Course 2 | Play It Safe_

Question 1

An organization’s ability to manage it’s defense of critical assets, data, and react to changes.

Answer 1

Security Posture

Question 2

The ability to maintain an organization’s everyday productivity by establishing risk disaster recovery plans.

Answer 2

Business Continuity

Question 3

Which security domain includes:

Security Posture
Risk Mitigation
Business Continuity
Compliance
Legal Regulations
Professional and organizational ethics

Answer 3

Security and Risk Management

Question 4

This is a section of Security and Risk Management where processes are established to secure information.

EX: Incident response, vulnerability management

Answer 4

InfoSec

Question 5

Which security domain includes:

Managing data security
Effectiveness of tools and systems
Creating processes to manage data
SIEM tools

Answer 5

Security Architecture and Engineering

Question 6

Which security domain includes:

Investigating
Preventative measures

Answer 6

Security Operations

Question 7

Which security domain includes:

Secure coding practices

Answer 7

Software Development Security

Question 8

Which step in the RMF is for managing risks before a breach occurs?

Answer 8

Prepare

Question 9

Which step in the RMF is for managing different ways to handle risks?

Answer 9

Categorize

Question 10

Which step in the RMF is for managing risks by selecting what controls would handle it the best?

Answer 10

Select

Question 11

Which step in the RMF is for managing the controls put in place to alleviate risks?

Answer 11

Implement

Question 12

Which step in the RMF is for managing if controls are implemented correctly?

Answer 12

Assess

Question 13

Which step in the RMF is for managing the accountability of the risks that might exist within an organization?

Answer 13

Authorize

Question 14

Which step in the RMF is for managing the awareness of how systems are operating?

Answer 14

Monitor

Question 15

Which vulnerability lets someone bypass authentication on a Microsoft email server and run malicious code remotely without needing a password?

Answer 15

ProxyLogon

Question 16

Which vulnerability tricks a Windows network’s login process into letting an attacker act as a domain controller?

Answer 16

ZeroLogon

Question 17

Which vulnerability uses a flaw in Java’s logging library to let attackers run a malicious code from a distance?

Answer 17

Log4Shell

Question 18

Which vulnerability affects Windows authentication by allowing a local attacker to request credentials and relay them for access?

Answer 18

PetitPotam

“Petit Potam” is a cute little cartoon hippopotamus in French TV from the ’90s.

The researcher who discovered the vulnerability is French and just gave it a fun nickname.

Question 19

Which vulnerability happens when there’s a lack of monitoring tools, making it hard to detect suspicious or malicious activity?

Answer 19

Security Logging and Monitoring Failures

Question 20

Which vulnerability lets attackers trick a server into making internal requests and possibly accessing data it shouldn’t?

Answer 20

Server-Side Request Forgery (SSRF)

Question 21

The process of converting data from a readable format into an encoded format.

Answer 21

Encryption

Question 22

Unique characteristics that can be used to verify a person’s identity.

Answer 22

Biometrics