lesson 1-4

Question 1

Control objective

Answer 1

A control objective is a statement of desired result or purpose to be achieved by implementing a control or set of controls (What am I trying to achieve? Or what am I trying to accomplish?)
Ex: Control Objective: Protect Hosts from Malware Infiltration
AV software
Host firewall
Restricted email attachments
URL filtering
Sandboxing

Question 2

vulnerability

Answer 2

a weakness

Question 3

threat

Answer 3

potential danger

Question 4

threat actor

Answer 4

an adversary with malicious intent

Question 5

exploit

Answer 5

a threat actor is successful at taking advantage of a vulnerability

Question 6

Proportionality

Answer 6

Control baselines should be proportionate to the criticality and sensitivity classifications of the asset being protected (Principle of Proportionality)

Question 7

controls

Answer 7

Controls are tactics, mechanisms, or strategies that proactively minimize risk in one or more of the following ways:
* Reduce or eliminate a vulnerability
*Reduce or eliminate the likelihood that a *threat actor will be able to exploit a vulnerability.
Reduce or eliminate the impact of an exploit
Has to perform at least one to be considered a control. It can use more than one.

Question 8

Defense-in-depth

Answer 8

(layered security) is the design and implementation of multiple overlapping layers of diverse controls
Controls should not be subject to a cascade (domino) effect and should maintain independence
The diversity of types of controls and associated vendors should be considered.

Question 9

Cost Benefit analysis

Answer 9

the process of comparing the estimated costs and benefits to determine whether it makes sense to proceed from a business perspective.
*If the cost of the control is significantly lower than the losses without the control, the cost of the control is generally justified
*If the cost of the control is significantly higher than the losses without the control, the cost may not be justified
*When the cost and benefits are about the same, a return on investment (ROI) analysis is needed to determine whether the cost is justified.

Question 10

Tailoring

Answer 10

customizing baseline recommendations to align with organizational requirements. (like buying a suit off the rack, its ok but you want it to fit better so you tailor it)

Question 11

Scoping

Answer 11

elimination of unnecessary baseline recommendations that are not applicable.

Question 12

Compensating

Answer 12

is substituting a recommended baseline control with a similar control

Question 13

Supplementing

Answer 13

augmenting or adding to the baseline recommendations

Question 14

Functionality-

Answer 14

is what a control does

Question 15

Effectiveness

Answer 15

is how well a control works, effectiveness reflects the control’s consistent, complete, reliable, and timely operation.

Question 16

Assurance

Answer 16

is a measure of confidence that the intended security controls are effective in their application.

Question 17

Countermeasures

Answer 17

are controls implemented to address a specific threat.
Countermeasures are generally reactive.
Countermeasures may be more effective but less broadly efficient.

Question 18

NIST Frameworks

Answer 18

Cybersecurity Framework (CSF)
Privacy Framework
Risk Management Framework

Question 19

ISO 27014:2020

Answer 19

Information security, cybersecurity, and privacy protection

Question 20

Technical (control category)

Answer 20

mechanisms are implemented using hardware, software, and/or firmware components. Can be native or supplemental. (Ex. firewalls, cryptography, authentication systems)

Question 21

Managerial- (control category)

Answer 21

relate to risk management, governance, oversight, strategic alignment, and decision-making ( ex. Risk assessments, project management)

Question 22

Operational (control category)

Answer 22

are aligned with a process that is primarily implemented and executed by people (ex. Change management, training, testing)

Question 23

Physical (control category)

Answer 23

are designed to address physical interactions. Generally related to buildings and equipment. ( ex. Gates, locks, security guards)

Question 24

Deterrent (control classification)

Answer 24

discourage a threat agent from acting

Question 25

Preventative (control classification)

Answer 25

stops a threat agent from being successful.

Question 26

Detective (control classification)

Answer 26

identify and report a threat agent or action

Question 27

Corrective (control classification)

Answer 27

minimize the impact of a threat agent or modify or fix a situation.

Question 28

Compensating controls

Answer 28

*Are controls implemented in lieu of a recommended control that provides equivalent or comparable protection
*Compensating controls can be supplemental in cases where the implemented control does not provide sufficient protection. For example in the case of a zero-day vulnerability.
*can be short-term or temporary

Question 29

Directive controls

Answer 29

are often used to increase the effectiveness of other controls
* Proactive actions taken to cause or encourage a desirable event or outcome to occur.

Question 30

Confidentiality

Answer 30

is the assurance that information is not disclosed to unauthorized persons, processes, or devices. Confidentiality covers data in storage, during processing, and in transit.

Question 31

Integrity:

Answer 31

is the principle that systems are trustworthy, and work as intended, and the data is complete and accurate

Question 32

Availability

Answer 32

is the principle that information systems and supporting infrastructure are operating and accessible when needed.

Question 33

Authentication

Answer 33

is the process of verifying identity.

Question 34

Authorization

Answer 34

is the process of approving access.

Question 35

Accounting-

Answer 35

is the process of tracing actions to the source. Who did what

Question 36

Non-Repudiation

Answer 36

is the process of securing the validity and origin of data

Question 37

Privacy

Answer 37

the right of an individual to control the use of their personal information.

Question 38

OECD PRIVACY PRINCIPLES

Answer 38

1. Collection Limitation
2. Data Quality
3. Purpose Specification
4. Use Limitation

Question 39

Collection Limitation

Answer 39

Collection of personal data should be obtained by lawful and fair means and where appropriate, with the knowledge or consent of the data subject

Question 40

Data Quality

Answer 40

Personal data should be relevant to the purpose collected and should be accurate, complete, and kept up-to-date

Question 41

Purpose Specification

Answer 41

The purposes for which personal data is collected should be specified no later than at the time of data collection

Question 42

Use Limitation

Answer 42

Personal data should not be disclosed or otherwise used for purposes other than specified except with the consent of the data subject; or by authority of law

Question 43

Zero trust

Answer 43

Is a security framework requiring all subjects, assets, and workflows to be authenticated, authorized, and continuously validated before being granted or keeping access to applications and data.
*The goal is to prevent unauthorized access to data and services

Question 44

CORE PRINCIPLES OF ZERO TRUST (NIST SP 800-207)

Answer 44

1. Continuous verification- always verify access, all the time, for all resources
2. Access limitation- Access to individual enterprise resources is granted on a per-session basis.
3. Limit the “Blast Radius”- Minimize impact if the internal or external resources are breached. Segmentation, least privilege
4. Authomate- we can’t do this manually, automate contest collection response. Credentials, workloads, endpoints, SIEMS, threat intelligence.

Question 45

control plane

Answer 45

The control plane is used by infrastructure components to maintain and configure assets, access control, and communication security. In a ZT environment, requests for access are made through the control plane.

Question 46

data plane

Answer 46

The data plane is used for communication (moving data) between software components.

Question 47

Policy Decision Point (PDP)

Answer 47

The PDP functions as a gatekeeper. The PDP has two logical components
Policy Engine
Policy Administrator

Question 48

Policy Engine (PE)

Answer 48

The PE is responsible for the ultimate decision to grant access to a resource for a given subject.

Question 49

Policy Administrator (PA)

Answer 49

The PA generates any specific session-specific authentication and authentication token, or credential used to access an enterprise resource.

Question 50

Policy Enforcement Point (PEP)

Answer 50

The PEP is responsible for enabling, monitoring, and eventually terminating connections between a subject and an enterprise resource.

Question 51

Physical Security

Answer 51

the protection of people, property, and physical assets from actions and events that could cause damage, loss, or unauthorized activity.

Question 52

Crime Prevention Through Environmental Design (CPTED)

Answer 52

the proper design and effective use of the physical environment can lead to a reduction in the incidence and fear of crime and increase safety.
* relies on psychological and sociological responses.
*People protect territory they feel is their own, and people have a certain respect for the territory of others
*Intruders do not want to be seen
*Limiting access discourages intruders and or marks them as intruders.

Question 53

Fail-safe

Answer 53

implies that in an emergency or fault situation, controls will default to open (unlocked)

Question 54

Fail-secure

Answer 54

implies that in an emergency, controls will default to close (locked).

Question 55

Passive Infrared

Answer 55

Senses change in heat signatures

Question 56

Photometric-

Answer 56

Senses change in light

Question 57

Acoustical

Answer 57

Senses change in noise

Question 58

Microwave

Answer 58

Senses movement within an invisible field of energy (between the transmitter and receiver)

Question 59

Ultrasonic

Answer 59

proximity sensor that measures the distance of a target by emitting ultrasonic sound waves and converting the reflected sound into an electrical signal.

Question 60

Pick Resistant locks

Answer 60

have an extra set of tumblers. These locks are resistant to lock bumping. These locks are complex and difficult to reproduce keys

Question 61

access control vestibules

Answer 61

Barriers such as wall fences, gates, and bollards define the perimeter and can be used to control and divert traffic flow.

Question 62

ENVIRONMENTAL BASELINES

Answer 62

1. Temperature- The acceptable temp for an area containing computing devices is between 18-27 degrees C (64.4-80.6 F). Circulation must take into account temp.
2. Humidity- High humidity can cause corrosion and low humidity can cause excessive static electricity. Relative humidity between 50-70% is acceptable,
3. Power-Continuous clean (filtered) power, consistent voltage
4. FIre- Fire detection and suppression capabilities

Question 63

ESD (Electronic Discharge)

Answer 63

releases static electricity when two objects touch. This can damage or destroy electronic components. ESD can be minimized by using antistatic grounding workbenches, mats, bags, and wristbands. Electrical storms can increase the ESD risk.

Question 64

EMI (Electromagnetic Interference RFI (Radio frequency Interference) -

Answer 64

Equipment and copper cables are sensitive to EMI. Equipment should have limited exposure to magnets, fluorescent lights, electric motors, space heaters, and wireless access points. The copper cable should be shielded.

Question 65

Brownout-

Answer 65

A prolonged period of low-voltage

Question 66

Sag

Answer 66

Moment of low voltage

Question 67

surge

Answer 67

Prolonged period of high voltage

Question 68

spike

Answer 68

Moment of high voltage

Question 69

blackout

Answer 69

Prolonged period without power

Question 70

Honeynet

Answer 70

is multiple linked honeypots that simulate a network environment.

Question 71

Honeypot

Answer 71

A honeypot is a decoy system (e.g., a web server). High interaction honeypot is running the application that it says it is. Low interaction Honeypot is not running those services; it just appears they are.

Question 72

Honeyfiles

Answer 72

a decoy file located on a network file share. Honeyfiles are designed to detect access and exfiltration attempts.

Question 73

Honeytoken

Answer 73

is a beacon embedded into a document, databases, images, directory, and folders. They are used to identify the attacker.
* used to track malicious actors revealing critical information about their identity and the methods they use to exploit a system

Question 74

Spam Traps/ honey traps

Answer 74

(fake email address) are used to identify and block spammers. Legitimate mail is unlikely to be sent to a fake address, so when an email is received, it is most likely spam.

Question 75

DNS Sinkhole-

Answer 75

is a DNS server that responds with false results. They can be used to redirect malicious traffic so that it can be captured and analyzed by security analysts. Sinkholes are most often used to seize control of botnets by interrupting the DNS names of the botnet that is used by the malware.

Question 76

CONFIGURATION MANAGEMENT

Answer 76

A set of practices designed to ensure that configuration items (CI) servers, routers, and software, are deployed in a consistent state and stay that way through their lifetime.
The goal of configuration management is to minimize risk

Question 77

Configuration Item (CI)

Answer 77

Is an aggregation of information system components and treated as a single entity throughout the configuration process

Question 78

Baseline Configuration (BC)

Answer 78

is a set of specifications for a CI, that has been reviewed and agreed upon and can be changed only through change control procedures. The baseline config. Is used as a basis for future builds and releases.

Question 79

AUTOMATED PROVISIONING

Answer 79

The ability to deploy IT or OT systems and services using predefined, automated procedures without requiring human intervention.
*Automation is used to ensure consistency in provisioning in support of configuration management.

Question 80

Demand-generated resource allocation-

Answer 80

the automatic provisioning and de-provisioning of resources based on demand

Question 81

Idempotence

Answer 81

is a principle that every time an automated configuration script is run, the same result is produced.

Question 82

Immutable System

Answer 82

principle that resources should not be changed, only created and destroyed. Utilizes automation to replace rather than fix

Question 83

Infrastructure As Code

Answer 83

using code as configurations and automate provisioning of infrastructure. Supports the principle of Idempotence.

Question 84

change management

Answer 84

Change Management is to drastically minimize the risk and impact a change can have on business operations

Question 85

Rollback Strategies

Answer 85

Recovery to the previous state (Backout plan)

Question 86

Standard Change

Answer 86

is one that occurs frequently, is low risk, and has a pre-established procedure with documented tasks for completion (patch management)

Question 87

Normal Change

Answer 87

is one that’s not standard but not an emergency. Can be approved by a change control board or committee.

Question 88

Major Change

Answer 88

may have significant financial implications and or be high risk. Such a change often requires multiple levels of management approval.

Question 89

Emergency

Answer 89

is one that must be assessed and implemented (without prior authorization) as quickly as possible to resolve a major incident.

Question 90

KPI (key performance indicator)

Answer 90

are business metrics used to measure performance in relation to strategic goals and objectives
1. Successful Changes- The number of changes that have been completed successfully compared to the number of completed changes. The Higher the percentage the better
2. Backlog of Changes- The number of changes that are not yet completed. While this absolute number depends on the size of the organization, it should not grow over time
3. Emergency Changes- The number of completed emergency changes. While this number depends on the size of the company, it should not trend upward.

Question 91

Cryptography

Answer 91

the conversion of communication into a form that can only be read by the intended recipient.

Question 92

Encryption

Answer 92

this is a process of encoding information. The use case of encryption is confidentiality.

Question 93

Hashing

Answer 93

is a one-way function that turns a file or string of text into a unique digest of the message. The use case for hashing is integrity.

Question 94

Digital Signatures

Answer 94

is a hash value encrypted using the sender’s private key. The use case is sender authenticity and nonrepudiation(the sender can’t deny they sent the message)

Question 95

Digital Certificates

Answer 95

is a digital object that is tied to a cryptographic key pair. The use case for a digital certificate is authentication

Question 96

Ciphertext

Answer 96

is encrypted or human-unreadable text

Question 97

Algorithm

Answer 97

a mathematically complex modern cipher. Need to have a computer to solve it.

Question 98

KEY

Answer 98

is a secret value used with an algorithm. The Key dictates what parts of the algorithm will be used, is what order, and with what values.

Question 99

Trusted Platform Module (TPM)

Answer 99

is a hardware chip used for storing cryptographic keys and related information

Question 100

Hardware Security Module (HSM)

Answer 100

is a hardened tamper-resistant hardware devices that secure cryptographic keys and related information

Question 101

Secure Enclave

Answer 101

a separate processor & microkernel used for storing and processing cryptographic keys and related information in mobile devices

Question 102

Deprecated

Answer 102

means that the use of algorithm and key length is allowed, but the user must accept some risk due to inherent weaknesses.

Question 103

Broken

Answer 103

means that the algorithm and or key length is exploitable.

Question 104

SYMMETRIC ENCRYPTION

Answer 104

Uses the same key to encrypt and decrypt. The key may be referred to as a single key, shared key, secret key, or session key.

Question 105

SYMMETRIC ALGORITHMS

Answer 105

1. DES- 64-bit key size, 16 rounds of substitution and transposition
   In 1998 demonstrated that it could be broken in less than 56 hours
2. 3DES- 64-bit key size, 48 rounds of substitution and transposition using either 2 or 3 keys.
   In 1999 replaced the DES as a US Gov. standard
   Considered to be deprecated(it’s weak and has a lot of risk)
3. AES | Rijndael - 128 or 192 or 256 bit key w/10 or 12 or 14 rounds of substitution and transposition.
   In 2002 it replaced 3DES as the US standard
4. RC4- stream cipher, Key sizes 40-2048 bits
   4 variants: SPRITZ, RC4A, VMPC, RC4A+

Question 106

ASYMMETRIC ENCRYPTION

Answer 106

Uses two mathematically related keys to encrypt and decrypt. The keys are referred to as public and private keys. The public key is freely distributed, The private key must be secured.

Question 107

ASYMMETRIC ALGORITHMS

Answer 107

1. RSA- widely implemented de facto commercial standard. Words with both encryptions and digital signatures.
2. Elliptic Curve Cryptosystem ECC- similar function to RSA but with smaller keys so it takes less computing power. Current US Gov. standard
3. Diffie-Hellman- Primarily used for key agreement (key exchange) Allows two parties( in the same DH group) that have no prior knowledge of each other to jointly establish a shared secret key.
4. El Gamal- Primarily used for transmitting digital signatures and key exchange

Question 108

Key management

Answer 108

describes the activities involving the handling of cryptographic keys during their entire lifecycle.

Question 109

KMPS

Answer 109

a Key management practices statement is a document that describes in detail the organizational structure, responsible roles and rules for key management.

Question 110

HASHING

Answer 110

The objective of hashing is to prove integrity. Hashing produces a visual representation of a data set that can be used for comparative purposes. The output is known as a message digest, fingerprint, or hash value.

Question 111

one-way representation

Answer 111

Output must not be reversible. one of the 3 hashing criteria

Question 112

collision attack

Answer 112

is a cryptographic attack where two different inputs produce the same hash value, compromising the integrity of the hash function.
different output for the same input

Question 113

Message Digest (MD) - hash function

Answer 113

MD4 was developed by Ron Rivest in 1990 and has been broken.
MD5 (current use) is subject to collision attacks and is considered broken, however, it can be used for non-cryptographic purposes.

Question 114

Secure Hash Algorithm (SHA) - hash function

Answer 114

Was developed by the NSA
SHA-1 is subject to collision attacks
Secure versions include the SHA -2 and SHA-3 families

Question 115

RIPEMD- hash function

Answer 115

RIPEMD-160 is a cryptographic hash function based upon the Merkle-Damgard construction. It is used in the Bitcoin standard.

Question 116

Salting-

Answer 116

salts are random values appended to the input to negate the value or rainbow tables
Rainbow tables are publicly available tables of precomputed hashes.

Question 117

digital signature

Answer 117

is a message digest that has been encrypted using the sender’s private key
The objective of a digital signature is to prove integrity and non-repudiation. Non-repudiation means that the singer cannot deny sending the message

Question 118

RSA- hashing algorithm

Answer 118

Widely implemented and the commercial standard. Works with both encryption and digital signatures

Question 119

Digital Signature Algorithm (DSA)

Answer 119

Published by NIST is a cooperation with the NSA. US Gov. digital signature standard.

Question 120

Digital Certificates

Answer 120

used to generate a private key and to bind a public key to its owner. Digital certificates are issued by commercial entities. Alternately they can be self-generated

Question 121

X.509 standard

Answer 121

The X.509 standard is a widely used framework for defining the format of public key certificates. defines the distribution procedures.

Question 122

web of trust

Answer 122

certificates that can be signed and validated by other users

Question 123

certificate authorities (CA)

Answer 123

Digital certificates are issued by commercial trusted parties like the CA

Question 124

A Registration Authority (RA)

Answer 124

offloads some of the work from the CA. The RA can accept and process registration requests and distribute certificates.

Question 125

Root certificate

Answer 125

verifies the identity of a root certificate authority in a chain of trust

Question 126

Trusted/Intermediate

Answer 126

Verifies root and intermediate certificate authorities.

Question 127

Certificate Revocation List (CRL)

Answer 127

maintained list of certificates that have been revoked

Question 128

Online Certificate Status Protocol (OCSP)

Answer 128

A process designed to query the status of a certificate in real time.

Question 129

Blockchain

Answer 129

is a distributed, decentralized, public ledger. Blocks are linked using cryptography
Each block contains a cryptographic hash of the previous block, a timestamp, and transaction data.

Question 130

HOMOMORPHIC ENCRYPTION

Answer 130

Allows for encrypted data to be processed. Uses complex mathematical operations to allow a variety of computations (or operations) on encrypted data.
*Partially Homomorphic encryption (PHE)- one operation can be performed an unlimited number of times on the ciphertext
*Somewhat Homomorphic encryption (SHE)- Supports limited operations up to a certain complexity, but there operations can only be performed a set number of times.

Question 131

Quantum cryptography

Answer 131

applies principles of quantum mechanics to encrypt messages.

Question 132

Post-quantum cryptography

Answer 132

develop cryptographic systems that are secure against both quantum and classical computers and can interoperate with existing communications, protocols and networks.

Question 133

Steganography

Answer 133

Is the science of hiding information
Consists of a message and a cover image. The massage is the secret data, cover image is the carrier that hides the message

Question 134

Steganalysis

Answer 134

is the study of detecting messages hidden using Steganography

Question 135

DIGITAL COVER IMAGES

Answer 135

1. Text- Hiding information in text files (every nth letter)
2. Image- Hiding information in image files (BMP, JPEG, GIF, PNG)
3. Audio- Hiding information in audio files (MP3, AU, WAV)
4. Video- Hiding information in video files (MPEG, MP4)

Question 136

concealment

Answer 136

The objective of Steganography

Question 137

digital watermark

Answer 137

is a hidden message that is used to prove or claim ownership (generally intellectual property or artistic work)