Security+

Question 1

Symmetric Encryption

Answer 1

Single Key (Private Key)

Question 2

Asymmetric Encryption

Answer 2

Two Keys (Public Key)

Question 3

Stream Cipher

Answer 3

Bit-by-bit with XOR

Question 4

Block Cipher

Answer 4

Block-by-block

Question 5

DES and 3DES

Answer 5

Old Symmetric Block Cipher

Question 6

IDEA

Answer 6

Symmetric Block Cipher (Not Widely Used)

Question 7

AES

Answer 7

Symmetric Block Cipher (Widely Used Standard)

Question 8

RC4, RC5, RC6

Answer 8

Symmetric Stream Cipher, used in SSL and WEP

Question 9

Diffie-Helman (DH)

Answer 9

Asymmetric and used for VPN

Question 10

RSA

Answer 10

Asymmetric used for MFA and Digital Signatures

Question 11

ECC

Answer 11

Asymmetric used for Tablets/Mobile applications

Question 12

MD5

Answer 12

Older Less Secure Hashing Algo

Question 13

SHA-1, SHA-2, SHA-3

Answer 13

More Secure Hashing Algo

Question 14

RIPEMD

Answer 14

Hashing Algo

Question 15

HMAC

Answer 15

Message Authentication Hashing Solution

Question 16

Digital Signature

Answer 16

Created by using hashing and encrypting with private key

Question 17

PKI

Answer 17

Framework built on Asymmetric Encryption

Question 18

Certificate Authority (CA)

Answer 18

They issue digital certificates

Question 19

Key Escrow

Answer 19

Keys stored in secure 3rd party location, in case keys are somehow lost

Question 20

Digital Certificate

Answer 20

digitally signed doc that binds a public key with a user’s identity

Question 21

Registration Authority (RA)

Answer 21

Digital Certs are requested from an RA which will pass on the info to the CA

Question 22

TPM (Trusted Platform Module)

Answer 22

Hardware Encryption Solution (BitLocker) (Personal Vault)

Question 23

HSM (Hardware Security Module)

Answer 23

Hardware Encryption Solution (Financial Transactions)(Compliance) (Big Bank Vault)

Question 24

KMS (Key Management System)

Answer 24

Big Daddy System that Generates, Distributes, manages, and deletes keys

Question 25

Secure Enclave

Answer 25

Separate fortress inside devices (fingerprints, apple pay, face id)

Question 26

Steganography

Answer 26

Hidden data within pictures, etc

Question 27

Tokenization

Answer 27

Substituting sensitive data elements with non-sensitive equivalents (tokens)

Question 28

Downgrade Attack (Rollback attack)

Answer 28

An attack that forces a system to use an older encryption protocol to make it easier to crack

Question 29

Collision Attack (Birthday Attack)

Answer 29

Attack that attempts to find 2 different inputs that generate the same hash output

Question 30

Ad-Hoc vs One-Time Risk Assessments

Answer 30

Ad-Hoc - in response to specific event and may be repeated, One-Time - for specific event and are not repeated

Question 31

RTO

Answer 31

Recovery Time Objective

Question 32

RPO

Answer 32

Recovery Point Objective (maximum amount of data loss measured in time)

Question 33

MTTR

Answer 33

Mean time to repair

Question 34

MTBF

Answer 34

Mean time between failures

Question 35

EF

Answer 35

Exposure Factor

Question 36

SLE

Answer 36

Single Loss Expectancy

Question 37

ARO

Answer 37

Annualized Rate of Occurence

Question 38

ALE

Answer 38

Annualized Loss Expectancy

Question 39

GRC

Answer 39

Governance, Risk Management, Compliance

Question 40

DAC (Discretionary Access Control)

Answer 40

Owner decides who has access

Question 41

MAC (Mandatory Access Control)

Answer 41

Uses labels to determine access - Often used in government/military settings

Question 42

RBAC (Role-Based Access Controls)

Answer 42

Assigns access based on user roles

Question 43

MDM (Mobile Device Management)

Answer 43

Mobile Device management system for all mobile devices in an org

Question 44

RAID 0

Answer 44

Striping across 2 drives (Faster read/write) (no redundancy)

Question 45

RAID 1

Answer 45

Mirroring (Complete copy of data)

Question 46

RAID 5

Answer 46

Striping with parity (needs 3 drives)

Question 47

RAID 6

Answer 47

Striping with double parity (needs 4 drives)

Question 48

RAID 10

Answer 48

Combines RAID 1 and RAID 0

Question 49

SDN (Software-Defined Network)

Answer 49

Made up of 3 parts: Data Plane, Control Plane, and Application Plane

Question 50

FTP Port

Answer 50

TCP 20,21

Question 51

SSH Port

Answer 51

TCP 22

Question 52

Telnet Port

Answer 52

TCP 23

Question 53

SMTP Port

Answer 53

TCP 25

Question 54

TACACS+ Port

Answer 54

TCP 49

Question 55

DNS Port

Answer 55

TCP/UDP 53

Question 56

DHCP Port

Answer 56

UDP 67, 68

Question 57

HTTP Port

Answer 57

TCP 80

Question 58

Kerberos Port

Answer 58

TCP/UDP 88

Question 59

LDAP Port

Answer 59

UDP 389

Question 60

HTTPS Port

Answer 60

TCP 443

Question 61

SSTP Port

Answer 61

TCP 443

Question 62

LDAPS Port

Answer 62

TCP 636

Question 63

RDP Port

Answer 63

TCP 3389

Question 64

Layer 1

Answer 64

Physical

Question 65

Layer 2

Answer 65

Data Link

Question 66

Layer 3

Answer 66

Network

Question 67

Layer 4

Answer 67

Transport

Question 68

Layer 5

Answer 68

Session

Question 69

Layer 6

Answer 69

Presentation

Question 70

Layer 7

Answer 70

Application

Question 71

NGFW

Answer 71

Next-Gen FireWall - (Layer 7 Firewall with added benefits)

Question 72

UTM

Answer 72

Unified Threat Management Firewall (All in one hardware solution)

Question 73

WAF

Answer 73

Web Application FW

Question 74

Layer 4 Firewall

Answer 74

Port and Packet header info firewall

Question 75

Layer 7 firewall

Answer 75

Application level firewall, much more in-depth that layer 4 firewall

Question 76

ACL

Answer 76

Access Control List

Question 77

IDS vs IPS

Answer 77

IDS just logs and alerts, IPS takes action

Question 78

Proxy Server

Answer 78

A separate server that all traffic is routed through to increase privacy, security, and makes webpage retrieval faster due to its caching capabilities.

Question 79

Jump Server

Answer 79

Used to RDP/SSH (remote) into an isolated server group. Usually highly protected and in DMZ. Admins use these to configure and manage isolated servers securely.

Question 80

TACACS+

Answer 80

802.1x port authentication security (MAC address) solution, Used primarily for Cisco only solutions whereas RADIUS is a vendor neutral solution

Question 81

RADIUS

Answer 81

802.1x port authentication security (MAC address) solution, Vendor neutral solution, whereas TACACS+ is primarily used with Cisco products

Question 82

EAP

Answer 82

Extensible Authentication Protocol - used in conjunction with 802.1x for port auth security (MAC address)

Question 83

SD-WAN

Answer 83

Software Defined Wide Area Network

Question 84

SDN

Answer 84

Software Defined Network

Question 85

SASE

Answer 85

Secure Access Server Edge, A SASE (secure access service edge) architecture combines networking and security as a service functions into a single cloud-delivered service at the network edge.

Question 86

Screened Subnet

Answer 86

Basically new term for DMZ

Question 87

LDAP

Answer 87

Lightweight Directory Access Protocol (Used in single sign on)

Question 88

OAuth

Answer 88

Open Authorization (When you login to a site using Google account, you are using OAuth) (single sign on)

Question 89

SAML

Answer 89

Used in single sign on

Question 90

PAM

Answer 90

Privileged Access Management

Question 91

IoC

Answer 91

Indicators of Compromise (Signs that potential malicious activity occurred)

Question 92

Input Validation

Answer 92

Ensures applications only accept the right type of data (prevents against injection attacks)

Question 93

NAC

Answer 93

Network Access Control, software or hardware, scans devices before allowing access to network

Question 94

DKIM

Answer 94

DomainKeys Identified Mail, email security, prevents email spoofing etc

Question 95

SPF

Answer 95

Sender Policy Framework - email authentication

Question 96

DMARC

Answer 96

email security, works with DKIM

Question 97

EDR

Answer 97

Endpoint Detection and Response, database tool that helps cybersecurity staff to monitor events and conduct investigations, similar to IDS/IPS

Question 98

FIM

Answer 98

File Integrity Monitoring, checks core system files regularly to ensure they haven't been changed or tampered with

Question 99

XDR

Answer 99

Extended Detection and Response, just like EDR but more comprehensive (email, cloud, network, etc)

Question 100

UBA

Answer 100

User Behavior Analytics

Question 101

Well Known Ports

Answer 101

0-1023

Question 102

Registered Ports

Answer 102

1024-49151

Question 103

Private Ports

Answer 103

49152-65535

Question 104

Responsible Disclosure

Answer 104

When a vulnerability is found, you must reach out to the company and let them know about it so it can be patched, before going public with it

Question 105

CVSS

Answer 105

Common Vulnerability Scoring System

Question 106

CVE

Answer 106

Common Vulnerability and Exposures, A huge database with all the known vulnerabilities in the world and gives each one a number

Question 107

Nessus

Answer 107

Vulnerability Scanner

Question 108

OpenVAS

Answer 108

Vulnerability Scanner

Question 109

SNMP

Answer 109

Simple Network Management Protocol, it collects and organizes info about managed devices on a network, and can modify info and managed devices, (Info center that collects and notifies on any changes or events that are occurring on the network)

Question 110

SIEM

Answer 110

Security Information and Event Management, security solution that provides real-time analysis of security alerts that are generated by network hardware or software (Core hub to review events, logs, incidents)

Question 111

Agent vs Agentless SIEM

Answer 111

Agent is installed directly to each pc/endpoint (More detailed, real-time, but more maintenance) Agentless doesnt require anything to be installed, uses SNMP (less detailed, near real-time, less maintenance)

Question 112

Splunk

Answer 112

SIEM

Question 113

DLP

Answer 113

Data Loss Prevention

Question 114

SCAP

Answer 114

Security Content Automation Protocol, Standards used for compliance (Uses CVSS for scoring)

Question 115

NetFlow

Answer 115

Flow Analysis tool that captures meta data on all packets crossing the network so we can use them to identify trends and potential threats

Question 116

NIST 7 Step Incident Response Procedures

Answer 116

PDACERP, Prep, Detection, Analysis, Containment, Eradication, Recovery, Post

Question 117

Journalctl

Answer 117

used to look at logs on linux machine

Question 118

NXLog

Answer 118

Crossplatform tool to manage logs

Question 119

NetFlow

Answer 119

Cisco Network traffic capture, general info, not full packet capture

Question 120

SFlow

Answer 120

Open-source version of NetFlow

Question 121

802.1X

Answer 121

802.1x is a standard developed by the IEEE to govern PORT-BASED network access.

Question 122

DLP

Answer 122

Data Loss Prevention

Question 123

CRL

Answer 123

Certificate Revocation List

Question 124

DSA

Answer 124

Digital Signature Algorithm

Question 125

AUP

Answer 125

Acceptable Use Policy

Question 126

SPF

Answer 126

Sender Policy Framework (helps prevent email spoofing, defines which servers can send email on their behalf)

Question 127

CSR

Answer 127

Certificate Signing Request

Question 128

White Box Pen Test

Answer 128

Tester has all info about the server infrastructure prior to testing

Question 129

Black Box Pen Test

Answer 129

Tester has no info at all prior to testing

Question 130

Gray Box Pen Test

Answer 130

Tester has some info prior to testing

Question 131

Phishing, vs Vishing, vs Smishing

Answer 131

Email, Voice, Text

Question 132

IV

Answer 132

initialization vector (IV) is a random or unique number used in cryptography to ensure that the same plaintext encrypted multiple times will produce different ciphertexts

Question 133

SOW

Answer 133

A statement of work specifies the detailed scope of work, tasks, deliverables, timelines, and costs for a specific project or engagement with the vendor.

Question 134

MOA

Answer 134

A Memorandum of agreement (MOA) typically outlines a broader understanding or collaboration between parties, but it may not necessarily include specific services, timelines, and costs as in this context.

Question 135

SLA

Answer 135

A Service-level agreement (SLA) is a specific type of agreement that defines the level of service expected from the vendor, including performance metrics, response times, and other service-related terms.

Question 136

MSA

Answer 136

An MSA is a comprehensive contract that sets forth the general terms and conditions that will govern multiple future engagements between the parties.

Question 137

Playbooks

Answer 137

Implementing playbooks, such as through programs like Ansible to enforce and verify settings, enforces desired configurations and can quickly bring non-compliant systems back to the desired state.

Question 138

On-Path Attack

Answer 138

An on-path attack is a type of network attack that involves intercepting or modifying data in transit between two parties, such as by using a packet sniffer or a proxy server, or, in the case above, a rogue WAP.

Question 139

Federation

Answer 139

A federation allows different organizations to share digital identities, enabling single sign-on across them.

Question 140

Secure Erase

Answer 140

Secure erase involves overwriting data in a manner that ensures it's permanently removed and unrecoverable. It's the gold standard for data destruction on a storage device, ensuring utmost privacy and security.

Question 141

Side loading

Answer 141

When u install apps on a mobile device from a non trusted source, not the app store

Question 142

BPA

Answer 142

Business Process Analysis (Process Flow)

Question 143

Port 9