Fundamentals of Security

Question 1

What is the differences between information security and information system security?

Answer 1

Information security refers to protecting actual data and
Information system security refers to protecting the actual devices/ systems that store data.

Question 2

What are the 4 main types of security controls?

Answer 2

Managerial control/ Administrative controls -
Technical controls -
Operational controls -
Physical controls -

Question 3

Give me few examples of techniques to keep data confidential.

Answer 3

• Encryption
• Implementing access controls
• Data masking
• tokenization
• User training and awareness
• Implementing physical controls to block unauthorized access

Question 4

How we can maintain integrity of data?

Answer 4

• using hashing algorithms
• checksum
• reviewing logs
• Digital signatures
• Access controls

Question 5

What is non-repudiation and it’s concept is achieved?

Answer 5

It refers to the concept that if someone has taken some action, they cannot deny it.
In email communication, it is ensured using Digital Signatures.

Question 6

What are different ways to authenticate someone? What are its factors?

Answer 6

1. Something you know - like a password or pincode. Or it could be KBA (Knowledge based authentication like answering security questions)
2. Something you have -
   Like having a access card, or
   using token fob/key token
3. Something you are - involves biometrics

Question 7

Define something you have authentication factor.

Answer 7

1. We might have a access card. Access card uses NFC or RFID (Radio Frequency Identification) technology in them. Normally these cards have a microchip in them that has a certificate with a private key.
2. We may also use key fob/token fob.
   Note there is a software implementation of key fob as well. Two open source protocols are available to implement software key-fob technology.
   1st is HOTP (Hash based one time password)
   2nd is TOPT (Time based one time password)

Question 8

What technologies/tools we can use to implement accounting in our networks?

Answer 8

Syslog servers
SIEM - Security Incident and Event Management tool
Network Protocol analyzers

Question 9

Define technical controls.

Answer 9

There are the controls are implemented once like implementing ACLs in firewalls, and they will do their work automatically after.

Question 10

Define Managerial or Administrative controls.

Answer 10

Managerial controls are administrative in nature. It involves strategic planning and governance side of security.
Like planning the incident response plans, or making security policies, procedures and guidelines.

Question 11

What are operational controls?

Answer 11

Operational controls are related to day-to-day activities and it involves human participation.
Ex - employees following clean-desk policy or making sure that their LAN password length is at-least 12 characters long.

Other examples of operational controls are back-up procedures, Account reviews, user training programs

Question 12

What are the different types of security controls?

Answer 12

Preventative controls
Detective controls
Deterrent controls
Corrective controls
Compensating controls
Directive controls

Question 13

What is the use of compensative controls?

Answer 13

Compensative controls are used where primary control mechanisms fail or are not effective.

Question 14

What is GAP analysis and what are different steps involved in it?

Answer 14

Gap analysis refers to the process of finding differences between the organizations current state and its desired state.

It involves following steps -

1. Finding the scope of the GAP analysis
2. Evaluating/analyzing the current state of the organization as per defined-scope
3. Finding out the gaps between the current state and the desired state/goal
4. Developing a plan to bridge the gap

Question 15

What are 2 types of GAP analysis?

Answer 15

Technical GAP analysis
Business GAP analysis

Question 16

What is the concept of Zero trust?

Answer 16

Todays networks are decentralized. So companies goal is to implement the zero trust in their organization.

It demand the verification of every device, user and transaction within the network, regardless of its origin.

Question 17

What is a common goal of fault tolerance and redundancy techniques?

Answer 17

To remove the SPOF (Single Point Of Failure)

Question 18

Define hping command.

Answer 18

Hping is command is used in linux (SAYAD).
With hping command, we can send message using TCP, UDP, and ICMP protocol.

Question 19

Define ifconfig command

Answer 19

This command is used in Linux to see the TCP/IP suite information.
Command is
ifconfig eth0 promisc

Question 20

What do we use netstat command for?

Answer 20

netstat command is used to see TCP/IP connections.

To get more information about it, use :
netstat /? -> In windows

Question 21

What do we use tracert command for?

Answer 21

tracert command is used to find the path that a packet takes to reach it destination.
This command is used in Windows and gives use the IP address of each hop in the packet path.

Linux equivalent command is traceroute

Question 22

What is pathping command?

Answer 22

Pathping command is combination of ping and tracert

Question 23

Define journalctl command.

Answer 23

This command is used to get the log entries that journald protocol has collected from different sources.

Question 24

What are some of the connection states of netstat command?

Answer 24

Close_WAIT -> Waiting for a connection termination request
Time_WAIT -> This indicates the system is waiting for enough time to pass to be sure the remote system received a TCP-based acknowledgement of the connection.

SYN_SENT -

SYN_Received -

Question 25

What tool in windows can we use to view logs?

Answer 25

We can Windows Event Viewer.

Using it, we can view following kind of logs-

Security logs
Application logs
System logs

Question 26

Define Syslog protocol.

Answer 26

It is a logging protocol that defines a general format for logs and it defines rules to transport the log data to some centralized logging server.

With this protocol, we can connect log data from different sources.

For unencrypted log messages, this protocol uses UDP port 514.
For send encrypted messages, it uses TCP port with port number 6514 with Transport Layer Security.

This protocol stores log data in plain text at /var/log/syslog

Question 27

What is the use of logger command.

Answer 27

We can use logged command to timestamp some event like when the backup was created.
It will add this entry in /var/log/syslog

Question 28

What are some other alternatives of using Syslog protocol.

Answer 28

syslog-ng
rsyslog
nxlog is another log management tool and is similar to rsyslog and syslog-ng

Question 29

What is most secure method out of different biometric methods?

Answer 29

Iris and Retina scans

Iris is preferred.

Question 30

What is Account Management?

Answer 30

It is the process of creating account, managing accounts, suspending and terminating them.

Question 31

What are different types of account types?

Answer 31

User accounts :
Admin Accounts :
Device accounts :

Service accounts : Some applications and services need to run under the context of an account and a service account fills this need.

Guest Accounts:

Third Part Accounts:

Shared and Generic accounts :

Question 32

What is PAM?

Answer 32

PAM stands for privileged Access Management.

It recommends to use 2 accounts by administrators.

Question 33

How and why do we use Kerbros in Enterprise systems?

Answer 33

It is used to implement SSO solution in Enterprise networks.
SSO should always be implemented with other kind of MFA.

kerbros is a network authentication protocol within Microsoft Windows Active Directory domain.

Kerbros has 3 components :

1. Some Key Distribution Centre server that generates TGT (Ticket granting tickets)
2. Time Synchronization.
3. a database of users and objects. In Windows systems, this database is Active Directory.

Question 34

How can we implement SSO over the internet over different networks/systems/environments?

Answer 34

One way of implementing SSO among different environments is by creating a federation of companies in which 2 different companies create a Federated Access Management system.

One way of implementing Federated Access Management system over the internet is using SAML (Security Assertion Markup Language)

Question 35

Define SAML.

Answer 35

SAML is Security Assertion Markup Language.
It is a protocol with which we can implement SSO over the internet.
It involves 3 entities :

1. Principle - Typically a user
2. Service Provider
3. Identity provider

Another alternative to using SAML is openID connection (OIDC) - it uses JSON Web Token (JWT) messages instead of XML used in SAML.

Question 36

What is Oauth?

Answer 36

It is an open standard for authorization many companies use to provide secure access to protected resources.

Question 37

What are different motivations behind threat actors?

Answer 37

1. Data exfiltration
2. War
3. Service Disruption
4. Espionage
5. Social cause / Philosophical or Political Beliefs
6. Revenge
7. Ethical hacking
8. Blackmail
9. Financial Gain

Question 38

What are different threat actor attributes?

Answer 38

Internal VS external

Level of Sophistication And capability

Resources and Funding

Question 39

Who are unskilled attackers and what are their motives?

Answer 39

These are also called Script-kiddies
They don’t have financial again motive but their motive might include learning new tool.

Question 40

Who is a Hactivist

Answer 40

An Hactivist is an individual or group of people who might hack systems due to some social cause or to promote a Social change.

They can end up doing following things:

1. Doxing - it is process in which a threat actor publicly release someone individuals personal information
2. Denial Of service
3. Website Defacement
4. Leaking of sensitive information

Question 41

Who are Organized crime group?

Answer 41

These are group of hackers who are very sophisticated and hight level of expertise. Their main motive is financial gain.

Example of such group is FIN7, carbanak

Question 42

Who are Nation State actors?

Answer 42

These are the state sponsored threat actors who spy on individuals, group of people or other state to gain sensitive information or classified information.

These nation state threat actors usually use “False flag attack” in which they try to hide the attack origin.

Question 43

What is shadow IT?

Answer 43

This term refers to the scenario when someone make use of devices, applications, processes without IT approval in a corporate environment. This action might lead to increased number of vulnerabilities in a corporate network.

For example - Someone might install an application without approval on their system.

Question 44

Define term attack vector and attack surface area.

Answer 44

Attack surface area refers to all the vulnerabilities in the organizational network.

Attack vector refers to specific mean or path by which an threat actor can penetrate a network to steal data or to enter malicious data.

Question 45

Give me some examples of attack vector.

Answer 45

Messages (email message, text message)
Files
Images
Unsecured network
Social media
Removable devices
Voice calls

Question 46

What are Blueborne and Bluesmack attacks?

Answer 46

Blueborne attack - It is an attack in which a threat actor exploits a number of vulnerabilities in Bluetooth and it can allow can attacker to take over devices or spread malware.

Bluesmack - It is a type of denial of service attack that targets bluetooth enabled devices.

Question 47

What are different tools with which we can learn TTPs (Tools, Tactics and procedures) of threat actors?

Answer 47

By using following -

Honeypots
Honeynets
Honeytokens
Honeyfiles

Question 48

What are Honeytoken?

Answer 48

It is some kind of object that does hold any legitimate value like fake admin account.
These are planted or created in organization network to find insider threats . For example, if someone ends of using these objects like fake admin account, security team will know that there is a insider threat.

Question 49

What are few methods to confuse an attacker?

Answer 49

• using bogus DNS entries
• Creating decoy entries
• Generating dynamic pages
• Using port triggering
• spoofing fake telemetry data

Question 50

What are different surveillance system tools?

Answer 50

Cameras
Security guards
Sensors like infrared sensors, Pressure sensors, Microwave sensor, Ultrasonic sensor

Question 51

What are few ways to bypass surveillance systems?

Answer 51

Blinding sensors and cameras
By creating electro-magnetic interference
Visual obstruction
Physical environment attack

Question 52

What are access control vestibules?

Answer 52

These are installed to prevent piggybacking and tailgating attack.

Question 53

Define term FAR and FRR (Related to biometric devices).

Answer 53

FAR - False Acceptance rate - It is the rate that shows percentage of falsely authenticated people by an biometric device

FRR - It is False Rejection Rate

There is CER - Cross-over Error rate where FRR and FAR meet on a graph. This point is also called Equal error rate

Question 54

What tool can we use to clone Access Cards and how we can protect from it?

Answer 54

Flipper Zero

For preventing from these attacks -
1. We can implement advanced encryption in card-based authentication systems
2. Implement MFA
3. Use shielded wallets
4. Monitor and audit access logs

Question 55

What is a cipher lock?

Answer 55

It is a mechanical lock that uses push buttons often numbered and requires correct combination to be entered for access.

Question 56

What are different motivational triggers that can lead to Social Engineering attacks?

Answer 56

1. Urgency
2. Scarcity
3. Authority
4. Social proof - Psychological phenomenon
5. Likability -
6. Fear

Question 57

What are different impersonation attacks?

Answer 57

1. Brand Impersonation
2. Watering Hole attack
3. Typesquatting - A threat actor buys a closely spelled domain.

Pretexting is also part of it in which an attacker impersonates someone and try to get more information regarding some object or subject to carry on their main attack they are planning.

Question 58

Give me some example of phishing attacks?

Answer 58

BEC - Business email compromise
Whaling -
Spear phishing
Vishing and Smishing

Question 59

How can we prevent phishing attacks?

Answer 59

By conducting training - Running anti Phishing campaigns
Recognizing phishing attempts
Report suspicious messages

Question 60

What are some clues to recognize an phishing email?

Answer 60

1. Complicated email
2. Grammatical mistake
3. Mismatched URLS
4. Unusual requests
5. Urgency

Question 61

Give me url of a website on which we can run phishing campaign.

Answer 61

phishinsight.trendmicro.com

Question 62

What is difference between Identity fraud and Identity theft?

Answer 62

Identity theft - It is the process of stealing users personal information like their credit card, SIN number, DAB etc. Identity theft might include the scenario when some thief tries to use some victims credit card.

Identity fraud is the term used when someone takes over someone’s identity. For example - a scammer might use some victims information to open some bank account.

Question 63

What are influence Campaigns?

Answer 63

These are co-ordinated efforts to affect public perception or behaviour toward a particular cause, individual or group.
These campaigns can be breeding ground for misinformation and disinformation

Question 64

What is a Virus?

Answer 64

It is a malware that spreads on a target system after an user open some infected file or click on a malicious link.

There different kind of Viruses.

Question 65

What is a Boot-sector-virus?

Answer 65

Boot sector virus resides in the boot drive and runs its every time OS loads.
To protect from a boot sector virus, we should install a anti-virus that can detect boot sector viruses.

Question 66

What is a Marco virus?

Answer 66

It is a specific kind of virus that infects files that are used by users very often. For example - office 365 files.
This Macro virus might increase the size of a file exponentially.

Question 67

What is a program virus?

Answer 67

It is a virus that infects program files or executable files. Such virus might change some of the code of targeted program file or might change its full code.
Every time a user runs this infected program, the malicious code in it also runs.

Question 68

What is a multi-partite virus?

Answer 68

It is a virus that is a mix of boot sector virus and program virus. This virus resides in the boot sector and when OS loads, it runs a malicious program automatically.

Question 69

What is an encrypted virus?

Answer 69

It is a virus that encrypts its payload and avoid detection from Anti-virus programs as they are unable to read the virus data.

Question 70

What is polymorphic virus?

Answer 70

It is an advanced version of encrypted virus but instead of just encrypting the contents, it will actually change the virus code each time it infects a new file in order for it to evade detection.

Question 71

What is metamorphic virus?

Answer 71

It is an advanced version of polymorphic virus. These viruses are able to rewrite itself entirely before it attempts to infect a given file.

Question 72

What is a Armoured virus?

Answer 72

This is a specific type of virus that has layers of protection to confuse program or human who is trying to analyze it.

Question 73

What are worms?

Answer 73

It is a malware that spreads into systems and networks without requiring any user action. They will just find some vulnerability in a system and will scan the other systems in the network to spread across the network.

Question 74

What is a Trojan?

Answer 74

It is malware that disguises itself as legitimate driver/software/program but it hides a malicious code in it. User unknowingly runs this program and the malicious code is also run.

One specific type of trojan is RAT (Remote Access Trojan)
RAT will let a threat actor to take remote control of the target system by opening some backdoor on them.

Question 75

What are some ways to protect from Ransomware attack?

Answer 75

• Keeps system up to date
• back-up data regularly
• Provide security awareness training
• Implement MFA

Question 76

What are Zombies and botnets?

Answer 76

Botnets is a network of infected systems that are under the control of Command and Control server that is controlled by a threat actor. This command and control server is also known as C2 node.

These infected systems are know as zombies.

Question 77

What is a root-kit?

Answer 77

It is a specific type of malware that gives remote control administrative access to a threat actor and remains undetected.

Rootkits tries to gan more permissions by moving from ring 3 to 2 to 2 to 0 (Kernel permissions)

Another technique used by rootkits to gain deeper level of access is know as DLL injection.

Question 78

What are Backdoors, logic-bombs and Easter Egg?

Answer 78

Backdoors are means or pathways to access a system without going through the regular access controls.
It bypass the normal security and authentication functions.

Logic-bomb - it malware gets activated when certain condition is met.

Easter egg - It is unnecessary code that is introduced to a program.

Question 79

What is a keylogger?

Answer 79

It is a software or a hardware device that will log keys pressed by a user. For exmaple - by logging user-pressed keys, it might capture usernames and passwords.

Question 80

What is spyware and Bloatware?

Answer 80

Spyware - it is a malware that steals users personal information without any authorization and will send it to a remote threat actor.

Bloatwares are unnecessary programs that are not needed and have no value to use. These comes pre-installed on our systems.

Question 81

What is File less Malware and how it is deployed.

Answer 81

Fileless malware only stays in memory and it does not save any of its code on the computer file system. Thus this way it is able to avoid detection from Anti-virus programs that are based on malware-signatures.

Usually it is deployed in 2 phases -

• Phase 1 = Dropper/Downloader

In Dropper phase, user clicks on some infected link and doing so cause a light weight malicious script/code to run within a payload on an infected system.

In Downloader phase, it will retrieves additional tools post the initial injection facilitated by dropper.

• Stage 2 - Downloader - in this stage, RAT is installed on victimized system.

Question 82

What are some of the ways with which, malware can inserted into a host?

Answer 82

Code injection
DLL sideloading
Masquerading
Process hallowing
DLL injection

Question 83

What are some of the indicators of Malware attack?

Answer 83

Account Lockouts
Blocked content
Concurrent session Utilization
Impossible travel
Resource consumption
Resource inaccessibility
Out-Off-Cycle logging
Missing logs

Question 84

What are the normal categories for data classification in a Commercial business?

Answer 84

1. Public Data - it can be disclosed with public and there is no impact on the company.
2. Sensitive data - It has minimal impact on the company if disclosed. Example includes Organization’s financial data
3. Private Data - This kind of data normally belong to people like their personal information, SIN number.
   If released, It can have financial and reputational impact on the organization. It can also lead to legal implications.
4. Confidential data - If released, this kind of data can have very large impact on the organization. This includes information like trade secret, Intellectual property, source code etc.
   Discloser of this information might lead to a company losing its competitive edge.
5. Critical Data - It contains valuable information. Data like credit card numbers.

Question 85

What are the different categories for data classification in a government company?

Answer 85

1. Unclassified - this information can shared be shared with public or can be requested by the public under the Freedom Of Information act.
2. Sensitive but unclassified - If disclosed, this information won’t pose any risk on nation security but it will impact the individual who this information belong to.
   Example of such information is Military personnel’s health record
3. Confidential information - Data that could seriously affect the government if unauthorized disclosures happen. Ex - Data like trade secrets.
4. Secret Data - Data that could seriously impact national security if disclosed. This information include Military plans, Safeguard-Deployment techniques
5. Top secret - It will severely impact national security if disclosed. This include information like Weapon Blueprint.

Question 86

Who is a Data owner?

Answer 86

Data owner is a senior executive in a company who is responsible for the confidentiality, Integrity, Availability of information.
One task of data owner is to classify the different types of organizational data.

Ex - they can direct everyone to classify data with Balance Sheets as financial information.

There are not the actual person who creates this data.

Question 87

Who are data controllers?

Answer 87

Data controller is an individual or a group of individual who decides the purpose of data collection and method of collecting, storing Data. They also ensures organization is adhering to legal to processes while performing these actions.

Data processors work on behalf of Data controllers and help on the above processes.

Question 88

Who is a Data Steward?

Answer 88

Data Steward is an individual or group of individuals who make sure data is classified properly and work under the guidance of Data owner.
They are focused on the quality of data and meta data.

Question 89

What is a Data Custodian?

Answer 89

Data Custodian is an individual or a group of people who are responsible of managing the systems that store data. They are responsible for setting up Security controls to safeguard data.
Ex - System admins

Question 90

Who is a privacy Officer?

Answer 90

Privacy Office is an individual who makes sure data like PII, SPII or PHI related data is handled properly.

Question 91

Is Data Owner some individual from IT department?

Answer 91

No they are not always someone from IT.
Data Owner should be decided based on the type of organization.

Question 92

What are different states of Data?

Answer 92

Data in Transit - Data that is travelling over the network, or data that moves to and from the processor.

Data in rest -

Data in use - Data when it is being created, modified, or processed in some way.

Question 93

How are different ways of encrypting data at rest?

Answer 93

1. Full Encryption - When users logs Off the machine, Data remains encrypted but when user logs back in, it is un-encrypted.
2. Partition encryption - Some specific partition is encrypted.
3. File encryption
4. Volume Encryption - a set of folder is encrypted
5. Database encryption - Full Database is encrypted or we can also encrypt data at column, row and table level.
6. Record encryption - Encrypts specific fields within a Database record. This is beneficial when multiple users are accessing a single document and all of them don’t have same view rights to this document.
   6.

Question 94

What are few ways to protect in transit?

Answer 94

Using TLS/SSL encryption
Using IPsec protocol
Using VPN

Question 95

How we can protect Data in Use and how it is more vulnerable?

Answer 95

When data is in use, it is in unencrypted state and that is why it is more vulnerable to attacks.

To protect the Data in Use, we can make use of following techniques :

1. Access control policies
2. Encrypting Data at the application layer
3. Use of Secure Enclaves where data can be processed in a protected isolated environment
4. Using “Intel Software guard” - this technology encrypts the data while it is in memory so that other untrusted processes can’t decode this data.

Question 96

What are different types of Data?

Answer 96

1. Regulated data - this is the data that is regulated by laws, industry standards.
   Example is such data is PHI, SPII, PII or credit card information.
2. Trade secrets - This is the data that gives competitive edge to a business over other business. It includes data like proprietary Software, Marketing strategies.
3. Intellectual property - This data is the creation of mind. Like someone’s invention, someone’s literary or art work.
4. Legal Data - This is the data that is used in legal proceedings, contracts, or regulatory compliance.
5. Financial information - It Involves data that is related to an organization’s financial transactions, such as sales records, invoices, tax documents and bank statements.

Question 97

What is the concept of Data Sovereignty?

Question 98

What are different methods of securing data?

Answer 98

1. Encryption -
2. Data Masking -
3. Tokenization -
4. Access controls
5. User awareness training
6. Hasing
7. Geographic restrictions
8. Obfuscation -
9. Segments -

Question 99

What is governance in an organization?

Answer 99

Governance means governing something.
In an organization, it is the process of managing IT infrastructure and creating policies, procedures and standards to mitigate risks to assets and making sure that the IT infrastructure is aligned with the organizational goal.

(Mine - It is an entity who creates frameworks that consist of procedures, policies, processes and standards to mitigate risk and make sure IT infrastructure processes are aligned with the organization goals.)

It is the strategic leadership, structures, and processes that ensure an organization’s infrastructure aligns with its business objectives.

Governance is the first element of GRC triad (Governance, Risk and compliance)

Question 100

What are different governance structures that govern an organization?

Answer 100

1. Board of members - the shared holders elect these to observe the organization’s management. They are responsible for making key decisions and making policies.
2. Committees - These are subgroups of board members and are responsible for governing the specific areas or tasks in an organization.
3. Government entities -
4. Centralized and de-centralized structures.

Question 101

What are policies?

Answer 101

Policies are the back bone of governance.

These are the guidelines that are created by leadership to meet organizational goals.
There are different kinds of policies -
1. Acceptable use policy
2. IT security policy
3. Business Continuity policy
4. Disaster recovery policy
5. Incident response policy
6. SDLC (Software development Life cycle)
7. Change management policy - that defines how changes should be implemented to avoid their impact on other devices and to roll them back if needed.

Question 102

What are standards?

Answer 102

Standards are the specific processes that are implemented or followed to adhere to policies.
Here are some Common standards -

1. Password standards
2. Access Control standards
3. Encryption standards
4. Physical security standards

Question 103

What are procedures?

Answer 103

The systematic sequence of actions or steps taken to achieve a specific outcome.
For example - Data backup procedures

3 types of procedures are discussed here -

1. Change management procedures - That tells how change management should be implemented.
   It has main 3 steps -
   - a need for a change is identified and its potential impacts are assessed.
   - a plan is created to implement change
   - After implementation, changes are reviewed.
2. Off-boarding/On-boarding procedures
3. Playbooks -

Question 104

What are different governance considerations?

Answer 104

1. Regulatory considerations
2. Legal considerations
3. Industry considerations
4. Geographical considerations

Question 105

What is compliance and what are its 2 elements?

Answer 105

Compliance refers to adhering to rules, regulations, laws.

Its elements -
1. Compliance reporting - involves internal reporting and external compliance reporting
2. Compliance monitoring - Monitoring and analysis of organization operations to find any non-compliance.
It involves the following -

Due Diligence -
Due care -
Attestation -
Acknowledgment -

Question 106

What are some non- compliance consequences?

Answer 106

1. Fines
2. Sanctions
3. Reputational damage
4. Loss of license
5. Contractual impacts

Question 107

Where does the strength of the encryption system and cryptography comes from?

Answer 107

From a secure key.

Question 108

What is Stream and block Cipher?

Answer 108

Stream Cipher is a Cipher that encrypts data bit by bit.

Block Cipher is a Cipher that takes a fixed length of data from the data as blocks and then encrypts these blocks.

Block Ciphers can be hardware or Software-based.
But Stream Ciphers are most hardware-based solutions and it needs more processing power.

Question 109

What are different Symmetric Algorithms?

Answer 109

These are the algorithms that use a common key to encrypt and decrypt data.

1. DES - Data Encryption Standard - It is a block Cipher
2. 3DES - Block Cipher - not used anymore
3. IDEA - International Data Encryption Algorithm - It is also a block Cipher and Symmetric algorithm. It uses a key length of 128 bits
4. AES - Can use 128, 192, 256 Key lengths. It is also a block Cipher.
5. Blowfish - Block Cipher.
6. Two fish - also a Block Cipher
7. RC4 - Only Symmetric stream Cipher.
8. RC5, RC6 - both block Ciphers

Question 110

Define Diffie-Hellman algorithm.

Answer 110

It is focused on conducting key exchanges when we are creating a VPN tunnel establishment as part of the IPsec protocol.

It is susceptible to on-path attacks.

Question 111

What is RSA?

Answer 111

RSA stands for Rivest Shamir Addleman - it is a asymmetric algorithm. It can be used for encryption, authentication (encrypting something with private key), Non-repudiation (using digital signatures).

It is commonly used in access cards.

It uses a key-length between 1024 bits and 4096 bits

Question 112

What is ECC algorithm?

Answer 112

ECC stands for Elliptic Curve Cryptography.
It is used on devices that have low processing power like mobile devices.

It is a great way of providing better security than an equivalent RSA key of the same size.
ECC with 256 bit key is just as secure as RSA with a 2048 bit key.

There are different variations of ECC -

ECDH - Elliptic Curve Diffie Hellman
ECDHE - Diffie Hellman Ephemeral
ECDSA - Elliptic Curve Digital Signature algorithm

Question 114

What is one of the most effective way to protect against software and OS vulnerabilities?

Answer 114

It is to implement a effective patch management system.

Question 115

What is one of the most effective way to protect against software and OS vulnerabilities?

Answer 115

It is to implement a effective patch management system.

Question 116

What is Microsoft Component object model?

Answer 116

COM is an interface that provides inter-operability between 2 applications that might have been programmed in different languages.
- was created by Microsoft.

Question 117

What is Windows management instrumentation?

Answer 117

WMI - it is the very powerful tool that we can use to access, configure and monitor nearly all windows resources.
It is accessed via COM.

Question 118

If we have a drive protected with NTFS access controls but its data is not encrypted, can we insert this drive into some other system and access the data on the drive?

Answer 118

Yes, we can take-over the files on the NTFS drive as we are the admin on this new system.