Domain 1: General Security Concepts

Question 1

OSI Networking Model

Answer 1

7 Application
6 Presentation
5 Session
4 Transport
3 Network
2 Data Link
1 Physical

Question 2

Network addressing

Answer 2

MAC Address

IP Address - lPv4 and IPv6

Question 3

MAC Address

Answer 3

Permanent, “burned-in” network address used by network interfaces to communicate with local network

Ex.
0a : 1b : 2c : 3d : 4e : 5f
or
00 : 0d : 4f : 12 : 34 : 56

Question 4

IP address - two types

Answer 4

IPv4- 32-bit address, separated into four “octets

• Valid IPs consist of 0-255 in each octet

Ex: 192.168.1.128, 127.0.0.1, 8.8.8.8

IPv6 - 128-bit address, represented on hexadecimal

• Values range from 0-9, A-F

Ex: fe80:0000:0000:afel:6bde:af0e:0509 or
2001:0db8:0000:0000:aaaa:abcd:7040:0073

Question 5

Network Hardware

Answer 5

• Hub
• Switch
• Router
• Layer 3 Switch

Question 6

Hub

Answer 6

Network aggregation device that re-transmits incoming data on all ports

• No longer used, causes large amount of interference, unable to support faster, data race like 1Gbps
• Layer 1 device

Question 7

Switch

Answer 7

• network aggregation device that inspects each incoming frame to determine the destination Mac address, send data to the appropriate port where that Mac address is located
• Layer 2 device

Question 8

Router

Answer 8

• network device that analyzes each incoming packet’s IP address to send data to appropriate interface or network to ensure delivery
• Layer 3 device

Question 9

Layer 3 Switch

Answer 9

• like a normal layer 2 switch but analyzes IP address. Required for VLAN operation
• Layer 3 device

Question 10

Fundamental Security Concepts

Objective 1.2

Answer 10

The CIA Triad

Question 11

The CIA Triad

Answer 11

The CIA Triad is made up of

Confidentiality,

Integrity

and Availability

Question 12

Confidentiality

Answer 12

Keeping secret things secret

Question 13

Integrity

Answer 13

The data has not been altered in any way

Question 14

Availability

Answer 14

The data or service is there when you need it

Question 15

AAA

Answer 15

Identification
Authentication
Authorization
Accounting

Question 16

Identification

Answer 16

• making the claim of who you are 

Question 17

Authentication

Answer 17

• Proving you are who you claimed to be

Question 18

Authorization

Answer 18

• Gaining access to your data and or services

Question 19

Accounting

Answer 19

• keeping track of who has authenticated

(Or attempted to authenticate)

Question 20

Non-Repudiation

Answer 20

• provided with a specific encryption key and or digital signature is used identify the sender of a message
• recipients are assured the source of the message, thanks to non-repudiation
• cannot deny having sent a message, as it was signed by them or was encrypted using their private key 

Question 21

Gap Analysis

Answer 21

• analysis, a variation between organization, security, and requirements

• organization may be required by law, by industry, or by framework to have certain security measures in place

• cap analysis allows organization to examine any deviation to plan for corrective action, 

Question 22

Zero Trust (ZTA)

Answer 22

• or Zero-Trust Architecture (ZTA) - requires authorization for each data transaction across network

• Control Plane
- Point of security control
- determines flow of data

• Data Plane
- point of interaction with data, most data around
- authorize to move data by the control plane in a zero-trust architecture

Question 23

Kerberos

Answer 23

Kerberos is thought to be one of the more secure network authentication protocols and can be found in use by Windows Active Directory system. The Kerberos system evolves around the use of a Key Distribution Center (KDC) which ultimately issues tickets that allow a client to obtain access to a system resource by authenticating with the ticket.

Question 24

Deception and Disruption

Answer 24

Honeypot

Honeynet

Enticing targets for would-be attackers to attempt to access:

• Honeyfile
• Honeytoken

Question 25

Honeypot

Answer 25

• Attractive target to lure would-be attackers away from actual target

Question 26

Honeynet

Answer 26

• Fake network or fake data center composed of honeypots to distract would-be attackers

Question 27

Security Controls

Objective 1.1

Answer 27

1. Categories
2. Types

Question 28

Categories

Answer 28

• Technical

• operational

• Managerial

• Physical

Question 29

Technical

Answer 29

• forms of protection, implemented by an information system (Software or Hardware)
• example
• access control list, firewalls, intrusion detection systems, antivirus

Question 30

Operational

Answer 30

• security controls, implemented by people rather than computational systems

• Ex.

• cyber security awareness training
• rules for individuals within an organization 

Question 31

Managerial

Answer 31

• form of control that provides oversight or supervision of an information system

• Ex.

• Security policies
• Risk management
• Standard Operating Procedures (SOPs)

Question 32

Physical

Answer 32

• form of a barrier that physically prevents someone from assessing a facility, area or system: or is interacted with physically

• Ex.

• Gates
• Locks
• Lights

Question 33

Types

Answer 33

• Deterrent

• Preventative

• Detective

• Corrective

• Compensative

Question 34

Deterrent

Answer 34

• deterrent controls communication, either directly or indirectly, to an attacker that they should not attack
• These controls do not prevent an attack from occurring, serving instead to convince and attack or not to execute and attack
• ex. Warning, signs / banners.

Question 35

Preventative

Answer 35

• preventive control served prevent and attack from happening in first place
• ex. Locking the doors prevent unwanted access to an area. User training helps for venues, his room, falling victim to social engineering techniques.

Question 36

Detective

Answer 36

• Controls, which notify in record when attack attempts are made, but do not prevent attacks from occurring
• Detective controls can be used to alert that a preventive control has failed
• ex. Security, camera, recordings, door, alarms, check them, and Dusen detection software are all forms of detective control. 

Question 37

Corrective

Answer 37

• Controls that mitigate materialize risk and possibly prevent the risk from happening in the future
• ex. Restoring lost data from backups. 

Question 38

Compensate

Answer 38

• A control designed as a back up to another control, to be used in the event that the main control is unable to revise sufficient level of protection on its own
• Complicating controls can also involve recovery of data if lost due to an attack / disaster
• ex. Alarm that sounds after lock doors left open for period of time.

Question 39

Directive

Answer 39

• A control design to enforce rule of behavior, specifying how individuals should interact with a system.
• ex. Policy, disciplinary procedures for failure to apply, standard operating procedures.

Question 40

Physical Security Controls

Answer 40

• Lighting

• Fencing

• cameras

• Bollards

• Vestibules

• Sensor and Alarms
- infrared
- pressure
- microwave
-ultrasonic

Question 41

Change Management
Objective 1.3

Answer 41

Version Control

Documentation

Business Impact

Workflow

Technical Implications

Question 42

Version Control

Answer 42

• helps to track changes as they have an overtime

• in the event and issue occurs in the code, the problem can either be tracked down and eliminated, or the code can be rolled back to an early version before the issue Rose

• If confidential information is tracked, care needs to be taken to remove this information from control (login credentials, personal info and so on)

Question 43

Documentation

Answer 43

• Tracking changes
- who, what, when, why

• Updating diagrams

• updating policies and procedures

Question 44

Business Impact

Answer 44

• Impact analysis

• Limited downtime, work stoppage

• Maintenance windows

Question 45

Business Impact (cont’d)

Answer 45

• what might cause outage or have an impact?
- System restart
- Service restart
- Application restart

• who might be impacted?
- Ownership
- Stakeholders

Question 46

Workflow

Answer 46

• Standard Operating Procedure

• Approval process

• Test Results
- checking dependencies

•. Blackout plan

Question 47

Technical Implications

Answer 47

• Updating or changing allow lists and deny lists

•. Updating or changing restricted activities

• Managing legacy applications

Question 48

Cryptography
Objective 1.4

Answer 48

Hashing

And

Encryption

Question 49

Hashing

Answer 49

• One-way
• Used to ensure integrity

• useful for ensuring integrity of data and safeguarding passwords

• create a unique output digest from a given input

• One Way algorithm
- cannot derive the original input from a given output

• if two different inputs yield the same output, this is known as collision
- collisions mean the hashing algorithm is cryptographically broken

Types
- MD5
- SHA256
- SHA512

Question 50

Salting

Answer 50

• salting is altering the input data to confound cracking attempts

• to break a digest, attackers will hash varying, different inputs until it matches found

• when a match is found, attackers look back at the input for the answer

• if salt is used, it is hard to know what part is the users input and what part is default?

Question 51

Encryption

Answer 51

• Two-way
• Used to ensure confidentiality

• Ensured confidentiality, hides data from prying eyes

• algorithm types
- Symmetric
- Asymmetric

• Digital signatures
• Code signing

Question 52

Simplistic symmetric encryption

Answer 52

Question 53

Symmetric

Answer 53

• uses same key to both encrypt and decrypt

• problematic if key has not been shared prior
- How do you share the key over and unrested Work?

• computationally intense than a asymmetric

Question 54

Asymmetric

Answer 54

• utilizes a public key and a private key

• Typically, large values in hundreds and thousands of digits
• Mathematically related
• Difficult to discern a key pairs mate out of the astronomical number of possibilities

• only the private key can decrypt data encrypted with the public key

• only the public key can decrypt data encrypted with the private key

• Computationally intense

Question 55

Asymmetric continued

Answer 55

Question 56

Key Exchange

Answer 56

• Securely exchange keys for an encryption method is a vital part of ensuring the encryption remains secure
• out-of-band exchange is when keys are sent over an unrelated channel, such as relaying a key verbally or sending it in the mail. These methods can be easily infiltrated / compromised to intercept the key
• In-band exchange is when keys are exchanged over the same channel used for communicating. Ex. The public key can simply be given out since only the owner of the private key can decrypt messages encrypted using the public key

Question 57

Key Length

Answer 57

• key strength

• measure of how resistant an encryption key is to brute force and other key-discovery techniques

• key strength must be balanced with usability relating to processing power / time

Question 58

Levels of Encrption

Answer 58

• Full disk encryption (FDE)

• Partition level

• Volume level

• File level

• Database level

• Record level

Question 59

Certificates and PKI

Question 60

PKI

Answer 60

• Public-Key Infrastructure

• Public key
• Private key
• Key escrow

Question 61

Certificates

Answer 61

• A certificate is a key-pair assignment from a Certificate Authority (CA)
• Certificates are unique to the holder
• Different types of certificates
  • third-party (issued by another entity)
  • Self-signed (issued by organization for use within organization)

Question 62

Certificate Authority (CA)

Answer 62

• is a trusted organization that assigns certificates to applicants
  
  • applicants submit a certificate request (CSR) to the CA to initiate the process
• checks with other trusted CAs to determine if Key pair is unique
• assigns that key pair to the applicant for a specified length of time 
• maintains record of assigned certificates
• trusted because authority was granted by another CA in a hierarchy
• traces chain of trust back to a root CA that maintain root of trust for CAs

Question 63

Certificate Status

Online certificate status protocol (OCSP)
Certificate revocation list (CRL)

Answer 63

• online certificate status Protocol (OCSP) allows entity to check status of a certificate with issuing CA
• Certificate Revocation List (CRL) identifies which certificates have been revoked by the issuing CA and should no longer be trusted.
• Expired certificates are certificates that are past the date specified by the issuing CA

Question 64

Certificate Contents

Answer 64

Question 65

Cryptographic Tools

Answer 65

• trusted platform module (TPM)

• hardware security module (HSM)

• key management

• Secure Enclave

Question 66

TPM

Trusted Platform Module

Answer 66

• Small, purpose-built chip used to identify a specific system (motherboard)
• Either built into the motherboard design or as an add-on peripheral
• Can protect small amounts of sensitive information, such as passwords and cryptographic keys

Question 67

HSM

Hardware Security Module

Answer 67

• offloads the computationally intense encryption / decryption workload from the main general purpose CPU to a special purpose GPU powered peripheral

Question 68

Uses of cryptography

Question 69

Digital Signatures

Answer 69

• Method of cryptographically signing a message to authenticate the sender and provide assurance that the message data has not been been modified (authentication and integrity)
• Also provides non-repudiation, as the sender cannot later deny having signed the message

Question 70

Code Signing

Answer 70

• Ensures an application has not been modified and confirms the author of the application
• Accomplished through hashing file and signing this hash with the developers private key (asymmetric encryption) to provide a certificate base digital signature

• Provides integrity and non-repudiation

Question 71

Blockchain

Answer 71

• Acts as a decentralized and distributed public ledger that records the altar rations of a digital asset

• typically managed by a peer to peer Work

• most popular example of Blockchain at the moment is bitcoin, a distributed ledger, recording the transactions of users, using a cryptographic coin

• quite secure as an attacker would need to take over a majority of the network in order to add falsified information to the ledger (…hard to do, but not impossible!)

Question 72

Stenography

Answer 72

• hiding data or file within another file in order to hide the existence of the communication

• E.g., a secret text message hidden inside an image, audio, or video file

Question 73

Obfuscation

Answer 73

• making something hard to read or understand

Question 74

Data hiding

Answer 74

• tokenization
  
  • altering values with a stand-in value to obscure the value
  • can be reversed if needed
• Data masking
  • replacing values to prevent the original from being seen
  • “Permanent tokenization”