Idk Flashcards
A legal contract between the holder of confidential information and another person to whom that information is disclosed, prohibiting that other person from disclosing the confidential information to any other party is known as:
NDA
A type of document stipulating rules of behavior to be followed by users of computers, networks, and associated resources is referred to as:
AUP
Which of the acronyms listed below refers to a maximum tolerable period of time required for restoring business functions after a failure or disaster?
RTO
Recovery Time Objective
In business continuity planning, the maximum tolerable point in time to which systems and data must be recovered after an outage is called:
RPO
Recovery Point Objective
Which of the following terms is used to describe an average time required to repair a failed component or device?
MTTR
Mean Time To Recovery
Which term describes the predicted loss of value to an asset based on a single security incident?
SLE
Single Loss Expectancy
Which of the acronyms listed below refers to a risk assessment formula defining probable financial loss due to a risk over a one-year period?
ALE
Annual Loss Expectancy
An estimate based on the historical data of how often a threat would be successful in exploiting a vulnerability is known as:
ARO
Annualized Rate of Occurrence
In quantitative risk assessment, this term is used for estimating the likelihood of occurrence of a future threat.
ARO
Annualized Rate of Occurrence
In forensic analysis, taking hashes ensures that the collected digital evidence retains:
Integrity
Disabling certain system functions or shutting down the system when risks are identified is an example of:
Risk Avoidance
Contracting out a specialized technical component when the company’s employees lack the necessary skills is an example of:
Risk Transference
Which of the following terms relates closely to the concept of residual risk?
Risk Acceptance
Assessment of risk probability and its impact based on subjective judgment falls into the category of:
Qualitative Risk Assessment
Quantitative Risk Assessment
A calculation of the Single Loss Expectancy (SLE) is an example of:
Which of the following would be of help in preserving the integrity of a digital evidence? (Select 2 answers)
- Disk Imaging
* Hashing
Indicating whether a file has been modified since the last backup.
Archive Bit
Which of the answers listed below refer to examples of deterrent security controls? (Select 3 answers)
- Warning Signs
- Lighting
- Login Banner
What are the examples of preventive security controls? (Select 3 answers)
- OS Hardening
- Separation of Duties
- Security Guards
Which of the following answers refer to examples of detective security controls (Select 3 answers)
- System Logs
- Security Audits
- CCTV
Which of the answers listed below refer to examples of corrective security controls? (Select 3 answers)
- IPS
- Alternate Site
- Backup Data Recovery
Which of the following answers refers to a compensating security control?
Backup Generator
Which of the terms listed below DO NOT fall into the category of technical security controls? (Select 3 answers)
- Barricades/Bollards
- Cable Locks
- Secure Cabinets/Enclosures
What are the examples of administrative security controls? (Select 3 answers)
- Risk Assessments
- Escalation Procedures
- Contingency Planning
Which of the following terms DO NOT fall into the category of physical security controls? (Select 3 answers)
- User password
- Encryption
- AV Software
Which of the following methods provides the most effective way for permanent removal of data stored on a magnetic drive?
Degaussing
Which of the acronyms listed below refers to any type of information pertaining to an individual that can be used to uniquely identify that person?
PII
The US Health Insurance Portability and Accountability Act (HIPAA) provides privacy protection for: (Select best answer)
PHI
A type of encryption scheme where the same key is used to encrypt and decrypt data is referred to as: (Select 3 answers)
- Symmetric Encryption
- Session-Key Encryption
- Secret-Key Encryption
Which of the following block cipher modes is the simplest/weakest and therefore not recommended for use?
ECB
Which of the block cipher modes listed below provides both data integrity and confidentiality?
GCM
In asymmetric encryption, any message encrypted with the use of a public key can only be decrypted by applying the same algorithm and a matching private key. (True or False)
True
Pseudo-random data added to a password before hashing is called:
Salt
Which of the following answers refers to a type of additional input that increases password complexity and provides better protection against brute-force, dictionary, and rainbow table attacks?
Salt
Pseudo-random data used in combination with a secret key in WEP and SSL encryption schemes is known as:
IV
Examples of means that provide randomization during the encryption process include: (Select 3 answers)
- Cryptographic nonce
- Salting
- IV
What are the characteristic features of Elliptic Curve Cryptography (ECC)? (Select 3 answers)
- Asymmetric encryption
- Low processing power
- Suitable for small wireless devices
What are the examples of weak/deprecated cryptographic solutions? (Select 3 answers)
- WEP
- SSL
- DES
Digital signatures provide: (Select 3 answers)
- Integrity
- Authentication
- Non-repudiation
Which of the terms listed below is used to describe a situation where a small change introduced to the input data before encryption causes large changes in its encrypted version?
Diffusion
Which of the following terms is used in conjunction with the assumption that the output of a cryptographic function should be considerably different from the corresponding plaintext input?
Confusion
Unlike stream ciphers which process data by encrypting individual bits, block ciphers divide data into separate fragments and encrypt each fragment separately. (True or False)
True
In cryptography, the number of bits in a key used by a cryptographic algorithm is referred to as a key size or key length. The key size determines the maximum number of combinations required to break the encryption algorithm, therefore typically a longer key means stronger cryptographic security. (True or False)
True
What are the characteristic features of a session key? (Select 2 answers)
- Used during a single session
* Symmetric key
The term “Ephemeral key” refers to an asymmetric encryption key designed to be used only for a single session or transaction. (True or False)
True
In cryptography, the term “Secret algorithm” refers to an algorithm designed in a way that prevents the examination of its inner workings. (True or False)
True
Which of the three states of digital data requires data to be processed in an unencrypted form?
Data-in-use
In cryptography, the term “Key stretching” refers to a mechanism for extending the length of a cryptographic key to make it more secure against brute-force attacks. (True or False)
True
Which of the answers listed below refers to a solution designed to strengthen the security of session keys?
Perfect forward secrecy (PFS)
Which of the following terms illustrate(s) the security through obscurity concept? (Select all that apply)
- Code obfuscation
- Steganography
- SSID broadcast suppression
- Substitution cipher
Which of the answers listed below refer to the Advanced Encryption Standard (AES)? (Select 3 answers)
- Symmetric-key algorithm
- 128-, 192-, and 256-bit keys
- Block cipher algorithm
Which of the algorithms listed below does not belong to the category of symmetric ciphers?
RSA (Public-key encryption)
A cryptographic standard for digital signatures is known as:
Digital Signature Algorithm (DSA) (Public-key cryptography)
Which of the following answers refers to a commonly used asymmetric algorithm for secure exchange of symmetric keys?
Diffie-Hellman
Which of the following are hashing algorithms? (Select all that apply)
- MD5
- RIPEMD
- HMAC
- SHA
What are the examples of key stretching algorithms? (Select 2 answers)
- Bcrypt
* PBKDF2
Which of the answers listed below refer to obfuscation methods? (Select 3 answers)
- Steganography
- XOR cipher
- ROT13
A security protocol designed to strengthen WEP implementations is known as:
TKIP
What are the characteristic features of WPA/WPA2 Enterprise mode? (Select 2 answers)
- Suitable for large corporate networks
* Requires RADIUS authentication server
Which of the following answers refers to a hierarchical system for the creation, management, storage, distribution, and revocation of digital certificates?
Public Key Infrastructure (PKI)
A type of trusted third party that issues digital certificates used for creating digital signatures and public-private key pairs is known as:
Certificate Authority (CA)
Which of the following solutions allow to check whether a digital certificate has been revoked? (Select 2 answers)
- CRL
* OSCP
What is the fastest way for validating a digital certificate?
OSCP
Which of the answers listed below refers to a method for requesting a digital certificate?
Certificate Signing Request (CSR)
Which of the following allows for checking digital certificate revocation status without contacting Certificate Authority (CA)?
OCSP Stapling (Determines if an SSL certificate is valid)
A security mechanism that allows HTTPS websites to resist impersonation by attackers using fraudulent certificates is called:
HTTP Public Key Pinning (HPKP)
Which of the answers listed below refer to examples of PKI trust models?
- Single CA model
- Hierarchical model (root CA + intermediate CAs)
- Mesh model (cross-certifying CAs)
- Web of trust model (all CAs act as root CAs)
- Client-server mutual authentication model
- *** All of the above
A trusted third-party storage solution providing backup source for cryptographic keys is referred to as:
Key Escrow
Copies of lost private encryption keys can be retrieved from a key escrow by recovery agents. Recovery agent is an individual with access to key database and permission level allowing him/her to extract keys from escrow.
(True or False)
True
The term “Certificate chaining” refers to a process of verifying the authenticity of a newly received digital certificate. Such process involves checking all of the certificates in the chain of certificates from a trusted root CA, through any intermediate CAs, down to the certificate issued to the end user. A new certificate can only be trusted if each certificate in that certificate’s chain is properly issued and valid.
(True or False)
True
Which digital certificate type allows multiple subdomains to be protected by a single certificate?
Wildcard certificate
A digital certificate which allows multiple domains to be protected by a single certificate is known as:
Subject Alternative Name (SAN) certificate
Which of the following certificate formats is used to store a binary representation of a digital certificate?
Distinguished Encoding Rules (DER)
Which of the answers listed below refers to the most common format in which Certificate Authorities (CA) issue certificates?
Privacy Enhanced Mail (PEM)
Which digital certificate formats are commonly used to store private keys? (Select 2 answers)
- PFX
* P12
Which of the answers listed below refers to a technology designed to simplify network infrastructure management?
Software-Defined Networking (SDN)
Which of the following answers refers to a data storage device equipped with a hardware-level encryption functionality?
Self-Encrypting Drive (SED)
A hardware device or a plugin-in card used for secure management, processing and storage of cryptographic keys is known as:
Hardware Security Module (HSM)
The term “Remote attestation” refers to a TPM’s capability to check a computer system’s integrity against a remote trusted third-party service.
(True or False)
True
The concept of a secure supply chain is based on the assumption that all hardware/software should originate from reliable sources.
(True or False)
True
EMI shielding protects the transferred data signals from: (Select all that apply)
- Outside interference
* Eavesdropping
The term “Trusted OS” refers to an operating system:
Equipped with enhanced security features
A system providing the capability for remote control, real-time monitoring, and gathering information related to industrial equipment is generally referred to as:
Industrial Control System (ICS)
Which of the following answers lists an example of an industrial control system solution?
SCADA
Which of the following would be the most effective in securing an ICS infrastructure?
Network isolation
A document stored in the memory of this device can pose a risk of an unauthorized data access.
MFD
Which of the answers listed below refer to technical security controls that can be applied to an UAV? (Select 2 answers)
- Wireless signal encryption
* Password protection
An SDLC model featuring a linear design process consisting of distinct sequential stages is known as:
Waterfall
One of the main premises behind the waterfall software development model is the adaptation to changes during the software development process rather than strict adherence to a well-documented sequence of steps.
(True or False)
False
Which of the following terms refers to a DevOps software deployment approach in which applications and services are redeployed rather than modified whenever a need for introducing a change occurs?
Immutable systems
A DevOps practice that replaces manual configuration of hardware with automatic deployment through code is called:
Infrastructure as Code (IaC)
Which programming aspects listed below are critical in secure application development process? (Select 2 answers)
- Input validation
* Error and Exception handling
Which of the following answers refers to a countermeasure against code injection?
Input validation
The process of removing redundant entries from a database is known as:
Normalization
What are the countermeasures against SQL injection attacks? (Select 2 answers)
- Stored procedures
* Input validation
What is the purpose of code signing? (Select 2 answers)
- Confirms the application’s source of origin
* Validates the application’s integrity
Code obfuscation techniques rely on encryption to protect the source code against unauthorized access.
(True or False)
False
A type of redundant source code producing an output not used anywhere in the application is commonly referred to as:
Dead Code
Which of the acronyms listed below refers to a specialized suite of software tools used for developing applications for a specific platform?
Software Development Kit (SDK)
A collection of commonly used programming functions designed to speed up a software development process is known as:
Library
What type of third-party code poses increased security risks during the application development process? (Select all that apply)
- SDK
* Library
A dynamic code analysis allows for detecting application flaws without the need for actual execution of the application code.
(True or False)
False
The practice of finding vulnerabilities in an application by feeding it incorrect input is known as:
Fuzzing
A type of code that has already been translated from a high-level programming language into a low-level programming language and converted into an executable file is referred to as:
Compiled code
A type of code saved in the same format as it was entered and interpreted during program execution is called:
Runtime code
In virtualization technology, a software program that manages multiple operating systems (or multiple instances of the same operating system) on a single computer system is called:
Hypervisor
This occurs when the number of virtual machines on a network reaches a point where the administrator can no longer manage them effectively.
VM Sprawl
Which of the following security measures can be used to prevent VM sprawl? (Select 2 answers)
- Usage audit
* Asset documentation
An exploit in which the attacker runs code on a VM that allows an operating system running within it to break out and interact indirectly with the hypervisor.
VM Escape
What are the countermeasures against VM escape? (Select 2 answers)
- Sand boxing
* Patch management
Which of the following answers refers to a security policy enforcement software tool or service placed between cloud service users and cloud applications?
Cloud Access Security Broker (CASB)
A type of text file containing security configuration settings used for security policy automation in Windows-based environments is known as:
Template
Method used by IPSec to create a secure tunnel by encrypting the connection between Authenticated peers.
Internet Key Exchange (IKE)
Establishment of secure connections and shared security information using certificates or cryptographic keys.
Security Association (SA)
Provides integrity, confidentiality, and authenticity of packets by encapsulating and encrypting them.
Encapsulating Security Payload (ESP)
What IPSec protocol provides authentication, integrity and confidentiality?
ESP (Encapsulating Security Payload)
Host to host transport mode only uses encryption of the payload of an IP packet but not it’s header.
Transport Mode within IPSec
Protocol used in IPSec that provides integrity and authentication.
Authentication Header (AH)
Is used for transmission between hosts on a private network.
Transport Mode
A network tunnel is created which encrypts the entire IP packet (payload and header).
Tunnel Mode
Commonly used for transmission between networks.
Tunnel Mode
Provides data striping across multiple disks to increase performance.
RAID 0
Provides redundancy by mirroring the data identically on two hard disks.
RAID 1
Provides redundancy by striping data and parity data across the disk drives.
RAID 5
Provides redundancy by striping and double parity data across the disk drives.
RAID 6
Creates a striped RAID of two mirrored RAIDs
combines RAID 1 & RAID 0
RAID 10
Two or more servers working together to perform a particular job function.
Cluster
A secondary server can take over the function when the primary one fails.
Failover Cluster
Servers are clustered in order to share resources such as CPU, RAM, and hard disks.
Load-Balancing Cluster
A modification introduced to a computer code that changes its external behavior (e.g. to maintain compatibility between a newer OS and an older version of application software) is called:
Shimming
The practice of optimizing existing computer code without changing its external behavior is known as:
Refactoring
Which of the terms listed below refer(s) to software/hardware driver manipulation technique(s) that might be used to enable malware injection? (Select all that apply)
- Refactoring
* Shimming
Which of the acronyms listed below refers to a cryptographic attack where the attacker has access to both the plaintext and its encrypted version?
Known-Plaintext Attack (KPA)
A man-in-the-middle attack that forces modern clients (browsers) and servers (websites) to downgrade the security protocol to SSLv3 from TLSv1.0 or higher.
Poodle (Padding Oracle On Downgraded Legacy Encryption)
Which of the following answers lists an example of a cryptographic downgrade attack?
Poodle
Which of the following authentication protocols offer(s) countermeasures against replay attacks? (Select all that apply)
- IPSec
- Kerberos
- CHAP
Which of the statements listed below describe the purpose behind collecting OSINT? (Select 3 answers)
- Gaining advantage over competitors
- Passive reconnaissance in penetration testing
- Preparation before launching a cyberattack
Penetration testing: (Select all that apply)
- Bypasses security controls
- Actively tests security controls
- Exploits vulnerabilities
Vulnerability scanning: (Select all that apply)
- Identifies lack of security controls
- Identifies common misconfigurations
- Passively tests security controls
Which of the following factors pose the greatest risk for embedded systems? (Select 2 answers)
- Inadequate vendor support
* Default configurations
After feeding an input form field with incorrect data, a hacker gets access to debugger info providing extensive description of the error. This situation is an example of:
Improper error handling
An attacker managed to associate his/her MAC address with the IP address of the default gateway. In result, a targeted host is sending network traffic to the attackers IP address instead of the IP address of the default gateway.
ARP Poisoning
An attacker intercepts user data and tries to use this information later to impersonate the user to obtain unauthorized access to resources on a network.
Replay Attack
A wireless disassociation attack is a type of:
DoS attack
Which of the statements listed below describe the purpose behind collecting OSINT?
- Gaining advantage over competitors
- Passive reconnaissance in penetration testing
- Preparation before launching a cyberattack
An e-commerce store app running on an unpatched web server is an example of:
Vulnerable business process
A situation in which an application fails to properly release memory allocated to it or continually request more memory than it needs is called:
Memory leak
A situation in which an application writes to an area of memory that it is not supposed to access is referred to as:
Buffer overflow
Which of the following terms describes an attempt to read a variable that stores a null value?
Pointer de-reference
A collection of precompiled functions designed to be used by more than one Microsoft Windows application simultaneously to save system resources is known as:
DLL
Which of the terms listed below describes a type of attack that relies on executing a library of code?
DLL injection
What is described as one of the aspects of poor asset management process?
System sprawl
An effective asset management process provides countermeasures against?
- System sprawl
- Undocumented assets
- Architecture & Design weaknesses
What applies to a request that doesn’t match the criteria defined in an ACL?
Implicit deny rule
Jsjsjjsjs
Stateless Firewall
Hdjfjj
Statefull Firewall
VPNs can be either remote-access (used for connecting to a computer to a network) or site-to-site (used for connecting networks).
True
What part of the IPSec protocol suite provides authentication and integrity?
AH (Authentication Header)
Which of the terms listed below describes a type of VPN that alleviates bottlenecks and conserves bandwidth by allowing users simultaneously make use of both the VPN and public network links?
Split tunnel
The term “Always-on VPN” refers to a type of persistent VPN connection that starts automatically as soon as the computer detects a network link.
True
An IDS that detects intrusions by comparing network traffic against the previously established baseline can be classified as:
- Heuristic
- Anomaly-based
- Behavioral
A type of IDS that relies on predetermined attack patterns to detect intrusions is referred to as a signature-based IDS.
True
A security administrator configured an IDS to receive traffic from a network switch via port mirroring. Which of the following terms can be used to describe the operation mode of the IDS?
- Passive
* Out-of-band
Which of the following answers applies to a situation where an Ethernet switch acts as an authenticator for devices that intend to connect to a network through one of its ports?
IEEE 802.1X
Which of the following protocols provide protection against switching loops?
- STP (?)
* RSTP (?)
What is the name of a security mechanism that protects a network switch against populating it’s MAC table with invalid source addresses?
Flood Guard
Which of the following statements describe the function of a forward proxy?
- Acts on behalf of a client
* Hides the identity of a client
Which of the statements listed below describe the function of a reverse proxy?
- Acts on behalf of a server
* Hides the identity of a server
What are the characteristic features of a transparent proxy?
- Doesn’t require client-side configuration
- Redirects clients requests and responses without modifying them
- Clients might be unaware of the proxy service
A non-transparent proxy:
- Modifies clients request and responses
* Requires client-side configuration
Which of the terms listed below refers to a method that ignores the load balancing algorithm by consistently passing requests from a given client to the same server?
Session Affinity
In a round-robin method, each consecutive request is handled by:
Next server in the cluster
In active-passive mode, load balancers distribute network traffic across:
Servers marked as active
In active-active mode, load balancers distribute network traffic across:
All servers
What type of IP address would be assigned to a software-based load balancer to handle an internet site hosted on several web servers, each with its own private IP address?
Virtual IP address
An infrastructure device designed for connecting wireless/wired client device to a network is commonly referred to as:
Access Point (AP)
Which of the tools listed below would be of help in troubleshooting signal loss and low wireless network signal coverage?
WAP power level controls
Which of the following answers refers to a common antenna type used as a standard equipment on most access points (AP) for indoor Wireless Local Area Network (WLAN) deployment?
Dipole antenna
Which of the antenna types listed below provide a 360-degree horizontal signal coverage?
- Dipole antenna
* Omnidirectional antenna
Which of the following answers refer to highly directional antenna types used for long-range point-to-point bridging links?
- Dish antenna
* Unidirectional antenna
A type of architecture in which most of the network configuration settings of an Access Point (AP) are set and managed with the use of a central switch or controller is called:
Thin AP
The standard for web application security.
OWASP (Open Web Application Security Process)
When multiple threads in an application are using the same variable.
Race Conditions
A malfunction in preprogrammed sequential access to a shared resource is described as:
Race Condition
The international standard used for maintaining security systems.
ISO 27002
Used for cloud security.
ISO 27017
A physical device used for authentication and can store digital certificates.
Tokens
An attacker embeds malicious scripting commands on a trusted website.
XSS (Cross Site Scripting)
An attacker forces a user to execute actions on a web server for which they are already authenticated.
XSRF/CSRF (Cross Site Request Forgery)
An unauthorized user will be granted access.
FAR (False Acceptance Rate)
An authorized user will be rejected access.
FRR (False Rejection Rate)
Fastest to backup but slowest to restore.
Incremental
Slowest to backup but fastest to restore.
Differential
A client (generally either a user or a service) sends a request for a ticket to the Key Distribution Center (KDC). The KDC creates a ticket-granting ticket (TGT) for the client, encrypts it using the client’s password as the key, and sends the encrypted TGT back to the client.
Kerberos
Which of the following terms is used to describe a text message containing system information details displayed after connecting to a service on a server?
Banner
The practice of connecting to an open port on a remote host to gather more information about its configuration is known as:
Banner Grabbing
What is the name of a command-line utility that allows for displaying protocol statistics and current TCP/IP network connections?
Netstat
Netstat is a command-line utility which can be used for:
Displaying active TCP/IP connections
Which netstat parameter allows to display all connections and listening ports?
-a
Which netstat parameter displays addresses and port numbers in numerical form?
-n
A network command-line utility in MS Windows that tracks and displays the route taken by an IP packet on its way to another host is called:
Tracert
A Linux command-line utility for displaying intermediary points (routers) an IP packet is passed through on its way to another network node is known as:
Traceroute
Which of the following CLI tools is used to troubleshoot DNS-related problems?
Nslookup
ARP is used to perform what kind of resolution?
IP to MAC
Which command in MS Windows displays a table consisting of IP addresses and their resolved physical addresses?
Arp-a
Which of the answers listed below refers to a command-line packet capturing utility?
Tcpdump
Which of the following command-line tools is used for discovering hosts and services on a network?
Nmap
Which of the command-line utilities listed below can be used to perform a port scan? (Select 2 answers)
- Nmap
* Netcat
A command-line tool that can be used for banner grabbing is called:
Netcat
The term “Segmentation fault” refers to: (Select 2 answers)
- Access violation
* Memory management
Which of the tools listed below can be used for troubleshooting problems related to digital certificates? (Select 2 answers)
- OSCP
* CRL
A software or hardware-based security solution designed to detect and prevent unauthorized use and transmission of confidential information outside of the corporate network (data exfiltration) is known as:
DLP
An OS security feature designed to ensure safe memory usage by applications is known as:
DEP
Which of the acronyms listed below refers to a firewall controlling access to a web server?
WAF
A wireless connectivity technology primarily used in low-powered sports and fitness mobile devices is known as:
ANT
A framework of protocols that allows for numerous methods of authentication including passwords, digital certificates, and public key infrastructure.
EAP
Extensible Authentication Protocol
Which of the following EAP methods offers the highest level of security?
EAP-TLS
Uses simple passwords for its challenge-authentication.
EAP-MD5
Which of the EAP methods listed below relies on client-side and server-side certificates to perform authentication?
EAP-TLS
Digital certificates for mutual authentication.
EAP-TLS
Uses a server-side digital certificate and a client-side password for mutual authentication.
EAP-TTLS
Provides flexible authentication via secure tunneling (FAST) by using a protected access credential instead of a certificate for mutual authentication.
EAP-FAST
Supports mutual authentication by using server certificates and Microsoft’s Active Directory to authentication a clients password.
PEAP
(Protected EAP)
Is a proprietary to Cisco-based networks.
LEAP
In a persistent VDI:
Select 2 answers
- Each user runs their own copy of a virtual desktop.
* At the end of a session, user data and personal settings are saved.
Characteristics of a non-persistent VDI:
Select 2 answers
- At the end of a session, user desktop reverts to its original state.
- Virtual desktop is shared among multiple users.
What are the characteristics of TACACS+?
Select 3 answers
- Encrypts the entire payload of the access-request packet.
- Primarily used for device administration.
- Separates authentication and authorization.
What are the characteristics of RADIUS?
Select 3 answers
- Primarily used for network access.
- Combines authentication and authorization.
- Encrypts only the password in the access-request packet.
Which of the answers listed below refers to an XML-based markup language for exchanging authentication and authorization data?
SAML
OpenID Connect is a protocol used for:
Authentication
Which of the following answers refers to an open-standard reference architecture for authentication?
OATH
OAuth is an open standard for:
Authorization
Which of the answers listed below refers to a SAML-based SSO system?
Shibboleth
Which of the following answers refers to a commonly used solution for tracking user access in a federated SSO system?
Secure token
A proprietary suite of security protocols providing authentication, integrity, and confidentiality to users in MS Windows network is called:
NTLM
Which of the answers listed below refers to a preferred authentication protocol recommended by MS Windows network?
Kerberos
Which access control model defines access control rules with the use of statements that closely resemble natural language?
ABAC
Group-based access control in MS Windows is an example of:
RBAC
Which of the following answers refers to the correct formula to calculating probable financial loss due to a risk over a one-year period?
ALE = ARO x SLE
If one service generates $10,000 per hour in revenue. The probability of this service failing during this year is estimated to be 10% and the failure would lead to 3 hours of downtime. What is the ALE?
SLE x ARO = ALE
AV = $10,000
EF = 3
10,000 x 3 = 30,000
SLE = $30,000
ARO = 10%
30,000 x .10 = 3,000
ALE = $3,000
You have an asset valued at $16,000. The exposure factor of a risk affecting that asset is 35%. The annualized rate of occurrence is 75%. What is the SLE?
AV x EF = SLE
AV = $16,000
EF = 35%
16,000 x .35 = 5,600
SLE = $5,600
Anything less than 10 has a (.0) in front of the core number.
Anything in the 10’s has a (.) in front of the core number.
Anything in the 100’s has a core number followed by (x.xx).
- Move decimal point 2 times from RIGHT-to-LEFT
1 = .01 2 = .02 : And so on!
10 = .1 57 = .57 : And so on!
100 = 1 101 = 1.01 267 = 2.67 : And so on!
The loss that will happen in the asset as a result of the threat.
(Expresses as a percentage value)
EF (Exposure Factor)
The method of assessing the worth of the organization’s information system assets based on its CIA security.
AV (Asset Value)
