Security+

Question 1

what do the terms PII PHI and IP stand for in regards to confidentiality

Answer 1

Personally identifying information, Personal health information, Intellectual Property

Question 2

what are the three components of the CIA triad

Answer 2

Confidentiality, Integrity, Availibility

Question 3

what is non-repudiation

Answer 3

non repudiation is the enforcement of the inability for a subject to deny they took part in an agreement or contract

Question 4

What is AAA

Answer 4

Authentication, Authorisation, Accounting

Question 5

what is Character mode

Answer 5

character mode sends keystrokes or commands to a network admission device for the purpse of configuration or administration on that same device

Question 6

what is Packet or network mode

Answer 6

packet/network mode occurs when the network admission device servs as an authentication proxy on behalf of the services in other networks such as web,ftp,dns etc

Question 7

what are the 4 common device authentication methods

Answer 7

a shared secret key stored on endpoints.
an X.509 V3 device certificate stored in a software application.
a cryptographic key , cert or other credential stored at hardware level in a tpm.
a key stored in a Hardware security module HSM.
a Protected Access File PAC file in a EAP-FAST network.

Question 8

what is DAC

Answer 8

dac is discretionary access control, DAC grants accces to the resource decisions to the owners and custodians

Question 9

what is RBAC

Answer 9

RBAC is role based access control

in which access is granted based on job title, users gain rights based on their roles

Question 10

what is MAC in terms of authorisation models

Answer 10

Mandatory access control is a strict mathematical model in which access to a resource is determined by the system based on predefined security labels and rules, principals are assigned security clearences such as top secret,classified etc
resource objects are labled with sensitivity levels
access is granted or denied by comparing these labels and rules, ensuring strict control and preventing unauthorized access
this is a non-discretionary model

Question 11

what is ABAC

Answer 11

ABAC is attribute based access control, abac uses combination of characteristics associated with user such as job role, use of vpn, sensitvity level, time of access etc

authorisation policies are defined using these combinations and decisions made based on evaluating the attibutes against defined policies

Question 12

what is ABDAC

Answer 12

ABDAC is the combination of DAC and ABAC Attribute based dynamic access control, considers factors such as risk assement, user attributes and resource attributes and contextual information to make access control decisions in real time

Question 13

what are the 4 main security control categories

Answer 13

Technical, Physical, Managerial and Operational

Question 14

what are the 6 main security control categories

Answer 14

Preventative, deterrent
Detective, corrective
compensating, directive

Question 15

what is gap analysis

Answer 15

gap analysis is the process of analysing the current stat and where you would like the business to be in regards to it security it could be applied to projects, plans and initiatives throught an entire career

Question 16

what are some common security gaps

Answer 16

weak/shared creds

lack of tested patch management

violation of tested patch management

no/unenforced AUP

poor physical security

config and deployment errors due to lack of

change and config management
lack of proper auditing

Question 17

what is ZT

Answer 17

Zero Trust
a term for an evolving set of cybsec intiatives that move away from static network based perimeters
ZT assumes there is no implicit trust granted to assets based purely on network/physical location or asset ownership

Question 18

What is SIEM

Answer 18

Security Information and Event Management

SIEM systems give security teams a more holistic look at who is trying to gain access to their systems at any point in time

Question 19

what is SOAR

Answer 19

Security orchestration, automation, and response
refers to a set of tools and services which automate cyberattack prevention and response

Question 20

what is the PDP

Answer 20

policy decision point
which is contained in the ZT control data plane

Question 21

what is the PE

Answer 21

Policy Engine
uses enterprise policy driven access control to grant/deny or revoke access to resources

Question 22

what is the PA

Answer 22

Policy Administrator
the PA enables/disables the communications path between a subject and a resource via commands to associated policy enforcement points

Question 23

what is PEP

Answer 23

Policy enforcement point
a device such as switch which forwards info to the policy data plane to then be verified and then the information can leave as trusted

Question 24

what are the 2 main types of PEPs

Answer 24

Network PEPs
-edge routers
-edge firewall appliances
-SDP gateways
-Network L2/ML switches
-Authentication proxy servers

Application PEPs
-API gateways
-Resource groups
-Network VLANS
-Code repositories
-trusted cloud services

Question 25

how many classes of gate are there

Answer 25

4

Question 26

what are the 6 stages of change management lifecycle

Answer 26

1.Submitting
2.Approving
3.Documenting
4. Testing
5.Implementing
6.Reporting

Question 27

what are the 2 types of control used to describe allow/deny lists

Answer 27

Allow - permissive control
Deny - Restrictive control

Question 28

what is a CMDB

Answer 28

configuration management database, the database in which a well established tagging and labelling schema maps to

Question 29

what is a CMS

Answer 29

config management system

Question 30

what are the 2 main types of cryptography

Answer 30

Symmetric and Asymetric

Question 31

what are some benefits of symmetric key cryptosystems

Answer 31

same key to encrypt and decrypt

efficient, fast and handles high data rates of throughput

computationally inexpensive

deploys shorter key lengths (40-512bits)

Question 32

what are some disadvantages of Symmetric keys

Answer 32

keys under 128 bits are easily cracked

key management is more complex unless using Hardware security modules (HSMs) or cloud management services

symmetric systems do not scale well unless cloud managed
populare algorithms are AES-CBC-128/256 and AES-GCM-128/256

Question 33

what are the 2 types of ciphers in symmetric key systems

Answer 33

Block cipher
-operates on fixed blocks of data based on key size eg 64/128/256
-Messages bigger than the key size must be broken into blocks the size of the key and must include padding
common block ciphers :
DES (mostly deprecated)
3DES-EDE (mostly deprecated)
AES-CBC
AES-GCM
Blowfish

2. Stream Ciphers
   operate on a continuous stream of plaintext data by encrypting one bit or byte at a time
   plaintext bits are typically XORed with keystream bits
   keystream = random bits, bytes, numbers, characters
   Faster and less complex than block ciphers
   examples of stream ciphers are
   FISH
   CryptMT
   Scream
   Cryptographic hashing

Question 34

what are some advantages of Asymmetric key systems

Answer 34

uses a mathematically related pair of public and private key

PKI enables efficient key management and scalability

often used for digital signatures and key exchange

employs longer key length, up to 4096

Question 35

what are some popular asymmetric algorithms

Answer 35

RSA (Rivest-Shamir-Adleman) is the most widely used algorithm for securing data communication and data encryption

Diffie-Hellman key exchange - a protocol for securely exchanging cryptographic keys over an untrusted network

ECC elliptic curve cryptography - an algorithm based on the algebraic structure of elliptic curves over finite fields

DSA digital signature algorithm - a standard based on the mathematical concept of modular exponentiation and discrete logarithm problems

you can do dsa in ecc called eccdsa

Question 36

what is FDE and MBR

Answer 36

Full disk encryption, the process of encrypting all user data on a device

Master boot record, includes code that loads the operating system , this is not encrypted

Question 37

what are the main levels of encryption

Answer 37

Full disk
partition
file
Volume/block
Database / record

Question 38

what is hashing

Answer 38

a one way mathematical function that produces a digest of 128-512 bits

converts data of virtually any size into a fixed length string called a hash value, message digest, or fingerprint

essentially an advanced version of a simple checksum

subject to the birthday paradox and avalanche effect

must be collision resistant so no 2 seperate inputs can create the same hash, this is why MD5 was phased out

Question 39

what are some common hash functions

Answer 39

RIPEMD - 128/160/256/320 bit versions
SHA1 -160 bit
SHA2 - SHA256 or SHA512
SHA3 - 224-512
Whirlpool - modified AES

Question 40

what is Salting

Answer 40

salting is the technique of adding pseudorandom data to a hash function to make it less deterministic for cracking tools such as rainbow tables

2 weaknesses would be salts that are too short or arent unique for each password

Question 41

what is a HMAC

Answer 41

Has based message authentication codes
used for integrity and origin authentication

Question 42

what is DHKE

Answer 42

Diffie-Hellman key exchange
used to establish secret keys between 2 parties over an unsecure channel

used in SSH2, TLS and IPsec

cannot sign public key certs whereas RSA can

Question 43

what are the different types of DH

Answer 43

DH - same shared secret used all the time
DHE/EDH - different shared secret is used each time between parties
ECDH - uses EC public / private key pair, same shared secret used all the time between parties
ECDHE/ECEDH - uses public/private key pair, different shared secret used each session

Question 44

what is ECDHE/ECEDH

Answer 44

Elliptic curve diffie-hellman ephemeral

based on rich math functions of values plotted on an elliptic curve

uses smaller keyspaces while offering superior strength

256 bit elliptic key = 3072 bit standard key

good for mobile devices and IoT with limited memory and processing power

Question 45

which algorithms are used for hashing and which are used for signing typically

Answer 45

SHA1/2/3 for hashing
RSA, DSA,ECDSA for signing

Question 46

what are some common characteristics of structured attacks

Answer 46

-planned
-organised
-Persistent
-Multi phased
- internal or external
- commonly use exploit kits, zero days, modules and ransomeware

Question 47

what are some common characteristics of non-structured attacks

Answer 47

-accidental
-non malicious
- drive by web-surfing
-no AUP
-email
-usb and personal devices
- usually internal

Question 48

what is a script kiddy

Answer 48

inexperienced hackers who use pre-packaged script viruses or MaaS
Most commonly spread by email

Question 49

what is shellcode

Answer 49

small stubs of code used as a payload

Question 50

what is a dll

Answer 50

dynamic link library is a shared library of functions that multiple programs can access

Question 51

what are the treacherous 12

Answer 51

-data breaches
-weak creds and access management
-insecure apis
-system and application vulnerabilities
-account hijacking
-malicious insiders
-advanced persistent threats
-data loss
-insufficient due diligence
-abuse and nefarious use of cloud services
-DOS
-Shared tech vulnerabilities

Question 52

what is sdn

Answer 52

Software defined networking

Question 53

what is twofish

Answer 53

symmetric key block cipher block size 128 to 256 bits, does not provide full disk encryption

Question 54

what is GPG

Answer 54

GNU Privacy Guard, an alternative to Pretty Good Privacy (PGP) provides privacy and authentication, usually used to sign, encrypt and decrypt files/emails/whole disk partitions GPG is free alternative to PGP. does not need a hardware chip

Question 55

what is RipeMD

Answer 55

a 160 bit message digest encryption method comes in 128, 256 and 320 bit versions named RipeMd-128/256/320 respectively

Question 56

what is PAP

Answer 56

Password authentication protocol, users username and pw are sent to table which is encrypted to provide auth

Question 57

what is paralell processing

Answer 57

parallel processing is the testing of abilities to handle increased workload by simultaneously initiating multiple tasks and testing the systems ability to cope
it also helps ensure redundancy is built into the system

Question 58

what are 2 protocols that can be used to make a vpn connection

Answer 58

PPTP and LT2P
point to point tunneling protocol and layer2 tunneling protocol