Review Topics

Question 1

a technique used to learn information about a computer system on a network and the services running on its open ports

Answer 1

Banner Grabbing

Question 2

type of injection in which malicious scripts are injected into otherwise benign and trusted websites

Answer 2

Cross-Site Scripting (XSS)

Question 3

occurs when the outcome from execution processes is directly dependent on the order and timing of certain events. Those events fail to execute in the order and timing intended by the developer

Answer 3

Race Condition

Question 4

a symmetric block cipher with a fixed block size of 128 bits. It can utilize a 128-bit, 192-bit, or 256-bit symmetric key

Answer 4

Advanced Encryption Standard (AES)

Question 5

provides security as a service (SECaaS)

Answer 5

managed security service provider (MSSP)

Question 6

one of the first public-key cryptosystems and is widely used for secure data transmission. As a public-key cryptosystem, it relies on an asymmetric algorithm

Answer 6

RSA (Rivest–Shamir–Adleman)

Question 7

an automated software testing technique that involves providing invalid, unexpected, or random data as inputs to a computer program

Answer 7

Fuzzing or fuzz testing

Question 8

modification of DAC that provides a set of organizational roles that users may be assigned to gain access rights

Answer 8

Role-based access control (RBAC)

Question 9

provides the most detailed and explicit type of access control over a resource because it is capable of making access decisions based on a combination of subject and object attributes, as well as context-sensitive or system-wide attributes

Answer 9

Attribute-based access control (ABAC)

Question 10

sends specially crafted packets to the target host(s) and then analyzes the responses to determine the open ports and services running on those hosts. Also can determine the versions of the applications being used on those ports and services

Answer 10

Nmap

Question 11

a command-line utility that displays network connections for incoming and outgoing TCP packets, routing tables, and some network interface and network protocol statistics

Answer 11

Netstat

Question 12

the process of extracting user names, machine names, network resources, shares, and services from a system

Answer 12

Enumeration

Question 13

describes how much risk an organization is willing to accept

Answer 13

Risk appetite

Question 14

a symmetric-key algorithm for encrypting digital data. Although its short key length of 56 bits makes it too insecure for applications, it was the standard used from 1977 until the early 2000s

Answer 14

Data Encryption Standard (DES)

Question 15

occurs when an attacker sends a ping to a subnet broadcast address and devices reply to spoofed IP (victim server), using up bandwidth and processing power

Answer 15

smurf attack

Question 16

The access control policy is determined by the owner. Every object in a system must have an owner and each owner determines access rights and permissions for each object

Answer 16

Discretionary Access Control (DAC)

Question 17

An access control policy where the computer system determines the access control for an object. To access something, you need to meet the minimum level and
have a “need-to-know”

Answer 17

Mandatory Access Control (MAC)

Question 18

Label-based access control that defines whether access should be granted or denied to objects by comparing the object label and the subject label

Answer 18

Rule-based Access Control

Question 19

Utilizes complex mathematics to create sets of objects and

subjects to define how they interact

Answer 19

Lattice-based Access Control

Question 20

An access model that is dynamic and context-aware using IF-THEN
statements

Answer 20

Attribute-Based Access Control (ABAC)

Question 21

An access model that is controlled by the system but
utilizes a set of permissions instead of a single data label to define
the permission level

Answer 21

Role-Based Access Control (RBAC)

Question 22

Encryption algorithm which uses three separate symmetric keys to
encrypt, decrypt, then encrypt the plaintext into ciphertext in order to
increase the strength of DES

Answer 22

Triple DES (3DES)

Question 23

Symmetric block cipher which uses 64-bit blocks to encrypt plaintext into ciphertext

Answer 23

International Data Encryption Algorithm (IDEA)

Question 24

Symmetric block cipher that uses 128-bit, 192-bit, or 256-bit blocks and a matching encryption key size to encrypt plaintext into ciphertext

Answer 24

Advanced Encryption Standard (AES)

Question 25

Symmetric block cipher that uses 64-bit blocks and a variable length encryption key to encrypt plaintext into ciphertext

Answer 25

Blowfish

Question 26

Symmetric block cipher that replaced blowfish and uses 128-bit blocks
and a 128-bit, 192-bit, or 256-bit encryption key to encrypt plaintext into
ciphertext

Answer 26

Twofish

Question 27

Symmetric stream cipher using a variable key size from 40-bits to 2048-bits that is used in SSL and WEP

Answer 27

Rivest Cipher (RC4)

Question 28

Symmetric block cipher with a key size up to 2048-bits

Answer 28

Rivest Cipher (RC5)

Question 29

Symmetric block cipher that was introduced as a replacement for DES but
AES was chosen instead

Answer 29

Rivest Cipher (RC6)

Question 30

Asymmetric algorithm used to conduct key exchanges and secure key distribution over an unsecured network. Used for the establishment of a VPN tunnel using IPSec

Answer 30

Diffie-Hellman (DH)

Question 31

Asymmetric algorithm that relies on the mathematical difficulty of factoring large prime numbers. widely used for key exchange, encryption, and digital signatures and can use key sizes of 1024-bits to 4096-bits

Answer 31

RSA (Rivest, Shamir, and Adleman)

Question 32

Algorithm that is based upon the algebraic structure of elliptic curves over finite fields to define the keys. with a 256-bit key is just as secure as RSA with a 2048-bit key. most commonly used for mobile devices and low-power computing device

Answer 32

Elliptic Curve Cryptography (ECC)

Question 33

An encryption program used for signing, encrypting, and decrypting emails. The IDEA algorithm is used by this encryption program.

Answer 33

Pretty Good Privacy (PGP)

Question 34

A newer and updated version of the PGP encryption suite that uses AES
for its symmetric encryption functions

Answer 34

GNU Privacy Guard (GPG)

Question 35

A simulated random number stream generated by a computer that is used in
cryptography, video games, and more

Answer 35

Pseudo-Random Number Generator (PRNG)

Question 36

The science and art of hiding messages within other messages

Answer 36

Steganography

Question 37

A standard designed to regulate the transfer of secure public information across networks and the Internet utilizing any security tools and services available

Answer 37

Open Vulnerability and Assessment Language (OVAL)

Question 38

A function that converts an arbitrary length string input to a fixed length string
output

Answer 38

Hash

Question 39

A cryptographic hashing algorithm created to address possible weaknesses in the
older MD5 hashing algorithm. Uses a 160-bit hash digest, but isn’t considered strong

Answer 39

Secure Hash Algorithm 1 (SHA-1)

Question 40

A cryptographic hashing algorithm created to address possible weaknesses in the
older MD5 hashing algorithm. Uses a 256-bit or 512-bit hash digest and is the current version in used in modern forensics

Answer 40

Secure Hash Algorithm 2 (SHA-2)

Question 41

Uses a 128-bit hash digest, but is susceptible to collisions should only be used as a second-factor of integrity checking.

Answer 41

Message Digest Algorithm (MD5)

Question 42

Technique used by an attacker to find two different messages that have
the same identical hash digest

Answer 42

Birthday Attack

Question 43

An entire system of hardware, software, policies, procedures, and people that is
based on asymmetric encryption

Answer 43

Public Key Infrastructure (PKI)

Question 44

Cost associated with the realization of each individualized threat
that occurs

Answer 44

Single Loss Expectancy (SLE)

Question 45

Single Loss Expectancy (SLE) Formula

Answer 45

Asset Value x Exposure Factor

Question 46

Number of times per year that a threat is realized

Answer 46

Annualized Rate of Occurrence (ARO)

Question 47

Expected cost of a realized threat over a given year

Answer 47

Annualized Loss Expectancy (ALE)

Question 48

Annualized Loss Expectancy (ALE) Formula

Answer 48

SLE x ARO

Question 49

Relies on the physical characteristics of a person to identify them

Answer 49

Biometrics

Question 50

Rate that a system authenticates a user as authorized or valid when they should not have been granted access to the system

Answer 50

False Acceptance Rate (FAR)

Question 51

Rate that a system denies a user as authorized or valid when they should
have been granted access to the system

Answer 51

False Rejection Rate (FRR)

Question 52

measures the effectiveness of a biometric system

Answer 52

Crossover Error Rate (CER)