Messer test 2 review

Question 1

of instances that an event would occur in a year

Answer 1

ARO (annualized rate of occurrence)

Question 2

expected cost of all events in a single year

Answer 2

ALE (annual loss expectancy)

Question 3

monetary loss if a single event occurs

Answer 3

SLE (single loss expectancy)

Question 4

time required to repair a product or system after a failure

Answer 4

MTTR (mean time to repair)

Question 5

state what is the SLE, ARO and ALE:
if it costs $1,000 to replace a single laptop and you expect to lose 7 in a year, the ___ for laptop theft is $7,000

Answer 5

SLE (single loss expectancy): $1,000 cost of one laptop
ARO (annualized rate of occurrence): 7 laptops in a year
ALE (annual loss expectancy): for laptop theft is $7,000

Question 6

process of gathering info from outside sources, like social media sites and online forums usually for pen test

Answer 6

passive scan

Question 7

associated with development life cycle model that focuses on rapid development and constant collaboration

Answer 7

agile

Question 8

commonly used to control flow of people through particular area. unlocking one door restricts the other from opening

Answer 8

access control vestibule

Question 9

used to block electromagnetic fields, useful in environments where electromagnetic and radio signals are an issue

Answer 9

faraday cage

Question 10

physically secure cabled network

Answer 10

protected distribution system (PDS)

Question 11

describes relationship with IT and their customers

Answer 11

stakeholder management

Question 12

list of everyone who needs to be contacted during an incident

Answer 12

communication plan

Question 13

specify the type and amount of data that must be backed up and stored

Answer 13

retention policies

Question 14

security control commonly implemented on routers to allow or restrict traffic flows through the network

Answer 14

access control list (ACL)

Question 15

method of modifying the source and/or destination IP addresses of network traffic

Answer 15

NAT (network address translation)

Question 16

series of security levels (public, private, secret) assigns those levels to EACH object in OS. Users are assigned a security level and only would have access to objects that meet or are below that assigned security level

Answer 16

mandatory access control

Question 17

determines access based on a series of system enforced rules

Answer 17

rule based AC

Question 18

assigns a user’s permissions based on their role in the organization

Answer 18

role based

Question 19

EMI

Answer 19

electromagnetic interference

Question 20

high end cryptographic hardware designed for large scale secured storage on the network. usually it’s own server

Answer 20

hardware security module (HSM)

Question 21

hardware that is part of computer’s motherboard is designed to assist and protect with cryptographic functions. full disk encryption (FDE) can use burned in ____ keys to verify that the local device hasn’t changed and there are security features in ___ that prevent brute force or dictionary attacks against full disk encryption login crews

Answer 21

trusted platform module (TPM)

Question 22

describes how company assets are to be used, especially computers, internal connections and mobile devices

Answer 22

acceptable use policy (AUP)

Question 23

preparation, identification, containment, eradication, recovery and lessons learned

Answer 23

incident response (IR)

Question 24

systems designed to identify sensitive data transfers. if ___ finds suspicious forwarding of data, ___ can block it

Answer 24

data loss prevention (DLP)

Question 25

when 3rd party holds decryption keys for data

Answer 25

key escrow

Question 26

keys transferred between people or systems over network (in band) or outside the normal network communication (out of band)

Answer 26

key exchange

Question 27

provides summary of network traffic application usage and details of network conversations. logs show all conversations from this device to any others in the network

Answer 27

NetFlow

Question 28

true or false: vulnerability scan only identifies known vulnerabilities, it doesn’t exploit

Answer 28

true

Question 29

______ uses smaller keys, has smaller storage and transmission requirements. efficient option for mobile devices

Answer 29

elliptic curve cryptography (ECC)

Question 30

_______ used for signing, encrypting, and decrypting texts, e-mails, files, directories, and whole disk partitions and to increase the security of e-mail communications.
has two algorithms: RSA (considered unbreakable, but slow) and Diffie-Hellman
Up to the user to use it correctly
Alternative to S/MIME encryption

Answer 30

pretty good privacy (PGP)

Question 31

–located in the core of the network
*Web security gateway
* URL filter / Content inspection
* Malware inspection
* Spam filter
* CSU/DSU
* Router, Switch
* Firewall
* IDS/IPS
* Bandwidth shaper
* VPN endpoint

Answer 31

unified threat management (UTM)–all in one security compliance

Question 32

HIPS

Answer 32

host based intrusion prevention system

Question 33

Confidentiality agreement / Legal contract – Prevents the use and dissemination of
confidential information

Answer 33

non disclosure agreement (NDA)

Question 34

removes electromagnetic field of storage media and electronics

Answer 34

degaussing

Question 35

places papers into a large washing tank to remove ink, paper broken down into pulp and recycled

Answer 35

pulping

Question 36

does not have access to OS and may not provide method of upgrading system firmware

Answer 36

embedded system

Question 37

DES

Answer 37

data encryption standard

Question 38

used to authenticate devices using Mirosoft’s point to point tunneling protocol (PPTP). security issues related to DES (data encryption standard) eliminates ____

Answer 38

MS-CHAP (microsoft challenge handshake authentication protocol)

Question 39

PPTP

Answer 39

point to point tunneling protocol (PPTP)

Question 40

simple network management protocol used to manage servers and infrastructure devices

Answer 40

SNMPv3 (simple network management protocol)

Question 41

protocol needed for 802.1X authentication (4 options)

Answer 41

LDAP, RADIUS, TACAS+ or Kerberos

Question 42

alert of any changes to file

Answer 42

file integrity check

Question 43

protects web based applications from malicious attacks

Answer 43

web application firewall (WAP)

Question 44

associated with moving around the file system of a server

Answer 44

directory traversal

Question 45

created by US intelligence as a way to standardize attack reporting and analysis of intrusions. scientific principles to intrusion analysis: measurements, testability and repeatability.

points: adversary, capability, infrastructure, victim.

Answer 45

diamond model of intrusion

Question 46

knowledgeable of attack types, techniques and mitigation options

Answer 46

MITRE ATT&CK framework

Question 47

standard focuses on the implementation and maintenance of a privacy information management system (PIMS)

Answer 47

ISO 27701

Question 48

focuses on protecting personal data and informational privacy. focuses on collection, use, storage, and disposal. based on ISO 27701

Answer 48

privacy information management system (PIMS)
alternative is ISMS

Question 49

guide to understand, manage and rate risks found in an organization

Answer 49

NIST RMF (national institute of standards and technology risk management framework)

Question 50

identify if a device has been opened

Answer 50

physical tamper seal

Question 51

easy exploit of memory leak

Answer 51

DDoS. unused memory is not properly released, eventually leak uses all available memory, system crashes

Question 52

a private network that only users within an org can access

Answer 52

intranet

Question 53

hides sensitive data by hiding the info or replacing it with non sensitive alternative

Answer 53

obfuscation/data masking

Question 54

encrypted data is drastically different than the plaintext

Answer 54

confusion

Question 55

changing one character of the input will cause many characters to change in the output

Answer 55

diffusion

Question 56

provides user with hardware to get up and running, end user is responsible for the OS, application and ongoing maintenance tasks

Answer 56

IaaS (infrastructure as a service)

Question 57

requires end user purchase, install and maintain application hardware and software

Answer 57

private

Question 58

provides building block of features and requires end user to customize/develop their own application from the available modules

Answer 58

PaaS (platform as a service)

Question 59

1 physical hardware technology that can act like many

Answer 59

virtualization

Question 60

abstract environments that share resources across the network

Answer 60

cloud computing

Question 61

document record of evidence. documents interactions of every person who comes into contact with evidence

Answer 61

chain of custody

Question 62

Use a different encryption key for every session
an encryption method that creates asymmetric encryption key pairs dynamically, uses them for the duration of the session, and then discards them.

Answer 62

perfect forward secrecy (PFS)

Question 63

ensures author of document cannot be disputed

Answer 63

non-repudiation

Question 64

technique preserving important evidence

Answer 64

legal hold

Question 65

port commonly used for server communications

Answer 65

HTTPS 443

Question 66

good for validating iP address of a device but not identifying on path attacks

Answer 66

DNSSEC (domain name system security extensions)

Question 67

message digest algorithm, produces a 128 bit hash, can accidentally create more than one of the same hash

Answer 67

MD5

Question 68

standard method of connecting devices to a wireless network without requiring a PSK or passphrase

Answer 68

WPS (wifi protected setup)

Question 69

older wireless encryption all found to have cryptographic vulnerabilities

Answer 69

WEP (wired equivalent Privacy)

Question 70

standard used for authentication using AAA (authentication, authorization and accounting) services. used in conjunction with LDAP, RADIUS or other auth service

Answer 70

802.1X

Question 71

enhances the PSK (preshared key) authentication process by privately deriving session keys instead of sending the key hashes across the network

Answer 71

WPA3 (wifi protected access 3)

Question 72

password based security protocol that enables 2 devices to establish a connection. used in WPA3 and IEEE 802.11s WLAN mesh networks. dictionary and brute force attacks do not work against it. based on dragonfly. password must match, each user gets their own pairwise transient keys (PTK) comes from 4 way handshake between WLAN client and auth sever

Answer 72

SAE (simultaneous authentication of equals)

Question 73

replaces user data with non sensitive placeholder

Answer 73

tokenization

Question 74

application aware security technology

Answer 74

NGFW (next gen firewall)

Question 75

contract specifies minimum terms for provided service like uptime, response times and other service metrics

Answer 75

service level agreement

Question 76

utility that can read and write data to the network using UDP or TCP. recon tool

Answer 76

Netcat

Question 77

forensics tool view and recover data from storage devices

Answer 77

autopsy

Question 78

third party storage drive imaging tool supports different drive types and encryption methods

Answer 78

FTK (forensic tool kit) Imager

Question 79

an exploitation framework that can use known vulnerabilities to gain access to remote systems. performs pen tests and verifies existence of a vulnerability

Answer 79

metasploit

Question 80

standard format and transfer mechanism for distributing security intelligence between different organization

Answer 80

automated indicator sharing (AIS)

Question 81

mapping of IP addresses to local MAC addresses

Answer 81

address resolution protocol (ARP)

Question 82

summary of hops betwen 2 devices

Answer 82

tracert

Question 83

reverse lookup of the IPv4 address and determine the IP address block owner that may be responsible for this traffic

Answer 83

dig (domain info groper)

Question 84

changes data to remove or replace identifiable info

Answer 84

anonymization

Question 85

limits the amount of collected info to necessary data. usually part of HIPAA and GDPR (general data protection regulation)

Answer 85

minimization

Question 86

allows an attacker to manipulate contents of memory

Answer 86

buffer overflow

Question 87

protocol encrypts data that traverses the VPN

Answer 87

encapsulation security payload (ESP)

Question 88

hash packet data for additional data integrity

Answer 88

authentication header (AH)

Question 89

algorithm for 2 devices to create identical shared keys without transferring those keys across the network

Answer 89

diffie hellman

Question 90

hashing algorithm and does not provide any data encryption. U.S. federal hash standard

Answer 90

SHA-2 (secure hash algorithm)

Question 91

requires communication between client and CA that issued cert. if CA is external to organization, validations checks will communicate across the Internet. certificate holder can verify their own status and avoid client internet traffic by storing the status info on an internal server and “stapling” the ____ status into the SSL/TLS handshake

Answer 91

OCSP (online certificate status protocol)

Question 92

used to increase network bandwidth between switches or devices

Answer 92

port aggregation

Question 93

application crashes and potential denial of service

Answer 93

null pointer dereference

Question 94

used to implement and manage security policies when working in a cloud based environment

Answer 94

CASB (cloud access security broker)

Question 95

mirroring and striping. needs 4 drives and a disk controller

Answer 95

RAID 10

Question 96

striped (segmented logically to different storage devices, no parity, high performance, 2 drives. not fault tolerant

Answer 96

RAID 0

Question 97

3 drives, yes to striping (segmented logically across different storage devices), yes to parity (redundancy check, can restore data completely but doesn’t need mirrored copy to do so.

Answer 97

RAID 5

Question 98

maintains a mirror (duplicate of data across multiple drives), 2 disks minimum

Answer 98

RAID 1

Question 99

uses a mobile phone as a communication medium to the internet and does not have any relationships to the apps that reinstalled on the mobile device

Answer 99

tethering

Question 100

updates are commonly provided from the carrier and are not part of mobile app installations

Answer 100

OTA (over the air) updates

Question 101

text messages that prompt to install an app will link to the app store version of the application

Answer 101

MMS install

Question 102

jailbreaking the apple iOS

Answer 102

sideloading

Question 103

focused on obtaining confidential government info or disrupting governmental operations

Answer 103

nation state

Question 104

political statement to make

Answer 104

hacktivist

Question 105

____ PIN was designed to have only 11,000 possible interactions, vulnerable to brute force if nothing against multiple guesses

Answer 105

WPS (wifi protected setup)

Question 106

access and permissions are determined by the owner or originator of the files or resources

Answer 106

discretionary access control (DAC)

Question 107

protocol combo method of centralizing authentication for users. authenticate with account info that is maintained in a centralized database
Routers, switches, firewalls, server authentication, remote VPN access, 802.1X network access. available on almost any server OS

Answer 107

RADIUS (remote authnetication dial in user service)

Question 108

average time expected between outages

Answer 108

MTBF (mean time between failures)

Question 109

time required to repair a product or system after failure

Answer 109

MTTR (mean time to repair)

Question 110

define how much data loss would be acceptable during a recovery

Answer 110

RPO (recovery point objectives)

Question 111

define the minimum objectives required to get up and running to a particular service level

Answer 111

RTO (recovery time objectives

Question 112

control for network health check. allows what devices that can connect to network

Answer 112

NAC (network access/admission control)

Question 113

highly secured device used to access secure areas of another network.

Answer 113

jump server

Question 114

MSP

Answer 114

managed service provider

Question 115

used to modify the source or destination IP address or port number of a network traffic flow

Answer 115

NAT (network address translation)

Question 116

control mechanism for managing rights and permissions in an OS

Answer 116

RBAC (role based access control)

Question 117

used for securing VOIP and media comm across network

Answer 117

SRTP (secure real time transport protocol)

Question 118

uses encrypted comm to manage devices but it is not used for secure file transfers between devices

Answer 118

SNMPv3 (simple network management protocol)

Question 119

vulnerability scanner that can help identify potential exploit vectors

Answer 119

nessus

Question 120

scan for understanding potential exploit vectors of a device. discovers open ports, version of OS

Answer 120

nmap

Question 121

displays connectivity info about device

Answer 121

netstat

Question 122

decode protocol shows exploitation process and details about payloads used during attempt

Answer 122

wireshark

Question 123

process of providing resources when demand increases and scaling down when demand is low

Answer 123

elasticity

Question 124

process of automating the config, maintenance and operation of an application instance

Answer 124

orchestration

Question 125

proving who you are

Answer 125

authentication

Question 126

process assigns users to resource

Answer 126

authorization

Question 127

provides a way to authenticate and authorize between 2 different org

Answer 127

document info regarding a user’s session

Question 128

cause users on a wireless network to constantly disconnect

Answer 128

wireless disassociation

Question 129

separates the control plane of networking devices from the data plane. more automation and dynamic changes to infrastructure

Answer 129

SDN (software defined networking)

Question 130

allows integration of many different service providers into a single management system. simplifies application management and deployment process when using separate cloud providers

Answer 130

service integration and management (SIAM)

Question 131

allows comm between separate VMs

Answer 131

VM escape

Question 132

application deployment architecture that uses a self contained group of application code and dependencies. many _____ run on a single system

Answer 132

containerization

Question 133

provides security teams with integration and automation of processes and procedures

Answer 133

SOAR (security orchestration automation and response)

Question 134

describes process of obtaining info from open sources like social media sites, corproate websites, online forums and other publicly available locations

Answer 134

OSINT (open source intelligence)

Question 135

accountable for specific data, often senior officer of org.

Answer 135

data owner

Question 136

responsible for org’s data privacy. sets processes and procedures for maintaining the privacy of data

Answer 136

data protection officer (DPO)

Question 137

manages access rights to the data.

Answer 137

data steward

Question 138

often 3rd party that processes data on behalf of the data controller

Answer 138

data processor

Question 139

data moving across network

Answer 139

data in transit

Question 140

data on storage device

Answer 140

at rest

Question 141

data in memory (CPU caches or registers) of a device

Answer 141

in use

Question 142

most volatile first:
CPU registers
routing tables
temporary files
event logs
backup tapes

or:
CPU registers
routing tables
temporary file systems
SSD

Answer 142

true

Question 143

framework for managing, protecting and securing an organization’s information assets. based on ISO 27001 standard
road range of security controls, including access control, network security, incident management, and risk management

Answer 143

ISMS (information security management system)