Domain 1 : Security Concepts

Question 1

Confidentiality

Answer 1

Confidentiality ensures that sensitive information remains shielded from prying eyes and that access is granted solely to those with the appropriate authorization.

Question 2

Integrity

Answer 2

Integrity ensures that your data remains unaltered and trustworthy. It prevents unauthorized changes or manipulations to your information, maintaining its accuracy and reliability

Question 3

Availability

Answer 3

This principle guarantees that your digital assets and services are accessible when needed. Availability ensures that your systems are up and running, that your data can be accessed promptly, and that your online services remain accessible.

Question 4

What is the CIA triad

Answer 4

Confidentiality
Integrity
Availability

Question 5

Non-Repudiation

Answer 5

Non-repudiation prevents denial of actions, ensuring accountability and reliability in electronic transactions and communications

Question 6

AAA server

Answer 6

An AAA server is a server program that handles user requests for access to computer resources and, for an enterprise, provides authentication, authorization and accounting (AAA) services.

Question 7

Authentication systems use …

Answer 7

At the forefront of modern authentication strategies stand the AAA framework and the 802.1X protocol

Question 8

AAA protocols are..(LIST)

Answer 8

Radius
Diameter
TACAS

Question 9

RADUIS

Answer 9

RADIUS is a cornerstone in network security, particularly in remote access scenarios. RADIUS clients encompass a variety of devices, including wireless access points, routers, and switches.

Question 10

Diameter

Answer 10

Diameter has stepped in as RADIUS’s evolved successor, extending its capabilities to modern network technologies. In this realm, network elements such as 4G and 5G infrastructure devices, including LTE and WiMAX access points, serve as Diameter clients

Question 11

TACAS+

Answer 11

TACACS+, created by CISCO, is used to grant or deny access to network devices. TACACS+ clients often include routers, switches, and firewalls. Just as with RADIUS and Diameter, the shared secret’s role remains pivotal, as it forms the bedrock of secure interactions between TACACS+ clients and servers.

Question 12

What is Gap Analysis?

Answer 12

Gap analysis is a strategic process that evaluates an organization’s security practices against established security standards, regulations, and industry best practices.

Question 13

Gap analysis requires

Answer 13

Assessment: A thorough assessment is conducted to understand the organization’s current security measures, policies, procedures, and technologies.
Benchmarking: This involves comparing the existing security practices against established industry standards, frameworks, and compliance regulations.
Identification: Gaps are pinpointed by identifying areas where security measures fall short of the desired or required level.
Prioritization: Not all gaps are equal in terms of risk. Prioritization involves ranking the identified gaps based on their potential impact and likelihood of exploitation.
Remediation strategy: With prioritized gaps in mind, a comprehensive remediation strategy is developed. This strategy outlines actionable steps to close the identified gaps and enhance the organization’s security posture.

Question 14

Infrared Sensor

Answer 14

Infrared

These detect heat signature changes, effectively identifying human or animal presence. They find applications in perimeter protection and indoor security.

Question 15

Pressure sensor

Answer 15

Sensing changes in pressure from touch or step, these provide reliable indicators of movement, both indoors and outdoors.

Question 16

Microwave sensors

Answer 16

Emitting microwave pulses and detecting frequency alterations caused by moving objects, these sensors excel in diverse security scenarios.

Question 17

Ultrasonic Sensors

Answer 17

Operating with sound waves, ultrasonic sensors “see” around corners or within concealed areas, proving valuable in challenging environments.

Question 18

Physical Security

Answer 18

encompasses a range of measures designed to deter, detect, and respond to potential risks. From robust barriers to cutting-edge surveillance, each element contributes to the creation of a security framework that safeguards people, assets, and critical information.

Question 19

Deception and Disruption

Answer 19

these technologies intend to deceive attackers so that we can find out more information about them as well as to disrupt their attacks.

Question 20

Honeypot

Answer 20

When security teams are trying to find out the attack methods that hackers are using, they set up a website similar to a legitimate website with lower security, known as a honeypot.

Question 21

Honeynets

Answer 21

Honeynets are a group of honeypots that give the appearance of a network

Question 22

Honeyfile

Answer 22

In the world of deception, even individual files can become artful lures. The honeyfile stands as an elegant ruse; it may well be a file titled password that is saved onto a desktop.

Question 23

Honeytoken

Answer 23

Honeytokens play a vigilant role in the realm of cybersecurity, designed to ensnare digital intruders in their tracks. Crafted with precision, these tokens house deceptive markers—dummy data that presents itself as a prized possession to potential thieves.

Question 24

Fake Information

Answer 24

A DNS sinkhole, often playfully dubbed the “black hole of the internet,” is a tactic where DNS queries are deliberately redirected to different IP addresses

Question 25

Zero Trust

Answer 25

never trust always verify

Question 26

Control Plane

Answer 26

The control plane serves as an instrumental command center for cybersecurity. It uses the subject/identity with company policies and threat intelligence data to decide which users or devices can access the network. By centralizing control this way, organizations can regulate access, monitor activity, and swiftly respond to emerging threats.

Question 27

Policy driven access control

Answer 27

The translation of security policies and guidelines into concrete action is a challenge faced by many organizations. Policy-driven access control offers a solution by automating the enforcement of these directives. Through a systematic approach, organizations can define access rights, permissions, and responses to specific scenarios. This not only ensures consistency but also eliminates the risk of human error in the execution of security protocols.

Question 28

Control Plane features

Answer 28

policy engine determines who gains access to critical network resources on a per-user basis. It operates based on policies, written by the organization’s security team, which lay down the rules for access. Context is crucial, with data from SIEM, threat intelligence, user attributes, and device information informing decisions. Once the policy engine evaluates all the parameters, it communicates its decision to a policy administrator, who executes it on the ground.
The policy administrator executes the decisions made by the policy engine to control access to the network. They issue access tokens and can communicate with the data plane
Policy Enforcement - The policy enforcement point assumes the role of a vigilant gatekeeper. It’s like a security checkpoint that follows the rules set by the policy administrator and double-checked by the policy engine. This checkpoint ensures that only authorized actions get through and prevents potential breaches. It’s the ultimate decision-maker that verifies everything is safe and trustworthy before letting it in. Just like a bouncer at a club, it keeps out trouble and lets in only those who are allowed.

Question 29

Data Plane

Answer 29

The data plane in cybersecurity is the operational core responsible for the actual movement and forwarding of data packets within a network

Question 30

subjects( within the data plane)

Answer 30

Subjects in the data plane are the entities that initiate data communication

Question 31

systems(data plane)

Answer 31

systems represent the collective infrastructure, resources, and devices that are responsible for processing and forwarding data packets as they traverse the network.

Question 32

DMZ

Answer 32

The DMZ is an area that is neither fully trusted nor fully untrusted. It’s an intermediate zone that allows controlled access to certain services from the external network. Communication between the DMZ and the internal network might be subject to more stringent controls. This is also commonly known as a screened subnet, where resources that are accessed by untrusted and trusted networks reside.

Question 33

Adaptive identity

Answer 33

he conventional approach to user identity is undergoing a revolutionary transformation with the emergence of adaptive identity. No longer confined to static roles and permissions, adaptive identity tailors user privileges based on contextual understanding. By analyzing user behavior, location, and device characteristics, this approach ensures that access rights are dynamically adjusted, drastically minimizing the risk of unauthorized activity while allowing for seamless user experiences.

Question 34

Process of Change Management

Answer 34

Approval process: The approval process looks at the proposed change and the reasons behind it (for example, due to new technology or more stringent regulations). This change is sent to any affected stakeholders for input. This way, the approval process ensures that the project’s direction aligns with the organization’s goals. Following approval, those changes are thoroughly documented so that they can be tracked once completed. In simple terms, the approval process is how we ensure that important decisions and changes get the green light from the right people. These decisions could be big, such as upgrading the entire computer system of a company, or small, such as giving someone access to a restricted part of a network.
Ownership: Ownership in change management refers to a person within a department who has asked for a change and will be responsible for ensuring that it is carried out effectively. This could be a company director or a project manager. In terms of security, clear ownership is crucial; this change might be handled by the Chief Information Security Officer (CISO). The CISO ensures that security tasks are carried out effectively and that there is accountability. An example could be ensuring that the proper level of encryption has been implemented and security tasks have been monitored effectively.
Stakeholders: Stakeholders are individuals, groups, or entities that have a vested interest (or stake) in a company’s operations, activities, or outcomes. They can significantly influence or be influenced by the company’s decisions, actions, and performance. However, the concept of stakeholders is not limited to shareholders and investors. It encompasses a broader spectrum of parties that can impact or be impacted by how the company functions. Table 3.1 shows the primary categories of stakeholders in a company:

Question 35

Impact Analysis

Answer 35

Before making changes, it’s important to analyze how they could impact the organization. In security, this means considering how a change could affect the overall safety of systems and data. This analysis helps in foreseeing potential security risks and finding ways to address them before they become real problems.

Question 36

Test results

Answer 36

Whenever a new security measure or change is introduced, it’s smart to test it first. Just like a seatbelt is tested before a car hits the road, security measures need to be tested to ensure they work as intended. Test results give confidence that the security actions will protect the organization as expected.

Question 37

Backout plan

Answer 37

A backout plan is like having a safety net when conducting a risky activity. In security operations, it’s a plan to undo a change if things go wrong. If a new security update crashes a system, the backout plan helps return everything to the way it was, keeping an organization safe from prolonged security vulnerabilities.

Question 38

Maintenance window

Answer 38

Think of a maintenance window as a scheduled time for fixing things. This would be carried out during silent hours so that it affects fewer people. In terms of security, this is a planned time to implement changes or updates that could impact the organization’s systems. By doing these during a maintenance window, disruptions are minimized, and security measures can be applied smoothly.

Question 39

Standard Operating Procedure

Answer 39

A standard operating procedure (SOP) is like a rulebook that guides how things should be done. Imagine you’re a pilot preparing for takeoff. Before the engines roar to life, you follow a checklist that outlines every critical step. This is the essence of SOPs. They are meticulously crafted guidelines, akin to your preflight checklist, designed to ensure that complex tasks are executed consistently and accurately.

Question 40

Restricted activities

Answer 40

Restricted activities prevent actions that could potentially lead to vulnerabilities or disruptions. These activities include unauthorized software installations, unauthorized system modifications, direct access to critical servers, and access to sensitive data or unauthorized data transfers.

Question 41

Application restart

Answer 41

Application restart vulnerabilities encompass potential security weaknesses that can emerge when an application is restarted. Improper restart procedures can cause data inconsistencies or corruption, potentially affecting the integrity of the application and its security measures.

Question 42

SNMP agents

Answer 42

SNMP agents are software modules or processes running on network devices, such as routers, switches, servers, and even IoT device

Question 43

SNMP Traps

Answer 43

SNMP traps are asynchronous notifications sent by SNMP agents to SNMP managers without a prior request.

Question 44

SCP protocol

Answer 44

SCP: This protocol is used to transfer files securely between hosts in a Linux environment. PORT 22

Question 45

DNSSEC

Answer 45

To prevent unauthorized access to access to DNS records, DNSSEC was introduced to protect DNS traffic. Each DNS record is digitally signed, creating an RRSIG record to protect against attacks and guaranteeing that these records are valid and their integrity has been maintained. This prevents DNS poisoning.

Question 46

DNS poisoning

Answer 46

happens when fake information is entered into the cache of a domain name server, resulting in DNS queries producing an incorrect reply, sending users to the wrong website

Question 47

site to site vpn

Answer 47

A site-to-site VPN, also known as a router-to-router VPN, is commonly employed by large companies

Question 48

SSL VPN

Answer 48

SSL VPN (Secure Sockets Layer Virtual Private Network) employs the SSL protocol to secure the connection between the user and the VPN server. It allows remote users to access a private network securely by establishing an encrypted tunnel between the user’s device and the VPN server.

Question 49

WPA2-Enterprise

Answer 49

Using WPA2-Enterprise-level encryption has a number of advantages that make it a good choice for a large company or enterprise networks, such as eliminating the security risks of shared passwords, enhanced security, and authentication methods and controls, the ability to dynamically assign VLANs and support for Network Access Protection (NAP).
It use 802.1x

Question 50

WPA3-SAE

Answer 50

WPA3 uses Simultaneous Authentication of Equals (SAE) to provide stronger defenses against password guessing. SAE is a secure key establishment protocol

Question 51

PEAP

Answer 51

PEAP (Protected Extensible Authentication Protocol) provides a method to transport securely authentication data, including legacy password-based protocols, via 802.11 Wi-Fi networks. PEAP accomplishes this by using tunneling between PEAP clients and an authentication server. better than all the others. udinh MSCHAP V2

Question 52

EAP-FAST

Answer 52

EAP-FAST – EAP-FAST (Flexible Authentication via Secure Tunneling) uses a Protected Access Credential (PAC) to establish a TLS tunnel in which client credentials are verified. EAP-FAST is Cisco replacement for LEAP.

Question 53

TTLS-EAP-TLS

Answer 53

TTLS-EAP-TLS – Securely tunnels the EAP-TLS certificate within the TLS records.( SERVER CERT FOR AUTHEN) SECURE TUNNEL

Question 54

EAP-TLS

Answer 54

CLIENT AND SERVER CERT FOR MUTAL AUTHENTICATION.
REQURIES PKI

Question 55

COPE

Answer 55

Corporate-Owned, Personally Enabled (COPE):this model, organizations provide employees with corporate-owned devices that can be used for both business and personal use but must comply with company policies

Question 56

SSID

Answer 56

Service set identifier (SSID) is the number that identifies your internet network

Question 57

CYOD:Choose Your Own Device (CYOD)

Answer 57

CYOD is a policy in which the company provides employees with a selection of approved devices to choose from. These devices are owned and managed by the organization. This model allows for increased flexibility with company devices but still maintains security control

Question 58

WPS

Answer 58

WPS allows you to connect to a wireless network by simply pushing a button, negating the need to insert a password each time.

Question 59

Low-level formatting

Answer 59

Low-level formatting (i.e., closest to the hardware) marks the surfaces of the disks with markers indicating the start of a recording block (typically today called sector markers) and other information like block CRC to be used later

Question 60

SWGS

Answer 60

is a cyber security product that protects company data and enforces security policies. SWGs operate in between company employees and the Internet.

Question 61

Initialisation vector

Answer 61

An initialization vector (IV) is a random or pseudo-random value used in cryptography to ensure that identical plaintexts encrypt to different ciphertexts

Question 62

XDR

Answer 62

XDR is a technology that centralizes various security points, including EDR, network firewalls, identity and access management (IAM), cloud access security brokers (CASB), etc.

Question 63

Deprovisioning

Answer 63

the process of deleting an employee’s access to your company’s systems, apps and internal data resources

Question 64

PEAP

Answer 64

Protected Extensible Authentication Protocol (PEAP): PEAP is a version of Extensible Authentication Protocol (EAP) that encapsulates and encrypts the EAP data using a certificate stored on the server, making it more secure for Wireless Local Area Networks (WLANs).

Question 65

802.1x

Answer 65

This is an overarching access control standard. 802.1x allows access to only authenticated users or devices and is therefore used by managed switches for port-based authentication.

Question 66

EAP-TLS

Answer 66

EAP-TLS is a specific, secure version of wireless authentication that requires a certificate stored on the endpoint (client or device) to verify identity and authorization.

Question 67

EAP-TTLS

Answer 67

EAP-TTLS: EAP-TTLS uses two phases. The first is to set up a secure session with the server by creating a tunnel using certificates that are stored on the server, and seen by the client. The second is to authenticate the client’s credentials.

Question 68

Gap Analysis steps

Answer 68

Assessment: A thorough assessment is conducted to understand the organization’s current security measures, policies, procedures, and technologies.
Benchmarking: This involves comparing the existing security practices against established industry standards, frameworks, and compliance regulations.
Identification: Gaps are pinpointed by identifying areas where security measures fall short of the desired or required level.
Prioritization: Not all gaps are equal in terms of risk. Prioritization involves ranking the identified gaps based on their potential impact and likelihood of exploitation.
Remediation strategy: With prioritized gaps in mind, a comprehensive remediation strategy is developed. This strategy outlines actionable steps to close the identified gaps and enhance the organization’s security posture.

Question 69

Zero Trust Control Plane

Answer 69

The control plane serves as an instrumental command center for cybersecurity. It uses the subject/identity with company policies and threat intelligence data to decide which users or devices can access the network. By centralizing control this way, organizations can regulate access, monitor activity, and swiftly respond to emerging threats.

Question 70

Threat Scope Reduction

Answer 70

Preventing threats before they manifest is a paramount goal in cybersecurity. This is where the concept of threat scope reduction enters the picture. By intentionally narrowing the potential attack surface, organizations can preemptively thwart possible avenues of exploitation. This involves strategies such as minimizing exposed services, reducing the attackable code base, and employing rigorous patch management. Through such proactive measures, the potential for breaches is significantly diminished.

Question 71

Policy Driven Access Control

Answer 71

The translation of security policies and guidelines into concrete action is a challenge faced by many organizations. Policy-driven access control offers a solution by automating the enforcement of these directives. Through a systematic approach, organizations can define access rights, permissions, and responses to specific scenarios. This not only ensures consistency but also eliminates the risk of human error in the execution of security protocols.

Question 72

Policy Enforcement Point

Answer 72

The policy enforcement point assumes the role of a vigilant gatekeeper. It’s like a security checkpoint that follows the rules set by the policy administrator and double-checked by the policy engin

Question 73

Policy Engine

Answer 73

The policy engine determines who gains access to critical network resources on a per-user basis. It operates based on policies, written by the organization’s security team, which lay down the rules for access. Context is crucial, with data from SIEM, threat intelligence, user attributes, and device information informing decisions

Question 74

Policy Administrator

Answer 74

The policy administrator executes the decisions made by the policy engine to control access to the network. They issue access tokens and can communicate with the data plane.

Question 75

Implict Trust Zone

Answer 75

This refers to areas within a network or system where certain levels of trust are assumed without explicit verification. These zones are designed to simplify and expedite communication and interactions between components within those zones

Question 76

Risk of shared tenancy

Answer 76

When utilizing public cloud services, “shared tenancy” comes into play. This concept refers to multiple customers sharing the same physical infrastructure, where each customer operates within their own isolated virtual environment. If the customer does not secure its data properly, then that could lead to a side-channel attack where another tenant has access to their data inadvertently

Question 77

RAID 6

Answer 77

RAID 6 uses two parity stripes, the practice of dividing data across the set of hard disks or SSDs, on each disk. It allows for two disk failures within the RAID set before any data loss.

Question 78

RAID 5

Answer 78

RAID 5 is the most common secure RAID level. It requires at least 3 drives but can work with up to 16. Data blocks are striped across the drives and on one drive a parity checksum of all the block data is written. T

Question 79

Tabletop

Answer 79

A tabletop exercise is a valuable tool for testing your disaster recovery plan in a controlled setting. During this exercise, key stakeholders gather around a table to discuss and strategize how they would respond to a hypothetical disaster scenario. This exercise allows participants to identify gaps in their plan, refine communication channels, and assess decision-making processes. This exercise is the easiest to set up as it takes the least administrator effort as it is a paper-based exercise.

Question 80

Controller Level (Level 1):

Answer 80

This level is responsible for the real-time control of the physical processes. It includes devices such as Programmable Logic Controllers (PLCs) that receive input from sensors on the plant floor, process the data, and send commands to actuators and other devices to control the industrial processes. Level 1 controllers ensure that the plant operates efficiently and safely.

Question 81

SCADA level 0

Answer 81

Plant Level (Level 0): This is the lowest level in the SCADA system hierarchy. It includes the physical equipment and processes on the factory floor, such as sensors, actuators, motors, pumps, and other industrial devices. These devices gather data and perform actions as directed by the higher-level controllers.

Question 82

SCADA level 0

Answer 82

Plant Level (Level 0): This is the lowest level in the SCADA system hierarchy. It includes the physical equipment and processes on the factory floor, such as sensors, actuators, motors, pumps, and other industrial devices. These devices gather data and perform actions as directed by the higher-level controllers.

Question 83

SCADA Level 1

Answer 83

Controller Level (Level 1): This level is responsible for the real-time control of the physical processes. It includes devices such as Programmable Logic Controllers (PLCs) that receive input from sensors on the plant floor, process the data, and send commands to actuators and other devices to control the industrial processes. Level 1 controllers ensure that the plant operates efficiently and safely.

Question 84

SCADA level 2

Answer 84

Coordinating Computer Level (Level 2): At this level, there are supervisory computers or Human-Machine Interface (HMI) systems that provide a centralized view of the plant’s operations. They collect data from Level 1 controllers, display it to operators, and often include control functions for higher-level coordination. Operators can monitor the plant’s status, make adjustments, and respond to alarms and events.

Question 85

SCADA level 3

Answer 85

Program Logic Controller Level (Level 3): This level is responsible for managing and controlling the overall production process. It often involves more advanced software systems that can coordinate multiple production lines or areas within the plant. Level 3 systems may also include functions such as recipe management, production scheduling, and data logging for analysis and reporting.

Question 86

SCADA

Answer 86

Supervisory Control and Data Acquisition (SCADA) systems are sophisticated automated industrial control systems (ICS) that encompass various stages of production

Question 87

WPA2

Answer 87

Wi-Fi Protected Access version 2 (WPA2): WPA2 is currently the most commonly used protocol. It uses an Advanced Encryption Standard with Counter Mode Cipher Block Chaining Message Authentication Code Protocol (WPA2 CCMP) with a 128-bit encryption key and AES encryption, offering strong protection for wireless networks.

Question 88

Data at rest

Answer 88

Data at rest is data that is not being used and is stored either on a hard drive, storage devices, files, or database servers. While it remains static until accessed, it is still susceptible to breaches if not adequately protected.

Question 89

Data at transit

Answer 89

Data in transit is data on the move, traveling across networks or communication channels. This could be the data transmitted during a purchase from a website. The session is protected using either Transport Layer Security (TLS), Secure Sockets Layer (SSL), which is an older version of TLS, or Hypertext Transfer Protocol Secure (HTTPS).

Question 90

Data at transit

Answer 90

Data in transit is data on the move, traveling across networks or communication channels. This could be the data transmitted during a purchase from a website. The session is protected using either Transport Layer Security (TLS), Secure Sockets Layer (SSL), which is an older version of TLS, or Hypertext Transfer Protocol Secure (HTTPS).

Question 91

Obstruction methods

Answer 91

Obfuscation can involve various methods, including XOR and ROT13 for data masking, defined as follows:

Question 92

Operational control

Answer 92

Operational controls revolve around the execution of day-to-day activities and processes necessary for delivering goods and services.

Question 93

Policy administrator

Answer 93

The policy administrator executes the decisions made by the policy engine to control access to the network. They issue access tokens and can communicate with the data plane.

Question 94

Back out plan

Answer 94

A backout plan is like having a safety net when conducting a risky activity. In security operations, it’s a plan to undo a change if things go wrong. If a new security update crashes a system, the backout plan helps return everything to the way it was, keeping an organization safe from prolonged security vulnerabilities.

Question 95

Service restart

Answer 95

Shutting down or rebooting systems can disrupt legitimate user access to computing resources and hinder incident response and recovery efforts. Attackers might time their actions to coincide with an application restart, aiming to exploit potential lapses in security during the restart process.

Question 96

Public key format

Answer 96

To identify a public key, the format (also known as the Public-Key Cryptography Standards (PKCS) of the public key) is P7b and the file extension is .cer. The file serves as a form of digital “identity proof,” much like a physical certificate (such as an award or diploma).

Question 97

Record level encryption

Answer 97

Record-level encryption: Record-level encryption serves as a potent data-safeguarding technique by encrypting discrete records within databases or other data repositories. In this approach, each individual record is enveloped with its distinct encryption key, heightening the complexity of unauthorized attempts to breach the record’s sensitive contents

Question 98

Volume level

Answer 98

BitLocker’s integration with the TPM introduces a robust layer of security, enhancing the process of volume-level encryption. By utilizing the TPM chip, BitLocker ensures the integrity of a system’s boot process and authentication mechanisms. This synergy establishes a twofold security approach: the TPM securely stores critical encryption keys, safeguarding them from tampering or extraction, while BitLocker encrypts the entire volume, thwarting unauthorized access to data.

Question 99

TLS handshake

Answer 99

Handshake: The sender and receiver initiate a handshake, during which they agree on encryption parameters, exchange cryptographic keys, and authenticate each other’s identity.
Encryption: Once the handshake is complete, the actual data transmission begins. The data is encrypted using symmetric encryption keys, ensuring that only the authorized recipient possesses the means to decipher it.
Transmission: The encrypted data traverses the internet’s various networks and routers, shielding it from prying eyes and potential eavesdroppers.
Decryption: Upon reaching the intended recipient, the data is decrypted using the same symmetric key. This process ensures that only the recipient can access the original, meaningful information.

Question 100

Symmetric algorithms

Answer 100

Examples of symmetric algorithms are the Data Encryption Standard (DES—56 bit), the Triple Data Encryption Standard (3DES—168 bit), and the more popular Advanced Encryption Standard (AES—256 bit). AES can send more data in each packet. AES was selected as the new encryption standard by the US National Institute of Standards and Technology (NIST) in 2001.

Question 101

Key stretching

Answer 101

Key stretching is a cryptographic technique designed to transform a password into a longer, more complex key.

Question 102

Online/ offline CAs

Answer 102

Online CAs swiftly verify keys in real time, matching the pace of the digital world. Offline CAs prioritize security by working in isolated environments, away from online threats.

Question 103

Third party certification

Answer 103

Third-party certificates are like online IDs. They’re issued by CAs, who verify that a website or service is genuine. Unlike homemade IDs, these certificates are recognized globally, like self-signed certificates, making them trustworthy. If you trade on the internet, then you need trusted third-party certificates on your website. Some examples of third parties that sell certificates are DigiCert, GlobalSign, GeoTrust, and Thawte.

Question 104

Threat actors

Answer 104

Threat actors are typically classed as internal or external. An internal attacker launches their attack from inside the company, while an external attacker launches their attack from outside of the company.

Question 105

Resource/funding vs availability

Answer 105

resources/funding availability, the extent of resources and funding at the disposal of threat actors is a pivotal determinant of their operational prowess. Well-financed threat actors such as state-sponsored groups or organized cybercrime syndicates command a formidable array of tools and expertise. This enables them to deploy intricate, multifaceted attacks that can exploit even the minutest vulnerabilities:

Question 106

Controller level 1

Answer 106

Controller Level (Level 1): This level is responsible for the real-time control of the physical processes. It includes devices such as Programmable Logic Controllers (PLCs) that receive input from sensors on the plant floor, process the data, and send commands to actuators and other devices to control the industrial processes. Level 1 controllers ensure that the plant operates efficiently and safely

Question 107

reflected

Answer 107

Reflected: In reflected attacks, the attacker obtains the victim’s IP address and crafts a packet seemingly from the victim. This packet is then sent to servers that unintentionally resend it, leading to a flood of traffic that overwhelms the victim’s server and consuming its entire bandwidth.

Question 108

Pass the hash attack

Answer 108

A pass-the-hash attack is a security concern that primarily affects older operating systems such as Windows NT 4.0, for which the authentication protocol was NTLM and user passwords were stored locally and hashed using the MD4 algorithm. In such systems, attackers could exploit weak hashing using methods such as rainbow tables or tools such as hashcat to carry out hash collision attacks

Question 109

Network Access Control

Answer 109

Network Access Control (NAC)
NAC ensures that every remote device is fully patched so that they are not vulnerable to attacks

Question 110

Network Access Control

Answer 110

Network Access Control (NAC)
NAC ensures that every remote device is fully patched so that they are not vulnerable to attacks

Question 111

Secure Cookie

Answer 111

cookie with the Secure attribute is only sent to the server with an encrypted request over the HTTPS protocol

Question 112

Fuzzing

Answer 112

Fuzzing, or fuzz testing, involves inputting massive amounts of random data, or “fuzz,” into a software program to uncover security vulnerabilities and bugs.

Question 113

SASE

Answer 113

Secure Access Service Edge (SASE) is a cloud-native security architecture that combines network security functions with WAN capabilities to provide improved performance and flexibility for remote users and branch offices, making it an ideal solution for the organization.

Question 114

Technical debt

Answer 114

In the rush to automate security operations, organizations may resort to quick fixes, such as easy-to-implement automation, that accumulate technical debt over time. Technical debt refers to the extra time it will take to compensate for issues that arise when shortcuts are taken or when automation is implemented without considering long-term maintainability

Question 115

TCP/IP Handshake

Answer 115

SYN: sender extends a synchronise packet conveying the sequence number of the next packet.
SYN-ACK: The receiver responds with an acknowledged
ACK: sender sends the ack packet to confirm receipt

Question 116

SAE

Answer 116

Simultaneous Authentication of Equals (SAE): SAE is a password-based authentication and key establishment protocol that provides stronger security compared to previous methods used in WPA2.

Question 117

Simple network management port number

Answer 117

162

Question 118

Mitre attack framework

Answer 118

Adversarial: This looks at the behavior of potential attackers according to the group to which they are sorted. An example of an adversarial would be APT28, which was a Russian government-funded cyber group that allegedly interfered with the US election in 2016 and carried out a six-month campaign against the German parliament in 2014.
Tactics: This is the medium by which the attack will be carried out. For instance, if your network is the target of some form of phishing attack, you could review phishing attack tactics in the framework, which will explain how they are launched.
Techniques: These are a breakdown of the actual processes of how an attack will be launched. For a drive-by compromise, for example, the framework provides an article describing the different processes and techniques that go into the targeting of the user’s web browser.

Question 119

SCADA

Answer 119

Plant Level (Level 0): This is the lowest level in the SCADA system hierarchy. It includes the physical equipment and processes on the factory floor, such as sensors, actuators, motors, pumps, and other industrial devices. These devices gather data and perform actions as directed by the higher-level controllers.
Controller Level (Level 1): This level is responsible for the real-time control of the physical processes. It includes devices such as Programmable Logic Controllers (PLCs) that receive input from sensors on the plant floor, process the data, and send commands to actuators and other devices to control the industrial processes. Level 1 controllers ensure that the plant operates efficiently and safely.
Coordinating Computer Level (Level 2): At this level, there are supervisory computers or Human-Machine Interface (HMI) systems that provide a centralized view of the plant’s operations. They collect data from Level 1 controllers, display it to operators, and often include control functions for higher-level coordination. Operators can monitor the plant’s status, make adjustments, and respond to alarms and events.
Program Logic Controller Level (Level 3): This level is responsible for managing and controlling the overall production process. It often involves more advanced software systems that can coordinate multiple production lines or areas within the plant. Level 3 systems may also include functions such as recipe management, production scheduling, and data logging for analysis and reporting.

Question 120

Address Resolution Protocol (ARP):

Answer 120

When connections are made to a switch, each port is allocated to a MAC address. The ARP protocol is used to map an IP address to a MAC address.

Question 121

What is Nessus

Answer 121

A remote scanning tool that can identify vulnerabilities that hackers can exploit

Question 122

Forgery

Answer 122

Forgery attacks manipulate data (often through the creation of falsified tokens or requests) with the goal of impersonating legitimate users or application

Question 123

Password Spraying

Answer 123

Instead of checking every single combination, sprayers focus on a few common usernames (such as admin, root, or user) and try a list of common passwords (such as 123456, password, password123, letmein, and changeme). You can prevent password spraying by implementing strong password policies, MFA, and monitoring systems for unusual login patterns.

Question 125

WEp

Answer 125

Wired equivalent privacy (WEP): WEP’s key management is an outdated protocol that was problematic due to insufficient security. The encryption keys used only a 64-bit encryption key with the RC4 stream cipher to protect data, leaving them vulnerable to attacks. WEP used a 24-bit initialization vector (IV) to help encrypt data packets. However, the IVs were reused, which made it relatively easy for attackers to predict and crack the encryption keys.

Question 126

Stateless Firewalls

Answer 126

A stateless firewall is one that doesn’t store information about the current state of a network connection. Instead, it evaluates each packet individually and attempts to determine whether it is authorized or unauthorized based on the data that it contains.

Question 127

PEAP

Answer 127

Protected Extensible Authentication Protocol (PEAP): PEAP is a version of Extensible Authentication Protocol (EAP) that encapsulates and encrypts the EAP data using a certificate stored on the server, making it more secure for Wireless Local Area Networks (WLANs

Question 128

PEAP

Answer 128

Protected Extensible Authentication Protocol (PEAP): PEAP is a version of Extensible Authentication Protocol (EAP) that encapsulates and encrypts the EAP data using a certificate stored on the server, making it more secure for Wireless Local Area Networks (WLANs

Question 129

Dns sinkhole

Answer 129

A DNS sinkhole identifies known malicious domains and ingeniously sends back false information to potential attackers, preventing them from launching an attack.

Question 130

DNSSEC

Answer 130

DNSSEC creates a secure domain name system by adding cryptographic signatures to existing DNS records

Question 131

MAC filtering

Answer 131

MAC filtering, which secures the network by ensuring that only an approved user’s MAC address is added to the wireless access point.

Question 132

Typosqautting

Answer 132

Typosquatting: Typosquatting exploits typing errors. Cyber attackers register domains that bear great similarity to legitimate domain names with minor changes such as spelling errors or missing symbols

Question 133

Watering hole

Answer 133

Compromising websites for targeted attacks

Question 134

Watering hole

Answer 134

Compromising websites for targeted attacks

Question 135

Certificate authority (CA) compromise

Answer 135

The digital world relies on CAs to issue digital certificates. If a CA is compromised, attackers can generate fraudulent certificates, leading to the interception of encrypted communications and the potential for widespread

Question 136

IMAP

Answer 136

The Internet Message Access Protocol, also known as IMAP, is a protocol for receiving emails from a server. Since IAMP allows access to emails from multiple locations simultaneously, it keeps the email on the server after being delivered. Also, it doesn’t;t download the entire email until the recipient opens it.

Currently, the 4th version of the IMAP protocol is in use, and it is one of the most used protocols for email receiving

Question 137

POP3

Answer 137

Post Office Protocol is a more user-friendly method of accessing mailboxes. Version 3 is the most widely used version of this standard, and it is popular among users due to its low reliance on Internet connections. POP3 transfers emails from the server to the client, allowing you to read them even if you are not connected to the internet

Question 138

SMTP

Answer 138

port number: 587SMTP (Simple Mail Transfer Protocol) is a widely used TCP protocol for email sending. The SMTP protocol is mainly used by the clients to send emails to the servers or for the email communications between servers.

There are 2 types of SMTP servers: Relays and Receivers. Relays accept emails from users and route them to recipients, while Receivers deliver them to the mailbox after accepting the email from the Relay servers

Question 139

L2TP/IPS

Answer 139

is a virtual private network (VPN) protocol that creates a connection between your device and a VPN server without encrypting your content. Due to its lack of encryption and authentication, L2TP is usually paired with Internet Protocol Security (IPsec) protocol

Question 140

Ipsec Tunnel Mode

Answer 140

This is the mode in which a user creates a VPN session from a remote location. During tunnel mode, the AH and ESP are both encrypted. Authentication methods include certificates, Kerberos authentication, and pre-shared keys.

Question 141

Ipsec always on mode

Answer 141

This mode is applied during the creation of a site-to-site VPN, the purpose of which is to build a point-to-point connection between two sites in possession of their own VPNs. The session is set to always on to ensure the connection is available all the time. While a site-to-site VPN is active, both the AH and the ESP are encrypted.

Question 142

ipsec transport mode

Answer 142

This mode is used during the creation of an IPSec tunnel with an internal network using client/server-to-server communication. During transport mode, only the ESP is encrypted.

Question 143

POP

Answer 143

E-mail protocol that allows e-mail clients to communicate with e-mail servers. POP provides only one-way communication

Question 144

imap

Answer 144

E-mail protocol used by e-mail clients to communicate with e-mail servers. Provides two way communication unlike POP.

Question 145

Generators purpose

Answer 145

generators are backup power sources during prolonged outages and are not designed for the continuous, fine-grained power control needed in data center environments

Question 146

active/active load balancer

Answer 146

ctive/active load balancer configuration, load balancers function together as a dynamic array, actively managing incoming traffic. The configuration can include multiple load balancers and there must be at least two. They not only distribute traffic but also cache requests for enhanced efficiency.

Question 147

quorum disk

Answer 147

The quorum disk is a shared storage resource that members of the cluster share. It acts as a neutral arbiter, storing critical configuration and state information that both the active and passive nodes access

Question 148

Geographic dispersion

Answer 148

Geographic dispersion involves the strategic distribution of data centers, servers, and critical infrastructure across different geographical locations, often separated by significant distances.

Question 149

On-site backup

Answer 149

They involve storing copies of your essential data within your physical premises, providing swift access when needed

Question 150

Witness server

Answer 150

Witness Server: Adding an additional layer of reliability, the witness server is an impartial entity that assists in determining the state of the cluster. The witness server helps prevent split-brain scenarios and ensures that the cluster operates smoothly.

Question 151

Uninterruptible Power Supply

Answer 151

Uninterruptible Power Supply (UPS): A UPS is an electrical device used to provide backup power to connected equipment or devices during power outages or fluctuations in the electrical supply. It is designed to keep the system going only for a few minutes to allow the server team to close the servers down gracefully.

Question 152

Power Distribution Units (PDUs)

Answer 152

PDUs serve as a frontline defense, effectively mitigating power spikes, blackouts, and brownouts to safeguard your critical equipment and data. Their primary function is to maintain a balanced distribution of power, guard against the perils of overload and overheating, and thereby enhance the safety and longevity of connected equipment

Question 153

SNMP

Answer 153

The SNMP is a widely used protocol used for network management. It operates with a key component known as the Management Information Base (MIB), which is essentially a database of network information. The TRAP agent is the component in an SNMP responsible for sending messages

161/162 port

Question 154

TCP/UDP

Answer 154

Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) both are protocols of the Transport Layer Protocols. TCP is a connection-oriented protocol whereas UDP is a part of the Internet Protocol suite, referred to as the UDP/IP suite. Unlike TCP, it is an unreliable and connectionless protocol. In this article, we will discuss the differences between TCP and UDP.

Question 155

Elliptic Curve Cryptography (ECC

Answer 155

• ECC is based on the algebraic structure of elliptic curves over finite fields.
• It provides the same level of security as traditional algorithms like RSA but with much smaller key sizes, which results in faster computations and reduced storage requirements.

Question 156

Elliptic Curve Cryptography (ECC

Answer 156

• ECC is based on the algebraic structure of elliptic curves over finite fields.
• It provides the same level of security as traditional algorithms like RSA but with much smaller key sizes, which results in faster computations and reduced storage requirements.

Question 157

Elliptic Curve Cryptography (ECC

Answer 157

• ECC is based on the algebraic structure of elliptic curves over finite fields.
• It provides the same level of security as traditional algorithms like RSA but with much smaller key sizes, which results in faster computations and reduced storage requirements.

Question 158

ECDHE

Answer 158

Elliptic Curve Diffie-Hellman Ephemeral (ECDHE) is a key exchange algorithm that allows two parties to establish a shared secret over an insecure communication channel

Question 159

ECDHE

Answer 159

ECDHE (Elliptic Curve Diffie-Hellman Ephemeral)

•	Purpose: Used for key exchange.
•	Function: Establishes a secure, shared secret between two parties over an insecure channel without pre-shared keys. The “ephemeral” aspect means that it generates a temporary key for each session, enhancing security.
•	Performance: Provides perfect forward secrecy (PFS), meaning even if the server’s private key is compromised, past sessions remain secure.
•	Usage: Often used in SSL/TLS to securely exchange keys for establishing an encrypted session.

Question 160

ECDSA vs ECDHE

Answer 160

Purpose: ECDSA is used to verify the authenticity of data or messages.
Purpose ECDHE is used to securely exchange encryption keys between two parties.

Question 161

SNMP trap

Answer 161

SNMP TRAP agents play a crucial role in network surveillance, helping maintain the security and integrity of network devices

Question 162

Attestation and acknowledgment

Answer 162

Confirming compliance and recognizing it

Question 163

Attestation and acknowledgment

Answer 163

Confirming compliance and recognizing it

Question 164

RAID 0

Answer 164

RAID 0 (disk striping) is the process of dividing a body of data into blocks and spreading the data blocks across multiple storage devices, such as hard disks or solid-state drives (SSDs), in a redundant array of independent disks group.

Question 165

RAID 6

Answer 165

RAID 6 is a storage configuration that provides redundancy and fault tolerance using a dual parity method. Is also known as disk striping with double parity

requires 4 disks

Question 166

Disk Striping

Answer 166

(disk striping) is the process of dividing a body of data into blocks and spreading the data blocks across multiple storage devices,

Question 167

RAID 5

Answer 167

a redundant array of independent disks configuration that uses disk striping with parity

requires 3

Question 168

RAIDS

Answer 168

RAID 0 (striping), RAID 1 (mirroring) and its variants, RAID 5 (distributed parity), and RAID 6 (dual parity).

Question 169

Business impact analysis

Answer 169

Business Impact Analysis
BIA is carried out by an auditor with the objective of identifying a single point of failure. The

Question 170

Pupling

Answer 170

This means turning the paper waste into pulp and is like making papier-mâché.

Question 171

Packet monitoring

Answer 171

A package typically refers to a software component or module that is used within an application

Question 172

Packet monitoring

Answer 172

A package typically refers to a software component or module that is used within an application

Question 173

Information sharing organizationd

Answer 173

Information-Sharing Organizations (ISOs) are collaborative platforms on which cybersecurity practitioners, experts, government agencies, and private-sector entities conver

Question 174

System monitors

Answer 174

Systems refers to the servers, workstations, and endpoints that make up an organization’s network. Monitoring systems involves keeping a vigilant eye on their performance metrics, such as CPU usage, memory utilization, and network traffic. By establishing baselines and thresholds, security teams can detect anomalies that might indicate a security breach or system failure.

Question 175

SNMP agents

Answer 175

SNMP agents are software modules or processes running on network devices, such as routers, switches, servers, and even IoT devices.

Question 176

SNMP
Managers

Answer 176

SNMP managers are centralized systems responsible for monitoring and managing network devices. They initiate SNMP requests to gather information from SNMP agents and can also configure and control devices. Managers use SNMP protocol operations such as GET, SET, and GETNEXT to retrieve or modify information stored in the Management Information Base (MIB), which stores information about devices on the network.

Question 177

SNMP
Managers

Answer 177

SNMP managers are centralized systems responsible for monitoring and managing network devices. They initiate SNMP requests to gather information from SNMP agents and can also configure and control devices. Managers use SNMP protocol operations such as GET, SET, and GETNEXT to retrieve or modify information stored in the Management Information Base (MIB), which stores information about devices on the network.

Question 178

SNMP Traps

Answer 178

SNMP traps are asynchronous notifications sent by SNMP agents to SNMP managers without a prior request. They are used to inform managers of specific events or conditions

Question 179

Secure copy protocol

Answer 179

Port 22 Secure Copy Protocol (SCP) is a network protocol that supports the transfer of files between hosts on a network. It is built on the Secure Shell (SSH) protocol, providing encryption and authentication to ensure the confidentiality and integrity of data during transmission

Question 180

policy admin

Answer 180

Policy administrator: The policy administrator executes the decisions made by the policy engine to control access to the network. They issue access tokens and can communicate with the data plane.

Question 181

Active devices

Answer 181

Active devices are a proactive force within your network security arsenal. They actively intervene and act when potential threats are detected. These devices can block or mitigate threats in real time, helping to maintain the integrity and security of your networ

Question 182

Passive Devices

Answer 182

Passive devices are observers. They monitor network traffic, analyze patterns, and provide insights into potential threats and vulnerabilities.

Question 183

White Team

Answer 183

A white team is a group of IT specialists tasked with overseeing red vs blue exercises

Question 184

DNSSEC

Answer 184

DNSSEC (Domain Name System Security Extensions) is a suite of extensions to DNS (Domain Name System) that adds a layer of security to the domain name resolution process

Question 185

DNS port

Answer 185

53

Question 186

POp3 port

Answer 186

995

Question 187

POp3 port

Answer 187

995

Question 188

IMAP

Answer 188

993

Question 189

SMTP SSL port

Answer 189

465

Question 190

AD HOC

Answer 190

Ad hoc assessments are sporadic and arise in response to specific events or perceived threats. This type of assessment is tailored to focus on the immediate dangers and is characterized by its flexibility and swift implementation.

Question 191

One Time

Answer 191

: One-time assessments are conducted for specific scenarios or projects, often at the inception of a new venture, system implementation, or organizational change. This approach provides a detailed one-time view of the risks associated with a particular endeavor.

Question 192

Global

Answer 192

Global: Worldwide data protection regulations

Question 193

PEM

Answer 193

Privacy Enhanced Mail (PEM) files are a type of Public Key Infrastructure (PKI) file used for keys and certificates

Question 194

dmarc

Answer 194

DMARC stands as a robust secure email security protocol, empowering domain owners to precisely dictate the actions taken when their emails fail authentication tes

Question 195

DKIM

Answer 195

DKIM is an email authentication method that enables a sender to digitally sign their email messages. These signatures are then validated by the recipient’s email server to confirm the message’s authenticity. This way, DKIM pr

Question 196

SPF

Answer 196

(SPF): SPF is another email authentication mechanism. It checks whether the sender’s IP address is authorized to send mail on behalf of a particular domain. Each sender needs to create a text (TXT) record DNS of their domain.

Question 197

SWG

Answer 197

Secure Web Gateway (SWG)? A secure web gateway protects an organization from online security threats and infections by enforcing company policy and filtering Internet-bound traffic.

Question 198

IMAP

Answer 198

143/993

Question 199

IMAP

Answer 199

143/993

Question 200

POP

Answer 200

Post Office Protocol (POP) is used for retrieving emails from a remote email server.

Port 110

995

Question 201

Email ports

Answer 201

• Port 587: Used for SMTP with STARTTLS encryption (modern standard for email submission).
• Port 465: Used for SMTP over SSL (SMTPS).
2. POP3 (Post Office Protocol 3)
• Port 110: Standard port for POP3 without encryption.
• Port 995: Used for POP3 over SSL/TLS (encrypted POP3).
3. IMAP (Internet Message Access Protocol)
• Port 143: Standard port for IMAP without encryption.
• Port 993: Used for IMAP over SSL/TLS (encrypted IMAP).

Question 202

POP

Answer 202

993

Question 203

IMAP

Answer 203

995

Question 204

POP

Answer 204

993

Question 205

Email ports

Answer 205

POP :993
IMAP: 995
SMNP:587