General Security Concepts: Quiz Revision Flashcards

Question 1

Q

Which of the following are accomplished through identity validation? (Select two.)

A) Authorization models
B) Authenticating people
C) Authenticating systems
D) Gap analysis

Answer

A

Authenticating people is the process of validating that the credential someone supplied, such as a username, account number or email address, actually belongs to that individual. Once the user has supplied the credential, that credential is validated against another piece of information, such as password, an answer to a secret question, or biometrics. Once the person has validated (authenticated) their identity (credential), the requested access is granted based on the identity’s authorization.

Authenticating systems, much like authenticating people, deals with validating the identity of such things as workstations, network devices, various servers, and even processes. In the case of servers, the process of identity validation can be accomplished with digital certificates.

Authentication, authorization, and accounting (AAA) is a term for controlling access to resources using authentication (identity validation), enforcing policies using authorization, and auditing usage to verify that no unauthorized actions or individuals are present.

Question 2

Q

What are the Authorization models?

Answer

A

Role-based access control (RBAC) – manages permissions according to the user’s role in the organization. Examples of roles might include members of departments, or job titles.

Rule-based access control (RuBAC) – uses rules to grant/deny access. One example is an Access Control List (ACL) used by a router or firewall.

Mandatory access control (MAC) – applies labels to users, otherwise known as subjects, and to files/folders, otherwise known as objects. When the subject label matches the object label, access is granted.

Attribute-based access control (ABAC) – is based on characteristics (attributes) of a user or a system. In the example of a college or university, a department chair or dean would have access to different resources than admissions representatives or financial aid administrators.

Discretionary access control (DAC) – allows the owner of the object (such as a file or folder), to make the decision as to who or what has access to the resource.

Question 3

Q

Which technique can tip off an investigator that data files have been altered from a previous version?

A) Nonce
B) Salting
C) Hashing
D) Sandboxing

Answer

A

Hashing is a cryptographic process that maintains the integrity of data. Hashes are created using hashing algorithms, which is a one-way process that converts the data of any size into a fixed length unique output. Once you create a hash, the only way to reproduce the same exact hash is to input the exact same text. If you change even just one character in the data, the hash value will completely change as well. This is how investigators can determine if a file has been altered. If the hash is different from the one created by the original version, the investigator knows that the data has been tampered with. If the hash is the same, that indicates that the integrity of the data was maintained and is safe to investigate.

Question 4

Q

What is Salting?

Answer

A

Salting is a form of key stretching. The practice of salting adds text to each password before the password is hashed to prevent stored passwords from being decrypted.

Question 5

Q

What is Sandboxing?

Answer

A

A sandbox is a non-production environment in which code or applications can be run without affecting live systems.

Question 6

Q

Which of the following security control types includes acceptable use policies, handbooks, and posted warning signs?

A) Directive controls
B) Detective controls
C) Compensating controls
D) Preventive controls

Answer

A

In general, directive controls provide behavioral guidance, guidelines, and policies to be followed. Examples of directive controls would include acceptable use policies (AUPs), handbooks, and standard operating procedures (SOPs), among other items. However, they do not do anything to prevent the behavior from occurring. They are used as suggestions to help users comply with security policies. Another example of a directive control could be a code of conduct policy.

Question 7

Q

What is the security control type of Preventive Controls?

Answer

A

Preventive controls are deployed to avoid a security breach or an interruption of the critical services before they can occur.

Examples of administrative preventive controls are security policies, monitoring and supervising, job rotation, information classification, and personnel procedures. Examples of technical preventive controls are routers, access control lists, encryption, antivirus software, firewalls, and smart cards.

Examples of physical preventive controls are lighting, biometric systems, fences, badge systems, mantrap doors, and security personnel.

Question 8

Q

What is the security control type of Compensating controls?

Answer

A

Compensating controls are put in place when the primary control is too costly or cumbersome to implement. As an example, if the ideal control was separation of duties, and you could not reassign duties due to a staffing shortage, one compensating control could be to increase the frequency of audits

Question 9

Q

What is the security control type of Detective controls?

Answer

A

Detective controls detect a security incident as it occurs. Examples of physical detective controls include security guards, motion detectors, CCTVs, and alarms.

Examples of administrative detection controls include monitoring and supervision. Event logs, IDs, and antivirus software are examples of technical detective controls.

Question 10

Q

What are the four categories of CompTIA’s Access Control?

Answer

A

Technical control – a category of controls that use software or hardware to restrict access, such as firewalls, encryption, network segmentation, and multi-factor authentication.

Physical control – a category of controls that are implemented in the physical realm, such as locks, fences, CCTV, backup media, and secured cabling.

Managerial (sometimes called administrative) control – a category of controls that dictate how management uses oversight to meet the company’s security goals. Managerial controls include risk assessments, performance reviews, background checks, personnel controls, a supervisory structure, security training, and auditing.

Operational control – a category of controls that provide employees with best practices to follow and actions to implement to meet security goals. Examples are standard operating procedures, incident response policies, and password policies.

Question 11

Q

What are the six different control types that are implemented across technical, physical operational and managerial categories?

Answer

A

Preventative – A preventative control stops security issues before they occur.

Deterrent – A deterrent control influences human behavior to make security issues less likely to occur.

Detective – A detective control finds indicators of security issues that are occurring or have occurred.

Corrective – A corrective control restores control and attempts to correct any damage that was inflicted during a security issue that occurred.

Compensating – A compensating control is put into place when the recommended primary control cannot be used.

Directive – A directive control provides behavioral guidance, guidelines, and policies to follow regarding potential, current, or past security issues.

Question 12

Q

Which of the following describes a recurring period when patches and configuration changes are performed?

A) Escalation
B) Service level objectives
C) Maintenance window
D) Maintenance exclusion

Answer

A

A maintenance window is a recurring period during which patches and configuration changes (maintenance) are performed. These maintenance windows are typically used for automatic patch deployment and configuration changes. When scheduling a maintenance window, it is important to consider the impact of downtime to the organization, customers, and operations.

Question 13

Q

What is a maintenance exclusion?

Answer

A

A maintenance exclusion (or maintenance exception) is a timeframe or instance when maintenance would be prohibited. This could be the case when a legacy application cannot be updated. Another example of a maintenance exclusion could be a retail organization that forbids configuration changes during a peak sale period. The maintenance exception should be submitted as a request that is subsequently approved by the change management team.

Question 14

Q

What are SLO’s?

Answer

A

Service level objectives (SLOs) are the critical metrics within a Service Level Agreement (SLA) that a provider must meet for a client. Policies, governance, and SLOs are key components of attack surface management. SLOs begin with a service level indicator (SLI), which is the item for which performance or service is tracked. An example of an SLI could be server uptime – this is the item for which you want service tracked. The corresponding SLO would be expressed as a percentage, such as a desired server uptime of 99.99%.

Question 15

Q

Escalation Priority Level?

Answer

A

Escalation is closely related to prioritization. It is important that an organization has a prioritization and escalation policy. When an incident occurs, it is important to assign it a priority level. The priority level determines the order in which the incident is addressed. In addition, the priority level is usually associated with the team or individual within the organization that is tasked with handling that incident level. If the situation changes, conditions deteriorate, or the effects of an event spread, the priority level can be changed, allowing for escalation to another team.

A perfect example of prioritization and escalation exists in the medical community. For example, a bus carrying many passengers crashed. First responders assign a priority level to each passenger according to the severity of their injuries. Those who can be treated at the scene are assigned a lower priority than those who must be transported to the hospital via ambulance. If a patient who is waiting for ambulance transport develops a life-threatening complication, that patient’s priority can be escalated for air transport.

Question 16

Q

ou must deploy the appropriate control to a section of the network shown in the exhibit. Because of budget constraints, you can only deploy one of each of the following controls:

Proximity access badges
Device encryption
Safe
CCTV

You need to deploy each of these controls to a single area on the diagram. The controls may be used to protect either the entire section or a single component within that section. Match the appropriate control to the best deployment location on the network exhibit. All four locations require a control. Each control should be used only once.

Data Center
Office
Customer WiFi Lounge
Remote Employees

Answer

A

Data Center - Proximity Badge

The proximity access badges will control access to the data center and limit access to approved employees.

Office - Safe

The safe will provide a location in the office to store the laptops and tablets when they are not in use

Customer WiFi Lounge - CCTV

The CCTV will provide a means to monitor activity in the customer wireless network lounge.

Remote Emplpoyees - Data Encryption

Device encryption will ensure that the data on the laptops cannot be accessed by attackers while the sales reps are in the field.

Question 17

Q

What is a physical barrier that acts as the first line of defense against an intruder?

A) a lock
B) a fence
C) an access control vestibule
D) a bollard
E) a turnstile

Answer

A

Fencing acts as the first line of defense against casual trespassers and potential intruders, but fencing should be complemented with other physical security controls, such as guards and locks, to maintain the security of the facility. A fence height of 6 to 7 feet is considered ideal for preventing intruders from climbing over the fence. In addition to being a barrier to trespassers, the fence can also control crowds. A fence height of 3 to 4 feet acts as a protection against casual trespassers. For critical areas, the fence should be at least 8 feet high with three strands of barbed wire.

Question 18

Q

List all of Physical security controls?

Answer

A

Physical security controls include the following:

Hardware locks
Access control vestibules
Video surveillance (CCTV)
Fencing
Proximity readers
Access lists
Proper lighting
Signs
Guards
Barricades
Biometrics
Alarms
Motion detectors
Gate/cages
Cameras
Protected cabling

Question 19

Q

When implementing a security solution for mobile devices, which two common use cases are of primary concern? (Choose two.)

A) Lower power devices
B) Non-repudiation
C) Authentication
D) Obfuscation
E) Low latency

Answer

A

Lower power devices and low latency are the primary concerns with mobile devices. Lower power devices should use cryptographic techniques that require less time to encrypt and decrypt data. As the time to encrypt or decrypt increases, the power requirements increase as well. Devices such as wireless devices, handheld computers, smart cards, and cellular phones have less processing power, storage, power, memory, and bandwidth than other systems, and would benefit from algorithms with shorter key lengths.

Low latency is a concern with any cipher. Latency refers to the delay between the time the plain text is input, and the cipher text is generated. Supporting authentication is validating that the message originator is indeed who they say they are, and not an imposter. This is often implemented using digital certificates. Authentication is not always possible or necessary for mobile devices. Supporting obfuscation is the most basic element in a cryptographic system. Obfuscation refers to hiding the data and is accomplished through encryption and steganography. While obfuscation may be important, it is not as important for mobile devices as low latency and lower power devices.

Question 20

Q

What is Non-Repudiation in the CIA structure?

Answer

A

Supporting non-repudiation would prevent an imposter from denying that a message was sent, but it does not address data security. Non-repudiation ensures that data’s origin is known. Digital Signatures are the most common method of ensuring non-repudiation. It is also important to determine resource versus security constraints. Resource constraints could include available bandwidth, environmental constraints, and financial constraints. Security constraints would deal with the limitations of the particular cryptographic system chosen.

Question 21

Q

Management wants you to provide full disk encryption for several of your organization’s computers. You purchase specialized chips that will be plugged into the computers’ motherboards to provide the encryption. Which security protocol, practice, or mechanism does this represent?

A) RipeMD
B) PAP
C) TwoFish
D) GPG
E) TPM

Answer

A

Trusted Platform Module (TPM) is a specialized chip that you install on a computer’s motherboard to assist with full disk encryption. TPM has a storage root key that is embedded into the chip. The storage root key is created when you take ownership of the TPM. If you clear the TPM and a new user takes ownership, a new storage root key is created.

Question 22

Q

What is a TwoFish method?

Answer

A

TwoFish is a symmetric key block cipher with a block size of 128 bits and key sizes up to 256 bits. It does not provide full disk encryption.

Question 23

Q

What is GPG?

Answer

A

GNU Privacy Guard (GPG) is an alternative to Pretty Good Privacy (PGP). PGP is a data encryption mechanism that provides privacy and authentication for data communication. PGP is often used for signing or encrypting and decrypting texts, e-mail, files, directories, and whole disk partitions to increase the security of e-mail communications. GPG also provides this function and is a FREE alternative to PGP. GPG and PGP do not involve the use of a specialized chip

Question 24

Q

What is RipeMD?

Answer

A

RipeMD is a 160-bit message digest algorithm. There are 128, 256, and 320-bit versions of this algorithm, called RIPEMD-128, RIPEMD-256, and RIPEMD-320, respectively.

Question 25

Q

What is a PAP?

Answer

A

Password Authentication protocol (PAP) is an encryption technology in which a user’s name and password are transmitted over a network and compared to a table. Typically, the passwords stored in the table are encrypted.

Question 26

Q

Which of the following encryption tools is also known as a trusted execution environment (TEE)?

A) Key management system
B) Secure enclave
C) HSM
D) TPM

Answer

A

A secure enclave is also known as a trusted execution environment or TEE. The secure enclave carves out an area in an application or a system, often an isolated area, so that sensitive data can be processed securely. Examples include Apple’s Secure Enclave and Titan M from Google.

Question 27

Q

What is HSM used for?

Answer

A

A hardware security module (HSM) is typically a removable device that is used in key management systems. HSM can generate cryptographic keys, as well as storing them and managing them. You will often see HSM used with servers.

Question 28

Q

What is TPM used for?

Answer

A

Trusted Platform Model (TPM) is a chip that is embedded on a motherboard. One of the most common implementations of a TPM is for full-disk encryption (FDE).

Question 29

Q

What is Key Management System used for?

Answer

A

Key management systems provide centralized management and storage of cryptographic keys.

Question 30

Q

Which type of controls are an example of a detective control? Choose three.

A) log files
B) lighting
C) fences
D) IR sensors
E) firewalls
F) closed-circuit television (CCTV)

Answer

A

Closed-circuit television (CCTV), log files, and infrared (IR) sensors are detective controls. CCTV is used by guards to prevent unauthorized access to the facility. CCTVs increase visibility by allowing guards to monitor different zones of the facility from a centralized location and find unauthorized access or a security breach. Infrared sensors detect motion, heat, or other anomalous events, and raise an alarm or alert. Logs and log files provide evidence of intrusions, suspicious network traffic, or other anomalous activities that occurred in the system.

Question 31

Q

Which of the following network architecture concepts consists of a policy engine, a policy administrator, and a policy enforcement point?

A) Hybrid
B) Zero-trust
C) Secure Access Service Edge
D) Cloud

Answer

A

Zero-trust architecture consists of a policy engine, a policy administrator, and a policy enforcement point. The goal of zero trust is to continuously monitor the authentication and authorization of devices, users, and processes. The policy engine is responsible for granting or denying access based primarily on policy, but other factors can be taken into consideration. The policy administrator decides to open or close the communication path from the requestor to the resource, based on the decision of the policy engine. The policy enforcement point establishes and terminates the connections.

Question 32

Q

What is Secure Access Service Edge (SASE)?

Answer

A

Secure Access Service Edge (SASE) is used to ensure security in a software-defined wide area network (SD-WAN) environment, particularly in a cloud environment. SASE is often associated with the zero-trust model.

Question 33

Q

Which element is created to ensure that your company is able to resume operation after unplanned downtime in a timely manner?

A) disaster recovery plan
B) vulnerability analysis
C) business continuity plan
D) business impact analysis (BIA)

Answer

A

The disaster recovery plan is created to ensure that your company is able to resume operation in a timely manner. As part of the business continuity plan, it mainly focuses on alternative procedures for processing transactions in the short term. It is carried out when an emergency occurs and immediately following the emergency. The disaster recovery plan (DRP) should include a hierarchical list of critical systems. The first step in the development of the DRP is identification of critical systems.

Question 34

Q

Is Vulnerability analysis apart of BCP?

Answer

A

A vulnerability analysis identifies your company’s vulnerabilities. It is part of the business continuity plan.

Question 35

Q

What is a BCP?

Answer

A

A business continuity plan is created to ensure that policies are in place to deal with long-term outages and disasters to sustain operations. Its primary goal is to ensure that the company maintains its long-term business goals both during and after the disruption, and mainly focuses on the continuity of the data, telecommunications, and information systems infrastructures. Multiple plans should be developed to cover all company locations. The business continuity plan is broader in focus than the disaster recovery plan.

Question 36

Q

What steps are included in BCP?

Answer

A

Policy statement initiation – includes writing the policy to give business continuity plan direction and creating business continuity plan committee, roles, and role definitions.

Business impact analysis (BIA) creation – includes identifying vulnerabilities, threats, and calculating risks. The risk management process is one of the core infrastructure and service elements required to support the business processes of the organization. This stage should also identify potential countermeasures associated with each threat. Recovery point objectives and recovery time objectives directly relate to the BIA.

Recovery strategies creation – includes creating plans to bring systems and functions online quickly.

Contingency plan creation – includes writing guidelines to ensure the company can operate at a reduced capacity.

Plan testing, maintenance, and personnel training – includes a formal test of the plan to identify problems training the parties who have roles in the business continuity plan to fulfill their role, and updating the plan as needed. The company should quantitatively measure the results of the test to ensure that the plan is feasible. This step ensures that the business continuity plan remains a constant focus of the company.

One of the most critical elements in a business continuity plan is management support.

Question 37

Q

Why is BIA so important?

Answer

A

The major elements of the business continuity plan are the disaster recovery plan, BIA, risk management process, and contingency plan. Although a business continuity plan committee should be created, it is not considered a major element of the plan.

A BIA is created to identify the company’s vital functions and prioritize them based on need. It identifies vulnerabilities and threats and calculates the associated risks but does not include suggestions for how to address the risks.

Question 38

Q

Which type of deception and disruption technology contains decoy data that the attacker exfiltrates from the system?

A) Honeyfile
B) Honeynet
C) Honeypot
D) Honeytoken

Answer

A

A honeytoken contains specific data that the attacker exfiltrates from the system. Decoy data, such as a bogus email address, bad database data, fake passwords, and other types of ‘planted’ information, make it easier to spot an attack when the data is carried back to the attacker’s system. The purpose of a honeytoken is to alert the IT security team that an attacker has made their way inside the network and removed data, even if the data is valueless to the organization.

Question 39

Q

What is a honeyfile?

Answer

A

A honeyfile is a file that is used as bait to attract attackers. The attacker should see an interesting file name (passwords.lst, for example) or look for enticing keywords in the file content, such as “customer list”, “bank” or “deposits”. Authorized users and processes should not access the file. When the file is accessed, the access is classified as a malicious action, and subsequent activity can be monitored or blocked.

Question 40

Q

What is a honeypot?

Answer

A

A honeypot is a system or portion thereof, typically a network device, that is configured to be attractive to hackers and lure them into spending time attacking what the hacker believes to be a good target. During the attack, the host system gathers information about the hacker and the attack.

Question 41

Q

What is a honeynet?

Answer

A

A honeynet is a networks of honeypots. Honeynets are very effective in determining the entire capabilities of the adversaries. Honeynets are mostly deployed in an isolated virtual environment along with a combination of vulnerable servers. The various tactics, techniques and procedures employed by different attackers to enumerate and exploit networks will be recorded, and this information can be very effective in determining the complete capabilities of the adversary.

Question 42

Q

You are a cybersecurity advisor for your organization. In a recent audit conducted by an external party, it was found that your organization lacks a process to track and manage assets and their relation to one another.

To remediate the finding, you have been asked to suggest a solution. What should you suggest?

A) Implement a configuration management process.
B) Implement a change management process
C) Implement a release management process.
D) Maintain an Excel file for all the IT assets and resources.

Answer

A

You should implement a configuration management process to remediate the finding. Configuration management is an IT Service Management (ITSM) process used to track and manage assets and to maintain the relationship between the IT assets and resources. Configuration management identifies and tracks configuration items (CIs) and documents their capabilities and dependencies on other assets. There are many commercial software tools available in the market to implement configuration management. These tools are based on the Information Technology Infrastructure Library (ITIL) framework, which is considered the industry standard for ITSM processes.

Question 43

Q

What does it mean to implement change management?

Answer

A

Change management is an ITSM process and ensures all changes to the IT environment are handled in a controlled manner. Any change is documented and tracked through the change management process. All documented changes are reviewed and approved by the change control board.

Question 44

Q

How can you manually track the inventory of all the IT assets and resources?

Answer

A

Maintaining an Excel file for all the IT assets and resources will not remediate the finding. Maintaining the Excel file will ensure you are keeping the manual inventory of all the IT assets and resources, but a static Excel file will not track configuration items (CIs) and document their capabilities and dependencies on other assets.

Question 45

Q

What are the functions of Release management in ITSM?

Answer

A

Release management is an ITSM process for managing, planning, scheduling, and controlling the software developed through different stages.

Question 46

Q

What concept is demonstrated by representing a credit card number as --**-1234?

A) Tokenization
B) Data masking
C) Steganography
D) Hashing

Answer

A

Data masking is a method of obfuscation and replaces data with an asterisk, X, dummy characters, or black spaces. These replacement characters are placeholder values that do not affect the underlying data record. However, they make it possible for personnel to safely handle sensitive data in routine business transactions without compromising its confidentiality. Credit card numbers are commonly masked as XXXX-XXXX-XXXX-1234, with the last four digits being real, non-obfuscated data.

Question 47

Q

What is Tokenization?

Answer

A

Tokenization replaces sensitive data with a token value that is passed back and forth in transactions in lieu of the real value. An example would be an e-commerce system displaying the token value of GX46YT794R2 on the POS screen to stand for a credit card number in the numeric format XXXX-XXXX-XXXX-XXXX. The correlation between the token and the actual credit card number is stored in a secure database in encrypted form. The stored value is never transmitted; only the token is transmitted to verify that it matches the stored encrypted value.

Question 48

Q

What is Hashing?

Answer

A

Hashing involves assigning a value generated based on the contents of the file. The sender of a file would generate the value (hash the file) and the recipient of the file would apply the same hashing algorithm to the file. If the hash values do not match, the file has been tampered with. Hashing anonymizes the data, and hashes can be used to verify if the data was modified.

Question 49

Q

What is keystretching?

Answer

A

Key stretching employs salting, which is the addition of a random value to a password. The salted password is used as an encryption key.

Salting is the process of adding random characters to a password prior to hashing the password to make it more difficult to derive the password from the hash.

Question 50

Q

What is blockchain?

Answer

A

Blockchain, while most commonly associated with cryptocurrency, actually has applications in many industries. Banks, hospitals, insurance companies and more can use blockchain as a way to store data publicly while maintaining the security of that data. Once a transaction has occurred, recorded in an open public ledger and that transaction has been verified, a block is created, which has an associated hash. As each block is created and added to the chain, a new hash is created.

Question 51

Q

Which of the following is difficult when used with symmetric key encryption, but much easier with asymmetric key encryption?

A) Key exchange
B) Hardware security module
C) Algorithms
D) Key length

Answer

A

Key exchange is much easier in asymmetric key encryption. Key exchange is the manner by which the sending and receiving parties send their secret keys to each other. In asymmetric encryption, there is no mechanism for someone who intercepts a message to use the public key to create the message’s private key.

Question 52

Q

Why is key length so important in cryptography?

Answer

A

Key length is a critical factor in cryptographic systems. The longer the key, the more difficult it is to break the encryption. As of this writing, NIST recommends a minimum key length of 2048 bits.

Question 53

Q

What is an algorithm used for in terms of security?

Answer

A

Algorithms are programs, primarily mathematical, used in the encryption process. Simply put, an algorithm will accept a plain-text message, apply a secret key, and generate encrypted text. Public key cryptography uses an asymmetric key algorithm, while private key cryptography uses a symmetric key algorithm.

Question 54

Q

When connecting to a website using SSL/TLS, the client browser uses the root CA’s public key to decrypt the digital signature of each certificate until finally verifying the identity associated with the website’s certificate. Which term or phrase describes this public key infrastructure (PKI) concept?

A) Certificate chaining
B) Certificate revocation
C) Key pairing
D) Key escrow

Answer

A

Certificate chaining refers to the trust relationships between CAs and helps determine which certificate has the highest-level trust. For example, if you get a certificate from “A,” and “A” trusts the root certificate, the highest-level trust is the root certificate.

Question 55

Q

What is the definition of key escrow?

Answer

A

Key escrow addresses the issue that a key might be lost. It is a proactive approach where copies of the private keys are held in escrow (stored) by a third party. The third party (key recovery agent) manages access to and use of the private keys. Keys do not define trust relationships.

Question 56

Q

What is CRL?

Answer

A

A certificate revocation refers to a certificate that has been revoked or is planning on being revoked, for one reason or another. A certificate revocation list (CRL) contains a list of serial numbers for digital certificates that have not expired, but that a certification authority (CA) has specified to be invalid. Typically, the serial number of a digital certificate is placed in a CRL because the digital certificate has been compromised in some way.

Question 57

Q

You are designing an access control system for a new company. The company has asked that you ensure that users are authenticated with a central server. In addition, users should only have access to the files they need to perform their jobs. When implementing access control, what is the appropriate order?

A) identification, authorization, authentication
B) authentication, authorization, identification
C) identification, authentication, authorization
D) authentication, identification, authorization

Answer

A

The appropriate order for access control is identification, authentication, and authorization. Identification is the process of identifying a user based on a username, user identification (ID), or account number. Authentication is the process of validating the user with a second piece of information, usually a password, passphrase, or personal identification number (PIN). Authorization is the process of granting the user access to data based on the user identity and permissions.

Authentication, authorization, and accounting (AAA) is a term for controlling access to computer resources using authentication, enforcing policies using authorization, and auditing usage and providing the information necessary to bill for services using accounting.

Question 58

Q

You have been promoted to security administrator. Recently, management implemented a security policy that states that symmetric cryptography must be used. However, your research indicates the asymmetric cryptography is a better choice for your organization. Which statement is true of symmetric cryptography?

A) Symmetric cryptography provides better security compared to asymmetric cryptography.

B) Symmetric cryptography is faster than asymmetric cryptography.

C) Symmetric cryptography does not require a secure mechanism to properly deliver keys.

D) Symmetric cryptography uses different keys to encrypt and decrypt messages.

Answer

A

Symmetric cryptography is faster than asymmetric cryptography. Symmetric cryptography is approximately 1,000 to 10,000 times faster than asymmetric cryptography. Symmetric cryptography is provided by a symmetric algorithm, which may also be referred to as a secret algorithm.

Symmetric cryptography uses either symmetric or secret keys to encrypt or decrypt messages. In symmetric cryptography, the same key that encrypts the data is used to decrypt the data. An example of a symmetric key is a key code that is given to lock and unlock a door. This key code is only shared with those you trust.

Question 59

Q

What is the Asymmetric Cryptography?

Answer

A

Asymmetric cryptography involves the use of different keys to encrypt and decrypt data. These keys are referred to as private and public keys, respectively. The public encryption key is used to ensure only the intended recipient can decrypt the ciphertext.

Question 60

Q

Symmetric Keys needs…

Answer

A

Symmetric keys do not ensure security and scalability for key management because the same key is used for encryption and decryption. Therefore, symmetric cryptography requires a secure mechanism to deliver keys among the communicating hosts.

Question 61

Q

Is Symmetric Key more secure than Asymmetric?

Answer

A

Symmetric cryptography may be less secure than asymmetric cryptography because of the same keys being used for encryption and decryption. When implementing cryptography, it is important that organizations use proven technologies. The use of proven technologies will ensure that the cryptography that you implement has been thoroughly tested.

Question 62

Q

Which concepts are associated with the Zero Trust control plane? (Select two.)

A) Adaptive identity
B) Policy enforcement point
C) Implicit trust zones
D) Threat scope reduction

Answer

A

Adaptive identity and threat scope reduction are associated with the zero-trust control plane.

Adaptive identity can use additional information to validate a user’s identity. If a user supplies the proper login credentials, adaptive identity can then use such things as time of day, login location, and the device configuration, to decide whether or not to grant access. As an example, if the user supplies the correct username and password, but is trying to log on from somewhere outside the corporate network, additional information such as an OTP or multifactor authentication might be requested.

Threat scope reduction deals with reducing the attack surface. Threat scope reduction combines least privilege policies with network segmentation based on identity rather than on the network’s logical topology. By limiting the actions that an individual can perform once they are admitted into the network, you reduce the amount of damage they can inflict.

Threat scope reduction refers to reducing the number of entry points into the network. The threat scope is defined in the early stages of threat analysis. The scope will include the potential attack surfaces, such as unnecessary open ports or easily guessed passwords. Threat scope reduction examines each of those potential attack surfaces for hardening, in order to remove them from the threat scope.

Question 63

Q

What does the control plane manage?

Answer

A

Broadly speaking, the control plane manages users and devices in a network

Another control plane element is the policy engine. Policy-driven access control looks at access policies using a policy engine. The access decisions are made by the policy engine, while policy enforcement is managed by the policy administrator (in the control plane) and the policy enforcement points (in the data plane).

Question 64

Q

What does the Data plane manage?

Answer

A

The data plane manages the movement of data in a network.

Answer 65

A

Implicit trust zones are associated with the zero-trust data plane, not the control plane. The implicit trust zone is the limited group of systems and resources that the user can interact with once the user has been validated. This can also be viewed as the scope of interaction.

The policy enforcement point is associated with the zero-trust data plane. The policy enforcement point is responsible for establishing and terminating connections based on the decisions made by the policy engine and policy administrator. However, it is the policy enforcement point that enacts that decision in the network.

Answer 66

A

A gap analysis identifies one or more vulnerabilities in an organization’s security operations when compared against a standard framework. Examples of standard frameworks include NIST 800-53 and ISO 27002.

Answer 67

A

Record-level encryption offers the most granular control. This encryption allows you to select a single row (record) in a database and manage the encryption of that record.

Answer 68

A

Volume-level encryption helps protect a designated portion of a drive. Volume encryption can also be used for a volume associated with a RAID system.

Answer 69

A

Database-level encryption encompasses the entire database. While this may seem the easiest to manage, it can cause performance issues. Databases are comprised of multiple tables, each with a key (index value) that is used to identify an individual row or record of information within a table. Tables use keys to communicate with each other and extract information from the database. Adding the additional overhead of encrypting and decrypting the database would most likely cause severe performance issues.

Answer 70

A

Partition-level encryption works with a partition on the hard drive. For example, your hard drive may be partitioned as C:\ and D:. In this scenario, the C:\ drive may be reserved for the operating system and applications, while D:\ is the data drive. Partition-level encryption allows you to select one or more partitions for encryption.

Answer 71

A

Full disk encryption is often accomplished with Trusted Platform Module (TPM). TPM is a specialized chip that you install on a computer’s motherboard to assist with full disk encryption. TPM has a storage root key that is embedded into the chip. The storage root key is created when you take ownership of the TPM. If you clear the TPM and a new user takes ownership, a new storage root key is created.

Answer 72

A

File-level encryption allows you to manage the encryption on individual files. This is in contrast to partition encryption full-disk encryption. With file-level encryption, you are able to execute much more granular encryption control by selecting which file or files you want encrypted.

Answer 73

A

Finally, you should know about encryption during transport/communication. The term for this type of information is data in transit. Usually, data in transit is protected by using the Transport Layer Security (TLS) protocol. Note that TLS replaced the older Secure Sockets Layer (SSL) protocol, but many sources still refer to SSL.

Answer 74

A

Online Certificate Status Protocol (OCSP) is a real-time protocol for validating keys. OCSP is replacing CRL, which takes 24-48 hours to broadcast.

Answer 75

A

Object identifiers (OID) are optional extensions for X.509 certificates. They are dotted with decimal numbers that would assist with identifying objects.

Answer 76

A

A certificate signing request (CSR) is typically one of the first steps in getting a certificate for authentication from a Certificate authority (CA

Answer 77

A

A certificate revocation list (CRL) is a method for listing certificates that have expired, been replaced, or were revoked. A web browser, for example, would check a CRL to verify whether or not the responding server is authentic. A CRL takes 24-48 hours to broadcast, which could cause an invalid key to be accepted.

Answer 78

A

An infrared sensor would be appropriate to detect a person’s body heat when the person enders a controlled space such as a sever room. Infrared sensors look for changes in infrared or heat radiation. Infrared sensors are also suitable in dark or unlit environments, as they work on heat as opposed to light.

Answer 79

A

The BEST answer is that you implemented the compensating control type because the primary control, separation of duties, was not feasible due to a staffing shortage. You increased your auditing frequency and added a withdrawal alert to the account to compensate for the loss of the primary control.

Answer 80

A

An approval process should be implemented as part of change management to prevent unauthorized changes. The approval process should guarantee that a proper review has been conducted prior to implementation of the change. This review would include management approval. To prevent this from happening in the future, all systems administrators and associated staff should be retrained in the change management process.

Answer 81

A

Following the change management process is a critical first step before making alterations to physical systems, policies, procedures, or logical components.

Ownership defines the individual or individuals responsible for a change. This individual (the owner) will have overall decision-making capability for this change. Because the system administrators did not follow the change management process, no one with an ownership role was consulted or able to make decisions regarding the change.

Stakeholders are the individuals or groups within the organization who would have an interest in the results or outcome of a process. Stakeholders may have input into the change management process, but the process must be initiated in the first place for them to be involved.

Test results should be included in the change management process. If the test results indicate the change will not have the desired results, the options are to make some adjustments to the rollout, or perhaps abandon the change. However, the true solution is to retrain all systems administrators and associated staff in the change management process.

Answer 82

A

Other change management concepts to keep in mind are impact analysis, backout plans, maintenance windows, and standard operating procedures.

An impact analysis from an IT security perspective involves the planning, evaluation, and implementation of changes to the organization’s infrastructure, systems, or applications. Steps and items to include and consider in the change management process include request for change (RFC), the initial assessment, the actual impact analysis, risk assessment, mitigation strategies, the approval process and change implementation, followed by monitoring and review.

The backout plan should comprise the procedures to follow in the event that the change being implemented does not go as planned. The most important part of the backout plan is how to get the system back to operation, to the last stable state, as quickly as possible,

A maintenance window is a recurring period during which patches and configuration changes (maintenance) are performed. These maintenance windows are typically used for automatic patch deployment and configuration changes. When scheduling a maintenance window, it is important to consider the impact of downtime to the organization, customers, and operations and to send advance notification of planned outages.

Standard operating procedures (SOPs) are a critical element of change management. They should be clearly defined and enforced so that all employees understand the steps to follow for requesting, implementing, and rolling back changes. Elements of the above-mentioned items should be combined to fit the business needs as a set of standard operating procedures.

Answer 83

A

Implicit trust zones and subject/system are associated with the zero-trust data plane. Broadly speaking, the control plane manages users and devices in a network, while the data plane manages the movement of data in a network.

Implicit trust zones are associated with the zero-trust data plane. The implicit trust zone is the limited group of systems and resources that the user can interact with once the user has been validated. This can also be viewed as the scope of interaction.

In a zero-trust implementation, subjects are the users who are requesting access, and systems are the devices used by that user. The data plane controls device and endpoint access to network resources by controlling the movement of data with guidance from the control plane.

Policy-driven access control is associated with the control plane. Policy-driven access control looks at access policies using a policy engine. The access decisions are made by the policy engine, while policy enforcement is managed by the policy administrator (in the control plane) and the policy enforcement points (in the data plane).

The policy administrator is associated with the control plane. The policy administrator decides to open or close the communication path from the requestor to the resource, based on the decision made by the policy engine. The policy engine is responsible for granting or denying access based primarily on policy, but other factors can be taken into consideration.

Answer 84

A

User certificates are assigned to individual users, much like machine/computer certificates are assigned to individual machines. Users must provide their assigned certificate for authentication prior to accessing certain resources. This certificate may be provided to web sites, hosts, and any authentication mechanism. By contrast, machine/computer certificates are assigned to a designated machine. During authentication, the computer (or machine) requesting access must supply the certificate assigned to it. In this scenario the users all share machines, so a machine certificate does not provide additional safeguards.

Answer 85

A

Domain validation certificates are very common. They are low-cost and are often used by web admins to offer TLS to a domain. They are validated using only the domain name.

Answer 86

A

Wildcard certificates allow you to create a certificate in a domain and use that same certificate for multiple subdomains. For example, if you had mail.mysite.com, ftp.mysite.com, and www.mysite.com, you could issue a wildcard certificate for mysite.com, and have it cover all the subdomains. Without the wildcard certificate, you would have to issue a certificate for each subdomain.

Answer 87

A

Self-signed certificates are digitally signed by the user. This is often provided by Microsoft Internet Information Services (IIS). The self-signed certificate will transmit a public key, but that key will be rejected by browsers. Self-signed certificates are not as secure because they are not issued by a third party.

Answer 88

A

Email certificates are used to secure email. One such example is Secure Multipurpose Internet Mail Extensions (S/MIME), which provides a digital “signature” for that email. Root certificates define the root CA and validate all other certificates issued by that CA. They are at the top of the CA hierarchy. They are self-signed and are closely guarded.

Answer 89

A

Subject Alternative Name (SAN) is a field in the certificate definition that allows you to stipulate additional information, such as an IP address or host name, associated with the certificate. Code signing certificates are used for code that is distributed over the Internet, including programs or applications. Code signing certificates verify the code’s origin and help the user trust that the claimed sender is indeed the originator.

Answer 90

A

The control plane manages users and devices in a network with the following tools:

Adaptive identity
Threat scope reduction
Policy-driven access control
Policy administrator
Policy engine

The data plane manages the movement of data in a network with the following tools:

Implicit trust zones
Subject/system
Policy enforcement point

Answer 91

A

Certificate authorities (CA) are independent third parties who provide validation services to assure that a digital certificate is genuine. Certificate authorities can also create and manage certificates. Some of the major CA organizations include Amazon Web Services, GoDaddy, and GlobalSign.

Answer 92

A

Allow lists/deny lists, restricted activities, dependencies, and service restarts are all technical implications of the change management process. A technical implication means that changes made to one portion of a network, system, policy, or procedure could unintentionally cascade to other parts of the organization’s security footprint if all elements are not considered. For that reason, the proposed changes should follow the change management system. An impact analysis should identify all technical implications of a proposed change.

Allow lists/deny lists are important considerations. Would the proposed change have any effect on allow lists or deny lists? In the same manner, would the allow list or deny list block implementation of the proposed change?

Note: These terms are going through a transformation throughout the industry. An allow list was formerly termed a whitelist, and a deny list or block list was formerly termed a blacklist. You may still see these terms used in legacy publications.

Restricted activities may be required before, during or after the change. For example, an organization may need to refrain from adding new users for a period of time surrounding a change to the password management system.

If a service restart is required, what is the effect on users and applications? Administrators should also consider whether a service restart would open a vulnerability that an attacker could penetrate.

Dependencies refer to associated programs or systems that rely on each other to function. It is common for a change in one system or service to have a waterfall effect on others. For example, application A may have a dependency on an API or DLL that, if modified or removed during change management, could cause the application to malfunction.

Answer 93

A

Other technical implications include downtime, application restarts, and legacy applications.

Downtime can be managed through the establishment of a maintenance window. A maintenance window is a recurring period during which patches and configuration changes (maintenance) are performed. These maintenance windows are typically used for automatic patch deployment and configuration changes. When scheduling a maintenance window, it is important to consider the impact of downtime to the organization, customers, and operations and to send advance notification of planned outages.

Application restarts could be an important issue. If the change requires an application restart, what system services are affected? How will users react when the application is down during the restart?

Legacy applications, if present, must also be considered. Will the impending change still allow the legacy application to function, or must the legacy application be replaced with a newer version?

Answer 94

A

Version control helps ensure that users are using the most currently updated application. As changes are made to an application, a number is assigned to the application, such as Version 2.1. Numbers are typically assigned sequentially for ease of tracking.

Answer 95

A

Updating diagrams would be extremely helpful with the logical or physical network topology. If you make a change to the network, be sure to update the network diagram. It would be very useful for network techs, or your successor. You might not remember what change you made five years ago.

Answer 96

A

Updating policies and procedures are an important part of the change management process. Once the change management board has issued its approval, the next step would be updating policies/procedures affected by the change.

Answer 97

A

Managerial controls deal more with risk management than change management. Managerial controls are based on oversight and risk management. These controls are implemented with policies and plans, and guide behaviors and actions to align with the organization’s security goals. If auditing were the primary control for this job role instead of separation of duties, then it would fall in the managerial category.

Brainscape's Knowledge GenomeTM

General Security Concepts: Quiz Revision Flashcards

Brainscape's Knowledge Genome^TM