Domain 1

Question 1

What should be the primary focus for Web services?

Answer 1

Availability
Integrity

Question 2

How can we protect the Integrity?

Answer 2

We can protect Integrity by utilizing:
1) Cryptography
2) Checksum (CRC)
3) Hashing (for instance; MD5 SHA1 or SHA2)
4) Digital Signature (prevent from Non-repudiation)
5) Access Control

Question 3

How do we maintain the availability?

Answer 3

We can maintain and protect the Availability by implementing and deploying:
1) Installing Intrusion Prevention System (IPS)
Intrusion Detection System (IDS)
2) Regularly performing Patch Management
3) Predict and prepare for Redundancy (power, traffic route, hardware, staff)

Question 4

What are the basic types of ways for identification and authentication?

Answer 4

Typical authentication methods involve identifying the following -
1) something you know (Username, Password, PIN)
2) something you have(Access cards, Access Tokens, Security Keys etc)
3) something you are (combination of physical or behavioural, for example fingerprint, retina scan, voice recognition, facial recognition)

Question 5

What are the examples of Physical security?

Answer 5

security guard, access cards, biometrics

Question 6

What are the examples of Logical security?

Answer 6

IPS
IDS
User Access Authentication

Question 6

What is the biggest data protection law and privacy law for all individuals in the EU and EEA?

Answer 6

GDPR - General Data Protection Regulation

Question 6

How much is the fine for violating the GDPR Law?

Answer 6

-20 million Euros or 4% of the annual profit.

Question 7

What does it mean by Data Owner?

Answer 7

Data owners are Individuals or entities responsible for managing, securing, and controlling specific data within an organization, including defining access, security, and usage policies.

Question 8

What does it mean by Data Custodian?

Answer 8

Data Custodians are mainly responsible for physically storing, maintaining, and protecting data, including storage, backup, security, maintenance, retention, disposal, and access management.

Question 9

What is the retention policy?

Answer 9

Typically these are the set of guidelines governing the retention, storage, and disposal of data, specifying data classification, retention periods, data destruction, compliance requirements, and responsibilities.

Question 10

How do we perform data destruction?

Answer 10

There are several ways to perform data destruction such as;
1) Overwriting: Multiple passes of data overwrites.
2) Degaussing: Magnetic field erasure for magnetic media.
3) Physical Destruction: Shredding, drilling, or burning.
4) Purging - Permanently removing data from a storage system.

Question 11

What does ABAC stand for?

Answer 11

ABAC stands for Attribute-Based Access Control.

Question 12

What is privilege creep?

Answer 12

When people get more access than they need to do their duties.

Question 13

What is the best way to prevent privilege creep?

Answer 13

The most effective ways to prevent it will be implementing least privilege and performing regular reviews.

Question 14

What is MFA?

Answer 14

MFA stands for Multi-factor Authentication.

Question 15

What is SFA?

Answer 15

SFA means Single-factor Authentication.

Question 16

What is the difference between MFA and SFA?

Answer 16

MFA enhances security by necessitating multiple authentication factors, whereas SFA relies on a single factor, which makes it less secure.

Question 17

What is Open Authorization?

Answer 17

It is also known as OAuth and it is a security framework for one online service to access another on behalf of a user without sharing user credentials.

Question 18

What does DAC mean?

Answer 18

DAC (Discretionary Access Control) means users have discretion to decide who can access their resources and set permissions (e.g., read, write). Access control decisions are decentralized and based on user identities, groups, or roles.

Question 19

What is an ethical wall?

Answer 19

It mainly separates different parts of an organization to prevent conflicts of interest, maintain confidentiality, and ensure ethical standards.

Question 20

What is Access control?

Answer 20

It is a system which regulates who can access system resources.

Question 21

What are the Access control types?

Answer 21

There are several types of Access control and those include Physical (e.g., keycards), Logical (e.g., passwords), Role-Based (by job), Attribute-Based (based on attributes), Discretionary (owner control), Mandatory (security labels), Rule-Based, Time-Based, Biometric (biological traits), and Visitor Management (for guests).

Question 22

What are Access Tokens?

Answer 22

These are temporary keys used in authentication. They’re given after the initial login and are used to access resources without sharing login credentials.

Question 23

What is the standard used in Health Care Sectors? (choose one)

Answer 23

1) PCI DSS
2) GDPR
3) HIPPA

Answer: HIPPA

Question 24

Tru or Flase: GPDR is the standard used for Payment related?

Answer 24

Answer: False

Question 25

———————- is the standard use for payment cards? (fill in the blank)

Answer 25

Answer: PCI DSS

Question 26

What is key escrow?

Answer 26

Key escrow refers to the process where copies of encryption keys are securely kept with a reliable third party, known as the escrow agent. These keys are generally utilized for encrypted data storage or communication.

Question 27

——- is a method used to decipher codes by examining the frequency of letters or symbols in encrypted texts.

Answer 27

Answer: Frequency Analysis

Question 28

What is the work factor?

Answer 28

The Work Factor represents the amount of effort, resources, and time needed to compromise a cryptographic system or encryption. It serves as an indicator of the level of difficulty an attacker would face when attempting to decode encrypted data.

Question 29

True or False: Encryption is the process of converting ciphertext (coded data) back into its original plaintext form.

Answer 29

Answer: False

Question 30

What is decryption?

Answer 30

It is the process of converting ciphertext back into its original plaintext form.

Question 31

What does “out-of-band” mean in communication and networking?

Answer 31

“Out-of-band” means using a different way to send extra details or instructions along with the main data to make better communication.

Question 32

What is Non-Repudiation?

Answer 32

Non-repudiation ensures that the individual who sent a message or initiated a digital transaction cannot deny their act or transitions.

Question 33

What is the keyspace in cryptography?

Answer 33

Keyspace refers to the total range of possible keys that can be used for encoding or decoding data with a cryptographic algorithm.

Question 34

What does CPTED stand for?

Answer 34

“Crime Prevention Through Environmental Design,” is a strategy that uses design and planning to lower crime and enhance safety by influencing the physical environment.

Question 35

What is a session key?

Answer 35

A session key is a one-time encryption key made for a specific transaction to keep data safe.

Question 36

What does IPS stand for?

Answer 36

IPS stands for Intrusion Prevention System.

Question 37

What does IDS stand for?

Answer 37

IDS stands for Intrusion Detection System.

Question 38

The goal of cryptography is to ______ information from unauthorized individuals

Answer 38

Answer: protect

Question 39

“Cipher” is another term for al_______

Answer 39

Answer: gorithm (algorithm)

Question 40

True or False: Monoalphabetic cipher means more than one alphabet is used.

Answer 40

False.
Monoalphabetic cipher means only one alphabet is used.

Question 41

MCQ: It is a technique which replaces bits, characters or blocks or characters with different bits characters or blocks.

Answer 41

1) Transposition Cipher
2) Substitution Cipher

Question 42

True or False: Caesar Cipher is the most secure and effective cipher method.

Answer 42

False.
(One-time pad is the most secure cipher method).

Question 43

True or False: Scytale Cipher method is an example of substitution cipher.

Answer 43

False.
(It is a transposition cipher method. )

Question 44

In most languages, certain letters appear more often.

In English, it is the letter _______

Answer 44

E

Question 45

Two main parts to encryption are the ——– used and ———–.

Answer 45

Answer: algorithm, the key.

Question 46

Are there any issues with the XOR technique?

Answer 46

Yes, XOR can be prone to attacks if the key is short or reused. It also lacks authentication and doesn’t guard against cryptographic attacks.

Question 47

What is cryptanalysis?

Answer 47

Cryptanalysis is the process of decoding encrypted data, breaking encryption techniques, and bypassing authentication to reveal concealed information.

Question 48

Is cipher text readable by human and machine?

Answer 48

Cipher text is not readable by humans and machines. Only plaintext is readable by humans and machines.

Question 49

What is more vulnerable? Data at rest or data being transmitted?

Answer 49

Data in transit is generally more at risk than data at rest, as it’s exposed to potential interception and eavesdropping during its journey, making it prone to various attacks.

Question 50

S______ key encryption, and A________ key encryption are two types of cryptosystems.

Answer 50

Symmetrical, Asymmetrical.

Question 51

True or False: Asymmetric key encryption is a cryptosystem that uses the same key for both encryption and decryption.

Answer 51

False

Question 52

MCQ: It is also known as PKI, which uses different keys for encryption and decryption

Answer 52

1) Symmetric
2) Asymmetric
(Answer: Asymmetric)

Question 53

What is Steganography?

Answer 53

It is a method of concealing the existence of data by embedding it within a different media type.

Question 54

What is a payload in computing and networking?

Answer 54

The payload is the actual data or meaningful content carried within a packet or message.