Domain 5 :Given a scenario, implement security awareness practices

Question 1

Social Engineering

Answer 1

social engineering techniques to manipulate human psychology, exploiting emotions such as trust, curiosity, or fear to convince recipients to take action.

Question 2

Spoofed Communication

Answer 2

Cybercriminals often use email addresses, URLs, or phone numbers that appear legitimate to deceive their targets. These are known as “spoofed” elements and are designed to mimic trusted sources.

Question 3

Anomalous Behavior Recognition (ABR)

Answer 3

refers to the identification of unusual patterns or behaviors within a system or on the network. There are three types of anomalous behavior recognition, which are defined as follows:

Question 4

Risky Behaviors

Answer 4

Risky behavior represents actions that, while not necessarily malicious, carry a heightened level of risk or potential harm to a system or organization. This can include actions such as granting excessive permissions, sharing login credentials, downloading suspicious files, or ignoring security warnings

Question 5

Unexpected

Answer 5

Unexpected behavior is characterized by actions or activities that deviate from established norms or historical patterns.

Question 6

Uninteional Behavior

Answer 6

Unintentional behavior involves actions that occur due to human error or accidents. This can encompass misconfigurations, accidental data leaks, or actions taken by users who have been tricked by social engineering attacks. Unintentional behavior can be caused by a lack of awareness or insufficient training.

Question 7

User Guidance and Training

Answer 7

For effective security awareness training, there are several elements to consider. These elements include policy/handbooks, situational awareness, insider threats, password management, removable media and cables, social engineering, operational security, and working in a hybrid/remote working role.

Question 8

Situational awareness:

Answer 8

Situational awareness is about identifying potential threats and vulnerabilities, understanding the consequences of actions, and making informed decisions to minimize risks. Consistent training can improve users’ capacity to maintain a heightened state of situational awareness and equip them with the skills necessary to avoid cyberattacks.

Question 9

User guidance and training method

Answer 9

Policy/handbooks: Training material
Situational awareness: A training aid for a job role
Insider threat: A disgruntled employee causing damage
Password management: Best practice for passwords
Removable media and cables: Attack vectors
Social engineering: Catching users unaware
Operational security: Looking at social engineering attacks
Hybrid/remote work environments: Working in remote locations

Question 10

Reporting and monitoring

Answer 10

Initial: Evaluating training effectiveness
Recurring: Retraining if staff’s guard is lowered
Development: Creating training materials
Execution: Delivery of training

Question 11

what port number is HTTPS

Answer 11

443

Question 12

What is Bcrypt used for?

Answer 12

Key streching algorthim

Question 13

Open Vulnerability and Assessment Language (OVAL)

Answer 13

This is an XML-based schema designed to describe the security state of a system and query information related to vulnerabilities.

Question 14

Puppet Forge

Answer 14

Puppet Forge is for implementing baselines

Question 15

Security Technical Implementation Guide (STIG

Answer 15

: STIG is a comprehensive repository of cybersecurity guidelines and best practices curated by the United States Department of Defense (DoD

Question 16

Site Suvery

Answer 16

These surveys involve a comprehensive analysis of the environment, which includes identification of sources of interference, such as load-bearing walls, cordless phones, microwaves, elevators, metal frames, metal doors, and radio waves. A site survey will help to determine the best places to install the wireless access points that users connect to.

Question 17

Captive Portal

Answer 17

: A captive portal can be used to control access to a WAP. For example, when you join the wireless network at the airport, you are connected to the free Wi-Fi, yet you cannot access the internet right away

Question 18

BLE

Answer 18

BLE prioritizes energy efficiency and uses random-generated device addresses to prevent tracking and identification. This makes it the first choice for a wide range of applications where conserving battery life is critical

Question 19

EAP-TLS

Answer 19

EAP-TLS is a specific, secure version of wireless authentication that requires a certificate stored on the endpoint (client or device) to verify identity and authorization.

Question 20

TLS

Answer 20

TLS is a cryptographic protocol that provides end-to-end security of data sent between applications over the Internet

Question 21

Simple Network Management Protocol (SNMP),

Answer 21

is a networking protocol used for the management and monitoring of network-connected devices in Internet Protocol networks.

Question 22

Turnsitle

Answer 22

This is a rotating gate that permits one person to pass at a time and is often used for crowd management and access control.

Question 23

NIST SP 800-500

Answer 23

This is a key standard that acts as the foundation for cybersecurity measures and has some unique features. It offers a vast catalog of security controls and safeguards, covering a wide range of security areas, from access control to incident response.

Question 24

ISO/IEC 27017

Answer 24

the standard for cloud security, focusing on information security controls for cloud services. It provides cloud-specific guidelines for both Cloud Service Providers (CSPs)

Question 25

ISO/IEC 27018

Answer 25

This is a vital standard for cloud computing, specifically addressing data privacy concern

Question 26

Playbooks

Answer 26

Playbooks are a subset of procedures that are often used in specific contexts such as sales, marketing, disaster recovery, or incident response. They are comprehensive guides that outline actions, strategies, and contingencies for various scenarios.

Question 27

Continous risk assesments

Answer 27

Continuous risk assessment goes above and beyond the periodic nature of recurring assessments, characterized by real-time monitoring and the analysis of risks.

Question 28

Recurring assesments

Answer 28

Recurring assessments are routine and scheduled to occur at predetermined intervals.

Question 29

Qualitavtive Risk

Answer 29

Qualitative risk analysis uses subjective judgment to categorize risks as high, medium, or low, focusing on the potential impact, such as the likelihood of occurrence

Question 30

Single loss expentcty

Answer 30

SLE represents the monetary value of the loss of a single item. Losing a laptop worth $1,000 while traveling, for instance, implies an SLE of $1,000.

Question 31

Annualized Rate of Occurrence (ARO)

Answer 31

ARO refers to the number of items lost annually. For example, if an IT team experiences the loss of six laptops in a year, the ARO is 6.

Question 32

Annualized Loss Expectancy (ALE)

Answer 32

Annualized Loss Expectancy (ALE): This is calculated by taking the SLE and multiplying it by the ARO and represents the total expected loss per year, providing a foundation for insurance and risk management decisions.

Question 33

Exposure Factor (EF)

Answer 33

EF is a measure of the magnitude of loss or damage that can be expected if a risk event occurs

Question 34

KRIs

Answer 34

KRIs are an essential element of a risk register. They serve as metrics that provide an early signal of increasing risk exposure in various areas of the organization. KRIs

Question 35

Risk threshold

Answer 35

The risk threshold represents the level of risk that an organization is willing to accept or tolerat

Question 36

IMAP

Answer 36

method of accessing email - port 143

Question 37

SSL/TLS PORT

Answer 37

443- used to encyprt communcation used with HTTPS

Question 38

LDAP

Answer 38

is a vendor-neutral software protocol used to lookup information or devices within a network PORT NUMBER 389

Question 39

SMB

Answer 39

Messasging for files and printers. Port 385

Question 40

asymmertic algorthims

Answer 40

asymmetric algorithms include RSA, Diffie–Hellman, and Elliptic Curve Cryptography (ECC

Question 41

symmetric algorithms

Answer 41

Data Encryption Standard (DES—56 bit), the Triple Data Encryption Standard (3DES—168 bit), and the more popular Advanced Encryption Standard (AES—256 bit

Question 42

Secure enclave

Answer 42

A secure enclave is a hardware-based security feature found in modern processors, such as Apple’s T2 chip

Question 43

Inline devices

Answer 43

Inline devices are placed directly in the data path of network traffic.

Question 44

Passive devices

Answer 44

Passive devices are observers. They monitor network traffic, analyze patterns, and provide insights into potential threats and vulnerabilities.

Question 45

Raid 1

Answer 45

RAID 1 (Mirroring)

•	Description: Duplicates (mirrors) data on two or more disks.
•	Advantages:
•	Provides redundancy. If one disk fails, data is still accessible from the other disk(s).
•	Disadvantages:
•	Storage capacity is halved since data is duplicated.
•	Use Case: Critical data storage where data redundancy is essential, such as in database systems.

Question 46

Fault tolerance

Answer 46

Fault tolerance is the ability of a system, particularly a computer or network system, to continue operating properly in the event of the failure of some of its components. In other words, a fault-tolerant system can tolerate faults (or errors) and continue to function without interruption or data loss.

Question 47

Confidential Data

Answer 47

Confidential data: Research and Development (R&D) and legal data are classified as confidential data as disclosure would cause damage to the company. They have strict legal protection, an example of which is attorney-client privilege. Access to confidential data typically requires authorization or special permission.

Question 48

Obfuscation

Answer 48

Obfuscation: Obfuscation is a technique used to make source code or data deliberately more complex or obscure, preventing theft by making it harder to understand.

Question 49

ROT13 Obfuscation

Answer 49

ROT13: ROT13 is a logical operation that means rotate by 13 places and is a variation of the Caesar cipher. As there are 26 letters in the alphabet, the letters are rotated 13 times. The key to ROT13 would be as follows:

Question 50

Managerial Controls

Answer 50

Managerial controls play a pivotal role in reducing risks within an organization. They encompass the implementation of policies, procedures, and practices by management to guide and direct the activities of individuals and teams. Through effective planning, organizing, and performance monitoring, managerial controls ensure that employees are aligned with the organization’s goals, thereby minimizing the potential for risks and enhancing overall operational safety.

Question 51

Operational Controls

Answer 51

Operational controls revolve around the execution of day-to-day activities and processes necessary for delivering goods and service

Question 52

PAM

Answer 52

PAM is a solution designed for stricter control over administrative accounts within a domain. It helps prevent privilege escalation and enhances security for privileged accounts.

Question 53

Data stewards

Answer 53

Data stewards are dedicated to maintaining data quality, diligently identifying and rectifying errors and inconsistencies.

Question 54

Spilt Brain

Answer 54

Split brain is a state of a server cluster where nodes diverge from each other and have conflicts when handling incoming I/O operations

Question 55

Expousre factor

Answer 55

EF): EF is a measure of the magnitude of loss or damage that can be expected if a risk event occurs

Question 56

RDP

Answer 56

Remote Desktop Protocol (RDP)

3389

Question 57

RDP

Answer 57

Remote Desktop Protocol (RDP)

3389