Flashcards ISC2
What are the phases of incident response?
Detection, characterization, containment, eradication, restoration, after‐action reporting/debriefing to produce lessons learned. Preparation, of course, precedes first detection.
What are hierarchies of trust?
Collections of trust relationship in which one trust anchor provides the central authority for all chains of trust in the collection via transitive trust relationships with other nodes. Provides for clear ways to revoke trustworthiness of lower‐level nodes.
What is the most common attack technique used against business or private sector use of encryption?
Social engineering
Why does a collision indicate a weakness in a cryptographic algorithm?
A collision happens if encrypting two different plaintexts results in the same ciphertext or if two different ciphertexts are decrypted to produce the same plaintext. This ambiguity means that attackers could use intercepted ciphertexts or plaintexts to possibly decrypt other ciphertexts or to inject their own spurious ciphertexts into the system.
From an identity management and access control perspective, what is a session?
The set of activities performed by systems elements, which work together to ensure that a logical connection between user and server remains uninterrupted, while assuring the protection of all resources from setup through teardown of that connection and session.
What are POP, SNMP, and IMAP, and what ports do they use?
These are different email protocols. Post Office Protocol (POP), typically version 3 (POP3), uses either TCP port 110 via Secure Socket Layer (SSL) or Transport Layer Security (TLS) over port 995. Internet Mail Protocol (IMAP), typically version 4 (IMAP4) runs over TCP port 143. IMAP4 can also run over SSL or TLS using port 993. Simple Mail Transfer Protocol (SMTP) uses port 25, but if using SSL or TLS uses port 465. Note that all email ports can be changed if both parties agree.
Can Common Vulnerabilities and Exposures (CVE) data provide everything you need to secure your systems?
No, because it will not contain information about customized software, processes, or procedures that you use
What are the steps in identity management?
Provisioning, review, revocation, deletion
Which layer does IPSec operate at?
Layer 3, the internetworking (or network) layer
A thunderstorm and its disruption of commercial electrical power and communications is a risk event. Is it a threat?
No; natural events or accidents are classed as hazards. That said, systems security planning still needs to properly assess their potential impacts and mitigate them as required.
Which layer does IPSec operate at?
Layer 3, the internetworking (or network) layer
What is media access control (MAC) address allowed listing?
Access control restricted to devices with matching MAC addresses; typically done by routers or firewalls
What kind of subjects should be authenticated before being granted access?
All types—devices, people, and software processes
How do edge and fog computing relate to cloud computing and operational technology systems?
Edge computing are cloud systems where the majority of data processing happens near the interface between the cloud system and the external users or real world systems. Fog computing breaks that edge down into layers, with each successive layer (from outside in) add in concentrators, analytic, or other processing layers to combine results from multiple fog subsystems. Both edge and fog systems are used to directly interface with OT control systems (such as regional controllers in ICS or SCADA architectures).
How does shared responsibility for cloud security work?
Depending upon the cloud service model in use (SaaS, PaaS, IaaS, etc.), the service level agreement (SLA) specifies what services the cloud services provider (CSP) is responsible for and what services the user organization must take responsibility for. The SLA will (or should) specify what security tasks, functions, and support are provided by each party, what limits on testing are imposed, and what notification requirements are in force, among other aspects.