Putting it all together

Question 1

What is the HITRUST Common Security and Privacy Framework

Answer 1

HITRUST is an American Company working to have one framework, one certification, and one assessment as a globally recognized standard for exchanging attestations of trust between organizations public or private. HITRUST CSF normalizes the many different sets of security and privacy requirements, definitions, and controls, starting from the ISO/IEC 27000 family, U.S. government requirements, standards and guidelines such as NIST, HIPAA, and others, along with industry frameworks from COBIT and ITIL.

Question 2

Why are security control frameworks different from other security governance frameworks

Answer 2

Security control frameworks (SCFs) provide the framework publishers’ minimum acceptable practices for implementation and operation of security controls within their span of activities. eg SWIFT PCI DSS

Question 3

What actually is a framework?

Answer 3

Frameworks provide a set of principles upon which an organization builds its policies and processes.

Question 4

Why is ISO 27000 not really applicable when adopting a framework?

Answer 4

Because ISO 27000 provides a general overview of the ISO “family” of standards. It includes such items as terms and definitions.

Question 5

Within the U.S., the Health Insurance Portability and Accountability Act (HIPAA) was introduced to protect healthcare data. What framework was developed to support HIPAA?

Answer 5

HITRUST. The Common Security Framework (CSF).

Question 6

Types of investigation

Answer 6

Administrative
Civil
Regulatory
Criminal investigation

Question 7

International Organization of Standardization (ISO) 223XX Series

Answer 7

standards that define the requirements and guidelines of implementing a Business Continuity Management System in an organization

Question 8

National Institute of Standards and Technology Special Publication 800-34

Answer 8

Contingency Planning Guide for Federal Information Systems,

Question 9

What is the MAD

Answer 9

The maximum allowable downtime

Question 10

BCDR What is read-through

Answer 10

A controlled, isolated role-playing activity, only involving those personnel tasked with disaster recovery or DR responsibilities and activities and a moderator. The participants should gather at a centralised location, such as a conference room, and bring all DR guidance materials

Question 11

BCDR What is a walkthrough

Answer 11

in a walk-through, instead of staying around a conference table, the participants will walk to each of the locations they will need to visit for response activities, hence the name. They can still refer to written guidance and should be monitored by someone who can record any problems and successes. The walk-through is more beneficial than the tabletop exercise in terms of being able to assess physical limitations for response actions and establish timing for certain activities.

Question 12

BCDR What is a simulation

Answer 12

A simulation can be thought of as a walk-through exercise with more complexity and involvement. A simulation might involve all personnel in each office or location participating in a scripted emergency situation. An example would be a fire drill where everyone evacuates from the worksite. Simulations can be much more expensive than tabletop or walk-through exercises because they involve more people and activity.

Question 13

This is by far the most expensive BCDR exercise option, with the greatest impact to the organization and its stakeholders.

Answer 13

Simulation

Question 14

Is running a parallel test a part of BC testing?

Answer 14

Yes, the business continuity test requires that we have solutions in place that allow business functions to continue. Testing the solution to see if it works would be considered a DR test.

Question 15

A building evacuation test would be what type of test?

Answer 15

A DR test, as while the building is empty of staff there may be an interruption to business functions.

Question 16

You are storing corporate data in the cloud. What would identify and control the type of media used to store the data?

Answer 16

A contract. The storage media is an example of one of the elements that might be included within the contract.

Question 17

Your Internet Service Provider (ISP) has promised you a minimum download speed of 10Gbps. What document is designed to ensure compliance?

Answer 17

A service-level agreement (SLA). The contract will include levels of service.

Question 18

Acceptable use policies (AUPs) detail, from the user’s expected perspective, the appropriate and approved usage of the organization’s assets, including the IT environment, devices, and data. Policy aspects commonly included in AUPs include the following except which one:
A. Data disclosure
B. Passwords
C. Ethical policies
D. Internet usage

Answer 18

The correct answer is C.

Ethical policies are not part of AUPs. The following policy aspects are commonly included in AUPs:

Data access
System access
Data disclosure
Passwords
Data retention
Internet usage

Question 19

When should you use qualitative risk assessment

Answer 19

1. Newness
2. Uniqueness

Question 20

When should you use quantitative risk assessment

Answer 20

Business process involved with the risks are well understood
Measurement techniques are available
Experience with the process in question will produce a large enough quantity of data samples

Question 21

ALE = SLE x ARO

Answer 21

ALE = Annual loss expectancy
The annualized rate of occurrence (ARO) is the number of times per year a given impact is expected, expressed as a number.

The single loss expectancy (SLE) is the expected impact related to a particular risk (the risk being assessed).

Question 22

There are various threat modeling tools, and one of the leading tools is

Answer 22

Microsoft STRIDE

Question 23

These are the elements of STRIDE:

Answer 23

Spoofing identity: the type of threat wherein an attacker poses as an entity other than the attacker, often as an authorized user.
Tampering with data: when the attacker attempts to modify the target data in an unauthorized way.
Repudiation: when the attacker, as a participant of a transaction, can deny (or conceal) the attacker’s participation in that transaction.
Information disclosure: just like it sounds, this category can include both inadvertent release of data (where an authorized user discloses protected data accidentally to unauthorized users, or gains access to material that their authorization should not allow) and malicious access to data (an attacker getting unauthorized access).
Denial of service (DoS): an attack on the availability aspect of the CIA triad; creating a situation in the target where authorized users cannot get access to the system/application/data.
Elevation of privilege: when an attacker not only gains access to the target but also can attain a level of control with which to completely disable/destroy the entire target system.

Question 24

Aside from STRIDE name two other threat models

Answer 24

OOCTAVE and TRIKE

Question 25

Types of controls

Answer 25

Technical controls (firewalls)
Physical controls (walls fences guards locks)
Administrative controls

Question 26

Security control categories

Answer 26

Directive
Deterrent
Preventative
Compensating
Detective
Corrective
Recover

Question 27

What type of control is a badge system

Answer 27

Preventative and compensating

Question 28

When selecting security and privacy controls, an organization can use various frameworks. According to NIST SP 800-37, Revision 2, the Select Step of the Risk Management Framework, there are two approaches that can be used for the initial selection of security and privacy controls

Answer 28

baseline control selection approach, or an organization-generated control selection approach.

Question 29

The baseline control selection approach

Answer 29

uses control baselines, which are pre-defined sets of controls specifically assembled to address the protection needs of a group, organisation, or community of interest.

Question 30

The organisation-generated control selection approach differs from the baseline selection approach because

Answer 30

the organisation does not start with a pre-defined set of controls. Rather, the organisation uses its own selection process to select controls.

Question 31

When would organisation generated controls be necessary

Answer 31

when the system is highly specialized (like a weapons system or a medical device) or has limited purpose or scope (such as a smart meter). In these situations, it may be more efficient and cost-effective for an organization to select a specific set of controls for the system (a bottom-up approach) instead of starting with a pre-defined set of controls

Question 32

Risk management key performance indicators

Answer 32

Time to detect (user behaviours, indicators of intrusion, intrusions)
Number of endpoints connected to systems that have required security updates and patches
numbers of systems with known exploitable vulnerabilities

Question 33

The SSAE 16 standard details three types of reports intended for different uses; these are

Answer 33

the SOC reports

Question 34

What are the differences between the SOC reports

Answer 34

SOC 1 is a financial audit report, SOC 2 is a security and controls report and SOC 3 report is similar to SOC 2 drafted to be presented to a general audience.

Question 35

SOC 1 offers two types of reports: Type I and Type II. While Type I showcases that your company’s internal financial controls are properly described and designed at a point in time, a Type II report tests

Answer 35

the effectiveness of your controls over a period (for example, six months).

Question 36

SOC 2 Type II compliance audit looks at

Answer 36

the effectiveness of the same controls over a period, say, six months or a year, and takes longer for service providers to prepare for it.

Question 37

What are the four perspectives on risk

Answer 37

Asset Based
Outcomes-based
Vulnerability-based
Threat-based

Question 38

What is the converse of risk acceptance

Answer 38

Risk avoidance

Question 39

What is the difference between risk acceptance and residual risk

Answer 39

risk acceptance means that the organisation does nothing

Question 40

What does Mitigate become with ISO 27005:2018

Answer 40

Modification

Question 41

What does transfer become with ISO 27005:2018

Answer 41

Sharing

Question 42

Risk exposure is a term that has three meanings in risk management.

Answer 42

An exposure window measures over the time of the likelihood or probability of occurrence of a risk event.
the fraction of an asset’s value or the outcome to an organization that is reduced by a single occurrence of a risk event
an estimate or a description of how certain risks are categorically much lower or higher than others for a given organisation or person eg. companies operating or not operating in Iran

Question 43

In risk management what is FAIR

Answer 43

The factor analysis of information risk, FAIR, method provides a solid numerically straightforward and managerially simple way to make most risk assessment tasks start out quantitative and stay that way.

Question 44

Where is FAIR used

Answer 44

It’s been integrated into the NIST CSF HITRUST and is fully compatible with ISO 31000, COBIT and COSO risk management frameworks.

Question 45

What are the common areas of security learning

Answer 45

Education
Training
Awareness

Question 46

What is the difference between Education and Training

Answer 46

Education is focussed on cause and effect
Training is about get a set of skills

Question 47

What type of security learning might be provided by an academic institution?
Question options:
A) Education
B) Training
C) Awareness
D) All of the above

Answer 47

All of the above

Question 48

The process of reviewing a system for compliance against a standard or baseline. Examples include audits of security controls, configuration baselines, and financial records

Answer 48

Audit or Auditing

Question 49

Adherence to a mandate; both the actions demonstrating adherence and the tools, processes, and documentation that are used in adherence.

Answer 49

Compliance

Question 50

An act that involves the use of information, information systems, or information technologies in ways that violate the laws that pertain to the system and the information in question.

Answer 50

Cybercrime

Question 51

The natural person who is identified or described by the data.

Answer 51

Data subject

Question 52

A legal and ethical duty owed by a provider to a customer, and the actions taken by provider to fulfill that duty

Answer 52

Due Care

Question 53

Specific mandates explicitly stating expectations of performance or conformance. Standards can be defined by one entity and adopted by others, or may be internal mandates exclusive to an organization.

Answer 53

Standards

Question 54

The phases that an asset goes through from creation (collection) to destruction.

Answer 54

Asset Lifecycle

Question 55

The process of grouping sets of data, information, or knowledge that have comparable sensitivities (impact or loss ratings), and have similar security needs mandated by law, contracts, or other compliance regimes.

Answer 55

Categorisation

Question 56

The process of recognizing the impacts to the organization if its information suffers any security compromise - to its confidentiality-, integrity-, availability-, non-repudiation-, authenticity-, privacy-, or safety-related characteristics.

Answer 56

Classification

Question 57

The removal of sensitive data from storage devices in such a way that there is assurance the data may not be reconstructed using normal system functions or software recovery utilities.

Answer 57

Clearing

Question 58

Eliminating data using a controlled, legally defensible, and regulatory compliant way.

Answer 58

Defensible destruction

Question 59

The removal of sensitive data from a system or storage device with the intent that the data cannot be reconstructed by any known technique.

Answer 59

Purging

Question 60

The process of jointly addressing business resiliency and restoration of critical infrastructure and functionality after a disruption.

Answer 60

Recovery

Question 61

Limiting the general baseline recommendations by removing those that do not apply.

Answer 61

Scoping

Question 62

The process by which a security control baseline is modified based on (i) the application of scoping guidance, (ii) the specification of compensating security controls, if needed, and (iii) the specification of organization-defined parameters in the security controls via explicit assignment and selection statements. Source: NIST SP 800-37 Rev 1

Answer 62

Tailoring

Question 63

Means to ensure that access to assets is authorized and restricted based on business and security requirements related to logical and physical systems.

Answer 63

Access control system

Question 64

This is achieved when the type I and type II are equal.

Answer 64

Crossover Error Rate (CER)

Question 65

The individual or entity who is responsible to classify, categorize and permit access to the data.

Answer 65

Data owner / controller

Question 66

Any entity, working on behalf or at the behest of the data controller, that processes data

Answer 66

Data processor

Question 67

The individual that the PII refers to

Answer 67

Data Subject

Question 68

The system owner decides who gets access.

Answer 68

Discretionary access control (DAC)

Question 69

This is erroneous recognition either by confusing one user with another, or by accepting an imposter as a legitimate user.

Answer 69

False Acceptance Rate (Type II)

Question 70

This is failure to recognize a legitimate user.

Answer 70

False Rejection Rate (Type I)

Question 71

The process of collecting and verifying information about a person for the purpose of proving that a person who has requested an account, a credential, or other special privilege is indeed who he or she claims to be and establishing a reliable relationship that can be trusted electronically between the individual and said credential for purposes of electronic authentication.

Answer 71

Identity proofing

Question 72

Non-physical system that allows access based upon pre-determined policies

Answer 72

Logical access control system

Question 73

What is the data lifecycle

Answer 73

Create, store, use, share, archive and destroy

Question 74

In data destruction what is CLEARING

Answer 74

usually involves writing multiple patterns
of random values throughout all storage
media (such as main memory, registers,
and fixed disks). This is sometimes called
“clobbering” or “zeroizing”

Question 75

In data destruction what is PHYSICAL DESTRUCTION

Answer 75

Physical destruction of the device or
system is the ultimate remedy to data
remanence. Magnetic or optical disks and
some flash drive technologies may require
being mechanically shredded, chopped,
or broken up,

Question 76

SP800-181 Rev. 1 discusses

Answer 76

National Initiative for Cybersecurity Education (NICE). SP800-207

Question 77

Which NIST publication addresses the engineering-driven actions for defensible systems?

Answer 77

SP800-160

Question 78

SP800-207 discusses

Answer 78

zero-trust architecture

Question 79

SP800-210 discusses

Answer 79

access control guidance for cloud systems. 

Question 80

Is DES still strong? Why

Answer 80

No only 56 Bits

Question 81

High-performance Computing (HPC) Systems Vulnerabilities

Answer 81

Latency constraints: Given the speed at which the parallel processes must communicate, traditional tools such as IDS/IPS or firewalls would impose unacceptable latency costs on the processes being performed.

Improper workloads: If compromised, the HPC’s time could be consumed by unauthorized workloads, constraining resources for legitimate tasks.

Question 82

High-performance Computing (HPC) Systems Mitigations

Answer 82

Proper architectural design: Architecting secure computing enclaves and positioning detection tools around the perimeter of the
environment may compensate for the reduction in security controls within the HPC environment itself.
Appropriate monitoring and logging practices: Logging imposes a computational cost but is invaluable to determining accountability.
Proper design of logging environments and regular log reviews remains best practice regardless of the type of computer system

Question 83

Some of the common vulnerabilities for edge systems are

Answer 83

Network compromise: Edge computing relies heavily on the proper operation of the network infrastructure. Denial of service and physical disruption of connectivity are only two of the many causes of compromise.
Increased attack surface: Expanding the number and diversity of devices increases the potential for one miscongured device or compromised link to provide a bridgehead for a bad actor

Question 84

These mitigations should be applied to reduce the vulnerabilities of edge computing

Answer 84

Increased network monitoring and incident response
Strengthen inventory and accountability practices to limit sprawl, rogue devices and obsolete/abandoned equipment in the
infrastructure.

Question 85

The following are three well-known types of ICS systems

Answer 85

Supervisory control and data acquisition (SCADA)
Distributed control systems (DCSs)
Programmable logic controllers (PLCs)

Question 86

What is STRIDE

Answer 86

A threat modelling tool

Question 87

What do the letters in STRIDE stand for

Answer 87

Spoofing
Tampering
Repudiation
Information disclosure
Denial of service
Elevation of privilege

Question 88

Common vulnerabilities for Edge and Fog computing

Answer 88

Network compromise
Increased attack surface

Question 89

What is IKE

Answer 89

Internet key exchange
(IKE) allows two devices to
“exchange” symmetric keys
for the use of encrypting in
an Authentication Header
(AH) or Encapsulating
Security Protocol (ESP)

Question 90

Side channel attacks are

Answer 90

passive attacks that rely on a physical attribute of the implementation such as power consumption and emanations.

Question 91

Algebraic attacks are

Answer 91

a class of attacks that rely on the math structure of certain block ciphers. Fault analysis attacks attempt to force the system into an error state to gain erroneous results.

Question 92

Kerberos might be susceptible to which type of attack?

Answer 92

pass the hash

Question 93

The key used in a cryptographic operation is also called

Answer 93

Cryptovariable

Question 94

What kind of attack is aimed at the RSA algorithm specifically

Answer 94

Factoring attack

Question 95

Risk Management
Framework, SP 800-37r2, serves as

Answer 95

The standard against which audits and
control assessments will be performed

Question 96

This framework is widely used as a best
practice assessment standard

Answer 96

SP 800-37r2

Question 97

This provides a customizable, flexible set of controls
that organizations can use to protect the security and privacy of information and information systems from a wide variety of threats and risks. It uses a functional approach, more so than a theoretical or conceptual one, to focus on the degree of assurance, or confidence that the controls use to achieve their purpose.

Answer 97

NIST SP 800-53 r5

Question 98

NIST SP 800-171r1

Answer 98

Protecting Controlled Unclassified Information in
Nonfederal Systems and Organizations

Question 99

Which of these is not the role of the system administrator?
A Configuring information systems
B Security management
C Applying secure networking
D Reporting incidents

Answer 99

B Security management

Not C Applying secure networking

Question 100

What was the most recent control designed to protect the exchange of personal data between the US and the European union

Answer 100

Privacy Shield

Question 101

Privacy shield replaced Safe Harbor which was struck down by the Court of Justice of the European Union (CJEU) because it did not provide sufficient protection - what happened then

Answer 101

Privacy Shield was later also struck down by the CJEU in July 2020.

Question 102

What are the two NIST publications that deal with risk management

Answer 102

Special Publication 800-37, and 800-53

Question 103

How many steps does the NIST cyber security framework have - name them

Answer 103

The five steps are identify (people, systems, data, assets), protect (select and deploy the appropriate safeguards and countermeasures), detect (events), respond (take the appropriate actions) and recover (restore systems, services and data).

Question 104

Which cybersecurity framework provides a certifiable framework aimed at providing healthcare organizations a mechanism to demonstrate compliance is being provided in a constant manner?

Answer 104

CSF

Question 105

Which amendment under U.S. law provides protection from unreasonable search and seizure

Answer 105

Fourth

Question 106

NIST SP800-34

Answer 106

Contingency Planning
Guide for Federal Information Systems,
provides instructions, recommendations,
and considerations for federal information
system contingency planning

Question 107

Compliance is

Answer 107

adherence to a mandate,
regardless of the source.

Question 108

What is a CSA STAR evaluation

Answer 108

The Cloud Security Alliance
offers a registration program for cloud
providers called STAR. It can be self-
administered by the target organization
or conducted by a certified external
auditor, depending on the STAR Level
the target organization seeks

Question 109

Which type of business continuity/disaster recovery testing involves all personnel in each office/location participating in a scripted emergency situation?

Answer 109

Simulation

Question 110

Name an open-source threat modelling methodology from MIT

Answer 110

TRIKE

Question 111

What are prudent actions

Answer 111

Prudent actions are generally considered as those that other people with similar backgrounds of experience, education, and authority would take in the same circumstances.

Question 112

Policy aspects commonly included in AUPs include the following except which one:
A Passwords
B Data disclosure
C Internet usage
D Ethical policies

Answer 112

Ethical Policies

Question 113

What type of testing might be used to evaluate program effectiveness?
Log reviews
Social engineering
User participation

Answer 113

All

Question 114

Is an intrusion prevention system a preventative or corrective measure

Answer 114

corrective (believe it or not)

Question 115

As of 2021, how many countries are members of the Asia-Pacific Economic Council (APEC)?

Answer 115

21

Question 116

True or False:

There is a variety of privacy frameworks in the industry, and they are each designed for specific organizations and are not specific to the jurisdictional legislation

Answer 116

The correct answer is False.

When it comes to privacy, it is important to know local legislation and regulation that may be applicable for your organization. There is a variety of privacy frameworks in the industry, each offering benefits and capabilities, usually designed for a certain location or type of organization.

Question 117

Which of the following are seen as weaknesses in the original concept of Defense in Depth?
A It is seen as vulnerable to insider threats
B It wasn’t designed for use with cloud services.
C It doesn’t apply if there is one centralized corporate data center.
D It wasn’t designed for BYOD security.

Answer 117

AB,D

Question 118

Which type of water-based fire suppression system combines elements of wet and dry pipe actions?

Answer 118

Pre-action combines elements of wet and dry pipe actions. Fire sensors initiate pre-action charging of the water pipes that can then activate independently as in a wet pipe system.

Question 119

True or False:

Halon is an older type of water-type fire protection system and is mostly no longer in use.

Answer 119

Halon is an older type of gas-type fire protection system and is mostly no longer in use.

Question 120

Which type of portable fire extinguisher would be best suited for fighting a magnesium lithium fire

Answer 120

Class D extinguishers are used on flammable metals.

Question 121

Which of the following is also known as a cryptographic checksum?
A Distributed ledger technology
B Message Authentication Code (MAC)
C Message Integrity Code (MIC)

Answer 121

B Message Authentication Code
A MAC, also known as a cryptographic checksum, is a small block of data that is generated using a secret key and then appended to the message.

Question 122

Which of the following are key properties of a hash function?
Select all that apply.
A Computed on the entire message
B Uniformly distributed
C Stochastic
D Collision resistant
E Possible to invert if required

Answer 122

ABD

Question 123

This is a hashing algorithm with a variable length output message
digest

Answer 123

HAsh of VAriable Length (HAVAL)
The output message digest may be 128, 160,
192, 224, or 256 bits, and the number

Question 124

It does twice the processing of SHA-1, performing five paired rounds of
16 steps each for 160 operations. As with any other hashing algorithm, the benefit of increasing the size of the message digest output is to provide better protection against collisions,

Answer 124

RIPEMD-160 (RACE Integrity
Primitives Evaluation Message Digest)

Question 125

What does the simple property mean in the Bell-LaPadua model

Answer 125

No read up

Question 126

What does the simple property mean in the Biba model

Answer 126

No read down

Question 127

What does the star(*) mean in the Bell-LaPadua model

Answer 127

Subject can only save or
write to an object at same
or higher security level
(No Write Down)

Question 128

What does the star(*) mean in the Biba

Answer 128

Subject cannot write to
object at higher integrity
level (No Write Up)

Question 129

What does strong Star property mean in Bell-LaPadua model

Answer 129

Subject can only write to objects at SAME security level (Lateral Write Only)

Question 130

What does Invocation mean in the Bell-LaPadua and Biba models

Answer 130

Not used in BLP but it means subject cannot send service requests in Biba

Question 131

What does the Bell LaPadua security model protect

Answer 131

Confidentiality

Question 132

What does the the Biba security model protect

Answer 132

Integrity

Question 133

Which standard included multi-tenancy as a characterisitic of cloud computing in addition to the five defined by NIST?

Answer 133

ISO/IEC 17788

Question 134

When comparing the NIST and ISO cloud characteristics, the ISO/IEC 17788 adds an additional essential cloud characteristic that NIST doesn’t list. Which one of these does ISO include?
A Pooling
B Multi-tenancy
C Measured service
D Network access

Answer 134

B Multi-tenancy

Question 135

All of these are defined under ISO/IEC 17788 except which one?
Compute as a Service (CompaaS)
Network as a Service (NaaS)
Communication as a Service (CaaS)
Data Storage as a Service (DSaaS)

Answer 135

Network as a Service (NaaS)

Question 136

What is a null cipher

Answer 136

hiding a message within another message that is in plaintext

Question 137

Biba only addresses one of three key integrity goals. The Clark–Wilson model
improves on Biba by

Answer 137

focusing on integrity at the transaction level and addressing three major goals of integrity in a commercial environment.

Question 138

What are the three goals of data integrity

Answer 138

Accuracy, Consistency and Non-repudiation

Question 139

To address internal consistency (or consistency within the
model system itself), Clark and Wilson recommended

Answer 139

a strict definition of well-formed transactions. In other words, the set of steps within any transaction would need to be carefully designed and enforced

Question 140

Clark–Wilson establishes a system of —– —– —– bindings such that the subject no
longer has direct access to the object.

Answer 140

subject–program–object

Question 141

The ——— ——— model is primarily concerned with how a model system controls subjects and objects at a very basic level where other models simply assumed such control

Answer 141

Graham-Denning

Question 142

Note that Graham and Denning use the term primitive protection rights much
in the same way that other security models describe

Answer 142

permissions or privileges

Question 143

What are the 8 basic rules (commands) under Graham Denning

Answer 143

Create, Delete (subjects and objects (4))
Provision (Read Access, Delete Access, Transfer Access Grant Access)

Question 144

What is the Rivest-Shamir-Adleman (RSA) Algorithm

Answer 144

asymmetric key cryptosystem that offers both encryption and digital signatures that provides non-repudiation, integrity, and authentication of source

Question 145

What is the Diffie-Hellman-Merkle Algorithm

Answer 145

is a key negotiation algorithm and does not provide for message confidentiality.

Question 146

The Diffie-Hellman-Merkle algorithm can be extremely useful for applications such
as

Answer 146

PKI and others where the generation of symmetric session keys are required.

Question 147

It is often referred to as a session key negotiation algorithm.

Answer 147

Diffie-Hellman-Merkle

Question 148

What is the math in Diffie Hellman based on

Answer 148

a discrete logarithm hard math problem

Question 149

Diffie-Hellman-Merkle can be summarised as follows:

Answer 149

It is a key agreement protocol whereby two parties, without any prior arrangements, can
agree upon a secret symmetric key that is known only to them.

Question 150

What does the Diffie-Hellman-Merkle use to formulate the shared secret symmetric key

Answer 150

On the client side (client private and server public) key and on the server (server private and client public)

Question 151

Blowfish and Advanced Encryption Standard (AES) are both

Answer 151

symmetrical encryption algorithms.

Question 152

BPL

Answer 152

Broadband over powerline

Question 153

802.15

Answer 153

Bluetooth

Question 154

Which type of fiber allows for data transmission of up to 80 km (50 miles)?

Answer 154

Single Mode

Question 155

What is the A in the CIA triad

Answer 155

Availability

Question 156

Which of the three types of fiber-optic cables are typically used when the cable length is less than 2,000 meters, making it ideal for intra-building interconnections

Answer 156

Multimode uses a larger diameter cable that allows the use of less expensive LEDs for transmission.

Question 157

What is the distance limit for Plastic Optical Fibre?

Answer 157

100M

Question 158

Three types of optical cable

Answer 158

Single mode
Multimode
Plastic optical fibre

Question 159

Does STP need a bigger bend radius than UTP

Answer 159

Yes

Question 160

Does using Network Function Virtualization reduce costs

Answer 160

No

Question 161

Point-to-Point Tunneling Protocol (PPTP) is

Answer 161

a legacy protocol that relies on
Generic Routing Encapsulation (GRE) to
build the tunnel between the endpoints

Question 162

PPTP is based on Point-to-Point Protocol
(PPP), so it does offer authentication
by way of

Answer 162

Password authentication protocol (PAP), challenge-handshake
authentication protocol (CHAP), or extensible authentication protocol
(EAP).

Question 163

True or false: Layer 2 Tunnelling protocol relies on IPsec to provide encryption

Answer 163

True

Question 164

True or false

Answer 164

Products and services used in a business environment involve encryption solutions, which means that they cannot be cracked by third parties.

Question 165

What is a kill chain?

Answer 165

Reconnaissance
Weaponisation
Delivery
Exploitation
Installation
Command and Control
Actions on Objective

Question 166

Kill Chain: if attackers are hiding in plain sight’ and erasing their tracks, then they would be in the _________- phase

Answer 166

‘Action on Objective’

Question 167

Kill Chain: When backdoors for continued stealth access have been installed, the attacker would be in the ___________ phase;

Answer 167

‘installation’

Question 168

Kill Chain: In this phase, the attacker is likely to be selecting their access technique

Answer 168

‘Weaponisation’

Question 169

What does the Session Initiation Protocol (SIP) do

Answer 169

A VOIP protocol that Enables any SIP compatible device to communicate with any other SIP system.

Question 170

Which generation of cellular networking introduced support for Long Term Evolution (LTE) and provided transmission speeds of up to 100 Mbps?

Answer 170

4G

Question 171

Which cellular network uses software defined networking and provide speeds up to 35GB per second

Answer 171

5G

Question 172

Bluetooth’s inherent weakness due to its

Answer 172

lack of encryption

Question 173

What is The process whereby a newly
connected device is forced to a starting page
to establish authorized access

Answer 173

Captive portal

Question 174

True or false Bluetooth is only effective at distances of up to 30 ft.

Answer 174

False. Bluetooth only has an effective range of 30 ft, but this can increase to 300 ft for industrial or advanced versions of Bluetooth.

Question 175

Which of the following statements accurately describe Code-Division Multiple Access (CDMA)?

Select all that apply.
A Calls are transformed into digital data and given a channel and a timeslot.
B CDMA uses network-based allowed lists to verify their subscribers.
C Call data is encoded and calls are transmitted at once.
D The carrier must accept any CDMA phone.
E Phones are switched with the carrier’s permission.

Answer 175

BC and E

A and D are wrong
The carrier must accept any Global System for Mobiles (GSM) phone, not CDMA.
‘Calls are transformed into digital data and given a channel and a timeslot’ are also a feature of GSM phones, not CDMA.

Question 176

What type of cell system: Call data is encoded and calls are transmitted immediately.

Answer 176

CDMA

Question 177

Cell system? Phones are switched with the carrier’s permission.

Answer 177

CDMA

Question 178

Cell system: Calls are transformed into digital data and given a channel and a timeslot.

Answer 178

GSM

Question 179

Cell system: Carriers must accept any GSM-compliant phone.

Answer 179

GSM

Question 180

An extension to network address translation (NAT), which translates all
addresses to one externally routable IP address, is to use

Answer 180

port address translation (PAT)

Question 181

A _______ ______ mediates communications between untrusted endpoints (servers/hosts/clients) and trusted endpoints (servers/hosts/clients)

Answer 181

proxy firewall

Question 182

A _____-_______ _______ creates a conduit through which a trusted host
can communicate with an untrusted one

Answer 182

A circuit-level proxy

Question 183

An ____ - ____ _______ relays the traffic from a trusted endpoint
running a specific application to an untrusted endpoint.

Answer 183

application-level proxy

Question 184

The most significant advantage of application- level proxies is that they

Answer 184

analyse the data field for various sorts of common attacks such as buffer overflows.

Question 185

IPSec uses Authentication Headers (AH) to prove the identity of the originator and Encapsulating Security Payload (ESP) for payload encryption. What is the protocol ID for AH?

Answer 185

51

Question 185

IPSec uses Authentication Headers (AH) to prove the identity of the originator and Encapsulating Security Payload (ESP) for payload encryption. What is the protocol ID for AH?

Answer 185

51

Question 186

The Authentication Header (AH) is used to

Answer 186

prove the identity of the origin node and ensure that the transmitted data has not been tampered with.

Question 187

A security association (SA) defines (A). All SAs cover transmissions in (B).
A (C) must be defined for two-way communication

Answer 187

(A) the mechanisms that an endpoint will use to communicate with its partner
(B) one direction only
(C) second SA

Question 188

In transport mode what is protected

Answer 188

the ip payload

Question 189

in tunnel mode what is protected

Answer 189

the IP payload and the header

Question 190

what is transport mode normally used for

Answer 190

end-to-end protection for example between client and server

Question 191

when is tunnel mode used

Answer 191

normally between network e.g. firewall to firewall VPNs

Question 192

Which network topology provides a second ring for failover?

Answer 192

Fiber Distributed Data Interface (FDDI)

Question 193

In software-defined networking (SDN), what happens at the control plane?

Answer 193

Node functionality is managed

Question 194

PACS, as used by DHS, are divided into four areas that operate independently at the direction of the PACS administrator

Answer 194

Identification
Parking permit management
Alarm monitoring and intrusion detection
Visitor management

Question 195

The Digital Identity Guidelines of NIST SP 800-63-3 contain recommendations
to support, among other items, requirement for identity proofing and registration.

Answer 195

IAL1 IAL2 IAL3
Identity Assurance Levels

Question 196

IAL1

Answer 196

attributes,
if any, are self-asserted
or should be treated
as self-asserted.

Question 197

IAL2

Answer 197

At IAL2, identifying attributes to have been verified in person or remotely are accepted,
using, at a minimum, the procedures given in SP 800-63A

Question 198

IAL3

Answer 198

At IAL3, in-person identity proofing is required. Identifying attributes
must be verified by an authorised credential service provider (CSP) representative through examination of physical documentation as described in SP 800-63A.