Domain 1 and Test Sudy 1

Question 1

What are the three levels/types of authentication?

Answer 1

Type 1 - Something you know
Type 2 - Something you have
Type 3 - Something you are

Question 2

What contract is based upon connecting disparate business networks together?

Answer 2

ISA

Interconnect service agreement.

Question 3

Which authentication protocol is deprecated because of vulnerabilities?

Answer 3

LEAP

Question 4

What is the Defined step in CMMI?

Answer 4

Processes characterized for the organization and is proactive.

Question 5

What part of an SDN is responsible for the routing of data?

Answer 5

Control plane.

Question 6

What part of an SDN determines how to handle incoming packets?

Answer 6

Data plane.

Question 7

When discussing platforms, what is SoC?

Answer 7

System on a chip, a sophisticated, embedded system.

Question 8

What are some regulatory standards?

Answer 8

GDPR, HIPAA, GLBA, SOX, PIPEDA, COPPA, FISMA

Question 9

What are two advantages of high level programming languages?

Answer 9

Human readable syntax and it is easier to enforce coding standards because there is a specific order to that syntax.

Question 10

What is PEAP?

Answer 10

A Microsoft favored package protected by TLS

Question 11

Describe trademark

Answer 11

Trademark is the exclusive right to use symbols, words, colors, etc.

Question 12

In contracts what is an OLA?

Answer 12

Operating level agreement. This defines the interdependent relationships in support of an SLA. Describes the responsibilities of each support group towards other support groups, and includes timeframes.

Question 13

What CMMI level focuses on continuous process improvement?

Answer 13

Optimizing

Question 14

What attack allowed Linux OS command injection?

Answer 14

Shellshock.

Question 15

What is Initial in CMMI?

Answer 15

Processes are inconsistent, not organized, reactive, poorly managed.

Question 16

What are the common tenets of privacy law?

Answer 16

NPSLARSD 
Notification
Participation
Scope
Limitation
Accuracy
Retention
Security
Dissemniation

or DRSSLAPN
Dissemination
Retention
Scope
Security
Limitation
Accuracy
Participation
Notificiation

Question 17

What is SASL?

Answer 17

Simple authentication and securtiy layer, a directory access protocol that can implement a wide variety of authentication methods.

Question 18

Which authentication protocol uses a secure tunnel but does not distribute certificates?

Answer 18

EAP-TTLS

Question 19

What are four industry standards?

Answer 19

ISO, CSA Star, Uptime Institute, SSAE 16

Question 20

What are STRIDE, VAST, OCTAVE, and Trike?

Answer 20

Threat modeling techniques.

Question 21

What are three main tenets of Clark-Wilson?

Answer 21

Prevent unauthorized users form making changes, prevent authorized users from making improper changes, and maintaining consistency.

Question 22

What is Optimizing in CMMI?

Answer 22

Focus on continuous process improvement.

Question 23

What CMMI level are processes characterized for the organization and is proactive?

Answer 23

Defined.

Question 24

What CMMI level are processes measured and controlled?

Answer 24

Quantitatively managed.

Question 25

What is MAD

Answer 25

Maximum allowable downtime - the maximum time until the business is non viable. Also known as MTD

Question 26

What is an XML based protocol that can provision services and user accounts?

Answer 26

SPML

Question 27

What is unit testing?

Answer 27

A method by which small, individual units and components are verified.

Question 28

What is the difference between US Code and Code of Regulations?

Answer 28

Code of regulations is administrative law, where US Code are laws enacted by congress. Code of regulations are based on US Code.

Question 29

Which directory access can implement a wide variety of authentication methods?

Answer 29

SASL

Simple authentication and security layer

Question 30

What CMMI level is inconsistent processes, not organized, reactive, and poorly managed?

Answer 30

Initial

Question 31

What is a fuzzing tool that offers both dumb and intelligent techniques?

Answer 31

Peach Fuzzer

Question 32

What is EAP-FAST?

Answer 32

LEAP successor using a protected tunnel by Cisco.

Question 33

What is Heartbleed?

Answer 33

An attack on OpenSSL that allows for the reading of memory.

Question 34

What is scoping in risk management?

Answer 34

Selecting controls that are applicable to a given asset.

Question 35

What is an embedded system that is quite sophisticated?

Answer 35

SoC or System on a Chip

Question 36

What is the difference in cohesion and coupling?

Answer 36

Cohesion refers to methods that are similar and belong together. Coupling refers to the degree to which methods are dependent on other methods or modules.

Question 37

In contracts, what is an MSA?

Answer 37

Master services agreement. An agreement that will govern future transactions.

Question 38

Which IP protection is best for a new logo?

Answer 38

Trademark

Question 39

What is a CPU level vulnerability that let an application read outside of its protected area?

Answer 39

Meltdown

Question 40

What is an attack against SSLv3 that allows an attacker to decrypt traffic in flight?

Answer 40

POODLE

Question 41

Which biometric type is not considered very accurate, regardless of health?

Answer 41

Hand Geometry

Question 42

What is assessing in risk management?

Answer 42

Verifying that controls are functional.

Question 43

What CMMI level are processes focused on basic project management and reactive?

Answer 43

Managed or Repeatable

Question 44

What is CPE?

Answer 44

Common platform enumeration.

Question 45

What type of contract deals with future transactions?

Answer 45

MSA

Master services agreement

Question 46

Which IP protection is best for a new idea?

Answer 46

Patent

Question 47

What is the P12 certificate format?

Answer 47

PKCS 12 or P12 can contain both public and private keys as a single, encrypted file.

Question 48

What is something may exploit a vulnerability and creates risk?

Answer 48

A threat.

Question 49

Which IP protection is best for creative works?

Answer 49

Copyright

Question 50

In contracts, what is an ISA?

Answer 50

Interconnection services agreement. A business contract between organizations for the purpose of interconnecting their networks.

Question 51

What describes timeframe for delivery of services among support groups?

Answer 51

OLA

Operating level agreement.

Question 52

What is EAP-TTLS?

Answer 52

EAP Tunnled TLS, doesn’t require signed certificates.

Question 53

What is the CMMI?

Answer 53

Capability Maturity Model Integration

Question 54

What is EAP-TLS?

Answer 54

EAP for requiring client side certificates and assumes users will reject untrusted certificates.

Question 55

What are the parts of an SDN?

Answer 55

Control plane and data plane. Control plane relates to the networking components responsible for routing of data, data plane is the component that determines how to forward or process inbound packets.

Question 56

What is NIST 800-137

Answer 56

Continuous Security Monitoring

Question 57

What are the two CISCO created authentication protocols?

Answer 57

LEAP, EAP-FAST

Question 58

What is Meltdown?

Answer 58

A CPU level vulnerability that allowed one application to read outside of its protected area to others.

Question 59

What is SPML?

Answer 59

Services provision markup langauge, an XML based protocol capable of provisioning services.

Question 60

What network type is defined via code instead of hardware?

Answer 60

SDN

Software defined network.

Question 61

In contracts what is an MOU?

Answer 61

A nonbinding agreement between two or several parties that expresses a common line of action but does not imply a legal commitment, a form of a gentleman’s agreement.

Question 62

What is a certificate format to store both public and private keys as a single file?

Answer 62

PKCS 12 or P12

Question 63

What is a Microsoft favored credential package that is protected by TLS?

Answer 63

PEAP

Question 64

What is Managed or Repeatable in CMMI?

Answer 64

Processes are focused on basic project management and still reactive.

Question 65

What is adherence to a mandate?

Answer 65

Compliance

Question 66

What is an attack that allows for the reading of memory?

Answer 66

Heartbleed

Question 67

What is ShellShock?

Answer 67

A Linux attack that would allow OS command injection?

Question 68

What is an area of storage not fully used by a file?

Answer 68

Cluster tip

Question 69

What is Categorizing in risk management?

Answer 69

Describing, examining, and identifying a system. It is also assining a security role.

Question 70

Which authentication protocol uses certificate exchanges to secure credentials?

Answer 70

EAP-TLS

Question 71

Describe patents.

Answer 71

Patents protect new, original ideas or inventions.

Question 72

What is a vulnerability?

Answer 72

Something that could be exploited

Question 73

What type of contract is nonbinding and expresses a common line of action between two or more groups?

Answer 73

MOU

Memorandum of understanding

Question 74

What is the smallest possible part of software testing?

Answer 74

Unit testing

Question 75

What are the parts of STRIDE, and who made it?

Answer 75

Microsoft made it, 
Spoofing identity
Tampering with data
Repudiation
Information Disclosure
DOS
Elevation of privelege

Question 76

Which authentication protocol encapsulates credentials inside a TLS envelope?

Answer 76

PEAP

Question 77

What is SLA and what does it mean?

Answer 77

Service Level Agreement

Defines the minimum requirements.

Question 78

What is Tailoring in risk management?

Answer 78

Customizing selected controls to meet specific needs.

Question 79

What is an SDN?

Answer 79

Software defined Network - network connections are defined through code.

Question 80

What is the term for acting on a vulnerability?

Answer 80

Exploit

Question 81

What is the POODLE attack?

Answer 81

An attack against SSLv3 decrypting traffic in flight.

Question 82

What is VAST?

Answer 82

Visual agile and simple threat modeling that promotes its use across the entire infrastructure.

Question 83

What is the term for how an organization is managed?

Answer 83

Governance

Question 84

What is a standards based system and software inventory system?

Answer 84

CPE

Question 85

What is a cluster tip?

Answer 85

An area not fully utilized by a file, often used for stegonography

Question 86

In contracts, what is an MOA?

Answer 86

Memorandum of agreement, describes a cooperative relationship to work on a project together.

Question 87

What are the traits that DRM should have?

Answer 87

ICPDA
Interoperability
Continous audit trail
Persistency
Dynamic Policy Control
Automatic Expiration

Question 88

What is Quantitatively Managed in CMMI?

Answer 88

Processes are measured and controlled.

Question 89

What is LEAP

Answer 89

Cisco made authentication protocol, it is deprecated because of vulnerabilities.

Question 90

What is Selecting in risk management?

Answer 90

Identifying controls that apply to your assets.

Question 91

Describe copyright.

Answer 91

Copyright protects the representation of ideas, creative works.

Question 92

What type of contract deals with cooperatively working on a project?

Answer 92

MOA

Memorandum of understanding.

Question 93

What is the NIST standard for continuous monitoring?

Answer 93

NIST 800-137