Domain 1 : General Security Concepts

Question 1

What is a firewall?

Answer 1

Firewalls are a common technical control used to protect computer networks from unauthorized access. They monitor incoming and outgoing network traffic, filter and block potential threats, and reduce the risk of unauthorized intrusion.

Question 2

Security Controls

Answer 2

Security control is designed to give a system or data asset the properties of
confidentiality, integrity, availability, and non-repudiation

Question 3

Technical Controls

Answer 3

the control is implemented as a system (hardware, software, or firmware. - Technical controls mitigate risk and are implemented by the security team.

Question 4

Data Encryption

Answer 4

Data encryption is a technical control that converts sensitive information into a coded form, making it unreadable to unauthorized individuals. It reduces the risk of data breaches by ensuring that even if data is intercepted, it remains secure and inaccessible without the decryption key

Question 5

Managerial controls

Answer 5

—the control gives oversight of the information system. Examples
could include risk identification or a tool allowing the evaluation and selection of
other security controls.

Question 6

Performance Reviews

Answer 6

Performance reviews are a managerial control that involves regular assessments of employee performance. By providing feedback, setting goals, and identifying areas for improvement, performance reviews help align employee activities with organizational objectives and ensure that employees are performing effectively.

Question 7

Risk Assessment

Answer 7

Risk assessments are a managerial control that involves the systematic identification, evaluation, and mitigation of potential risks within an organization. They help with identifying vulnerabilities, assessing the likelihood and impact of risks, and developing strategies to minimize or mitigate them. By conducting regular risk assessments, management can proactively identify and address potential threats, reducing the organization’s overall risk exposure.

Question 8

Code of Conduct

Answer 8

A code of conduct is a set of guidelines and ethical standards established by management to govern employee behavior. It serves as a managerial control by defining acceptable behavior, promoting ethical conduct, and reducing the risk of misconduct within the organization.

Question 9

Operational Controls

Answer 9

the control is implemented primarily by people. For example,
security guards and training programs are operational contro

Question 10

Incident response procedures

Answer 10

Incident response procedures are operational controls that outline the steps to be followed in the event of a security incident or breach. These procedures provide a structured approach to detecting, responding to, and recovering from security incidents. By having well-defined incident response procedures in place, organizations can minimize the impact of security breaches, mitigate further risks, and restore normal operations more effectively.

Question 11

Security Awareness Training

Answer 11

Security awareness training is an operational control that educates employees about security threats, best practices, and organizational policies.

Question 12

User Access Management

Answer 12

User access management is an operational control that involves the management and control of user access privileges to systems, applications, and data. It includes processes for user provisioning, access requests, access revocation, and periodic access reviews.

Question 13

Physical Controls

Answer 13

controls such as alarms, gateways, locks, lighting, and security
cameras that deter and detect access to premises and hardware are often
placed in a separate category to technical controls.

Question 14

Access control vestibule

Answer 14

An access control vestibule is a small, enclosed area with two doors that creates a buffer zone between the outside environment and the secured area. It typically requires individuals to pass through multiple authentication steps (such as presenting an access card or undergoing biometric verification) before they can proceed into the secured area.

Question 15

Mantraps

Answer 15

Mantraps are enclosed areas that allow only one person at a time to pass through. They typically consist of two interlocking doors or gates. The first door must close and lock before the second door opens, ensuring that only authorized individuals can proceed through the controlled area.

Question 16

Tamper-evident seals

Answer 16

: Tamper-evident seals are used to secure containers, equipment, or sensitive areas. These seals are designed to show visible signs of tampering or unauthorized access, such as a broken seal or a change in color, indicating that someone has attempted to gain access or tamper with the secured item.

Question 17

What are the security control types

Answer 17

Preventive
Detective
Directive
Deterrent
Compensating

Question 18

Preventive control

Answer 18

These controls are designed to prevent problems or risks from occurring in the first place. They focus on eliminating or minimizing potential threats before they can cause harm. Examples of preventative controls include firewall installations to prevent unauthorized access to computer networks by using access control lists, employee training programs to educate staff about safety procedures and prevent workplace accidents, and quality control checks in the manufacturing process to prevent defects.

Question 19

Deterrent Controls

Answer 19

Deterrent controls aim to discourage individuals from engaging in undesirable behaviors or activities. They create a perception of risk or negative consequences to deter potential offenders. Examples of deterrent controls include surveillance cameras in public areas to deter criminal activity, warning signs indicating the presence of a security system to discourage burglars, and strong passwords and multi-factor authentication to discourage unauthorized access to online accounts

Question 20

Detective control

Answer 20

Detective controls are implemented to identify and detect problems or risks that have already occurred. They help uncover issues and anomalies promptly to initiate corrective actions. Examples of detective controls include regular financial audits to identify accounting irregularities or fraud and Security Information and Event Management (SIEM) systems that aggregate and correlate log data from multiple sources, providing a comprehensive view of network activities and enabling the detection of suspicious patterns or behaviors.

Question 21

Corrective controls

Answer 21

Corrective controls are put in place to address problems or risks after they have been identified. They aim to rectify the situation, mitigate the impact, and restore normalcy. Examples of corrective controls include implementing a backup and recovery system to restore data after a system failure and implementing fixes or patches to address software vulnerabilities

Question 22

Compensating Controls

Answer 22

Compensating controls are alternative measures implemented when primary controls are not feasible or sufficient. They help offset the limitations or deficiencies of other controls.

Question 23

Directive Controls

Answer 23

Directive controls involve providing specific instructions or guidelines to ensure compliance with policies, procedures, or regulations. They establish a clear framework for employees to follow

Question 24

Authentication Header(IPSEC Packet)

Answer 24

This feature consists of either SHA-1 or MD5 hashing algorithms, which provide data integrity to ensure the packet has not been tampered with in transit

Question 25

Encapsulated Security Payload (ESP)

Answer 25

Encapsulated Security Payload (ESP): ESP is the part of the IPSec packet in which the data is stored and encrypted using symmetric encryption via DES, 3DES, or AES. It comprises several key elements:
Header: ESP adds an additional header to the IP packet. The header contains information necessary for the proper processing of the packet during transmission and reception.
Payload data: This is the actual data that is being transmitted and can be any type of network traffic, such as email, web browsing, or file transfers.
ESP trailer (optional): This is an optional component that may be added to the end of the payload data for padding or integrity checks.

Question 26

Always on VPN

Answer 26

This mode is applied during the creation of a site-to-site VPN, the purpose of which is to build a point-to-point connection between two sites in possession of their own VPNs

Question 27

How does MIB work?

Answer 27

Management Information Base, also known as MIB, is a hierarchical database that contains configuration and other vital management information of SNMP devices in the form of data objects. An SNMP management system uses these database files to interpret the messages sent by the managed devices.

Question 28

DKIM

Answer 28

DKIM, or DomainKeys Identified Mail, is an email authentication method that uses a digital signature to let the receiver of an email know that the message was sent and authorized by the owner of a domain.

Question 29

Virtualization

Answer 29

Virtualization allows multiple virtual machines (VMs) to run on a single physical server,

Question 30

Always on mode tunneling

Answer 30

This mode is applied during the creation of a site-to-site VPN, the purpose of which is to build a point-to-point connection between two sites in possession of their own VPNs. The session is set to always on to ensure the connection is available all the time. While a site-to-site VPN is active, both the AH and the ESP are encrypted.

Question 31

Tunnel mode

Answer 31

This mode is used during the creation of an IPSec tunnel with an internal network using client/server-to-server communication. During transport mode, only the ESP is encrypted.

Question 32

Regression Testing

Answer 32

a type of testing in the software development cycle that runs after every change to ensure that the change introduces no unintended breaks.

Question 33

MAC access control

Answer 33

MAC is a stringent access strategy that employs classification levels to regulate access to information based on the sensitivity of the data and the user’s clearance level. The classification levels (Top Secret, Secret, Confidential, and Restricted) serve to prevent unauthorized access, protecting national interests from varying degrees of potential damage. The classification is not solely about the potential impact on national interests but also applies to organizations for which data sensitivity and confidentiality are paramount.

Question 34

RBAC

Answer 34

RBAC restricts system access to authorized users. It is often employed within departments where specific roles require access to resources, helping to minimize the risk of unauthorized access to sensitive information. For example, there may be only two people within the finance department who are allowed to sign checks. Similarly, in the IT department, only two people may be allowed to administer the email server, as others may not have the skills.

Question 35

DAC access control

Answer 35

DAC is an access control model in which the owner of the object (typically a file or directory) determines who is allowed to access assinged via ACL list

Question 36

ABAC

Answer 36

ABAC restricts access based on user attributes, allowing organizations to grant permissions on a granular level.

Question 37

OTP(Onet time password)

Answer 37

An OTP is a short-lived password that is sent to your phone as an additional factor of authentication.

Question 38

Knowledge based authentication

Answer 38

KBA is based on knowledge factors such as security questions, which are considered soft because they rely on information only the user should know. For example, when being authenticated by your bank, you may be asked to list the last three transactions on your account.

Question 39

Password Complexity

Answer 39

Often referred to as “strong passwords,” complex passwords contain elements from at least three out of four groups: lowercase letters, uppercase letters, numbers, and special characters not commonly used in programming.

Question 40

Password Expiry

Answer 40

: Password expiry is a security measure that requires users to change their passwords after a set period to reduce the risk of unauthorized access.

Question 41

Password Vaulting

Answer 41

This refers to the process by which administrative and privileged accounts are removed from the Active Directory environment and stored in password vaults (normally a software solution). When a request for PAM has been authorized, the ticket is released for the approved period.

Question 42

IAM

Answer 42

Identity and Access Management (IAM), and examining the role of password managers in generating and securely storing complex passwords. The concept of passwordless access using SSH keys in Linux environments was also introduced to enhance security while eliminating traditional passwords.

Question 43

Cyber Kill Chain

Answer 43

Stages of the Cyber Kill Chain

Reconnaissance

Calling employees, sending emails, social engineering, dumpster diving

Weaponization

Create malware payload

Delivery

Delivery medium, such as USB, email, web page

Exploitation

Executing code via a vulnerability

Installation

Installing malware on the asset

Command and Control

Infected system sends back information to the attacker

Action on Objectives

Hands-on keyboard—attack complete

Question 44

Diamond Model

Answer 44

Adversary: This is the threat actor group. The MITRE ATT&CK framework can be used to identify who they are and what attacks they use.
Capabilities: This refers to the exploit an adversary develops to carry out their attack. These are also laid out in the MITRE ATT&CK model.
Infrastructure: This is the path or means by which the attacker can get to the victim. This could be via USB, email, IP address, or remote access.
Victim: This is the person targeted by the adversary.

Question 45

Legal Hold

Answer 45

To implement a legal hold, organizations identify the pertinent data and notify relevant personnel, legally obligating them to safeguard and retain the specified information. This preservation effort extends throughout the legal proceedings or until the hold is lifted upon resolution of the matter.

Question 46

Record time offset

Answer 46

When gathering evidence from computers, capture the regional time setting or time zone (the essence of time offset). This becomes important in investigations as it enables the seamless determination of the sequence of events.

Question 47

Time normalization

Answer 47

Time normalization is the process where evidence that is collected across multiple time zones can be placed into a common time zone (such as GMT) in order to place the series of events in a meaningful chronological sequence.

Question 48

Layer 4 irewall

Answer 48

A Layer 4 firewall (often referred to as a “stateless firewall”) is the gatekeeper of network traffic, entrusted with the straightforward yet critical mission of basic packet filtering. It’s primarily focused on determining whether incoming or outgoing packets should be permitted based on predefined rules. It ensures that the TCP/IP three-way handshake takes place and determines access on the type of packets coming in. It is therefore known as a packet filtering firewall. It does not provide deep packet inspection.

Question 49

Least utilised host

Answer 49

The load balancer monitors the health of all web servers within the server farms and identifies the least utilized host (that is, the host with the lightest current workload) using a smart scheduling algorithm. This method is effective for applications where server load varies, and the goal is to optimize resource utilization.

Question 50

Mircowave sensor

Answer 50

Emitting microwave pulses and detecting frequency alterations caused by moving objects, these sensors excel in diverse security scenarios.

Question 51

Infrared Sensor

Answer 51

These detect heat signature changes, effectively identifying human or animal presence. They find applications in perimeter protection and indoor security.

Question 52

Quorum Disk

Answer 52

a shared storage resource that members of the cluster share. It acts as a neutral arbiter, storing critical configuration and state information that both the active and passive nodes access.

Question 53

Witness server

Answer 53

Adding an additional layer of reliability, the witness server is an impartial entity that assists in determining the state of the cluster. The witness server helps prevent split-brain scenarios and ensures that the cluster operates smoothly.

Question 54

Heartbeat Communication

Answer 54

Communication between the active and passive nodes is facilitated through a heartbeat mechanism. This heartbeat—analogous to the rhythmic pulse of a living organism—involves regular exchanges of status updates, or a “node heartbeat.” The passive node continuously monitors the active node’s heartbeat. If it detects an absence or irregularity in the node heartbeat, it knows that the active node has failed

Question 55

Zero Redundant Storgae

Answer 55

ZRS takes redundancy a step further by replicating data between three separate availability zones within your primary cloud region. It provides enhanced availability within the region, making it a suitable choice for primary storage. However, ZRS does not protect against a regional catastrophe that affects all availability zones simultaneously and would leave data inaccessible.

Question 56

GEO redundant Storage

Answer 56

GEO Redundant Storage (GRS): Similarly to LRS, GRS offers robust redundancy by creating three copies of your data within a single physical location in the primary region. However, GRS takes this a step further by also storing one copy of the data in a secondary region, often located at a considerable geographical distance. This approach provides protection against regional disasters while maintaining high availability within the primary region.

Question 57

TACAS port number

Answer 57

49

Question 58

Remote Desktop protocol

Answer 58

3389

Question 59

DMARC

Answer 59

(DMARC): DMARC stands as a robust secure email security protocol, empowering domain owners to precisely dictate the actions taken when their emails fail authentication tests. It provides instructions to email receivers (such as ISPs and email providers) on how to deal with messages that do not pass authentication – for example, a directive to quarantine or delete them.

Question 60

DKIM

Answer 60

DKIM is an email authentication method that enables a sender to digitally sign their email messages. These signatures are then validated by the recipient’s email server to confirm the message’s authenticity. This way, DKIM prevents email tampering when an email is in transit.

Question 61

File Integrity Monitoring (FIM)

Answer 61

safeguards systems by establishing a baseline of normal file and system configurations. It continuously monitors these parameters in real time, promptly alerting the security team or IT administrators when unauthorized changes occur. FIM helps mitigate threats early, ensures compliance with regulations, detects insider threats, protects critical assets, and provides valuable forensic assistance after security incidents.

Question 62

Data Loss Prevention (DLP

Answer 62

DLP prevents unauthorized or inadvertent leakage of PII and sensitive information, whether it’s through email or a USB drive. DLP operates on a foundation of pattern recognition and regular expressions.

Question 63

Health authority

Answer 63

: Following user authentication, the HAuth diligently inspects the client device’s registry to determine whether it is fully patched. A device that is up to date with all the necessary patches is labeled “compliant” and granted seamless access to the LAN. If a device has missing patches, it is categorized as “non-compliant” and redirected to what’s often referred to as a boundary network or quarantine network, where it will encounter a remediation server.

Question 64

Time normalization

Answer 64

Time normalization is the process where evidence that is collected across multiple time zones can be placed into a common time zone (such as GMT) in order to place the series of events in a meaningful chronological sequence.

Question 65

Record time offset

Answer 65

When gathering evidence from computers, capture the regional time setting or time zone (the essence of time offset). This becomes important in investigations as it enables the seamless determination of the sequence of events.

Question 66

User Behavior Analytics (UBA)

Answer 66

(UBA) observes the digital footprints left by users within an organization’s network. UBA doesn’t merely focus on the superficial; it looks into the depths of user interactions to scrutinize patterns and anomalies that might signal potential threats. Like a skilled detective, UBA seeks to uncover the subtle deviations from the norm, recognizing that threats often disguise themselves as normal daily activities. Any abnormality is reported to the security operation center.

Question 67

POP3S

Answer 67

Post Office Protocol 3 Secure (POP3S) 995 Secure version of POP that uses TLS for encryption

Question 68

Exposure Factor

Answer 68

EF is a measure of the magnitude of loss or damage that can be expected if a risk event occurs. It is represented as a percentage, reflecting the portion of an asset’s value likely to be affected. By determining the EF, organizations can assess the extent of damage a specific risk can inflict to produce more accurate risk valuations.

Question 69

PCI-DSS

Answer 69

PCI-DSS is a robust security standard designed to safeguard payment card data during transactions. It sets stringent requirements for organizations to protect sensitive financial information, ensuring secure commerce in an evolving digital landscape.

Question 70

Chemical decomposition

Answer 70

This involves using chemicals to break down the asset’s components.

Question 71

Crushing

Answer 71

This means applying great force to render the asset unusable.

Question 72

Volume Encryption

Answer 72

BitLocker’s integration with the TPM introduces a robust layer of security, enhancing the process of volume-level encryption. By utilizing the TPM chip, BitLocker ensures the integrity of a system’s boot process and authentication mechanisms

Question 73

Password-Based Key Derivation Function 2 (PBKDF2)

Answer 73

This widely used method iterates through a hash function multiple times, effectively slowing down the key derivation process

Question 74

Bcrypt

Answer 74

Specifically designed to address password hashing, Bcrypt incorporates salt and multiple rounds of hashing to amplify the time required for each iteration

Question 75

Public Ledger

Answer 75

open public ledger is a foundational element of blockchain systems. It’s essentially a digital record of all transactions that have ever occurred within the blockchain network

Question 76

CA types

Answer 76

CAs come in two types: online and offline. Online CAs swiftly verify keys in real time, matching the pace of the digital world. Offline CAs prioritize security by working in isolated environments, away from online threats.

Question 77

Wildcard Certificate

Answer 77

For a wildcard certificate for a domain called securityplus.training, the wildcard certification would be *.securityplus.training on multiple public-facing web servers

Question 78

Asymmetric Algorthims

Answer 78

Examples of asymmetric algorithms include RSA, Diffie–Hellman, and Elliptic Curve Cryptography (ECC).

Question 79

Asymmetric Encryption

Answer 79

asymmetric encryption, the heart of asymmetric encryption, there are two keys, the private and the public keys, each of which has a unique role. The private key, as its name suggests, remains confidential and closely guarded by the entity it belongs to

Question 80

Suppliers

Answer 80

Suppliers, often referred to as third-party contributors who provide goods or services, are an integral part of the process but can also introduce risks. Therefore, it’s important to scrutinize suppliers’ security practices as part of a comprehensive supply chain risk management strategy.

Question 81

Vendors

Answer 81

The relationships between organizations and their vendors often involve the sharing of sensitive information. Yet, vendors can unwittingly serve as vectors for cyber threats.

Question 82

Spear Phishing

Answer 82

is a more targeted variant of phishing. It involves attacks directed at specific groups, such as the board of directors at a company. These emails are tailored to create a sense of authenticity and urgency, enticing the victim to click on a link embedded in the email, which typically leads to a malicious website or triggers a malware download.

Question 83

/var/www/html

Answer 83

These are web application directories where source code, configuration files, and potentially sensitive data could be stored.

Question 84

SSL/TLS downgrade

Answer 84

SSL/TLS downgrade attack is where an attacker exploits vulnerabilities in the communication between a client (such as a web browser). The attacker suggests using an older, less secure encryption method instead of the stronger ones that both parties support. The server is thus tricked into using less secure encryption protocols or algorithms, making it easier for the attacker to intercept and decrypt the data being transmitted, thereby compromising the security and confidentiality of the connection.

Question 85

SSL stripping

Answer 85

SSL stripping is an attack in which a malicious actor intercepts a secure HTTPS connection and downgrades it to an unsecured HTTP connection, allowing them to eavesdrop on sensitive information exchanged between a user and a website without detection.

Question 86

SSL/TLS

Answer 86

SSL/TLS downgrade attack is where an attacker exploits vulnerabilities in the communication between a client (such as a web browser). The attacker suggests using an older, less secure encryption method instead of the stronger ones that both parties support.

Question 87

Collision Attacks

Answer 87

Cryptography relies on the creation of unique signatures or hashes for data to ensure authenticity and integrity. A collision attack shatters this notion of uniqueness by manipulating the hash function

Question 88

HASHING Options

Answer 88

Password-Based Key Derivation Function 2 (PBKDF2): This widely used method iterates through a hash function multiple times, effectively slowing down the key derivation process
Bcrypt: Specifically designed to address password hashing, Bcrypt incorporates salt and multiple rounds of hashing to amplify the time required for each iteration

Question 89

Reason for hashing

Answer 89

The two main reasons to use hashing are as follows:

Data integrity: Hashing can help you ensure your data has not been altered in any way. If you hash a file before you download it from the internet and hash it afterward and the file remains the same, then data integrity has been maintained. If it does not, the file has been tampered with.
Password security: Hashing is a one-way function that turns passwords into unbreakable codes using complex rules. Hackers might try to crack the code, but the intricate design of hashing makes it incredibly difficult, like getting lost in a maze without being able to find the way out. This clever encryption keeps passwords safe, creating a world where the real password stays hidden, wrapped in a cloak of complexity.
Salting

Question 90

VLSM

Answer 90

A VLSM (short for “variable length subnet mask”) is a computer networking technique to divide an IP network into subnets with different subnet masks.

Question 91

SSL Decryption

Answer 91

SSL decryption allows the firewall to decrypt and inspect the traffic

Question 92

Air-gapped network

Answer 92

An air-gapped network means that no devices within that network have cable or wireless connections from which data might be stolen. Therefore, the only way to place or remove data from the computer is by removable media such as a USB drive.

Question 93

VLAN

Answer 93

A VLAN is established through the software on a network switch. It allows you to group multiple network ports together, effectively creating a distinct and separate network within the larger network. This method of network division aids in controlling traffic flow and segregating communications for distinct functions or device groups

Question 94

EEC

Answer 94

Elliptic-curve cryptography (ECC) is type of public-key cryptography based on the algebraic structure of elliptic curves over finite fields. ECC requires smaller keys than to non-EC cryptography (i.e. RSA) to provide equivalent security, and is therefore preferred when higher efficiency or stronger security (via larger keys) is required.

Question 95

Public Key

Answer 95

As its very name suggests, the public key is designed for widespread dissemination and can be freely shared without compromising security. The role of the public key is to encrypt data and validate digital signatures. For example, suppose George wants to send sensitive data to Mary. He requests a copy of Mary’s public key and uses it to encrypt the data by taking plaintext and converting it into unreadable ciphertext. If a malicious entity intercepts the encrypted data during transmission, it won’t be able to read the original message without Mary’s private key, as this is the only key that can decrypt it. To identify a public key, the format (also known as the Public-Key Cryptography Standards (PKCS) of the public key) is P7b

Question 96

non credentialed scan

Answer 96

A non-credentialed scan operates with restricted privileges and can only identify vulnerabilities that are visible from the networ

Question 97

credentialed scan

Answer 97

credentialed scan, by comparison, is a much more powerful version of the vulnerability scanner. It has elevated privileges, thereby providing more accurate information.

Question 98

Wireless devices

Answer 98

Wireless devices normally join a wireless network via a connection made through a WAP. In a home environment, it is called a wireless router. Infrastructure in a wireless network refers to a WAP setup

Question 99

POP3 secure

Answer 99

Post Office Protocol 3 Secure (POP3S) 995 TCP Secure version of POP that uses TLS for encryption

Question 100

CYOD

Answer 100

CYOD is a policy in which the company provides employees with a selection of approved devices to choose from. These devices are owned and managed by the organization

Question 101

COPE

Answer 101

In this model, organizations provide employees with corporate-owned devices that can be used for both business and personal use but must comply with company policie

Question 102

RFID

Answer 102

Radio-frequency identification (RFID): This uses radio frequencies to identify electromagnetic fields in an RFID tag to track assets.

Question 103

Jailbreakig

Answer 103

Jailbreaking applies specifically to Apple devices and allows users to bypass manufacturer or operating system restrictions, providing more control over the device

Question 104

Program logic controller level 3

Answer 104

Program Logic Controller Level (Level 3): This level is responsible for managing and controlling the overall production process

Question 105

LDAP Secure

Answer 105

636

Question 106

LDAP insecure

Answer 106

389

Question 107

VM escape

Answer 107

While virtualization is designed to isolate VMs, the hypervisor (that is, the essential software managing these VMs) introduces an unexpected challenge. It can unintentionally create a path for lateral movement, known as moving east to west, and enable potential attackers to move from a secluded VM to the host system or other interconnected VMs.

Question 108

IMAP

Answer 108

143 insecure

993 secure

Question 109

Port mirroring

Answer 109

Port mirroring, also known as SPAN (Switched Port Analyzer), is a method used on network switches to send a copy of network packets seen on one port (or an entire VLAN) to another port, where the data can be analyze