Flashcards ISC2

1
Q

What are the phases of incident response?

A

Detection, characterization, containment, eradication, restoration, after‐action reporting/debriefing to produce lessons learned. Preparation, of course, precedes first detection.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are hierarchies of trust?

A

Collections of trust relationship in which one trust anchor provides the central authority for all chains of trust in the collection via transitive trust relationships with other nodes. Provides for clear ways to revoke trustworthiness of lower‐level nodes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is the most common attack technique used against business or private sector use of encryption?

A

Social engineering

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Why does a collision indicate a weakness in a cryptographic algorithm?

A

A collision happens if encrypting two different plaintexts results in the same ciphertext or if two different ciphertexts are decrypted to produce the same plaintext. This ambiguity means that attackers could use intercepted ciphertexts or plaintexts to possibly decrypt other ciphertexts or to inject their own spurious ciphertexts into the system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

From an identity management and access control perspective, what is a session?

A

The set of activities performed by systems elements, which work together to ensure that a logical connection between user and server remains uninterrupted, while assuring the protection of all resources from setup through teardown of that connection and session.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are POP, SNMP, and IMAP, and what ports do they use?

A

These are different email protocols. Post Office Protocol (POP), typically version 3 (POP3), uses either TCP port 110 via Secure Socket Layer (SSL) or Transport Layer Security (TLS) over port 995. Internet Mail Protocol (IMAP), typically version 4 (IMAP4) runs over TCP port 143. IMAP4 can also run over SSL or TLS using port 993. Simple Mail Transfer Protocol (SMTP) uses port 25, but if using SSL or TLS uses port 465. Note that all email ports can be changed if both parties agree.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Can Common Vulnerabilities and Exposures (CVE) data provide everything you need to secure your systems?

A

No, because it will not contain information about customized software, processes, or procedures that you use

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are the steps in identity management?

A

Provisioning, review, revocation, deletion

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which layer does IPSec operate at?

A

Layer 3, the internetworking (or network) layer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

A thunderstorm and its disruption of commercial electrical power and communications is a risk event. Is it a threat?

A

No; natural events or accidents are classed as hazards. That said, systems security planning still needs to properly assess their potential impacts and mitigate them as required.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which layer does IPSec operate at?

A

Layer 3, the internetworking (or network) layer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is media access control (MAC) address allowed listing?

A

Access control restricted to devices with matching MAC addresses; typically done by routers or firewalls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What kind of subjects should be authenticated before being granted access?

A

All types—devices, people, and software processes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

How do edge and fog computing relate to cloud computing and operational technology systems?

A

Edge computing are cloud systems where the majority of data processing happens near the interface between the cloud system and the external users or real world systems. Fog computing breaks that edge down into layers, with each successive layer (from outside in) add in concentrators, analytic, or other processing layers to combine results from multiple fog subsystems. Both edge and fog systems are used to directly interface with OT control systems (such as regional controllers in ICS or SCADA architectures).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

How does shared responsibility for cloud security work?

A

Depending upon the cloud service model in use (SaaS, PaaS, IaaS, etc.), the service level agreement (SLA) specifies what services the cloud services provider (CSP) is responsible for and what services the user organization must take responsibility for. The SLA will (or should) specify what security tasks, functions, and support are provided by each party, what limits on testing are imposed, and what notification requirements are in force, among other aspects.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Describe the difference between cleartext and plaintext.

A

Cleartext is text or data that is never meant to be encrypted. Plaintext is the original data, file, message content, or meaning that needs to be protected by means of encryption.

17
Q

What are HIDSs or HIPSs?

A

Host‐based intrusion detection or prevention systems

18
Q

How do ad hoc and infrastructure mode differ?

A

Ad hoc mode provides a simple peer‐to‐peer wireless connection devices, with no central management.

19
Q

What is a zero day exploit?

A

Exploitation of an unreported vulnerability in commercial or widely available software or firmware

20
Q

Which wireless security protocols should no longer be used?

A

Wired Equivalency Protocol (WEP), Wi‐Fi Protected Access (WPA)