Part-3

Question 1

XOR operation

Answer 1

This is a technique used in obfuscation

Exclusive or

It is the smaller part of the larger block encryption

Question 2

When are XOR operations commonly used?

Answer 2

They are commonly used to obfuscate malicious code.

Question 3

XOR are used by knowledgeable malware authors to hide their malware from detection because why?

Answer 3

XOR operations are quick, simple, and require a little processing overhead

Question 4

Security through obscurity

Answer 4

The practice of attempting to hide the existence of vulnerability is from others.

Question 5

Cryptographic modules

Answer 5

Any software or hardware solution that implements one or more cryptographic concepts.

Question 6

CSP

Answer 6

Cryptographic service provider

Windows software library that implements Microsoft crypto API. Developers can design their applications to call a CSP so that it can perform one or more cryptographic services for the application.

Question 7

PKI

Answer 7

Public key infrastructure

A system that is composed of certificate authorities, certificates, software’s, services, and other cryptographic components, for the purpose of enabling authenticity and validation of data and entities.

Question 8

PKI components

Answer 8

Digital certificate,
(OID) object identifier, (CA)certificate authority, (RA)registration authority,
(CSR) certificate signing request

Question 9

Digital certificate

Answer 9

These are the most fundamental components of a PKI. The certificate validates that just a certificate holders identity Through a digital signature and is also a way to distribute the holders public key

Question 10

OID

Answer 10

Object identifier

The identity Information included in his certificate is provided through OID’s

Question 11

CA

Answer 11

Certificate Authority

A CA is a server that issues digital certificates and maintains the associated private/public key pair.

Question 12

RA

Answer 12

Registration Authority

This server is responsible for verifying users and device identities and approving or denying request for digital certificates.

Some larger CA’s might have local registration authorities LRA’s

Question 13

CSR

Answer 13

Certificate signing request

This is a message sent to ACA in which a resource applies for a certificate.

Question 14

CA hierarchy or trust model

Answer 14

This is a single CA or group of CPAs that work together to issue digital certificates. Every CA in the hierarchy as a parent child relationship with the CA directly above it.

Question 15

Chain of trust

Answer 15

When are use your device or other entity is present of a certificate, it validates the certificate through this which is also called certificate training

Question 16

Certificate pinning

Answer 16

This is a method of trusting certificates and a more direct way that I typical see a hierarchy. This planning effectively bypasses the CA hierarchy and channel trust in order to minimize the man in the middle attack .

Question 17

Root CA

Answer 17

This is the top most CA in the hierarchy and the most trusted authority
The route CA must be secured because if it is compromised all other certificates become invalid.

Question 18

Private route CA

Answer 18

This is created by a company for use primarily with in the company itself. It can be set up and configured in house or contracted to a third-party vendor.

Question 19

Public route CA

Answer 19

This is created by third-party or commercial vendor for general access by the public.

Symantec is a well-known provider a public certificate services

Question 20

Subordinate CAs

Answer 20

Is there any CAs below the route in the hierarchy. Subordinate CA’s issue certificates and provide day-to-day management of the certificates, including renewal, suspension, and revocation.

Question 21

Types of certificates

Answer 21

Self-signed, route, user, computer, email, code signing, (SAN) subject alternative name, wild card, (DV) domain validation, (EV)extended validation

Question 22

Self signed certificate

Answer 22

This requires the client to trust the entity directly

Question 23

SAN

Answer 23

Subject alternative name

An organization that owns multiple domains may want to combine those domains into a single SSL/TLS certificate.

Question 24

Wild card

Answer 24

The certificate is similar to SAN certificate, but instead of enabling the use of multiple domains, it enables the certificate to apply to multiple subdomains.

Question 25

X.509

Answer 25

PKI’s and CA hierarchies it here to a standard for formatting certificates.

If includes information such as:
Version
Serial number
Algorithm used to sign certificate 
Name of issuing entity
Period Of time valid
Name of the subject being certified

Question 26

X.509 certificate file formats

Answer 26

.der
.pem
.cer
.p7b
.p12
.pfx

Question 27

Certificate lifecycle phase

Answer 27

Issuance
Enrollment
Renewal
Revocation
 expiration
Suspension

Question 28

Certificate lifecycle factors

Answer 28

Length of private key
Strength of the cryptography used
Physical security of the CA and private key
Security of issued certificates and their private keys
Risk of attack
User trust
Administrative involvement

Question 29

SSL/TLS Connection process

Answer 29

Use certificates

Client send request
Server response with certificate
Encryption negotiated
Client sends encrypted session key
Connection is encrypted

Question 30

Private key protection methods

Answer 30

Back it up to removable media and store the media securely

Delete it from insecure media

Require a password to restore the private key

Never share the key

Never transmit key on the network or across the Internet after it is issued

Consider using key escrow to store a private key with trusted third parties

Question 31

Key escrow

Answer 31

An alternative to keep back ups this can be used to store private key is securely, while allowing one or more trust a third parties access to the keys under predefined conditions. The third-party is called the key escrow agent.

Question 32

M of N scheme

Answer 32

There are only a certain number of agents or trustees that have you thought he to recovery key. To prevent a single authorize Asian from a covering a key this scheme is the commonly used. It is a mathematical control that takes into account the total number of key recovery agents( N )Along with the number of agents required to perform a key recovery (M)

Question 33

EFS

Answer 33

Encrypted file system

It uses Microsoft Windows NTFS based public encryption.

Question 34

Revoke certificates

Answer 34

You might want a security entity to stop using a certificate for a specified period of time.

Question 35

Reasons for certificate revocation

Answer 35

The certificate on his private key has been compromised or lost.
It was obtained by fraudulent means.
It had been superseded by another certificate
It’s holder is no longer trusted. This happens when someone leaves the company.

Question 36

OCSP

Answer 36

Online certificate status protocol

Question 37

Online certificate status protocol

Answer 37

And HTTP based alternative to CRL for dynamically checking the status of revoked certificates.

Question 38

OCSP stapling

Answer 38

This transfer is the burden to the Web server that presents the certificate. The Web server queries the OCSP server a specific intervals, and the OCSP server response by providing a time stamped digital signature. The Web server a pens the signed response to the SSL/TLS handshake with the client so that the client can verify the certificates status.

Question 39

Security framework’s

Answer 39

Regulatory—flow from government regulations that mandate certain behavior in Any legal entity that
Nonregulatory

Question 40

Security framework examples

Answer 40

NIST 800 Series
COBIT 5
ITIL
ISO/IEC 27001

Question 41

Compliance

Answer 41

The practice of ensuring that the requirements of legislation, regulations, industry codes and standards, and organizational standards are met.

Question 42

Defense in depth

Answer 42

A tactic that leverages a layered approach to security, but instead of just focusing on the tools used to protect the system and its data, it is used to plan user training, policy adoption, physical protection, another, more comprehensive security strategies.

Question 43

AUP

Answer 43

Acceptable use policy
States the limits and guidelines that are set for users and others to make use of an organization’s physical and intellectual resources; in other words, the rules of behavior for personnel.