Domain 4

Question 1

IKE

Answer 1

Internet Key Exchange uses diffie-hellman style of negotiation Use public key certificates

Question 2

IPSec

Answer 2

IP Security

Question 3

Which Port is IPSEC on

Answer 3

UDP port 500

Question 4

Phase 2 of IPSec

Answer 4

Tunnel is created and is the “production channel”

Question 5

What gets hashed in ESP Auth

Answer 5

old combined fields 3,4 and payload

Question 6

Phase 1 of IPsec

Answer 6

Negotiation of tunnel

Question 7

Define SPI in IPSec

Answer 7

Security Parameter Index (SPI) is an identification tag added to the header while using IPsec for tunneling the IP traffic

Question 8

L2TP

Answer 8

Layer 2 tunneling protocol

Question 9

what layer does IPSec operate on

Answer 9

Layer 3

Question 10

ESP

Answer 10

Encapsulating Security Payload

Question 11

When Combining two systems on a network with IPSec the risk is

Answer 11

There could be duplicate IPs

Question 12

Define RFC 1918

Answer 12

Request for Comment 1918 (RFC 1918), “Address Allocation for Private Internets,”

Question 13

MTU

Answer 13

Maximum Transmission Units

Question 14

PPTP

Answer 14

Point-to-point tunneling protocol

Question 15

ESP Header

Answer 15

Contains info showing which security association to ue and the packet sequence number

Question 16

MPLS

Answer 16

Multi-protocol label switching

Question 17

Define MPLS

Answer 17

Multiprotocol Label Switching (MPLS) is a routing technique in telecommunications networks that directs data from one node to the next based on short path labels rather than long network addresses

Question 18

ESP Payload

Answer 18

Contains the encrypted part of the packet. If the encryption to use when the security association is establsihed

Question 19

ISAKMP

Answer 19

Internet security association key management protocol

Question 20

Characteristics of ISAKMP

Answer 20

Bi Directional. RFC 2048

Question 21

ESP Trailer

Answer 21

May include padding (filler bytes) if requires by the encryption ALGO or to align fields

Question 22

Authentication field (ESP Auth)

Answer 22

This field contains the integrity check (hash) of the ESP packet.

Question 23

Steps of IPSec

Answer 23

1. Sender created segment with port address set to 500 2. sender sends segment to device that is set to create and ipsec tunnel if “interesting traffic” shows up 3. interesting traffic arrives at device, device looks at layer 3 header and figures out where its going to tunnel to 4. device invokes ISAKMP and builds bi-directional tunnel 5. If key pairs, uses diffie hellmen called ISAKMP-Oakily 6. Security Parameter Index appears on each device 7. Enter Phase 2, creates permanent tunnel 8. Data is then passed between phase 2 tunnel

Question 24

SSAE 16

Answer 24

Replaced SAS 70 Auditing Standard. Replaced by SSAE18

Question 25

SSAE 18

Answer 25

Newer version of SSAE 16 Scope is to look for control gaps referred to as a “finding”

Question 26

AT 801

Answer 26

AT 801 applies to examination engagements to report on controls at organizations that provide services to user entities when those controls are likely to be relevant to user entities’ internal control over financial reporting.

Question 27

ISAE 3402

Answer 27

Global Standard of Auditing

Question 28

Auditing type 1

Answer 28

Audits a Point in time. Checks on that the process of what you are currently doing (snap shot) ( present time only)

Question 29

Auditing type 2

Answer 29

Audits a period of time. Checks on historical business operations. Most in depth and covers a period of time (ex. past 10 years)

Question 30

Auditing Word Pair

Answer 30

Qualified Report - A qualified report is one in which the auditor concludes that most matters have been dealt with adequately, except for a few issues. An auditor’s report is qualified when there is either a limitation of scope in the auditor’s work, or when there is a disagreement with management regarding application, acceptability or adequacy of accounting policies. For auditors an issue must be material or financially worth consideration to qualify a report. The issue should not be pervasive, that is, the issue should not misrepresent the factual financial position. Unqualified Report - In an unqualified report, the auditors conclude that the financial statements of your business present fairly its affairs in all material aspects. The opinion embodies the assumptions that your business observed compliance with generally accepted accounting principles and statutory requirements. Also known as a clean report, such a report implies that any changes in the accounting policies, their application and effects, are adequately determined and divulged.

Question 31

SAS 70 (old) consists of two types of audits

Answer 31

Type 1. “report on the fairness of the presentation of management’s description of the service organization’s system and the suitability of the design of the controls to achieve the related control objectives included in the description as of a specified date. Type 2: report on the fairness of the presentation of management’s description of the service organization’s system and the suitability of the design and operating effectiveness of the controls to achieve the related control objectives included in the description throughout a specified period”

Question 32

SOC 1

Answer 32

Requirements describe system, control objective, finances

Question 33

SOC 2

Answer 33

cyber security needs

Question 34

SOC 3

Answer 34

systrust, webtrust, trust services (smaller in effort, cost, and size)

Question 35

SOC

Answer 35

Service Organization Control

Question 36

Only SOC 2/3 have type 1 and type 2 Audits

Answer 36

True

Question 37

gold standard of Auditing is

Answer 37

SOC 2, Technology, Type 2 (most in depth and shows historical process)

Question 38

Which type of Auditing report do you desire to get

Answer 38

unqualified

Question 39

Which type of Auditing report do you desire to get

Answer 39

unqualified

Question 40

high trust audit, PCI audits are not included in SOC audits

Answer 40

True

Question 41

high trust audit, PCI audits are not included in SOC audits

Answer 41

True

Question 42

Steps of planning phase

Answer 42

1. RFP (request for Proposal) 2. Response (bids) 3. Negotiate Contract (terms, and terms of disposal and decommission) 4. Statement of work (what you can, cannot do, will, will not do) signing “as is” statement 5. Follow on - routine maintenance, updates, improvements, patches to software 6. disposal and decommission

Question 43

Importance of signing statement of work

Answer 43

This is the “as is” signing. Any issues or bugs found before this point will be paid for by developer (contracted company) Any issues or bugs found after this point will be paid for by the customer company

Question 44

SDLC

Answer 44

Software Development Lifecycle