Domain 2 Flashcards

1
Q

While installing a windows patch file on a test workstation, the file fails to install. The installation instructions are easy to follow and include a long set of numbers in the form of 35533ce129738fb447deb9003fd54c17. Why is this long set of numbers important to know?

A

A checksum is a set of digits as a result of a cryptographic formula. The integer in question is a result of an MD5 checksum. Capturing the same checksum result from the source file and the copied file (at its destination) proves the file was not changed in transit.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

A systems administrator is developing the organization’s standard naming conventions. When considering naming user accounts, why is it important for the administrator to avoid using nicknames or common words?

A

Nicknames and common words anonymize users and should not be used in standard naming conventions. Usernames should identify a person by some combination of first and last name and/or initials.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Hardware Security Module (HSM)

A

A Hardware Security Module (HSM) is a device used to generate, maintain and store cryptographic keys. It can be an external device and can easily be added to a system. The HSM will maintain the integrity of the key.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Trusted Platform Module (TPM)

A

is a hardware-based encryption solution that is embedded in the system and provides secure key storage for full disk encryption.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

hardware root of trust

A

is a known secure starting point by embedding a private key in the system. The key remains private until the public key is matched.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

System on a chip (SoC)

A

system on a chip includes all the functionality of a system in a compact solution. Mobile computing devices typically have this.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Code obfuscation

A

is the method of disguising coding methods by way of renaming variables, replacing strings, and hiding code comments.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Private cloud

A

A private cloud is defined as computing services offered either over the Internet or within a private internal network. Only certain authorized users can access a private cloud infrastructure.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

A company would like to steer away from the use of proprietary hardware to route traffic at the data plane level through virtualization. Which of the following is a good solution for the company?

A

A Software Defined Network (SDN) separates data and control planes in a network. It uses virtualization to route traffic to its intended destination, instead of using proprietary hardware.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Devices strategically placed where servers may deliver functionality to consumers quickly and where data is pulled to the center for processing is considered which of the following?

A

Edge computing is a distributed model that is accomplished at or near the source of the data where it is needed. These devices perform early processing of data to and from edge devices to enable prioritization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

what is fog computing?

A

Fog computing is the placement of a node or nodes for processing resources close to the physical location of Internet of things (IoT) sensors. The fog node prioritizes traffic, analyzes and remediates conditions, and backhauls remaining data to the data center for storage and analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Thin client

A

A thin client is a low power computer that runs from resources stored on a central server. A thin client works by connecting remotely to a server-based computing environment in which applications, data, and memory are stored.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Remote Desktop Protocol (RDP)

A

Remote Desktop Protocol (RDP) provides a secure means to remotely access a user interface on a system in a separate location.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

VM Sprawl

A

Virtualization sprawl is a phenomenon that occurs when the number of virtual machines (VMs) on a network reaches a point where the administrator can no longer manage them effectively. This can happen by patch mismanagement or simply too many virtual machines.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

VM Escape

A

Virtual machine escape is a vulnerability that enables a user to gain access to the primary hypervisor and associated virtual machines.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Continuous integration

A

allows for the merging of code changes into a central repository. The code is built and tested each time it is checked into the environment, providing a more efficient method to code production.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Agile

A

The Agile methodology of software development focuses on cross-functional teams working together throughout the life cycle of a project.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

waterfall

A

The waterfall method of development maintains a top to bottom approach. When one stakeholder has finished his or her piece of work, then another can begin.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Which of the following secure coding techniques makes code more difficult to read for an attacker?

A

Code obfuscation is the method of disguising coding methods by way of renaming variables, replacing strings, and hiding comments. This a secure coding practice.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

While developing an online service application for a grocery store, a programmer implements an open source application programming interface. This implementation reduces the testing effort and speeds up the programming effort. What technique did the programmer execute?

A

Code reuse is the practice of using existing code (code previously developed) for a new function in a system. Because the code was previously built and published, it has also been tested for vulnerabilities and errors.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Version control

A

Version control tracks the versions of software in real time. It will record who has accessed the code, and what was changed. Version Control also allows for rollback if necessary.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

A developer uses a group of SQL statements to accept input data for validation. What technique did the developer use to protect from SQL injection attacks?

A

A stored procedure is a set of Structured Query Language (SQL) statements stored in a database as a group, so it can be reused and shared by multiple programs. Stored procedures can validate input.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

state table

A

A state table contains information about sessions between network hosts. This type of data is gathered by a stateful firewall.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

A capability delivery team (CDT) reduces software development risk and cost while increasing the speed of delivery to the customer with updated software. What is the CDT providing the customer?

A

Continuous delivery is an agile software engineering approach that streamlines the processes of building, testing, and releasing software. This leads directly to faster delivery of software updates to the customer, reduced development risk through frequent, smaller updates, and cost reductions through process efficiency.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Continuous deployment

A

automates the process of delivering software to a production environment, which can decrease the software development lifecycle. However, while this can indirectly lead to the benefits described in the question, it doesn’t directly answer the question’s focus on reducing risk, cutting cost, and faster delivery to the customer.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Continuous integration

A

is a method that frequently merges code changes into a main repository where it’s regularly built and tested. This practice reduces integration issues and bugs in the development phase, but it doesn’t directly address the reduction of risk, cost, and speed of delivery to the customer as described in the question.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

DevSecOps

A

with its continual security focus and stakeholder interaction, is a critical process in software development, it doesn’t directly tackle the question’s emphasis on risk reduction, cost cutting, and accelerated delivery to the customer. It’s more focused on integrating security considerations into every phase of the development process.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

During testing, an application demonstrates poor performance in the amount of time a function to the database retrieves results. What should developers ensure in the database, to improve performance?

A

Normalization is used to optimize database performance by removing duplicates, use of primary keys, and related data contained in separate tables.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Which input validation method in a client-server architecture can improve application performance by catching deformed input on the front-end and is not used as the only form of security?

A

Client side input validation verifies data is valid upon entry to the system. Proper input validation uses a set of rules to validate entries in fields for proper use. In the event an entry is invalid, the application will reject the entry.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Server side

A

validations occur on the web server or back-end and take more time to complete. Validation on the server side is more secure than client side validation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

A development team considers software quality and cybersecurity analysis both early and throughout the software lifecycle. It enables building, testing, and releasing of software faster and more frequently. Which of the following objectives does this most likely provide the customer?

A

Continuous delivery is an agile software engineering approach that allows for the building, testing, and releasing of software with greater speed and frequency, providing the customer a continuous product.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

The software development lifecycle (SDLC)

A

of a project consists of the following attributes: defining requirements, design, implementation, verification, and maintenance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

Model verification

A

Is testing to ensure the software meets the customers functional and physical requirements.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

Upon the company launching a new hiring campaign, a system administrator is tasked with increasing resources to meet the new demand but also ensuring that similar cost ratios are maintained. What strategy is the administrator using to meet these new requirements?

A

Scalability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

Which of the following describes the ability of a system to adapt to current demands by provisioning and deprovisioning resources as needed?

A

Elasticity

36
Q

False Rejection Rate (FRR)

A

The False Rejection Rate (FRR) is when a legitimate user is incorrectly rejected in a biometric system. The FRR commutates the number of times a false rejection occurs as a percentage.

37
Q

False Acceptance Rate (FAR)

A

is the calculation of when a biometric system incorrectly identifies an unauthorized user as an authorized user as a percentage.

38
Q

The Crossover Error Rate (CER)

A

is the position where the False Rejection Rate (FRR) and the False Acceptance Rate (FAR) cross one another. A lower CER indicates a more accurate biometric system.

39
Q

rate of return (RoR)

A

is considered the net gain or loss of an investment over a specified period of time and generally expressed as a percentage of the initial cost.

40
Q

The security team for a large company performed a risk assessment and identified three main entry points for biometric scanner installation. They install an iris scanner and are engaged in fine-tuning the system. Which metric is the security team currently adjusting?

A

The process of fine-tuning a biometric system involves adjusting the Crossover Error Rate (CER), the point at which the false rejection rate and false acceptance rate meet.

41
Q

An employee logs into the network with credentials, and then the network provides an access key. This key accesses network resources, such as shared files and printers, which the employee uses to complete tasks. Based on this scenario, what does the employee utilize?

A

Directory services are the principle means of providing privilege management and authorization on an enterprise network. A key will be generated for the user, which contains the group members of the authenticated user.

42
Q

When considering installing a biometric recognition system in a company facility, which of the following considerations is least relevant to managing traffic control?

A

False rejection rate is the least relevant figure because it only causes inconvenience to users, who should have access and are rejected in error.

43
Q

What major advantage does Time-Based One-Time Password Algorithm (TOTP) have over HMAC-Based One-Time Password Algorithm (HOTP)?

A

TOTP adds an expiration time to the token, making it more difficult to gain access to resources if a device is intercepted.

44
Q

An organization implements Directory Services as a management access control. Which of the following attributes will be used for authentication and role identification?

A

Directory Services provide privilege management and authorization to a network by storing user information such as groups, roles, and services allowed into a Distinguished Name (DN). Directory services are used to structure user management and implement access security.

45
Q

A startup company adds a firewall, an IDS, and a HIPS to its infrastructure. At the end of the week, they will install HVAC in the server room. The company has scheduled penetration testing every month. Which type of layered security does this represent?

A

Control diversity is the use of multiple security control types. The firewall, Intrusion Detection System (IDS) and Intrusion Prevention System (IPS) are technical controls. The Heating, Ventilation and Cooling (HVAC) is a physical control and the penetration testing is administrative.

46
Q

To provide new functionality in a company’s business processes, the system requires a new Line of Business (LOB) application. The application awaits installation. Which of the following is the BEST approach for implementation of the new application on the server?

A

Snapshots are backups of a system that can be used to quickly recover from erroneous installs of new applications or patches. The snapshot should be taken before the application or update is installed. The new application should be tested before applying to production.

47
Q

A company is implementing the use of an alternate site in the event of a disaster. The plan is to replicate data between the main site and the alternate site on a continuous basis. The sites are a few hundred miles apart. Which statements are true regarding replication? (Select all that apply.)

A

Synchronous replication is particularly sensitive to distance. With synchronous replication, sites will replicate with each other at the same time. Latency is a possibility with slow links and long distances. Asynchronous replication is a data protection process that indicates data is mirrored from a primary site to a secondary site.

48
Q

Differential

A

A differential backup begins with a full backup, and copies information that has changed since the previous full backup. Backups are copies of data created to ensure data can be restored if corrupted or lost. Restoring this data would only need two backup sets.

49
Q

incremental backup

A

An incremental backup copies all data that has been changed since the last full or incremental backup. A full backup followed by each incremental would restore the system.

50
Q

PDU-Power Distribution unit

A

A power distribution unit (PDU) distributes power to networking equipment within racks. It provides protection against electrical spikes and can integrate with UPS.

51
Q

Uninterruptible Power Supply (UPS)

A

Uninterruptible Power Supply (UPS) consists of a collection of batteries, their charging circuit, and an inverter to generate AC voltage from the DC voltage in the batteries. A UPS can be placed at the system level to provide data availability.

52
Q

Severe weather recently caused a power outage at a small company. Once the power restored, a Jr. Level Systems administrator brought all systems back online. However, users immediately began reporting issues. The Jr. Systems Administrator admitted to not having an order of restoration plan, resulting in difficulties resetting the systems. Evaluate the following options and select a plan that the administrator should have followed to correctly complete the task.

A

Step 1. Enable and test power

Step 2. Enable and test infrastructure

Step 3. Enable and test critical network servers

53
Q

A company has implemented a Virtual Desktop Infrastructure (VDI) where the user’s desktop operates as a Virtual Machine (VM) on a centralized server. When users log off the machine, any changes made at the VM level are not saved. Which of the following ensures non-persistence has been implemented?

A

The company has implemented a revert to known state mechanism that allows for the Virtual Machines (VM) to use a centralized server. The desktop is the same for all users and when the users log off, the desktop reverts to the last known configuration or snapshot.

54
Q

Live Boot Media

A

creates a non-persistent bootable installation that includes the operating system and runs directly from a disk or similar storage device into a computer’s memory.

55
Q

trusted platform module (TPM)

A

is a hardware chip on a motherboard that provides a local secure boot process where the encryption key is placed inside the CPU.

56
Q

A service tech working for a major ISP is installing a new VoIP system for a corporate customer. Recommend a method of securing data transport for the VoIP system in order to protect audio data from calls.

A

Secure Real-time Transport Protocol (SRTP) is the secure version of Real-time Transport Protocol (RTP), a network protocol used for transport of voice and video data. SRTP provides confidentiality for the actual call data.

57
Q

Session Initiation Protocol Secure (SIPS)

A

is the encrypted version of Session Initiation Protocol (SIP), a session control protocol used to establish, manage, and disestablish communications sessions. SIPS protects session data and end-user devices.

58
Q

PBX

A

is a private telephone network that is used by a business or company. PBX users can communicate internally and externally through various channels of communication including Voice through IP.

59
Q

Quality of Service (QOS)

A

refers to data traffic management technology that reduces network packet loss, jitter and latency.

60
Q

Crypto

A

features are widely used on network but limited to IoT devices. Producing, for example cryptographic identification, is a part of network security.

61
Q

Authentication to IoT

A

Authentication to IoT devices are mostly non-existent because of the limited compute and functionality of the devices. Local and remote access cannot be audited properly in this manner.

62
Q

Implied trust

A

Implied trust means that every device that has been added to the network is trusted, on the assumption that it was added and continues to be operated by a legitimate administrator. Many of these devices are plug-n-play, and a compromised device may infect other devices on the network.

63
Q

LTE Machine Type Communication (LTE-M)

A

is a type of baseband radio that supports cellular network bandwidth of up to 1 Megabit per second (Mbps).

64
Q

Narrowband-IoT (NB-IoT)

A

is a type of baseband radio that has limited data rates between 20 to 100 Kilobits per second (Kbps). This is more suitable for inaccessible locations that require signal penetrating power.

65
Q

Zigbee

A

is a wireless communications protocol used primarily for home automation. Zigbee is an open source solution that uses 2.4 GHz frequency band. It has no communication hop limitation with multiple devices in a singular network.

66
Q

subscriber identity module (SIM

A

is an identifier of the subscriber using the LTE-based cellular radio device such as a smart phone.

67
Q

Raspberry Pi

A

is an example of a System on Chip (SoC) board that was initially devised as an educational tool. It is now widely used for industrial application and hacking.

68
Q

Arduino

A

is an example of a SoC board that was initially devised as an educational tool. It is now widely used for industrial application and hacking.

69
Q

Field programmable gate array (FPGA)

A

is a type of embedded controller that a customer can program the logic for, to run a specific application. These are used specifically for industrial purposes.

70
Q

Real time operating system (RTOS)

A

is a type of embedded system that operate devices that perform acutely time-sensitive tasks. These are not made for educational purposes.

71
Q

The Demilitarized Zone (DMZ)

A

is between the two firewalls providing a layer of protection for the internet facing servers. It is an area of a network that is designed for public and company use. The DMZ is a buffer network between the public untrusted Internet and the private trusted LAN.

72
Q

An Ad Hoc zone

A

s created when two or more wireless devices connect to one another creating an on-demand network.

73
Q

Which of the following use asymmetric algorithms?

A

RSA is an asymmetric algorithm used to create digital signatures. It can be used to encrypt short messages. Digital Signature Algorithm (DSA) is an asymmetric algorithm used by NIST that adopts ElGamal’s algorithm. It uses the private and public keys from Diffie-Hellman in a similar way to RSA key pairs.

74
Q

Data Encryption Standard (DES)

A

is a symmetric block cipher using 64-bit blocks and a 56-bit key. 3DES (Triple DES) is where the plaintext is encrypted three times using different subkeys.

75
Q

Advanced Encryption Standard (AES)

A

is a symmetric block cipher with a block size of 128 bits and key sizes of 128, 192, or 256 bits. It is faster and more secure than 3DES.

76
Q

What are the differences between RC4 and 3DES ciphers?

A

RC4 is a stream cipher meaning each byte or bit of data in the plaintext is encrypted one at a time.3DES uses 64-bit blocks and a 56-bit key, but the plaintext is encrypted three times using different subkeys

77
Q

Digital signatures on an email rely on a Public Key Infrastructure (PKI). The certificate used for this purpose can be safely stored on a smart card. What is the purpose of a digital signature, and how is the sender’s private key used?

A

The sender’s private key is used to encrypt the message digest of the email. The message digest is a result of a pre-agreed hashing algorithm, such as SHA-256 or MD5.A digital signature is for non-repudiation. This process involves a person sending an email, with their digital signature on the email.

78
Q

Developers are testing an application in the lab where two servers are communicating in a very secure manner. Each session is encrypted using perfect forward secrecy. How is this secured communication possible?

A

Ephemeral key is the main component of ECDHE that gives it perfect forward secrecy. There is a different secret key for each session during transport. ECDHE (ECC with D-H ephemeral mode) uses ephemeral keys for each session which provide perfect forward secrecy. It is a step above security for regular ECC, and better than RSA’s algorithm.

79
Q

Elliptic curve cryptography (ECC)

A

although better than RSA’s algorithm, has the problem that a compromise of its encryption keys will affect all communications.

80
Q

A complex control system for a utility company has been developed. It includes workstations, servers, sensors, control boxes and some operating logic. It is designed to use cryptography so that a compromise of a small part of the system does not compromise the rest of the system. How does cryptography assist with this level or resiliency?

A

A system is resilient if it prevents a compromise of a small part of the system compromising the whole system. Cryptography assists this goal by ensuring the authentication and integrity of messages delivered over the control system.

81
Q

Two servers are deployed in a lab. A systems administrator wants to test implementing a secure means of communication. There is an option to implement ECDHE (ECC with D-H ephemeral mode). Why would this preferred to other options like RSA?

A

Perfect forward secrecy ensures that a compromise of long-term encryption keys will not compromise data encrypted by these keys in the past. An ephemeral key is the main component of ECDHE that makes it a perfect forward secrecy. There is a different secret key for each session during transport.

82
Q

A client browser does not support secure connections to web server. A Transport Layer Security (TLS) connection is being established with Diffie-Hellman Ephemeral (DHE) mode. Why does the browser not support DHE?

A

Ephemeral key in this case is used as Elliptic Curve Diffie-Hellman Ephemeral (ECDHE) for Perfect Forward Secrecy (PFS). ECDHE will only work if both client and server support the same PFS-compatible suite or ephemeral keys. Otherwise, Elliptic Curve Diffie-Hellman (ECDH) without Ephemeral should be used.

83
Q

Rivest, Shamir, Adleman (RSA)

A

is widely deployed as a solution for creating digital signatures and key exchange. Client browsers support RSA.

84
Q

Advanced Encryption Standard (AES)

A

using 128-bit key lengths is a standard for many technologies including email and Kerberos. Browsers support AES128.

85
Q

Message Digest Algorithm (MDA)

A

also known as MD5, and Secure Hash Algorithm (SHA) are hashing algorithms. In this case, SHA256 is being used.

86
Q

A mobile application communicates with a central web server and sends blocks of data of 128 bits. The software developer wants to use an optimal cypher algorithm that will support confidentiality in the fastest way possible. Which cipher and mode should be used in this situation?

A

A block cipher is optimal because the block size is already defined by the application. A cipher like AES will provide the confidentiality required.
Electronic Code Book (ECB) is a mode operation that will process the encryption in blocks using the same key. This is the simplest and fastest mode.