full_offl Flashcards

Question 1

Q

Front

Question 2

Q

What are the properties of a secure information processing system?

Answer

A

Confidentiality, Integrity, and Availability (and Non-repudiation).

Question 3

Q

What term is used to describe the property of a secure network where a sender cannot deny having sent a message?

Answer

A

Non-repudiation.

Question 4

Q

A multinational company manages a large amount of valuable intellectual property (IP) data, plus personal data for its customers and account holders. What type of business unit can be used to manage such important and complex security requirements?

Answer

A

A security operations center (SOC).

Question 5

Q

A business is expanding rapidly and the owner is worried about tensions between its established IT and programming divisions. What type of security business unit or function could help to resolve these issues?

Answer

A

Development and operations (DevOps) is a cultural shift within an organization to encourage much more collaboration between developers and system administrators. DevSecOps embeds the security function within these teams as well.

Question 6

Q

availability

Answer

A

The fundamental security goal of ensuring that computer systems operate continuously and that authorized persons can access data that they need.

Question 7

Q

CIA triad

Answer

A

The three principles of security control and management. Also known as the information security triad. Also referred to in reverse order as the AIC triad.

Question 8

Q

CISO (Chief Information Security Officer)

Answer

A

Typically the job title of the person with overall responsibility for information assurance and systems security. Sometimes referred to as Chief Information Officer (CIO).

Question 9

Q

confidentiality

Answer

A

The fundamental security goal of keeping information and communications private and protecting them from unauthorized access.

Question 10

Q

CSIRT (Computer Security Incident Response Team)

Answer

A

Team with responsibility for incident response. The CSIRT must have expertise across a number of business domains (IT, HR, legal, and marketing for instance).

Question 11

Q

DevSecOps

Answer

A

A combination of software development, security operations, and systems operations, and refers to the practice of integrating each discipline with the others.

Question 12

Q

integrity

Answer

A

The fundamental security goal of keeping organizational information accurate, free of errors, and without unauthorized modifications.

Question 13

Q

ISSO (Information Systems Security Officer)

Answer

A

Organizational role with technical responsibilities for implementation of security policies, frameworks, and controls.

Question 14

Q

NIST (National Institute of Standards and Technology)

Answer

A

Develops computer security standards used by US federal agencies and publishes cybersecurity best practice guides and research.

Question 15

Q

non-repudiation

Answer

A

The security goal of ensuring that the party that sent a transmission or created data remains associated with that data and cannot deny sending or creating that data.

Question 16

Q

SOC (security operations center)

Answer

A

The location where security professionals monitor and protect critical information assets in an organization.

Question 17

Q

You have implemented a secure web gateway that blocks access to a social networking site. How would you categorize this type of security control?

Answer

A

It is a technical type of control (implemented in software) and acts as a preventive measure.

Question 18

Q

A company has installed motion-activated floodlighting on the grounds around its premises. What class and function is this security control?

Answer

A

It would be classed as a physical control and its function is both detecting and deterring.

Question 19

Q

A firewall appliance intercepts a packet that violates policy. It automatically updates its Access Control List to block all further packets from the source IP. What TWO functions is the security control performing?

Answer

A

Preventive and corrective.

Question 20

Q

If a security control is described as operational and compensating, what can you determine about its nature and function?

Answer

A

That the control is enforced bya person rather than a technical system, and that the control has been developed to replicate the functionality of a primary control, as required by a security standard.

Question 21

Q

If a company wants to ensure it is following best practice in choosing security controls, what type of resource would provide guidance?

Answer

A

A cybersecurity framework and/or benchmark and secure configuration guides.

Question 22

Q

CIS (Center for Internet Security)

Answer

A

A not-for-profit organization (founded partly by SANS). It publishes the well-known “Top 20 Critical Security Controls” (or system design recommendations).

Question 23

Q

Cloud Security Alliance

Answer

A

Industry body providing security guidance to CSPs, including enterprise reference architecture and security controls matrix.

Question 24

Q

compensating control

Answer

A

A security measure that takes on risk mitigation when a primary control fails or cannot completely meet expectations.

Question 25

Q

corrective control

Answer

A

A type of security control that acts after an incident to eliminate or minimize its impact.

Question 26

Q

detective control

Answer

A

A type of security control that acts during an incident to identify or record that it is happening.

Question 27

Q

deterrent control

Answer

A

A type of security control that discourages intrusion attempts.

Question 28

Q

GDPR (General Data Protection Regulation)

Answer

A

Provisions and requirements protecting the personal data of European Union (EU) citizens. Transfers of personal data outside the EU Single Market are restricted unless protected by like-for-like regulations, such as the US’s Privacy Shield requirements.

Question 29

Q

GLBA (Gramm-Leach-Bliley Act)

Answer

A

A law enacted in 1999 that deregulated banks, but also instituted requirements that help protect the privacy of an individual’s financial information that is held by financial institutions.

Question 30

Q

ISO/IEC 27K (International Organization for Standardization 27000 Series)

Answer

A

A comprehensive set of standards for information security, including best practices for security and risk management, compliance, and technical implementation.

Question 31

Q

ISO/IEC 31K (International Organization for Standardization 31000 Series)

Answer

A

A comprehensive set of standards for enterprise risk management.

Question 32

Q

managerial control

Answer

A

A category of security control that gives oversight of the information system.

Question 33

Q

operational control

Answer

A

A category of security control that is implemented by people.

Question 34

Q

OWASP (Open Web Application Security Project)

Answer

A

A charity and community publishing a number of secure application development resources.

Question 35

Q

PCI DSS (Payment Card Industry Data Security Standard)

Answer

A

Information security standard for organizations that process credit or bank card payments.

Question 36

Q

physical control

Answer

A

A type of security control that acts against in-person intrusion attempts.

Question 37

Q

security control

Answer

A

A technology or procedure put in place to mitigate vulnerabilities and risk and to ensure the confidentiality, integrity, and availability (CIA) of information.

Question 38

Q

SOX (Sarbanes-Oxley Act)

Answer

A

A law enacted in 2002 that dictates requirements for the storage and retention of documents relating to an organization’s financial and business operations.

Question 39

Q

SSAE SOC (Statements on Standards for Attestation Engagements Service Organization Control)

Answer

A

Audit specifications designed to ensure that cloud/hosting providers meet professional standards. A SOC2 Type II report is created for a restricted audience, while SOC3 reports are provided for general consumption.

Question 40

Q

technical control

Answer

A

A category of security control that is implemented as a system (hardware, software, or firmware). Technical controls may also be described as logical controls.

Question 41

Q

Which of the following would be assessed by likelihood and impact: vulnerability, threat, or risk?

Answer

A

Risk. To assess likelihood and impact, you must identify both the vulnerability and the threat posed by a potential exploit.

Question 42

Q

True or false? Nation state actors primarily only pose a risk to other states.

Answer

A

False—nation state actors have targeted commercial interests for theft, espionage, and extortion.

Question 43

Q

You receive an email with a screenshot showing a command prompt at one of your application servers. The email suggests you engage the hacker for a day’s consultancy to patch the vulnerability. How should you categorize this threat?

Answer

A

This is either gray hat (semi-authorized) hacking or black hat (non-authorized) hacking. If the request for compensation via consultancy is an extortion threat (if refused, the hacker sells the exploit on the dark web), then the motivation is purely financial gain and can be categorized as black hat. If the consultancy is refused and the hacker takes no further action, it can be classed as gray hat.

Question 44

Q

Which type of threat actor is primarily motivated by the desire for social change?

Answer

A

Hacktivist.

Question 45

Q

Which three types of threat actor are most likely to have high levels of funding?

Answer

A

State actors, criminal syndicates, and competitors.

Question 46

Q

You are assisting with writing an attack surface assessment report for a small company. Following the CompTIA syllabus, which two potential attack vectors have been omitted from the following headings in the report? Direct access, Email, Remote and wireless, Web and social media, Cloud.

Answer

A

Removable media and supply chain.

Question 47

Q

APT (advanced persistent threat)

Answer

A

An attacker’s ability to obtain, maintain, and diversify access to network systems using exploits and malware.

Question 48

Q

attack surface

Answer

A

The points at which a network or application receives external connections or inputs/outputs that are potential vectors to be exploited by a threat actor.

Question 49

Q

attack vector

Answer

A

A specific path by which a threat actor gains unauthorized access to a system. Also referred to as a vector

Question 50

Q

black hat

Answer

A

A hacker operating with malicious intent.

Question 51

Q

criminal syndicates

Answer

A

A type of threat actor that uses hacking and computer fraud for commercial gain. Also referred to as organized crime.

Question 52

Q

gray hat

Answer

A

A hacker who analyzes networks without seeking authorization, but without overtly malicious intent.

Question 53

Q

hacker

Answer

A

Often used to refer to someone who breaks into computer systems or spreads viruses, Ethical Hackers prefer to think of themselves as experts on and explorers of computer security systems.

Question 54

Q

hacktivist

Answer

A

A threat actor that is motivated by a social issue or political cause.

Question 55

Q

insider threat

Answer

A

A type of threat actor who is assigned privileges on the system that cause an intentional or unintentional incident.

Question 56

Q

intentional threat

Answer

A

A threat actor with a malicious purpose.

Question 57

Q

script kiddie

Answer

A

An inexperienced, unskilled attacker that typically uses tools or scripts created by others.

Question 58

Q

shadow IT

Answer

A

Computer hardware, software, or services used on a private network without authorization from the system owner.

Question 59

Q

state actor

Answer

A

A type of threat actor that is supported by the resources of its host country’s military and security services. Also referred to as a nation state actor.

Question 60

Q

supply chain attack

Answer

A

An attack that targets the end-to-end process of manufacturing, distributing, and handling goods and services.

Question 61

Q

threat

Answer

A

The potential for an entity to exercise a vulnerability (that is, to breach security).

Question 62

Q

threat actor

Answer

A

The person or entity responsible for an event that has been identified as a security incident or as a risk.

Question 63

Q

unintentional threat

Answer

A

A threat actor that causes a vulnerability or exposes an attack vector without malicious intent.

Question 64

Q

vulnerability

Answer

A

A weakness that could be triggered accidentally or exploited intentionally to cause a security breach.

Answer 64

A

A hacker engaged in authorized penetration testing or other security consultancy.

Answer 65

A

For critical infrastructure providers, threat data sharing via an Information Sharing and Analysis Center (ISAC) is likely to be the best option.

Answer 66

A

Open-source intelligence (OSINT) is cybersecurity-relevant information harvested from public websites and data records. In terms of threat intelligence specifically, it refers to research and data feeds that are made publicly available.

Answer 67

A

Automated Indicator Sharing (AIS) is a service offered by the Department of Homeland Security (DHS) for participating in threat intelligence sharing. AIS uses the Trusted Automated eXchange of Indicator Information (TAXII) protocol as a means of transmitting CTI data between servers and clients.

Answer 68

A

The science of creating machines with the ability to develop problem solving and analysis strategies without significant human direction or intervention.

Answer 69

A

Threat intelligence data feed operated by the DHS.

Answer 70

A

Information that is obtained through private sources and disseminated through paid-for subscription or membership services.

Answer 71

A

The process of investigating, collecting, analyzing, and disseminating information about emerging threats and threat sources.

Answer 72

A

Scheme for identifying vulnerabilities developed by MITRE and adopted by NIST.

Answer 73

A

Resources on the Internet that are distributed between anonymized nodes and protected from general access by multiple layers of encryption and routing.

Answer 74

A

A sign that an asset or network has been attacked or is currently under attack.

Answer 75

A

Not-for-profit group set up to share sector-specific threat intelligence and security best practices amongst its members.

Answer 76

A

A component of AI that enables a machine to develop strategies for solving a task given a labeled data set where features have been manually identified but without further explicit instructions.

Answer 77

A

Publicly available information plus the tools used to aggregate and search it.

Answer 78

A

Block lists of known threat sources, such as malware signatures, IP address ranges, and DNS domains. Also referred to as reputational threat intelligence.

Answer 79

A

A framework for analyzing cybersecurity incidents.

Answer 80

A

A protocol for supplying codified information to automate incident detection and analysis.

Answer 81

A

Signatures and pattern-matching rules supplied to analysis platforms as an automated feed.

Answer 82

A

Animated map showing threat sources in near real-time.

Answer 83

A

Analysis of historical cyber-attacks and adversary actions.

Answer 84

A

Usually one of the last stages in software development before release (beta testing), UAT proves that a program is usable and fit-for-purpose in real-world conditions.

Answer 85

A

Use ipconfig to check the IP addresses of the default gateway and the DHCP server. Use arp to check the MAC addresses associated with those IP addresses and investigate possible spoofing. You could also use the route command to verify the properties of the default route.

Answer 86

A

From a Windows host, the pathping tool can be used to measure latency along a route.

Answer 87

A

This requires a tool that performs fingerprinting—service and version detection—by examining responses to network probes and comparing them to known responses from common platforms. Nmap is very widely used for this task, or you could use hping or Netcat.

Answer 88

A

Thenetstatcommand can assist, however, use the more favorable ss command-line utility tool that is faster and more human-readable.

Answer 89

A

A zone transfer is where a domain name server (DNS) allows a client to request all the name records for a domain. nslookup (Windows) and dig (principally Linux) can be used to test whether this query is allowed. You could also mention the dnsenum tool, which will check for zone transfers along with other enumeration tests on DNS infrastructure.

Answer 90

A

Nessus is an automated network vulnerability scanner that checks for software vulnerabilities and missing patches.

Answer 91

A

The tcpreplay tool can be used to stream captured traffic from a file to a monitored network interface.

Answer 92

A

Whether it is possible to open a network connection to a remote host over a given port.

Answer 93

A

Utility for command-line manipulation of URL-based protocol requests.

Answer 94

A

Utility to query a DNS and return information about a particular domain name. Also referred to as domain information groper.

Answer 95

A

Using Open Source Intelligence (OSINT) to gather information about a domain (subdomains, hosting provider, administrative contacts, and so on). Also referred to as Domain Name System harvesting.

Answer 96

A

When an attacker tries to get a list of resources on the network, host, or system as a whole to identify potential targets for further attack

Answer 97

A

Suite of tools designed to automate delivery of exploits against common software and firmware vulnerabilities.

Answer 98

A

Identifying the type and version of an operating system (or server application) by analyzing its responses to network scans.

Answer 99

A

The phase in an attack or penetration test in which the attacker or tester gathers information about the target before attacking it.

Answer 100

A

A UNIX/Linux-based utility used to gather information about the IP configuration of the network adapter or to configure the network adapter. It has been replaced with the ip command in most Linux distributions.

Answer 101

A

A Linux-based utility used to gather information about the IP configuration of the network adapter or to configure the network adapter. Replaces the older ifconfig command.

Answer 102

A

A Windows-based utility used to gather information about the IP configuration of a workstation.

Answer 103

A

A unique hardware address hard-coded into a network adapter. This provides local addressing on Ethernet and Wi-Fi networks. A MAC address is 48 bits long with the first half representing the manufacturer’s Organizationally Unique Identifier (OUI).

Answer 104

A

A platform for launching modularized attacks against known software vulnerabilities.

Answer 105

A

Utility combining the ping and traceroute commands.

Answer 106

A

Utility for reading and writing raw data over a network connection. Also referred to as netcat.

Answer 107

A

One of the best-known commercial vulnerability scanners, produced by Tenable Network Security. Also referred to as Tenable.

Answer 108

A

Utility to show network information on a machine running TCP/IP, notably active connections and the routing table.

Answer 109

A

Software that can scan a network and identify hosts, addresses, protocols, network interconnections, and so on.

Answer 110

A

Versatile port scanner used for topology, host, service, and OS discovery and enumeration.

Answer 111

A

Software tool for querying DNS server records.

Answer 112

A

Analysis of the headers and payload data of one or more frames in captured network traffic.

Answer 113

A

The act of examining data packet communications to reveal insights without digging into packet content, such as when the packet contents are encrypted. Clues derived from packet trace analysis might help an intruder, but they are also quite useful for defensive monitoring and security intelligence analysis. Also referred to as traffic flow analysis.

Answer 114

A

Windows utility for measuring latency and packet loss along a route.

Answer 115

A

Standard format for recording packet captures to a file.

Answer 116

A

Command-line utility for testing an IP packet transmission.

Answer 117

A

Enumerating the status of TCP and UDP ports on a target system using software tools.

Answer 118

A

Analysis of per-protocol utilization statistics in a packet capture or network traffic sampling.

Answer 119

A

Command utility to configure and manage the routing table on a Windows or Linux host.

Answer 120

A

Utility that runs port scans through third-party websites to evade detection.

Answer 121

A

The practice of using network scans to discover open TCP and UDP ports, plus information about the servers operating them.

Answer 122

A

Software utility designed for penetration testing reporting and evidence gathering that can also run automated test suites.

Answer 123

A

A command-line packet sniffing utility.

Answer 124

A

A command-line utility that replays packets saved to a file back through a network adapter.

Answer 125

A

Utility for gathering results from open source intelligence queries.

Answer 126

A

Diagnostic utilities that trace the route taken by a packet as it “hops” to the destination host on a remote network. tracert is the Windows implementation, while traceroute runs on Linux.

Answer 127

A

A widely-used packet analyzer.

Answer 128

A

Vulnerabilities in the OS and applications software such as web browsers and document readers or in PC and adapter firmware can allow threat actors to run malware and gain a foothold on the network.

Answer 129

A

Windows XP is a legacy platform that is no longer receiving security updates. This means that patch management cannot be used to reduce risks from software vulnerabilities. The workstation should be isolated from other systems to reduce the risk of compromise.

Answer 130

A

Open permissions refers to misconfigured access rights for data folders, network file shares, and cloud storage.

Answer 131

A

Backup solutions mitigate risks from data loss, where files or information is deleted, corrupted, or otherwise destroyed. Backup does not mitigate risks from data breach, where confidential or private data is stolen (exfiltrated) and made public or sold for criminal profit. Mitigating risks of data breach requires effective secure processing, authorization, and authentication security controls.

Answer 132

A

Yes, the system integrator is proposing the use of multiple vendors (the cloud service providers), with potentially complex issues for collecting, storing, and sharing customer personal data across these vendors. Each company in the supply chain should be assessed for risk and compliance with cybersecurity and privacy standards.

Answer 133

A

IP-level protocol for reporting errors and status information supporting the function of troubleshooting utilities such as ping.

Answer 134

A

The end-to-end process of supplying, manufacturing, distributing, and finally releasing goods and services to a customer.

Answer 135

A

Vulnerabilities that arise from dependencies in business relationships with suppliers and customers.

Answer 136

A

Policies and procedures to identify vulnerabilities and ensure security of the supply chain.

Answer 137

A

A vulnerability in software that is unpatched by the developer or an attack that exploits such a vulnerability.

Answer 138

A

Verify that the vulnerability feed/plug-in/test has been updated with the specific CVE that you need to test for.

Answer 139

A

A fully non-intrusive solution should be adopted, such as sniffing traffic using a network tap or mirror port. Using the network traffic to detect vulnerabilities rather than actively probing each device will not cause system stability issues (though there is greater risk of false positive and false negative results).

Answer 140

A

False positive.

Answer 141

A

Collecting network traffic and log data from multiple sources and then analyzing it manually will require many hours of analyst time. The use of threat feeds and intelligence fusion to automate parts of this analysis effort would enable a much swifter response.

Answer 142

A

This can be referred to as maneuver.

Answer 143

A

A risk management approach to quantifying vulnerability data and then taking into account the degree of risk to different types of systems or information.

Answer 144

A

In threat hunting, using sources of threat intelligence data to automate detection of adversary IoCs and TTPs.

Answer 145

A

In threat hunting, the concept that threat actor and defender may use deception or counterattacking strategies to gain positional advantage.

Answer 146

A

An enumeration or vulnerability scan that analyzes only intercepted network traffic rather than sending probes to a target. More generally, passive reconnaissance techniques are those that do not require direct interaction with the target.

Answer 147

A

A NIST framework that outlines various accepted practices for automating vulnerability scanning.

Answer 148

A

Cybersecurity technique designed to detect presence of threats that have not been discovered by normal security monitoring.

Answer 149

A

An evaluation of a system’s security and ability to meet compliance requirements based on the configuration state of the system, as represented by information collected from the system.

Answer 150

A

A synchronizable list of data and scripts used to check for vulnerabilities. Also referred to as plug-ins or network vulnerability tests (NVTs).

Answer 151

A

Hardware or software configured with a list of known weaknesses and exploits and can scan for their presence in a host OS or particular application.

Answer 152

A

Athreat actor has no privileged information about the website configuration or security controls. This is simulated in a black box (or blind) pen test engagement.

Answer 153

A

In a red versus blue team, there is no contact between the teams, and no opportunity to collaborate on improving security controls. In a purple team exercise, there is regular contact and knowledge sharing between the teams throughout the progression of the exercise.

Answer 154

A

ISPs monitor their networks for suspicious traffic and may block the test attempts. The pen test may also involve equipment owned and operated by the ISP.

Answer 155

A

Open-source intelligence is a reconnaissance activity to gather information about the target from any public source. The basic tool is web searches/queries plus sites that scan/scrape/monitor vulnerabilities in Internet-facing services and devices. There are also specialist OSINT tools, such as theHarvester, that aggregate data from queries for different resources.

Answer 156

A

Persistence refers to the tester’s ability to reconnect to the compromised host and use it as a remote access tool (RAT) or backdoor.

Answer 157

A

An assessment methodology where the assessor is given no privileged information about the configuration of the target of assessment.

Answer 158

A

The defensive team in a penetration test or incident response exercise.

Answer 159

A

Reward scheme operated by software and web services vendors for reporting vulnerabilities.

Answer 160

A

An assessment methodology that simulates an inside attacker who knows something about a target, but not everything.

Answer 161

A

The process by which an attacker is able to move from one part of a computing environment to another.

Answer 162

A

Recording data from frames as they pass over network media, using methods such as a mirror port or tap device.

Answer 163

A

A test that uses active tools and security utilities to evaluate security by simulating an attack on a system. A pen test will verify that a threat exists, then will actively test and bypass security controls, and will finally exploit vulnerabilities on the system. Also referred to as pentesting, or pentest.

Answer 164

A

In cybersecurity, the ability of a threat actor to maintain covert access to a target host or network.

Answer 165

A

In threat analysis, the ability of a threat actor to maintain access of a host through system shut down, reboot, or log off events.

Answer 166

A

A mode of penetration testing where red and blue teams share information and collaborate throughout the engagement.

Answer 167

A

The “hostile” or attacking team in a penetration test or incident response exercise.

Answer 168

A

Agreeing scope, operational parameters, and reporting requirements for a penetration test.

Answer 169

A

An activity where the goal is to use deception and trickery to convince unsuspecting users to provide sensitive data or to violate security guidelines.

Answer 170

A

An aircraft or drone that does not require an onboard human pilot.

Answer 171

A

The practice of using a Wi-Fi sniffer to detect WLANs and then either making use of them (if they are open/unsecured) or trying to break into them (using WEP and WPA cracking tools).

Answer 172

A

An assessment methodology that simulates an inside attacker that knows everything about the target.

Answer 173

A

Staff administering, evaluating, and supervising a penetration test or incident response exercise.

Answer 174

A

Social engineering techniques for gathering valid credentials to use to gain unauthorized access.

Answer 175

A

The social engineering technique of discovering things about an organization (or person) based on what it throws away.

Answer 176

A

A malicious communication that tricks the user into performing undesired actions, such as deleting important system files in an attempt to remove a virus, or sending money or important information.

Answer 177

A

The invention of fake personal information or the theft and misuse of an individual’s personal information.

Answer 178

A

Social engineering attack where an attacker pretends to be someone they are not.

Answer 179

A

An impersonation attack in which a request for a website, typically an e-commerce site, is redirected to a similar-looking, but fake, website.

Answer 180

A

A type of email-based social engineering attack, in which the attacker sends email from a supposedly reputable source, such as a bank, to try to elicit private information from the victim.

Answer 181

A

A social engineering tactic to obtain someone’s password or PIN by observing him or her as he or she types it in.

Answer 182

A

A form of phishing that uses SMS text messages to trick a victim into revealing information.

Answer 183

A

Junk messages sent over email (or instant messaging, which is called spim). It can also be utilized within social networking sites.

Answer 184

A

An email-based or web-based form of phishing which targets specific individuals.

Answer 185

A

A spam attack that is propagated through instant messaging rather than email.

Answer 186

A

An attack technique where the attacker disguises their identity.

Answer 187

A

Social engineering technique to gain access to a building by following someone who is unaware of their presence.

Answer 188

A

An attack—also called URL hijacking—in which an attacker registers a domain name with a common misspelling of an existing domain, so that a user who misspells a URL they enter into a browser is taken to the attacker’s website.

Answer 189

A

A human-based attack where the attacker extracts information while speaking over the phone or leveraging IP-based voice messaging services (VoIP).

Answer 190

A

An attack in which an attacker targets specific groups or organizations, discovers which websites they frequent, and injects malicious code into those sites.

Answer 191

A

An email-based or web-based form of phishing which targets senior executives or wealthy individuals.

Answer 192

A

This is likely to be a social engineering attempt. The help desk should not give out any information or add an account without confirming the caller’s identity.

Answer 193

A

This a watering hole attack, which is an attack in which an attacker targets specific groups or organizations, discovers which websites they frequent, and injects malicious code into those sites.

Answer 194

A

This could be a social engineering use case where impersonation has occurred. A combination of spear phishing (attack using specific details) and vishing (attack over a voice channel) attacks were used by the impersonator. A type of voice mimicry technology may have been used to sound like the real CEO. A safe approach would be to contact the CEO back on a known mobile number to confirm the request.

Answer 195

A

Employees should specifically be wary of shoulder surfing attempts to observe passwords and the like.

Answer 196

A

Indicators that a legitimate process has been corrupted with malicious code for the purpose of damaging or compromising the system.

Answer 197

A

Software that records information about a PC and its user. Adware is used to describe software that the user has acknowledged can record information about their habits.

Answer 198

A

A network monitoring system that uses a baseline of acceptable outcomes or event patterns to identify events that fall outside the acceptable range. Also referred to as anomaly-based detection

Answer 199

A

Software capable of detecting and removing virus infections and (in most cases) other types of malware, such as worms, Trojans, rootkits, adware, spyware, password crackers, network mappers, DoS tools, and so on.

Answer 200

A

A mechanism for gaining access to a computer that bypasses or subverts the normal method of authentication.

Answer 201

A

A means for a network node to advertise its presence and establish a link with other nodes, such as the beacon management frame sent by an AP. Legitimate software and appliances do this but it is also associated with Remote Access Trojans (RAT) communicating with a Command & Control server.

Answer 202

A

A set of hosts that has been infected by a control program called a bot that enables attackers to exploit the hosts to mount attacks.

Answer 203

A

An infrastructure of hosts and services with which attackers direct, distribute, and control malware over botnets. Also referred to as C2.

Answer 204

A

Malicious software applications that are widely available for sale or easily obtainable and usable.

Answer 205

A

A type of attack that subverts network security systems and policies to transfer data without authorization or detection.

Answer 206

A

Implementation of a sandbox for malware analysis.

Answer 207

A

A group communications protocol that enables users to chat, send private messages, and share files.

Answer 208

A

Malicious software or hardware that can record user keystrokes.

Answer 209

A

A malicious program or script that is set to run under particular circumstances or in response to a defined event.

Answer 210

A

A process executed without proper authorization from the system owner for the purpose of damaging or compromising the system.

Answer 211

A

Software that cannot definitively be classed as malicious, but may not have been chosen by or wanted by the user.

Answer 212

A

A type of malware that tries to extort money from the victim..

Answer 213

A

Malware that creates a backdoor remote administration channel to allow a threat actor to access and control the infected host.

Answer 214

A

A class of malware that modifies system files, often at the kernel level, to conceal its presence.

Answer 215

A

Lightweight block of malicious code that exploits a software vulnerability to gain initial access to a victim system.

Answer 216

A

Software that records information about a PC and its users, often installed without the user’s consent.

Answer 217

A

A suite of tools designed to assist with troubleshooting issues with Windows.

Answer 218

A

A malicious software program hidden within an innocuous-seeming piece of software. Usually, the Trojan is used to try to compromise the security of the target computer.

Answer 219

A

Code designed to infect computer files (or disks) when it is activated.

Answer 220

A

A type of malware that replicates in system memory and can spread over network connections rather than infecting files.

Answer 221

A

Text file used to store information about a user when they visit a website. Some sites use cookies to support user sessions.

Answer 222

A

This is some type of ransomware, but it will take more investigation whether it is actually crypto-malware or not.

Answer 223

A

While antivirus (A-V) remains a popular marketing description, all current security products worthy of consideration will try to provide protection against a full range of malware and potentially unwanted program (PUP) threats.

Answer 224

A

A Trojan means a malicious program masquerading as something else; a backdoor is a covert means of accessing a host or network. A Trojan need not necessarily operate a backdoor and a backdoor can be established by exploits other than using Trojans. The term remote access trojan (RAT) is used for the specific combination of Trojan and backdoor.

Answer 225

A

It is likely that the USB device implements a hardware-based keylogger. This would not necessarily require any malware to be installed or leave any trace in the file system.

Answer 226

A

Yes, this is malware as the process name is trying to masquerade as a legitimate process. It is not possible to conclusively determine the type without more investigation, but you might initially suspect a crypto-miner/crypto-jacker.

Answer 227

A

Cuckoo is a security product designed to analyze malware as it runs in an isolated sandbox environment.

Answer 228

A

A symmetric 128-, 192-, or 256-bit block cipher based on the Rijndael algorithm developed by Belgian cryptographers Joan Daemen and Vincent Rijmen and adopted by the U.S. government as its encryption standard to replace DES.

Answer 229

A

Any defined method of performing a process, but in encryption, the term specifically refers to the technique used to encrypt a message. Also referred to as Cipher

Answer 230

A

A cipher that uses public and private keys. The keys are mathematically linked, using either Rivel, Shamir, Adleman (RSA) or elliptic curve cryptography (ECC) alogrithms, but the private key is not derivable from the public one. An asymmetric key cannot reverse the operation it performs, so the public key cannot decrypt what it has encrypted, for example.

Answer 231

A

A type of symmetric encryption that encrypts data one block at a time. It is usually more secure, but is also slower, than stream ciphers.

Answer 232

A

Data that has been enciphered and cannot be read without the cipher key.

Answer 233

A

Unencrypted data that is meant to be encrypted before it is transmitted, or the result of decryption of encrypted data. Also referred to as plaintext.

Answer 234

A

The science, art, and practice of breaking codes and ciphers.

Answer 235

A

The science and practice of altering data to make it unintelligible to unauthorized parties.

Answer 236

A

An asymmetric encryption algorithm that leverages the algebraic structures of elliptic curves over finite fields to derive public/private key pairs.

Answer 237

A

A function that converts an arbitrary length string input to a fixed length string output. A cryptographic hash function does this in a way that reduces the chance of collisions, where two different inputs produce the same output. Also referred to as message digest.

Answer 238

A

In cryptography, a specific piece of information that is used in conjunction with an algorithm to perform encryption and decryption.

Answer 239

A

A cryptographic hash function producing a 128-bit output.

Answer 240

A

In asymmetric encryption, the private key is known only to the holder and is linked to, but not derivable from, a public key distributed to those with which the holder wants to communicate securely. A private key can be used to encrypt data that can be decrypted by the linked public key or vice versa.

Answer 241

A

During asymmetric encryption, this key is freely distributed and can be used to perform the reverse encryption or decryption operation of the linked private key in the pair.

Answer 242

A

A symmetric stream cipher generally considered obsolete, as it does not support large key sizes and is vulnerable to several attacks.

Answer 243

A

Named for its designers, Ronald Rivest, Adi Shamir, and Len Adelman, the first successful algorithm for public key encryption with a variable key length and block size.

Answer 244

A

A cryptographic hashing algorithm created to address possible weaknesses in MDA. The current version is SHA-2.

Answer 245

A

A type of symmetric encryption that combines a stream of plaintext bits or bytes with a pseudorandom stream initialized by a secret key.

Answer 246

A

A two-way encryption scheme in which encryption and decryption are both performed by the same key. Also known as shared-key encryption.

Answer 247

A

Mathematical ciphers that use an operation which is simple to perform one way when all of the values are known, but is difficult to reverse.

Answer 248

A

In cryptography, the security of the message is guaranteed by the security of the key. The system does not depend on hiding the algorithm or the message (security by obscurity).

Answer 249

A

Because two parties can hash the same data and compare checksums to see if they match, hashing can be used for data verification in a variety of situations, including password authentication. Hashes of passwords, rather than the password plaintext, can be stored securely or exchanged for authentication. A hash of a file or a hash code in an electronic message can be verified by both parties.

Answer 250

A

Confidentiality—symmetric ciphers are generally fast and well suited to bulk encrypting large amounts of data.

Answer 251

A

Each key can reverse the cryptographic operation performed by its pair but cannot reverse an operation performed by itself. The private key must be kept secret by the owner, but the public key is designed to be widely distributed. The private key cannot be determined from the public key, given a sufficient key size.

Answer 252

A

An encryption mode of operation where an exclusive or (XOR) is applied to the first plaintext block.

Answer 253

A

An encryption protocol used for wireless LANs that addresses the vulnerabilities of the WEP protocol.

Answer 254

A

Lists of cryptographic algorithms that a server and client can use to negotiate a secure connection.

Answer 255

A

An encryption mode of operation where a numerical counter value is used to create a constantly changing IV. Also referred to as CTM (counter mode) and CM (counter mode).

Answer 256

A

A cryptographic technique that provides secure key exchange.

Answer 257

A

A cryptographic protocol that is based on Diffie-Hellman and that provides for secure key exchange by using ephemeral keys.

Answer 258

A

A message digest encrypted using the sender’s private key that is appended to a message to authenticate the sender and prove message integrity.

Answer 259

A

public key encryption standard used for digital signatures that provides authentication and integrity verification for messages.

Answer 260

A

A cryptographic protocol that is based on Diffie-Hellman and that provides for secure key exchange by using ephemeral keys and elliptic curve cryptography.

Answer 261

A

Implementation of the DSA cipher that uses the ECC algorithm.

Answer 262

A

Command-line utility used to display messages and turn command echoing on or off.

Answer 263

A

In cryptography, a key that is used within the context of a single session only.

Answer 264

A

A mode of block chained encryption that provides message authenticity for each block.

Answer 265

A

A method used to verify both the integrity and authenticity of a message by combining a cryptographic hash of the message with a secret key.

Answer 266

A

Any method by which cryptographic keys are transferred among users, thus enabling the use of a cryptographic algorithm.

Answer 267

A

Implementation of a block symmetric cipher, with some modes allowing secure encryption of a stream of data, with or without authentication for each block.

Answer 268

A

A characteristic of transport encryption that ensures if a key is compromised the compromise will only affect a single session and not facilitate recovery of plaintext data from other sessions.

Answer 269

A

An operation that outputs to true only if one input is true and the other input is false.

Answer 270

A

A hashing function is used to create a message digest. The digest is then signed using the sender’s private key. The resulting signature can be decrypted by the recipient using the sender’s public key and cannot be modified by any other agency. The recipient can calculate his or her own digest of the message and compare it to the signed hash to validate that the message has not been altered.

Answer 271

A

The recipient’s public key (typically from the server’s key pair).

Answer 272

A

True. PFS ensures that ephemeral keys are used to encrypt each session. These keys are destroyed after use.

Answer 273

A

Diffie-Hellman allows the sender and recipient to derive the same value (the session key) from some other pre-agreed values. Some of these are exchanged, and some kept private, but there is no way for a snooper to work out the secret just from the publicly exchanged values. This means session keys can be created without relying on the server’s private key, and that it is easy to generate ephemeral keys that are different for each session.

Answer 274

A

Generally, counter modes implementing Authenticated Encryption with Additional Data (AEAD). Specific examples include AES-GCM and ChaCha20-Poly1305.

Answer 275

A

A type of password attack that exploits weaknesses in the mathematical algorithms used to encrypt passwords, in order to take advantage of the probability of different password inputs producing the same encrypted output.

Answer 276

A

In cryptography, the act of two different plaintext inputs producing the same exact ciphertext output.

Answer 277

A

A single hash function, symmetric cipher, or asymmetric cipher.

Answer 278

A

A cryptographic attack where the attacker exploits the need for backward compatibility to force a computer system to abandon the use of encrypted messages in favor of plaintext messages.

Answer 279

A

A measure of disorder. Cryptographic systems should exhibit high entropy to better resist brute force attacks.

Answer 280

A

A technique that strengthens potentially weak input for cryptographic key generation, such as passwords or passphrases created by people, against bruteforce attacks.

Answer 281

A

Proving the integrity and authenticity of a message by combining its hash with a shared secret.

Answer 282

A

An arbitrary number used only once in a cryptographic communication, often to prevent replay attacks.

Answer 283

A

Implementation of key stretching to make potentially weak input used to derive a cryptographic key, such as short passwords, less susceptible to brute force attacks.

Answer 284

A

The process by which an algorithm produces numbers that approximate randomness without being truly random.

Answer 285

A

A hardware or software component that can create values that are evenly spread over all possible values, each value being independent of any other generated values.

Answer 286

A

A security countermeasure that mitigates the impact of a rainbow table attack by adding a random value to (“salting”) each plaintext input.

Answer 287

A

A method of generating random values by sampling physical phenomena that has a high rate of entropy.

Answer 288

A

False—the usages are not exclusive. There are different types of cryptography and some can be used for non-repudiation. The principle is that if an encryption method (cipher and key) is known only to one person, that person cannot then deny having composed a message. This depends on the algorithm design allowing recipients to decrypt the message but not encrypt it.

Answer 289

A

A complex system might have to support many inputs from devices installed to potentially unsecure locations. Such a system is resilient if compromise of a small part of the system is prevented from allowing compromise of the whole system. Cryptography assists this goal by ensuring the authentication and integrity of messages delivered over the control system.

Answer 290

A

High latency is not desirable in any system really, but it will affect real-time protocols that exchange voice or video most. In network communications, latency makes the initial protocol handshake longer, meaning delay for users and possible application timeout issues.

Answer 291

A

Entropy is a measure of how disordered something is. A disordered ciphertext is desirable, because remaining features of order from the plaintext make the ciphertext vulnerable to analysis. Identical plaintexts need to be initialized with random or counter values when encrypted by the same key, and the cryptosystem needs a source of randomness to generate strong keys.

Answer 292

A

Using a key stretching password storage library, such as PBKDF2, improves resistance to brute-force cracking methods. You might also mention that you could use policies to make users choose longer, non-trivial passwords.

Answer 293

A

A concept in which an expanding list of transactional records listed in a public ledger is secured using cryptography.

Answer 294

A

Method that allows computation of certain fields in a data set without decrypting it.

Answer 295

A

Cryptographic algorithms with reduced compute requirements that are suitable for use in resource-constrained environments, such as battery-powered devices.

Answer 296

A

Anticipating challenges to current cryptographic implementations and general security issues in a world where threat actors have accesss to significant quantum processing capability.

Answer 297

A

Using quantum computing for cryptographic tasks, such as distributing keys or cracking (traditional) cryptographic systems. Quantum computing works on the principle that its units (qubits) have more properties than the bits used in “classical” computers, notably (and very crudely) that a qubit can have a probability of being 1 or 0 and that inspecting the value of one qubit can instantly determine that of others (entanglement).

Answer 298

A

A technique for obscuring the presence of a message, often by embedding information within a file or other entity.

Answer 299

A

Homomorphic encryption allows calculations to be performed while preserving privacy and confidentiality by keeping the data encrypted.

Answer 300

A

A threat actor could conceal information within an image file and use that to bypass the DLP system. One thing to note is that attackers could find other ways to implement covertexts (audio or video, for instance) or abuse protocol coding. There are many things that steganalysis needs to be able to scan for! You might also note that steganography is not only a data exfiltration risk. It can also be used to smuggle malicious code into a host system.

Answer 301

A

A server that guarantees subject identities by issuing signed digital certifcate wrappers for their public keys.

Answer 302

A

An X.509 digital certificate is issued by a Certificate Authority (CA) as a guarantee that a public key it has issued to an organization to encrypt messages sent to it genuinely belongs to that organization.

Answer 303

A

A certificate field defined by version 3 of the X.509 standard that enables additional information to be included about a certificate.

Answer 304

A

A document that defines the different types of certificates issued by a CA.

Answer 305

A

An X500 attribute expressing a host or user name, also used as the subject identifier for a digital certificate.

Answer 306

A

The method of using a digital signature to ensure the source and integrity of programming code.

Answer 307

A

A Base64 ASCII file that a subject sends to a CA to get a certificate.

Answer 308

A

An X.509 digital certificate is issued by a Certificate Authority (CA) as a guarantee that a public key it has issued to an organization to encrypt messages sent to it genuinely belongs to that organization.

Answer 309

A

In PKI, a CA (typically the root CA) that has been disconnected from the network to protect it from compromise.

Answer 310

A

In PKI, a CA that is available to accept and process certificate signing requests, publish certificate revocation lists, and perform other certificate management tasks.

Answer 311

A

Series of standards defining the use of certificate authorities and digital certificates.

Answer 312

A

Framework of certificate authorities, digial certificates, software, services, and other cryptographic components deployed for the purpose of validating subject identities.

Answer 313

A

In PKI, an authority that accepts requests for digital certificates and authenticates the entities making those requests.

Answer 314

A

In PKI, a CA that issues certificates to intermediate CAs in a hierarchical structure.

Answer 315

A

Field in a digital certificate allowing a host to be identified by multiple host names/subdomains.

Answer 316

A

A digital certificate that has been signed by the entity that issued it, rather than by a CA.

Answer 317

A

A digital certificate that guarantees the identity of e-commerce sites and other websites that gather and store confidential information.

Answer 318

A

The structure depends on the integrity of the root CA.

Answer 319

A

In most cases, the subject generates a key pair then adds the public key along with subject information and certificate type in a certificate signing request (CSR) and submits it to the CA. If the CA accepts the request, it generates a certificate with the appropriate key usage and validity, signs it, and transmits it to the subject.

Answer 320

A

The subject’s public key and the algorithms used for encryption and hashing. The certificate also stores a digital signature from the issuing CA, establishing the chain of trust.

Answer 321

A

That the application processing the certificate must be able to interpret the extension correctly. Otherwise, it should reject the certificate.

Answer 322

A

A code signing certificate. Certificates are issued for specific purposes. A certificate issued for one purpose should not be reused for other functions.

Answer 323

A

The subject alternative name (SAN) field. A wildcard certificate will match any subdomain label.

Answer 324

A

7-bit code page mapping binary values to character glyphs. Standard ASCII can represent 127 characters, though some values are reserved for non-printing control characters.

Answer 325

A

A list of certificates that were revoked before their expiration date.

Answer 326

A

The binary format used to structure the information in a digital certificate.

Answer 327

A

In key management, the storage of a backup key with a third party.

Answer 328

A

A means of limiting access to critical encryption keys such as the private key of a root CA. At least M of the total number (N) of authorized individuals must be present to access the key.

Answer 329

A

Allows clients to request the status of a digital certificate, to check whether it is revoked.

Answer 330

A

Format that allows a private key to be exported along with its digital certificate.

Answer 331

A

File format for transmitting a chain of digital certificates, using PKCS#7.

Answer 332

A

Base64 encoding scheme used to store certificate and key data as ASCII text.

Answer 333

A

Windows file format for storing a private key and certificate data. The file can be password-protected.

Answer 334

A

A deprecated method of trusting digital certificates that bypasses the CA hierarchy and chain of trust to minimize man-in-the-middle attacks.

Answer 335

A

In PKI, an account or combination of accounts that can copy a cryptographic key from backup or escrow and restore it to a subject host or user.

Answer 336

A

Mechanism used to mitigate performance and privacy issues when requesting certificate status from an OCSP responder.

Answer 337

A

It puts both data confidentiality and identification and authentication systems at risk. Depending on the key usage, the key may be used to decrypt data with authorization. The key could also be used to impersonate a user or computer account.

Answer 338

A

Escrow refers to archiving the key used to encrypt the customer’s backups with your company as a third party. The risk is that an insider attack from your company may be able to decrypt the data backups. This risk can be mitigated by requiring M-of-N access to the escrow keys, reducing the risk of a rogue administrator.

Answer 339

A

Either a published Certificate Revocation List (CRL) or an Online Certificate Status Protocol (OCSP) responder.

Answer 340

A

HTTP Public Key Pinning (HPKP) ensures that when a client inspects the certificate presented by a server or a code-signed application, it is inspecting the proper certificate by submitting one or more public keys to an HTTP browser via an HTTP header.

Answer 341

A

PKCS #12 / .PFX / .P12.

Answer 342

A

This generates a new RSA key pair plus a certificate signing request.

Answer 343

A

A security concept where a centralized platform verifies subject identification, ensures the subject is assigned relevant permissions, and then logs these actions to create an audit trail.

Answer 344

A

A method of validating a particular entity’s or individual’s unique credentials.

Answer 345

A

Tracking authorized usage of a resource or use of rights by a subject and alerting when unauthorized use is detected or attempted.

Answer 346

A

The process of determining what rights and privileges a particular entity has.

Answer 347

A

A security process that provides identification, authentication, and authorization mechanisms for users, computers, and other entities to work with organizational assets like networks, operating systems, and applications.

Answer 348

A

The process by which a user account (and its credentials) is issued to the correct person. Sometimes referred to as enrollment.

Answer 349

A

An authentication scheme that requires the user to present at least two different factors as credentials, from something you know, something you have, something you are, something you do, and somewhere you are. Specifying two factors is known as 2FA.

Answer 350

A

Number used in conjunction with authentication devices such as smart cards; as the PIN should be known only to the user, loss of the smart card should not represent a security risk.

Answer 351

A

Authorization means granting the account that has been configured for the user on the computer system the right to make use of a resource. Authorization manages the privileges granted on the resource. Authentication protects the validity of the user account by testing that the person accessing that account is who she/he says she/he is.

Answer 352

A

Perform checks to confirm the user’s identity, issue authentication credentials securely, assign appropriate permissions/privileges to the account, and ensure accounting mechanisms to audit the user’s activity.

Answer 353

A

False—Three-factor authentication also includes a biometric-, behavioral-, or location-based element. The password and PIN elements are the same factor (something you know).

Answer 354

A

You can query the location service running on a device or geolocation by IP. You could use location with the network, based on switch port, wireless network name, virtual LAN (VLAN), or IP subnet.

Answer 355

A

A type of password attack where an attacker uses an application to exhaustively try every possible alphanumeric combination to crack encrypted passwords.

Answer 356

A

Authentication scheme developed for dial-up networks that uses an encrypted three-way handshake to authenticate the client to the server. The challenge-response is repeated throughout the connection (though transparently to the user) to guard against replay attacks.

Answer 357

A

Brute force attack in which stolen user account names and passwords are tested against multiple websites.

Answer 358

A

A type of password attack that compares encrypted passwords against a predetermined list of possible password values.

Answer 359

A

Command-line tool used to perform brute force and dictionary attacks against password hashes.

Answer 360

A

An attack that uses multiple attack methods, such as dictionary and brute force attacks, when trying to crack a password.

Answer 361

A

Component of Kerberos that authenticates users and issues tickets (tokens).

Answer 362

A

A single sign-on authentication and authorization service that is based on a time-sensitive ticket-granting system.

Answer 363

A

A type of brute-force password cracking that uses placeholders for predictable values based on typical user behavior when it comes to designing passwords.

Answer 364

A

Implementation of CHAP created by Microsoft for use in its products.

Answer 365

A

A challenge-response authentication protocol created by Microsoft for use in its products.

Answer 366

A

Framework for implementing authentication providers in Linux.

Answer 367

A

Obsolete authentication mechanism used with PPP. PAP transfers the password in plaintext and so is vulnerable to eavesdropping.

Answer 368

A

Password guessing software can attempt to crack captured hashes of user credentials by running through all possible combinations (brute force). This can be made less computationally intensive by using a dictionary of standard words or phrases.

Answer 369

A

Brute force attack in which multiple user accounts are tested with a dictionary of common passwords.

Answer 370

A

Tool for speeding up attacks against Windows passwords by precomputing possible hashes.

Answer 371

A

An authentication technology that enables a user to authenticate once and receive authorizations for multiple services.

Answer 372

A

In Kerberos, a token issued to an authenticated account to allow access to authorized application servers.

Answer 373

A

A long personal identification number (PIN) is difficult for users to remember, but a short PIN is easy to crack. A PIN can only be used safely where the number of sequential authentication attempts can be strictly limited.

Answer 374

A

PAP is a legacy protocol that cannot be considered secure because it transmits plaintext ASCII passwords and has no cryptographic protection. The only way to ensure the security of PAP is to ensure that the endpoints established a secure tunnel (using IPSec, for instance).

Answer 375

A

False—only the KDC verifies the user credential. The Ticket Granting Service (TGS) sends the user’s account details (SID) to the target application for authorization (allocation of permissions), not authentication.

Answer 376

A

No. This is security by obscurity. The file could probably be easily discovered using search tools.

Answer 377

A

The length of the password. If the password does not have any complexity (if it is just two dictionary words, for instance), it may still be vulnerable to a dictionary-based attack. A long password may still be vulnerable if the output space is small or if the mechanism used to hash the password is faulty (LM hashes being one example).

Answer 378

A

A PNAC switch or router that activates EAPoL and passes a supplicant’s authentication data to an authenticating server, such as a RADIUS server.

Answer 379

A

Framework for negotiating authentication methods that enables systems to use hardware-based identifiers, such as fingerprint scanners or smart card readers, for authentication.

Answer 380

A

A port-based network access control (PNAC) mechanism that allows the use of EAP authentication when a host connects to an Ethernet switch.

Answer 381

A

An algorithm that generates a one-time password using a hash-based authentication code to verify the authenticity of the message.

Answer 382

A

An appliance for generating and storing cryptographic keys. This sort of solution may be less susceptible to tampering and insider threats than software-based storage.

Answer 383

A

A standard for encapsulating EAP communications over a LAN (EAPoL) to implement port-based authentication.

Answer 384

A

A chip implanted in a plastic fob. The chip can store authentication data (such as a digital certificate) that can be read when put in proximity with a suitable scanner. Another use for fobs is to generate a One Time Password, valid for a couple of minutes only and mathematically linked to a code generated on a server.

Answer 385

A

An industry body comprising the main PKI providers, such as Verisign and Entrust, that was established with the aim of developing an open, strong authentication framework.

Answer 386

A

A password that is generated for use in one specific session and becomes invalid after the session ends.

Answer 387

A

Monitoring network transmissions for user credentials sent as cleartext or as cryptographic hashes.

Answer 388

A

A switch (or router) that performs some sort of authentication of the attached device before activating the port.

Answer 389

A

A standard protocol used to manage remote and wireless authentication infrastructures.

Answer 390

A

A device similar to a credit card that can store authentication information, such as a user’s private key, on an embedded microchip.

Answer 391

A

In EAP architecture, the device requesting access to the network.

Answer 392

A

An AAA protocol developed by Cisco that is often used to authenticate to administrator accounts for network appliance management.

Answer 393

A

A physical or virtual item that contains authentication and/or authorization data, commonly used in multifactor authentication.

Answer 394

A

An improvement on HOTP that forces one-time passwords to expire after a short period of time.

Answer 395

A

True. The smart card implements a cryptoprocessor for secure generation and storage of key and certificate material.

Answer 396

A

A hardware security module (HSM) is optimized for this role and so present a smaller attack surface. It is designed to be tamper-evident to mitigate against insider threat risks. It is also likely to have a better implementation of a random number generator, improving the security properties of key material.

Answer 397

A

Local logon providers, such as Kerberos, support smart cards, but this is not network access control as the device has already been allowed on the network. The IEEE 802.1X framework means that network access servers (switches, access points, and VPN gateways) can accept Extensible Authentication Protocols (EAP) credentials, but block any other type of network access. They act as pass-thru for an authentication server, which stores and validates the credentials. Some EAP types support smart card or machine authentication.

Answer 398

A

A device or server that accepts user connections, often referred to as a network access server (NAS) or as the authenticator. Using RADIUS architecture, the client does not need to be able to perform authentication itself; it performs pass-thru to an AAA server.

Answer 399

A

A network access server that supports 802.1X port-based access control can enable a port but allow only the transfer of Extensible Authentication Protocol over LAN (EAPoL) traffic. This allows the supplicant and authentication server to perform the authentication process, with the network access server acting as a pass-thru.

Answer 400

A

A one-time password mechanism generates a token that is valid only for a short period (usually 60 seconds), before it changes again.

Answer 401

A

Physical characteristics stored as a digital data template can be used to authenticate a user. Typical features used include facial pattern, iris, retina, or fingerprint pattern, and signature recognition.

Answer 402

A

Biometric evaluation factor expressing the point at which FAR and FRR meet, with a low value indicating better performance.

Answer 403

A

Biometric assessment metric that measures the number of unauthorized users who are mistakenly allowed access.

Answer 404

A

Biometric authentication device that can produce a template signature of a user’s fingerprint then subsequently compare the template to the digit submitted for authentication.

Answer 405

A

Biometric assessment metric that measures the number of valid subjects who are denied access.

Answer 406

A

Biometric mechanism that identifies a subject based on movement pattern.

Answer 407

A

Error rates (false acceptance and false rejection), throughput, and whether users will accept the technology or reject it as too intrusive or threatening to privacy.

Answer 408

A

As a capacitive cell.

Answer 409

A

Iris scans are simpler.

Answer 410

A

For identification based on biometric features and in continuous authentication mechanisms.

Answer 411

A

Default administrative and guest accounts configured on servers and network devices are possible points of unauthorized access.

Answer 412

A

A group account is a collection of user accounts that are useful when establishing file permissions and user rights because when many individuals need the same level of access, a group could be established containing all the relevant users.

Answer 413

A

The policy of preventing any one individual performing the same role or tasks for too long. This deters fraud and provides better oversight of the person’s duties.

Answer 414

A

A basic principle of security stating that something should be allocated the minimum necessary rights, privileges, or information to perform its role.

Answer 415

A

The principle that states when and how long an employee must take time off from work so that their activities may be subjected to a security review.

Answer 416

A

An agreement that stipulates that entities will not share confidential information, knowledge, or materials with unauthorized third parties.

Answer 417

A

The process of ensuring that all HR and other requirements are covered when an employee leaves an organization. Also referred to as an exit interview.

Answer 418

A

The process of bringing in a new employee, contractor, or supplier.

Answer 419

A

The use of authentication and authorization mechanisms to provide an administrator with centralized or decentralized control of user and group role-based entitlement.

Answer 420

A

A concept that states that duties and responsibilities should be divided among individuals to prevent ethical conflicts or abuse of powers.

Answer 421

A

A host or network account that is designed to run a background service, rather than to log on interactively.

Answer 422

A

An account with no credential (guest) or one where the credential is known to multiple persons.

Answer 423

A

The cloud vendor is acting as the identity provider.

Answer 424

A

Onboarding.

Answer 425

A

Least privilege.

Answer 426

A

A standard operating procedure (SOP) is a step-by-step listing of the actions that must be completed for any given task.

Answer 427

A

Shared authority, job rotation, and mandatory enforced vacation/holidays.

Answer 428

A

While it’s possible that lax password requirements and incorrect privileges may have contributed to the account compromise, the most glaring problem is that the terminated employee’s account wasn’t disabled. Since the account was no longer being used, it should not have been left active for a malicious user to exploit.

Answer 429

A

Interactive logon refers to starting a shell. Service accounts do not require this type of access. Default superuser accounts, such as Administrator and root, may also be disabled, or limited to use in system recovery or repair.

Answer 430

A

SSH and API keys are often unsecurely embedded in computer code or uploaded mistakenly to repositories alongside code. Also, managing shared credentials can be difficult, and many sites resort to storing them in a shared spreadsheet.

Answer 431

A

The specified amount of time when an account expires to eliminate the possibility that it will be forgotten about and act as possible system backdoors.

Answer 432

A

A set of rules governing user security information, such as password expiration and uniqueness, which can be set globally.

Answer 433

A

On a Windows domain, a way to deploy per-user and per-computer settings such as password policy, account restrictions, firewall status, and so on.

Answer 434

A

The value assigned to an account by Windows and that is used by the operating system to identify that account.

Answer 435

A

Policies or configuration settings that limit a user’s access to resources.

Answer 436

A

Organization Unit (OU).

Answer 437

A

More users would forget their password, try to select unsecure ones, or write them down/record them in a non-secure way (like a sticky note).

Answer 438

A

Enforce password history.

Answer 439

A

An IP address can represent a logical location (subnet) on a private network. Most types of public IP address can be linked to a geographical location, based on information published by the registrant that manages that block of IP address space.

Answer 440

A

A user’s actions are logged on the system. Each user is associated with a unique computer account. As long as the user’s authentication is secure and the logging system is tamper-proof, they cannot deny having performed the action.

Answer 441

A

Usage events must be recorded in a log. Choosing which events to log will be guided by an audit policy.

Answer 442

A

An account enters a locked state because of a policy violation, such as an incorrect password being entered incorrectly. Lockout is usually applied for a limited duration. An account is usually disabled manually, using the account properties. A disabled account can only be re-enabled manually.

Answer 443

A

Policies, procedures, and support software for managing accounts and credentials with administrative permissions.

Answer 444

A

An access control technique that evaluates a set of attributes that each subject possesses to determine if access should be granted.

Answer 445

A

A collection of access control entries (ACEs) that determines which subjects (user accounts, host IP addresses, and so on) are allowed or denied access to the object and the privileges given (read only, read/write, and so on).

Answer 446

A

Linux command for managing file permissions.

Answer 447

A

Access control model where each resource is protected by an Access Control List (ACL) managed by the resource’s owner (or owners).

Answer 448

A

A network service that stores identity information about all the objects in a particular network, including users, groups, servers, client computers, and printers.

Answer 449

A

A process that provides a shared login capability across multiple systems and enterprises. It essentially connects the identity management services of multiple systems.

Answer 450

A

In a federated network, the service that holds the user account and performs authentication.

Answer 451

A

Access control model where resources are protected by inflexible, system defined rules. Resources (objects) and users (subjects) are allocated a clearance level (or label).

Answer 452

A

Standard for federated identity management, allowing resource servers or consumer sites to work with user accounts created and managed on a separate identity provider.

Answer 453

A

An authentication layer that sits on top of the OAuth 2.0 authorization protocol.

Answer 454

A

Security settings that control access to objects including file system items and network resources.

Answer 455

A

An access control model where resources are protected by ACLs that are managed by administrators and that provide user permissions based on job functions.

Answer 456

A

A non-discretionary access control technique that is based on a set of operational rules or restrictions to enforce a least privileges permissions policy.

Answer 457

A

An XML-based data format used to exchange authentication information between a client and a service.

Answer 458

A

It is easier for users to adjust the policy to fit changing business needs. Centralized policies can easily become inflexible and bureaucratic.

Answer 459

A

A group is simply a container for several user objects. Any organizing principle can be applied. In a role-based access control system, groups are tightly defined according to job functions. Also, a user should (logically) only possess the permissions of one role at a time.

Answer 460

A

This sort of negotiation would not be permitted under rule-based access control; it is a feature of discretionary access control.

Answer 461

A

To store information about network resources and users in a format that can be accessed and updated using standard queries.

Answer 462

A

Security Assertion Markup Language (SAML) and OAuth + OpenID Connect (OIDC). OAuth with OIDC as an authentication layer offers better support for native mobile apps so is probably the best choice.

Answer 463

A

A policy that governs employees’ use of company equipment and Internet services. ISPs may also apply AUPs to their customers. Also referred to as fair use policy.

Answer 464

A

Training event where learners must identify a token within a live network environment.

Answer 465

A

Training and education programs delivered using computer devices and e-learning instructional models and design.

Answer 466

A

An organizational policy that mandates employee work areas be free from potentially sensitive information; sensitive documents must not be left out where unauthorized personnel might see them.

Answer 467

A

Professional behavior depends on basic ethical standards, such as honesty and fairness. Some professions may have developed codes of ethics to cover difficult situations; some businesses may also have a code of ethics to communicate the values it expects its employees to practice.

Answer 468

A

A lack of proper user training directly contributes to the success of social engineering attempts. Attackers can easily trick users when those users are unfamiliar with the characteristics and ramifications of such deception.

Answer 469

A

Employees have different levels of technical knowledge and different work priorities. This means that a “one size fits all” approach to security training is impractical.

Answer 470

A

Using a diversity of training techniques will boost engagement and retention. Practical tasks, such as phishing simulations, will give attendees more direct experience. Workshops or computer-based training will make it easier to assess whether the training has been completed.

Answer 471

A

A server typically found in a DMZ that is configured to provide a single service to reduce the possibility of compromise.

Answer 472

A

A segment isolated from the rest of a private network by one or more firewalls that accepts connections from the Internet over designated ports.

Answer 473

A

Design paradigm accounting for the fact that data center traffic between servers is greater than that passing in and out (north-south).

Answer 474

A

A private network that provides some access to outside parties, particularly vendors, partners, and select customers.

Answer 475

A

A zone permitting anonymous access (or perhaps a mix of anonymous and authenticated access) by untrusted hosts over the Internet.

Answer 476

A

A private network that is only accessible by the organization’s own personnel.

Answer 477

A

A method of manually generating packets (instead of modifying existing network traffic) to test the behavior of network devices, enabling a hacker to enumerate firewall or intrusion detection rules that are in place.

Answer 478

A

A network device that links dissimilar networks and can support multiple alternate paths between location-based parameters such as speed, traffic loads, and price.

Answer 479

A

A dual-homed proxy/gateway server used to provide Internet access to other network nodes, while protecting them from external attack.

Answer 480

A

A portion of a network where all attached hosts can communicate freely with one another.

Answer 481

A

In Ethernet, a networking device that receives incoming data, reviews the destination MAC address against an internal address table, and sends the data out through the port that contains the destination MAC address.

Answer 482

A

A logically separate network, created by using switching technology. Even though hosts on two VLANs may be physically connected to the same cabling, local traffic is isolated to each VLAN so they must use a router to communicate.

Answer 483

A

Security design paradigm where any request (host-to-host or container-to-container) must be authenticated before being allowed.

Answer 484

A

In networking infrastructure, an area of a network where the security configuration is the same for all hosts within it. In physical security, an area separated by barriers that control entry and exit points.

Answer 485

A

Allows a router to perform dynamic updates to its routing table based on route data exchanged with other routers.

Answer 486

A

In general, you should start implementing some form of network segmentation to put hosts with the same security requirements within segregated zones. For example, the workstations in each business department can be grouped in their own subnets to prevent a compromise of one subnet from spreading to another. Likewise, with VLANs, you can more easily manage the logical segmentation of the network without disrupting the physical infrastructure (i.e., devices and cabling).

Answer 487

A

The Internet is an external zone where none of the hosts accessing your services can be assumed trusted or authenticated. An extranet is a zone allowing controlled access to semi-trusted hosts, implying some sort of authentication. The hosts are semi-trusted because they are not under the administrative control of the organization (as they are owned by suppliers, customers, business partners, contractors, and so on).

Answer 488

A

Subnet traffic is routed, allowing it to be filtered by devices such as a firewall. An attacker must be able to gather more information about the configuration of the network and overcome more barriers to launch successful attacks.

Answer 489

A

By using two firewalls (external and internal) around a screened subnet, or by using a triple-homed firewall (one with three network interfaces).

Answer 490

A

This is typical of a data center or server farm, where a single external request causes multiple cascading requests between servers within the data center. This is a problem for a perimeter security model, as funneling this traffic up to a firewall and then back to a server creates a performance bottleneck.

Answer 491

A

The broadcast mechanism by which individual hardware MAC addresses are matched to an IP address on a local network segment.

Answer 492

A

An optional security feature of a switch that prevents excessive ARP replies from flooding a network segment.

Answer 493

A

A network-based attack where an attacker with access to the target local network segment redirects an IP address to the MAC address of a computer that is not the intended recipient. This can be used to perform a variety of attacks, including DoS, spoofing, and Man-in-the-Middle. Sometimes referred to as ARP spoofing.

Answer 494

A

A path vector routing protocol used by ISPs to establish routing between one another. Also referred to as Autonomous System (AS)

Answer 495

A

A switch port security feature that disables a port. It is configured on access ports where any BPDU frames are likely to be malicious. Bridge Protocol Data Units (BPDUs) are used to communicate information about the topology and are not expected on access ports, so BPDU Guard protects against misconfiguration or a possible malicious attack.

Answer 496

A

Traffic that is recirculated and amplified by loops in a switching topology, causing network slowdowns and crashing switches.

Answer 497

A

A configuration option that enables a switch to inspect DHCP traffic to prevent MAC spoofing.

Answer 498

A

Some transmission media are susceptible to eavesdropping (listening in to communications sent over the media). To secure transmissions, they must be encrypted.

Brainscape's Knowledge GenomeTM

full_offl Flashcards

all the official cards

Brainscape's Knowledge Genome^TM