Domain 2

Question 1

What captures the relationships between physical and logical assets

Answer 1

Diagrams

Question 2

are the minimum level of security required for the system or application

Answer 2

Baseline Configuration

Question 3

reduce error and provides a clear communication standard

Answer 3

Standard Naming Conventions

Question 4

Advanced planning is needed to apply deviations from an organization’s IP addressing schema

Answer 4

Internet protocol (IP) schema

Question 5

refers to regulations pertaining to data being stored in other countries

Answer 5

Data sovereignty

Question 6

What is the practice of enacting security controls that protect the CIA (Confidentiality, Integrity, Availability) of data

Answer 6

Data Protection

Question 7

What is the systems way to prevent unwanted sensitive data from leaving the organization’s network

Answer 7

Data loss prevention (DLP

Question 8

The act of hiding data by redacting all or parts of its content to preserve its confidentiality

Answer 8

Masking

Question 9

Data, whether at rest, in motion, or in processing requires encryption

Answer 9

Data At rest/ In transit/motion/ In processing

Question 10

is the process of replacing data fields with random values

Answer 10

Tokenization

Question 11

What refers to the practice of protecting the rights of users over digital objects

Answer 11

Rights management

Question 12

The lack of physical borders in the online world makes rights management difficult to govern

Answer 12

Geographical considerations

Question 13

Policies such as a BCP (Business Continuity Plan) or DRP (Disaster Recovery Plan) that are created to promote business resiliency

Answer 13

Response and recovery controls

Question 14

A security feature that prevents attackers from bypassing security through encrypted channels

Answer 14

Secure Sockets Layer (SSL)/Transport Layer Security (TLS) inspection

Question 15

A mathematical function that creates a fixed-length output from a variable-length input, used to verify the integrity of data

Answer 15

Hashing

Question 16

Security controls should be in place to authenticate users and not allow for unwanted access

Answer 16

API Considerations

Question 17

is an alternative site that has little to no backups of the original site’s data and is fully operational within weeks

Answer 17

Cold Site

Question 18

is an alternative site that has full backups of the original site’s data and is fully operational within minutes to a few hours

Answer 18

Hot site

Question 19

is an alternative site that partial backups of the original site’s data and is fully operational within a few days

Answer 19

Warm site

Question 20

are computer systems with fake data that is designed to attract hackers

Answer 20

Honeypots

Question 21

are computer files that are designed resemble legitimate files but contain fake data

Answer 21

Honeyfiles

Question 22

A network designed as a decoy to attract hackers

Answer 22

Honeynets

Question 23

refers to fake network traffic that is designed to mimic real network communication

Answer 23

Fake Telemtry

Question 24

occurs when a user is redirected to a malicious or wrong URL

Answer 24

DNS Sinkhole

Question 25

A cloud computing model to provision cloud-based IT resources and components

Answer 25

Infrastructure as a service (IaaS

Question 26

A cloud computing model to provision cloud-based IT services such as database management

Answer 26

Platform as a service (PaaS)

Question 27

A cloud computing model to provision cloud-based software directly to a user over the internet

Answer 27

Software as a service (SaaS

Question 28

The provisioning of ad hoc services via a cloud service

Answer 28

Anything as a service (XaaS)

Question 29

refers to a cloud environment that is accessible by multiple organization

Answer 29

Community Cloud

Question 30

cloud refers to a cloud environment that is only accessible by a single organization

Answer 30

Private

Question 31

What cloud refers to a cloud environment that is a mix of both public and private cloud environments

Answer 31

Hybrid Cloud

Question 32

A company that manages the IT infrastructure and security services of an organization

Answer 32

Managed service provider (MSP)/managed security service provider (MSSP

Question 33

refers to a distributed cloud architecture that reduces latency

Answer 33

Fog computing

Question 34

refers to a cloud architecture that performs computing at the edge of a network

Answer 34

Edge Computing

Question 35

is a lightweight computer with limited capabilities and resources

Answer 35

Thin cilent

Question 36

are environments that packages code to be executed software within an isolated and standard environment

Answer 36

Containers

Question 37

collection of small modules that work together to create a complete system

Answer 37

Microservices/APIA

Question 38

The act of provisioning IT systems and applications from machine-readable files and code

Answer 38

Infrastructure as code

Question 39

A network architecture to manage compatible IT networking devices through computer programming

Answer 39

Software-defined networking (SDN)

Question 40

Real-time reporting of configuration data through application programmable interfaces (APIs

Answer 40

Software-defined visibility (SDV)

Question 41

An organization owns and manages web applications and rents its usage to users, usually on a subscription model

Answer 41

Serverless architecture

Question 42

The process of enabling separate processes and services to work together

Answer 42

Services integration

Question 43

define how resources are provisioned along with its restrictions

Answer 43

Resource policies

Question 44

allows for a network connection to a Virtual Private Cloud network

Answer 44

transit gateway

Question 45

is the technology that allows a computer to have multiple operating systems installed

Answer 45

Virtualization

Question 46

A set of management practices and policies to keep track of ** within the enterprise. To make sure they can be controlled.

Answer 46

Virtual machine (VM) sprawl avoidance

Question 47

Pre-programmed security controls that prevents a virtual machine from escaping its hypervisor and infecting the host operating system

Answer 47

VM escape protection

Question 48

Computing **** are isolated areas that provide the functionalities required for software development, testing, staging, and production

Answer 48

Environment

Question 49

A ** environment is an isolated computing environment designed for software development

Answer 49

Development

Question 50

The ** environment is an isolated computing environment that resembles the production environment but is designed for software testing and troubleshooting

Answer 50

Test

Question 51

is an isolated computing environment where tested software is prepared for the production environment

Answer 51

Staging

Question 52

What is the process of ensuring manufactured components are clear of defects prior to its integration

Answer 52

Quality Assurance

Question 53

_______ is the process of assigning permission to users. ________ is removing the users’ permissions.

Answer 53

Provisioning/Deprovisioning

Question 54

The process to determine if unauthorized changes have been made to data.

Answer 54

Integrity measurement

Question 55

Is the process of removing unwanted characters from a string input prior to its processing

Answer 55

Normalization

Question 56

are pre-compiled functions to query a database

Answer 56

Stored procedures

Question 57

this the practice of writing code that is difficult to analyze by observing its source code

Answer 57

Obfuscation/Camouflage

Question 58

is code that when executed, its results are not used elsewhere within the application

Answer 58

Dead weight

Question 59

Applications can perform input validation and code execution locally or on a remote server

Answer 59

Server-side vs. client-side execution and validation

Question 60

Is the process of allocating memory to applications to avoid a memory leak

Answer 60

Memory Management

Question 61

Software developers use SDKs to create software within a pre-built programming environment

Answer 61

Use of third-party libraries and software development kits (SDKs

Question 62

occurs when the application loses control of its data during operations

Answer 62

Data Exposure

Question 63

OWASP is a nonprofit organization dedicated to the protection of web-based applications

Answer 63

Open Web Application Security Project (OWASP

Question 64

The process of having different components for software features and capabilities

Answer 64

Software diversity

Question 65

converts programming languages to binary language

Answer 65

Complier

Question 66

diversity is the act of creating identical binary images with different specifications

Answer 66

Binary

Question 67

The process of automating tasks and courses of actions to prevent, detect, and recover from security incidents

Answer 67

Automation/scripting Automated courses of action

Question 68

The process of constantly detecting and evaluating the risks associated with software systems

Answer 68

Continuous monitoring

Question 69

The process of constantly detecting and evaluating security baseline changes to software systems

Answer 69

Continuous Validation

Question 70

A technique to detect and resolve code conflicts by reducing interaction errors

Answer 70

Continuous integration

Question 71

is a technique to deploy changes quickly and sustainably to software systems

Answer 71

Continuous delivery

Question 72

is a technique to automatically release new software versions for immediate availability

Answer 72

Continuous deployment

Question 73

refers to a system’s ability to withstand changes without issue

Answer 73

Elasticity

Question 74

refers to a systems’ ability to increase its workload capacity with its current resources

Answer 74

Scalability

Question 75

is the process of tracking the changes to different versions of software

Answer 75

Version Control

Question 76

is the process of verifying an identity previously established in a computer system

Answer 76

Authentication

Question 77

allows centralized security management and provides a logical means of organizing resources (users, printers, etc.

data storage mechanism similar to database

Answer 77

Directory Services

Question 78

A collection of autonomous computer networks that agree on a common set of operating standards, identities can access resources on diverse networks

Answer 78

Federation

Question 79

What is the supplying of proof or evidence of some fact, Used to verify the trustworthiness of a system

Answer 79

Attestation

Question 80

An authentication technology that uses a time-based fact to create unique password

Answer 80

Time-based one-time password (TOTP)

Question 81

An authentication technology that’s based on the ____ algorithm

Answer 81

HMAC-based one-time password (HOTP)

Question 82

An authentication technology that’s based on sending text messages

Answer 82

Short message service (SMS)

Question 83

is a small piece of hardware that is used to identify and authenticate a user, Tokens can be virtual and contains, the user’s rights and access privileges

Answer 83

Token Key

Question 84

The password/cryptographic key remains on the
Usually would require an additional factor such as a PIN or password

Answer 84

Static Code

Question 85

allow the user to initiate a logon and the application generates a response that the user enters intothe system

Answer 85

Authentication Applications

Question 86

sends the user authentication notifications or access codes directly to the user’s mobile device

Answer 86

Push Notifications

Question 87

can be used to verify that the user is in possession of the actual mobile device

Answer 87

Phone Call

Question 88

carry long cryptographic tokens that are too large to guess

Answer 88

Smart Card Authentications

Question 89

factors are biological factors specific to an individual

Answer 89

Biometrics

Question 90

is the measurement of the pattern expressed by a person as they walk

Answer 90

Gait Analysis

Question 91

For biometrics to be effective, they must have both low false positive rates and low false negative rates

Answer 91

Efficacy Rates

Question 92

determines what level of false positives is allowed in the system

Answer 92

False Acceptance

Question 93

determines what level of false negatives, or rejections, are going to be allowed in the system

Answer 93

False Rejections

Question 94

(CER) is where both accept and reject error rates are equal, This is the desired state for the most efficient operation

Answer 94

Crossover error rate

Question 95

What Attributes are collections of artifacts that focus on elements associated with the user

Answer 95

Multifactor authentication attributes

Question 96

Something you ….., refers to presenting a trigger and measuring a response that cannot be fakedAn example is the results of a lie detector test

Answer 96

Something you exhibit

Question 97

verifies the identity of the subject by comparing one or more factors against a database of valid identities (e.g., user accounts

Answer 97

Authentication

Question 98

indicates who is trusted to perform specific operations For example, administrators grant a user access to files based on the user’s proven identity

Answer 98

Authorization

Question 99

provides accountability by ensuring that subjects can be held accountable for their actions

Answer 99

Auditing

Question 100

includes auditing, logging, and monitoring

Answer 100

Accounting

Question 101

Determination of authentication processes should rest on data criticality and who needs access

Answer 101

Cloud vs. on-premises requirements

Question 102

What is the use of multiple, independent elements to perform a critical function

Answer 102

Redundancy

Question 103

number of third-party companies offer high-speed connections for storing data in a separate facility, Depending on the level of security desired, the storage facility could be reinforced against possible threats in the area (such as tornados or floods

Answer 103

Geographic dispersal

Question 104

Disks are the primary storage mechanism in a system, whether composed of physical hard drives with spinning platters or solid-state memory devices

can increase the speed of data recovery as multiple drives can retrieve data at the same time

Answer 104

Redundant array of inexpensive disks (RAID 0)

Question 105

What splits data across all the drives with no redundancy offered

Answer 105

Redundant array of inexpensive disks (RAID) Level 0 (striped disks)

Question 106

What copies the data from one disk onto two or more disks
If any one disk is lost, the data is not lost since it is also copied onto the other disks

Answer 106

Redundant array of inexpensive disks (RAID) Level 1 (mirrored disks)

Question 107

What is designed to be able to recover the loss of any single disk using error-correcting technique

Answer 107

Redundant array of inexpensive disks (RAID) Level 2 (bit-level error-correcting code

Question 108

What spreads the data across multiple disks at the byte level with one disk dedicated to parity bits

Answer 108

Redundant array of inexpensive disks (RAID) Level 3 (byte-striped with error check)

Question 109

What stripes data across several disks but in larger stripes than in RAID 3, and it uses a single drive for parity-based error checking

Answer 109

Redundant array of inexpensive disks (RAID) Level 4 (dedicated parity drive)

Question 110

What stripes the data at the block level and spreads the parity data across the drives, is the most common method used

Answer 110

Redundant array of inexpensive disks (RAID) Level 5 (block-striped with error check)

Question 111

provides redundancy in the event of a problem with a network adapter

Answer 111

Multipath

Question 112

is the infrastructure that connects IT components

Answer 112

Network

Question 113

What move loads across a set of resources in an effort not to overload individual servers

Answer 113

Load balancers

Question 114

teaming groups multiple NICs together

This provides for load balancing and fault tolerance

Answer 114

Network interface card (NIC) teaming

Question 115

What are power supply systems that can function using a temporary battery backup in the event of a power failure

Answer 115

Uninterruptible power supply (UPS

Question 116

A ____ _______ is a system where two independent power supply units, either capable of handling the load, are used

Answer 116

Dual Supply

Question 117

PDU) is a device designed to handle the electrical power for server racks

Answer 117

Power Distribution Unit

Question 118

What is a dedicated network that connects compute elements to storage elements

Answer 118

Storage Area Network (SAN)

Question 119

What technologies can enable replication of processing units that can be manipulated between different computers

Answer 119

Virtual Machine (VM)

Question 120

Location is an important consideration when determining redundant storage locations

Answer 120

On Premise Vs Cloud

Question 121

What backup are all files and software are copied onto the storage media?

Answer 121

Full

Question 122

Backs up files that have changed since the last full or _____ backup occurred, Requires fewer files to be backed up

Answer 122

Incremental

Question 123

A _______ is a copy of a virtual machine at a specific point in time, a ____\ is created by copying the files that store the virtual machine

Answer 123

Snapshot

Question 124

Backs up files that have changed since the last full backup

Answer 124

Differential

Question 125

_____ drives are an older form of data storage mechanism, and they are characterized by their sequential read/write access. For bulk storage of backups, ____ is still a viable alternative in terms of cost and performance.

Answer 125

Tape

Question 126

The term _____ refers to either a physical hard drive with spinning platters or a solid-state memory deviceBacking up a ____ is a common operation for a single computer.

Answer 126

Disk

Question 127

What is the simplest form of backup for a file or set of files. One of the advantages of having users make copies of critical documents is the ability to do a quick restore in the event of an overwrite error.

Answer 127

Copy

Question 128

What is the use of a network connection to attach external storage to a machine

Answer 128

Network attached storage (NAS)

Question 129

What storage can increase security concerns because someone else is protecting the data

Answer 129

Cloud

Question 130

What backup is a specific structure of the backup file to match that of the system being backed up

Answer 130

Image based

Question 131

______ backups have the advantage of providing geographic separation of the backups from the original system, ____ backups are those stored on an offline system that is not accessible via the Internet

Answer 131

Online/Offline

Question 132

Backups that are ones stored in a location separate from the system being backed up

Answer 132

Offsite Storage

Question 133

What is also critical when examining the reach of a disaster, It is important that the offsite location is far enough away that it is not affected by the same incident.

Answer 133

Distance Considerations

Question 134

refers to system items that are not permanent and can change

Answer 134

Non-persistence

Question 135

A system’s ability to recover to a pre-incident state

Answer 135

Revert to known state

Question 136

A system’s ability to recover to a known state in the event of a boot failure

Answer 136

Last known-good configuration

Question 137

A bootable flash drive or DVD source that contains a complete bootable image of the OS

Answer 137

Live Boot Media

Question 138

The ability to maintain the availability of data and operational processing despite a disrupting event

Answer 138

high availability

Question 139

enables a system to accommodate larger workloads

Answer 139

Scalability

Question 140

The most important data needs to be identified and then backed up in a manner that facilitates its quick restore

Answer 140

Restoration Order

Question 141

Having ______ in technologies, vendors, processes, and controls can assist in resiliency through differences in failure modes

Answer 141

Diversity

Question 142

Having a diverse set of these elements improves the chances of catching an attacker, even when they can beat one or two control elements

Answer 142

Technologies

Question 143

Having diversity in the vendors used for security prevents vendor-specific forms of single points of failure and creates a more robust set of defensive capabilities

Answer 143

Vendors

Question 144

to work, both sides must agree on algorithms, keys, and other parameters, Diversity can still exist in this environment

Answer 144

Cryptographic solutions

Question 145

Multiple layers of different security controls lower your attack surface and increase your defense-in-depth

Answer 145

Controls

Question 146

are computers that are included as part of a larger system
Printers, SMART TVs, and automobiles have embedded systems

Answer 146

Embedded Systems

Question 147

________ is a low-cost (less than $50), single-board computer

Answer 147

Raspberry Pi

Question 148

What are electronic circuits that are programmed to perform a specific function

Answer 148

Field-programmable gate array (FPGA)

Question 149

is a single-board microcontroller, not a full-fledged computer like the Raspberry pi

Answer 149

Arduino

Question 150

What is the system that is designed to control automated systems in cyber-physical environments

Answer 150

Supervisory control and data acquisition (SCADA)/industrial control system (ICS)SCADA/ICS system

Question 151

SCADA systems find many uses in facilities, ranging from the building automation systems of the HVAC system, to pumps for water pressure, escalators and elevators, and fire alarms

Answer 151

Facilities

Question 152

Facilities that may include a fire alarm, surveillance, and HVAC system, depending on the requirements of the facility

Answer 152

Industrial

Question 153

Industrial facilities may include SCADA and PLC (programmable logic controllers) systems

Answer 153

Manufacturing

Question 154

systems include chemical, solar, and nuclear facilitiesLike manufacturing, energy systems may include SCADA

Answer 154

Energy

Question 155

What systems may include surveillance and geolocation, depending on the requirements of the facility

It can involve sea, surface (roads and rail), and air transport

Answer 155

Logistics

Question 156

refers to a device that connect directly via the Internet for a specific function

Answer 156

Internet of Things (IoT)

Question 157

is the transmission of voice communications over IP networks

Answer 157

VoIP(Voice Over IP)

Question 158

are climate control systems that are managed by embedded systems

Answer 158

HVAC systems

Question 159

combine the functionalities of a printer, scanner, and fax machine, with full network connectivity

Answer 159

Multi Function Printers (MFP)

Question 160

Real-time operating systems are designed for devices where the processing must occur in real time

Answer 160

operating system

Question 161

These are used in enterprises such as news organizations, which rely on getting the data live without extra processing delays

Answer 161

Surveillance Systems

Question 162

refers to a complete computer system miniaturized on a single integrated circuit

Designed to provide the full functionality of a computing platform on a single chip

Answer 162

System on a chip (SoC)

Question 163

communications use narrow bands of frequencies for low-data-rate communications
This type of radio offers advantages in range and power utilization

Answer 163

Narrow-band radio

Question 164

refers to the signal that is being transmitted and represents a single channel of communication

Answer 164

Baseband Radio

Question 165

A ____ card provides a means of identifying users and other key items of information when using telecommunication networks

Answer 165

Subscriber identity module (SIM) cards

Question 166

is a low-power mesh radio service used to connect sensors and basic devices

Answer 166

Zigbee

Question 167

When the ____ supply is interrupted and no backup ____ supply exists, the device stops functioning

______ drives many design elements because extra functionality that is not needed uses ____ without adding functionality

Answer 167

Power

Question 168

Excess ____ capacity results in more power drain and less useful life on a battery charge

Answer 168

Compute

Question 169

_____ limitations are due to constraints from power and connectivity

_____ devices require a radio transceiver, increasing power demands

Answer 169

Network

Question 170

_______ functions can be essential to secure data during transmission but the
The level of computational resources for ____ functions can be substantial

Answer 170

Cryptographic functions

Question 171

This is typically caused by a series of design decisions predicated on producing single-purpose devices like a Raspberry Pi or Arduino

Answer 171

Inability to patch

Question 172

_______ systems are critical system requirements sometimes not adopted by embedded and specialized systems

Answer 172

Authentication

Question 173

What is a function of power and is a limitation of many specialized and embedded systems

Answer 173

Range

Question 174

Extra functionality leads to extra ___

If this functionality isn’t needed in the final solution, the money is wasted

Answer 174

Cost

Question 175

refers that trust that has not been specifically set up but exists

Answer 175

Implied Trust

Question 176

________ are physical barriers that are designed for an attacker to only gain access by a single gap
A _______ is a simple post-type barricade that prevents a vehicle from passing but allows people to walk past

Answer 176

Barrier
Bollard

Question 177

An _______ _____ ______ is composed of two closely spaced doors that require the user to card through one and then the other sequentially

Answer 177

access control vestibule

Question 178

A _____ with a picture on it can enable others to quickly determine the identity of an employee or recognize an intruder

Answer 178

Badge

Question 179

______ can provide information as to areas that are restricted, or it can indicate where specific precautions, such as keeping doors locked, are required

Answer 179

Signage

Question 180

______ enable the re-creation of scenes at a later date

Video ____ offer an even greater range of surveillance capability

Answer 180

Camera

Question 181

What technology can sense differences in temperature, which can be from a person entering a room

Answer 181

Motion recognition

Question 182

What technology can scan video for movement and detect people, cars, and other designated objects such as packages left on a porch

Answer 182

Object detection

Question 183

______ are used to monitor a workplace for security purposes

These systems are commonplace places with high-value merchandise that is attractive to thieves like banks and jewelry stores

Answer 183

Closed-circuit television

Question 184

Utilities that made physical modifications less conspicuous and improve the visual surroundings

An example is 58 Joralemon Street, New York City, which is a ventilation shaft and emergency access to the New York subway

Answer 184

Industrial Camouflage

Question 185

What provides a simple means of securing portable equipment to furniture or another fixture in the room where the equipment resides

Answer 185

Cable locks

Question 186

______ are devices that impede a specific function unless a code is entered

This code is compared to a stored secret, and if the correct code is entered, the lock engages the mechanical stop and allows the mechanism to open

Answer 186

Electronic Locks

Question 187

Laptops are popular targets for thieves and should be locked inside a desk when not in use, or secured with special computer lockdown cables

Answer 187

Locks

Question 188

What prevents attackers from infecting a device with malware or stealing data

Answer 188

USB Data Blocker

Question 189

What is a Class A fire?

Answer 189

Common Combustibles, Wood, Paper.
Water or Dry chemical, ASHE

Question 190

What is a class B fire?

Answer 190

Combustible liquids, petroleum products/organic solvents
Co2 or dry chemical

Question 191

What is a class C fire?

Answer 191

Electrical, electrical equipment, wiring, or tools. Co2 or dry chemical
Class SEE

Question 192

What is a class D fire?

Answer 192

Flammable metals like magnesium or titanium, copper metal or sodium chloride

Question 193

A ____ _____ can send alerts in areas where there is little or no expected traffic
_____ ______can be used to trigger video systems, so they do not record large amounts of “empty” activity

Answer 193

Motion Detectors

Question 194

What are sensors that provide a signal at a specified distance

The most common application of these are card readers connected to doors

Answer 194

Proximity readers

Question 195

What sensors provide a remote means of monitoring everything from water leaks to humidity problems

Answer 195

Moisture Detection

Question 196

What can provide much greater detail in tracking who is in a facility and when they have come and gone

Answer 196

Cards

Question 197

What should be placed in highly temperature-controlled areas such as server rooms

Answer 197

Temperature sensors

Question 198

What can provide security to physical facilities remotely, providing eyes on demand in a variety of places

Answer 198

Drones

Question 199

What is an enclosure that’s designed to contain the transmission of radio signals

Answer 199

A faraday cage

Question 200

What is a term used to describe the physical and logical separation of a network from all other networks

This separation is designed to prevent unauthorized data transfers to and from the network

Answer 200

Air Gap

Question 201

A security zone that contains public facing servers or systems where access is restricted

Answer 201

Screened Subnet

Question 202

provides security to the cabling between systems from all physical hazards, including interception and tapping

Answer 202

Protected cable distribution

Question 203

____ _____ are those areas where specific preventative measures are taken to control access both to and from

_____ _____limit information and people flow in and out of the area

Answer 203

Secure areas

Question 204

An ___ ___ is a security measure implemented to ensure that systems within a secure network are totally isolated (not connected) from an unsecure network such as the Internet

Answer 204

Air gap

Question 205

A ____ is a secured area that is designed to provide a specific level of security for what is stored inside

Answer 205

Vault

Question 206

are physical storage devices that are intended to impede unauthorized access to their protected contents

Answer 206

Safes

Question 207

A data center that is arranged into ____ _______ dictates that all the intake fans on all equipment face the cold aisle and that the exhaust fans all face the opposite aisle

Answer 207

Hot & Cold Aisles

Question 208

Once the storage media is rendered into a form that can be destroyed by fire, the chemical processes of fire are irreversible and render the data lost forever

Answer 208

Burning

Question 209

is a process by which paper fibers are suspended in a liquid and recombined into new paper

Answer 209

Pulping

Question 210

is a physical process of destruction using excessive physical force to break an item into unusable pieces

Answer 210

Pulverizing

Question 211

______ realigns the magnetic particles, removing the organized structure that represented the data

______ effectively destroys all data on the media

Answer 211

Degaussing

Question 212

Vendors sell data destruction as a service

These vendors can take advantage of scale, increasing the capability while sharing the cost of equipment

Answer 212

Third Party Solutions

Question 213

_____ ______ are the result of a hashing algorithm used to sign a message

A ______ _______ system is used to ensure that a message was not altered during transmission, and that the message did in fact come from the sender and not an imposter

Answer 213

Digital Signature

Question 214

The strength of a cryptographic function typically depends upon the strength of a key

The more valuable the data, the longer the key should be

Answer 214

Key Length

Question 215

___ _______is a mechanism that takes what would be weak keys and “stretches” them to make the system more secure against brute-force attacks

Answer 215

Key Stretching

Question 216

______ is the practice of placing random digits at the end of a password prior to the hashing process

______ increases the complexity of the hash therefore increasing the work factor required to decrypt a message

Answer 216

Salting

Question 217

is used to ensure the accuracy of data

A ______ function is used to derive an output with a fixed length from a message with a variable length

Answer 217

Hashing

Question 218

With symmetric encryption the message to be protected is encrypted and decrypted using the same secret key

Asymmetric encryption uses two separate keys to encrypt and decrypt the message

Answer 218

Key Exchange

Question 219

What allows the client’s session key to be encrypted with the server’s public key, but the public key never changes
If an attacker steals the server’s private key in the future, they could then decrypt the stored, captured traffic

Answer 219

Diffie-Hellman Exchange (DHE)

Question 220

What is based on a discrete logarithm problem that mathematicians believe to be extremely difficult to solve
The derived key length from an elliptic curve algorithm is smaller in comparison to RSA with the same equivalency in work factor

Answer 220

Elliptic curve cryptography

Question 221

What is a property of a public key system in which a key derived from another key is not compromised, even if the originating key is compromised in the future

Answer 221

Perfect forward secrecy (PFS)

Question 222

Quantum computers use a structure called qubits, which allow information to be represented differently than just “on” or “off ” as binary bits do

Answer 222

Quantum communications

Question 223

Quantum hardware is still in its early stages of development, and the immense computing power in these platforms will revolutionize cryptography

Quantum cryptography is the use of quantum _______ hardware to perform encryption and decryption processes

Answer 223

Computing

Question 224

There are currently several cryptographic algorithms that have been developed to use different mathematical properties
These algorithms make simultaneous solution sets not as effective, thus limiting the power of quantum computing

Answer 224

Post Quantum-Era

Question 225

are cryptographic keys that are used only once after generation

Answer 225

Ephemeral keys

Question 226

________ encryption with associated data (AEAD) is a form of encryption designed to provide both confidentiality and authenticity services A wide range of _________ modes is available for developers, including GCM, OCB, and EAX

Answer 226

Authenticated

Question 227

What modes use a non-identity-based source for the entropy element for subsequent blocks
Each block is XORed with the previous ciphertext block before being encrypted

Answer 227

Unauthenticated

Question 228

_______ mode (CTM) uses a “_____” function to generate a nonce that is used for each block encryptionDifferent blocks have different nonces, enabling parallelization of processing and substantial speed improvements

Answer 228

Counter

Question 229

What are lists of records, where each addition to the list is done by a cryptographic algorithm
The concept of this was invented to create the public transaction ledger of cryptocurrencies

Answer 229

Blockchain

Question 230

What is a negotiated package of algorithms, ciphers, and protocols used to manage a conversation between two systems
This suite will list the key exchange mechanism, the authentication protocol, the block/stream cipher, and message authentication

Answer 230

Cipher suite

Question 231

What is a method of encrypting text (to produce ciphertext) in which a cryptographic key and algorithm are applied to a block of data (for example, 64 bits) at once as a group rather than to one bit at a time

Answer 231

Block Cipher

Question 232

What is a method of encrypting text (to produce ciphertext) in which a cryptographic key and algorithm are applied to each binary digit in a data stream, one bit at a time. _________ are often used for their speed and low latency

Answer 232

Stream Cipher

Question 233

_________ encryption tends to be faster, is less computationally involved, and is better for bulk transfers. __________ encryption uses two keys, and it is slower but more secure

Answer 233

Symmetric
Asymmetric

Question 234

What is a specialized suite of cryptographic algorithms designed to operate in IoT environments that are resource-constrained

Answer 234

Lightweight cryptography

Question 235

What is the art of using cryptographic techniques to embed secret messages within another message

Answer 235

Steganography

Question 236

H is a set of algorithms that allows operations to be conducted on encrypted data, without decrypting and re-encryptin

Answer 236

Homomorphic encryption

Question 237

Cryptographic functions tend to take significant computational powerCryptographic functions such as elliptic curve cryptography are well suited for ______ ____

Answer 237

Low-power devices

Question 238

Stream ciphers are examples of ____ ________ cryptographic operations that support operations with time constraints

Answer 238

Low-Latency

Question 239

Cryptographic solutions can help systems to resume normal operational conditions after an external disruption

Answer 239

High Resiliency

Question 240

Cryptography is the primary means of protecting data confidentiality—at rest, in transit, and in use

Answer 240

Supporting Confidentiality

Question 241

Message authentication codes (MACs) supported by hash functions are an example of cryptographic services supporting integrity

Answer 241

Supporting integrity

Question 242

Encryption systems can protect code from casual observation by unauthorized parties

Answer 242

Supporting obfuscation

Question 243

Cryptographic functions can be employed to demonstrate authentication, such as the validation that an entity has a specific private key associated with a presented public key

Answer 243

Supporting authentication

Question 244

What is the ability to verify that a message has been sent and received so that the sender (or receiver) cannot refute sending (or receiving) the information

Answer 244

Support Non Repudiation

Question 245

The more complex the algorithm, the more rounds that are performed and the stronger the encryption, but the slower the throughput

Answer 245

Speed

Question 246

What is a means of approximating strength, at a cost of speed, Longer keys take longer to generate, and the more rounds a system operates, the longer the time to encrypt/decrypt

Answer 246

Size

Question 247

What are keys that result in weak encryption, despite its key length
Currently DES, RC4, IDEA, Blowfish, and GMAC algorithms can suffer from weak keys

Answer 247

Weak Key

Question 248

The objective of cryptography is to protect data for a long-enough period that brute-force decryption is not a factor in the security equation, Older methods, such as DES, have proven to no longer provide long protection times due to modern computing speeds.

Answer 248

Time

Question 249

If we want to protect materials for the next 25 years, we need to consider what computing power will be available in the next 25 years—a challenge given advances in quantum computing

Answer 249

Longevity

Question 250

The use of cryptographic random numbers is important, as it removes the _______ problem of pseudorandom number generators

Answer 250

Predictability

Question 251

The more material that an attacker can get using the same key, the greater his ability to use cryptanalysis tools to break the scheme. This is how the Enigma and Purple machines failed during WWII

Answer 251

Reuse

Question 252

What is the measure of randomness associated with a series of values
A lack of good _______ may leave a cryptosystem vulnerable and unable to securely encrypt data

Answer 252

Entropy

Question 253

One of the limitations of a cryptographic system is the level of ______ ______ needed to generate the system
Different algorithms have differing means of computing the complexity that makes cryptographic solutions secure

Answer 253

computational overhead

Question 254

Constraints the intended use of the system should be considered when determining its cryptographic solution

Answer 254

Resource vs. Security