Definitions

Question 1

Data Steward

Answer 1

Responsible for managing data from a business & stakeholder perspective
- oversight or data governance role within an organization, and is responsible for ensuring the quality and fitness for purpose of the organization’s data assets, including the metadata for those data assets.

Question 2

Data Custodian

Answer 2

Creates and enforces technical controls on day-to-day level

Question 3

Data Owner

Answer 3

Ultimately responsible for sensitive data

Question 4

nmap -sT

Answer 4

scan for open TCP ports

Question 5

nmap -sU

Answer 5

scan for open UDP ports

Question 6

netstat -a

Answer 6

identify listening and non-listening sockets

Question 7

netstat-l

Answer 7

list of listening sockets

Question 8

netstat -s

Answer 8

displays statistics for each protocol

Question 9

netstat -i

Answer 9

displays a table of all network interfaces

Question 10

Steps of Risk Assessment

Answer 10

1. Identify assets at risk
2. Conduct a threat assessment
3. Analyze Business Impact
4. Evaluate threat probability
5. Prioritize risks
6. Create a mitigation strategy

Question 11

Where are network communication security settings configured?

Answer 11

Computer policies section of GPO

Question 12

Where are internet options set?

Answer 12

User policies in GPO

Question 13

Block cipher

Answer 13

Encrypt fixed-length groups (64 or 128 bit)
-Pad added to short blocks
- Each block encrypted/decrypted independently
- Symmetric encryption

Question 14

Stream cipher

Answer 14

Encryption is done one bit at a time
- Used w/ symmetric encryption
- IV (initialization vector) added for randomness

Question 15

Ephemeral Key

Answer 15

Not permanent
- Used for session keys

Question 16

LDAPS

Answer 16

Secure Lightweight Directory Access Protocol
- TCP port 636

Question 17

IMAPS

Answer 17

Secure Internet Message Access Protocol
- TCP port 993

Question 18

POP3S

Answer 18

Secure Post Office Protocol
- TCP port 995

Question 19

MITRE ATT&CK

Answer 19

Knowledge base of advisory techniques presented as a matrix for enterprises

Question 20

Cyber Kill Chain

Answer 20

Linear, seven-step attach model that defenders use to interrupt the steps and stop the attack

Question 21

Dimond Model of Intrusion Analysis

Answer 21

Describes attacks as the pivoting interactions among adversaries, victims, capabilities and infastructure

Question 22

hping

Answer 22

Packet crafting utility

Question 23

the Harvester

Answer 23

passive reconnaissance
- can gather information like emails, subdomains, hosts, employee names, open ports and banners from different public sources like search engines, PGP key servers, and SHODAN computer database.

Question 24

Domain

Answer 24

Collection of network resources

Question 25

Organizational Unit

Answer 25

Logical organization of resources

Question 26

Differential backup

Answer 26

backs up ALL changes since last full backup

Question 27

Incremental backup

Answer 27

backs ups files that have changed since last full or incremental backup
- If archive bit is on, data has changed and needs to be backed up
- Once data has been backed up, archive bit is reset

Question 28

Order GPOs are applied

Answer 28

1. Local Group Policy
2. GPO linked to site
3. GPO linked to domain
4. GPO lined to OU

Question 29

Digital signature

Answer 29

created by combining hash of data and private encryption key

Question 30

Symmetric encryption algorithms

Answer 30

Blowfish
3DES

Question 31

Asymmetric encryption algorithms

Answer 31

RSA
Diffie-Hellman

Question 32

Security Control Categories

Answer 32

Managerial
Operational
Technical

Question 33

Examples of operational security contorls

Answer 33

configuration management
data backups
awareness programs

Question 34

Examples of technical security controls

Answer 34

encryption protocols
firewall ACLs
authentication protocols

Question 35

Security Control types

Answer 35

Preventative
Detective
Corrective
Deterrent
Compensating
Physical

Question 36

Non-repudiation

Answer 36

Ensures no party can deny that it sent or received a message

Question 37

What security services do cryptographic systems provide?

Answer 37

Confidentiality
non-repudiation

Question 38

Reduction (data)

Answer 38

obscuring data by replacing all or part of content
*****

Question 39

Data masking

Answer 39

sub false data for real data

Question 40

Tokenization

Answer 40

assigning random surrogate values w/ no mathematical relationship that can be reversed by linking the token back to the original data

Question 41

ISO 27K & 31K
27002

Answer 41

Defines the various security controls in greater detail

Question 42

ISO 27K & 31K
31000

Answer 42

Framework for enterprise risk management

Question 43

ISO 27K & 31K
27001

Answer 43

Details steps to implement a compliant information security management system

Question 44

ISO 27K & 31K
27701

Answer 44

Focuses on personal data and privacy

Question 45

Wireless Encryption Methods
(most to least secure)

Answer 45

1. WPA3 - GCMP (Galois/Counter Mode Protocol)
2. WPA3 - CCMP (Counter Mode Cipher Block Chaining Message Authentication Code Protocol )
3. WPA - CCMP
4. WPA2 - TKIP (Temporal Key Integrity Protocol)
5. WPA - TKIP
6. WEP