Domain 4 : Given a scenario, apply common security techniques to computing resources

Question 1

Secure Baseline

Answer 1

A security baseline is the foundational set of security configurations and practices that establish a secure starting point for computing resources
Implemented secure baselines offer a reliable starting point from which to harden targets against potential vulnerabilities

Question 2

Center for Internet Security (CIS) Benchmark

Answer 2

: CIS benchmarks are comprehensive, community-driven guides meticulously crafted to establish secure configurations for various computing resources. IT

Question 3

Security Technical Implementation Guide (STIG

Answer 3

STIG is a comprehensive repository of cybersecurity guidelines and best practices curated by the United States Department of Defense (DoD). Its primary mission is to enhance the security posture of DoD information systems and networks. Implementing STIG recommendations involves a systematic approach whereby organizations assess their systems and networks against the guidelines, identify vulnerabilities or areas of non-compliance, and take remedial actions to align with the prescribed security configurations.This iterative process not only fortifies defenses but also ensures continuous monitoring and adaptation to evolving threats.

Question 4

Microsoft Group Policy

Answer 4

Microsoft Group Policy is an indispensable tool for organizations that predominantly rely on Windows operating systems. It allows administrators to define and enforce security configurations across a network of Windows devices. With Group Policy, a set of predefined security baselines can be created and applied uniformly to all Windows systems within an organization.

Question 5

How to deploy baslines

Answer 5

Two powerful tools for implementing these baselines are Microsoft Group Policy and Puppet Forge

Question 6

Puppet Forge

Answer 6

Puppet Forge is a versatile platform-agnostic solution. It provides a repository of pre-built modules and configurations that can be used to deploy security baselines across a range of operating systems, including Windows, Linux, and macOS.

Question 7

SCAP(Security Content Automation Protocol)

Answer 7

The Security Content Automation Protocol (SCAP) is a standardized framework for maintaining system security. SCAP Compliance Checker operates by comparing a system’s security settings against a predefined checklist of security requirements.

Question 8

CIS Configuration Assessment Tool

Answer 8

(CIS-CAT): CIS-CAT is a configuration assessment tool designed to evaluate systems and applications against CIS benchmarks, which are curated by the Center for Internet Security (CIS)

Question 9

Site Survey

Answer 9

Conducting site surveys is an essential step in optimizing wireless network performance. These surveys involve a comprehensive analysis of the environment, which includes identification of sources of interference, such as load-bearing walls, cordless phones, microwaves, elevators, metal frames, metal doors, and radio waves. A site survey will help to determine the best places to install the wireless access points that users connect to.

Question 10

Heat Map

Answer 10

A heat map is a valuable tool in the hands of a network administrator when addressing reports of inadequate coverage

Question 11

corporate-Owned, Personally Enabled (COPE):

Answer 11

: In this model, organizations provide employees with corporate-owned devices that can be used for both business and personal use but must comply with company policies

Question 12

Choose Your Own Device (CYOD)

Answer 12

CYOD is a policy in which the company provides employees with a selection of approved devices to choose from. These devices are owned and managed by the organization. This

Question 13

WPS

Answer 13

WPS allows you to connect to a wireless network by simply pushing a button, negating the need to insert a password each time.

Question 14

Pre-Shared Key (PSK):

Answer 14

PSK refers to a passphrase or a pre-shared secret key that is used to authenticate and secure access to a wireless network. Any time you visit a restaurant and ask the host for the wireless password, the password they provide is the PSK. Remember there is also an admin password on the WAP that you should never share.

Question 15

Evil Twin

Answer 15

: In an evil twin attack, the attacker uses either the same or a similar SSID to the victim. The telltale signs of this attack are a slower internet connection and the inability to access corporate data. This error occurs because you are actually on the wrong wireless network—one created by the attacker.

Question 16

Captive portal

Answer 16

captive portal can be used to control access to a WAP. For example, when you join the wireless network at the airport, you are connected to the free Wi-Fi, yet you cannot access the internet right away. It redirects you to a captive portal so that you can provide additional validation of who you are, normally through an email address or your Facebook or Google account information.

Question 17

Bluetooth Low Energy (BLE)

Answer 17

BLE prioritizes energy efficiency and uses random-generated device addresses to prevent tracking and identification. This makes it the first choice for a wide range of applications where conserving battery life is critical.

Question 18

Bluejacking

Answer 18

Bluejacking is a type of attack in which individuals send unsolicited messages or business cards to nearby Bluetooth-enabled devices, such as smartphones or laptops

Question 19

Cellular Networks

Answer 19

Cellular networks (the latest versions of which are 4G and 5G) are responsible for providing mobile voice and data services over large geographical areas. They rely on a network of cell towers and satellites to connect mobile devices to the internet and each other.

Question 20

NFC

Answer 20

NFC is another technology that leverages cellular connections. NFC allows devices to communicate when they are in close proximity, typically within a few centimeters. This technology is the foundation of contactless payment systems such as Apple Pay and Google Wallet

Question 21

Global positioning services

Answer 21

Global Positioning Services, more commonly known as GPS, is a satellite-based technology that provides precise location information by triangulating signals from multiple satellites. This is known as geolocation.

Question 22

Tethering

Answer 22

Tethering is a connection method for mobile devices that bridges the gap between a GPS-enabled smartphone and other devices (a laptop, for instance) by providing them with internet access

Question 23

WPA3

Answer 23

WPA3 was released in 2018 to address the weaknesses in WPA2. WPA3 primarily relies on Simultaneous Authentication of Equals (SAE) for key establishment and encryption compared to WPA2’s 128-bit encryption.

Question 24

What is WPA

Answer 24

WPA3 is designed to improve security for wireless networks. It’s a major improvement over WPA2, as it provides increased protection of data that moves across personal and enterprise Wi-Fi networks.

Question 25

Protected Management Frames (PMF):

Answer 25

This can provide multicast transmission and can protect wireless packets against Initialization Vector (IV) attacks, in which the attacker tries to capture the encryption keys.

Question 26

WPA3- Enterprise

Answer 26

In contrast to the 128 bits supported by WPA2, WPA3 has an Enterprise version that makes it suitable for government and finance departments. WPA3-Enterprise uses Elliptic-Curve Diffie Hellman Ephemeral (ECDHE) for the initial handshake

Question 27

SAE

Answer 27

SAE replaces WPA2-PSK. SAE uses a very secure Diffie Hellman handshake called Dragonfly and protects against brute-force attacks. It uses Perfect Forward Secrecy (PFS), which ensures that your session keys cannot be compromised.

Question 28

WIFI -EASY-CONNECT

Answer 28

This makes it very easy to connect IoT devices, such as a smartphone, by simply using a QR code.

Question 29

Wi-Fi Enhanced Open:

Answer 29

This is an enhancement of WPA2 open authentication that uses encryption. It can be used in public areas such as hotels, cafés, and airports where no password is required. It also prevents eavesdropping as it uses PMF.

Question 30

initialization vector

Answer 30

used to prevent a sequence of text that is identical to a previous sequence from producing the same exact ciphertext when encrypted

Question 31

Protected Extensible Authentication Protocol (PEAP)

Answer 31

PEAP is a version of Extensible Authentication Protocol (EAP) that encapsulates and encrypts the EAP data using a certificate stored on the server, making it more secure for Wireless Local Area Networks (WLANs).

Question 32

Data processor

Answer 32

The data processor must handle and process the data on behalf of data controllers.

Question 33

Data owner

Answer 33

Data owners bear the responsibility of safeguarding data and overseeing the enforcement of policies that govern its proper usage to ensure the protection and responsible handling of data.

Question 34

Data owner

Answer 34

Data owners bear the responsibility of safeguarding data and overseeing the enforcement of policies that govern its proper usage to ensure the protection and responsible handling of data.

Question 35

Data controller

Answer 35

The data controller writes the policies that relate to data collection and processing.

Question 36

Data custodian

Answer 36

The data custodian is responsible for the secure storage of data in compliance with data privacy regulations such as GDPR, ISO 27701, or HIPAA.

Question 37

Data stewards

Answer 37

Data stewards are dedicated to maintaining data quality, diligently identifying and rectifying errors and inconsistencies.

Question 38

ISO 27001 Security

Answer 38

This is a comprehensive and internationally recognized framework for Information Security Management Systems (ISMSs) that has seen global acceptance, making it a valuable credential for organizations operating on a global scale.

Question 39

ISO 27002 Guidance on Best Practices

Answer 39

ISO 27002 is a collection of security controls and best practices that organizations can implement to secure their information assets. ISO 27002 presents a diverse array of security controls, covering various aspects of information security, including access control, cryptography, and incident response.

Question 40

ISO 27701 Privacy

Answer 40

ISO 27701 is designed to help organizations manage and enhance their privacy practices effectively. It builds upon the foundation of ISO 27001, which is the globally recognized ISMS, a framework for protecting information through policies and controls.

Question 41

Privacy Information Management System (PIMS)

Answer 41

which is an organizational framework designed to effectively manage and protect individuals’ personal and sensitive information, ensuring compliance with privacy laws and regulations.

Question 42

ISO/IEC 27017 Cloud Security:

Answer 42

ISO/IEC 27017 is the standard for cloud security, focusing on information security controls for cloud services. It provides cloud-specific guidelines for both Cloud Service Providers (CSPs) and cloud service customers and addresses shared security responsibilities between the CSP and the customer to ensure clarity on security measures.

Question 43

ISO/IEC 27018 Privacy

Answer 43

This is a vital standard for cloud computing, specifically addressing data privacy concerns.

Question 44

NIST SP 800-53 Cybersecurity:

Answer 44

This is a key standard that acts as the foundation for cybersecurity measures and has some unique features.

Question 45

Discretionary-Based Access Control (DAC)

Answer 45

DAC is an access control model in which the owner of the object (typically a file or directory) determines who is allowed to access it.

Question 46

Time of day restrictions

Answer 46

Time-of-day restrictions are policies that restrict access to systems, data, and networks based on the time.

Question 47

Vein pattern recognition:

Answer 47

The unique configuration of blood vessels within one’s palm can act as an authentication factor.

Question 48

False Acceptance Rate

Answer 48

This is known as a Type II error. The FAR measures the rate of the system erroneously granting access to unauthorized users.

Question 49

False Rejection Rate (FRR):

Answer 49

This is known as a Type I error. The FRR tracks the rate at which legitimate users are rejected.

Question 50

EAP-TLS

Answer 50

is a specific, secure version of wireless authentication that requires a certificate stored on the endpoint (client or device) to verify identity and authorization.

Question 51

EAP-TTLS

Answer 51

EAP-TTLS uses two phases. The first is to set up a secure session with the server by creating a tunnel using certificates that are stored on the server, and seen by the client. The second is to authenticate the client’s credentials.

Question 52

Code signing

Answer 52

Code signing is a digital mechanism that functions as a cryptographic seal, providing assurance regarding the authenticity and reliability of software.