Review

Question 1

To protect assets using Prevention, Detection, and recovery

Answer 1

The goal of cyber security

Question 2

Authentication, Non-Repudiation, Confidentiality, and Integrity

Answer 2

The attributes/properties provided by cyber security

Question 3

Anyplace entities with different privileges interact.

Answer 3

Trust boundary

Question 4

A high level statement of what is, and what is not, allowed.

Answer 4

A security policy

Question 5

Integrity, confidentiality, and availability

Answer 5

The 3 pillars of cyber security

Question 6

A subset of substitution ciphers where a character is substituted for another one a certain characters away. Caesar for example

Answer 6

Shift cipher

Question 7

Security mechanisms are implemented, installed and administered correctly

Answer 7

One of the false assumptions of security

Question 8

Read, write and execute

Answer 8

The standard unix/ transactional permissions

Question 9

A user, process or program must be able to access ONLY the information and resources that are necessary for its legitimate purpose

Answer 9

The principle of least privilege

Question 10

Vertical and Horizontal

Answer 10

The two types of privilege escalation

Question 11

The practice of defending computers, servers, mobile devices… from malicious attacks. Also know as information technology or electronic information security

Answer 11

Cyber security

Question 12

The trustworthiness if data or resources. The knowledge that data has not been tampered or altered

Answer 12

Integrity

Question 13

A method, tool or procedure for enforcing a security policy

Answer 13

Security mechanism

Question 14

The concealment of information resources

Answer 14

Confidentiality

Question 15

To transform or encipher a message or plaintext into ‘an intermediate form’ or ciphertext in which the original information is present but hidden

Answer 15

The goal of Cryptography

Question 16

A detailed statement regarding the implementation of a security mechanism

Answer 16

A Specification

Question 17

38% of breaches were reportedly caused by thus type of vulnerability

Answer 17

Web Application Vulberability

Question 18

Uses a single key for both encryption and decryption

Answer 18

Symmetric our secret key encryption

Question 19

Exchange, Storage, and Use

Answer 19

The Key Factors of proper Key Management

Question 20

Revenge, Knowledge, Money, Entertainment, Ego and Cause

Answer 20

The 6 common goals/motivators of social engineering

Question 21

Anything that can exploit a vulnerability, intentionally or accidentally, and obtain, damage, or destroy an asset.

Answer 21

A Threat

Question 22

The practice of protecting as another person with the goal of obtaining information or access to a person, company or computer system

Answer 22

Impersonation

Question 23

The potential for loss, damage, or destruction of an asset as a result of a threat exploring a vulnerability

Answer 23

Risk

Question 24

The art or science of skillfully maneuvering human beings to take action in some aspect of their lives

Answer 24

Social engineering

Question 25

The unauthorized interception of information and is a form of disclosure

Answer 25

Snooping or eavesdropping

Question 26

A method of encryption where plaintext is shifted so that the ciphertext constitutes a permutation of the plaintext

Answer 26

A Transposition cipher

Question 27

A10 of the OWASP top 10. Warnings and errors generate no, inadequate or unclear log messages that are not properly reviewed

Answer 27

Insufficient logging and monitoring

Question 28

Any sequence of one or more symbols given meaning by specific act(s) of interpretation

Answer 28

Data

Question 29

Uses one key for encryption and another for decryption

Answer 29

Public key or asymmetric encryption

Question 30

Private, hybrid, public

Answer 30

Common deployment models for cloud computing

Question 31

Information that is protected against unwarranted disclosure and should be safeguarded

Answer 31

Sensitive data

Question 32

The process by which potential threats such as vulnerabilities or the absence of safeguards, can be identified, enumerated, and mitigation’s can be prioritized

Answer 32

Threat Modeling

Question 33

A global set of standards for internet security that are recognized best practices for securing IT systems and data against attacks

Answer 33

CIS controls and CIS benchmarks

Question 34

CIS =

Answer 34

Center for Internet Security

Question 35

To make software security visible, so that individuals and organizations are able to make informed decisions

Answer 35

The mission of OWASP

Question 36

Core, Tiers and profile

Answer 36

3 components of cyber security framework

Question 37

Not properly classifying and protecting important data leading to unauthorized access

Answer 37

Sensitive data exposure

Question 38

The individual responsible for monitoring and evaluating the effectiveness of all cyber security measures and processes

Answer 38

The CISO

Question 39

1XX indicates request received, 2 the action was successful, 3xx further action needs to be taken

Answer 39

Server response codes

Question 40

A5 of OWASP, acting as a user without being logged in or ascribe as admin when logged in as user

Answer 40

Broken access control

Question 41

Reflected, Stored, DOM

Answer 41

The types of xss

Question 42

Functions, categories, subcategories, and informative resources

Answer 42

The core of NIST cyber security framework

Question 43

The algorithm that succeeded Diffe-Hellman and is still used today for public key encryption

Answer 43

RSA

Question 44

When software constructs an SQL command using externally influenced input

Answer 44

SQL Injection

Question 45

Categories, Specialty areas, work roles, tasks, KSAs

Answer 45

What are the components of the NICE framework

Question 46

Snooping and eavesdropping is a form of

Answer 46

Disclosure

Question 47

The acceptance of false data is this type of threat category

Answer 47

Deception

Question 48

Permission validation and web session security occurs in the

Answer 48

Logic layer