Dion Review 2

Question 1

Which service port on email servers can sometimes be exploited by attackers to perform spamming, spoofing, or phishing attacks?

Answer 1

SMTP (Simple Mail Transfer Protocol)

Simple Mail Transfer Protocol (SMTP) is a common email server port

Post Office Protocol (POP) and IMAP (Internet Message Access Protocol) are network protocols that are commonly used for email clients. When exploited, it’s most commonly for eavesdropping, data theft, or malware delivery attacks because it is used to retrieve email messages from a server.

Question 2

Kisha, a security official, is implementing an encryption protocol for the factory they work at. They need a wireless encryption protocol that will work with the factory’s older equipment. As the factory is in a remote location and the equipment only needs to connect to other equipment in the area, they need a reliable encryption protocol but don’t need the newest and most secure protocols. They prefer protocols that use keys to encrypt each packet. Which of the following options BEST represents the encryption protocol they need?

Answer 2

TKIP stands for Temporal Key Integrity Protocol, and it is an encryption protocol that uses keys to encrypt each packet of data. TKIP was introduced by WPA to replace WEP, and it is compatible with older devices that do not support WPA2 or AES.

Older devices (perhaps the ones described in this factory) may not be co

Question 3

What are some data categories that are considered sensitive under the EU’s General Data Protection Regulations (GDPR)?

Answer 3

Under the EU’s GDPR, sensitive personal data refers to specific categories of personal information that could harm an individual if made public. This includes, but is not limited to, religious beliefs, political opinions, trade union membership, gender, sexual orientation, racial or ethnic origin, genetic data, and health information.

One’s right to data erasure may be denied by a data controller if the da

Question 4

What are the purposes of both internal and external compliance reporting?

Answer 4

External compliance reporting is crafted to meet the mandatory disclosures and inform external stakeholders about the company’s compliance with industry/government regulations. Internal compliance reporting is designed to give detailed insights to internal stakeholders like executives and security analysts, assisting in strategic planning and operational improvements.

Question 5

Jamario, a system administrator at Dion Training Solutions, wants to prevent unauthorized mail servers from sending emails on behalf of the company’s domain. What can he use to specify which servers are allowed to send these emails?

Answer 5

Jamario should implement SPF (Sender Policy Framework), as it lets him specify which mail servers are authorized to send emails on behalf of the company’s domain.

Question 6

Single Loss Expectancy (SLE)

Answer 6

The single loss expectancy (SLE) is the measure of the potential financial loss associated with a specific risk event.

Question 7

Secure Access Service Edge (SASE)

Answer 7

Secure Access Service Edge (SASE) is a cloud-native architecture that combines WAN capabilities and network security services into a single cloud service.

SASE enables direct, secure access to company resources via the cloud.

Question 8

What is unique about ECC (Elliptic curve cryptography) with regard to key length?

Answer 8

ECC (Elliptic curve cryptography) is a type of trapdoor function that is efficient with shorter key lengths. For instance, ECC with a 256-bit key provides roughly the same security as RSA with a 2048-bit key. The primary advantage is that ECC has no known shortcuts to cracking it, making it particularly robust.

Question 9

If a penetration tester is given usernames and passwords before conducting an attack, what type of penetration test are they conducting?

Answer 9

They are conducting a known environment test. Penetration testing in a known environment means that a significant amount of information has been given to the tester. This can include passwords, usernames, and other information.

Question 10

What is the difference between Attribute-Based Access Control (ABAC) and Rule-Based Access Contro (RBAC)l?

Answer 10

ABAC is more sophisticated and suitable for environments requiring context-aware, granular access control while RBAC is simpler, relying on fixed rules for access decisions, and is ideal for less complex systems.

Question 11

Which US act requires federal agencies to develop security policies for computer systems that process confidential information?

Answer 11

Computer Security Act (1987)

This act specifically requires federal agencies to develop policies to secure computer systems that process sensitive or confidential information.

Question 12

Which sensor uses electromagnetic waves to detect the movement or presence of objects, often in security applications?

Answer 12

Microwaves

Question 13

In automation, what is the MOST urgent risk that emerges when an organization relies heavily on a singular tool or solution for multiple critical processes?

Answer 13

Reliance on a singular solution for multiple critical processes can create a single point of failure. If that tool or solution fails, it could disrupt many processes, compromising secure operations.

Question 14

What is SOX?

Answer 14

The Sarbanes-Oxley Act is US legislation that mandates various practices to protect investors by improving the accuracy and reliability of corporate financial statements and disclosures.

SOX was passed in 2002

Question 15

What is DMARC?

Answer 15

DMARC (Domain-based Message Authentication, Reporting, and Conformance), allows administrators to set a policy for receivers on how to handle emails from the domain that don’t pass SPF or DKIM checks. Additionally, DMARC provides feedback mechanisms for senders.

Question 16

Which international standard provides a framework for an information security management system (ISMS) to ensure that appropriate security controls are in place within an organization?

Answer 16

ISO/IEC 27001

Question 17

Policy Engine VS Policy Enforcement Point

Answer 17

A policy engine evaluates requests against policies to determine whether to allow or deny access, while a policy enforcement point (PEP) enforces the decision made by the policy engine.

Question 18

Committee Governance Structure

Answer 18

A committee governance structure involves forming a group with representatives from different departments or units within the organization. This approach allows for a collective decision-making process, leveraging expertise and perspectives from various parts of the company. By pooling insights from diverse sectors, the committee can ensure that decisions are holistic, considerate of multiple facets of the business, and are thus more likely to contribute to effective and efficient operations. It promotes collaboration, shared responsibility, and balanced power distribution in organizational governance.

Question 19

Sender Policy Framework (SPF)

Answer 19

Sender Policy Framework (SPF) prevents email spoofing by allowing domain owners to specify authorized mail servers for sending emails. The recipient’s mail server can verify the sender’s SPF record to confirm the email’s legitimacy, helping to combat phishing and spoofing attacks.

Question 20

Why might a sysadmin want to exclude user data files from a system image backup?

Answer 20

By excluding frequently updated user data files from system image backups, organizations can reduce the risk of exposing or restoring potentially outdated sensitive data that might have been amended or deleted in the main system.

Question 21

Is OCSP or a CRL a quicker method of seeing whether or not a certificate has been invalidated?

Answer 21

Online Certificate Status Protocol (OCSP) is an internet protocol used for obtaining the revocation status of a digital certificate. If you have the name of the digital certificate, you can quickly look up the certificate via OCSP to see if it has been invalidated.

Certificate Revocation Lists (CRLs) are lists of certificates that have been ‘deactivated’

Question 22

What is a password manager?

Answer 22

A password manager is a software application that allows users to securely store, generate, and access all their online passwords across different websites and services using a single “master password”, essentially eliminating the need to remember multiple unique passwords for each account.

Benefits:
- Password managers generate very strong passwords
- Password managers verify website certificates to ensure only legitimate sites use the passwords

Password managers don’t have to use local storage.

Question 23

What is a Data Custodian?

Answer 23

A Data Custodian ensures that data is managed securely in line with the guidelines provided by the data owner and controller.

Example:
- A system administrator ensures that data is managed according to the policies set out by leadership (controllers) and business owners/stockholders (owners).

Question 24

What is the Zero Trust model?

Answer 24

A “Zero Trust” model in information technology is a security strategy where no user, device, or application is automatically trusted, regardless of whether they are inside or outside the network, requiring continuous verification and strict authentication before granting access to any system.

The Zero Trust model is often split into the Control Plane, which contains the Policy Engine and Policy Administrator, along with the Data Plane which contains the Policy Enforcement Point and all other resources.

Question 25

What are the seven steps of the incident response model?

Answer 25

1. Preparation
2. Detection
3. Analysis
4. Containment
5. Eradication
6. Recovery
7. Lessons Learned

The Analysis phase provides detailed evidence for a security incident. Alarms, alerts, reports, and other feedback can be categorized as analysis.

Question 26

What is DKIM?

Answer 26

A DKIM (Domain Keys Identified Mail) record is a DNS (Domain Name System) entry that includes the public key associated with an email server’s digital signatures. A legitimate email server will digitally sign all outgoing emails and provide the public key in their DNS for third-party validation.

Question 27

What is SPF?

Answer 27

An SPF record (Sender Policy Framework record) in DNS is a type of TXT record that specifies which mail servers are authorized to send emails on behalf of a particular domain, essentially acting as a whitelist to prevent email spoofing and improve email deliverability by identifying legitimate email sources for that domain.

Question 28

What is an ACL?

Answer 28

An ACL (Access Control List) is a security control commonly implemented on routers to allow or restrict traffic flows through the network.

Question 29

How does one calculate the ALE (Annual Loss Expectancy) for a specific type of event?

Answer 29

ALE = SLE * ARO

The ARO (Annualized Rate of Occurrence) describes the number of instances estimated to occur in a year. For example, if the organization expect to lose seven laptops to theft in a year, the ARO for laptop theft is seven.

SLE (Single Loss Expectancy) is the monetary loss if a single event occurs. If one laptop is stolen, the cost to replace that single laptop is the SLE, or $1,000.

The ALE (Annual Loss Expectancy) is the expected cost for all events in a single year. If it costs $1,000 to replace a single laptop (the SLE) and you expect to lose seven laptops in a year (the ARO), the ALE for laptop theft is $7,000.

SLE = Single Loss Expectancy
ARO = Annualized Rate of Occurrence