SG#1

Question 1

Deterrent Control

Answer 1

A Deterrent Control serves to inhibit the attacker by reducing the possibility of success from the viewpoint of the attacker.

Question 2

Preventive Control

Answer 2

Preventive Controlrefers to the prevention of specific action from occurring. For example, Firewall

Question 3

Corrective Control

Answer 3

Corrective Control is an attempt to reduce the amount of damage and is used after an event. For example, ‘Backup’ helps the rapid restoration of operation.

Question 4

Compensating Control

Answer 4

To directly address the threat when there is no control available, one thing needed to meet the requirement is ‘Compensating Control.’ For example, the ‘Fire suppression System’ that do not stop fire damage but can limit fire damage

Question 5

Technical Control

Answer 5

When some form of technology is used to address the physical security issue, it is referred to as a ‘Technical Control.’ For example, Biometrics.

Question 6

Administrative Control

Answer 6

Limiting the security risks through policies and procedures is known as ‘Administrative Control.’ For example: Giving instructions to a security guard.

Question 7

Data Owner

Answer 7

The data owner is accountable for specific data, and is often a senior officer of the organization.

Question 8

Data Protection Officer (DPO)

Answer 8

The data protection officer (DPO) is responsible for the organization’s data privacy. The DPO commonly sets processes and procedures for maintaining the privacy of data.

Question 9

Data Steward

Answer 9

Manages access rights to the data. Example the IT Team.

Question 10

Data Processor

Answer 10

Is often a third party that processes data on behalf of the data controller

Question 11

Data Controllers

Answer 11

Are people in charge of the data’s processing purposes and methods.

Question 12

OSINT

Answer 12

Open Source Intelligence
Is the process of obtaining information from open sources, such as social media sites, corporate websites, online forums, and other publicly available locations

Question 13

Wireshark

Answer 13

Is protocol analyzer and it can provide information about every frame that traverses the network. it can show process and details about the payloads used during the attempt.

Question 14

Netstat

Answer 14

Command to display connectivity information about a device.

Question 15

Nmap

Answer 15

A tool for understanding the potential exploit vectors device, but it wont show information about an active exploitation attempt.

Question 16

Jump Server

Answer 16

A Jump server is a highly secured device commonly used to access secure areas of another network.

It usually connects to the jump server using the SSH or VPN tunnel and then jumps to another devices on the inside of the protected Network.

Question 17

MSP`

Answer 17

Manages Service Provider
Provides outsourced monitoring and administration of security devices and systems.
It usually manages firewalls, intrusion detection , virtual private networks

Question 18

HSM

Answer 18

Hardware Security Module
Provides a way for Cryptographic functions like hashing, encryption etc. it manages and stores keys in a secure location by keeping the back up of the key.

Question 19

NAC

Answer 19

Network Access Control
With NAC, the traffic flow from inside or outside the network is controlled.
It can be enable or disabled easily.

Question 20

Airgap

Answer 20

Logical or physical separation of a network from all other networks.

Question 21

RADIUS

Answer 21

Remote Authentication Dial-In User Service
Is a common authentication Method of centralizing authentication for users.
This avoids the need to have separate local accounts on different devices.

Question 22

PAP

Answer 22

Password Authentication Protocol
Is an authentication method that can validate a username and password.
It does not provide centralized authentication database.

Question 23

IPSec

Answer 23

Its primary goal is to offer CIA (Confidentiality, integrity and Authentication)
It is commonly used as an encrypted tunnel between sites or endpoints.
It is useful for protecting data sent over the network.

Question 24

Least Privilege

Answer 24

It limits the rights and permission of a user account to only the access required to accomplish their objectives.
This policy would limit the scope of an attack originating from a user in the IT department.

Question 25

Separation of Duties

Answer 25

It ensures that multiple users are required to complete a single business process.

Question 26

DAC

Answer 26

Discretionary Access Control
With this, access and permission are determined by the owner or originator of the files or resources.

Question 27

WPS

Answer 27

Wifi Protected Setup

Provides simplified mechanisms to configure secure wireless networks.

The External registrar PIN exchange mechanism is susceptible to bruteforce attacks.

Question 28

Acceptance

Answer 28

Risk acceptance is a business decision that places the responsibility of the risky activity on the organization itself.

Question 29

Mitigation

Answer 29

Strategies to limit the impact of threat against data in custody.

Question 30

Transference

Answer 30

The act of shifting risks from one area (or organization) to another.

Question 31

Risk-avoidance

Answer 31

The elimination of hazards, activities and exposures that can negatively affect an organization and its assets.

Question 32

Sideloading

Answer 32

The installation of software from a third party rather than an approved source.

Question 33

OTA

Answer 33

Over The Air

Updates commonly provided from the carrier and are not part of mobile app installations.

Question 34

Tethering

Answer 34

is the practice of using a mobile device as a modem to connect another device, such as a laptop or another mobile phone to the internet.

Question 35

RAID

Answer 35

Redundant Array of Independent Disks
It is used to increase the reliability of storage disk.

Question 36

RAID 0

Answer 36

A striped storage system with no parity, and a single drive failure does not maintain uptime or any redundancy of data.
It fails when one or more drives fail.

Largest size and fastest.

Question 37

RAID 1

Answer 37

Maintains a mirror of data across multiple drives.
If a single drive was to fail, the mirror would continue to operate.

Smallest and slowest
For recovery, only one drive is required.

Question 38

RAID 3

Answer 38

Set of stripes with special parity
Data is distributed evenly among two or more disks, as well as a parity drive.

For sequential read/write operations.

A single drive failure will cause the system to rebuild.

Question 39

RAID 5

Answer 39

Provides redundancy through striping with parity. Although this arrays will continue to operate through a single drive failure, the data will not replicate across drives.

Question 40

RAID 10

Answer 40

Is the combination of 1 + 0 maintains mirrored drives that contain striped data.

Question 41

RAID 10

Answer 41

Is the combination of 1 + 0 maintains mirrored drives that contain striped data.

Question 42

NULL Pointer Dereference

Answer 42

Occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

Question 43

OCSP

Answer 43

Online Certificate Status Protocol
Using this, the browser can check certificate revocation or the certificate status.

Question 44

CSR

Answer 44

Certificate Signing Request
It starts with a pair of key creations. One is a private key that is kept on the website, and the other is a public key that is sent to the certification authority to be digitally signed.

Question 45

KEY Escrow

Answer 45

The system responsible for storing and providing a mechanism for obtaining copies of private keys associated with encryption certificates.

Question 46

ESP

Answer 46

Encapsulation Security Payload
Protocol that encrypts the data that traversers the VPN.

Question 47

Deffie-Hellman

Answer 47

An algorithm used for two devices to create identical shared keys without transferring those keys across the network.

Question 48

Minimization

Answer 48

Is a guideline that limits the amount of collected information to necessary data.

Question 49

Anonymation

Answer 49

It changes the data to remove or replace identifiable information.

Question 50

Tracecert

Answer 50

command allows mapping an entire path between two devices to know what routes may be between point A and point B.

Question 51

Dig

Answer 51

Domain Information Grouper
It can be used to perform reverse-lookup of the IPv4 address and determine the IP address block owner that may be responsible for the traffic.

Question 52

SLA

Answer 52

Service Layer Agreement
Is a contract that specifies the minimum terms for provided services.

Question 53

SAE

Answer 53

Simultaneous Authentication of Equals

The technique produces a cryptographically strong shared secret
that can secure other data, such as network communication, Passive, active and dictionary attacks are all resistant to SAE

Question 54

IR Process

Answer 54

Preparations
Detection
Analysis
Isolation and Containment
Eradication
Recovery
Reconstitution
Lessons Learned.

Question 55

NsLookup

Answer 55

Lookup information from DNS servers like IP addresses, Cache Times, canonical names, etc.

Question 56

ipconfig/ifconfig

Answer 56

Determines TCP/IP and network adapter information and some additional IP details.

For Linux and Max is “ifconfig”.

Question 57

Tcdump

Answer 57

captures packets from the command line

Question 58

Nmap

Answer 58

Offers host discovery, port discovery, service discovery.
Hardware (MAC) address information, Service version detection, Vulnerability and exploit detection can be found using Nmap scripts (NSE).

Question 59

ping/pathping

Answer 59

A command is merged together with the functionality of ping and traceroute to create a single command called pathping.

Pathping will run a traceroute to a destination IP address to determine what routes may be in between your local devices and the one you are running as part of pathping.

Question 60

hping

Answer 60

TCP/IP packet assembler and analyzer. it receives IP data, de-packets that data, and moves it to the linked device in the reverse order.

Question 61

netstat

Answer 61

Netstat stands for “Networks statistics”. Provides statistics about all active connections so you can find out which computers or networks a PC is connected to.

Question 62

IP Scanners

Answer 62

is cmd tool to scan the network for IP addresses. This usually uses a number of different techniques to identify and then display the devices and port numbers on your systems.

Question 63

ARP

Answer 63

Address Resolution Protocol
It is a stateless protocol to ensure communication by resolving the IP address to MAC address mapping withing a broadcast domain.

Question 64

ARP Spoofing Attack

Answer 64

An attacker sends forged ARP packets over a Local Area Network (LAN).

The switch will update the attackers MAC’s address with the IP address of a legitimate user or server.

Question 65

Route

Answer 65

Is used to view the device’s routing table and help to fins the best possible way in which the packets will go.

Question 66

Curl

Answer 66

Client URL.
It refers to a URL that you can use to access the web pages, perform FTP, or receive emails.

It allows to grab raw data from different sites and display it on the terminal screen.

Question 67

The Harvester

Answer 67

Tool used to obtain free information from public websites.

Question 68

Spiner

Answer 68

Reconnaissance tool that integrates different reconnaissance tools into one framework to provide one set of queries and outputs for all different functions.

Question 69

Scanless

Answer 69

Tool used to avoid your device to be used as the scan source when performing a port scan. This is done by using a different host that will act as a proxy for port scanning.

Question 70

Dnsenum

Answer 70

Command that will enumerate DNS information from a DNS server.

Question 71

Nessus

Answer 71

Vulnerability tool that has extensive reporting help to identify vulnerabilities, and it helps to resolve the vulnerabilities on the system.

Question 72

Cuckoo

Answer 72

Sandbox that is specifically written to run the programs inside and identify any malware.

Question 73

head

Answer 73

command to see the top part of the file

Question 74

tail

Answer 74

command to view the last portion of the file.

Question 75

cat

Answer 75

Short for concatenate.
Used to view multiple files or linked them together to create a large file.

Question 76

grep

Answer 76

allows us to find any bit of text that we require in the file.

Question 77

chmod

Answer 77

Allows changing the mode of the file system object to read, write or execute.

Question 78

Logger

Answer 78

Responsible for adding the additional information into the system log in that operating systyem.

EX, syslog

Question 79

ARO

Answer 79

Annual Rate of Occurrence
Describes the number of instances that an event would occur in a year.

Question 80

ALE

Answer 80

Annual Loss Expectancy
Expected cost for all events in a single year.

Question 81

SLE

Answer 81

Single Loss Expectancy
Is the monetary loss of a single event occurs.

Question 82

MTTR

Answer 82

Mean Time To Repair
The amount of time required to repair a product or system after failure.