MUST STUDY

Question 1

Explain MOA

Answer 1

Memorandum of Agreement is a formal document where both sides agree to a broad set of goals and objectives associated with the partnership.

Question 2

Explain SLA

Answer 2

Service Level Agreement is commonly provided as a formal contract between two parties that documents the minimum terms for service provided. The SLA often provides very specific requirements and expectations between both parties.

Question 3

Explain SCADA

Answer 3

Supervisory Control and Data Acquisition is a system used to control and monitor industrial processes. It’s like a brain for a large and complex system for industries like power plants, water treatment facilities, manufacturing plants and more.

The hardening process for an industrial SCADA system includes network segmentation, additional firewall controls and the implementation of access control lists.

Question 4

Explain brute force attacks

Answer 4

Brute force attacks discover passwords by attempting to guess the password. brute force attacks usually attempt hundreds of passwords to guess the right one.

Question 5

Explain spraying attacks

Answer 5

Spraying attacks is similar to brute force attacks, but it limits the number of password attempts in order to not alert the administrator or cause account lockout.

Question 6

Explain downgrade attacks

Answer 6

A downgrade attack is often used to force an insecure encryption algorithm or the disabling of encryption entirely

Question 7

Explain Zero Trust model

Answer 7

Zero trust describes a model where nothings is inherently trusted and everything must be verified to gain access. A central policy enforcement point is commonly used to implement a zero trust architecture.

Question 8

Explain PKI

Answer 8

Public Key Infrastructure uses public and private keys to provide confidentiality and integrity. Asymmetric encryption and digital signatures are used as foundational technologies in PKI.

Question 9

What kind of key would be put into key escrow and why?

Answer 9

A private key would be placed in key escrow as a backup method. Since in asymmetric encryption , the private key is used to decrypt information, then it is very important to have a backup of this key.

Question 10

Explain SCAP

Answer 10

Security Content Automation Protocol focuses on the standardization of vulnerability management across multiple security tools. This allows different tools to identify and act on the same security criteria.

Question 11

Explain Trojan Horse attacks

Answer 11

Trojan Horse attacks are usually disguised as legitimate software, the victim often doesn’t realize they’re installing malware. Once the trojan is installed, the attacker can install additional software to control the infected system.

Question 12

Explain Replay Attack

Answer 12

A Replay attack is often used by an attacker to gain access to a service through the use of credentials gathered from a previous authentication. Internal devices communicating to an external servicer is not a common pattern for a replay attack.

Question 13

Explain Keylogger Attack

Answer 13

A keylogger captures keystrokes and occasionally transmits (send the information to external server) this information to the attacker for analysis.

Question 14

Explain SPF record

Answer 14

SPF record is used to publish a list of all authorized email servers for a specific domain

Question 15

Explain DKIM

Answer 15

DKIM is used to publish the public key used for the digital signature for all outgoing email

Question 16

Explain DMARC

Answer 16

DMARC record announces the preferred email disposition if a message is identified as spam. DMARC options include accepting the messages, sending them to a spam folder, or simply rejecting the emails.

Question 17

What is a downside of allowing mobile devices inside a facility?

Answer 17

The exfiltration of confidential information and intellectual property is relatively simple with an easily transportable mobile device. Organizations associated with sensitive products or services must always be aware of the potential for information leaks using files, photos and video.

Question 18

Explain key exchange algorithm

Answer 18

A key exchange algorithm can be used to securely exchange key information between devices, but it does not provide a method of encrypting data.

Question 19

Explain Asymmetric encryption

Answer 19

Asymmetric encryption uses a recipient’s public key to encrypt data, and this data can only be decrypted with the recipients private key.

Question 20

Explain Jump Servers

Answer 20

A jump server is a highly secured device commonly used to access secure areas of another network.

Question 21

Explain NAC

Answer 21

Network Access Control is a broad term describing access control based on a health check or posture assessment. NAC will deny access to devices that don’t meet the minimum security requirements.

Question 22

Explain air gap

Answer 22

Air gap is a segmentation strategy that separates devices or networks by physically disconnecting them from each other.

Question 23

Explain Risk Acceptance

Answer 23

Risk acceptance is a business decision that places the responsibility of the risky activity on the organization itself. For example, if you were using cybersecurity insurance but decide to remove it due to its cost, then you are accepting the risk that comes with being responsible for the cybersecurity effects in your organization.

Question 24

Explain Risk Transference

Answer 24

Purchasing insurance to cover a risky activity is a common method of transferring risk from the organization to the insurance company.

Question 25

Explain CRL

Answer 25

Certificate Revocation List is a file that contains a list of revoked certificates. This list is maintained by the associated certificate authority

Question 26

Explain CSR

Answer 26

Certificate Signing Request is sent with the public key to the certificate authority. Once the certificate information has been verified, the CA will digitally sign the public key certificate.

Question 27

Explain CA

Answer 27

Certificate Authority is the administrative control for any public key infrastructure deployment.

Question 28

Explain OCSP

Answer 28

Online Certificate Status Protocol is a protocol used by the browser to check the revocation status of a certificate.

Question 29

Provide the order of the Incident Response Activities

Answer 29

Preparation
Detection
Analysis
Containment
Eradication
Recovery
Lesson Learned

Question 30

Explain the Preparation phase of the Incident Response Activities

Answer 30

The preparation phase includes all of the work prior to the incident. This may include collecting hardware, installing software, gathering documentation, and managing incident response policies.

Question 31

Explain the Detection phase of the Incident Response Activities

Answer 31

The detection phase includes any method of identifying and determining an incident may be actively occurring. This process also includes identifying a legitimate threat and not a false positive.

Question 32

Explain the Analysis phase of the Incident Response Activities

Answer 32

The analysis phase provides detailed evidence for a security incident. Alarms, alerts, reports, and other feedback can be categorized as analysis.

Question 33

Explain the Containment phase of the Incident Response Activities

Answer 33

Once an incident has been identified, it’s important to prevent the potential spread of any malicious code.

Question 34

Explain the Eradication phase of the Incident Response Activities

Answer 34

Removing any malicious software and patching any vulnerabilities would be part of the eradication process.

Question 35

Explain the Recovery phase of the Incident Response Activities

Answer 35

The recovery phase often includes rebuilding systems and replacing any compromised data.

Question 36

Explain the Lesson Learned phase of the Incident Response Activities

Answer 36

After the event is over, it’s useful to document the process and discuss ow the incident response process could be more efficient if a similar event occurs in the future.

Question 37

Explain obfuscation

Answer 37

Obfuscation describes the process of making something difficult for a human to read or understand

Question 38

In short terms, explain Data in-transit, at-rest and in-use

Answer 38

Data in transit moves across the network
Data at rest is located on a storage device
Data in use is in the memory of the device

Question 39

Explain Tokenization

Answer 39

Tokenization replaces sensitive data wit a non-sensitive placeholder. Tokenization is commonly used for NFC (Near Field Communication) payment systems, and sends a single use token across the network instead of the actual credit card information.

Question 40

Explain Steganography

Answer 40

Steganography describes hiding data with other media types. For example it’s common to use steganography to hide text documents within an image file.

Question 41

Explain Masking

Answer 41

Data masking hides some of the original data to protect sensitive information. Usually what’s used when displaying only 4 digits of SSN.

Question 42

Explain Alert Tuning

Answer 42

Alert tuning means configuring alerts and important notification of events. This can be done to remove false positive alert or alerts that may not be related to our environment.

Question 43

Explain SIEM (Security Information and Event Manager)

Answer 43

SIEM can be used to aggregate all log files to a centralized reporting system.

Question 44

What would provide confidentiality for all wireless data?

Answer 44

WPA3 is the latest and most secure protocol for wireless networks. It provides strong encryption and confidentiality for all wireless data.

802.1X would not be the right answer here since 802.1X is a network access control protocol that provides authentication but not encryption.

Question 45

Explain the CIA Triad

Answer 45

Confidentiality means ensuring that information is only accessible to these who are authorized to see it.
Integrity ensures that data remains accurate, complete and unaltered from its original form.
Availability ensures that information and resources are available to authorized users whenever they are needed.

Question 46

Explain non-repudiation

Answer 46

Non repudiation ensures that the author of an act cannot claim that they didn’t do it.

Question 47

Explain Chain-of-custody

Answer 47

A chain of custody is a documented record of the evidence. The chain of custody also documents the interactions of every person who comes into contact with the evidence to maintain the integrity.

Question 48

What’s the best option for application testing in an environment completely separated from production network?

Answer 48

Using an Air Gap system.

VLAN is not a good option since VLAN is used to segment the network, not completely separate it.

Question 49

Explain HIPS (Host-based Intrusion Prevention System)

Answer 49

HIPS monitors and prevents suspicious activities on a specific computer. It detects and blocks unauthorized changes. It also provides detailed logs about traffic flows to systems outside of the corporate network.

Question 50

Explain Data subject

Answer 50

In data privacy, data subject describes an individual with personal data. Payment details and shipping addresses describe personal information from a data subject.

Question 51

Explain Data Controller

Answer 51

Data controller manages the processing of the data. A payroll department would be an example of a data controller.

Question 52

Explain Data Owner

Answer 52

Data owner is commonly accountable for all of the data, and the owner often manages the people and systems associated with processing and securing the data.

Question 53

Explain Data Processor

Answer 53

Data processor manages the data on behalf of the data controller. If the data controller is the payroll department, a third-party payroll company would be the data processor.

Question 54

Explain Operational controls

Answer 54

Operational controls are often implemented by people instead of systems. Security guards and awareness programs are examples of operational controls.

Question 55

Explain Managerial controls

Answer 55

Managerial controls are administrative controls associated with security design and implementation. A set of policies and procedures would be an example of a managerial control.

Question 56

Explain Physical Controls

Answer 56

Physical controls are used to limit physical access. Badge readers, fences, and guard shacks are categorized as physical controls

Question 57

Explain Technical Controls

Answer 57

Technical Controls are implemented using systems. Operating system controls, firewalls and automated processes are considered technical control.

Question 58

Provide the most used protocols and ports