Extra Practice

Question 1

Due Care

Answer 1

A legal concept pertaining to the duty owed by a provider to a customer.

practicing the individual activities that maintain the due diligence effort.

I’m doing care

Question 2

Due diligence

Answer 2

“Actions taken by a vendor to demonstrate/provide due care.

establishing a plan, policy, and process to protect the interests of an organization.”

Question 3

Control Objectives for Information and Related Technologies (COBIT)

Answer 3

“Documented set of best IT security practices crafted by the Information Systems Audit and Control Association (ISACA).
Sy. 22
Controls orbit our technologies

Provide Stakeholder Value
Holistic Approach
Dynamic Governance System
Governance Distinct from Management
Tailored to Enterprise Needs
End-to-End Governance System”

Question 4

STRIDE

Answer 4

A Microsoft threat categorization scheme composed of spoofing, tampering, repudiation,
information disclosure, denial of service, and elevation of privilege.

Question 5

Steps of Decomposition Process

Answer 5

“Trust boundaries, where levels of security changes
dataflow paths, movement of data between locations
input points, where external input is received
Privileged operations, any activity that requires greater privileges, making changes to security or system changes.
Details of security stance, mapping to security policy and assumptions”

Question 6

authorization to operate (ATO)

Answer 6

Often related to government or military agencies or contractors, an ATO is the formal approval to perform business functions once compliance with a contract, standard, framework, or regulation is confirmed. An ATO is often issued for a limited period of time and can be lost or canceled by the approving authority at any time based on any significant change to the environment.

Question 7

Authorizing Official (AO)

Answer 7

“An authorized entity who can evaluate an IT/IS system, its operations, and its risks, and potentially issue an ATO. Aka designated approving authority (DAA), Approving Authority (AA), Security Control Assessor (SCA), and Recommending Official (RA).

5 years”

Question 8

Annualized Loss Expectancy

Answer 8

“the possible yearly loss of all instances of a specific realized threat against a specific asset.

ALE = ARO * SLE (ale is arousal)”

Question 9

Single-loss expectancy (SLE)

Answer 9

“percentage of loss that an organization would experience if a specific asset were violated by a realized risk.

SLE = Asset Value * Exposure Factor”

Question 10

Risk

Answer 10

The possibility of damage or harm and the likelihood that damage or harm will be realized.

Threat* Vulnerability

Question 11

Residual Risk

Answer 11

“The risk remaining after security controls have been put in place as a means of risk mitigation.

Risk that remains “

Question 12

Inherent risk

Answer 12

The level of natural, native, or default risk that exists in an environment, system, or product prior to any risk management efforts being performed.

Question 13

Security professional

Answer 13

Has the functional responsibility for security, including writing the security policy and implementing it.

Question 14

Senior management

Answer 14

Ultimately responsible for the security maintained by an organization and should be most concerned about the protection of its assets.

Question 15

Business Continuity(BC) Steps

Answer 15

1. Project Scope and planning: review the organization, create a bcp team, assess resources available, get legal information.
2. Business Impact Analysis: Identify processes, critical tasks, assess likelihoods, find priorities, MTD, RTO, RPO, Identify risks and likelihood.
3. Continuity Planning: Strategy development and provisions and processes, Continuity of Operations Plan (COOP)
4. Approval and Implementation:

Question 16

Disaster recovery(DR)

Answer 16

Those tasks and activities required to bring an organization back from contingency operations and reinstate regular operations. Disaster recovery plans pick up where business continuity plans leave off. After a disaster strikes and the business is interrupted, the disaster recovery plan guides response teams in their efforts to quickly restore business operations to normal levels.

Question 17

Bureau of Industry and Security

Answer 17

within the Department of Commerce sets regulations on the export of encryption products outside of the United States. The other agencies listed here are not involved in regulating exports.

Question 18

Federal Information Security Management Act (FISMA)

Answer 18

includes provisions regulating information security at federal agencies. It places authority for classified systems in the hands of the National Security Agency (NSA) and authority for all other systems with the National Institute for Standards and Technology (NIST).

Question 19

Communications Assistance for Law Enforcement Act (CALEA)

Answer 19

required that communications carriers assist law enforcement with the implementation of wiretaps when done under an appropriate court order. CALEA only applies to communications carriers and does not apply to financial institutions, healthcare organizations, or websites.

Question 20

Fourth Amendment

Answer 20

sets the “probable cause” standard that law enforcement officers must follow when conducting searches and/or seizures of private property. It also states that those officers must obtain a warrant before gaining involuntary access to such property.

Question 21

Privacy Act of 1974

Answer 21

limits the ways government agencies may use information that private citizens disclose to them under certain circumstances.

Question 22

HIPAA Relationships with 3rd Party

Answer 22

Organizations subject to HIPAA may enter into relationships with service providers as long as the provider’s use of protected health information is regulated under a formal business associate agreement (BAA). The BAA makes the service provider liable under HIPAA.

Question 23

Gramm–Leach–Bliley Act (GLBA)

Answer 23

provides, among other things, regulations regarding the way financial institutions can handle private information belonging to their customers.

Question 24

Data Destruction

Answer 24

the final stage in the life cycle of backup media

Question 25

degausser

Answer 25

"a heavy magnetic field, which realigns the magnetic fields in magnetic media such as traditional hard drives, magnetic tape, and floppy disks. Does not work with SSDs" | Demagnetize

Question 26

Purging

Answer 26

The removal of sensitive data from a system or storage device with the intent that the data cannot be reconstructed by any known technique.

Question 27

Erasing or deleting

Answer 27

processes rarely remove the data from media but instead mark it for deletion.

Question 28

End of Support (EOS)

Answer 28

the date that the vendor will stop supporting a product.

Question 29

End of Life (EOL)

Answer 29

The date that a vendor stops producing and offering a product for sales but the vendor continues to support the product until the EOS date.

Question 30

Confusion

Answer 30

occurs when the relationship between the plaintext and the key is so complicated that an attacker can’t merely continue altering the plaintext and analyzing the resulting ciphertext to determine the key.

Question 31

Diffusion

Answer 31

occurs when a change in the plaintext results in multiple changes spread throughout the ciphertext.

Question 32

Symmetric Key Exposure Formula

Answer 32

Number of keys = n(n-1) / 2

Question 33

M of N Control

Answer 33

requires that a minimum number of agents (M) out of the total number of agents (N) work together to perform high‐security tasks. M of N Control is an example of a split knowledge technique, but not all split knowledge techniques are used for key escrow.

Question 34

Galois/Counter Mode (GCM)

Answer 34

same as CTR but includes authentication tags to the encryption process for more authenticity

Question 35

closed system

Answer 35

one that uses largely proprietary or unpublished protocols and standards.

Question 36

trusted computing base (TCB)

Answer 36

has a component known as the reference monitor in theory, which becomes the security kernel in implementation. The collection of all the hardware, software, and firmware components within an architecture that is specifically responsible for security and the isolation of objects. TCB is a term usually associated with security kernels and reference monitor.

Question 37

reference monitor

Answer 37

validates access to every resource prior to granting the requested access.

Question 38

Bell-LaPadula Model

Answer 38

"Dept of Def, clearance levels and need to know, Can't read a higher clearance level, and you can't write DOWN to a lower clearance level." there's no I (integrity) in Bell-LaPadula

Question 39

Biba Model

Answer 39

"Opposite of Bell-LaPadula, More about the modification of objects and data. Designed to address integrity issues of objects Lacks confidentiality and availability"

Question 40

Clark-Wilson Model

Answer 40

"Multifaceted approach to enforcing data integrity where the formal state machine limits modification to a system through a limited or controlled intermediary program or interface Restricted Interface Model Enforces separation of duties"

Question 41

Federal Risk and Authorization Management Program (FedRAMP)

Answer 41

U.S. government‐wide program designed to standardize the security assessment, authorization, and continuous monitoring processes for cloud products and services used by federal agencies.

Question 42

Cybersecurity Framework (CSF)

Answer 42

designed for critical infrastructure and commercial organizations.

Question 43

DREAD

Answer 43

damage (potential), reproducibility, exploitability, affected users, and discoverability.

Question 44

hoax

Answer 44

social engineering attack that is attempting to trick a user into taking actions that will harm them through the use of fear that not taking action would actually cause harm.

Question 45

Online Certificate Status Protocol (OCSP)

Answer 45

provides real‐time query/response services to digital certificate users.

Question 46

standard secure design principles

Answer 46

least privilege, secure defaults, fail securely, threat modeling, keep it simple, separation of duties, zero trust, and privacy by design.

Question 47

Fog computing

Answer 47

relies on sensors, IoT devices, or even edge computing devices to collect data and then transfer it back to a central location for processing. | You need Sensors to see through the Fog

Question 48

edge computing

Answer 48

the intelligence and processing is contained within each device. A computation architecture that is part of the Industrial Internet of Things (IIoT). In edge computing, the intelligence and processing are contained within each device, which is at or near the edge of the network. See fog computing.

Question 49

Simultaneous Authentication of Equals (SAE)

Answer 49

"An authentication option of WPA3 that uses a password, but it no longer encrypts and sends that password across the connection. Instead, SAE performs a zero-knowledge proof process known as Dragonfly Key Exchange, which is itself a derivative of Diffie–Hellman. The process uses a preset password and the MAC addresses of the client and AP to perform authentication and session key exchange."

Question 50

IEEE 802.1X

Answer 50

provides port‐based access control and is useful both on wired and wireless connections to block access to systems and users that are unknown or that fail authentication.

Question 51

remote access techniques

Answer 51

remote node operation, remote control, and service specific

Question 52

smartcard

Answer 52

is in the something you have factor of authentication, but it doesn’t generate a password.

Question 53

TOTP authenticator

Answer 53

synchronized with an authentication server and generates synchronous one‐time passwords.

Question 54

HOTP authenticator or device

Answer 54

generates and displays one‐time passwords when a button is pushed.

Question 55

rule‐based access control

Answer 55

defines access using a set of rules, such as the rules in a firewall’s access control list.

Question 56

RBAC

Answer 56

grants access based on a subject’s membership in a group or role.

Question 57

MAC model

Answer 57

"An access control mechanism that uses classification-based security labels to regulate subject access to objects. Implementations include using a hierarchical MAC environment, a compartmentalized MAC environment, and a hybrid MAC environment."

Question 58

Discretionary Access Control (DAC)

Answer 58

Access control in which the system owner decides who gets access.

Question 59

Dynamic Application Security Testing (DAST)

Answer 59

Tools that execute the software unit, application, or system under test in ways that attempt to drive it to reveal a potentially exploitable vulnerability.

Question 60

SOC 1

Answer 60

engagements assess the organization’s controls that might impact the accuracy of financial reporting.

Question 61

SOC 2 and 3

Answer 61

engagements extend into controls protecting confidentiality, integrity, and availability more generally.

Question 62

misuse case testing

Answer 62

"A process used by software testers to evaluate the vulnerability of their software to known risks. Testers first enumerate the known misuse cases and then attempt to exploit those use cases with manual and/or automated attack techniques. It is testing that attempts to model the activity of an attacker. Aka abuse case testing."

Question 63

NIPS

Answer 63

placed in line with traffic and can prevent attacks from reaching an internal network. detect attacks using pattern matching (also known as signature‐based detection and knowledge‐based detection)

Question 64

NIDS

Answer 64

placed in line with the traffic, it isn’t placed in line by default. detect attacks using pattern matching (also known as signature‐based detection and knowledge‐based detection)

Question 65

parol evidence rule

Answer 65

states that when an agreement between parties is put into written form, the written document is assumed to contain all the terms of the agreement, and no verbal agreements may modify the written agreement.

Question 66

best evidence rule

Answer 66

"A rule that states that when a document is used as evidence in a court proceeding, the original document must be introduced. Copies will not be accepted as evidence unless certain exceptions to the rule apply."

Question 67

direct evidence

Answer 67

"Evidence that proves or disproves a specific act through oral testimony based on information gathered through the witness’s five senses."

Question 68

Integrated Product Team (IPT)

Answer 68

A team of stakeholders and individuals who have various skills and work together to achieve a defined process or product.

Question 69

Spiral Method

Answer 69

Improved waterfall development process, which provides for a cycle of Plan, Do, Check, and Act (PDCA) substages at each phase of the SDLC.

Question 70

Software Capability Maturity Modeling (SW-CMM) and Assessment

Answer 70

A management process to foster the ongoing and continuous improvement of an organization’s processes and workflows for developing, maintaining, and using software.

Question 71

grid computing

Answer 71

A form of parallel distributed processing that loosely groups a significant number of processing nodes toward the completion of a specific processing goal.

Question 72

secondary memory

Answer 72

Magnetic/optical media and other storage devices that contain data not immediately available to the CPU.

Question 73

nonpersistent system or static system

Answer 73

computer system that does not allow, support, or retain changes.

Question 74

embedded system

Answer 74

A computer implemented as part of a larger system. The embedded system is typically designed around a limited set of specific functions in relation to the larger product of which it’s a component. It may consist of the same components found in a typical computer system, or it may be a microcontroller (an integrated chip with on- board memory and peripheral ports).

Question 75

Temperature of a Server Room

Answer 75

59-89.6 Degrees F

Question 76

Cable Management Policy

Answer 76

should include a mapping of the entrance facility (i.e., demarcation point), equipment room, backbone distribution system, telecommunications room, and horizontal distribution system.

Question 77

Wet Pipe System

Answer 77

"A fire suppression system that is always full of water. Water discharges immediately when triggered by a fire or smoke. Aka a closed head system."

Question 78

dry pipe system

Answer 78

"A fire suppression system that contains compressed air. Once suppression is triggered, the air escapes, which opens a water valve that in turn causes the pipes to fill and discharge water into the environment."

Question 79

deluge system

Answer 79

"Another form of dry pipe (fire suppression) system that uses larger pipes and therefore a significantly larger volume of water. Deluge systems are inappropriate for environments that contain electronics and computers."

Question 80

preaction system

Answer 80

A combination dry pipe/wet pipe system. The system exists as a dry pipe until the initial stages of a fire (smoke, heat, and so on) are detected, and then the pipes are filled with water.

Question 81

six common physical security control mechanisms

Answer 81

Deter, Deny, Detect, Delay, Determine, Decide.

Question 82

Mean time to failure (MTTF)

Answer 82

expected typical functional lifetime of the device given a specific operating environment.

Question 83

Mean time to repair (MTTR)

Answer 83

average length of time required to perform a repair on the device

Question 84

Mean time between failures (MTBF)

Answer 84

an estimation of the time between the first and any subsequent failures

Question 85

capacitance motion detector

Answer 85

senses changes in the electrical or magnetic field surrounding a monitored object

Question 86

wave pattern motion detector

Answer 86

transmits a consistent low ultrasonic or high microwave frequency signal into a monitored area and monitors for significant or meaningful changes or disturbances in the reflected pattern.

Question 87

photoelectric motion detector

Answer 87

senses changes in visible light levels for the monitored area. Photoelectric motion detectors are usually deployed in internal rooms that have no windows and are kept dark.

Question 88

Simplex

Answer 88

One-way communication, for UDP, at layer 5 the Session Layer,

Question 89

Means for IPv6 and IPv4 coexistence

Answer 89

dual stack, tunneling, or NAT‐PT Dual stack is to have most systems operate both IPv4 and IPv6 and use the appropriate protocol for each conversation. Tunneling allows most systems to operate a single stack of either IPv4 or IPv6 and use an encapsulation tunnel to access systems of the other protocol. Network Address Translation‐Protocol Translation (NAT‐PT) (RFC‐2766) can be used to convert between IPv4 and IPv6 network segments similar to how NAT converts between internal and external addresses

Question 90

TLS

Answer 90

TLS allows for use of TCP port 443; prevents tampering, spoofing, and eavesdropping; and can be used as a VPN solution. The other options are incorrect. TLS supports both one‐way and two‐way authentication. TLS and SSL are not interoperable or backward compatible.

Question 91

Encapsulation

Answer 91

Encapsulation is both a benefit and a potentially harmful implication of multilayer protocols. Encapsulation allows for encryption, flexibility, and resiliency, while also enabling covert channels, filter bypass, and overstepping network segmentation boundaries.

Question 92

Micro-segmentation

Answer 92

Micro‐segmentation can be implemented using internal segmentation firewalls (ISFWs), transactions between zones are filtered, and it can be implemented with virtual systems and virtual networks.

Question 93

Zigbee

Answer 93

Zigbee is an IoT equipment communications concept that is based on Bluetooth. Zigbee has low power consumption and a low throughput rate, and it requires close proximity of devices. Zigbee communications are encrypted using a 128‐bit symmetric algorithm.

Question 94

ARP Poisoning

Answer 94

ARP poisoning can use unsolicited or gratuitous replies—specifically, ARP replies for which the local device did not transmit an ARP broadcast request. Many systems accept all ARP replies regardless of who requested them.

Question 95

Switch

Answer 95

Manage the transmission of frames via MAC address. can create separate broadcast domains to create VLANs. Primarily Layer 2

Question 96

Hub

Answer 96

Connect multiple systems, connect network segments that use the same protocol. It is a multiport repeater, Operates at Layer 1.

Question 97

Screened Subnet

Answer 97

A screened subnet is a type of security zone that can be positioned so that it operates as a buffer network between the secured private network and the Internet and can host publicly accessible services.

Question 98

OSI Model

Answer 98

Application Presentation Session Transport Network Data Link Physical

Question 99

TCP/IP Model

Answer 99

Application (application, presentation, session) Transport Internet (Network) Network Interface (Datalink, Physical)