Security+ Flashcards

Question

What are the three criteria for PCI DSS compensating controls in order to be satisfactory?

Answer 1

- The control must meet the intent and rigor of the original requirement. - The control must provide a similar level of defense as the original requirement, such that the compensating control sufficiently offsets the risk that the original PCI DSS requirement was designed to defend against. - The control must be “above and beyond” other PCI DSS requirements.

Answer 2

- Data at rest is stored data that resides on hard drives, tapes, in the cloud, or on other storage media. This data is prone to theft by insiders or external attackers who gain access to systems and are able to browse through their contents. - Data in transit is data that is in motion/transit over a network. When data travels on an untrusted network, it is open to eavesdropping attacks by anyone with access to those networks. - Data in use is data that is actively in use by a computer system. This includes the data stored in memory while processing takes place. An attacker with control of the system may be able to read the contents of memory and steal sensitive information.

Answer 3

DLP (Data Loss Prevention) systems are security tools that monitor, detect, and block the unauthorized transmission of information across a network. They help ensure that sensitive or critical information does not leave the corporate network or is not used in a manner that violates policies. DLP systems can be rule-based and may involve a combination of content inspection and contextual analysis to identify and protect data in use (endpoint actions), in motion (network traffic), and at rest (storage). They are crucial in enforcing regulatory compliance and protecting intellectual property.

Answer 4

Agent-based DLP uses software agents installed on systems that search those systems for the presence of sensitive information. These searches often turn up Social Security numbers, credit card numbers, and other sensitive information in the most unlikely places.

Answer 5

Agentless (network-based) DLP systems are dedicated devices that sit on the network and monitor outbound network traffic, watching for any transmissions that contain unencrypted sensitive information. They can then block those transmissions, preventing the unsecured loss of sensitive information.

Answer 6

Integrate Data Loss Prevention (DLP) systems. They can be configured to scan email and encrypt traffic automatically.

Answer 7

Implement an agent-based DLP (in this case, host-based).

Answer 8

1) Pattern matching, where they watch for the telltale signs of sensitive information. For example, if they see a number that is formatted like a credit card or Social Security number, they can automatically trigger on that. Similarly, they may contain a database of sensitive terms, such as “Top Secret” or “Business Confidential,” and trigger when they see those terms in an outbound transmission. 2) Watermarking, where systems or administrators apply electronic tags to sensitive documents and then the DLP system can monitor systems and networks for unencrypted content containing those tags.

Answer 9

The principle of collecting, processing, and storing only the minimum amount of personal data necessary for specific purposes. This reduces the risk of data breaches and complies with privacy regulations.

Answer 10

The process of removing or altering personally identifiable information (PII) from data sets, so that individuals cannot be readily identified, enhancing privacy and security while allowing data analysis and usage.

Answer 11

- Hashing - Tokenization - Masking

Answer 12

Tokenization replaces sensitive values with a unique identifier using a lookup table. For example, we might replace a widely known value, such as a student ID, with a randomly generated 10-digit number. We'd then maintain a lookup table that allows us to convert those back to student IDs if we need to determine someone's identity. Of course, if you use this approach, you need to keep the lookup table secure.

Answer 13

Masking partially redacts sensitive information by replacing some or all sensitive fields with blank characters. For example, we might replace all but the last four digits of a credit card number with X's or *'s to render the card number unreadable.

Answer 14

A cryptographic attack that uses precomputed tables of hash values for cracking password hashes. It's efficient against unsalted hashes, reducing the time needed to crack a password by comparing precomputed hashes rather than computing them on-the-fly.

Answer 15

Segmentation places sensitive systems on separate networks where they may communicate with each other but have strict restrictions on their ability to communicate with systems on other networks.

Answer 16

Nonrepudiation means that someone who performed some action, such as sending a message, cannot later deny having taken that action. Digital signatures are a common example of nonrepudiation. They allow anyone who is interested to confirm that a message truly originated with its purported sender.

Answer 17

D. Managerial controls are procedural mechanisms that focus on the mechanics of the risk management process. Threat assessment is an example of one of these activities.

Answer 18

B. The breach of credit card information may cause many different impacts on the organization, including compliance, operational, and financial risks. However, in this scenario, Jade's primary concern is violating PCI DSS, making his concern a compliance risk.

Answer 19

C. The defacement of a website alters content without authorization and is, therefore, a violation of the integrity objective. The attackers may also have breached the confidentiality or availability of the website, but the scenario does not provide us with enough information to draw those conclusions.

Answer 20

D. Deterrent controls are designed to prevent an attacker from attempting to violate security policies in the first place. Preventive controls would attempt to block an attack that was about to take place. Corrective controls would remediate the issues that arose during an attack. Detective controls detect issues or indicators of issues.

Answer 21

D. In this case, Greg must use a network-based DLP system. Host-based DLP requires the use of agents, which would not be installed on guest systems. Greg may use watermarking and/or pattern recognition to identify the sensitive information, but he must use network-based DLP to meet his goal.

Answer 22

B. Data being sent over a network is data in transit. Data at rest is stored data that resides on hard drives, tapes, in the cloud, or on other storage media. Data in processing, or data in use, is data that is actively in use by a computer system.

Answer 23

A. Technical controls enforce confidentiality, integrity, and availability in the digital space. Examples of technical security controls include firewall rules, access control lists, intrusion prevention systems, and encryption.

Answer 24

D. The three primary goals of cybersecurity attackers are disclosure, alteration, and denial. These map directly to the three objectives of cybersecurity professionals: confidentiality, integrity, and availability.

Answer 25

A. The risk that Tony is contemplating could fit any one of these categories. However, his primary concern is that the company may no longer be able to do business if the risk materializes. This is a strategic risk.

Answer 26

C. Although it is possible that a frequent flyer account number, or any other account number for that matter, could be used in identity theft, it is far more likely that identity thieves would use core identity documents. These include drivers' licenses, passports, and Social Security numbers.

Answer 27

A. As an organization analyzes its risk environment, technical and business leaders determine the level of protection required to preserve the confidentiality, integrity, and availability of their information and systems. They express these requirements by writing the control objectives that the organization wishes to achieve. These control objectives are statements of a desired security state.

Answer 28

D. Encryption technology uses mathematical algorithms to protect information from prying eyes, both while it is in transit over a network and while it resides on systems. Encrypted data is unintelligible to anyone who does not have access to the appropriate decryption key, making it safe to store and transmit encrypted data over otherwise insecure means.

Answer 29

D. The use of full-disk encryption is intended to prevent a security incident from occurring if a device is lost or stolen. Therefore, this is a preventive control gap.

Answer 30

A. Although a health-care provider may be impacted by any of these regulations, the Health Insurance Portability and Accountability Act (HIPAA) provides direct regulations for the security and privacy of protected health information and would have the most direct impact on a health-care provider.

Answer 31

C. The disclosure of sensitive information to unauthorized individuals is a violation of the principle of confidentiality.

Answer 32

B. The three primary objectives of cybersecurity professionals are confidentiality, integrity, and availability.

Answer 33

A. Tokenization techniques use a lookup table and are designed to be reversible. Masking and hashing techniques replace the data with values that can't be reversed back to the original data if performed properly. Shredding, when conducted properly, physically destroys data so that it may not be recovered.

Answer 34

A. PCI DSS compensating controls must be “above and beyond” other PCI DSS requirements. This specifically bans the use of a control used to meet one requirement as a compensating control for another requirement.

Answer 35

Hacktivists use hacking techniques to accomplish some activist goal. They might deface the website of a company whose policies they disagree with. Or a hacktivist might attack a network due to some political issue. The defining characteristic of hacktivists is that they believe they are motivated by the greater good, even if their activity violates the law.

Answer 36

Sophisticated, long-term cyberattacks conducted by highly skilled adversaries targeting specific organizations for espionage or financial gain. APTs stealthily infiltrate networks to extract or compromise data without detection.

Answer 37

Espionage attacks are motivated by organizations seeking to steal secret information from other organizations. This may come in the form of nation-states attacking each other or corporate espionage.

Answer 38

- Cybercriminals: Individuals or groups seeking financial gain through attacks like phishing, malware, and identity theft. - Hacktivists: Hackers who target organizations for political or social reasons, often through website defacement or data leaks. - Nation-State Actors: Government-sponsored groups conducting cyber espionage or attacks to gather intelligence or disrupt other nations. - Insiders: Employees or contractors who misuse their access to steal information or sabotage systems. - Script Kiddies: Inexperienced hackers using pre-written scripts to exploit known vulnerabilities without fully understanding the technology. - Advanced Persistent Threats (APTs): Highly skilled groups engaging in prolonged and targeted cyberattacks to steal data or monitor organizations.

Answer 39

- Data exfiltration attacks are motivated by the desire to obtain sensitive or proprietary information, such as customer data or intellectual property. - Espionage attacks are motivated by organizations seeking to steal secret information from other organizations. This may come in the form of nation-states attacking each other or corporate espionage. - Service disruption attacks seek to take down or interrupt critical systems or networks, such as banking systems or health-care networks. - Blackmail attacks seek to extort money or other concessions from victims by threatening to release sensitive information or launch further attacks. - Financial gain attacks are motivated by the desire to make money through theft or fraud. Organized crime is generally motivated by financial gain, as are other types of attackers. - Philosophical/political belief attacks are motivated by ideological or political reasons, such as promoting a particular cause or ideology. Hacktivists are generally motivated by philosophical or political beliefs. - Ethical attacks, or white-hat hacking, are motivated by a desire to expose vulnerabilities and improve security. These attacks are often carried out by security researchers or ethical hackers with the permission of the organization being tested. - Revenge attacks are motivated by a desire to get even with an individual or organization by embarrassing them or exacting some other form of retribution against them. - Disruption/chaos attacks are motivated by a desire to cause chaos and disrupt normal operations. War may also be a motivation for cyberattacks. Military units and civilian groups may use hacking in an attempt to disrupt military operations and change the outcome of an armed conflict.

Answer 40

This is a system, application, or service that contains a vulnerability that a threat actor might exploit.

Answer 41

A path or method used by a cyber attacker to gain unauthorized access to a system or network to deliver a payload or malicious outcome. Common vectors include phishing, malware, social engineering, and unsecured networks.

Answer 42

- Phishing: Deceptive communication, often email, aiming to steal sensitive data. - Spear Phishing: Targeted phishing attacks directed at specific individuals or organizations. - Whaling: Highly targeted phishing attacks aimed at senior executives. - Spam: Unsolicited messages, often carrying malware or phishing links.

Answer 43

- USB Drop Attacks: Distributing malware-infected USB drives to unsuspecting users. - Tailgating: Gaining unauthorized access to restricted areas by following authorized personnel.

Answer 44

- Pretexting: Creating a fabricated scenario to steal a victim's information. - Baiting: Offering something enticing to deliver malware or steal information. - Quid Pro Quo: Offering a service or benefit in exchange for information, typically under false pretenses.

Answer 45

- Evil Twin Attacks: Creating a malicious Wi-Fi network mimicking a legitimate one. - Wi-Fi Eavesdropping: Intercepting information sent over unprotected Wi-Fi networks. - Bluetooth Hacking: Exploiting vulnerabilities over Bluetooth connections.

Answer 46

- API Vulnerabilities: Exploiting weaknesses in cloud services' Application Programming Interfaces. - Misconfigured Cloud Storage: Accessing improperly secured cloud storage to extract data. - Account Hijacking: Gaining control of cloud accounts to access sensitive information.

Answer 47

Definition: The DAD triad stands for Disclosure, Alteration, and Destruction. It is a model used to outline the potential security threats to information systems, contrasting the CIA (Confidentiality, Integrity, Availability) triad by focusing on negative outcomes. Example: An attacker stealing confidential documents (Disclosure), modifying data (Alteration), or deleting critical files (Destruction).

Answer 48

Definition: Data exfiltration refers to the unauthorized transfer of data from a computer or other device to an external location or attacker-controlled environment. This can be done manually via physical means or automatically through malware or compromised networks. Example: An attacker using a phishing scam to install malware that silently transfers sensitive files from the victim's computer to an external server.

Answer 49

Definition: Protected Health Information is any information in a medical record or other health-related information that can be used to identify an individual and that was created, used, or disclosed in the course of providing a healthcare service, such as diagnosis or treatment. Example: Names, addresses, birth dates, Social Security Numbers, medical records, and health insurance information.

Answer 50

Definition: Control objectives are the goals or purposes intended to be achieved by implementing specific control measures or procedures in information security. These objectives help ensure the confidentiality, integrity, and availability of data. Example: Ensuring only authorized users have access to sensitive data, data is accurate and unaltered, and information systems are available when needed.

Answer 51

Definition: CPU registers are small, high-speed storage locations within a computer's CPU (Central Processing Unit) that hold data and instructions that are being processed by the CPU. They play a critical role in the CPU's ability to execute operations quickly. Example: Instruction registers hold the instruction currently being executed, while accumulator registers store intermediate arithmetic and logic results.

Answer 52

Definition: Threat intelligence is information that is used to understand the threats that have, will, or are currently targeting an organization. This information can be used to prepare, prevent, and identify cyber threats looking to take advantage of valuable resources. Example: Data indicating a new malware strain is targeting the financial sector, helping institutions to proactively bolster their defenses.

Answer 53

Definition: Threat feeds deliver real-time information about potential security threats to an organization, providing actionable intelligence that can be used to bolster cybersecurity measures. Details Included: IP addresses, domains, email addresses, URLs, file hashes, paths, and CVE numbers, offering comprehensive insight into the nature of threats. Benefits: By including context such as why an organization might be targeted, descriptions of threat actors, and insights into their motives and methods, threat feeds enable organizations to understand and mitigate threats more effectively.

Answer 54

Definition: STIX is a language and serialization format used to exchange cyber threat intelligence (CTI) in a standardized manner. It enables organizations to share information about cyber threats and their indicators effectively and efficiently. Purpose: Facilitates the understanding, management, and sharing of cyber threat intelligence, enhancing the ability to respond to and mitigate cyber threats across different platforms and organizations.

Answer 55

Definition: Trusted Automated Exchange of Intelligence Information (TAXII) is a protocol used for the automated exchange of cyber threat information in a secure and standardized manner. Purpose: It supports the sharing of information about malware, attack patterns, and threat indicators, making it easier for organizations to communicate and collaborate on threat intelligence. TAXII is often used in conjunction with STIX to facilitate the exchange of structured threat information.

Answer 56

TTPs (Tactics, Techniques, and Procedures) represent the behavior patterns of threat actors or cybercriminals. Tactics: The overarching strategy or goal of an attacker. For example, an attacker's tactic might be to gain unauthorized access to a network to steal sensitive data. Techniques: The methods used to carry out the tactic. Continuing the example, the technique could be phishing emails to trick employees into revealing their login credentials. Procedures: The detailed, step-by-step actions taken to execute the technique. In this case, the procedure might involve crafting a convincing email that appears to be from a trusted source, embedding a malicious link, and then sending it to multiple employees within the targeted organization.

Answer 57

D. Forensic information does not have to include a time stamp to be admissible, but time stamps can help build a case that shows when events occurred. Files without a time stamp may still show other information that is useful to the case or may have other artifacts associated with them that can provide context about the time and date.

Answer 58

White, grey, and black hat hacking.

Answer 59

Quick-formatting a drive removes the file indexes but leaves the file content on the drive. Recovery tools look for those files on the drive and piece them back together using metadata, headers, and other clues that help to recover the files.

Answer 60

A. The risk that Tony is contemplating could fit any one of these categories. However, his primary concern is that the company may no longer be able to do business if the risk materializes. This is a strategic risk.

Answer 61

C. Password spraying involves the use of the same password to attempt to log into multiple accounts. Joanna should search for uses of the same password for different accounts.

Answer 62

D. While many protocols have a secure version, DHCP does not have a secure option, and protection must be handled by using detection and response mechanisms, rather than an encrypted protocol.

Answer 63

This refers to the recording of system or application activities at times outside of normal operational hours or scheduled intervals, often to detect unauthorized access or anomalies that could indicate a security incident.

Answer 64

D. This is an example of out-of-cycle logging, or logging that occurs at a different time than expected. This may be because an attacker is using the backup tool to acquire data. Unexpected logs are not an indicator found on the Security+ exam outline. There is no indication of resource consumption or inaccessibility in the question.

Answer 65

ISACs. The U.S. government created the Information Sharing and Analysis Centers (ISACs). ISACs help infrastructure owners and operators share threat information, and provide tools and assistance to their members.

Answer 66

D. Diffie–Hellman is a key exchange algorithm used to create a common shared secret key. The Advanced Encryption Standard (AES) is a symmetric encryption algorithm used to protect data. Password-Based Key Derivation Function 2 (PBKDF2) is a key stretching algorithm used to create strong keys from short passwords. The Online Certificate Status Protocol (OCSP) is used to verify the validity of digital certificates.

Answer 67

C. Sarah’s main focus in this situation is the Sarbanes–Oxley Act (SOX Act), as it is specifically designed for U.S. publicly traded companies. It insists on a high level of confidence in the IT systems that manage these companies’ financial records. The Family Educational Rights and Privacy Act (FERPA) applies to educational institutions in the U.S., mandating the secure handling of student records. The Gramm–Leach–Bliley Act (GLBA) is aimed at U.S. financial institutions, necessitating them to establish a formal security program. The Health Insurance Portability and Accountability Act (HIPAA) sets the rules for health-care providers, insurance firms, and health information clearinghouses in the U.S., calling for adherence to security and privacy standards related to health information. While each of these regulations plays a crucial role within their specific sectors, in Sarah’s role at a publicly traded tech firm, it’s the SOX Act that is most pertinent.

Answer 68

C. Isabelle should select PEAP, which doesn’t require client certificates but does provide TLS support. EAP-TTLS provides similar functionality but requires additional software to be installed on some devices. EAP-FAST focuses on quick reauthentication, and EAP-TLS requires certificates to be deployed to the endpoint devices.

Answer 69

D. Method of transport

Answer 70

Low: 0.1 - 3.9 Medium: 4.0 - 6.9 High: 7.0 - 8.9 Critical: 9.0 - 10.0

Answer 71

D. Since the drive acquisition was both unmonitored and not logged, and since the drive sat without being secured, the chain of custody for the drive cannot be validated. Michelle cannot prove that the drive was handled properly or was not modified between the time it was obtained and when it was handed to her. Drives will not typically lose data or have issues being copied after being unpowered for a week, or even months. There is no requirement for legal hold in this scenario, and no third party requested that the drive or data on the drive be preserved.

Answer 72

A. Misinformation and disinformation campaigns are primarily associated with nation-state actors, but are increasingly used by other organizations and even individuals as well. Watering hole attacks, business email compromise, and password spraying are broadly used attacks.

Answer 73

A. Server-side request forgery (SSRF) attacks trick a server into visiting a URL based on user-supplied input. SSRF attacks are possible when a web application accepts URLs from a user as input and then retrieves information from that URL. If the server has access to non-public URLs, an SSRF attack can unintentionally disclose that information to an attacker. CSRF (cross-site request forgery) leverages malicious code to cause users to take action via a website they’re already authenticated to. XSS (cross-site scripting) injects malicious scripts into preexisting websites by getting them to display the scripts, and command injection attacks attempt to run commands on an operating system by leveraging a vulnerable application.

Answer 74

D. When access points conflict, enterprise wireless network management tools will typically decrease the power for both access points until the issue is resolved. Simply increasing power will cause more conflicts, changing the SSID would not serve typical enterprise models that use a single SSID to allow roaming, and disabling an access point may leave coverage gaps.

Answer 75

B. Policy enforcement points communicate with policy administrators to forward requests from subjects and to receive instructions from them about connections to allow or end. Policy administrators are components that establish or remove the communication path between subjects and resources, including creating session-specific authentication tokens or credentials as needed. Policy engines make policy decisions based on both rules and external systems. Policy gateways are not reference components for zero-trust designs.

Answer 76

B. Browser on-path attacks take advantage of malicious browser plug-ins or proxies to modify traffic at the browser level. They do not involve compromised routers or servers, and a modified hosts file is more likely to be involved in an on-path attack.

Answer 77

C. This is an example of an impersonation attack. The pentester impersonated the head of IT in order to achieve their goals. The good news is that it was a penetration tester! Smishing is phishing via SMS, vishing is phishing via voice or voicemail, and pretexting provides a reason that the target should perform an action. Here the attack relied on the authority that Amanda believed the caller had.

Answer 78

C. This is one form of an on-path attack, an attack that redirects traffic to a system or device controlled by the attacker, which can then take action on network traffic originally destined for another system. ARPjacking and TCP redirect attacks are made up. Disassociation attacks focus on causing Wi-Fi devices to drop their connection and try to reconnect to an access point.

Answer 79

It is important to ensure that data prepared for e-discovery only contains what it is supposed to, and that information that should not be shared is not included.

Answer 80

To categorize these governance documents, assess their scope and detail level. Policies provide broad, principle-based directions and define the organization's security posture. Standards specify mandatory actions, technical requirements, or rules to implement policies. Procedures are detailed, step-by-step instructions that describe exactly how to comply with policies and standards. Guidelines offer advisory best practices that can be tailored to specific circumstances or environments. The hierarchy moves from general (policies) to specific (procedures) with standards providing the compulsory requirements to achieve policy goals and guidelines offering optional advice.

Answer 81

In cybersecurity, federation is the process of linking and managing identities across multiple systems and organizations to allow users to access shared resources with single sign-on (SSO).

Answer 82

The Electronic Discovery Reference Model (EDRM) is a framework that outlines standards for the recovery and discovery of digital data. It provides guidance for the creation, management, and use of electronic stored information (ESI) in legal proceedings.

Answer 83

Definition: A logic bomb is a piece of malicious code intentionally inserted into a software system that will set off a malicious function when specified conditions are met, such as a particular time or event. It lies dormant until triggered. Example: An employee might insert a logic bomb that deletes files on a specific date or after they are terminated from the company.

Answer 84

B. SFTP implements file transfers via SSH and only requires a single port to be open. FTPS uses a second port for file transfers, just like FTP. SFTP also allows the use of key-based authentication, making transfers even easier for users. Both SFTP and FTPS provide strong encryption, so this is not a deciding factor.

Answer 85

FRR (false rejection rate) describes what happens when a biometric system does not accept a valid biometric factor.

Answer 86

FAR (false acceptance rate) is the rate at which false acceptances occur.

Answer 87

An Simple Network Management Protocol (SNMP) trap is an automated notification sent by an SNMP-enabled device to a management station, signaling that an event or threshold has been reached. It's a type of unsolicited alert from a network device that communicates significant incidents or status changes without request.

Answer 88

One of the challenges security practitioners can face when attempting to identify malware is that different antivirus and antimalware vendors will name malware packages and families differently. This means that Matt may need to look at different names to figure out what he is dealing with.

Answer 89

B. A longer key is generally stronger for modern cryptosystems, and a longer key will be harder to crack. Signing the file helps with nonrepudiation but not resistance to cracking the encryption. Hashing the file before encrypting it or hashing it after will not help in this scenario.

Answer 90

Attribute-Based Access Control (ABAC) is a flexible access control methodology where access rights are granted to users through the use of policies which combine attributes together. The attributes can be related to the user, the resource to be accessed, and the current environment.

Answer 91

Discretionary Access Control (DAC) is an access control method where access rights are assigned by the owner of the resource. It allows users to control resources they own by granting or restricting access to other users.

Answer 92

Mandatory Access Control (MAC) is a strict access control model that enforces access policies based on clearance levels of users and data classification. It is commonly used in environments that require high security, where access decisions are made by a central authority.

Answer 93

D. Supply chain attacks are typically associated with vendors and suppliers that provide technology infrastructure or services that may be compromised. This would include hardware and software providers as well as managed service providers (MSPs). Talent providers, who help with staffing solutions, are generally not considered common avenues for supply chain attacks.

Answer 94

SMS (text message) based phishing

Answer 95

B. Embedded systems are available at many price points. Understanding constraints that limited resources create for embedded systems helps security professionals identify appropriate security controls and options.

Answer 96

Linux users can change who can read, write, or execute files and directories they own, which is discretionary access control (DAC). Mandatory access control (MAC) would enforce settings set by the systems administrator without users having the rights to make their own decisions. While role-based access control is involved, DAC best describes the access control scheme. ABAC is not a default method for setting rights for the Linux filesystem.

Answer 97

An access control vestibule uses a pair of doors. When an individual enters, the first door must be closed and secured before the second door can be opened. This helps prevent tailgating, since the person entering will notice anybody following them through the secured area.

Answer 98

A Faraday cage is used to stop electromagnetic interference (EMI).

Answer 99

A device that prevents vehicular traffic.

Answer 100

A physical separation of networks or devices

Answer 101

Watering hole attacks rely on compromising or infecting a website that targeted users frequently visit, much like animals will visit a common watering hole.

Answer 102

Whaling is a type of phishing scam that targets high-profile individuals within an organization, like executives (the "big fish"). The attacks are highly personalized to trick the victim into divulging confidential information or transferring funds.

Answer 103

Typosquatting is a deceptive strategy where attackers register domain names that are misspellings of popular websites. Unsuspecting users who make typographical errors when entering a URL are led to fraudulent websites, which can result in phishing attacks or malware infections.

Answer 104

A stream cipher is an encryption method that encrypts digital data one bit or byte at a time. It combines plain text bits with a pseudorandom cipher digit stream (keystream), typically using bitwise XOR.

Answer 105

A block cipher is an encryption method that divides text into fixed-sized blocks and encrypts them one at a time. It provides a high level of security by using various modes of operation and can repeatedly change the key during the encryption process.

Answer 106

A legal hold is a notification that litigation is in progress or active and that data and documents related to the case must be preserved. Legal holds are used to ensure that information relevant to the case is not lost or destroyed.

Answer 107

Striping (RAID 0) is a method of dividing data into blocks and spreading it evenly across two or more disks to improve speed and capacity. However, it does not provide redundancy; if one disk fails, all data is lost.

Answer 108

Mirroring (RAID 1) involves creating an exact copy of a set of data on two or more disks. This provides high fault tolerance because if one disk fails, the data can be retrieved from the other.

Answer 109

Parity (RAID 5) involves spreading data across multiple disks and adding a parity block to each write operation. The parity blocks are used to recover data from a failed disk, providing a balance between performance and data protection.

Answer 110

Double parity (RAID 6) extends the single parity system of RAID 5 by adding a second parity block. This allows for two disk failures within the array without loss of data and provides a greater fault tolerance.

Answer 111

RAID 10 (Mirroring and Striping): Combines the benefits of RAID 0 and RAID 1 for both redundancy and improved performance. Requires a minimum of four drives.

Answer 112

A. Unlike computers and mobile devices, switches and other network devices typically do not have additional software that can be removed. Installing patches, placing administrative interfaces on protected VLANs, and changing default passwords are all common hardening techniques for network devices like switches.

Answer 113

Managerial controls are procedural mechanisms that focus on the mechanics of the risk management process.

Answer 114

A Windows Group Policy Object (GPO) can be used to control whether users are able to install software.

Answer 115

C. Rootkits are intended to be stealthy, and a pop-up demanding ransom works against that purpose. File hashes, command and control details, and behavior-based identifiers are all useful IoCs likely to be relevant to a rootkit.

Answer 116

In the context of Windows systems, a GPO (Group Policy Object) is a virtual collection of policy settings created using Microsoft's Group Policy technology. GPOs control the working environment of user and computer accounts, managing a range of configurable settings within an Active Directory environment.

Answer 117

An IoC (Indicator of Compromise) is forensic data gathered from system logs, files, or other sources that indicate a potential intrusion or malicious activity within a network or system.

Answer 118

Command and Control refer to methods cyber attackers use to maintain communication with compromised systems within a target network, typically to control malware, exfiltrate data, or issue commands to infected hosts.

Answer 119

C. Requests for an exception to a security policy would not normally include a proposed revision to the policy. Exceptions are documented variances from the policy because of specific technical and/or business requirements. They do not alter the original policy, which remains in force for systems not covered by the exception.

Answer 120

Emily is looking for a solution to minimize the load of numerous third-party audits. In such a situation, SSAE 18, also referred to as service organization controls (SOC) audits, is an ideal solution as it provides a common standard for auditors assessing service organizations. It allows the organization to undertake an external assessment instead of multiple third-party assessments, sharing the resulting report with customers and potential clients. While COBIT, ISO 27001, and ISO 27002 are valuable auditing and assessment standards, they do not specifically address the issue of multiple third-party audits. COBIT is a common framework for conducting audits and assessments, ISO 27001 describes an approach for setting up an information security management system, and ISO 27002 provides more detail on the specifics of information security controls, but none of them offer a solution like SSAE 18 for service organizations facing numerous audits.

Answer 121

COBIT (Control Objectives for Information and Related Technologies) is a framework for IT management and governance, providing a set of best practices and models to help organizations ensure effective control over information systems and technology.

Answer 122

ISO 27001 is an international standard for information security management systems (ISMS), providing a framework for establishing, implementing, maintaining, and continually improving information security within an organization.

Answer 123

ISO 27002 provides guidelines and best practices for implementing information security controls within the context of an ISO 27001 ISMS framework. It covers the selection, implementation, and management of controls based on risk assessment.

Answer 124

SSAE 18 (Statement on Standards for Attestation Engagements No. 18) is an auditing standard for service organizations, ensuring that they have adequate controls and processes in place. It's the standard that guides the execution of SOC 1 audits.

Answer 125

A next-generation firewall (NGFW) device is typically designed and built to be more capable at high speeds and throughput than a universal threat management device. A NGFW offers standard firewall capabilities such as packet filtering, along with advanced features like encrypted traffic inspection, intrusion prevention systems, and the ability to identify and block sophisticated attacks.

Answer 126

Unified Threat Management (UTM) provides a comprehensive security solution that combines multiple security features and services, including antivirus, anti-spam, firewall, and intrusion detection, in a single device or service package.

Answer 127

D. Zero-day attacks are generally known only to a small group of researchers who discover the vulnerabilities. They are not known to the general public and would likely be patched by the vendor if they became widely known. Zero-day vulnerabilities may exist in any technology component: software or hardware. They are only effective during the limited window of opportunity when they remain unpatchable before the vendor issues a fix.

Answer 128

D. Isaac can simply destroy all copies of the encryption key for the drive to make the data very difficult to access. Using the built-in secure erase command will ensure that the data is no longer recoverable under any normal circumstances. Overwriting SSDs and other flash media that are overprovisioned with additional space for wear leveling purposes is likely to miss remnant data in spare or replaced space. Formatting a drive simply removes the file indices and does not remove the data.

Answer 129

Common methods of performing a root cause analysis include the 5 Whys technique, where you ask "why" multiple times to drill down to the underlying cause; Fishbone (Ishikawa) Diagram, which identifies potential factors causing an overall effect; and the Fault Tree Analysis, which uses a tree-like model to deduce the root causes of a problem. These methods aim to uncover the primary cause of a problem rather than focusing on symptoms.

Answer 130

This method involves examining the problem (root) and its manifestations or symptoms (branches) to understand the cause-and-effect relationship. It helps in identifying not just what happened and how, but why it happened, ensuring that solutions address the core issue.

Answer 131

Data protection officer

Answer 132

A parameterized query (sometimes called a prepared statement) uses a prebuilt SQL statement to prevent SQL-based attacks. Variables from the application are fed to the query, rather than building a custom query when the application needs data.

Answer 133

Software-defined networking (SDN) uses software-based controllers and application programming interfaces to control networks. It is frequently used to ensure proper performance by making dynamic changes to networks and is a common element in zero-trust deployments.

Answer 134

A documented restoration order helps ensure that systems and services that have dependencies start in the right order and that high-priority or mission-critical services are restored first.

Answer 135

Time-Based One-Time Password (TOTP) generates a password that is valid for only a short period of time, using a shared secret and the current time to ensure each password is unique and temporary.

Answer 136

HMAC-Based One-Time Password (HOTP) generates a one-time password using a counter that increments with each new password. It relies on a shared secret key and a simple counter mechanism for password generation.

Answer 137

In disaster recovery, the restoration order is the sequence in which systems, applications, and data are restored to return to operational status. This order is critical for minimizing downtime and ensuring critical services are prioritized.

Answer 138

- Trojans: Disguise themselves as legitimate software to trick users into installing them, providing a backdoor for malicious activities. - Worms: Self-replicate without human interaction, spreading across networks by exploiting vulnerabilities. - Viruses: Attach themselves to clean files and require human action (like opening a file) to execute and infect other files and systems.

Answer 139

The use of the SQL WAITFOR command is a signature characteristic of a timing-based SQL injection attack.

Answer 140

Privileged Access Management (PAM) secures, manages, and monitors privileged accounts and access across an IT environment to protect critical resources and data.

Answer 141

This approach grants access rights as needed for a limited time, reducing the risk of unauthorized access or abuse of privileges.

Answer 142

A security practice where passwords are stored in a secured digital vault to prevent unauthorized access and improve password management.

Answer 143

Temporary credentials that are automatically generated and expire after a short duration, enhancing security by minimizing the risk of credential misuse.

Answer 144

Hash-Based Message Authentication Code (HMAC) is a security mechanism used to verify both the integrity and the authenticity of a message. It combines the use of a cryptographic hash function with a secret cryptographic key, creating a unique code (the MAC) that can be attached to a message. Here's a breakdown for better understanding: - **Integrity:** HMAC ensures that the message has not been altered from its original form. When the message is received, the recipient can compute their own HMAC using the same hash function and secret key. If the HMAC produced matches the one sent with the message, it confirms that the message has not been tampered with during transit. - **Authentication:** The inclusion of a secret key that both the sender and receiver share adds a layer of authentication. Only someone with access to the same secret key could generate the correct HMAC for the message. This confirms the message's origin, verifying that it was indeed sent by someone who possesses the shared secret key. The process involves taking the original message and applying a hash function to it and the secret key in a specific way. This typically involves hashing the combination of the secret key and the message, then hashing that output again with the key to produce the final HMAC. This dual application of the hash function, combined with the key's involvement, provides robust protection against tampering and impersonation. HMAC is widely used in various security applications and protocols, including VPNs, API authentication, and securing data in transit over the internet. Its effectiveness lies in the difficulty of forging a valid HMAC without knowing the secret key, making it a reliable method for securing digital communications.

Answer 145

Password vaulting, which stores passwords for use with proper authentication and rights, is the most appropriate solution for Marie’s needs.

Answer 146

SMS messages are not secure and could be accessed by cloning a SIM card or redirecting VoIP traffic, among other possible threat models.

Answer 147

Input allow list approaches define the specific input type or range that users may provide. When developers can write clear business rules defining allowable user input, allow listing is definitely the most effective way to prevent injection attacks. Block lists achieve the same goal but attempt to block malicious content rather than allow approved content so they are less effective. Browser-based input validation is not a good practice because an attacker can easily bypass that validation. Signature detection is generally not used for injection attacks but rather for antivirus software.

Answer 148

Supervisory Control and Data Acquisition (SCADA) refers to a system used to monitor and control industrial processes across various industries. It consists of hardware and software elements that allow organizations to control industrial processes locally or at remote locations, monitor, gather, and process real-time data, and directly interact with devices such as sensors, valves, pumps, motors, and more through human-machine interface (HMI) software. SCADA systems are essential for industrial automation, helping to ensure efficiency, process control, and data collection for critical decision-making.

Answer 149

C. Aging infrastructure that is tightly coupled to critical systems like a power generation facility is a common issue that enterprise security practitioners encounter in many industries. Placing devices that cannot otherwise be secured onto an isolated network and ensuring that only trusted and inspected access is allowed is a common solution. Since aging devices are often out of support, cannot be patched, and do not have support for firewalls or host-based intrusion prevention systems (HIPSs), those solutions are often unable to be implemented, particularly for the embedded and specialized devices found in supervisory control and data acquisition (SCADA) and industrial control systems (ICS) environments.

Answer 150

Definition: Failure modes are the various ways in which a system, component, or process can fail. Identifying failure modes helps in understanding how something might go wrong, assessing the potential impact of different types of failures, and implementing measures to mitigate or prevent such failures. - Fail-Open: A security mechanism that defaults to allowing access or operation when it fails or malfunctions, prioritizing availability over security. - Fail-Closed: Conversely, this approach defaults to denying access or operation in the event of a failure, prioritizing security over availability.

Answer 151

In cybersecurity, social engineering principles are psychological tactics used by attackers to manipulate individuals into divulging confidential information or performing actions that compromise security. Key principles include: - Authority, where the attacker poses as someone in power - Urgency, creating a false sense of immediate action needed - Scarcity, suggesting limited time or availability - Social proof, pretending to be a trusted entity - Liking, where attackers build rapport or a sense of affinity with their target These principles exploit human nature to bypass technical security measures.

Answer 152

Although it may be tempting to use a technical answer, interviewing the individual involved is the best starting point when a person performed actions that need to be reviewed. Charles can interview the staff member, and then move on to technical means to validate their responses.

Answer 153

Unified threat management (UTM) devices are designed to be all-in-one security devices that can act as a firewall. They commonly offer services ranging from IPS and IDS to spam filtering and antivirus/antimalware.

Answer 154

Identity provider (IdP)

Answer 155

Extensible Authentication Protocol - a framework used in wireless networks and Point-to-Point connections, allowing for the deployment of various authentication methods, including passwords, tokens, and certificates.

Answer 156

Identity provider - a service that stores and verifies user identity information, providing authentication services to other applications within a single sign-on (SSO) or federated identity system.

Answer 157

The process of gathering information about a target system, network, or organization to identify potential vulnerabilities and attack vectors.

Answer 158

Hardware Security Modules are physical devices that provide secure cryptographic key storage and management, often used to enhance security in transaction systems, data storage, and applications requiring high assurance of key security.

Answer 159

Cloud Access Security Brokers - security policy enforcement points that sit between cloud service consumers and providers to ensure that network traffic complies with the organization's security policies.

Answer 160

Members of management or organizational leadership act as a primary conduit to senior leadership for most incident response teams. They also ensure that difficult or urgent decisions can be made without needing escalated authority.

Answer 161

Secure Web Gateways - appliances or software that monitor and enforce company policies on internet usage, blocking malicious traffic and preventing unauthorized access to harmful websites.

Answer 162

- Efficiency and time savings - Enforcing baselines - Standardizing infrastructure configurations - Scaling in a secure manner - Retaining employees - Reducing reaction time - Serving as a workforce multiplier

Answer 163

In an asymmetric encryption algorithm, the recipient of a message uses their own private key to decrypt messages that they receive.

Answer 164

Data controllers are the entities who determine the reasons for processing personal information and direct the methods of processing that data. This term is used primarily in European law, and it serves as a substitute for the term data owner to avoid a presumption that anyone who collects data has an ownership interest in that data.

Answer 165

The recipient of a digitally signed message may verify the digital signature by decrypting it with the public key of the individual who signed the message.

Answer 166

Tokenization techniques use a lookup table and are designed to be reversible. Masking and hashing techniques replace the data with values that can’t be reversed back to the original data if performed properly. Shredding, when conducted properly, physically destroys data so that it may not be recovered.

Answer 167

Legacy hardware is unsupported and no longer sold. End-of-life typically means that the device is no longer being made but is likely to still have support for a period of time. End-of-sales means the device is no longer being sold, but again, may have support for some time.

Answer 168

1. CPU registers, cache 2. Routing table, ARP cache, process table, kernel statistics 3. RAM 4. Swap space 5. Data on hard disk 6. Remotely logged data 7. Data stored on backup media

Answer 169

AES is the successor to 3DES and DES and is the best choice for a symmetric encryption algorithm. RSA is a secure algorithm, but it is asymmetric rather than symmetric.

Answer 170

GLBA (Gramm-Leach-Bliley Act): A U.S. law that requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data.

Answer 171

SOX (Sarbanes-Oxley Act): A U.S. law aimed at protecting investors from fraudulent financial reporting by corporations, requiring strict financial record keeping and reporting.

Answer 172

The act of obtaining secret or confidential information without the permission of the holder of the information. Espionage is a method used in warfare, spying, and theft of trade secrets.

Answer 173

Measured boot

Answer 174

Validates hashes against known good hashes for those boot elements

Answer 175

A SIEM with correlation rules for geographic IP information as well as user IDs and authentication events will accomplish Susan’s goals. An IPS may detect attacks, but it isn’t well suited to detecting impossible travel. OS logs would need to be aggregated, and vulnerability scan data won’t show this at all.

Answer 176

SIEM Tool (Security Information and Event Management Tool): A software solution that aggregates and analyzes activity from many different resources across your IT infrastructure, providing real-time analysis of security alerts generated by applications and network hardware.

Answer 177

A process that measures each component, from firmware up through the operating system, used during the boot process of a device to ensure they have not been tampered with.

Answer 178

A type of web attack where attackers manipulate or "pollute" the parameters of a web application to create unexpected outcomes, often bypassing site security measures. Example: http://www.mycompany.com/servicestatus.php?serviceID=892&serviceID=892'%20;DROP%20TABLE%20Services;-- In this case, it appears that the attacker was waging a SQL injection attack and tried to use parameter pollution to slip the attack past content filtering technology. The two instances of the serviceID parameter in the query string indicate a parameter pollution attempt.

Answer 179

Although both a checksum and a hash can be used to validate message integrity, a hash has fewer collisions than a checksum and will also provide a unique fingerprint for a file. Checksums are primarily used as a quick means of checking that that integrity is maintained, whereas hashes are used for many other purposes such as secure password validation without retaining the original password. A checksum would not be useful for proving a forensic image was identical, but it could be used to ensure that your work had not changed the contents of the drive.

Answer 180

The Center for Internet Security (CIS) provides hardening guidelines known as CIS benchmarks that Alyssa can use as a guide to secure her organization’s iOS devices. OWASP does not provide these, and NIST provides general guidance, not OS- or device-specific configuration guides.

Answer 181

Trojans are often found in application stores where they appear to be innocuous but desirable applications or are listed in confusingly similar ways to legitimate applications. Many organizations choose to lock down the ability to acquire applications from app stores to prevent this type of issue. Since Trojans do not self-spread and rely on user action, patching typically won’t prevent them. While users may try to transfer files via USB, this isn’t the most common means for modern Trojans to spread.

Answer 182

The corporate-owned, personally enabled (COPE) model allows end users to use their devices for personal as well as corporate use while providing corporate control and management of the mobile devices.

Answer 183

COPE Model (Corporate-Owned, Personally Enabled): A policy where the organization owns the devices but allows employees to use them for personal tasks, providing a balance between control and flexibility.

Answer 184

VDI (Virtual Desktop Infrastructure): A technology that hosts desktop environments on a centralized server and deploys them to end-users on request, allowing remote access to a desktop interface.

Answer 185

CYOD (Choose Your Own Device): A policy that allows employees to choose from a list of approved devices for work use, offering flexibility while maintaining control over security.

Answer 186

BYOD (Bring Your Own Device): A policy allowing employees to use their personal devices for work purposes, emphasizing convenience and personal preference, with security managed through corporate guidelines.

Answer 187

A network set up with intentional vulnerabilities; its purpose is to attract hackers and study their tactics, acting as a decoy to improve security defenses. Example: A fake financial website designed to lure and analyze malware attacks. The same concept as a honeypot, except on the network or group-of-systems level.

Answer 188

A service that intentionally delays incoming connections, slowing down attackers or automated scripts, effectively trapping them to prevent or mitigate spam and unauthorized access. Example: A mail server that uses tarpitting to slow down mass email sending operations by spammers.

Answer 189

A framework for managing and protecting information assets, ensuring confidentiality, integrity, and availability through a comprehensive set of policies, procedures, and controls.

Answer 190

Provides best practice guidelines on information security controls for implementing and achieving ISO 27001 certification, including user access management, incident management, and security policies.

Answer 191

Extends ISO 27001 to cover privacy-specific requirements, helping organizations manage personal data securely and in compliance with privacy regulations.

Answer 192

Offers guidelines on risk management principles and the implementation of risk assessment practices, aiming to help organizations identify, assess, and manage risks across different areas of operation.

Answer 193

The services listed are: 21—FTP 22—SSH 23—Telnet 80—HTTP 443—HTTPS Of these services, SSH (Port 22) and HTTPS (port 443) are secure options for remote shell access and HTTP. Although secure mode FTP (FTP/S) may run on TCP 21, there is not enough information to know for sure, and HTTPS can be used for secure file transfer if necessary. Thus, Naomi’s best option is to disable all three likely unsecure protocols: FTP (port 21), Telnet (port 23), and HTTP (port 80).

Answer 194

All of these items could be concerning, depending on the circumstances. However, API keys should never be found in public repositories because they may grant unauthorized individuals access to information and resources.

Answer 195

Red Hat Enterprise uses journalctl to view journal logs that contain application information. Jim should use journalctl to review the logs for the information he needs. The tool also provides functionality that replicates what head and tail can do for logs. Syslog-ng is a logging infrastructure, and though logs may be sent via syslog-ng, it is not mentioned here. logger is a logging utility used to make entries in the system log.

Answer 196

A host-based intrusion prevention system (HIPS) can detect and prevent attacks against services while allowing the service to be accessible. A firewall can only block based on port, protocol, and IP; encryption won’t prevent this; and an EDR is primarily targeted at malicious software and activity, not at network-based attacks on services.

Answer 197

Extended validation (EV) certificates provide the highest available level of assurance. The CA issuing an EV certificate certifies that they have verified the identity and authenticity of the certificate subject.

Answer 198

Inline CASBs: These solutions act as intermediaries, intercepting requests and data moving between the user and the cloud service provider, providing real-time security enforcement. API-based CASBs: These solutions integrate with cloud service providers using their APIs, allowing them to monitor and manage data and user activity within cloud applications indirectly, without requiring inline traffic inspection.

Answer 199

Nonrepudiation ensures that individuals can prove to a third party that a message came from its purported sender. Although Tina may also achieve other goals with her approach, this goal is her stated intention.

Answer 200

PaaS environments commonly rely on customers and providers to maintain identity and directory infrastructure, applications, and network controls. Customers manage information and data, devices, and accounts and identities, whereas providers are responsible for operating systems, physical hosts, networks, and datacenters.

Answer 201

Preparation > Detection > Analysis > Containment > Eradication > Recovery Then, begin the cycle again.

Answer 202

Organizations should only use data for the purposes disclosed during the collection of that data.

Answer 203

A split-tunnel VPN sends traffic intended for the remote VPN network through the tunnel and responses back to the client. A full tunnel sends any traffic (including internet-bound) through the corporate network. This provides enhanced security at the cost of corporate bandwidth.

Answer 204

Footprinting is a technique specifically designed to elicit this information.

Answer 205

Sideloading is the process of copying files between two devices like a phone and a laptop, desktop, or storage device.

Answer 206

Isolation. Mark has isolated the system by removing it from the network and ensuring that it cannot communicate with other systems.

Answer 207

Security groups are used to limit network access to a server instance in the cloud. They are the equivalent of network firewall rules in an on-premises environment.

Answer 208

Since the web interfaces are needed to manage the devices, Helen’s best option is to place the IoT devices in a protected VLAN. IoT devices will not typically allow additional software to be installed, meaning that adding firewalls or a HIPS won’t work.

Answer 209

POP (Post Office Protocol): Allows email clients to retrieve emails from a server; the latest version, POP3, is widely used but considered less flexible than IMAP because it typically downloads and deletes messages from the server.

Answer 210

IMAP (Internet Message Access Protocol): Enables email clients to access messages stored on a mail server, allowing for synchronization across multiple devices. It is more versatile than POP3, as emails are stored on the server and can be accessed from anywhere.

Answer 211

SPF (Sender Policy Framework): An email authentication method that prevents sender address forgery by specifying which mail servers are permitted to send email on behalf of a domain.

Answer 212

DKIM (DomainKeys Identified Mail): An email security standard designed to ensure that messages are not altered in transit between the sending and receiving servers, using digital signatures.

Answer 213

DMARC (Domain-based Message Authentication, Reporting, and Conformance): Builds on SPF and DKIM, allowing domain owners to protect their domain from unauthorized use, commonly known as email spoofing. DMARC provides instructions to receiving servers on how to handle non-aligned emails.

Answer 214

Soft Token: A software-based security token that generates a one-time use login PIN. Unlike hard tokens, soft tokens are software that can be installed on a user’s device.

Answer 215

Hard Token: A physical device used to gain access to a secured resource. Hard tokens can generate or store unique authentication codes, passwords, or cryptographic keys.

Answer 216

SCADA (supervisory control and data acquisition) is a system architecture that combines data acquisition and control devices with communications methods and interfaces to oversee complex industrial and manufacturing processes, just like those used in utilities.

Answer 217

The caller is using pretexting, providing Melissa with a story that relies on urgency and perceived authority to get her to take actions she might normally question.

Answer 218

Telnet provides remote command-line access but is not secure. SSH is the most common alternative to telnet, and it operates on port 22.

Answer 219

A. A passive fail-open tap. This type of network tap is designed to allow network traffic to continue flowing even if the tap loses power or fails for some reason. Unlike active taps, which require power to actively direct traffic, passive fail-open taps ensure minimal disruption to network continuity, aligning with Georgia's requirement for maintaining network flow during a power outage.

Answer 220

Journaling. Chris will need a database backup solution that supports Point-in-Time Recovery (PITR) capability. PITR allows the restoration of a database to the exact moment before an outage or corruption occurred by using saved backup files and a log of transactions (journaling) that occurred after the backup. This method ensures minimal data loss, aligning with the goal of achieving a very short Recovery Point Objective (RPO) by replaying transactions up to the specified moment, thus maintaining data integrity and continuity.

Answer 221

Key management system, or KMS, allows customers to securely create, store, and manage keys in a cloud environment.

Answer 222

Out-of-band management places the administrative interface of a switch, router, or other device on a separate network or requires direct connectivity to the device to access and manage it. This ensures that an attacker who has access to the network cannot make changes to the network devices. NAC and port security help protect the network itself, whereas trunking is used to combine multiple interfaces, VLANs, or ports together.

Answer 223

Virtual machine (VM) sprawl occurs when IaaS users create virtual service instances and then forget about them or abandon them, leaving them to accrue costs and accumulate security issues over time. Organizations should maintain instance awareness to avoid VM sprawl issues.

Answer 224

A tap is a device that independently sends a copy of network traffic to another path or location. Both active and passive taps exist, and they offer the advantage of not requiring the switch or router to process the traffic.

Answer 225

The Windows Security log records logon events when logon auditing is enabled.

Answer 226

Password age is set to prevent users from resetting their password enough times to bypass reuse settings.

Answer 227

Users in Maria’s organization are likely to be concerned about what would be wiped if the device was remotely wiped in the event it was lost. If the organization’s policy is to immediately fully wipe the device, and it is then recovered, their personal data may be lost. Organizational policies for BYOD devices can be complex, and many organizations choose to separate user and corporate data more completely via storage segmentation and other capabilities to avoid this scenario.

Answer 228

A security model that requires strict identity verification for every person and device trying to access resources on a private network, regardless of whether they are within or outside of the network perimeter. This approach operates on the principle "never trust, always verify," eliminating implicit trust and continuously authenticating and authorizing users and devices.

Answer 229

In an asymmetric encryption algorithm, each employee needs only two keys: a public key and a private key. Adding a new user to the system requires the addition of these two keys for that user, regardless of how many other users exist.

Answer 230

Picture password asks users to click on specific, self-defined parts of a picture. This means that clicking on those points is something you know.

Answer 231

The aisle where systems in a datacenter exhaust warm air.

Answer 232

Resilience requires capacity planning to ensure that capacity—including staff, technology, and infrastructure—is available when is needed. Although a generator, UPS, various RAID levels, and backups have their place in disaster recovery and contingency planning, they are not the primary focus of resiliency and capacity planning.

Answer 233

DNSSEC uses digital signatures to validate information provided by a DNS server, helping to prevent issues such as DNS poisoning. The public key and signature are passed down during a query. There is a chain of trust with each of the DNS servers involved in resolving a query, so tampering isn't feasible.

Answer 234

Mandatory vacations are designed to force individuals to take time away from the office to allow fraudulent activity to come to light in their absence. The other controls listed here (separation of duties, least privilege, and dual control) are all designed to prevent, rather than detect, fraud.

Answer 235

A testing method where small changes are made to a program's source code to test if the existing test cases can detect the mutations. It helps evaluate the effectiveness of test cases in uncovering defects.

Answer 236

A process that evaluates a program’s behavior during execution to identify errors in the code. Unlike static analysis, it requires the program to be in a running state.

Answer 237

A security technology that uses digital signatures to verify the authenticity and integrity of software code. It assures the recipient that the software has not been altered after it was signed. It is both for authenticity of the author and the integrity of the code itself.

Answer 238

Any deceitful practice or false representation intended to gain unauthorized benefits, such as manipulating digital transactions or stealing personal information.

Answer 239

A security measure requiring two or more authorized individuals to perform and approve sensitive operations or transactions, enhancing protection against unauthorized access or fraud.

Answer 240

The fact that the auditor will be assessing the effectiveness of the controls means that this is a Type 2 report, not a Type 1 report. The fact that it will be shared only under NDA means that it is a SOC 2 assessment.

Answer 241

The hypervisor is supposed to prevent this type of access by restricting a virtual machine’s access to only those resources assigned to that machine.

Answer 242

The privileges required (PR) metric indicates the type of system access that an attacker must have to execute the attack.

Answer 243

A type of network where devices communicate directly without a central router, typically set up for a specific purpose or task. Example: A group of laptops sharing files directly in a meeting.

Answer 244

A direct communication link between two devices, facilitating dedicated data transmission. Example: A leased line connecting two corporate offices.

Answer 245

RFID (Radio-Frequency Identification): Definition: A technology using radio waves to read and capture information stored on a tag attached to an object. Example: Tracking inventory in a warehouse.

Answer 246

Proactive searching through networks to detect and isolate advanced threats that evade existing security solutions. Example: Using threat intelligence to search for indicators of compromise within network logs.

Answer 247

The act of searching for Wi-Fi wireless networks by a person in a moving vehicle, using a device with Wi-Fi to detect vulnerable networks. Example: Mapping out open Wi-Fi networks in a city.

Answer 248

- **Root CAs:** The top-level certification authorities that issue Digital Certificates. They are trusted entities that issue certificates to Intermediate or lower-level CAs. - **Intermediate CAs:** Entities authorized by a Root CA to issue certificates to end entities or other lower-level Intermediate CAs. They act as a chain between the Root CA and end-entity certificates to spread the trust. - **Public CAs:** Commercial entities that issue digital certificates to the public for securing web transactions. - **Private CAs:** Operated within an organization for internal purposes, not trusted by external entities unless the root certificate is manually imported.

Answer 249

Vulnerability scans are the best way to find new services that are offered by systems. In fact, many vulnerability scanners will flag new services when they appear, allowing administrators to quickly notice unexpected new services.

Answer 250

The correct answer is role-based training. This approach tailors the training content to the specific job responsibilities of an individual. For a customer service representative like James, the focus would be on nontechnical aspects, particularly on dealing with social engineering and pretexting attacks. Anomalous behavior recognition, while important, is more focused on recognizing unexpected or risky behavior internally and is not specifically tailored to his role. Hybrid/remote work environment training and security policy training, although crucial, deal with best practices for remote work security and organizational security policies, respectively, and are not directly related to handling social engineering and pretexting attacks, which are a significant part of James’s job responsibilities.

Answer 251

Paul’s scenario is ideally suited to an internal audit. This is because internal audits are often conducted when management or the board of a company wishes to gain assurance that the company is meeting its compliance obligations. Furthermore, these audits are designed to identify control gaps in anticipation of a more formal external audit. While external audits and independent third-party audits can provide validation of an organization’s controls, they are typically performed by outside auditing firms or other organizations, not the organization itself and are more expensive.

Answer 252

MMS (Multimedia Messaging Service): Definition: A standard way to send messages that include multimedia content over mobile networks. Example: Sending a photo or video clip via text message.

Answer 253

RCS (Rich Communication Services): Definition: A communication protocol between mobile carriers and between phone and carrier, aiming to replace SMS messages with a richer text message system. Example: Chat features over mobile data, like group chat, video, and file sharing within text messaging.

Answer 254

An objective examination and evaluation of an organization's operations and controls conducted by an internal team. Example: A company conducts an internal audit to assess the effectiveness of its financial controls.

Answer 255

An evaluation performed by an external organization not affiliated with the client, to ensure transparency and objectivity. Example: A cybersecurity firm assessing a company's IT infrastructure for vulnerabilities.

Answer 256

Sending unsolicited messages to Bluetooth-enabled devices. Example: Sending a business card or note to a nearby device through Bluetooth without the owner's consent.

Answer 257

A security breach that occurs when an attacker gains physical access to a device left unattended. Example: Installing a keylogger on a laptop left in a hotel room.

Answer 258

Unauthorized access to or theft of information from a Bluetooth-enabled device. Example: Extracting a contact list from a phone without permission.

Answer 259

This is an example of the guard rails use case for automation. Cybersecurity professionals can use scripting to automatically review user actions and block any that are outside of normal parameters.

Answer 260

An on-path attack, formerly known as a man-in-the-middle (MitM) attack, occurs when an attacker intercepts the data path between a user's device and the network's gateway. By positioning themselves in the communication path, attackers can intercept, modify, or redirect data without the knowledge of the parties involved. In Lori's case, the redirection of traffic to an alternate gateway suggests that an attacker has successfully inserted themselves into the data path, making "on-path attack" the most accurate description of what she is likely investigating.

Answer 261

Replaying previously recorded communication in order to deceive someone.

Answer 262

Differential backups back up the changes since the last full backup.

Answer 263

SSL stripping (or TLS stripping) relies on making the end user believe that they have a secure connection but instead proxies that connection via an on-path system that intercepts requests, terminates the SSL or TLS connection, and then passes those requests on to the legitimate server after either capturing or modifying the traffic.

Answer 264

Domain validation (DV) certificates require only verification of domain ownership, which can normally be done through an automated process. Other types of certificates require more thorough and time-consuming verification steps.

Answer 265

In this case, the physicians maintain the data ownership role. They have chosen to outsource data processing to Helen’s organization, making that organization a data processor.

Answer 266

Site surveys are done to map existing installations and to create wireless signal heat maps to determine where a new access point may be needed or where coverage is weak.

Answer 267

Geofencing will allow Michelle to determine what locations the device should work in. The device will then use geolocation to determine when it has moved and where it is.

Answer 268

A type of cryptographic attack that exploits the mathematics behind the birthday problem in probability to find collisions in hash functions. Example: Attacker uses it to find two different inputs that produce the same hash output, compromising digital signatures.

Answer 269

A form of encryption allowing computation on ciphertexts, generating an encrypted result that, when decrypted, matches the result of operations performed on the plaintext. Example: Voting systems where votes are encrypted but can still be tallied without decryption.

Answer 270

An attack where a secure connection is downgraded to a less secure version, making it vulnerable to breaches. Example: Forcing a connection to use outdated, less secure encryption.

Answer 271

A test of a system's ability to transfer operations to a backup system in the event of failure. Example: Switching to a secondary server when the primary server crashes to ensure service continuity.

Answer 272

A cyberattack intended to redirect a website's traffic to a fake website without the user's consent or knowledge. Example: Modifying DNS settings to redirect users from a bank's website to a fraudulent one.

Answer 273

An attack where the attacker intercepts and alters the communication between a client and a server, downgrading it from a secure HTTPS connection to an insecure HTTP connection. Example: Intercepting web traffic to steal information.

Answer 274

Simultaneous Authentication of Equals (SAE) provides a more secure initial key exchange process than PSKs (preshared keys) did in WPA2.

Answer 275

Mobile Device Management

Answer 276

D. How to exchange keys between two users or systems that have never interacted before is a key problem in cryptographic systems. Protocols like Diffie–Hellman key exchange address this issue for cryptographic systems, allowing users to securely exchange secret keys even if they have no preexisting trusted channel.

Answer 277

Risky login detection schemes look at impossible travel times between geographic locations using GeoIP capabilities. This means that they can detect that a user cannot reasonably have logged in from a site in one location and then traveled to a second location and logged in there. Although VPN usage can cause issues with this, in general this is a useful setting to avoid the use of stolen or shared credentials.

Answer 278

Ransomware groups and others commonly publish information on the dark web as well as engaging via forums and similar sites there. Kayla’s best bet is the dark web. Information-sharing organizations may gather information from the dark web, but without knowing more about a specific organization, its members, and their methodologies, that’s not certain. Responsible disclosure programs are used to notify vendors of flaws, and vendor websites may provide information specific to their products.

Answer 279

SASE (Secure Access Service Edge) is an innovative cybersecurity framework that merges the best of network and security architectures into a unified, cloud-native service. It integrates the flexibility and efficiency of SD-WAN (Software-Defined Wide Area Networking) with a comprehensive suite of security tools including Zero Trust network access protocols, advanced firewalls, and CASBs (Cloud Access Security Brokers). By doing so, SASE offers a more streamlined and effective approach to securing both network access and data protection across diverse environments. It is particularly well-suited for organizations with dispersed workforces, supporting secure, high-performance connections for users and devices anywhere, whether they're in the office, on the move, or working remotely. This modern approach ensures that security policies and protections are uniformly applied, simplifying management and enhancing security posture without sacrificing the user experience or network performance.

Answer 280

Secure baselines are used to document the settings and procedures used to configure systems or devices.

Answer 281

Common Vulnerabilities and Exposures (CVE) provides a standard nomenclature for describing security-related software flaws.

Answer 282

DNS reputation services can provide Jill with an automated feed of malicious sites that she can include in her DNS filter.

Answer 283

Christopher's (recipient) public key. When encrypting a message using an asymmetric encryption algorithm, the person performing the encryption does so using the recipient’s public key.

Answer 284

Offsite journaling will allow transactions to be recorded and to remain available if a significant event occurred that involved his datacenter. Snapshots are useful at a point in time but do not retain a transaction log between snapshots. PITR is also important for this scenario.

Answer 285

In a symmetric encryption system, each pair of users needs a unique key to communicate securely. When the 11th employee joins Acme Widgets, they will need a shared secret key with every existing employee. There are 10 existing employees, so 10 new keys are required.

Answer 286

External audit. Audits performed to validate an organization’s financial statements are very formal audits that are performed by independent third-party auditors.

Answer 287

A degausser is a quick and effective way to erase a tape before it is reused. Wiping a tape by writing 1s, 0s, or a pattern of 1s and 0s to it will typically be a slow operation and is not a common method of destroying data on a tape.

Answer 288

sFlow samples only network traffic, meaning that some detail will be lost. The primary concern for analysts who deploy sFlow is often that it samples only data, meaning some accuracy and nuance can be lost in the collection of flow data. Sampling, as well as the implementation methods for sFlow, means that it scales well to handle complex and busy networks.

Answer 289

It is digitally signed. DNSSEC does not encrypt data but does rely on digital signatures to ensure that DNS information has not been modified and that it is coming from a server that the domain owner trusts.

Answer 290

SD-WAN (software-defined wide area network) is commonly used to replace MPLS (Multiprotocol Label Switching) networks, which are typically higher cost than other connectivity options.

Answer 291

Use forensic memory acquisition techniques. Firmware can be challenging to access, but both memory forensic techniques and direct hardware interface access are viable means in some cases.

Answer 292

The single loss expectancy (SLE) is the amount of damage expected to occur as the result of a single successful attack.

Answer 293

Jerome should deploy a captive portal that requires users to provide information before being moved to a network segment that allows Internet access.

Answer 294

Controls offered by cloud service providers have the advantage of direct integration with the provider’s offerings, often making them cost-effective and user-friendly. Third-party solutions are often more costly, but they bring the advantage of integrating with a variety of cloud providers, facilitating the management of multicloud environments.

Answer 295

The /etc/shadow file contains password hashes for most modern Linux implementations, and Ben can then use a tool such as rainbow tables or John the Ripper to crack passwords.

Answer 296

Amanda has most likely discovered a botnet’s command and control channel, and the system or systems she is monitoring are probably using IRC as the command and control channel. Spyware is likely to simply send data to a central server via HTTP/HTTPS, worms spread by attacking vulnerable services, and a hijacked web browser would probably operate on common HTTP or HTTPS ports (80/443).

Answer 297

The attack would result in the total loss of customer data stored in the database, making the exposure factor (EF) 100 percent.

Answer 298

The time-of-check-to-time-of-use (TOCTTOU or TOC/TOU) issue is a race condition that occurs when a program checks access permissions too far in advance of a resource request.

Answer 299

The policy engine. In a zero-trust reference design, a subject’s use of a system that is untrusted connects through a policy enforcement point allowing trusted transactions to the enterprise resources. A policy engine makes policy decisions based on rules that are then acted on by policy administrators. Policy enforcer is not a part of the reference design.

Answer 300

Brenda’s company is offering a technology service to customers on a managed basis, making it a managed service provider (MSP). However, this service is a security service, so the term managed security service provider (MSSP) is a better description of the situation.

Answer 301

A warm site has all the hardware and networking needed to run essential operations, but it does not have the data ready to go. A cold site is essentially just space to bring in equipment, networking, and data. A hot site has everything you need, and you may have to bring just the last data update.

Answer 302

A real-time operating system (RTOS) is an OS that is designed to handle data as it is fed to the operating system, rather than delaying handling it as other processes and programs are run. Real-time operating systems are used when processes or procedures are sensitive to delays that might occur if responses do not happen immediately.

Answer 303

LDAP (Lightweight Directory Access Protocol): Definition: A protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network. Example: Used by organizations for storing user contact info and integrating login systems.

Answer 304

IPSEC (Internet Protocol Security): Definition: A suite of protocols designed to secure Internet Protocol (IP) communications by authenticating and encrypting each IP packet in a data stream. Example: Used to establish secure VPN connections.

Answer 305

SCAP Framework (Security Content Automation Protocol): Definition: A suite of standards for automating the way systems maintain security. Example: Enables automated vulnerability management, measurement, and policy compliance evaluation.

Answer 306

MPLS (Multiprotocol Label Switching): Definition: A routing technique in telecommunications networks that directs data from one node to the next based on short path labels rather than long network addresses. Example: Used by ISPs to improve traffic flow and speed up network performance.

Answer 307

Definition: A network authentication protocol designed to provide strong authentication for client/server applications by using secret-key cryptography. Example: Used in secure network environments to authenticate users accessing services.

Answer 308

Definition: A web page accessed with a web browser that is displayed to newly connected users of a Wi-Fi network before they are granted broader access. Example: Used in airports, hotels, and cafes to require users to accept terms or provide login information.

Answer 309

Wi-Fi Protected Setup (WPS) is a feature in Wi-Fi security that allows for the easy setup of a secure wireless home network by capturing the WPS PIN, simplifying the process of connecting devices.

Answer 310

This is an example of a reflected attack because the script code is contained within the URL.

Answer 311

XDR (Extended Detection and Response): Definition: A step beyond EDR, XDR extends capabilities across multiple layers of security, integrating data from emails, endpoints, servers, cloud workloads, and networks for a more comprehensive threat detection and response.

Answer 312

SELinux (Security-Enhanced Linux): Definition: A security module for the Linux kernel that provides a mechanism for supporting access control security policies, including mandatory access controls (MAC), enhancing system security by restricting programs to the least amount of privilege they need to run.

Answer 313

C. By applying the patch, Jen has removed the vulnerability from her server. This also has the effect of eliminating this particular risk. Jen cannot control the external threat of an attacker attempting to gain access to her server.

Answer 314

Hybrid cloud (multi-cloud) environments blend elements of public, private, and/or community cloud solutions. A hybrid cloud requires the use of technology that unifies the different cloud offerings into a single, coherent platform.

Answer 315

Transport Layer Security (TLS) is commonly used to wrap (protect) otherwise insecure protocols. In fact, many of the secure protocols simply add TLS to protect them.

Answer 316

- Identify - Protect - Detect - Respond - Recover

Answer 317

Endpoint detection and response (EDR) tools protect endpoints while connecting to a central management and analysis console that helps detect and respond to threat behaviors.

Answer 318

Rootkits are designed to hide from antimalware scanners and can often defeat locally run scans. Mounting the drive in another system in read-only mode or booting from a USB drive and scanning using a trusted, known good operating system can be an effective way to determine what malware is on a potentially infected system.

Answer 319

C. Type I hypervisors, also known as bare-metal hypervisors, run directly on top of the physical hardware and, therefore, do not require a host operating system.

Answer 320

Also known as bare-metal hypervisors, run directly on top of the physical hardware and, therefore, do not require a host operating system.

Answer 321

The Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM) is a reference document designed to help organizations understand the appropriate use of cloud security controls and map those controls to various regulatory standards.

Answer 322

The Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM) is a reference document designed to help organizations understand the appropriate use of cloud security controls and map those controls to various regulatory standards.

Answer 323

Synchronous replication. This occurs in real time, whereas asynchronous replication occurs after the fact but more regularly than a backup.

Answer 324

D. Technology diversity helps ensure that a single failure—due to a vendor, vulnerability, or misconfiguration—will not impact an entire organization. Technology diversity does have additional costs, including training, patch management, and configuration management.

Answer 325

Mike’s best option is to identify the log information available from the provider and to request any additional information knowing that he may not receive more detail unless there is contractual language that specifies it.

Answer 326

Simultaneous Authentication of Equals (SAE) is a secure authentication method used primarily in Wi-Fi Protected Access 3 (WPA3) for establishing a mutual authentication between devices on a network. Unlike traditional methods where one party authenticates to another, SAE allows both parties to authenticate each other simultaneously, enhancing security. It protects against common attacks such as offline dictionary attacks, ensuring that the session traffic between the authenticated devices is encrypted and secure. This method is crucial for creating a protected wireless network environment where both the access point and the client can trust each other's identity.

Answer 327

Simultaneous Authentication of Equals (SAE) is used to establish a secure peering environment and to protect session traffic.

Answer 328

This scenario describes a **vishing attack**. Vishing, or voice phishing, involves the use of phone calls or voice messages to deceive individuals into divulging personal, financial, or security information. In this case, the attacker uses the pretext of unpaid taxes and the guise of authority (posing as the IRS) to manipulate Madhuri into sharing sensitive information, which could be used for fraudulent activities or identity theft.

Answer 329

All of these statements are correct except for the statement that all cryptographic keys should be kept secret. The exception to this rule are public keys used in asymmetric cryptography. These keys should be freely shared.

Answer 330

Decentralized governance models use a bottom-up approach, where individual business units are delegated the authority to achieve cybersecurity objectives and then may do so in the manner they see fit.

Answer 331

A centralized governance model uses a top-down approach, where a central authority creates policies and standards that are then enforced throughout the organization.

Answer 332

MOU (Memorandum of Understanding): A formal agreement between two or more parties. It's not legally binding but indicates an intended common line of action.

Answer 333

MSA (Master Service Agreement): A contract reached between parties, in which the parties agree to most of the terms that will govern future transactions or future agreements.

Answer 334

A Blanket Purchase Agreement (BPA) is a pre-arranged contract between an organization and a supplier to provide goods or services on an as-needed basis at set prices. It streamlines the procurement process for recurring needs, reducing the need for repetitive bidding or negotiation. BPAs are like having a "tab" with trusted vendors, making it easier and faster to reorder supplies or services without renegotiating terms. This approach is efficient for managing long-term relationships with suppliers, ensuring quick access to necessary resources while potentially leveraging volume discounts.BPA (Blanket Purchase Agreement):

Answer 335

The principle of data sovereignty states that data is subject to the legal restrictions of any jurisdiction where it is collected, stored, or processed. In this case, Howard needs to assess the laws of all three jurisdictions.

Answer 336

Chris could use either host-based or network-based DLP to meet his needs. The key technology in this scenario is the use of watermarking as the identification technique for sensitive data. Chris can tag all the documents in the secure repository with digital watermarks to flag them to the DLP system. Pattern recognition would not be a useful tool in this case because new documents are regularly added to the repository.

Answer 337

The International Organization for Standardization (ISO) publishes ISO 27701, covering privacy controls. ISO 27001 and 27002 cover cybersecurity, and ISO 31000 covers risk management.

Answer 338

Chain-of-custody documentation tracks evidence throughout its life cycle, with information about who has custody or control and when transfers happened, and continues until the evidence is removed from the legal process and disposed of.

Answer 339

Most organizations plan to replace a device before it reaches end of support. Running devices past their end of support places the organization at risk because no support will be available if something goes wrong. End of life typically means that the device will no longer be sold, but it will continue to receive updates, patches, and support for some time to come.

Answer 340

Gurvinder’s requirements fit the COPE (corporate-owned, personally enabled) mobile device deployment model.

Answer 341

The corporate-owned, personally enabled (COPE) model provides devices to users but allows them to use the device for their own use as well. BYOD (bring your own device) simply uses personally owned devices, while CYOD (choose your own device) allows users to select typically from a limited set of devices that the organization purchases and provides. COBO (corporate owned, business only), while not found in the current exam outline, is a common model in high-security environments.

Answer 342

Certificate stapling. The Online Certificate Status Protocol (OCSP) provides real-time checking of a digital certificate’s status using a remote server. Certificate stapling attaches a current OCSP response to the certificate to allow the client to validate the certificate without contacting the OCSP server.

Answer 343

Agent-based, preadmission NAC will provide Isaac with the greatest amount of information about a machine and the most control about what connects to the network and what can impact other systems. Since systems will not be connected to the network, even to a quarantine or preadmission zone, until they have been verified, Isaac will have greater control.

Answer 344

NAC (Network Access Control): - Preadmission vs. Postadmission: Preadmission control authenticates devices before they connect to the network, ensuring they meet security policies. Postadmission control monitors devices after connection for compliance and behavior. - Agent-Based vs. Agentless: Agent-based NAC requires software installed on devices to monitor and enforce policies. Agentless NAC does not require any software on the end-user devices, using the network infrastructure to enforce access policies.

Answer 345

A UPS (uninterruptible power supply) relies on batteries or other stored power to keep systems online during short power outages, and it can also provide stable power during power sags and undervoltage events.

Answer 346

Credentialed scans only require read-only access to target servers. Renee should follow the principle of least privilege and limit the access available to the scanner.

Answer 347

A web application firewall (WAF) can do exactly what Nicole needs. WAF software and hardware specialize in protecting web applications by analyzing traffic sent to the web application and blocking known malicious traffic and traffic patterns. Nicole can write a detection that will match the malicious SQL code from the zero-day attack while being careful not to write an overly broad or overly narrow detection. Once it’s deployed, she can continue to run her web application until a patch is released while remaining safe because of her WAF.

Answer 348

Hardware security modules (HSMs) are used to create, store, and manage cryptographic certificates and keys in a secure manner.

Answer 349

The Recovery Time Objective (RTO) is the amount of time that the organization can tolerate a system being down before it is repaired. That is the metric that Gene has identified in this scenario.

Answer 350

Edge computing, which involves placing compute power at the client to allow it to perform preprocessing before sending data back to the cloud.

Answer 351

A. Simultaneous Authentication of Equals (SAE) is a major addition to WPA3’s Personal mode, and it actually helps prevent dictionary attacks. AES encryption remains in use, but Wi-Fi Protected Setup (WPS) is being removed.

Answer 352

Keyboard and other input from the user

Answer 353

A Type II hypervisor is the only type of hypervisor that uses a host operating system. A Type I hypervisor, or bare-metal hypervisor, runs directly on top of the physical hardware.

Answer 354

C. If there are known limitations or issues with the tools used, this should be included in the report. The type of system the tool was installed on may influence performance but should not influence the report or output. Training and certification may be listed as part of a team description but are not required as part of tool description. Finally, patch levels or installed versions are not critical unless there are known issues that would have been described as such.

Answer 355

The system attests to a verification platform about the trustworthiness of the software it is running after it completes the boot process.

Answer 356

UPS (Uninterruptible Power Supply): A device that provides emergency power to a load when the input power source fails, ensuring continuous operation during short outages.

Answer 357

A redundancy feature in critical systems, where two power supplies operate in parallel to ensure continuous power in case one fails.

Answer 358

SLE (Single Loss Expectancy): The expected monetary loss every time a risk occurs, an essential part of quantitative risk analysis.

Answer 359

MTBF (Mean Time Between Failures): A reliability metric that predicts the time between inherent failures of a system during operation.

Answer 360

RPO (Recovery Point Objective): The maximum targeted period in which data might be lost due to a major incident, guiding the frequency of backups.

Answer 361

An architectural model that uses edge devices to carry out a substantial amount of computation, storage, and communication locally and routed over the internet backbone.

Answer 362

In symmetric encryption algorithms, both the sender and the receiver use a shared secret key to encrypt and decrypt the message, respectively.

Answer 363

The recipient of a digitally signed message may verify the digital signature by decrypting it with the public key of the individual who signed the message.

Answer 364

A Trusted Platform Module (TPM) is used by UEFI as part of the boot process to validate the boot objects and programs or to document what is started so that boot attestation can occur.

Answer 365

Business email compromise (BEC) relies on using apparently legitimate email addresses to conduct scams and other attacks.

Answer 366

Usernames, certificates, tokens, SSH keys, and smart cards.

Answer 367

They conduct site surveys and create heat maps showing where coverage is relative to existing access points.

Answer 368

The primary responsibility of the hypervisor is enforcing isolation between virtual machines. This means that the hypervisor must present each virtual machine with the illusion of a completely separate physical environment dedicated for use by that virtual machine.

Answer 369

Periodic risk assessments, security planning exercises, the incorporation of security into the organization’s change management, service acquisition, and project management practices

Answer 370

Set permissions properly; consider high availability and durability options; and use encryption to protect sensitive data.

Answer 371

Managed security service provider (MSSP).

Answer 372

The European Union’s General Data Protection Regulation (GDPR) requires that every data controller designate a data protection officer (DPO) who bears overall responsibility for carrying out the organization’s data privacy efforts.

Answer 373

They define permissible network traffic.

Answer 374

- **Strategic Risk**: Risks that arise from decisions that affect the strategic direction of an organization, such as entering new markets or launching new products. - **Operational Risk**: Risks associated with the day-to-day operations of an organization, including failures in internal processes, systems, and people, or from external events. - **Compliance Risk**: Risks of legal or regulatory sanctions, financial loss, or damage to reputation an organization may suffer as a result of failing to comply with laws, regulations, codes of conduct, or standards of good practice. - **Financial Risk**: Risks related to the financial health of an organization, including market risk, credit risk, liquidity risk, and interest rate risk. - **Reputational Risk**: Risks that can damage an organization's reputation, leading to loss of revenue, customers, or partners. This can be caused by various factors, including poor customer service, security breaches, and non-compliance with legal and ethical standards.

Answer 375

Analyzing code without executing it.

Answer 376

Executing code as a part of the test, running all the interfaces that the code exposes to the user with a variety of inputs, searching for vulnerabilities.

Answer 377

Combines static and dynamic testing, analyzing the source code while testers interact with the application through exposed interfaces.

Answer 378

Misinformation is incorrect information, often resulting from getting facts wrong. Disinformation is incorrect, inaccurate, or outright false information that is intentionally provided to serve an individual or organization’s goals.

Answer 379

MAM (Mobile Application Management): Mobile Application Management refers to the strategy and tools used for controlling access to internally developed and commercially available mobile apps used in business settings. Unlike device management, MAM focuses on app distribution, licensing, configuration, and updating, providing data security without managing the entire device.

Answer 380

UEM (Unified Endpoint Management) refers to a software solution or platform designed to provide a single, integrated approach to managing and securing all types of devices and endpoints within an organization. This includes desktops, laptops, smartphones, tablets, and IoT (Internet of Things) devices, regardless of their operating systems. Key Aspects of UEM: - Centralized Management: UEM allows IT administrators to manage, configure, and secure devices from a central console, streamlining operations and reducing the complexity traditionally associated with managing a diverse device landscape. - Policy Enforcement: It enables the enforcement of consistent policies across all endpoints, such as security configurations, application restrictions, and data access controls, enhancing overall security and compliance. - Software and Application Management: UEM platforms facilitate the deployment, updating, and management of applications across all managed devices, ensuring that software is kept up-to-date and compliant with organizational standards. - Security Features: These solutions often include security functionalities like encryption management, malware protection, and intrusion detection to safeguard devices and data against threats. - Support for BYOD and Remote Work: UEM solutions are particularly valuable in supporting Bring Your Own Device (BYOD) policies and remote or mobile workforces by providing tools to manage and secure devices that are not owned by the organization but access its resources. In essence, UEM is not a method or practice but rather a comprehensive software solution that empowers organizations to efficiently manage and secure a wide array of endpoint devices through unified policies, tools, and procedures. It represents an evolution from traditional device management solutions like MDM (Mobile Device Management) and EMM (Enterprise Mobility Management) to address the increasing diversity and complexity of the modern endpoint environment.

Answer 381

Operational risks involve losses stemming from failed or inadequate internal processes, people, and systems, or from external events. This category includes technical failures, fraud, and other disruptions in day-to-day business operations.

Answer 382

Financial risks are associated with the financial operations and transactions of an organization. This includes market risk, credit risk, liquidity risk, and legal risks that directly affect the financial stability of the company.

Answer 383

Compliance risks arise from violations of, or non-conformance with, laws, regulations, codes of conduct, or organizational standards of practice. This includes failing to meet industry standards, legal sanctions, or fines.

Answer 384

Strategic risks are uncertainties or circumstances that can affect an organization's ability to achieve its objectives. This includes competition, market changes, partnerships, and business model risks.

Answer 385

Reputational risks involve potential damage to an organization's reputation due to some other event, action, or inaction. This can result from social media activity, customer feedback, or poor product quality, impacting customer trust and company value.

Answer 386

- CRL (Certificate Revocation List): A list of certificates that have been revoked before their expiration date, published by the CA. - OCSP (Online Certificate Status Protocol): A protocol used to obtain the revocation status of an X.509 digital certificate without requiring CRL download. - Certificate Stapling: A method where the server periodically queries the OCSP responder and then attaches ("staples") the response to the handshake, reducing the burden on clients.

Answer 387

A capability that allows you to limit the number of MAC addresses that can be used on a single port.

Answer 388

Local File Inclusion (LFI) attacks involve exploiting vulnerabilities to execute files located on the server, potentially leading to unauthorized access or code execution. Remote File Inclusion (RFI) attacks extend this threat by exploiting vulnerabilities to execute code from a remote server, allowing attackers to inject malicious scripts. The key difference lies in the source of the executable code: LFI targets the server's own filesystem, while RFI uses external sources to execute code, significantly broadening the attack vector.

Answer 389

Root cause analysis is used to determine why an event or issue occurred

Answer 390

Software-defined networking (SDN) uses software-based network configuration to control networks. SDN designs rely on controllers that manage network devices and configurations, centrally managing the software-defined network.

Answer 391

Hashing and validating

Answer 392

Version of X.509; serial number; signature algorithm identifier; issuer name; validity period; subject’s Common Name (CN); certificates may optionally contain Subject Alternative Names (SAN) that allow you to specify additional items (IP addresses, domain names, and so on) to be protected by the single certificate; and subject’s public key

Answer 393

Tabletop, walkthroughs, simulations

Answer 394

The entity who determines the reasons for processing personal information and directs the methods of processing that data.

Answer 395

Risk appetite, regulatory requirements, technical constraints, business constraints, licensing limitations

Answer 396

Offline distribution, public key encryption, and the Diffie–Hellman key exchange algorithm

Answer 397

Forensics may be used for investigations, incident response, intelligence, and counterintelligence.

Answer 398

Trusted Platform Module (TPM) chips enhance device security through hardware-based encryption capabilities. They offer three critical functions: Remote Attestation, verifying device integrity by checking if the system's hardware and software configurations are as expected; Binding, which encrypts data using TPM keys, ensuring that encrypted data can be accessed only on the TPM-enabled device; and Sealing, similar to binding but with added conditions that the TPM evaluates, allowing data decryption only if the system remains in a trusted state, enhancing data protection against unauthorized access or tampering.

Answer 399

Restore network connectivity and a bastion or shell host; restore network security devices (firewalls, IPS); restore storage and database services; restore critical operational servers; restore logging and monitoring service; and restore other services as soon as possible.

Answer 400

Cellular, Wi-Fi, Bluetooth, NFC, RFID, Infrared, GPS, USB

Answer 401

The certificate was compromised (e.g., the certificate owner accidentally gave away the private key); the certificate was erroneously issued (e.g., the CA mistakenly issued a certificate without proper verification); the details of the certificate changed (e.g., the subject’s name changed); and the security association changed (e.g., the subject is no longer employed by the organization sponsoring the certificate).

Answer 402

A service provider that processes personal information on behalf of a data controller.

Answer 403

1. **Signature-based Detection**: This method relies on a database of known malware signatures to identify threats by comparing files against these signatures. 2. **Heuristic/Behavior-based Detection**: Utilizes algorithms to analyze the behavior of programs and detect abnormal actions that could indicate malicious intent, rather than relying solely on known malware signatures. 3. **Artificial Intelligence (AI) and Machine Learning (ML) Systems**: These techniques leverage complex models that learn from vast amounts of data on malware characteristics and behavior, improving over time to predict and identify new types of malware. 4. **Sandboxing**: Involves executing programs in a controlled virtual environment to observe their behavior. Any suspicious or potentially harmful activity is contained within the sandbox, preventing damage to the actual system.

Answer 404

Known environment, unknown environment, and partially known environment

Answer 405

TOTP, or time-based one-time passwords and HMAC-based one-time password (HOTP)

Answer 406

BYOD (bring your own device), CYOD (choose your own device) COPE (Corporate owned, personally enabled), and corporate owned

Answer 407

A rootkit is a type of malicious software designed to gain unauthorized access to a computer system while hiding its presence. Rootkits enable continued privileged access to a computer by concealing certain processes, files, or system data from the operating system and antivirus programs. This stealthiness makes rootkits particularly dangerous and difficult to detect, allowing them to persist on a compromised system for an extended period without detection.

Answer 408

Endpoint Detection and Response (EDR) tools are security solutions designed for continuous monitoring and response to threats on endpoint devices. They utilize a combination of real-time monitoring, data collection, and analytics to identify suspicious activities. EDR systems excel in investigating security incidents by examining historical data, enabling IT professionals to detect, investigate, and respond to cyber threats efficiently. Their strength lies in their ability to provide detailed forensic analysis and proactive threat hunting capabilities, enhancing an organization's ability to respond to and mitigate potential security breaches. Typical endpoint devices monitored by EDR tools include desktops, laptops, servers, and mobile devices such as smartphones and tablets. EDR solutions can also extend their monitoring to other connected devices within a network, like IoT devices, to provide comprehensive security coverage.

Answer 409

Security Assertions Markup Language (SAML) is an XML-based open standard for exchanging authentication and authorization information.

Answer 410

Three areas for capacity planning are people, technology, and infrastructure.

Answer 411

Members of management or organizational leadership, technical experts, communications and public relations staff, legal and human relations staff, law enforcement

Answer 412

Signature-based detections rely on a known hash or signature matching to detect a threat. Heuristic or behavior-based detections look for specific patterns or sets of actions that match threat behaviors. Anomaly-based detections establish a baseline for an organization or network and then flags when out-of-the-ordinary behavior occurs.

Answer 413

Message-based threat vectors, wired networks, wireless networks, systems, files and images, removable devices, cloud, and supply chain

Answer 414

Block storage allocates large volumes of storage for use by virtual server instance(s). Block storage splits data into fixed-sized blocks, each with a unique identifier. It's efficient for databases and applications requiring high performance, as blocks can be stored across different environments. Object storage provides customers with the ability to place files in buckets and treat each file as an independent entity that may be accessed over the web or through the provider’s API. Object storage keeps data as objects within a flat architecture, each containing the data, metadata, and a unique identifier. It's scalable, cost-effective for storing vast amounts of unstructured data, such as photos, videos, and backup files, making it ideal for cloud storage solutions and big data analytics.

Answer 415

- Information governance - Identification of electronically stored information - Preservation of the information - Collection of the information - Processing of the data - Review of the data - Analysis of the information - Production of the data - Presentation for testimony in court and for further analysis

Answer 416

An individual who carries out the intent of the data controller or stewardship responsibility but is responsible for the secure safekeeping of information.

Answer 417

Tabletop exercises, simulation exercises, parallel processing, and failover exercises

Answer 418

Attackers use a technique called blind SQL injection to conduct an attack even when they don’t have the ability to view the results directly. Two forms of blind SQL injection are content-based and timing-based.

Answer 419

User accounts; privileged or administrative accounts; shared and generic accounts or credentials; guest accounts; and service accounts associated with applications and services

Answer 420

Through code signing. Developers digitally sign their code with their own private key and then browsers can use the developer’s public key to verify that signature and ensure that the code is legitimate and was not modified by unauthorized individuals.

Answer 421

- The addition of new users requires the generation of only one public-private key pair - users can be removed far more easily from asymmetric systems - key regeneration is required only when a user’s private key is compromised - asymmetric key encryption can provide integrity, authentication, and nonrepudiation - key distribution is a simple process - no preexisting communication link needs to exist.

Answer 422

Top secret, secret, confidential, and unclassified

Answer 423

Audits are formal reviews of an organization’s security program or specific compliance issues conducted on behalf of a third party. Assessments are less formal reviews of security controls that are typically requested by the security organization itself in an effort to engage in process improvement.

Answer 424

Quantitative risk analyses use numeric data, resulting in assessments that allow the very straightforward prioritization of risks. Qualitative risk analysis substitutes subjective judgments and categories for strict numerical analysis, allowing the assessment of risks that are difficult to quantify.

Answer 425

RFID cloning attacks work by cloning an RFID tag or card.

Answer 426

Confidentiality, integrity, authentication, and nonrepudiation.

Answer 427

KPIs quantitatively measure vendors’ performance in order to ensure that vendors are meeting the agreed-upon standards.

Answer 428

Environmental attacks include attacks like targeting an organization’s heating and cooling systems, maliciously activating a sprinkler system, and similar actions.

Answer 429

Firewall settings, network segmentation, intrusion detection systems (IDSs), intrusion prevention systems (IPSs)

Answer 430

DomainKeys Identified Mail (DKIM) allows organizations to add content to messages to identify them as being from their domain. Sender Policy Framework (SPF) allows organizations to publish a list of their authorized email servers. SPF records specify which systems are allowed to send email from that domain. Domain-based Message Authentication, Reporting and Conformance (DMARC) is a protocol that uses SPF and DKIM to determine if an email message is authentic.

Answer 431

Parameter pollution is one technique that attackers have successfully used to defeat input validation controls.

Answer 432

Quantitative risk analysis involves evaluating the potential impact of identified risks in monetary terms. It starts by assessing the value of the assets at risk (AV), then estimating the likelihood of a risk event occurring and the potential damage or loss resulting from such an event. This process leads to the calculation of the Single Loss Expectancy (SLE), which is the cost of a single risk occurrence. Finally, by estimating how often the risk might occur in a year, the Annualized Loss Expectancy (ALE) is calculated, providing a yearly financial loss estimate.

Answer 433

It refers to the ongoing efforts to ensure that the implemented policies and controls are effective and continuously maintained.

Answer 434

Secure boot ensures that the system boots using only software that the original equipment manufacturer (OEM) trusts. Measured boot is intended to help prevent boot-level malware. Measured boot processes measure each component, starting with the firmware and ending with the boot start drivers.

Answer 435

Risk Severity = Likelihood * Impact

Answer 436

- System logs - application logs - security logs - vulnerability scan output - network and security device logs - web logs - DNS logs - authentication logs - dump files - VoIP logs - SIP logs

Answer 437

- The overall computational power and capacity of embedded systems is usually much lower than a traditional PC or mobile device - embedded systems may not connect to a network - without network connectivity CPU and memory capacity, and other elements, authentication is also likely to be impossible - embedded systems may be very low cost, but many are effectively very high cost because they are a component in a larger industrial or specialized device

Answer 438

Public cloud, private cloud, community cloud, and hybrid cloud.

Answer 439

Step-by-step guides intended to help incident response teams take the right steps in a given scenario.

Answer 440

1. **Vulnerability Assessment**: This involves identifying, quantifying, and prioritizing (or ranking) the vulnerabilities in a system. Tools and techniques such as automated scanning software and manual testing methods are used to discover vulnerabilities in systems and network infrastructures. The aim is to find security weaknesses that could be exploited by attackers. 2. **Threat Assessment**: This component focuses on identifying the potential threats facing an organization. This includes analyzing who the attackers might be, their motives, and their methods of attack. Threat assessments help organizations understand the risks associated with different types of threats, such as cyber criminals, insider threats, or state-sponsored attackers. 3. **Risk Assessment**: This involves evaluating the identified vulnerabilities and threats to estimate the risk they pose to the organization. It considers the likelihood of a security incident occurring and its potential impact on the organization. Risk assessments help in prioritizing security measures based on the risk they mitigate and in making informed decisions about security policies, procedures, and technologies. Together, these components help organizations understand their security posture, anticipate potential security issues, and plan appropriate defensive measures.

Answer 441

- Eavesdropping on unencrypted network connections and stealing a copy of the cookie as it is transmitted between the user and the website - installing malware on the user’s browser that retrieves cookies and transmits them back to the attacker - engaging in an on-path attack, where the attacker fools the user into thinking that the attacker is actually the target website and presenting a fake authentication form. They may then authenticate to the website on the user’s behalf and obtain the cookie

Answer 442

Data sovereignty is a principle that states that data is subject to the legal restrictions of any jurisdiction where it is collected, stored, or processed.

Answer 443

Preparation, identification, containment, eradication, recovery, and lessons learned

Answer 444

Block ciphers operate on “chunks,” or blocks, of a message and apply the encryption algorithm to an entire message block at the same time. Stream ciphers operate on one character or bit of a message (or data stream) at a time.

Answer 445

Loop Prevention: Implements mechanisms to detect and prevent network loops, which can cause flooding and disrupt network communication. Broadcast Storm Prevention: Utilizes techniques to limit or prevent broadcast storms, excessive broadcasting that overwhelms network resources. Bridge Protocol Data Unit (BPDU) Guard: A security feature that prevents accidental or malicious BPDU messages from causing changes in the network topology, protecting spanning-tree protocols. Dynamic Host Configuration Protocol (DHCP) Snooping: A security feature that filters untrusted DHCP messages to prevent rogue DHCP servers from assigning IP addresses, enhancing network integrity.

Answer 446

- Key exchange is a major problem - symmetric key cryptography does not implement nonrepudiation - the algorithm is not scalable - keys must be regenerated often

Answer 447

- Extensible Authentication Protocol (EAP) - Challenge Handshake Authentication Protocol (CHAP) - Password Authentication Protocol (PAP) - 802.1X - Remote Authentication Dial-In User Service (RADIUS) - Terminal Access Controller Access Control System Plus (TACACS+) - Kerberos

Answer 448

Part of the contract between the cloud service and an organization. A right-to-audit clause provides either a direct ability to audit the cloud provider or an agreement to use a third-party audit agency.

Answer 449

- Least privilege - separation of duties - job rotation and mandatory vacations - clean desk space - onboarding and offboarding - nondisclosure agreements (NDAs) - social media - user training

Answer 450

Application management Content management. Remote wipe Geolocation and geofencing Screen locks, passwords, and PINs are all part of normal device security models to prevent unauthorized access. Biometrics Context-aware authentication Containerization is an increasingly common solution to handling separation of work and personal use contexts on devices. Storage segmentation can be used to keep personal and business data separate as well. Full-device encryption (FDE)

Answer 451

- They accept an input of any length - they produce an output of a fixed length - the hash value is relatively easy to compute - the hash function is one-way (meaning that it is extremely hard to determine the input when provided with the output) - the hash function is collision free (meaning that it is extremely hard to find two messages that produce the same hash value)

Answer 452

Initial access, privilege escalation, pivoting (lateral movement), and persistence

Answer 453

Host-based firewall, host intrusion prevention system (HIPS), and host intrusion detection system (HIDS)

Answer 454

A threat map.

Answer 455

VPCs are used to group systems into subnets and designate those subnets as public or private, depending on whether access to them is permitted from the Internet.

Answer 456

The eight Common Vulnerability Scoring System (CVSS) metrics are: Exploitability of the vulnerability 1) Attack vector 2) Attack complexity 3) Privileges Required (PR) 4) User Interaction (UI) Impact of the vulnerability 5) Confidentiality 6) Integrity 7) Availability Scope of the vulnerability 8) Scope

Answer 457

RAID, journaling, full and incremental backups, snapshots, images, copies of individual files, backup media, cloud backups, and off-site or on-site storage

Answer 458

A container

Answer 459

- Attack Vector (AV:N): The attack can be conducted over the network. - Attack Complexity (AC:L): The attack complexity is low, indicating it's easy to exploit. - Privileges Required (PR:N): No privileges are needed to exploit the vulnerability. - User Interaction (UI:N): No user interaction is required for the exploit. - Scope (S:U): The scope remains unchanged; the vulnerability does not impact resources beyond its security context. - Confidentiality (C:H): There is a high impact on confidentiality, meaning unauthorized disclosure of information is likely. - Integrity (I:N): No impact on integrity; data is not altered or destroyed. - Availability (A:N): No impact on availability; there is no disruption to system access or reliability.

Answer 460

An individual whose personal data is being processed.

Answer 461

1) Timeline and Schedule: Specific dates and times when the penetration test will occur to minimize impact on operations. 2) Valid Targets: Clearly defined targets for testing, including systems, networks, and applications. 3) Data Handling Requirements: Guidelines on how data discovered or generated during the test will be secured, used, and disposed of. 4) Expected Behaviors: Descriptions of allowable actions and techniques during the test to avoid unnecessary risks. 5) Resource Commitment: Details on the resources (both human and technical) allocated for the test. 6) Legal and Compliance Considerations: A thorough review of applicable laws and regulations to ensure the testing complies with all legal requirements. 7) Communication Protocols: Procedures for how and when communication will occur between the testing team and the organization, including escalation paths for discovered vulnerabilities.

Answer 462

Memory-Resident Viruses: These viruses embed themselves in the computer's memory, enabling them to execute malicious actions anytime the operating system runs. Non-Memory Resident Viruses: Activated only when a specific condition is met or a specific program is run, not residing in memory otherwise. Boot Sector Viruses: Infect the boot sector of a storage device (e.g., hard drives, USB drives), executing malicious code at startup before the operating system loads. Macro Viruses: Written in the macro language of software applications (like Microsoft Word), executing malicious scripts when the host application runs. Email Viruses: Spread through email attachments or links, executing when the attachment is opened or the link is clicked, potentially leading to widespread infections.

Answer 463

Bandwidth requirements for both the backups themselves and restoration time if the backup needs to be restored partially or fully; time to retrieve files and cost to retrieve files; reliability is also crucial; and new security models may also be required for backups.

Answer 464

A summary of the forensic investigation and findings; an outline of the forensic process, including tools used and any assumptions that were made about the tools or process; a series of sections detailing the findings for each device or drive—accuracy is critical when findings are shared, and conclusions must be backed up with evidence and appropriate detail; and recommendations or conclusions in more detail than the summary included.

Answer 465

An individual or team who does not have controller or stewardship responsibility but is responsible for the secure safekeeping of information.

Answer 466

A standard

Answer 467

Open Networks: These networks do not implement authentication or encryption, making them highly accessible but unsecured. They might use a captive portal to gather user information or consent. Preshared Keys (PSK): This method involves a shared passphrase or key that users must know to access the network, providing a basic level of security through encryption. Enterprise Authentication: Utilizes a RADIUS server to manage user credentials and employs Extensible Authentication Protocol (EAP) for robust, individualized authentication, suitable for larger or more security-conscious organizations.

Answer 468

An attack used in attempts to get users to log into their existing accounts, particularly for stores and banks.

Answer 469

Disclosure, alteration, and denial

Answer 470

Preservation

Answer 471

Is it timely? Is the information accurate? Is the information relevant?

Answer 472

Maintenance windows.

Answer 473

Effective vendor monitoring is crucial for managing and mitigating third-party risks.

Answer 474

Risk appetite, regulatory requirements, technical constraints, business constraints, licensing limitations

Answer 475

Physical Penetration Testing: Focuses on exploiting vulnerabilities in physical security measures (e.g., locks, security passes, and sensors) to gain unauthorized access to secure areas. Offensive Penetration Testing: Aims to actively exploit weaknesses in an organization's systems, applications, or networks, mimicking the actions of potential attackers to identify vulnerabilities. Defensive Penetration Testing: Involves testing the effectiveness of an organization's defensive mechanisms, such as firewalls, intrusion detection systems, and response protocols, against potential attacks. Integrated Penetration Testing: Combines elements of both offensive and defensive penetration testing to provide a comprehensive assessment of an organization's overall security posture, examining how well different security measures work together.

Answer 476

WPA-Personal uses Simultaneous Authentication of Equals (SAE) mode to provide authentication while protecting against offline dictionary attacks. This allows clients to authenticate without an authentication server infrastructure. The other is WPA-Enterprise, which relies on a RADIUS authentication server as part of an 802.1X implementation for authentication. This means users can have unique credentials and can be individually identified.

Answer 477

The best way to detect a rootkit is to test the suspected system from a trusted system or device. In cases where that isn’t possible, rootkit detection tools look for behaviors and signatures that are typical of rootkits.

Answer 478

IT implementations, systems, and services created through unofficial means, often by well-meaning employees or by employees outside of central IT.

Answer 479

Business Impact Analysis metrics: Mean Time Between Failures (MTBF): The average duration between system failures, indicating overall reliability. Mean Time to Repair (MTTR): The average time required to repair and restore a system after a failure, reflecting maintenance efficiency. Recovery Time Objective (RTO): The maximum duration an organization can tolerate system downtime before significant harm occurs, guiding disaster recovery planning. Recovery Point Objective (RPO): The maximum amount of data loss an organization can withstand during a disruption, used to determine backup frequency.

Answer 480

- Poor security practices, such as weak default settings and lack of network security measures like firewalls. - Exposed or vulnerable services that can be easily exploited. - Lack of encryption for data transfer, leading to potential data interception. - Weak authentication mechanisms and the use of embedded credentials, making unauthorized access easier. - Insecure data storage practices, putting sensitive information at risk. - Short support lifespans, leaving devices without updates or patches. - Vendor data handling practice issues, raising concerns over privacy and data protection.

Answer 481

- A port mirror duplicates all traffic from one switch port to another for monitoring purposes. - A SPAN (Switched Port Analyzer) can replicate traffic from one or multiple switch ports to a single port, facilitating comprehensive traffic analysis.

Answer 482

Fences, perimeter lighting, locks, fire suppression systems, and burglar alarms

Answer 483

The Linux dd command is a command-line utility that allows you to create disk images for forensic or other purposes. Example: dd if=/dev/sda of=example.img conv=noerror,sync

Answer 484

Runbooks are detailed documentation designed to guide IT and system administrators through the procedures for routine operations and troubleshooting. They include step-by-step instructions, scripts, and workflows to efficiently manage and resolve system events, ensuring consistent and reliable operation.

Answer 485

Forward Proxies: Situated between clients and the external servers they wish to access, forwarding client requests to the internet. They can provide anonymity, content filtering, and bypass content restrictions. Reverse Proxies: Positioned in front of one or more servers, intercepting requests from clients. They are utilized for load balancing, SSL termination, and caching to enhance security, performance, and scalability.

Answer 486

Password History: Remember the last 24 or more passwords to prevent users from reusing old passwords. Maximum Password Age: Set to 60 days or fewer (but not 0) to mandate password changes approximately every 2 months. Minimum Password Length: Require passwords to be 14 characters or longer for added security. Password Complexity: Enforce the use of complex passwords that include a mix of letters, numbers, and symbols. Reversible Encryption: Disable the storage of passwords using reversible encryption to enhance security.

Answer 487

User access reviews, log monitoring, and vulnerability management

Answer 488

To ensure that changes do not cause outages.

Answer 489

- Version of X.509 - Serial number - Signature algorithm identifier - Issuer name - Validity period - Subject’s Common Name (CN) - Subject Alternative Names (SAN) - Optionally included to specify additional items like IP addresses and domain names protected by the certificate - Subject’s public key

Answer 490

Zero trust presumes that there is no trust boundary and no network edge. Each action is validated when requested as part of a continuous authentication process and access is only allowed after policies are checked, including elements like identity, permissions, system configuration and security status, threat intelligence data review, and security posture.

Answer 491

An attack surface refers to the sum of all possible points (software, network, and human) where an unauthorized user (the attacker) can try to enter or extract data from an environment. It encompasses all the different parts of your system that are accessible to an outsider, making it a critical consideration for cybersecurity defense strategies.

Answer 492

Fingerprints, retina scanning, iris recognition; facial recognition; voice recognition; vein recognition, and gait analysis

Answer 493

HSMs manage encryption keys and perform cryptographic operations efficiently.

Answer 494

Master Service Agreements (MSA): Outline the general terms and conditions under which the services will be provided, including roles, responsibilities, and scope of work. Service Level Agreements (SLAs): Detail the specific levels of service being provided, including performance metrics, response times, and remedies for service failures. Memorandum of Understanding (MOU): A less formal agreement outlining the mutual goals and understanding between parties, often used as a preliminary agreement before a formal contract. Memorandum of Agreement (MOA): Similar to an MOU, it details a mutual agreement between parties but is often more formal and detailed. Business Partner Agreements (BPAs): Specify the terms and conditions under which business partners will work together, focusing on the distribution of responsibilities and benefits.

Answer 495

One of the most important defenses against ransomware is an effective backup system that stores files in a separate location that will not be impacted if the system or device it backs up is infected and encrypted by ransomware.

Answer 496

Microwave sensors use a baseline for a room or space that is generated by detecting normal responses when the space is at a baseline. When those responses to the microwaves sent out by the sensor change, they will trigger. They can detect motion through materials that infrared sensors cannot.

Answer 497

Communication Plans: Detail how information about an incident is communicated internally and externally, specifying who needs to be informed, how, and when. Stakeholder Management Plans: Outline strategies for keeping all stakeholders informed about the incident's impact and response efforts, maintaining trust and transparency. Business Continuity Plans: Focus on maintaining essential business functions operational during and after an incident, minimizing disruption to operations. Disaster Recovery Plans: Specific procedures for recovering from significant disruptions, detailing how to restore systems, data, and infrastructure to normal operation.

Answer 498

SIEM Dashboard: The visual interface that presents a comprehensive overview of security events and alerts, allowing for quick assessment and decision-making. Sensors: Devices or software agents that collect security data from the network, endpoints, and other systems to be analyzed by the SIEM. Sensitivity and Threshold Settings: Configurations that determine the level of activity that will trigger an alert, helping to balance between detecting genuine threats and minimizing false positives. Trends: Analytical features that identify patterns and trends in security data over time, aiding in the prediction and prevention of future security incidents. Alerts and Alarms: Notifications generated by the SIEM when security events meet predefined criteria, signaling potential security incidents. Correlation and Analysis: The process of comparing and analyzing security data from various sources to identify potential security threats and incidents. Rules: Predefined logic that the SIEM uses to evaluate incoming security data and determine when to generate alerts or take automated actions.

Answer 499

Stateless firewalls (sometimes called packet filters) filter every packet based on data like the source and destination IP and port, the protocol, and other information that can be gleaned from the packet’s headers, whereas stateful firewalls (sometimes called dynamic packet filters) pay attention to the state of traffic between systems.

Answer 500

Planning: The initial phase where project goals, scope, and constraints are defined, along with resource allocation and project timelines. Requirements Definition: Gathering and analyzing user and system requirements to ensure the software will meet the intended needs and specifications. Design: Outlining the software architecture, components, interfaces, and data models, based on the requirements defined in the previous phase. Coding: The actual development and coding of the software based on the design specifications. Testing: Verifying that the software meets all requirements and is bug-free. This phase includes unit testing, integration testing, and system testing. Training and Transition: Preparing end-users and administrators for the new system through training, and transitioning the software from development to production environments. Ongoing Operations and Maintenance: Regularly updating the software and fixing issues as they arise to ensure it continues to meet user needs and operates smoothly. End-of-Life Decommissioning: Phasing out the software when it's no longer needed or viable, including data migration and system shutdown processes.

Answer 501

Chain-of-custody documentation.

Answer 502

The inherent risk facing an organization is the original level of risk that exists before implementing any controls. Inherent risk takes its name from the fact that it is the level of risk inherent in the organization’s business.

Answer 503

Something You Know: This factor includes secrets or knowledge unique to the user, such as passwords, PINs, or answers to security questions. It's the most traditional form of authentication. Something You Have: Refers to a physical device in the user's possession used for authentication, like a smart card, a security token, or a mobile phone app that generates one-time passwords (OTPs). Something You Are: Involves biometric verification based on inherent physical or behavioral traits, such as fingerprints, facial recognition, or voice patterns, offering higher security by using unique personal characteristics. Somewhere You Are (Location Factor): Utilizes the user's geographical location as an authentication method. This can be determined through GPS technology, network triangulation, or IP address location, adding an additional layer of security by verifying the user's location.

Answer 504

RAID 5: A RAID configuration that stripes data and parity information across three or more disks. Advantages: - Fast data reads due to striping. - Can rebuild data from a failed drive using parity information, maintaining data integrity with a single drive failure. - Efficient use of disk space compared to mirroring. Disadvantages: - Only tolerates the failure of one drive; losing more than one drive results in data loss. - Data writes are slower compared to reads because of the need to calculate and write parity information. - Rebuilding the array after a drive failure can be slow and may impact system performance, especially on large disks.

Answer 505

HIPAA, PCI DSS, GLBA, SOX, GDPR, and FERPA

Answer 506

Motion recognition and object detection

Answer 507

**The Framework Core:** Consists of cybersecurity activities, desired outcomes, and informative references organized around five functions: Identify, Protect, Detect, Respond, and Recover, providing a strategic view of the lifecycle of cybersecurity risk management. **The Framework Implementation Tiers:** Describe the degree to which an organization's cybersecurity risk management practices exhibit the characteristics defined in the Framework, ranging from Partial (Tier 1) to Adaptive (Tier 4), helping organizations gauge their approach to managing cybersecurity risk. **The Framework Profile:** Enables organizations to establish a roadmap for improving their cybersecurity posture by comparing a "Current" Profile (the cybersecurity outcomes currently being achieved) to a "Target" Profile (the outcomes needed to achieve the desired cybersecurity risk management goals), facilitating the identification of opportunities for improvement.

Answer 508

Digitally signed messages assure the recipient that the message truly came from the claimed sender. They enforce nonrepudiation. Digitally signed messages assure the recipient that the message was not altered while in transit between the sender and recipient. This protects against both malicious modification and unintentional modification.

Answer 509

Honeypots: Designed to mimic real systems that appear vulnerable to attract attackers, allowing security professionals to study attack methods and behaviors by recording interactions. Honeynets: Specialized networks that simulate realistic environments to entice attackers, serving as a more extensive version of honeypots to gather information on network-based attacks. Honeyfiles: Deliberately placed files containing unique, traceable data, positioned to seem appealing to intruders, aimed at detecting unauthorized access or data exfiltration attempts. Honeytokens: Similar to honeyfiles, these are fabricated data elements (such as fake credentials or database entries) embedded within systems to lure attackers, enabling tracking and alerting on illicit activities.

Answer 510

E-discovery

Answer 511

Attribute-Based Access Control (ABAC): Decisions to grant or deny access are based on attributes of the user, resource, and environment, allowing for dynamic and context-aware policies. Role-Based Access Control (RBAC): Access rights are assigned based on roles within an organization, simplifying management by grouping permissions into roles assigned to users. Rule-Based Access Control (RuBAC): Access is granted or denied based on a set of rules defined by system administrators, often used in network devices like firewalls. Mandatory Access Control (MAC): Access decisions are made based on mandated regulations determining how information is classified and who has the clearance to access it. Discretionary Access Control (DAC): The owner of the resource decides who is allowed to access it, with the capability to delegate access control to other users.

Answer 512

Data Classification: The foundation of DLP, enabling organizations to identify and categorize data based on its sensitivity and value, determining which data requires protection. Data Labeling/Tagging: Supports data classification by assigning labels or tags to data, facilitating efficient management and policy application by making the data's nature and requirements clear. Policy Management and Enforcement: Allows for the creation, management, and application of rules that govern how data is handled, stored, and transmitted, ensuring data is used in compliance with organizational standards and regulatory requirements. Monitoring and Reporting: Provides continuous oversight of data handling and movement within the organization, with the ability to alert security personnel to violations, potential breaches, or other concerns, enabling rapid response to secure data.

Answer 513

VLAN Utilization: Segment networks based on trust levels, user groups, or system types, enhancing security by isolating sensitive areas and reducing the attack surface. IoT Device Segregation: Place Internet of Things (IoT) devices on a dedicated, secure VLAN to minimize risks associated with these often less-secure devices. Guest Network Isolation: Use VLANs to create separate networks for guests, ensuring unauthorized access to critical corporate resources is blocked. VoIP Isolation: Isolate VoIP phones from workstations and other network devices on their own VLAN to protect voice communications and reduce potential attack vectors. Default Password Changes: Replace factory-set passwords with strong, unique passwords to prevent unauthorized access facilitated by default credentials. Software Minimization: Remove or disable unnecessary software and services to reduce vulnerabilities and limit potential entry points for attackers.

Answer 514

In the Continuous Integration (CI) and Continuous Deployment (CD) pipeline: 1. Developer Commit: The process begins when a developer commits a change to the version control repository. 2. Automated Build: This commit triggers an automated build process, compiling the code into an executable form. 3. Build Report: Upon completion, a build report is generated, detailing the success or failure of the build process. 4. Automated Testing: The successful build is then automatically tested against predefined test cases to ensure the new changes do not break or degrade the application. 5. Test Report: A test report is delivered, summarizing the outcomes of the tests. This report identifies whether the build has passed all tests and is of sufficient quality to move on to the next stage. 6. Code Deployment: If the build passes all tests, the code is automatically deployed to the production environment or a staging environment for further validation, completing the cycle from code commit to deployment with minimal human intervention.

Answer 515

Geographic Dispersion: Distributing systems across different geographical locations to protect against regional failures or disasters, ensuring continuity of operations. Server and Device Separation: Placing servers and critical devices in separate physical zones within data centers to minimize the impact of localized incidents. Multipath Networking: Implementing multiple network paths between devices and services to ensure continuous network connectivity in case one path fails. Redundant Network Devices: Utilizing pairs or clusters of network devices (such as routers and switches) to prevent downtime from a single device failure. Power Protection: Employing backup power solutions like uninterruptible power supplies (UPS) and generators to maintain operations during power outages. Systems and Storage Redundancy: Duplication of critical system components and data storage to enable quick recovery from hardware failures. Platform Diversity: Using a variety of hardware and software platforms to mitigate the risk of simultaneous failures across systems due to shared vulnerabilities.

Answer 516

Frequency analysis involves looking at the blocks of an encrypted message to determine if any common patterns exist.

Answer 517

128-bit keys require 10 rounds of encryption; 192-bit keys require 12 rounds of encryption; and 256-bit keys require 14 rounds of encryption.

Answer 518

NFC (Near-Field Communication) is a technology that enables wireless communication over short distances, typically less than 4 cm. It allows for the simple and secure exchange of data between devices. One of the most common uses of NFC is in mobile payment systems, such as Apple Pay and Google Wallet, where a user can make transactions by simply tapping their smartphone against a payment terminal. Due to its short range, NFC is not suited for creating networks of devices but is ideal for quick, low-bandwidth interactions like payments, ticketing, access control, and simple data transfers between devices.

Answer 519

A method used to scramble or obfuscate characters to hide their value. Ciphering is the process of using a cipher to do that type of scrambling to a message.

Answer 520

ISS = 1 – [(1 – Confidentiality) × (1 – Integrity) × (1 – Availability)]

Answer 521

Full disk encryption (FDE) encrypts the disk and requires that the bootloader or a hardware device provide a decryption key and software or hardware to decrypt the drive for use.

Answer 522

Establishing a Baseline: This phase involves defining the standard security settings and practices for systems and networks. It requires comprehensive analysis to determine the optimal configurations that balance security needs with business requirements. Deploying the Security Baseline: Once established, the baseline configurations and policies are implemented across the organization's systems and networks. This deployment ensures that all assets adhere to the defined security standards. Maintaining the Baseline: The final phase involves regular reviews and updates to the baseline to adapt to new threats, vulnerabilities, and changes in the organization’s environment. This maintenance is crucial for ensuring the baseline remains relevant and effective in securing the organization's assets.

Answer 523

A set of security standards or norms for the system or network, establishing a minimum level of security.

Answer 524

AAA (Authentication, Authorization, and Accounting): A framework for intelligently controlling access to computer resources, enforcing policies, auditing usage, and providing the information necessary to bill for services. These processes are critical for effective network management and security.

Answer 525

AH (Authentication Header): A component of the IPsec protocol suite that provides connectionless integrity and data origin authentication for IP datagrams and provides protection against replay attacks.

Answer 526

AIS (Automated Indicator Sharing): A capability that allows the sharing of cyber threat indicators and defensive measures among federal entities, private sector partners, and international partners to help manage and mitigate cybersecurity threats.

Answer 527

ARP (Address Resolution Protocol): A communication protocol used for discovering the link layer address, such as a MAC address, associated with a given internet layer address, typically an IPv4 address. This protocol is fundamental for the functioning of IPv4 networks.

Answer 528

ASLR (Address Space Layout Randomization): A computer security technique involved in preventing exploitation of memory corruption vulnerabilities by randomly arranging the positions of key data areas of a process, including the base of the executable and the positions of the stack, heap, and libraries.

Answer 529

ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge): A globally-accessible knowledge base of adversary tactics and techniques based on real-world observations used as a foundation for developing threat models and methodologies in the private sector, government, and the cybersecurity product and service community.

Answer 530

BIA (Business Impact Analysis): A process that identifies and evaluates the potential effects (financial, life, regulatory, reputation, etc.) of natural and man-made events on business operations. It is crucial for developing strategies for disaster recovery, business continuity, and crisis management.

Answer 531

BPDU (Bridge Protocol Data Unit): A type of network message that is exchanged across the Spanning Tree Protocol (STP) enabled switches within an extended local area network, used for detecting loops and managing the physical network topology.

Answer 532

CBC (Cipher Block Chaining): A mode of operation for block cipher encryption that provides stronger security by combining the plaintext of the current block with the ciphertext of the previous block, ensuring that identical plaintext blocks encrypt to different ciphertext blocks.

Answer 533

CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol): An encryption protocol used in Wi-Fi networks to provide strong data protection by combining the techniques of counter mode for data confidentiality and CBC-MAC for integrity and authentication.

Answer 534

CCTV (Closed Circuit Television): A surveillance technology used for security purposes, which employs video cameras to transmit a signal to a specific, limited set of monitors, differing from broadcast television.

Answer 535

CERT (Computer Emergency Response Team): Organizations or teams that provide expert advice and assistance in handling computer security incidents, such as cyber attacks or vulnerabilities, often working to prevent future incidents through awareness and education.

Answer 536

CFB (Cipher Feedback Mode) is a mode of operation used with block cipher encryption algorithms, enabling them to encrypt data in a continuous stream rather than fixed blocks. This mode effectively transforms a block cipher into a stream cipher, making it possible to encrypt data of any size, even smaller than the cipher's designated block size. In CFB mode, each plaintext segment is XORed (combined using the bitwise exclusive OR operation) with the previous ciphertext segment before being encrypted. This process creates a chain where the encryption of each segment depends on the preceding segment, providing self-synchronization. This chaining mechanism allows for the encryption of data streams of variable lengths, offering flexibility and efficiency, especially for encrypting small amounts of data or data of unpredictable length.

Answer 537

CHAP (Challenge Handshake Authentication Protocol): A network authentication protocol that uses a challenge-response mechanism to authenticate a user or network host, thereby preventing transmission of both the password and the information in clear text.

Answer 538

CIRT (Computer Incident Response Team): A group tasked with responding to security breaches, viruses, and other potentially catastrophic incidents in computing environments. Their role involves investigating incidents, mitigating damages, and working on recovery strategies.

Answer 539

COOP (Continuity of Operations Plan): A set of policies and procedures that an organization follows to continue essential functions and operations during and after a significant emergency or disaster.

Answer 540

CP (Contingency Planning): The process of developing advance arrangements and procedures that enable an organization to respond to an event that could occur by chance or unforeseen circumstances, ensuring critical operations can continue.

Answer 541

CRC (Cyclic Redundancy Check): An error-detecting code used to detect accidental changes to raw data in digital networks and storage devices. It's a popular method for checking the integrity of data.

Answer 542

CRL (Certificate Revocation List): A list of digital certificates that have been revoked by the issuing Certificate Authority before their scheduled expiration date and should no longer be trusted.

Answer 543

CSR (Certificate Signing Request): A block of encoded text submitted to a Certificate Authority when applying for an SSL/TLS certificate. It contains information that will be included in the certificate such as the organization name, common name (domain), locality, and country.

Answer 544

CSU (Channel Service Unit): A device used in digital telecommunications that serves as an interface between the terminal equipment (such as a router or switch) and a digital transmission medium (such as a leased line or digital circuit). The CSU performs several key functions: it connects the terminal equipment to the network, conditions the signal to ensure it is suitable for transmission, and provides protection against electrical interference and signal distortion. Additionally, it often includes diagnostic capabilities to monitor and troubleshoot the communication link, ensuring reliable and efficient data transmission.

Answer 545

CTM (Critical Thinking and Methodologies): Refers to the approach and practices that involve analyzing facts to form a judgment. In cybersecurity, it's applied to assess threats, vulnerabilities, and to develop effective strategies for security management and incident response.

Answer 546

DEP (Data Execution Prevention): A security feature that helps prevent damage from viruses and other security threats by blocking certain types of code from executing in protected regions of memory (non-executable sections).

Answer 547

DES (Data Encryption Standard): A symmetric-key algorithm for the encryption of electronic data that was once widely used across the globe. Despite its age and security vulnerabilities, it laid the groundwork for modern encryption algorithms.

Answer 548

DHE (Diffie-Hellman Ephemeral): A method of securely exchanging cryptographic keys over a public channel, offering forward secrecy by generating unique session keys for each encryption session.

Answer 549

DPO (Data Protection Officer): A role within organizations aimed at ensuring compliance with data protection laws. The DPO is responsible for overseeing data protection strategy and implementation to ensure compliance with GDPR and other data protection laws.

Answer 550

DRP (Disaster Recovery Plan): A documented, structured approach with instructions for responding to unplanned incidents. This plan includes measures to minimize the effects of a disaster so the organization can continue to operate or quickly resume key operations.

Answer 551

DSA (Digital Signature Algorithm): A Federal Information Processing Standard (FIPS) specifically formulated for creating digital signatures. This algorithm is integral to numerous security protocols, offering robust verification of data integrity and authenticity. It facilitates the validation of digital communications, ensuring that messages have not been altered and confirming the sender's identity.

Answer 552

DSL (Digital Subscriber Line): A family of technologies that provide internet access by transmitting digital data over the wires of a local telephone network. DSL is widely used for providing broadband internet access.

Answer 553

EAP (Extensible Authentication Protocol): A framework frequently used in wireless networks and point-to-point connections, which allows for the extension of the authentication methods used by the protocol.

Answer 554

ECB (Electronic Codebook Mode): A mode of operation for block ciphers, where each block of plaintext is encrypted independently. This simplicity leads to potential security vulnerabilities, making it less recommended for use in cryptographic protocols.

Answer 555

ECC (Elliptic Curve Cryptography): A method of public-key encryption that uses the mathematics of elliptic curves to generate smaller, faster, and more efficient cryptographic keys.

Answer 556

ECDHE (Elliptic Curve Diffie-Hellman Ephemeral): A key agreement protocol that allows two parties to establish a shared secret over an insecure channel using elliptic curve cryptography, providing forward secrecy.

Answer 557

ECDSA (Elliptic Curve Digital Signature Algorithm): A variant of the Digital Signature Algorithm (DSA) which uses elliptic curve cryptography to provide enhanced security with smaller key sizes.

Answer 558

EDR (Endpoint Detection and Response): Security software that monitors endpoint and network events to detect malicious activities, provide investigation capabilities, and initiate response actions to eliminate threats.

Answer 559

EFS (Encrypting File System): A feature of some Windows operating systems that provides filesystem-level encryption, allowing users to protect data in files and folders from unauthorized access.

Answer 560

ERP (Enterprise Resource Planning): Integrated management software systems used by organizations to manage day-to-day business activities, such as accounting, procurement, project management, and manufacturing.

Answer 561

ESN (Electronic Serial Number): A unique identification number embedded by manufacturers into wireless phones, used for mobile device identification and tracking by service providers.

Answer 562

ESP (Encapsulating Security Payload): A component of IPsec used for providing confidentiality, data-origin authentication, integrity, and anti-replay for IP packets by encrypting the payload data.

Answer 563

FACL (Filesystem Access Control List): A data structure that provides detailed access control specifications for files and directories, allowing for more granified permissions beyond the standard owner/group/world model.

Answer 564

FIM (File Integrity Monitoring): A security process that involves continuously checking and verifying the integrity of the operating system and application software files to detect unauthorized changes, which could indicate a cyber attack.

Answer 565

An FPGA (Field-Programmable Gate Array) is essentially a highly versatile chip that you can reprogram to perform a wide array of functions even after it's been created and shipped. Think of it as a chameleon of the electronic component world: it can change how it works based on what you need it to do. Unlike regular chips, whose roles are fixed from the moment they leave the factory, FPGAs can be updated or reconfigured with new instructions by the users themselves, making them incredibly adaptable. They're often used to speed up specific tasks, such as encrypting data, by customizing the chip to execute those tasks much faster than general-purpose processors. This adaptability and speed make FPGAs valuable in diverse fields, from telecommunications to video processing and even in the secure encryption of communications.

Answer 566

FRR (False Rejection Rate): In biometric security systems, the measure of the likelihood that the system incorrectly rejects an access attempt by an authorized user.

Answer 567

GCM (Galois/Counter Mode) is an advanced encryption technique that enhances security by blending two components: the Counter Mode (CTR) for encrypting data, ensuring its confidentiality, and the Galois Mode for verifying the data's integrity and authenticity. This dual approach allows GCM to secure the content of messages while also ensuring they come from a trusted source and have not been tampered with, making it a robust choice for protecting sensitive information.

Answer 568

GPG (GNU Privacy Guard) is a freely available tool that provides a secure method to encrypt and sign data and messages, adhering to the OpenPGP standard. It allows users to protect the privacy of their communications and verify the identity of the sender, ensuring that messages haven't been altered in transit. GPG is widely used for secure email communications, file encryption, and digital signatures, making it a vital tool for maintaining confidentiality and trust in digital interactions.

Answer 569

GRE (Generic Routing Encapsulation): A tunneling protocol developed by Cisco that can encapsulate a wide variety of network layer protocols inside virtual point-to-point links over an Internet Protocol network. For security over VPNs that use GRE, it's common to employ IPsec (Internet Protocol Security) alongside GRE. IPsec adds the necessary security features, such as data confidentiality, data integrity, and data origin authentication. Using GRE in combination with IPsec allows for both the flexibility of protocol encapsulation and the security benefits of IPsec.

Answer 570

HA (High Availability): Refers to systems or components that are continuously operational for a desirably long length of time. High availability systems aim to minimize downtime and ensure business continuity.

Answer 571

HMAC (Hash-Based Message Authentication Code) is a method used to ensure both the integrity and authenticity of a message. It combines a cryptographic hash function with a secret key, creating a unique code that verifies that a message hasn't been altered and confirms its origin. This code, or MAC, is attached to the message, allowing the recipient to use the same key and hash function to check the message. If the recipient's calculated MAC matches the one sent, it verifies that the message is intact and genuine.

Answer 572

IAC (Infrastructure as Code): The management of infrastructure (networks, virtual machines, load balancers, and connection topology) in a descriptive model, using the same versioning as DevOps team uses for source code.

Answer 573

IAM (Identity and Access Management): A framework of policies and technologies ensuring that the right users (in an enterprise) have the appropriate access to technology resources. IAM systems fall under the overarching umbrellas of IT security and data management.

Answer 574

ICS (Industrial Control Systems): Systems, including devices, systems, networks, and controls used to operate and/or automate industrial processes. These are used in industries such as electricity, water, oil, gas, and data.

Answer 575

IDEA (International Data Encryption Algorithm): A symmetric key block cipher designed as a replacement for the Data Encryption Standard (DES). IDEA is known for its strength and efficiency in secure encryption.

Answer 576

IDF (Intermediate Distribution Frame): A frame or rack for interconnecting cables, hardware, and devices in a telecommunications room. It serves as a central point for wiring that connects equipment within a building or campus.

Answer 577

IDP (Identity Provider): A system or service that creates, maintains, and manages identity information, providing authentication services to other applications or services within a single sign-on or federated identity framework.

Answer 578

IRP (Incident Response Plan): A documented plan that outlines the procedures, strategies, and tools to detect, respond to, and recover from network security incidents to minimize impact and restore operations.

Answer 579

IV (Initialization Vector): A random or pseudo-random number used to ensure that identical plaintexts encrypt to different ciphertexts in cryptographic operations, enhancing security by introducing randomness.

Answer 580

KDC (Key Distribution Center): A central authority in Kerberos-based authentication systems that issues session keys to parties in a secure network to enable them to establish a secure communication channel.

Answer 581

KEK (Key Encryption Key): A key used specifically to encrypt and decrypt other keys, such as Data Encryption Keys (DEKs), in cryptographic systems, providing an additional layer of security for key management.

Answer 582

L2TP (Layer 2 Tunneling Protocol): A tunneling protocol used to support virtual private networks (VPNs) or as part of the delivery of services by ISPs. It does not provide encryption or confidentiality by itself but is often combined with IPsec for security.

Answer 583

LEAP (Lightweight Extensible Authentication Protocol): A proprietary wireless LAN authentication method developed by Cisco, providing dynamic WEP keys and mutual authentication between clients and servers.

Answer 584

LDAP (Lightweight Directory Access Protocol) is a protocol designed to manage and access directory information over an IP network. It enables the organization, search, and modification of directory information like users, groups, and services. Think of LDAP as a digital phonebook for a company or organization. Just as you might use a phonebook to look up a colleague's office number, computers use LDAP to look up information such as email addresses, usernames, and shared resources on a network. For example, when you log into your computer at work, LDAP helps verify your username and password against the company's directory services, ensuring you have access to your emails, files, and printers configured for your account. It's a crucial tool for centralized management and security in networked environments.

Answer 585

MAN (Metropolitan Area Network): A network that spans a larger geographic area than a LAN but is typically confined to a specific geographic area, such as a city or metropolitan area, providing high-speed networking services.

Answer 586

MBR (Master Boot Record): The first sector of a storage device that contains code for starting the boot process and a partition table for the disk. It plays a crucial role in booting up the operating system.

Answer 587

MD5 (Message Digest Algorithm 5): A widely used cryptographic hash function producing a 128-bit (16-byte) hash value, typically rendered as a 32-character hexadecimal number. It's used for checking data integrity but is not recommended for security due to vulnerabilities.

Answer 588

MFP (Multi-Function Printer): A device that consolidates the functionalities of multiple devices in one, such as a printer, scanner, copier, and sometimes a fax machine, to save space and improve efficiency in office environments.

Answer 589

MMS (Multimedia Messaging Service): A standard way to send messages that include multimedia content such as images, audio, and video, over mobile networks to other mobile devices.

Answer 590

MPLS (Multiprotocol Label Switching): A routing technique in telecommunications networks that directs data from one node to the next based on short path labels rather than long network addresses, improving data flow efficiency.

Answer 591

MSA (Master Service Agreement): A contract reached between two parties, where the parties agree to most of the terms that will govern future transactions or future agreements, streamlining future negotiations.

Answer 592

MSP (Managed Service Provider): A company that remotely manages a customer's IT infrastructure and/or end-user systems, typically on a proactive basis and under a subscription model, offering a broad range of IT services.

Answer 593

MSSP (Managed Security Service Provider): A specialized type of MSP focused on security services, offering solutions like firewall and intrusion detection, virtual private network management, vulnerability scanning, and antiviral services.

Answer 594

NAC (Network Access Control): A security method that enforces policy compliance on devices attempting to access network resources, ensuring they meet certain security criteria before granting access.

Answer 595

NTLM (NT LAN Manager): A suite of Microsoft security protocols intended to provide authentication, integrity, and confidentiality to users. NTLM is used for network authentication in Windows environments.

Answer 596

NTP (Network Time Protocol): A protocol used to synchronize clocks of computer systems over packet-switched, variable-latency data networks. It ensures that all devices on a network agree on the time.

Answer 597

OCSP (Online Certificate Status Protocol): A protocol used for obtaining the revocation status of a digital certificate, allowing devices to check in real-time whether a certificate is valid or has been revoked.

Answer 598

OSPF (Open Shortest Path First) is a powerful network protocol designed to efficiently manage the routes for sending data across Internet Protocol (IP) networks. Unlike simpler protocols that may cause data to take longer paths, OSPF dynamically finds the quickest route for data packets to travel between devices. It achieves this by using a method called link state routing (LSR), where each router creates a map of the network's topology to navigate data efficiently. OSPF is classified as an interior gateway protocol (IGP), meaning it's used within a single large network or autonomous system (AS) to keep internal traffic flowing smoothly. This makes OSPF ideal for large enterprise networks, where ensuring fast and reliable data delivery is critical.

Answer 599

OT (Operational Technology): Hardware and software that monitors or controls equipment, assets, and processes. It is used in industries such as manufacturing, energy, and utilities, often for industrial control systems.

Answer 600

OTA (Over The Air): A method of distributing new software updates to devices wirelessly, as opposed to physical or manual update methods. Commonly used for updating mobile phones and other smart devices.

Answer 601

OVAL (Open Vulnerability and Assessment Language): A community standard designed to standardize how to assess and report upon the machine state of computer systems. OVAL includes a language to encode system details, and an assortment of content repositories held throughout the community.

Answer 602

P12 (PKCS #12): A file format used to store multiple cryptographic elements within a single file, including private keys, certificates, and intermediate certificates. It’s often used for exporting and importing back-up certificates and keys.

Answer 603

PAC (Proxy Auto-Configuration): A method used by web browsers to automatically find and load a proxy configuration file to determine the appropriate proxy for a given URL, improving network efficiency and access control.

Answer 604

PAP (Password Authentication Protocol): A simple, plain-text authentication protocol where a user's username and password are sent over the network, often considered insecure due to the lack of encryption.

Answer 605

PBKDF2 (Password-Based Key Derivation Function 2): A cryptographic algorithm that derives a secure cryptographic key from a password. It applies a pseudorandom function, such as HMAC, to the input password along with a salt value and repeats the process many times to produce a derived key.

Answer 606

PBX (Private Branch Exchange): A private telephone network used within an organization that allows users to communicate internally and externally using different communication channels like VoIP, ISDN, or analog.

Answer 607

Personal Electronic Device

Answer 608

PEM (Privacy-Enhanced Mail) is a standard format for storing and transmitting cryptographic materials like X.509 certificates, private keys, and public keys. It encases this sensitive data in a base64 encoding, flanked by descriptive header and footer lines, transforming the binary information into ASCII text. This conversion facilitates the secure handling and sharing of cryptographic data across different systems and platforms. Importantly, the base64 encoding is not a security feature in itself but a method to ensure compatibility and ease of distribution. The actual security is derived from the cryptographic mechanisms employed, such as encryption algorithms and key management, not from the encoding process. PEM format's versatility extends beyond email encryption, making it foundational in various security contexts where cryptographic data needs to be accurately and securely managed.

Answer 609

PFS (Perfect Forward Secrecy) is a security feature of certain encryption protocols that ensures each communication session has its own unique encryption key. This means that even if an attacker manages to obtain a long-term key used for securing multiple sessions, they cannot use it to decrypt past or future session data. Perfect Forward Secrecy achieves this by generating a new key for each session that is not based on any fixed secret or long-term key. As a result, the compromise of one session's key does not affect the security of others, safeguarding the privacy of individual sessions against future key exposures.

Answer 610

PGP (Pretty Good Privacy): A data encryption and decryption program that provides cryptographic privacy and authentication for data communication. PGP is used for signing, encrypting, and decrypting texts, e-mails, files, directories, and whole disk partitions to increase the security of email communications.

Answer 611

PIV (Personal Identity Verification): A United States federal government standard for secure and reliable forms of identification for federal employees and contractors. PIV cards are used to access federally controlled facilities and information systems at appropriate security levels.

Answer 612

PKCS (Public Key Cryptography Standards): A group of standards developed and published by RSA Laboratories for public-key cryptography, including standards for secure email, certificate requests, and key storage.

Answer 613

POTS (Plain Old Telephone Service): The traditional voice transmission phone system over copper twisted pair wires. It is the basic form of residential and small business telephone service in most parts of the world.

Answer 614

**PPP (Point-to-Point Protocol)**: A data link protocol commonly used to establish a direct connection between two networking nodes. It supports connection authentication and compression, and can facilitate transmission encryption via extensions like the Encryption Control Protocol (ECP, RFC 1968).

Answer 615

PPTP (Point-to-Point Tunneling Protocol): A method for implementing virtual private networks, widely used to support VPNs. It uses a control channel over TCP and a GRE tunnel operating to encapsulate PPP packets.

Answer 616

PSK (Pre-Shared Key): A shared secret which was previously shared between the two parties using some secure channel before it needs to be used. It is typically used in wireless networks to establish a secure communication channel.

Answer 617

PTZ (Pan-Tilt-Zoom): A camera feature allowing remote directional and zoom control, enabling it to cover a wide area and focus on specific points of interest, commonly used in surveillance and video conferencing.

Answer 618

PUP (Potentially Unwanted Program): Software that a user may perceive as unwanted, despite possibly giving consent to download it. PUPs can include spyware, adware, and dialers, often bundled with legitimate software.

Answer 619

Recovery Agent: A designated individual or entity in an organization with the authority and ability to recover or decrypt data that has been encrypted by others, typically used in managing encryption keys and digital certificates.

Answer 620

Registration Authority (RA): An authority in a public key infrastructure (PKI) that verifies user requests for a digital certificate and approves or rejects the certificate request before it is sent to the Certificate Authority (CA) for issuance.

Answer 621

RACE (Research and Development in Advanced Communications Technologies in Europe) is an initiative focused on advancing telecommunications technology across Europe. Its mission encompasses developing innovative and unified telecommunications standards, enhancing the infrastructure to support a wide range of services, and fostering the integration of European telecommunications systems. RACE aims to position Europe at the forefront of global telecommunications technology, ensuring competitiveness and paving the way for future advancements in communication networks.

Answer 622

A parity block in a RAID setup is a chunk of data generated and stored across the RAID array's disks to provide fault tolerance. It's created by performing a mathematical operation (typically an XOR operation) on corresponding bits of data across a set of blocks on different disks. The result of this operation is the parity block. Here’s a simplified way to understand it: Imagine you have data blocks A and B on two different disks in a RAID array. To create a parity block P for A and B, the system performs an XOR operation on them. If A and B are the same, P will be 0; if A and B are different, P will be 1. This parity block P is then stored on another disk within the array. The beauty of this system is that if any one of the disks fails, the lost data block can be reconstructed using the parity block along with the remaining data blocks. For instance, if disk A fails, you can recover A by performing an XOR operation on B and P. This method allows RAID arrays to continue operating without data loss in the event of a single disk failure, ensuring data integrity and system resilience.

Answer 623

RAD (Rapid Application Development): A software development methodology that prioritizes rapid prototyping and iterative delivery over long drawn-out development and testing cycles. It aims to produce high-quality systems quickly and efficiently.

Answer 624

RAS (Remote Access Service): A service that allows users to connect to a network remotely over a telecommunications or internet connection, typically used for accessing network services from offsite locations. VPNs and RDP are examples of RAS.

Answer 625

RC4 (Rivest Cipher 4): A stream cipher that was widely used in applications such as SSL (Secure Sockets Layer) and WEP (Wired Equivalent Privacy) for encrypting data. It is known for its simplicity and speed but is considered insecure by today's standards.

Answer 626

RIPEMD (RACE Integrity Primitives Evaluation Message Digest): A family of cryptographic hash functions developed in Europe. It is designed to be used in various applications where a secure and efficient hash function is needed, with RIPEMD-160 being one of the most commonly used versions.

Answer 627

RTBH (Remotely Triggered Black Hole): A technique used to mitigate denial-of-service attacks, allowing network operators to drop all traffic destined to a targeted IP, preventing malicious traffic from reaching its intended destination.

Answer 628

RTOS (Real-Time Operating System): An operating system intended for applications with fixed deadlines (real-time computing). It manages hardware resources, hosts applications, and processes data on a timely basis, critical in environments where timing is crucial.

Answer 629

RTP (Real-time Transport Protocol): A protocol designed for delivering audio and video over networks in a way that supports real-time data transmission, making it essential for services like video conferencing and streaming media.

Answer 630

S/MIME (Secure/Multipurpose Internet Mail Extensions): A standard for public key encryption and signing of MIME data, used to secure email by allowing users to encrypt the content and attach digital signatures for verification.

Answer 631

SAML (Security Assertion Markup Language): An open standard for exchanging authentication and authorization data between parties, especially between an identity provider and a service provider, enabling single sign-on (SSO) for web applications.

Answer 632

A SAN is a high-speed, specialized network that connects servers to their logical disk units stored on shared storage devices. SANs separate storage from servers and consolidate it so that it can be accessed by multiple hosts, thereby improving storage utilization and providing greater flexibility and efficiency in data management.

Answer 633

Subject Alternative Name (SAN): A part of an SSL certificate that allows additional domain names to be secured by a single certificate, enabling the protection of multiple domain names or subdomains with one certificate.

Answer 634

SCADA (Supervisory Control and Data Acquisition): A system used for controlling industrial processes locally or at remote locations, monitoring, gathering, and processing real-time data, and interacting with devices such as sensors and valves.

Answer 635

SCAP (Security Content Automation Protocol): A suite of standards for automating the way systems maintain security. It enables automated vulnerability management, measurements, and policy compliance evaluation.

Answer 636

SCEP (Simple Certificate Enrollment Protocol): A protocol that simplifies the process of securely enrolling devices for digital certificates, allowing devices to easily obtain the necessary certificates for secure communications.

Answer 637

SDLM (Software Development Lifecycle Management): A methodology for managing the process of developing software, including planning, creating, testing, and deploying applications, with a focus on improving quality and efficiency.

Answer 638

SED (Self-Encrypting Drive): A storage device that automatically encrypts the data stored on it without requiring software or user intervention, providing an added layer of security for data at rest.

Answer 639

SEH (Structured Exception Handling): A programming mechanism in Windows that provides a way for applications to handle exceptions (errors) that occur during the execution of a program, helping to maintain stability and security.

Answer 640

**SOAP (Simple Object Access Protocol)**: A protocol used for exchanging structured information in the implementation of web services in computer networks. SOAP relies on XML for its message format, which ensures that the data can be easily understood in heterogeneous environments — making it highly effective for complex enterprise environments that involve diverse operating systems and technologies. Typically, SOAP utilizes other application layer protocols, such as HTTP or SMTP, for message negotiation and transmission. It is widely used when a robust standard is needed to ensure data integrity and security in scenarios where web services require formal contracts between client and server, such as in financial services, telecommunication, and large-scale manufacturing applications.

Answer 641

SOAR (Security Orchestration, Automation, and Response): A suite of software solutions and tools that allow organizations to streamline security operations in three key areas: orchestration, automation, and response, enhancing their ability to quickly respond to security incidents.

Answer 642

System on Chip (SoC): An integrated circuit that incorporates all components of a computer or other electronic system into a single chip, including a CPU, memory interfaces, I/O devices, and often other features such as a GPU. This is not a tower. Some examples are: smart phones, tablets, IoT devices, and embedded systems.

Answer 643

SOC (Security Operations Center): A centralized unit within an organization that deals with security issues on an organizational and technical level, dedicated to monitoring, analyzing, and protecting an organization from cyber threats.

Answer 644

SOW (Statement of Work): A document detailing the work requirements for a specific project or contract, including objectives, schedule, deliverables, and detailed tasks, serving as a guideline and agreement between parties.

Answer 645

SPF (Sender Policy Framework): An email authentication method designed to prevent sender address forgery, allowing email senders to define which IP addresses are allowed to send mail for their domain.

Answer 646

SPIM (Spam Over Instant Messaging): Unsolicited messages sent via instant messaging (IM) systems, similar to spam emails, but targeting IM platforms to distribute unwanted or malicious content.

Answer 647

SRTP (Secure Real-time Transport Protocol): An extension of RTP (Real-time Transport Protocol) that provides encryption, message authentication, and integrity verification for media streams in applications like VoIP and video conferencing.

Answer 648

TACACS+ (Terminal Access Controller Access-Control System Plus): A protocol that provides access control for routers, network access servers, and other networked computing devices via one or more centralized servers, supporting more granular control over authentication and authorization processes.

Answer 649

TGT (Ticket Granting Ticket): Used in Kerberos authentication protocol as part of the process to authenticate a user. The TGT is issued by the Key Distribution Center (KDC) and allows the user to request service tickets for other resources within the network.

Answer 650

TKIP (Temporal Key Integrity Protocol) is an advanced security protocol developed to enhance wireless network security, specifically designed to rectify the vulnerabilities found in the older WEP (Wired Equivalent Privacy) system. TKIP incorporates three main security mechanisms to safeguard Wi-Fi communications: Per-Packet Key Mixing: TKIP uses a more sophisticated key mixing function for each data packet, making it much harder for attackers to predict or crack the encryption key compared to the static key used in WEP. Message Integrity Check (MIC): This feature adds a strong integrity check that is specifically designed to prevent tampering and forgery of packets. It ensures that the data transmitted over the network has not been altered or tampered with during transmission. Re-Keying Mechanism: TKIP automatically changes encryption keys at a set interval or after a certain number of packets have been sent. This frequent change of keys dramatically reduces the risks associated with key exposure and makes it difficult for attackers to decipher the encryption over time. Together, these enhancements make TKIP a significant improvement over WEP, providing stronger security measures that were necessary as wireless networking became more prevalent. However, it's important to note that TKIP has been succeeded by more advanced protocols like AES (Advanced Encryption Standard) with WPA2, as it too has shown vulnerabilities and is considered deprecated in modern security standards.

Answer 651

TSIG (Transaction Signature) is a security protocol used to add a layer of authentication to DNS (Domain Name System) communications, including updates and requests. This protocol helps ensure that the exchanges between DNS servers and clients are both secure and verified, thereby safeguarding against unauthorized modifications to DNS records. Here’s how TSIG enhances DNS security: Authentication of DNS Messages: TSIG uses shared secret keys and one-way hashing to authenticate DNS messages. Each message is appended with a unique signature generated from the message content and a secret key known only to the communicating parties. Prevention of Spoofing and Replay Attacks: The signatures include timestamps and unique identifiers, which help prevent replay attacks (where old messages are resent to trick the server) and ensure that the messages have not been tampered with during transit. Secure Zone Transfers: TSIG is commonly used to authenticate zone transfers (AXFR/IXFR) between DNS servers. This is crucial for preventing unauthorized access and ensuring that only legitimate servers can exchange DNS data. Dynamic DNS Updates: For environments that use dynamic DNS, TSIG can authenticate update requests to the DNS server, ensuring that only authorized clients can modify DNS records. This is particularly important in preventing DNS hijacking. By employing TSIG, DNS servers enhance their security protocols, making sure that every transaction is authenticated and verified, thus maintaining the integrity and reliability of the domain name resolution process.

Answer 652

UAT (User Acceptance Testing): The final phase of the software testing process, where end users test the software to ensure it can handle required tasks in real-world scenarios, meeting the business requirements and functioning as expected.

Answer 653

UTP (Unshielded Twisted Pair): A widely used type of cable that consists of two unshielded wires twisted around each other. It is used for various types of local area networks (LANs) and telephone connections, known for its cost-effectiveness and ease of installation.

Answer 654

VBA (Visual Basic for Applications): A programming language developed by Microsoft that is built into most Microsoft Office applications. It allows users to automate tasks and add custom functionality to Office suites, such as Excel, Word, and Access.

Answer 655

VDE (Virtual Desktop Environment): A computing model where a user's desktop environment is stored on a remote server rather than on a local PC or laptop. VDE allows users to access their desktop from any device, promoting mobility and flexibility. VDI and RDP are subsets of VDE.

Answer 656

VDI (Virtual Desktop Infrastructure): A technology that hosts desktop environments on a centralized server and deploys them to end-users over a network. VDI allows for centralized management, increased security, and reduced hardware costs.

Answer 657

VLSM (Variable Length Subnet Masking): A technique in IP networking that allows for more efficient allocation of IP addresses by dividing an IP address space into subnets of different sizes, optimizing the use of a limited number of IP addresses.

Answer 658

VPC (Virtual Private Cloud): A service offered by cloud providers that allows customers to provision a logically isolated section of the cloud where they can launch resources in a virtual network that they define. It combines the scalability of the cloud with the data isolation of a private network.

Answer 659

VTC (Video Teleconferencing): A technology that allows users in different locations to hold face-to-face meetings without having to move to a single location together. It uses audio and video transmissions to simulate a conference environment.

Answer 660

WPA (Wi-Fi Protected Access): A security protocol and security certification program developed by the Wi-Fi Alliance to secure wireless computer networks. WPA improves upon the security features of WEP (Wired Equivalent Privacy) and was further enhanced with WPA2.

Answer 661

WO (Work Order): A formal document (or an electronic record) detailing authorized work to be completed. In IT, a work order may specify tasks related to hardware, software, or network maintenance, upgrades, or installations.

Answer 662

XDR (Extended Detection and Response): A security solution that extends beyond traditional endpoint detection and response (EDR) by collecting and automatically correlating data across multiple security layers—email, endpoint, server, cloud workloads, and network—enabling a more comprehensive threat detection, investigation, and response capability.

Answer 663

GBICs (Gigabit Interface Converters): Modular transceivers that convert electrical signals into optical signals and vice versa, allowing gigabit ethernet networks to use fiber optic cables for long-distance communication. GBICs are inserted into network switches or routers to facilitate network connections.

Answer 664

NetFlow Analyzer: A software tool that uses the NetFlow protocol to collect and analyze network traffic data, helping administrators understand traffic patterns, identify bandwidth hogs, and detect potential security threats by monitoring flow data from routers and switches.

Answer 665

WiFi Analyzer: A software application or hardware tool that assesses and optimizes wireless network performance. It provides information on signal strength, channel congestion, and network security settings, aiding in the planning and troubleshooting of WiFi networks.

Answer 666

ARP Cache: Part of the Address Resolution Protocol, the ARP cache is used to maintain a correlation between each IP address and its corresponding MAC address. It allows for the efficient routing of data on a LAN.

Answer 667

Process Table: A kernel data structure that tracks the processes currently being managed by the operating system. It includes information like process IDs, process state, priority, and pointers to memory locations.

Answer 668

Kernel Statistics: Data collected by the operating system's kernel, providing insights into system performance, resource usage, and various activities. This information is critical for system management and troubleshooting.

Answer 669

Swap Space: A space on a hard drive used as the virtual memory extension of a computer's real memory (RAM). It allows for the temporary moving of pages of data from RAM to disk storage, making room for new processes in physical memory. This space plays a crucial role in managing system resources but is slower to access than RAM.

Answer 670

Counter Mode (CTR) is a mode of operation for block cipher encryption that converts a block cipher into a stream cipher. It encrypts data by combining plaintext with an encrypted counter. The counter, typically a sequence of numbers, is encrypted and then XORed (bitwise exclusive OR) with the plaintext to produce ciphertext. Each block of data uses a unique counter value, ensuring that identical plaintext blocks produce different ciphertext. Counter Mode is known for its simplicity and parallel processing capabilities, making it widely used in various encryption tasks, including securing data in transmission and storage.

Answer 671

- Encryption Input: CTR encrypts a counter value, whereas CFB encrypts the previous ciphertext block (or IV for the first block). - Parallel vs. Sequential Processing: CTR allows for parallel processing of blocks, making it faster and more efficient in some scenarios, while CFB must process data sequentially. - Use Cases: CTR is widely appreciated for applications requiring high throughput and parallel processing. In contrast, CFB's self-synchronizing property makes it useful for certain scenarios where data streams need to be encrypted/decrypted with some resilience to errors in transmission.

Answer 672

- Trusted Boot: Trusted Boot, also known as Secure Boot, ensures that each component of the boot process is signed by a trusted authority and validates each component before it is executed. Unlike Measured Boot, Trusted Boot actively prevents the execution of untrusted components, not just measures them. - Measured Boot: Measured Boot involves measuring each component of the boot process, from firmware up through the boot start drivers, and recording these measurements in a secure and tamper-resistant hardware component called the TPM (Trusted Platform Module). The purpose is to create a log that can be used to verify the integrity of the boot process.