Important Terms/Topics

Question 1

Data Subjects

Answer 1

Data Subjects are individuals whose personal data is being processed. This can include customers, employees and partners. Data Subjects often have rights regarding their data, such as the right to access, correct, or request the deletion of their data.

Question 2

Data Controllers

Answer 2

Data Controllers are the entities who determine the reasons for processing personal information and direct the methods of processing that data.

Question 3

Data Custodians

Answer 3

Data Custodians are individuals or teams who do not have controller or stewardship responsibility of data but are responsible for the secure safekeeping of information.

For example, a data controller might delegate responsibility for securing PII to an information security team. In that case, the information security team serves as a data custodian.

Question 4

Data Processors

Answer 4

Data Processors are service providers that process personal information on behalf of a data controller.

Question 5

Root of Trust (Boot)

Answer 5

A Root of Trust based secure boot process validates each signed component as it starts and ensures that the trusted components are all loaded as part of the boot process.

Question 6

Fuzzing

Answer 6

Fuzzing is a technique whereby the tester intentionally enters incorrect values into input fields to see how the application will handle it.

Question 7

COPE (corporate-owned, personally enabled)

Answer 7

COPE provides devices to users that they can then use for personal use.

Question 8

Data Steward

Answer 8

Data Stewards are individuals who carry out the intent of the data controller and are delegated responsibility from the controller. This means they carry out data usage and security policies and ensure that data is handled appropriately.

Question 9

What is the difference between standards and policies?

Answer 9

Policies are a statement of organizational intent. Standards are defined to help organizations achieve that intent through the use of rules.

Question 10

Key Escrow

Answer 10

Key Escrow refers to a process where encryption keys are retained by the organization in case the files on the drive need to be accessed by someone with proper authority.

Question 11

KMS

Answer 11

Key Management Systems allow you to safely store and manage secrets like keys and certificates. Centralizing a KMS allows organizations to effectively manage their secrets, including tracking their life cycle and rotation.

Question 12

Fault Tolerance & High Availability

Answer 12

High availability designs are less expensive because they attempt to minimize service interruptions, whereas fault-tolerant designs seek to avoid service interruptions almost entirely, and thus cost significantly more.

Fault tolerance is more preventative than high availability.

Question 13

SASE

Answer 13

SASE stands for Secure Access Service Edge. It’s a network architecture that combines network security functions with wide-area networking capabilities to support the dynamic, secure access needs of organizations, particularly those with distributed workforces and cloud-based applications. Essentially, SASE aims to provide comprehensive security and networking services from a single cloud-based platform, optimizing performance and simplifying management for businesses.

SD-WAN is the core of a SASE implementation.

Question 14

VPC Endpoint

Answer 14

A Virtual Private Cloud endpoint is a way to directly connect to services inside of a cloud provider without an Internet gateway.

Question 15

Security Groups (Cloud)

Answer 15

Security groups are a virtual firewall for instances, allowing rules to be applied to traffic between instances.

Question 16

OAuth

Answer 16

OAuth allows an end user’s account information to be used by third-party services, without exposing the user’s password.

Question 17

What are the steps to the Incident Response Process?

Answer 17

1. Preparation
2. Detection
3. Containment
4. Eradication
5. Recovery
6. Lessons Learned

Question 18

MITRE ATT&CK Framework

Answer 18

The MITRE ATT&CK Framework is a free, globally accessible knowledge base that describes the latest tactics and behaviors of cyber adversaries. It’s designed to help organizations identify security gaps, assess risk, and prioritize mitigations.

Question 19

Cuckoo

Answer 19

Cuckoo is a sandbox for malware analysis that will safely run malware and then analyze and report on its behavior.

Question 20

Exposure Factor

Answer 20

Exposure Factor is the percentage of value of an asset that would be lost due to an incident.

Question 21

Integrated Penetration Testing

Answer 21

Integrated Penetration Testing combines both offensive and defensive penetration testing and is often woven into an organization’s practices on an ongoing basis.

Question 22

Attestation

Answer 22

Auditors provide a statement about an organization’s posture as part of an Attestation process. This provides assurance that the auditors have reviewed the organization’s practices and have found them suitable or that deficiencies have been identified.

Question 23

What is the biggest downside of using Journaling as part of a backup restoration project?

Answer 23

Journaling replays transactions, which can take an extended period of time if the time between the last backup and the data loss event was longer and there was a high volume of transactions. So, restoring from Journals can take a very long time.

Journaling can be encrypted and is often used for live databases.

Question 24

What is typically not a consideration that one can control or change for embedded devices?

Answer 24

Compute power.

Compute is rarely a significant concern for embedded systems. They’re designed to function for long periods of time performing a specific function and do not have additional software or functions added.

Question 25

What type of information are tools like PRTG and Cacti used to analyze?

Answer 25

PRTG and Cacti are both network monitoring tools that can provide bandwidth monitoring information.

Question 26

Timelining

Answer 26

Building a timeline during forensic analysis, particularly from multiple systems, relies on accurately set system clocks or adding a manually configured offset.

Question 27

Which of the following options is not capable of gathering information about what systems a host is connecting to, how much traffic is being sent, and similar details?

IPFIX
NetFlow
NXLog
sFlow

Answer 27

NXLog is a log collection and centralization tool. The other three options are all for collecting network flow data.

Question 28

Bluesnarfing

Answer 28

Bluesnarfing involves accessing data from a Bluetooth device when it is in range.

Question 29

What two files are commonly attacked using offline brute-force attacks?

Answer 29

1. The Windows SAM
2. The ‘/etc/shadow/’ file on Linux

Question 30

Internet Relay Chat (IRC)

Answer 30

IRC is designed for group communication in discussion forums, called channels, but also allows one-on-one communication via private messages as well as chat and data transfer, including file sharing. IRC commonly runs on TCP 6667.

IRC is often used for command-and-control channels in botnets.

Question 31

What are the three common situations associated with race conditions?

Answer 31

1. Time-of-check (TOC)
2. Time-of-use (TOU)
3. Target-of-evaluation