Immediate Attention

Question 1

What is Differential cryptanalysis?

Answer 1

seeks to find the difference between related plaintexts that are encrypted.

The plaintexts may differ by a few bits.

It is usually launched as an adaptive chosen plaintext attack; the attacker chooses the plaintext to be encrypted (but does not know the key) and then encrypts related plaintexts.

Question 2

What is Linear cryptanalysis?

Answer 2

is a known plaintext attack where the cryptanalyst finds large amounts of plaintext/ciphertext pairs created with the same key. The pairs are studied to derive information about the key used to create them. Both differential and linear analysis can be combined as differential linear analysis.

Question 3

What is Side-channel attacks?

Answer 3

use physical data to break a cryptosystem, such as monitoring CPU cycles or power consumption used while encrypting or decrypting.

Question 4

What security principle can be used to help detect fraud coming from users becoming comfortable in their position?

Answer 4

rotation of duties

Question 5

What is the purpose of rotation of duties?

Answer 5

to detect fraudulent behavior, which increases detection capabilities. the fact that responsibilities are routinely rotated deters fraud. Collusion prevention

Question 6

What is the purpose of Separation of duties?

Answer 6

multiple people are required to complete critical or sensitive transactions. Minimize collusion

Question 7

which plan provides strategies to detect, respond to, and limit consequences of malicious cyber incident

Answer 7

Cyber Incident Response Plan

Question 8

Graham-Denning Model

Answer 8

concerned with how subjects and objects are created, how subjects are assigned rights or privileges, and how ownership of objects is managed. It has three parts: objects, subjects, and rules. It provides a more granular approach for interaction between subjects and objects. There are eight rules: Create object, create subject, delete object, delete subject, read access right, grant access right, delete access right, and transfer access right.

Question 9

Harrison–Ruzzo–Ullman (HRU) Model

Answer 9

maps subjects, objects, and access rights to an access matrix. It is considered a variation to the Graham–Denning Model. It differs from Graham–Denning because it considers subjects to be also objects.

Question 10

Incremental

Answer 10

only backup files that have changed since the last backup of any kind was performed and will reset archive bit. The time to perform the incremental backup is greatly reduced but it requires quite a few tapes. The most time in restoration.

Question 11

Differential backups

Answer 11

differential backup records every piece of data in a file that has changed since the last full backup.

Question 12

Diffusion

Answer 12

means the order of the plaintext should be spread out in the ciphertext.

Question 13

Confusion

Answer 13

means that the relationship between the plaintext and ciphertext should be as random as possible.

Question 14

What is terminology used to describe the data in data-link?

Answer 14

Frame

Question 15

What is terminology used to describe the data in network layer?

Answer 15

Packets

Question 16

What is terminology used to describe the data in transport?

Answer 16

Segments

Question 17

The core principles of PCI-DSS are

Answer 17

• Build and maintain a secure network. • Protect cardholder data. • Maintain a vulnerability management program. • Implement strong access control measures. • Regularly monitor and test networks. • Maintain an information security policy.

Question 18

Configuration management

Answer 18

is a process of identifying and documenting hardware components, software, and the associated settings.

o It involves the development of a security-oriented baseline configuration.

o It involves tasks such as disabling unnecessary services; removing unnecessary programs;

Question 19

Change Management

Answer 19

the purpose is to understand, communicate, and document any changes with the primary goal of being able to understand, control, and avoid direct or indirect negative impact that the changes might impose.

The general flow of the change management process:

o Identifying a change

o Proposing a change

o Assessing the risk associated with the change

o Testing the change

o Scheduling the change

o Notifying impacted parties of the change o Implementing the change

Question 20

Publication 800-30

Answer 20

Risk Management Guide for IT Systems

Question 21

Publication 800-12

Answer 21

discusses three specific policy types: program policy, issue-specific policy, and system-specific policy.

Question 22

Publication 800-37

Answer 22

a four-step Certification and Accreditation process

Question 23

Publication 800-34

Answer 23

Business continuity planning

Question 24

Publication 800-64

Answer 24

SDLC

Question 25

Publication 800-61

Answer 25

incident response life cycle

Question 26

Internet Activities Board’s (IAB) published as

Answer 26

RFC 1087 in 1987 code of ethics, Ethics and the Internet.

Question 27

BIA

Answer 27

a formal method for determining how a disruption to the IT systems of an organization will impact the organization’s requirements, processes, and interdependencies with respect the business mission.

It an analysis to identify and prioritize critical IT systems and components.

It enables the BCP/DRP project manager to fully characterize the IT contingency requirements and priorities.

The objective is to correlate the IT system components with the critical service it supports.

It also aims to quantify the consequence of a disruption to the system component and how that will affect the organization.

The primary goal of the BIA is to determine the maximum tolerable downtime (MTD) for a specific IT asset.

Question 28

Collection Limitation Principle

Answer 28

Personal data collection should have limits, be obtained in a lawful manner, and, unless there is a compelling reason to the contrary, with the individual’s knowledge and approval.

Question 29

Data Quality Principle—

Answer 29

Personal data should be complete, accurate, and maintained in a fashion consistent with the purposes for the data collection.

Question 30

Purpose Specification Principle

Answer 30

the purpose for the data collection should be known, and the subsequent use of the data should be limited to the purposes outlined at the time of collection.

Question 31

Use Limitation Principle

Answer 31

Personal data should never be disclosed without either the consent of the individual or legal requirement.

Question 32

Security Safeguards Principle

Answer 32

Personal data should be reasonably protected against unauthorized use, disclosure, or alteration.

Question 33

Cipher Block Chaining (CBC)

Answer 33

a block mode that XORs the previous encrypted block of ciphertext to the next block of plaintext to be encrypted.

The first encrypted block is an initialization vector. This “chaining” the result of encrypting one block of data is fed back into the process to encrypt the next block of data.

This “chaining” destroys patterns. One limitation is that encryption errors will propagate due to the chaining, destroying their integrity.

Question 34

Cipher Feedback (CFB)

Answer 34

a stream mode (usually 8-bits).

The first 8 bits that come from the algorithm are then XORed with the first 8 bits of the plaintext (the first segment).

Each 8-bit segment is then transmitted to the receiver and also fed back into the shift register.

It uses feedback (the name for chaining when used in stream modes) to destroy patterns.

Like CBC, CFB uses an initialization vector and destroys patterns, and errors propagate. Best suited for communication between a terminal and a host.

Question 35

Output Feedback (OFB)

Answer 35

the keystream itself is chained, but there is no chaining of the ciphertext not affected by encryption errors, errors will not propagate.

Question 36

Counter (CTR) mode

Answer 36

a 64-bit random data block—is used as the first IV. A requirement of CTR is that the counter must be different for every block of plaintext, so for each subsequent block, the counter is incremented by 1.

used in high-speed applications such as IPSec and ATM.