Random Topics to memorize PT 4

Question 1

This is the type of agreement that you could find between a manufacturer and a resaler.

Answer 1

Business Partner’s Agreement

Question 2

This is an agreement between to parties that dictates the minimum level of services that would be required.

Answer 2

Service Level Agreement

Question 3

This defines security controls when multiple parts of the federal government are connecting to each other.

Answer 3

Interconnection Security Agreement

Question 4

It is an informal letter of intent that multiple parties sign. This is NOT a contract, just a formal letter.

Answer 4

Memorandum of Understanding (MOU)

Question 5

Takes it a step further from an MOU. A legal document where certain parties agree on terms. But unlike a contract they may not contain legally enforceable promises.

Answer 5

Memorandum of Agreement

Question 6

There may actually be levels of recovery between the 0% and 100% availability. This is where you can determine at what point in the recovery process have you passed one of those objective marks.

Answer 6

Recovery Point Objective (RPO)

Question 7

This is where you ask, how much time can we expect between one failure and another?

Answer 7

Mean Time Between Failures (MTBF)

Question 8

This would be the average time to restore a system once it fails.

Answer 8

Mean Time To Restore/Repair (MTTR)

Question 9

Not the same as MTTR. With this the system is not reparable. It’s a system that must be replaced if there is a failure. This gives a reasonable idea of the lifetime expected for a particular item.

Answer 9

Mean Time To Failure (MTTF)

Question 10

This is the first step to determining what kind of privacy requirements are needed for any particular part of data.

Answer 10

Privacy Threshold Assessment

Question 11

This makes sure that the systems and the processes set in place are compliant with the current laws and regulations. You’ll need to determine what kind of PII is being gathered. All the information that is gathered is included in the Privacy Act Statement that is provided to the users.

Answer 11

Privacy Impact Assessment

Question 12

These certificates in a binary format. Mostly see it associated with Java certificates.

Answer 12

DER (Distinguished Encoding Rules)

Question 13

This is a type of certificate format that you would get from a certificate authority. it is in ASCII format so it is readable.

Answer 13

PEM (Privacy Enhanced Mail)

Question 14

“_____” is used the same way that .p12 is. It is used on Windows OSs and is used to store cryptographic keys

Answer 14

.pfx

Question 15

It is primary used in Windows. Commonly holds the public key. If you needed to transfer secret keys you could use the .pfx file format. You’ll see the file extension as “___”

Answer 15

.cer

Question 16

Certificate format that is used to store different kinds of certificates. Can be password protected.

Answer 16

.p12

Question 17

This allows secure remote access to a system through a VPN connection. It uses TCP port 1701.

Answer 17

L2TP (Layer 2 Tunneling Protocol)

Question 18

Which type of public key cryptography uses a web of trust model?

Answer 18

PGP (Pretty Good Privacy)

Question 19

What is an attack that can abuse the chain of trust?

Answer 19

A transitive attack.
If Server A trusts Server B, and Server B trusts Server C, people with access to A now have access to C. If someone is able to access Server A, they would have access to all the servers.

Question 20

This is also known as an inline proxy, intercepting proxy or forced proxy, is a server that intercepts the connection between an end-user or device and the internet. It does so without modifying requests and responses.

Answer 20

Transparent Proxy

Question 21

This is a type of proxy that modifies the request or response in order to provide some added service to the user agent, such as group annotation services, media type transformation, protocol reduction, or anonymity filtering. It can also filter traffic by URL.

Answer 21

Non Transparent Proxy