families

Answer 588

Center for Internet Security control framework

Answer 589

business framework for IT enterprise management (ISACA)

Answer 590

US DoD Architecture Framework - ensures interoperability to meet military goals Focus on: IRS is part of US gov 4 C's IRS (irs all end in nce) Command Control Communications Computers Intelligence Surveillance Reconnaissance

Answer 591

FONI NIST RMF ISO 27005 OCTAVE FAIR

Answer 592

ISO 27000 NIST Cybersecurity Framework

Answer 593

there is 2 c's and 1 n in "security control" NIST 800-53 CIS Controls COBIT 2019

Answer 594

ZTDS Zachman - taxonomy TOGAF - The Open Group Arch. Framework DoDAF - Dept. of Defense Arch. Framework SABSA - Sherwood Applied Business Security Architecture

Answer 595

control exists outside of multiple systems but applies to these systems

Answer 596

control exists and applies within a system

Answer 597

control is partly common and partly system-specific, e.g. security awareness training

Answer 598

plan of action and milestones used in the Authorize step in NIST RMF

Answer 599

a threat actor's Tactics, Techniques and Procedures used in the Monitor step in NIST RMF

Answer 600

MATA Mitigate Accept Transfer Avoid

Answer 601

Information security programs certification

Answer 602

Industrious Physiques Don't Ruin Reputation, Causing Imaginary Problems Activities: IPDRR Identify Protect Detect Respond Recover Tiers: CIP Framework Core - applies to all organizations Implementation Tiers - categories of rigor / sophistication Framework Profile - describes the state of organization in regards to categories

Answer 603

Framework with 20 families of controls and 171 subcontrols Control Categories: Basic - should be implemented in every organization Foundational - best practices Organizational - focus on people and processes Implementation Group 1 - SMB's Implementation Group 2 - Large organizations with an IT security department Implementation Group 3 - Large organizations with security experts in different specialty areas

Answer 604

Information Technology Infrastructure Library - framework to combine business and IT processes 4 dimensions: VOIP Value Streams and Processes Organizations and People Information and Technology Partners and Suppliers

Answer 605

process improvement methodology that utilizes statistical methods to improve efficiency and reduce variation, defects and waste

Answer 606

how loss of information would impact the fundamental business processes of an organization

Answer 607

how data disclosure would impact an organization's losses

Answer 608

sensitivity, criticality or both

Answer 609

commercial, highest to lowest c p s p confidential - disclosure could seriously affect the organization private - disclosure could adversely affect the organization or personnel sensitive - requires special precautions for confidentiality and integrity public - disclosure would not result in adverse impact military, highest to lowest ts s c cu u top secret - disclosure could result in grave danger secret - disclosure could result in serious damage confidential - exempt from disclosure by Freedom of Information Act controlled unclassified - cannot legally be disclosed (e.g. health records) unclassified - data not sensitive

Answer 610

DSOCCETRA (Dont separate otherwise classified categories even to raise awareness) Define classification levels Specify classification criteria identify data Owners responsible for classifying data identify data Custodians responsible for maintaining data and classification level indicate security Controls document Exceptions methods for Transferring custody / ownership Review procedures for classification / ownership / custody declassification security Awareness for the above

Answer 611

a device image with desired configuration and installed software

Answer 612

Acceptable Use Policy

Answer 613

guidelines for media sanitization

Answer 614

Guide to storage encryption

Answer 615

Allows operations on encrypted data, not currently practical

Answer 616

is a from of security through obscurity components: carrier - file message is hidden within stegomedium - medium message is hidden on payload - message hidden bits stored in least significant bits (LSB)

Answer 617

least significant bits, or bits which would least affect the carrier

Answer 618

data loss - it is unknown where the data is data leak - confidentiality of data has been compromised

Answer 619

network data loss prevention normally only protects data in motion endpoint data loss prevention can protect data at rest and data in motion

Answer 620

Cloud Access Security Broker - applies security policies to cloud services Can be in proxy mode - CASB is in data path, all data is routed through the proxy, includes reverse proxy that protects data not routed through the VPN (routes from cloud service to the proxy), Proxy disadvantages: (Cloud PICS) single Point of failure (unless redundant devices added), can be an Issue with non-company devices, Changes in cloud must be maintained Slows down processes, Can be in API mode - uses API's and doesn't have the disadvantages in proxy mode

Answer 621

scoping - taking broad standard and trimming unneeded parts tailoring - taking broad standard and changing parts to better work with a specific situation

Answer 622

Consider that assets have already been created, classified, labelled, etc. before they become managed

Answer 623

Create, Read, Update, Delete

Answer 624

Atomicity, Consistency, Isolation, Durability - database properties

Answer 625

hiding specific cells in a database record to prevent inference confidentiality breaches

Answer 626

dividing a database often to prevent inference confidentiality breaches

Answer 627

inserting bogus information in hopes of midirecting an attacker to provide confusion

Answer 628

remote terminal unit - devices that relay readings or execute commands in an ICS

Answer 629

human safety

Answer 630

guide to industrial control systems (ICS), in '82 I became an adult in industrial society and now have to follow adult people rules AP RULES monitor Audit trails regularly ensure process for Patch management apply Risk management to ICS disable Unneeded ports / services on all ICS devices implement Least privilege use Encryption when possible Segment network to allow IPS/IDS within subnet boundaries

Answer 631

Operational Technology - ensures ICS systems can talk to each other

Answer 632

Human-Machine Interface - usually a workstation used to monitor / control an ICS or ICS component

Answer 633

log of all activity in an ICS

Answer 634

security hardened network controllers allowing unidirectional data flow in ICS

Answer 635

data acquisition server - servers in SCADA systems that receive / process data from endpoints

Answer 636

isolate the OT from internet

Answer 637

converting 32 bit request to 64 bit

Answer 638

hypervisor runs on bare metal

Answer 639

hypervisor is an application running in an O/S

Answer 640

Application Container Security Guide TVOG use container-aware defense Tools (e.g. IPS) adopt container-specific Vulnerability management tools use container specific host O/S only Group containers with same purpose, senstivity and threat postures on the same O/S

Answer 641

hebrew invention of cryptography from 600 BC which was a monoalphabetic substitution cypher

Answer 642

complex cryptographic project developed by IBM involving mathematical equations which grew into DES encryption after it was adopted by the NSA (1976)

Answer 643

range of values available to form a cryptographic key

Answer 644

all needed components to allow encryption components: paks protocols algorithms keys software

Answer 645

confidentiality integrity authentication authorization nonrepudiation

Answer 646

the algorithm should be known and only the key should be secret, if there are too many secrets there would be more vulnerabilities to exploit (as it can't be tested openly)

Answer 647

aka one-time pad, perfect encryption using XOR with random key as long as the plaintext to be unbreakable: pad only used once pad must be at least as long as message secure distribution and storage of pad pad must be truly random

Answer 648

confidentiality, does not provide authenticity or nonrepudiation

Answer 649

if a slight change of a key is made, a large amount of the cyphertext is changed (same concept as diffusion)

Answer 650

stream acts on one bit at a time block acts on more than one bit at a time (a grouping or block of bits)

Answer 651

used in symmetric block encryption to produce a stream of bits that are XOR'd with the plain text (similar to one time pad where each bit has it's own bit to be XOR'd with) it uses a shared key to generate the stream

Answer 652

stream ciphers work better with hardware implementation and require more processing power block ciphers work OK on software implementation and require less processing power

Answer 653

In DH key exchange, the public keys (assymmetric encryption) of each party is combined by the algorithm to create an agreement on a key to provide symmetric encryption between the parties

Answer 654

Quantum Key Distribution - using the properties of quantum mechanics in photons to select keys between two parties

Answer 655

attack on hashing using the "birhday paradox" in that the chance is more than 50/50 that you have the same birthday as somebody else requires 253 people gathered because you're looking for a specific birthday, however the chance that 2 people have the same birthday only requires 23 people gathered because it can be any birthday that two people share A birthday attack is a bruteforce collision attack that exploits the mathematics behind the birthday problem in probability theory. This attack can be used to abuse communication between two or more parties. The attack depends on the higher likelihood of collisions found between random attack attempts and a fixed degree of permutations (pigeonholes).

Answer 656

Integrity only

Answer 657

hashed based message authentication code integrity + authentication

Answer 658

integrity + authentication + nonrepudiation (NOT confidentiality)

Answer 659

used to associate a public key with a unique identity, only considered secure when signed by a valid certificate authority

Answer 660

Online Certificate Status Protocol - automatically checks CRL's

Answer 661

Registration Authority - acts as a broker between subject and the CA (can be in the same organization as the CA)

Answer 662

Confidentiality Access Control Integrity Authentication Nonrepudiation

Answer 663

Key management you need a key for a 57 chevy

Answer 664

attacker provides the text to be encrypted and then uses it as if in a known-plaintext attack

Answer 665

attacker chooses the ciphertext to figure out the key, attacker probably has some control over the system to be successful

Answer 666

(aka statistical analysis) identifies statistically significant patterns in ciphertext

Answer 667

within authentication mechanism: time stamps and time limits nonce based (single use) authentication tokens

Answer 668

time it takes to break a cryptosystem or encryption process

Answer 669

developed by US Fed gov for creating secure message digests

Answer 670

Attacker Stages: Real Wars Don't Ever Indicate Course of Action (RWDEICA) Reconnaissance Weaponization Delivery Exploitation Installation Command / Control Actions on Objective Defender Actions: (5D's + C) Deceive Degrade Deny Detect Disrupt Contain Goals: Identify indicators of attack stages Defender Actions taken earliest opportunity is best

Answer 671

Adverserial Techniques Tactics & Common Knowledge 14 tactics have techniques and sub-techniques used by threat actors: ICED CLoCk DRIPPER (ok to not use ok) Initial Access Credential Access Execution Defense Evasion Collection Lateral Movement o Command and Control k Discovery Reconnaissance Impact Persistence Privilege Escalation Exfiltration Resource Development

Answer 672

DFKLN PSSST Z Defense in Depth Fail Securely Keep it Simple Least Privilege Need-to-know Privacy by Design Shared Responsibility Separation of Duties Secure Defaults Trust but Verify Zero Trust

Answer 673

Storage - space changes Timing - by use of system resources

Answer 674

full disk encryption

Answer 675

self encrypting disk

Answer 676

trusted execution environment (aka: secure enclave on apple products) - have been checked to ensure trustworthiness - frequently used in mobile devices, embedded devices and IoT devices, starting to be used in microservices and cloud services has it's own security perimeter and can only be used with API's, typically has it's own hardware resources and O/S

Answer 677

rich execution environment (untrusted)

Answer 678

TEE don't have their own root of trust (because they are software) but rely on the hardware's root of trust where the TEE is run

Answer 679

instructions that take advantage of security implemented in CPU's

Answer 680

controlling a program to ensure uninterrupted execution of part of a program prevents other processes from interfering with resources used during execution prevents TOCTOU attacks can degrade performance if used often

Answer 681

encrypts data everywhere in the computer except while it's being processed

Answer 682

DDDAR deterrence delaying detection assessment response

Answer 683

I don't really recommend drawing protective curtains closed in morning (IDRRDPCCIM) Identify team Define scope (site vs facility) Risk analysis Regulatory / legal requirements Define acceptable risk level Performance baselines based on risk levels Countermeasure performance metrics Criteria for physical security goals Identify and implement countermeasures Monitor for performance and changes

Answer 684

main distribution facility - data feed to building

Answer 685

intermediate distribution facility - smaller data feeds within a building

Answer 686

A - common combustibles B - liquids / gases C - Electrical D - metals K - cooking oils

Answer 687

fuel - soda acid oxygen - carbon dioxide temperature - water chemical reaction - FM-200

Answer 688

Line Printer Daemon protocol, enables printing over a network

Answer 689

formats data from applications for transmission over a network (SMTP, HTTP/S, LPD)

Answer 690

formats (serializes) data in a manner the receiving computer can understand (compression, encryption, TIFF, JPEG)

Answer 691

creates session receiving application can understand, creating session, maintaining session, releasing session (L2TP, PPTP, RPC)

Answer 692

creates session between two computers to enable communication (TCP, UDP)

Answer 693

insert information into packet header for addressing and routing (RIP, ICMP, OSPF, BGP, IGMP) BRIIO

Answer 694

formats data for the physical transmission media 2 functions LLC - logical link control, interfaces with network layer, flow control and error checking MAC - media access control, interfaces with physical layer adds last header / trailer [framing] to before it hits wire and what volts to put on the wire 1 is +.5 volt / 0 is 0 volts NIC - bridges data link to physical protocols: FLAP ET (PPP, ATM, L2TP, FDDI, Ethernet, Token Ring)

Answer 695

CDLST Convert bits to electromagnetic signals for transmission, Synchronization, Data rates, Line noise and Transmission techniques protocols: ethernet wifi Fiber Optics coaxial

Answer 696

Controller Area Network - a bus type network (linear or tree) prevalent in vehicular networks

Answer 697

carrier sense multiple access - most common MAC type CSMA/CD - collision detection, if collision detected random timer is invoked and data retransmitted mostly used with hubs / bridges, not used much currently CSMA/CA - collision avoidance, listen for "quiet" network then transmit, currently used with wireless used in FDDI

Answer 698

Only node with token can transmit, used by FDDI

Answer 699

central station polls nodes to check if they need to send data, commonly used in WAN's

Answer 700

224.0.0.0 to 239.255.255.255, multicasting addresses (IP4) IP6 - addresses starting with 8 1's

Answer 701

Internet Group Management Protocol used to report multicast group memberships to routers

Answer 702

MACSec, provides confidentiality, integrity and authentication at layer 2, prevents rogue devices, checks each frame for ICV (integrity check value) and allows if valid

Answer 703

I gave my AR a... secure device identity specifies unique per-device identifiers and cryptographic binding, provides secure device provisioning, works with EAP-TLS

Answer 704

provides key agreement for session keys

Answer 705

0 to 1023, standardized port for particular traffic

Answer 706

1024-49151 can be registered with IANA for a particular use

Answer 707

49152-65535 can be used as needed (aka ephemeral ports)

Answer 708

tcp frame is a segment udp frame is a datagram

Answer 709

65,535 bytes

Answer 710

4,294,967,295 bytes

Answer 711

embeds IP4 addresses within IP6 addresses (intersite)

Answer 712

temporary IP4 / IP6 solution uses UDP encapsulation so that NAT are not affected (intersite)

Answer 713

Intra-Site Automatic Tunnel Addressing Protocol treats IP4 network as a virutal IP6 address (intrasite)

Answer 714

Client -> DHCPDISCOVER -> DHCP Server Client <- DHCPOFFER <- DHCP Server (with IP Address) Client -> DHCPREQUEST -> DHCP Server Client <- DHCPACK <- DHCP Server (confirming IP address with validity period)

Answer 715

CMRSS Compromise Client Configuration MITM Route traffic to unauthorized networks DHCP Spoofing - configure fake DHCP servr on network DHCP Starvation - flood DHCP server with bogus requests Solutions: enable DHCP snooping port security

Answer 716

Security measure performed on a switch, ensures only valid MAC addresses receive IP addresses from the server (NOT AN ATTACK) These switches also can provide protection against rogue DHCP servers

Answer 717

used for booting diskless devices to receive IP address, BOOTP is a better alternative with more functionality

Answer 718

attacks: CRaMP can be used as a covert channel - attacker sets up an ICMP responder can be used to redirect traffic (routers use icmp to determine best route,etc.) can be used to map network (traceroute) can be used for DoS Solutions: DDFIS disable ICMP if coming from one of your on-network devices disable icmp redirect (hosts) firewall, block incoming icmp IDS / IPS Secure icmp redirect (accept only from default gateways)

Answer 719

Change default community strings Don't use SNMP v1 or v2 (clear text community string) Close ports 161/162 to untrusted networks Filter ports 161/162 to only authorized endpoints / individuals

Answer 720

unauthorized zone transfer (update of dns information from one dns server to another) - allow zone transfers only on specific servers poisoning dns cache or primary records - use DNSSEC host file manipulation, don't allow users to have admin access or access to host files

Answer 721

enabling router authentication

Answer 722

channel service unit / data service unit - used to connect WAN to LAN

Answer 723

Orthogonal Frequency Division Multi-plexing - uses modulated signals that are orthogonal (perpendicular) to each other in tighter frequency spreads, since signals are perpendicular, they don't interfere with each other, used in: digital tv, audio broadcasting, DSL, wifi and 4/5G wireless

Answer 724

Direct Sequence Spread Spectrum - takes the entire spectrum and splits it into smaller subchannels, uses all frequencies simultaneously using chipping code

Answer 725

Frequency Hopping Spread Spectrum - takes the entire spectrum and splits it into smaller subchannels, then changes the subchannels frequently, sender and receiver have hop sequence synchronized, makes eavesdropping harder if hopping sequence is unknown

Answer 726

allows receiver to reassemble transmission (aka pseudo-nonce sequence) in DSSS

Answer 727

adhoc WLAN's are less secure than infrastructure WLAN's

Answer 728

WiMAX standard

Answer 729

all traffic is not Equal wireless QoS standard supporting multimedia trafic

Answer 730

f for free-range wireless addresses roaming / handoff for wireless networks

Answer 731

h - hell subject: address wireless interference (wireless hell) originally developed in Europe to address interference from other wireless activities using DFS (dynamic frequency selection) and TPC (transmit power control)

Answer 732

WSIL weak authentication static encryption keys ineffective initialization vectors lack of packet integrity assurance

Answer 733

WPA2 (note WPA is just WEP on steroids) Improvements: STAMP sequence numbers TKIP - temporal key integrity protocol - each frame has a new key AES encryption with CCMP Message integrity checks PSK size increased to 256 + salt of the SSID WPA Enterprise adds 802.1X (port authentication and EAP)

Answer 734

Airsnort Wepcrack

Answer 735

to remember turn over w and it makes an m for management frame Management frame protection (certain frames that can't be encrypted) - protects from replay and DOS attacks

Answer 736

DAV WU SWAMP change Default SSID put AP's as close to middle of building as possible VPN for wireless devices implement WPA3 guest networks should connect to Untrusted VLAN Separate VLANS for each class of users deploy Wireless Intrustion Detection System (WIDS) put AP in DMZ with firewall protection from wireless side MAC filtering Penetration testing

Answer 737

Code division multiple access - each channel has a code, current technology used by most cell networks

Answer 738

Frequency division multiple access - ealiest multiple access technology for cell phones (1G)

Answer 739

International Mobile Suscriber Identity catchers - devices that can jam 3G / 4G / 5G signals and force devices down to 2G which does not have authentication between devices and towers, can be built for less than $1500

Answer 740

End to end encryption (most common is TLS)

Answer 741

Padding Oracle On Downgraded Legacy Encryption - (originated in 2014) the attack worked because SSL allowed security downgrading for interoperability

Answer 742

should not be the correct answer to the question asking for best, or most secure

Answer 743

1. Client Hello - list of cipher suites and protocols supported by client, client input for key exchange 2. Server Hello - servers selection of cipher suite and protocol, server input for key exchange 3. Server Authentication - server's digital certificate, proof server owns the certificate's private key 4. Optional Client Authentication - client's digital certificate, proof client owns the certificate's private key Supported Cipher Suites: TLS_AES_256_GCM_SHA384 (best protection but highest resources) TLS_AES_128_GCM_SHA256 (next best protection but next highest resources) - ideal for systems with hardware encryption support TLS_AES_128_CCM_SHA256 - CCM is 16 bit similar to GCM TLS_AES_128_CCM_8_SHA256 - CCM is 8 bit, better suited for embedded devices TLS_CHACHA20_POLY1305_SHA256 - 20 rounds of ChaCha cipher combined with Poly1305 MAC - good for software based encryption Other feature: ephemeral keys - similar to one time pad, only used once, provides forward secrecy (aka perfect forward secrecy) which is attackers could only decrypt a small portion if they got the key most features of 1.3 were optional in 1.2 TLS 1.0 and 1.1 are insecure (but not formally deprecated until 3/2021)

Answer 744

algorithms providing authenticated symmetric key encryption

Answer 745

AE is IN (integrity nonrepudiation) Authenticated Encryption - integrity and non-repudiation for stream ciphers

Answer 746

Authenticated Encryption with Additional Data - present in TLS 1.3 to prevent replay attacks

Answer 747

Microsoft's point to point tunneling protocol, TCP port 1723 works on IP networks (insecure)

Answer 748

Layer 2 Tunneling protocol (current version 3) combination of Cisco L2F [Layer 2 forwarding] and PPTP UDP port 1701(1 comes before 2 in l2tp) works on IP, ATM, X.25, by itself doesn't provide much protection but integrates with protocols that do (e.g. IPSec) to provide confidentiality, integrity, authentication used when PPP needs to be extended through another network DOES NOT ENCRYPT

Answer 749

line devices (e.g. routers) do not understand ip networks, but do understand PPP

Answer 750

extends PPP connections to be able to go through IP networks (which don't understand PPP)

Answer 751

Point to Point Protocol

Answer 752

VPN provided by connecting Gateways on each end, they don't need PPP, L2TP, IPSec (LIP) gateway vpn's don't need any lip, ok?

Answer 753

works at network layer (layer 3) AH - integrity, authentication, protection from replay attacks SA - specifies security properties that are recognized by communicating hosts, allows for secure exchange of data ESP - confidentiality, authentication, integrity, anti-replay (most secure part of ipsec) ISAKMP - framework for SA and IKE IKE - authenticated keying material for ISAKMP works on IP networks only, LAN to LAN communication used for g/w to g/w connections

Answer 754

session (layer 5) PT PEG types: PT tls Portal vpn - accessed via web browser (with built in TLS) to connect to websites tls Tunnel vpn - accessing non-web-based protocols / applications, usually needs custom programming to access through web connection features: PEG Protects a small number of Protocol types, so not good for infrastructure-level VPN Granular access control and configuration Easy to deploy (already built in browser) used to protect specific application layer traffic

Answer 755

Service-Oriented Architecture self-contained components standardized protocol for request / response (API) components that implement business functions

Answer 756

Representational State Transfer architectural pattern uses HTTP to provide API to make requests from servers, creates a language where every statement is a an HTTP URI since it does the above, must use HTTPS also needs input validation

Answer 757

connectionless - sent on best effort (TCP ensures the message is received) stateless - previous conditions are not taken into account (session ID's and cookies take care of this)

Answer 758

get gives Uri up get - will show the request in the URI post - will not show the request in the URI

Answer 759

deep packet inspection can not be performed on HTTPS packets without expensive TLS decryption proxies

Answer 760

Web Service Security, enables SOAP security, provides confidentiality, integrity and authentication through XML digital signatures and security tokens

Answer 761

an attack using DNS to exfiltrate / infiltrate data solutions: RIM of tunnel RIM Rate limiting - capping DNS traffic per host IDS / IPS dns Monitoring tools DNSSEC does not stop it

Answer 762

I see a BIRD in the reflection DOS attack that uses open DNS servers to bombard a server with DNS queries, while spoofing source address solutions: bird Block unsolicited dns replies IDS / IPS dns Rate limiting DNS aware firewall

Answer 763

DOS attack that uses open DNS servers to bombard a server with DNS queries that require much larger responses than the size of the query (DNS ANY, EDNS(0), DNSSEC)

Answer 764

set of standards developed to protect DNS record integrity (not confidentiality or availability) digitally signs groups of DNS records into RRSets with an RRSig record Also opens the possibility of DNS amplification attack

Answer 765

DNS over HTTPS - sends DNS queries over HTTPS/TCP/IP instead of UDP providing confidentiality / privacy, does not provide integrity, but makes some DNS attacks harder to discover

Answer 766

a web proxy that blocks DNS requests to known malicious domains

Answer 767

Extended SMTP allows servers to negotiate TLS sessions when sending mail (SMTPS)

Answer 768

Post Office Protocol, POP3 is current, listens on port 110 or port 995 (POP3S using TLS) 110 ends in 0 POP has O SASL authentication

Answer 769

can remember port as 3 turned on left size makes an M in IMAP Internet Message Access Protocol listens on port 143 / 993 (IMAPS) 143, 3 tilted on left side makes an M in IMAP SASL authentication

Answer 770

Sender Policy Framework, email validation to prevent email spoofing (forged emails)

Answer 771

Domain-based Message Authentication, Reporting and Conformance combines SPF and DKIM

Answer 772

enables communications among SCADA devices (PLC's)

Answer 773

Virtual Tunnel Endpoint - in VxLANS provides interface between underlay and overlay networks

Answer 774

Virtual Network Identifier - equivalent to VID in VLAN's

Answer 775

abstraction of the control and forwarding planes

Answer 776

Open - Open Network Foundation approach relying on open-source code and standards as the building blocks of a solution, uses OpenFlow a standard interface API - Cisco claims that OpenFlow is insufficient to fully leverage SDN, can do deep packet inspection and manipulation, propietary approach that enriches ONF approach Overlays - virtual overlay of physical network

Answer 777

domain generation algorithm - produces random domain names that is predictable to somebody who knows the algorithm, used in DNS attacks

Answer 778

asynchronous: uses start / stop bits to separate characters, typically used for unpredictable data transmission simple, less costly error checking using parity bits each byte requires 3 bits (stop/start/parity) framed data synchronous: uses timing to separate characters clock or signal, typically used for large amounts of data in a predictable manner more complex, costlier robust error checking, CRC (cyclic redundancy check) less overhead stream of data

Answer 779

baseband: signal sent in one channel, occupying entire channel broadband: signal sent in multiple channels simultaneously

Answer 780

Untwisted pair, least secure network cable Cat 1, 1Mbps, no longer used Cat 2, 4Mbps, no longer used Cat 3, 10Mbps, used in older networks, phone lines Cat 4, 16Mbps, used in token ring networks Cat 5, 100 Mbps, 2 twisted pairs, deprecated for data, still used for phone and video Cat 5e, 1Gbps, 4 twisted pairs, wideley used currently Cat 6, 1 to 10Gbps(55 meters), used in newer network installations, standard for 1Gb ethernet

Answer 781

light source, optical fiber cable, light detector (source converts electrical signals to light, detector converts light back to electical)

Answer 782

LED's Diode lasers

Answer 783

single mode used for high-speed over long distances, less susceptible to attenuation multimode better for short distance

Answer 784

should be used in plenum spaces

Answer 785

used to detect cable tampering (pressure changes when access to cables is gained)

Answer 786

theoretical maximum amount of data that can be carried

Answer 787

actual amount of data that can be carried over a real link, always less than or equal to bandwidth

Answer 788

repeater amplifies and resends entire frame received, do not separate collision or broadcast domains bridges can separate collision domains bridges do not separate broadcast domains, ... do bridges / switches amplifies and can send to specific MAC addresses (if not a broadcast) routers can send to specific IP addresses, do not forward broadcasts

Answer 789

Qanon is a bridge leading from reality to fantasy RealM M bridges relaying and filtering frames on MAC addresses maintenance of frame filtering / relaying decisions management of listed elements

Answer 790

spanning tree protocol, prevents frames from looping endlessly, used in bridges on up also can build redundancy information assigns unique bridge ID's assigns priorities calculates path cost

Answer 791

bridge learns about the network and forwards based on the knowledge, sends query frame looking for destination when a new destination is required, destination responds to query frame

Answer 792

shortest path bridging, more efficient than STP

Answer 793

the bridge over AQua water is the shortest path SPB (shortest path bridging standard)

Answer 794

is like a multi port bridge prevents collisions and contention issues operates in duplex mode that doesn't compete for the same bandwidth basic switches are layer 2, however layer 3 and 4 switches are also available, they read deeper into the data packets for decisions and tag data, the first switch a data packet encounters tag the data so any other switches can just read the tag instead of analyze the packet, last switch before destination removes the tag since switches have ASIC chips processing at the hardware layer, they can be faster than routers which function on the software layer.

Answer 795

multiprotocol label switching, use of tags in switches, allows for faster routing and differing service requirements for different packet types (QoS)

Answer 796

router creates new header for each packet, bridges / switches do not alter header information router forwards / filters on IP address, b/s forward / filter on MAC address router assigns network addresses to ports, b/s do not read network addresses routers do not forward broadcast traffic, b/s forward broadcast traffic routers do not forward if destination is unknown, bridges do forward if destination is unknown router can provide some limited gateway functions (connecting to unlike networks like token ring and ethernet)

Answer 797

connect two environments providing restrictions or translations,

Answer 798

act as intermediary (and can add controls) between clients that want access to services and the servers that provide the services can provide caching for frequently requested data - reduces latency

Answer 799

originally the onion router (tor) network of proxy servers that provides privacy by routing encrypted traffic anonymously tor traffic probably shouldn't be present in corporate networks as it's commonly used by dark web users

Answer 800

Signaling System 7 , developed in 70's, protocol used by PSTN to connect calls

Answer 801

Signal Switching Point - a point belonging to the telephone company where your phone is connected

Answer 802

signal transfer point in telephone companies which allows phone calls to be made

Answer 803

sCp - c for cell phones service control point - signaling which allows PTSN to connect to mobile numbers

Answer 804

AVG ADSL - asymmetric DSL - 24Mbps download, 1.4Mbps upload VDSL- Very high-data rate DSL - 300Mbps download, 100Mbps upload G.fast - uses fiber optic between phone company and points near customers, 1Gbps

Answer 805

Integrated Services Digital Network - uses legacy telephone lines to digitally transfer data BRI - Basic rate interface ISDN 64 to 144Kbps PRI - Primary rate interface ISDN 1.544 Mbps BISDN - broadband ISDN, primarily used in telco backbone networking

Answer 806

dial-on-demand routing - allows use of ISDN as a temporary WAN link (lower cost than regular WAN links but for low amounts of data)

Answer 807

used for voice and video and other applications using time sensitive data transfers

Answer 808

VOIP standard for voice and video calls 4 components: TGMG terminals - endpoints such as phones, video conferencing equipment gateways - interface H.323 with non H.323 networks MCU - multipoint control units, allow 3 or more conferences gatekeeper - provides call control services

Answer 809

Session Initiation Protocol UAC - user agent client, places calls UAS - user agen server, connects calls process: Isn't Open Always Ring Bell Once IOARBO INVITE (trying, ringing) OK (after answer) ACK RTP voice call BYE (after hangup) OK SIP does not carry the call only the signaling to start / end calls, call carried by RTP

Answer 810

be a siPRR Proxy Server - relay packets between UAC and UAS Registrar Server - store locations of users on network Redirect Server - allows users to change locations and still get calls

Answer 811

RTP (Real Time Protocol) - used for streaming call data (transport layer) RTCP - (Real Time Control Protocol) used to control RTP (session layer) and provide QoS data

Answer 812

we'll work on the case in the meeting CASE WURK don't use Consumer-grade products use AES256 bit encryption where possible restrict participant screen / camera Sharing as appropriate control access to Each meeting enable Waiting room feature (prevent zoom-bombing) keep software Updated don't Record meetings unless necessary or low risk know how to Kick-out unwanted participants

Answer 813

TIPT MG FAGS EAP-TLS - considered one of most secure, uses digital certificates EAP-IKE2 - provides mutual authentication, can be used with symmetric or asymmetric keys EAP-PSK - preshared keys EAP -TTLS - tunneled TLS, only server requires key PEAPv0/EAP-MSCHAPv2 - only requires server certificate PEAPv1/EAP-GTC - Cisco variant using Generic Token Card EAP-FAST - Cisco variant, flexible authentication via secure tunneling EAP-AKA - authentication key agreement (UMTS Universal mobile telecom systems) using USIM EAP-GSS - generic security services (kerberos) EAP-SIM - uses SIM (subscriber identity module)

Answer 814

layer 4 (transport) construct defined by: source address source port destination address destination port protocol (tcp or udp)

Answer 815

a socket is the SAME As an ip address and port combination SAME A use Segmentation apply ACL to block every connection except those authorized Map every authorized socket where possible Encrypt channel Authenticate requests

Answer 816

STP SSP SCP

Answer 817

method by which a subject claims a specific identity public information

Answer 818

method to verify the identity claims of a subject two step process - entering public information (identification step) + entering private information (authentication step)

Answer 819

method to determine that a subject has rights / privileges to carry out a specific action

Answer 820

subject is uniquely identified and the subject's action(s) are recorded

Answer 821

knowledge-based authentication

Answer 822

63 and earlier I only had a digital identity 8/64 AD parents had first anniversary digital identity guidelines passwords: 8-64 characters allow special characters (but not require) disallow password hints

Answer 823

threshold level (e.g. password clipping level is the threshold after which an account will be locked out after a threshhold of x failed attempts is reached)

Answer 824

collection of password in their hashed format

Answer 825

can be time or counter (aka event) based

Answer 826

server sends challenge (nonce), user enters challenge and user then receives OTP to use to sign in

Answer 827

hybrid - has two chips one for contact and another for contactless combi - has one chip but can communicate both to contact or contactless systems

Answer 828

introducing errors on a system to see the result and potentially obtain additional information about the system

Answer 829

uses needles and ultrasonic vibration to remove outer protective material on cards circuits so that the card's chips can be accessed and / or manipulated

Answer 830

near field communications can be used with smart cards and cell phones

Answer 831

authoritative system of record

Answer 832

gathering data from multiple sources into a single means of searching meta-directory actually stores the data separately virtual directory only points to the original location of the data

Answer 833

discretionary - owners have discretion to allow access, individual or group identity based, no access trumps all other access, ACL's and ACM's, rights assigned explicitly mandatory - owners do not have discretion to allow access, highly classified data protection, system is specialized, uses clearances and security / sensitivity labels for subjects and objects, categories (e.g. need to know rules) can also be used to further restrict access, categories are not heirarchical, can have software or hardware guards, considered non-discretionary role-based - allows permissions to be granted based on user roles, rights assigned implicitly, good for high employee turnover, core and heirarchical components, can be limited or fully implemented rule-based - uses specific rules to limit / grant access to objects, IFTT programming rules from simple to complex, built on top of RBAC (as RB-RBAC) and used in MAC, is not discretionary as rules are coded and can't be over-ridden by users or owners attribute-based - uses attributes of any part of a system to define access, provides most granularity but can lead to conflicting policies that may lead to unpredictable results risk-based - makes access decisions dynamically based on risk of a situation, likelihood X impact = risk, is access less than or equal to maximum tolerable risk threshold

Answer 834

a linux security mode that provides MAC

Answer 835

security enhanced linux developed by NSA and implements a flexible MAC model of security

Answer 836

multi-level security

Answer 837

DAC checks subject's identity to ACL of resource MAC compares clearance and need to know level to object's security label

Answer 838

front end product that allows interconnectivity between systems working at different security levels

Answer 839

system with 2 or more different NICs that perform or allow the connections between two systems

Answer 840

a RoBe or A MUMU can be worn AMUMU Accommodates Robust group-based access control, Maps to Security policy, Uses a Session as a mapping, Many to Many relationship among users and privileges, Uses Other information than user ID and credential for access decisions

Answer 841

maps to organizational structures and functional delineations, an accumulation of rights and permissions can occur, limited (allows only one level to be inherited) or general hierarchies (allows more than 1) static separation of duty - two roles have no shared principles dynamic separation of duty - two roles may have shared principles, but users can't assume both simultaneously

Answer 842

The Organization for the Advancement of Structured Information Standards

Answer 843

in OIDC, the allowed specific information to be shared between IdP and relying party

Answer 844

Terminal Access Controller Access Control System TACACS+ not compatible with other two, but does have MFA capability, is built on TCP

Answer 845

Radius does not encrypt all data (unless used with TLS) TACACS+ encrypts all data RADIUS combines authentication and authorization TACACS+ separates authentication / authorization / auditing (or accounting) in ture AAA architecture RADIUS only works over PPP TACACS+ works over many protocols such as Apple talk, NetBIOS and IPX RADIUS - single challenge and response TACACS+ each AAA activity must be authenticated RADIUS - good for simple accept or deny situations TACACS+ - good for more sophisticated implementations both are just protocols

Answer 846

builds upon RADIUS base protocol - provides secure comms extensions - built on top of base to allow functionality with different technologies not directly compatible with RADIUS but has upgrade path has 2^32 AVP's (attribute value pairs) compared to RADIUS (2^8)

Answer 847

Attribute-Value Pairs - within a protocol, set of defined fields that can only accept certain values

Answer 848

TACACS+ / RADIUS is client server, server can't respond unless request is made by client Diameter is peer based allowing each side to initiate communication

Answer 849

system account created by O/S service account required for a service

Answer 850

system - software providing services to other software application - software that interacts with humans

Answer 851

subject must present credentials which indicates what access is available (capability tied to subject)

Answer 852

XACML, SAML and SOAP

Answer 853

Steps: Does Everybody Vicariously Enter Reality DEVER Discovery Enumeration Vulnerability mapping Exploitation Report knowledge types zero partial full

Answer 854

severing "receive" pairs between reporting devices and the central log repository in high security environments to create a one-way path

Answer 855

Monitoring, measurement, analysis and evaluation of Information Security

Answer 856

attribute of a system that has value that can change over time

Answer 857

quantitative observation of a factor at a point in time

Answer 858

factor value that provides a point of reference or denotes that some condition is met by reaching a threshold

Answer 859

value from comparing multiple measurements against each other or against a baseline

Answer 860

an important metric that describes a key element of the effectiveness of a system

Answer 861

QARRCS quantifiable - objective measurement actionable - leads to improvement robust - relevant over time relevant - aligns with goals comparative - can be evaluated against other metrics, baselines or standards simple - easy to understand SMART specific measurable achievable relevant time-bound

Answer 862

Risk (strategic) Preparedness (for security incidents - operational) Performance (tactical)

Answer 863

mean time to detect

Answer 864

mean time to resolve

Answer 865

key risk indicators - where we are in relation to risk appetite

Answer 866

key performance indicators - where we are in relation to goals Fast Breaking Performance Always Counts FBPAC Choose Factors that show state of security Define Baselines for factors Develop Plan for capturing factor values Analyze and Interpret data Communicate Indicators to stakeholders

Answer 867

ASS BAM security Awareness training Security training Suspending accounts Backup verification Adding accounts Modifying accounts

Answer 868

form of social engineering typically performed over the phone to persuade targets to violate a security policy (e.g. calling somebody pretending to be an authority and getting them to expose their account number)

Answer 869

immediate de-briefing after a security event

Answer 870

after-action review - after a security incident, a more deliberate review is conducted some time after the incident is analyzed

Answer 871

formal meeting involving senior management to determine if ISMS are effective

Answer 872

open sourced configuration management, deployment and orchestration tool using YAML - allows automated provisioning and configuration

Answer 873

Yet Another Markup Language - used in Ansible for configuration files

Answer 874

heirarchical storage management having more than one tier of storage available for backups, keeping frequently used files in high speed / expensive storage and less frequently files in lower speed / lower cost media

Answer 875

Computer Emergency Response Team / Coordination Center - main clearinghouse for vulnerability disclosures

Answer 876

vulnerability existing in a business process, can be identified using "Red Team" procedures

Answer 877

manipulating a person to take an action to assist in a violation of a security policy Types: BBD HPP QSSS TV WW baiting - offering something of perceived value blackmail - threatening to expose secret information diversion theft - having something of value sent to an unintended destination honey trap - fake romance pretexting - simulating a situation phishing - fake email Quid pro Quo - promising reward for doing something (aka Tech Support Attack) SMS phishing / whaling - like phishing / whaling using SMS (aka smishing) scareware - fake virus alerts Spear phishing - like phishing only with a particular target in mind tailgating / piggybacking - unathorized individual following somebody to secure area Vishing - like phishing using phone (voice phishing) whaling - fake email to executives watering hole - capturing user credentials at a legitimate site

Answer 878

Perimeter Intrusion Detection and Assessment System - has sensors to detect when somebody tries to climb / cut a fence

Answer 879

Underwriters Laboratory - provides gate classifications, also tests, inspects and classifies electronic devices, fire protection equipment, and other construction materials

Answer 880

are usually incorrect

Answer 881

it is usually correct

Answer 882

occupant emergency plan - used to ensure safety of personnel during emergencies

Answer 883

Technology: EDR NDR SIEM People: TTII Tier 1 Analyst - monitor alerts, eliminate false positives Tier 2 Analyst - deeper analysis of alerts Intelligence Analyst - investigate items passed by Tier1/2 analysts Incident Responder - contain, eradicate threats Processes: socks and podiatrists concern feet podiatrists prevent bunion pain gout Policies Procedures Business Partners Government

Answer 884

CART 'R CAD (if you're from Boston) Characteristics: CART Complete - enough to detect / prevent the threat from actualization Accurate - factual / error free Relevant - useful to detect / prevent the threat from actualization Timely - performed fast enough to impact damage Cycle: RCAD Requirements Collection Analysis Dissemination

Answer 885

Collection Management Framework - collecting relevant data, organizing and analyzing the data Data Sources: Third-party Feeds (generally proprietary) Open-Source INTelligence [OSINT] (free) Internal Sources - logs, alerts, etc.

Answer 886

Indicator of Compromise

Answer 887

Newly Observed Domain

Answer 888

Community of Interest

Answer 889

Proactively looking for threats, possibly based on intelligence feeds instead of waiting for SIEM alerts develop a hypothesis and look for evidence to prove or disprove

Answer 890

detecting radio waves with my RCA SIMulator R C C C A S I M Risk analysis Control Selection Control Implementation Configuration Management Assessment

Answer 891

Packet filtering Stateful Inspection Proxy Next Generation Web Application

Answer 892

Screened Host - communicates directly with perimeter router and internal network, the firewall is screened behind the router, single tiered Multihomed - between different internal networks Screened Subnet - another layer of security to screened host model (DMZ), there is an external firewall, then a DMZ, then an internal firewall, two tiered, if three firewalls create two separate subnets (e.g. transaction filter and DMZ), this would be three tiered

Answer 893

LoSSeS RarE oFF CoW C LA ToW c L SS SR E F1 F2 CW C LA TW c LISTEN SYN-SENT SYN-RECEIVED ESTABLISHED FIN-WAIT1 FIN-WAIT2 CLOSE-WAIT CLOSING LAST-ACK TIME-WAIT CLOSED (fictional)

Answer 894

HUBS Hides true source of data from untrusted network Used between trusted and Untrusted networks Breaks communication channel (no direct connections) Starts new communication Sessions between sender and receiver on the sender's behalf Types: circuit-level proxy (on lower OSI levels - up to session layer) - cannot look at packet contents, application independent, can only approve on protocol (up to session layer) not by command, does not require configuration for each protocol (e.g. SOCKS) application-level proxy (on application layer) - inspect all the way up to application layer, can see packet content - can make specific command level decisions (e.g. FTP put or get) but must be configured for each protocol Advantages: EDS Extensive logging capabilities Direct authentication Spoofing protection disadvantages: RNL not good for high bandwidth / real-time applications limited in support for new applications / protocols lower performance

Answer 895

multiple layers combines packet, stateful, proxy capabilities and adds signature based IPS engine can share signatures with all other firewalls of the same vendor connects to external data sources such as: Active Directory, whitelists, blacklists, policy servers

Answer 896

host with little protection from internet, should be locked down to only necessary services

Answer 897

packets with source addresses from outside the protected network leave the network (egress)

Answer 898

packet decides how to get to destination, not routers in the network, should be denied ingress

Answer 899

Rule-based - looks for traffic matching rules (e.g. signatures of malware) Anomaly-based - uses training mode or other means to determine what traffic is normal (baseline) and then converts to testing mode where it reports / acts on abnormal traffic, more prone to false-positives

Answer 900

eXtended Detection and Response, correlates results of EDR/NDR with other sensors (cloud and / or on-prem)

Answer 901

sandbox or vm used to run suspicious code to determine the effects of the code

Answer 902

static - reviews information about the code dynamic - allow portion of code to run to review effects both are heuristic

Answer 903

Managed Security Service Provider - third party security service vendors Before hiring: DCURL (don't use really corrupt losers) Determine requirements determine if MSSP Understands your business processes Reputation Costs Liability limits

Answer 904

drop specific traffic without notifying the sender

Answer 905

honeypot - network device intended to be exploited to observe TTP's of attackers honeynet - network subnet intended to be exploited to observe TTP's of attackers and can spawn honeypots attractive to particular attackers honeyclient - synthetic applications allowing client-side attacks to observe TTP's tarpits - like honeypots but to a smaller degree (such as a specific service instead of whole device)

Answer 906

symbolic - model real-world concepts, the concepts relationships and how they interact to solve problems, requires extensive knowledge and engineering, analogical reasoning, rule-based systems, decision trees, expert systems non-symbolic - focuses on learning patterns in data for classifying objects, predicting future results or clustering similar data, involves instance-based learning, statistical methods and neural networks, machine learning, requires extensive data gathering and curating

Answer 907

compares previous sample of data to determine the next sample should be using statistical regression analysis

Answer 908

useful for anomaly detection

Answer 909

tunes decision making parameters to choices that lead to positive outcomes

Answer 910

open source log pipeline system

Answer 911

commercial SIEM tool + data analytics platform

Answer 912

open source SIEM tool + data analytics platform

Answer 913

only allow certain hosts to communicate directly with external resources to make sure organizations systems aren't being used to attack others and not communicating with known bad actors can involve decrypting data for deep packet inspection DLP is a subset

Answer 914

deep packet inspection

Answer 915

start with white lists / black lists

Answer 916

questions senior management may have about threats / controls

Answer 917

Computer Security Incident Handling guide I hope I'm not 61 before I manage security incident handling lifecycle: Please Don't Allow Creepy, Evil, Random People Preparation Detection Analysis Containment Eradication Recovery Post Incident activity information to include in report: SIRACI IN Summary Indicators Related Incidents Actions Taken Chain of custody for all evidence Impact assessment Identity / Comments of incident handlers Next steps

Answer 918

indicators of attack / indicators of compromise typical indicators: HRODD unusually large HTTP requests / responses new Registry entries Outbound traffic to specific IP address(es) abnormal DNS queries DDoS traffic

Answer 919

incident management policy - establishes roles and responsibilities incident response plan - detailed steps to take

Answer 920

any action involving a security mechanism

Answer 921

security events are normal security incidents require a response

Answer 922

useful for: allows preauthorized commitment of resources and who needs to be contacted considerations: Impact Urgency Type

Answer 923

Motive Opportunity Means

Answer 924

Guidelines for digital evidence I CAP Identification: determination of the evidence required Collection: gaining control of evidence in a lawful manner Acquisition: digital acquisition - creating forensic image of digital data for examination, bit by bit copy of media outside the O/S [logical acquisition is done using the O/S)] 2 copies are made (1 is control copy) 1. Primary image 2. Working image Compute cryptographic hash of original and each copy Preservation: hashing as indicated above + access limited to qualified people to do limited actions (read only), possibly two-person control

Answer 925

relevant - directly related to crime reliable - chain of custody, business records legal - acquired by legal means

Answer 926

MR TT made in regular course of business regular practice of making the records timing is near time of crime transmitted by a person with knowledge of the contents of the record

Answer 927

DDPC documentation tools - tags, labels, etc. disassembly and removal tools - anti-static bands, pliers, tweezers, screw drivers, wire cutters, etc. package / transport supplies - anti-static bags, tape, cable ties, etc. cables / adapters - for any type of interface that may be present

Answer 928

FED FTK - Forensic Toolkit EnCase Forensic dd - unix utility

Answer 929

POD COK have a Plan be Objective / fair Do not record unless meeting legal requirements, use a note taker and validate accuracy of notes afterwards Compartmentalize information - isolate information from different interviewees where necessary One interviewee at a time Keep confidential

Answer 930

MDT = RTO + WRT maximum tolerable downtime is the sum of recoverty time objective and work recovery time

Answer 931

recovery point objective acceptable amount of data loss measured in time earliest point in time which data must be recovered

Answer 932

all files that have changed since last full backup are selected for backup / archive bit is changed / requires all incremental backups + full backup to be restored

Answer 933

in relation to DRP communication means: Primary - normal method Alternate - if primary not available a second option which can be used quickly Contingency - a third possibility that can work albeit maybe not as well as primary and alternate Emergency - a final possibility that will require much more effort or resources (only used when other are all not available)

Answer 934

how to deal with smaller more contained incidents rather than the broad BCP, narrow in scope and deal with specific issues, focus: mostly related to information systems

Answer 935

Che Str Tab Sim Par Ful (Chester Tabsim Parful) Checklist Test - (aka desk check test) reviewed by various business units for completeness and accuracy Structured Walkthrough - similar to desk check, but all representatives come together and allow others see how the parts of the plan fit together Tabletop Exercises - (TTX, aka read-through exercise) involve technical control infrastructure, test procedures to ensure functionality, usually involve the most likely events, can have branches (decision tree) and sequels (subsequent responses after initial procedure is carried out) Simulation - involves large portion of those that would be involved in actual event and includes only that which would be available during an actual event Parallel - detailed testing but does not take production down Full-Interruption Test - production shut down and business tested in the alternative site, etc.

Answer 936

BCP - active participant, not lead DRP - may be tapped as lead

Answer 937

Least critical first to provide additional testing and working out unforeseen issues that may arise

Answer 938

Work Breakdown Structure - tool used in project management to define and group a projects's individual work elements in an organized manner

Answer 939

G RA PA RA Gather system and security requirements from SOW and / or other product management documentation security requirements should be in categories: (triad) confidentiality integrity availability security Risk Assessment - identify threats and associated consequences Privacy risk Assessment - HML rating of private data, H - stores / transfers private data (PII), or makes it possible to do so, M - one time user initiated transfer of PII L - no effect to privacy Risk-level Acceptance

Answer 940

System / Software Requirements Specification can be functional or nonfunctional functional - features nonfunctional - performance standard / security requirements

Answer 941

Unified Modeling Language - (flowcharting)

Answer 942

Use Case Diagram - used to capture functional and nonfunctional requirements

Answer 943

mapping planned functionality to real world possibilities BIF models designs AS A TM task Models: BIF Behavioral - explains state system will be in during and after certain transitions take place Informational - type of information to be processed and how it will move around the software system Functional - task, functions and their sequence(s) Security tasks: attack surface analysis - reduce the code that is usable by untrusted users, reduce entry points for untrusted users, provide least privilege, eliminate unnececessary services, can use software tools to perform threat modeling - analyzing the various weak points in the system (e.g. input fields, back doors, vulnerabilities, etc.) using threat trees or other constructs, software tools are also available, such as OWASP Threat Dragon

Answer 944

USC developed Use of automated tools helps develop more secure code Secure Coding techniques - helped by MITRE CWE (Common Weakness Enumeration) list of most impactful issues Code reviews catch common syntactical issues, especially input validation, prevention of covert channels, proper data typing, checksums, etc.

Answer 945

If you pass the test you're all square. MR SQUAR EF Map security risks to test cases and code Separation of duties including not allowing developers to access production code separate QA testing, including possibly Red Team type of testing Unit Testing for modules using Test-Driven Development where a test is designed before or during actual coding Attack simulation / Penetration Testing Repeat testing until objectives are achieved Ensure systems Fail securely if no human life is at risk

Answer 946

verification - did we build it right validation - did we build the right product

Answer 947

Change Management (general approach) / Change Control (specific changes) Most likely phase to concern CISSP individuals

Answer 948

REO rapid - end result is usually discarded, it is done to test validity of understanding of problem evolutionary - end result is not discarded but built upon operational - similar to evolutionary, but it is intended to be implemented to production

Answer 949

incremental waterfalls often result in a werl of water a multi-waterfall approach, each incremental phase results in a deliverable benefits: WERL working model delivered early end-users can provide input lower cost of initial delivery risk of critical changes are lower due to feedback cycle with end-users best used when various aspects of the project need to be understood early in the development cycle

Answer 950

Rapid Application Development - using working prototypes to quickly deliver software that's RAD dude, A Quick Board Doesn't Really Turn Instantly Analysis Quick design Build, Demonstrate, Refine (prototypes) Testing Implementation

Answer 951

SCRUM SCCRAL uses Sprints (predefined time of building, usually 2 weeks) or time between scrums focused on Collaboration Continuous delivery project can be Reset (like in rugby, when the game is reset to a scrum) adding new features, etc. a very widely Adopted Agile devlopment methodolgy Lean and customer focused

Answer 952

stresses visual tracking of all tasks so priorities can easily be accommodated uses a "Kanban Wall" where all tasks are placed for visualization under Planned, In progress and Done

Answer 953

combining development, operations, and QA into one team to improve security, reduce conflict, increase trust and job satisfaction

Answer 954

Integrated Product Team - management technique incorporating diverse (in terms of job function) members to develop a product

Answer 955

Joint Application Development - can employ an IPT to develop software

Answer 956

Computer Aided Software Engineering - software to increase the speed, productivity and reduce errors

Answer 957

focuses on developing critical error free software

Answer 958

in OO s/w dev. the diversity of tasks provides high cohesion the fewer or more similar those tasks are in a method when cohesion is high it makes modification, reuse and maintenance easier without it affecting other modules high cohesion also makes security task easier to build

Answer 959

low / loose coupling indicates a module does not need to communicate with many other modules to perform it's function low / loose coupling is considered good due to less of a need to modify other modules if you want to change the related module security is stronger with loose coupling due to reduced attack surface

Answer 960

defect in code (design flaw or implementation flaw) that provides a threat actor an opportunity to compromise security of a system

Answer 961

a source code vulnerability that would remain even if all code was written perfectly

Answer 962

REV Reduces risk of a vulnerability Enforceable across all development efforts Verifiable in implementation

Answer 963

SDF Static - examining source code, typically with automated tools without executing the code, of course requires access to the source code Dynamic - examining running code without access to the source code, of course requires running the code Fuzzing - used to discover flaws and vulnerabilities by sending large amounts of test data to the target trying to cause failure

Answer 964

Static Application Security Testing

Answer 965

platform enabling CI/CD, was breached in 2021 allowing the theft of credentials

Answer 966

Software developer certification

Answer 967

It's a standard approach ramp to SA A C'M in the cloud. Federal Risk and Authorization Management Program - United States federal government-wide compliance program that provides a standardized approach to Security Assessment, Authorization, and Continuous Monitoring for cloud products and services.

Answer 968

custom or customized software developed for a particular entity, it is not COTS

Answer 969

identifies memory blocks that are no longer in use and marks them as available

Answer 970

Object Oriented Programming related functions encapsulated in classes classes instantiated into objects objects communicate with each other using messages with API's

Answer 971

software defined security (aka SDSec) implemented within SDN

Answer 972

Software Configuration Management platform - allows methodical change control to promote integrity and traceability

Answer 973

verify the entire development process is working properly

Answer 974

relying on outdated versions

Answer 975

external or third party audits

Answer 976

Tier 1 Create / Deliver value Tier 2 Support business Tier 3 Protect assets from threats through safeguards to achieve CIA

Answer 977

BS VOICE Behave ethically, responsibly and legally think Strategically focus on Value / ROI emphasize Outcome and cost / benefit Innovate / enable business Continuous improvement Effective / Efficient

Answer 978

Information Assurance (DOD directive 8500.01E) CIA + non-repudiation + authenticity now known as cybersecurity

Answer 979

Security Objectives direct Safeguards affecting Threat Sources which initiate Threat Events to exploit Vulnerabilities which circle back and impact Security Objectives

Answer 980

Simply, Every Voice Is Repressed In Every Country of Putin nouns SEVIR verbs IECP both SIEEVCIPO threat Souce Initiates threat Event Exploits Vulnerability Causing adverse Impact Producing Organizational risk

Answer 981

Information Systems impacted by: Data Computer Systems Operating Systems Software Networks Data Centers People Business Processes can be arranged as a "peacock" shape around Information Systems

Answer 982

has peacock in middle of CIA triad which is surrounded by the Onion Model which is surrounded by the Protection Ring Model above the model feeding threats is the Generic Risk Model

Answer 983

Layered defense (aka defense in depth) surrounds Peacock Model and CIA triad with: Control Types (Onion is a root vegetable; TAP root) Technical Controls Administrative Controls Physical Controls

Answer 984

event situation initiated by a threat source that has potential for adverse impact threat is more generic, not caused by a particular source

Answer 985

combination of threat source and threat event

Answer 986

models went to Studio 54 Threat modeling 2 forms: Software System (Data included)

Answer 987

microsoft threat modeling for categorization Spoofing Tampering Repudiation Information disclosure Denial of service Elevation of privilege

Answer 988

microsoft threat modeling for prioritization Damage Reproducibility Exploitability Affected users Discoverability

Answer 989

A MODEL of Resistance Definitely Inspires Many Victims (RDIMV) define security Requirements create Diagram of system Identify threats Mitigate threats Validate threat mitigation

Answer 990

European Union Agency for Cybersecurity

Answer 991

RAATTs collection of Risks, Assets, threat Actors, Threats, and observed Trends

Answer 992

ENISA Threat Landscape

Answer 993

Identity Assurance Level

Answer 994

physical access control system

Answer 995

Authentication - proving identity Authorization - proving clearance Accounting - recording activity

Answer 996

Information Business processes and activities

Answer 997

My CUPs could use some privacy CAIN CAID CUP of CAIN CAID Consent Use, retention and disclosure limitation Purpose Collection limitation Accuracy Individual participation / access Notice provided to owner Compliance with privacy laws Accountability Information Security Data minimization

Answer 998

Data Owner - The Board of Directors, Senior Management - strategic goals, opportunities, decision making, data classification, authorization, accountability Data Steward - Business Processes - data quality, data rules, data semantics Data Custodian - Information Systems - data sources, day-to-day data security, backup / restore

Answer 999

no IDIOTs born in 64 Initiation Development / acquisition Implementation / assessment Operations / maintenance Trash / disposal

Answer 1000

Initiate Cycle By Pushing Switch ICBPS Initiate Security Planning Categorize System Business impact Analysis Privacy impact analysis ensure use of Secure dev processes

Answer 1001

Random Strangers Develop Eventual Social Ties (RS DEST) Risk assessment Select / doc. security controls Design security architecture Engineer security controls Security documentation Testing of dev., function, security

Answer 1002

DIAA de implementacion DIAA Detailed compliance / auditing plan Integrate security into established systems Assess system security Authorize the system

Answer 1003

(OCC) operational readiness configuration management continuous monitoring

Answer 1004

dispose of that Cockroach PEST P E S T C build disposal Plan Ensure information preservation Sanitize media Trash / dispose of h/w & s/w Close system

Answer 1005

Key Goal Indicator - a measure for outcome rather than performance, usually KPI's are part of a KGI

Answer 1006

Governance, Risk Management and Compliance - Compliance is surrounded by Risk which is surrounded by Governance and the 3 make up an integrated discipline

Answer 1007

Open Compliance and Ethics Group

Answer 1008

EA SM OS OP (Aesop) or G RiM C (Grim) model? Shape: triangle with 4 interior triangles surrounded by a circle interior triangles: EA SM OS OP Enterprise Architecture at the top of a pyramid, Strategic Mangement in a center triangle, with Organizational Structure and Organizational Processes the two lower triangles exterior: surrounded by a circle with Risk Management, Compliance and Governance in the circle outside the triangle G RiM C

Answer 1009

Federal Enterprise Architecture Framework

Answer 1010

Supply Chain Risk Management

Answer 1011

Foreign Ownership, Control or Influence - supply chain concern that foreign involvement may impact security

Answer 1012

Validated - based on evidence of trusted party Direct Historical - based on the trusted party's past Mediated - assurances provided by third party Mandated - required by third party in position of authority Hybrid - combination of 2 or more of above

Answer 1013

The risk management chain has 31000 links where Virtuous People Find Purpose. Subject: Risk management guidelines elements: Virtuous People Find Purpose Values -> Risk Management Principles -> Risk Mangement Framework -> Risk Management Process

Answer 1014

The purpose is creating and protecting value CHICS BID on risky bets. After losses they think it's a cycle and ask "Is Doom In Every Inbox." They use the process of "Selecting Rarely Repeated Ranges." elements: CHICS BID on risky bets cycle: "Is Doom In Every Inbox" process: "Selecting Rarely Repeated Ranges" principles: CHICS BID Customized Human / cultural factors Integrated Continual Improvement Structured and Comprehensive Best available information Inclusive Dynamic cycle: IDIEI Is Doom In Everybody's Inbox Integration Design Implementation Evaluation Improvement (circles back to integration) process: Selecting Rarely Repeated Ranges Scope, Context, Criteria Risk Assessment (identification, analysis, evaluation) Risk Treatment Recording and reporting monitoring / review (across all of above) communication / consultation (across all of above)

Answer 1015

Enterprise Risk Management (ERM) Steps: MS O's IV business Model Strategy development busines Objectives Implementation / performance enhanced Value Principles: BODVA ADEF RAPID ARP ICR business Model step (ERM Principles Mission, Vision, Core Values) BODVA 1 Board oversight 2 Operating structures 3 Desired culture 4 commitment to core Values 5 Attract, develop, retain capable individuals Strategy development ADEF 6 Analyze business context 7 Define risk appetite 8 Evaluate alternate strategies 9 Formulate business objectives business Objectives RAPID 10 identify Risks 11 Assess risk 12 Prioritize risks 13 Implement risk responses 14 Develop portfolio view Implementation and performance ARP 15 Assess change 16 Review risk and performance 17 Pursues improvement enhanced Value ICR 18 leverage IT 19 Communicate risk information 20 Reporting

Answer 1016

Code of Federal Regulations

Answer 1017

Organization-level: Laws & Regulations Industry Standards: Contracts

Answer 1018

project / process of testing / evaluating security controls

Answer 1019

determining how well an entity is meeting security objectives

Answer 1020

Strengths Weaknesses Opportunities Threats on a matrix: SW OT

Answer 1021

Responsible - those that do the work Accountable - those liable for project result Consulted - provide information for project success Informed - informing people affected by the project used to ID roles and responsibilities for a project

Answer 1022

C SPLIT (C as in context) Culture governance Structure financial Posture Laws / regulations Investment strategies Trust relationships

Answer 1023

G PACT strategy guidance - risk management + risk response / monitoring priorities assumptions constraints tolerance

Answer 1024

MAA model analysis assessment risk model - defines terms and assessable risk factors and how they're related to each other analysis approach - describes how combinations of risk factors are identified and analyzed (threat, asset or vulnerability oriented) assessment approach - determines values against a scale (e.g. quantitative, qualitative)

Answer 1025

1 Organization 2 Business Processes 3 IT Systems

Answer 1026

level of risk exposure where risks above the level are addressed and below which are accepted

Answer 1027

Disaster Recovery Institute / Associate Business Continuity Planner, Certified Functional Continuity Professional, Certified Business Continuity Professional, Master Business Continuity Professional

Answer 1028

Business Continuity Institute / Certification of the BCI

Answer 1029

business continuity planning

Answer 1030

incident - event that could lead to a disruption, loss, emergency or crisis emergency - unintended circrumstance that is a clear and present danger to personnel or property requiring immediate response crisis - a critical event that will impact an organization's profitability, reputation or ability to operate if not handled timely disruption - incident that causes unplanned negative deviation from expected delivery of product or service in relation to org's objectives disaster - catastrophic incident that causes long term disruption or physical damages, requires activation of recovery plans

Answer 1031

Tier 1 - Emergency planning Tier 2 - Continuity planning Tier 3 - Contingency planning

Answer 1032

addresses risk at the level of information systems and introduction to organizational resilience planning

Answer 1033

Continuity of Operations Plan (US gov. dept. or agency) - concentrates on restoring mission essential function(s) MEF to alternate site (at least 5 miles) for up to 30 days, minor threats not addressed COOPer's IBBM found the DR PEDO CHEAT process: IBBM ID MEF's Business process analysis (BPA) Business impact analysis (BIA) Mitigate risks requirements: DR PEDO CHEAT Devolution Reconstitution Program management Essential Functions Delegation of authority Order of succession Communications and Information Systems Human Resources Essential records management Alternate locations Test training and exercises

Answer 1034

Mission Essential Function - primary, unique function

Answer 1035

Information System Contingency Plan - system specific plan I Systems Affected Rarely Recover Perfectly But Please Stop Pissing-away The Money C P Structure: SARR Systems Affected Rarely Recover Supporting Information - BIA, POC lists, Procedures Activation and Notification - activation criteria, notification procedures, outage assessment Recovery - sequence of recovery activities, recovery procedures, escalation and notification procedures Reconstitution - concurrent processing, testing, notifications, cleanup, offsite data storage, backup, documentation Planning Steps Perfectly But Please Stop Pissing-away The Money Policy for contingency planning BIA (system-level) Preventive controls Strategies for contingency Plan for contingency TTE Maintenance

Answer 1036

Testing, Training and Exercises

Answer 1037

Acceptable Interruption Window - maximum time a system can be unavailable before compromising enterprise business objectives (aka MTD) AIW = RTO + MTO

Answer 1038

Maximum Tolerable Outage - maximum time organization can operate in alternate mode

Answer 1039

Recovery Time Objective RTO = Restoration + WRT

Answer 1040

Recovery Point Objective - earliest point in time before an event that an organizations desires to recover to (based on acceptable data loss time)

Answer 1041

Service Delivery Objective - level of service during alternate mode until returning to normal operations (e.g. 60% of normal capacity)

Answer 1042

during disaster, acceptable level less than normal capacity before restoration to normal capacity

Answer 1043

Business Continuity Management System - set of interrelated or interacting elements to establish policies and objectives and processes to achieve objectives of business continuity Components: if you need to manage elements, you have to see the Continuity Planning PIMP. CI P P I MR PA Continual improvement Policy Planning Implementation / Operation Management review Performance assessment

Answer 1044

governance over BCM, implement and maintain BCM

Answer 1045

Maximum Tolerable Period of Disruption (aka MTD, AIW)

Answer 1046

Minimum Business Continuity Objective - minimum acceptable level of service or production

Answer 1047

Plan, Do, Check, Act - 4 basic management steps that can be applied to a variety of business processes

Answer 1048

development

Answer 1049

D1 (policies, procedures, laws, regulations, risk management, ethics, governance, training). being the foundation that everything else builds on. Anything assets and data lifecycle (D2) is really based on D1 choices.

Answer 1050

a type of brute force attack which involves a malicious actor attempting to use the same password on multiple accounts before moving on to try another one. Solutions: MFA Monitor locations of logins Configure permissions to keep control of access parameters

Answer 1051

An investigation undertaken to determine if a law or regulation was broken

Answer 1052

translation of lean manufacturing principles and practices to the software development domain principles: Lean or skinny like a snake (boa) BOA DEED Build integrity in Optimize the whole Amplify learning Decide as late as possible Eliminate waste Empower the team Deliver as fast as possible

Answer 1053

ITIL: aims to plan, schedule and control the movement of releases to test and live environments. The primary goal of this process is to ensure that the integrity of the live environment is protected and that the correct components are released.

Answer 1054

Type 1 – Something You Know – includes passwords, PINs, combinations, code words, or secret handshakes. Anything that you can remember and then type, say, do, perform, or otherwise recall when needed falls into this category. Type 2 – Something You Have – includes all items that are physical objects, such as keys, smart phones, smart cards, USB drives, and token devices. (A token device produces a time-based PIN or can compute a response from a challenge number issued by the server.). Type 3 – Something You Are – includes any part of the human body that can be offered for verification, such as fingerprints, palm scanning, facial recognition, retina scans, iris scans, and voice verification.

Answer 1055

CPU vulnerabilities spectre - tricks a program into accessing arbitrary locations in the program's memory space meltdown - can be used to read privileged memory in a process's address space which even the process itself would normally be unable to access resolution: patching O/S

Answer 1056

Common Weakness Scoring System (CWSS) provides a mechanism for prioritizing software weaknesses in a consistent, flexible, open manner. It is a collaborative, community-based effort that is addressing the needs of its stakeholders across government, academia, and industry. BAE 565 TI AP AL IC FC (tilapia icky fish) RP RL AV AS IN SC (raper lava as in SC) BI DI EX EC EP/p (bidi exec p) Metric Groups: BAE Basic Finding Attack Surface Environmental Factors: TI AP AL IC FC RP RL AV AS IN SC BI DI EX EC EP/p Metric Group | factor |description Base Finding Technical Impact (TI) The potential result that can be produced by the weakness, assuming that the weakness can be successfully reached and exploited. Base Finding Acquired Privilege (AP) The type of privileges that are obtained by an attacker who can successfully exploit the weakness. Base Finding Acquired Privilege Layer (AL) The operational layer to which the attacker gains privileges by successfully exploiting the weakness. Base Finding Internal Control Effectiveness (IC) the ability of the control to render the weakness unable to be exploited by an attacker. Base Finding Finding Confidence (FC) the confidence that the reported issue is a weakness that can be utilized by an attacker Attack Surface Required Privilege (RP) The type of privileges that an attacker must already have in order to reach the code/functionality that contains the weakness. Attack Surface Required Privilege Layer (RL) The operational layer to which the attacker must have privileges in order to attempt to attack the weakness. Attack Surface Access Vector (AV) The channel through which an attacker must communicate to reach the code or functionality that contains the weakness. Attack Surface Authentication Strength (AS) The strength of the authentication routine that protects the code/functionality that contains the weakness. Attack Surface Level of Interaction (IN) the actions that are required by the human victim(s) to enable a successful attack to take place. Attack Surface Deployment Scope (SC) Whether the weakness is present in all deployable instances of the software, or if it is limited to a subset of platforms and/or configurations. Environmental Business Impact (BI) The potential impact to the business or mission if the weakness can be successfully exploited. Environmental Likelihood of Discovery (DI) The likelihood that an attacker can discover the weakness Environmental Likelihood of Exploit (EX) the likelihood that, if the weakness is discovered, an attacker with the required privileges/authentication/access would be able to successfully exploit it. Environmental External Control Effectiveness (EC) the capability of controls or mitigations outside of the software that may render the weakness more difficult for an attacker to reach and/or trigger. Environmental Prevalence (P) How frequently this type of weakness appears in software.

Answer 1057

overwrite command in the ATA standard (as ‘Security Erase Unit’) that leverages a firmware-based process to overwrite the media (SSD's)

Answer 1058

a way of organizing a waterfall project with feedback that doesn't have to wait with Waterfall feedback only allows testing to start when the whole implementation has been completed The Sashimi Model is a modification of the classic Waterfall model that allows for some overlap and iteration between the phases. It is named after the Japanese dish of sliced raw fish, which is served slightly overlapping on a plate.

Answer 1059

Conditional Access is, quite literally, a number of conditions you define to permit access. One of those conditions can be requiring MFA. But, it could also include where a user is logging in from, what the user is trying to access, the device they are using, group membership, or any combination you choose. While Standard MFA strengthens user authentication and blocks outdated protocols, Conditional Access offers centralised control and customisation, allowing you to tailor security policies to the unique needs of each client. As an MSP, it is essential to adopt a proactive approach to security

Answer 1060

0 - used for striping data on a disk, increases speed, no redundancy, min # drives = 2 1 - Mirroring without parity or striping, min drives = 2 2 - Bit-level striping with Hamming code for error correction, min # drives = 3 3 - Byte-level striping with dedicated parity, min # drives = 3 4 - Block-level striping with dedicated parity, min # drives = 3 5 - Block-level striping with distributed parity, min # drives = 3 6 - Block-level striping with double distributed parity, min # drives = 4

Answer 1061

Attached Resource Computer NETwork (ARCNET or ARCnet) is a communications protocol for local area networks.[1] ARCNET was the first widely available networking system for microcomputers; it became popular in the 1980s for office automation tasks. It was later applied to embedded systems where certain features of the protocol are especially useful used star configuration

Answer 1062

full, incremental

Answer 1063

security monitoring / incident response

Answer 1064

understand legal / regulatory requirements

Answer 1065

Cloud User means a single authorized individual End User who has access rights to the Service. - Cloud Customer means any Person to which a CSP agrees to provide Cloud Services based on a Cloud Contract or other business relationship between the CSP and that Person. Customer includes Customer Affiliates and End Users.

Answer 1066

software security application used for penetration testing of web applications

Answer 1067

an instance of a load testing script that is meant to simulate a real-world visitor on your web app

Answer 1068

The Scaled Agile Framework® (SAFe®) is a set of organizational and workflow patterns for implementing agile practices at an enterprise scale. The framework is a body of knowledge that includes structured guidance on roles and responsibilities, how to plan and manage the work, and values to uphold. SAFe promotes alignment, collaboration, and delivery across large numbers of agile teams. It was formed around three primary bodies of knowledge: agile software development, lean product development, and systems thinking. Core Values: TABLe P Transparency Alignment across org Built-in quality - five key dimensions of built-in quality: flow, architecture and design quality, code quality, system quality, and release quality Leadership Program execution Principles: EAV BMW CMD 1 take an Economic view 2 Apply systems thinking 3 assume Variability; preserve options 4 Build incrementally with fast, integrated learning cycles 5 base Milestones on objective evaluation of working systems 6 visualize and limit Work in Process (WIP), reduce batch sizes, and manage queue lengths 7 apply Cadence, synchronize with cross-domain planning 8 unlock the intrinsic Motivation of knowledge workers 9 Decentralize decision making

Answer 1069

2nd - assembly 3rd - 3GLs are much more machine-independent (portable) and more programmer-friendly [C, C++, Java, Python, PHP, Perl, C#, BASIC, Pascal, Fortran, ALGOL, COBOL] 4th - Fourth-generation languages tend to be specialized toward very specific programming domains [ABAP, Unix Shell, SQL, PL/SQL, Oracle Reports, R, Halide] low code, GUI based, database, screen painters, data manipulation, software creators, mathematical optimization, web developmet 5th - A fifth-generation programming language (5GL) is any programming language based on problem-solving using constraints given to the program, rather than using an algorithm written by a programmer [Prolog, OPS5, Mercury, CVXGen [6][7] , Geometry Expert] Mainly used in AI

Answer 1070

provides exception for encrypted data that is lost, leaked

Answer 1071

well defined risk management process

Answer 1072

reactive model of hiring IT service providers to perform one-time services and pay them only for the work done

Answer 1073

regular expressions

Answer 1074

parity checks

Answer 1075

a technical approach for analyzing and designing an application, system, or business by applying object-oriented programming, as well as using visual modeling throughout the software development process to guide stakeholder communication and product quality. OOAD in modern software engineering is typically conducted in an iterative and incremental way. The outputs of OOAD activities are analysis models (for OOA) and design models (for OOD) respectively. The intention is for these to be continuously refined and evolved, driven by key factors like risks and business value. Object-oriented analysis The purpose of any analysis activity in the software life-cycle is to create a model of the system's functional requirements that is independent of implementation constraints. The main difference between object-oriented analysis and other forms of analysis is that by the object-oriented approach we organize requirements around objects, which integrate both behaviors (processes) and states (data) modeled after real world objects that the system interacts with. In other or traditional analysis methodologies, the two aspects: processes and data are considered separately. For example, data may be modeled by ER diagrams, and behaviors by flow charts or structure charts. Object-oriented design Main article: Object-oriented design During object-oriented design (OOD), a developer applies implementation constraints to the conceptual model produced in object-oriented analysis. Such constraints could include the hardware and software platforms, the performance requirements, persistent storage and transaction, usability of the system, and limitations imposed by budgets and time. Concepts in the analysis model which is technology independent, are mapped onto implementing classes and interfaces resulting in a model of the solution domain, i.e., a detailed description of how the system is to be built on concrete technologies Object-oriented modeling Main article: Object-oriented modeling Object-oriented modeling (OOM) is a common approach to modeling applications, systems, and business domains by using the object-oriented paradigm throughout the entire development life cycles. OOM is a main technique heavily used by both OOD and OOA activities in modern software engineering.

Answer 1076

Personally Identifiable Information Examples of personally identifiable information (PII) include : Social security number (SSN), passport number, driver's license number, taxpayer identification number, patient identification number, and financial account or credit card number Personal address and phone number Biometric records such as photographic image (especially of face or other distinguishing characteristic), x-rays, fingerprints, retina scan, voice signature, facial geometry Information that when combined with other information like that listed above which can then be used collaboratively to identify a specific individual. For example, date of birth, place of birth, race, religion, geographical indicators, employment information, medical information, education information, financial information.

Answer 1077

Bit splitting is the technique of splitting up and storing encrypted information across different cloud storage services. * One way that criminals hide data across the cloud that makes it extremely difficult for forensics to find and obtain.

Answer 1078

What is a breach and attack simulation? A breach and attack simulation is a type of advanced computer security testing method. It aims to identify different vulnerabilities in security environments by simulating the attack paths and techniques likely to be used by malicious actors can be automated

Answer 1079

when an entity is named as being responsible or accountable for an act

Answer 1080

security content automation protocol SCAP is a method for using specific standards to help organizations automate vulnerability management and policy compliance evaluation. SCAP comprises numerous open security standards, as well as applications which use these standards to check systems for vulnerabilities and misconfigurations Features: SIR Scan systems against open cybersecurity standards Report back with a “score” to help evaluate the system’s security posture Interoperate with other SCAP-validated scanners to express results in a standardized way Benefits: SSS cooperation among Stakeholders Stops attacks and closes vulnerabilities puts Standards into action

Answer 1081

BE the I in TEEM Base: exploitability metrics impact metrics Threat / Temporal: exploit maturity Environmental: modified base + CIA

Answer 1082

the process of structuring a relational database in accordance with a series of so-called normal forms in order to reduce data redundancy and improve data integrity. It was first proposed by British computer scientist Edgar F. Codd as part of his relational model. Normalization entails organizing the columns (attributes) and tables (relations) of a database to ensure that their dependencies are properly enforced by database integrity constraints. It is accomplished by applying some formal rules either by a process of synthesis (creating a new database design) or decomposition (improving an existing database design).

Answer 1083

The Privacy Rule. The Security Rule. The Breach Notification Rule.

Answer 1084

the process of modifying sensitive data in such a way that it is of no or little value to unauthorized intruders while still being usable by software or authorized personnel. Data masking can also be referred as: anonymization tokenization obfuscation

Answer 1085

simulates the actions and procedures of a real attacker by severely limiting the information given to the person or team that's performing the test beforehand

Answer 1086

Federal Information Processing Standard Publication 140-2, (FIPS PUB 140-2), is a U.S. government computer security standard used to approve cryptographic modules. The title is Security Requirements for Cryptographic Modules.

Answer 1087

nfc used more for cell phones rfid used more for smart cards

Answer 1088

lowest packet loss

Answer 1089

Process: D DIED V (Don't Do It Every Day Victoria) Determine business objectives. CMDB Discovery tools. ITSM system integration. Equip data owners/data stewards with the right tools. Data management and retention plan. CMDB: data Visualization. The 3 C's of CMDB - Configuration Items, Changes, and Compliance -

Answer 1090

network security investigation

Answer 1091

quality of the compliance management system

Answer 1092

updating software and firmaware

Answer 1093

SOC 3 doesn’t provide as much detail ast the SOC2 Type II report

Answer 1094

Permissionless Blockchain It is also known as trustless or public blockchains, are available to everyone to participate in the blockchains process that use to validate transactions and data. These are used in the network where high transparency is required. Permissioned Blockchain These are the closed network only a set of groups are allowed to validate transactions or data in a given blockchain network. These are used in the network where high privacy and security are required. Hybrid Blockchain: combination, controlled by permissionless Consortium Blockchain: It is a creative approach that solves the needs of the organization. This blockchain validates the transaction and also initiates or receives transactions. Also known as Federated Blockchain. This is an innovative method to solve the organization’s needs. Some part is public and some part is private. In this type, more than one organization manages the blockchain.

Answer 1095

Referential integrity is based on entity integrity . Entity integrity requires that each entity have a unique key. For example, if every row in a table represents relationships for a unique entity, the table should have one column or a set of columns that provides a unique identifier for the rows of the table.

Answer 1096

A false positive state is when the IDS identifies an activity as an attack but the activity is acceptable behavior. A false positive is a false alarm. A false negative state is the most serious and dangerous state. This is when the IDS identifies an activity as acceptable when the activity is actually an attack.

Answer 1097

manual goes beyond automated There are five primary reasons why manual pen testing yields superior outcomes when compared to automated penetration tests. Human expertise: Manual penetration tests are conducted by security experts with in-depth industry experience and technical know-how. They can adjust the testing methodology as per your organization’s structure. This results in optimal findings with efficient remediation measures down the line when compared to an automated report that may contain false positives. Human validation of findings: In a manual pentest exercise, the testing team validates their findings during the process as everything is done manually; each step can be documented and double-checked. However, in automated tests, this transparency is not available, and results can be tough to verify. The findings from pure automated pentests may contain false positives that analysts must verify before remediation can occur. Customized Pentest Engagements: Manual testing allows customizations based on threats your organization is more likely to face. While the efforts required by the testing team increase substantially, a thorough inspection is conducted in manual pen testing. Manual Detection of Logical Flaws: Automated tests fail to identify logical flaws in applications. While not every logical flaw is a vulnerability, manual tests can identify broken structures within your applications. Improve Mean Time to Remediate (MTTR): The remediation process becomes more effective when a test is customized for your organization’s structure, compliance requirements, and external and internal environments. Organizations can realize their return on investment by significantly reducing their overall mean time to remediate as they eliminate vulnerabilities discovered in manual pen te

Answer 1098

F/P cannot be applied on a domain controller CA role can be applied

Answer 1099

== is equality = is assignment

Answer 1100

RDP has built in encryption

Answer 1101

maximize ROI

Answer 1102

an asset’s potential to cause harm to an org if compromised

Answer 1103

most critical first

Answer 1104

White hat hackers probe cybersecurity weaknesses to help organizations develop stronger security; black hat hackers are motivated by malicious intent; and Gray hat hackers operate in the nebulous area in between — they're not malicious, but they're not always ethical either

Answer 1105

Bind variables allow the same SQL statement (cursor) to be reused repeatedly even though specific predicate values being referenced change from one execution to the next by masking the literal value that's changing each time. Then the SQL text is identical each time and requires only one (hard) parse.

Answer 1106

Permissive: BSD, MIT, Apache Copyleft: require source code to be distributied, GPL, LGPL, AGPL, EPL, MPL

Answer 1107

prevent further damage

Answer 1108

3 / network

Answer 1109

3 / network

Answer 1110

least downtime for users

Answer 1111

Ensuring that all data is encrypted during transmission

Answer 1112

Network Segmentation

Answer 1113

Ensuring that all employees receive proper training on security policies and procedures

Answer 1114

Implementing encryption on all data

Answer 1115

main security concern in a DAC model is the potential misconfiguration of permissions by the data owners

Answer 1116

Redundant Array of Independent Disks

Answer 1117

optimal balance between resource accessibility and security for org with many domains

Answer 1118

To create a unique identifier for data

Answer 1119

Increasing the number of SYN cookies

Answer 1120

To detect and prevent security breaches

Answer 1121

Cloud-based FWaaS solutions offer the highest level of security and scalability – better than h/w based due to maintenance being performed by cloud provider

Answer 1122

To manage the distribution and revocation of digital certificates

Answer 1123

Weaknesses of Kerberos: Single Point of Failure Each Network Service Needs a Set of Kerberos Keys Strict Time Requirements

Answer 1124

Scheduling regular job rotation for all employees

Answer 1125

Implementing the strictest privacy standards (such as those of the European Union) across all operations globally

Answer 1126

Coordinating with the affected organization to fix the issue before disclosing it

Answer 1127

The Failure to Enroll Rate (FTER)

Answer 1128

alarm system or internet (but more modern systems need internet)

Answer 1129

are backwards compatible

Answer 1130

Robust access controls

Answer 1131

A security analyst focuses on identifying vulnerabilities, while a security engineer focuses on implementing security controls

Answer 1132

phase 1, an authenticated connection between the host and user is established using a preshared key or a digital certificate. The goal is to secure the communications that occur in phase 2. The Diffie-Hellman key exchange algorithm creates a secure authentication communication channel. This digital encryption method uses numbers raised to specific powers to produce decryption keys. The negotiation should result in session keys and one bidirectional SA. Phase 1 operates under one of two modes: main mode or aggressive mode. The main mode consists of both parties sending three two-way exchanges equaling six messages in total. The first two messages confirm encryption and authentication algorithms. The second set of two messages starts a Diffie-Hellman key exchange, where both parties provide a random number. The third set of messages verifies the identities of each party. Aggressive mode accomplishes the same task as the main mode but does so in just two exchanges of three messages. Whereas the main mode protects both parties' identities by encrypting them, the aggressive mode does not. Phase 2 of IKE negotiates an SA to secure the data that travels through IPsec, using the secure channel created in phase 1. The result is a minimum of two SAs that are unidirectional. Both parties also exchange proposals to determine which security parameter to use in the SA. Phase 2 operates in only one mode: quick mode. Quick mode provides three resources: proxy IDs, perfect forward secrecy (PFS) and replay protection. The proxy IDs of each participant are shared with each other. PFS delivers keys independent from preceding keys. Replay protection is a security method to protect against replay attacks. The main and aggressive modes found in phase 1 only apply to IKE version 1 and not to IKE version 2.

Answer 1133

Improvements in IKEv2 over IKEv1 are as follows: BDFL MMNORS requires less Bandwidth; provides more resistance to denial-of-service (DoS) attacks; enables message Fragmentation and allows IKEv2 to operate in areas where IP Fragments might be blocked and an SA may fail to establish; detects automatically if an IPsec tunnel is still Live so that IKE can automatically reestablish a connection if needed; demands fewer cryptographic Mechanisms to protect packets; supports Mobile platforms, including smartphones; comes equipped with the built-in Network Address Translation (NAT) traversal needed to support routers that perform translations; requires only One four-message initial exchange mechanism; enables Rekeying to build new keys for SA. supports the securing of Stream Control Transmission Protocol (SCTP) traffic;

Answer 1134

doesn't improve the policy

Answer 1135

OCATAVE: broad organization wide risk assessment PASTA: application threat modeling framework DREAD: classification scheme for categorizing the severity of security threats STRIDE: risk assessment for software development process

Answer 1136

Announce the divestiture to stakeholders