Study Test A

Question 1

HTTPS

Answer 1

Hypertext Transfer Protocol Secure – Used for secure communication over a network. Used on internet to protect data between user’s computer and website. Uses TLS. (Ex. Online purchases are secure) Port 443 TCP

Hypertext Transfer Protocol over SSL/TLS (HTTPS) provides an encrypted web connection to the router

Question 2

Hybrid cloud model

Answer 2

Combines both private and public cloud infrastructures

Question 3

Reconstitution (incident response)

Answer 3

The recovery after a breach, can be a phased approach that may take months to complete

Question 4

CMS

Answer 4

Content Management System - Used to manage the creation and modification of digital content

Question 5

802.1X

Answer 5

Authentication protocol, but it needs additional functionality to authenticate across multiple user databases. Centralized authentication server. Provides an authentication framework that allows a user to be authenticated by a central authority. Standard for port-based network access control (PNAC)…RADIUS

Question 6

A IPS can detect…
If an alert was generated by an embedded script and an attacker’s IP Address

Question 7

ABAC

Answer 7

Attribute-based Access Control - combines many different parameters to determine if a user has access to a resource based on attributes

Provides the most detailed and explicit type of access control over a resource

Question 8

Active Reconnaissance

Answer 8

Used to gather info about services on network. Intruder engages with the targeted system to gather info about vulnerabilities Does not exploit vulnerabilities

Question 9

Administrative Control

Answer 9

Sets a policy that is designed to control how people act

Question 10

AES

Answer 10

Advanced Encryption Standard - Symmetric block cipher chosen by the U.S. government to protect classified information.

Specification for the encryption of electronic data

Key size can be 128/192/256 bits

Question 11

Agile development life-cycle

Answer 11

Process of developing code that is rapid and highly-collaborative.

Software development that is performed in small increments to allow more adaptivity and room to change

Question 12

ALE

Answer 12

Annual Loss Expectancy - is the financial loss over an entire 12-month period

Question 13

An immutable system

Answer 13

Can’t be changed once deployed

Question 14

Anti-spoofing

Answer 14

Commonly used with routers to prevent communication from spoofed IP addresses

Question 15

API

Answer 15

Application Programming Interface - how 2 or more computer programs communicate with each other

Question 16

ARO

Answer 16

Annual Rate of Occurrence - the number of times an event will occur in a 12-month period

Question 17

ARP poisoning

Answer 17

Address Resolution Protocol poisoning - often associated with a man-in-the-middle attack. Attacker must be on the same local IP subnet as the victim, so it’s often associated with an external attack

Spoofing attack that hackers use to intercept data…attacker sends falsified ARP (Address Resolution Protocol) messages over a local area network

Question 18

Backdoor

Answer 18

Allows an attacker to access a system at any time without any user intervention. If there are inbound traffic flows that cannot be identified, it may be necessary to isolate that computer and examine it for signs of a compromised system

Question 19

Business Impact Analysis

Answer 19

Usually created during the disaster recovery planning process

Question 20

CA Key

Answer 20

Certificate Authority key - commonly used to validate the digital signature from a trusted CA. Not commonly used for user data encryption

Question 21

Captive portal

Answer 21

Commonly used on web-based systems as an authentication method

Question 22

CASB

Answer 22

Cloud Access Security Broker – can be used to apply security policies to cloud-based implementations. Management software designed to mediate access to cloud services by users across all devices. Provide visibility into how clients and other network nodes use cloud services

Question 23

CHAP

Answer 23

Challenge-Handshake Authentication Protocol - combines a server’s challenge message with the client’s password hash during the authentication process

Question 24

Community cloud model

Answer 24

Resources and costs are shared among several different organizations who have common service needs

Question 25

Compensating Control

Answer 25

Doesn’t prevent an attack, but it does restore from an attack using other means. In this example, the UPS does not stop a power outage, but it does provide alternative power if an outage occurs.

Used whenever you can’t meet the requirements for a normal control, mechanism that is put in place to satisfy the requirement for a security measure that is deemed too difficult or impractical to implement at the present time

Question 26

ACL

Answer 26

Access Control List. Can be configured with the router. Filters traffic by IP address and port number

Single entry in a firewall that dictates whether specific communication is permitted (allowed) or denied (blocked)

Network traffic filter that can control incoming or outgoing traffic

Question 27

Connecting a VPN to separate networks would…?

Answer 27

Encrypt all information between the two networks, but would not provide any segmentation

Question 28

Containerization

Answer 28

Mobile device containerization allows an organization to securely separate user data from company data on a mobile device

Question 29

COPE

Answer 29

Corporately Owned and Personally Enabled – commonly purchased by the corporation and allows the use of the mobile device for both business and personal use

Question 30

Corrective Control

Answer 30

A corrective control can actively work to mitigate any damage

Question 31

DAC

Answer 31

Discretionary Access Control - allows the owner of the resource to control who has access

Question 32

Data Custodian

Answer 32

Manages access rights and sets security controls to the data

Role that handles managing the system where the data assets are stored. Responsible for enforcing access control, encryption, and backup/recovery measures

Question 33

Data Owner

Answer 33

Usually a high-level executive who makes business decisions regarding the data

Rsponsible for labeling the asset and ensuring that it is protected with appropriate controls. The data owner typically selects the data steward and data custodian and has the authority to direct their actions. Ultimately they’re the main person responsible for the data

Question 34

Data sanitization

Answer 34

Commonly used to permanently delete individual files from a drive or permanently delete all data on a drive

Question 35

Data Steward

Answer 35

Responsible for data accuracy, privacy, and adding sensitivity labels to the data

Primarily responsible for data quality

Question 36

Degaussing the hard drive does what?

Answer 36

Removes everything on the drive, but it will also erase any ROM or flash memory components on the drive.

If the goal is to completely destroy the drive, then degaussing would be a good choice. Uses magnets

Question 37

Detective Control

Answer 37

May not prevent access, but it can identify and record any intrusion attempts

Question 38

Detective Control

Answer 38

May not prevent access, but it can identify and record any intrusion attempts

Question 39

Differential Backup

Answer 39

Backs up anything that has changed since the last full backup

Question 40

Digital signature

Answer 40

A certificate authority will digitally sign a certificate to add trust. If you trust the certificate authority, you can then trust the certificate

Question 41

DLL injection

Answer 41

Dynamic Link Library injection – Takes advantage of the libraries referenced by an application rather than the application itself. Injects malicious code in place of another code, forcing computer to load the malicious dynamic-link library

Question 42

DNS

Answer 42

Domain Name System – Turns human readable “example.com” into a computer readable IP address Port 53 TCP/UDP

Question 43

DNSSEC

Answer 43

Domain Name System Security – Ensures Domain Name is legit. Used on DNS servers to validate DNS responses using public key cryptography

Question 44

Preventive Control

Answer 44

Physically limits access to a device or area

Question 45

DoS

Answer 45

Denial of Service - an attack that overwhelms or disables a service to prevent the service from operating normally. A packet that disables a server would be an example of a DoS attack

Question 46

DV certificate

Answer 46

Domain Validated - Shows that the owner can manage aspects of their DNS configuration. DV certificate would generally go through less validation than an EV certificate

Question 47

EAP-FAST

Answer 47

Extensible Authentication Protocol - Flexible Authentication via Secure Tunneling – an updated version of LEAP (Lightweight EAP) that was commonly used after WEP (Wired Equivalent Privacy) was replaced with WPA (Wi-Fi Protected Access)

Question 48

EAP-TLS

Answer 48

Extensible Authentication Protocol - Transport Layer Security – does not provide a mechanism for using multiple authentication types within a TLS tunnel. Requires both the client and the server to identify themselves with a certificate

Question 49

EAP-TTLS

Answer 49

Extensible Authentication Protocol - Tunneled Transport Layer Security – allows the use of multiple authentication protocols transported inside of an encrypted TLS tunnel. This allows the use of any authentication while maintaining confidentiality with TLS. Requires only server-side certificates

Question 50

Elasticity

Answer 50

Scales resources as the demand increases or decreases

Question 51

EV SSL Certificate

Answer 51

Extended Validation Certificate - certificate is provided by a Certificate Authority after additional checks have been made to validate the certificate owner’s identity.

Highest level of trust a company can inspire in its website visitor

Does not provide any additional encryption features, but makes your website super legit

Question 52

False Negative

Answer 52

When malicious activity is identified as normal, no alert

Question 53

False Positive

Answer 53

When normal activity is identified as an attack

Question 54

Faraday Cage

Answer 54

An enclosure used to block electromagnetic fields/electromatic interference

Question 55

Fault-tolerant

Answer 55

Can correct itself if a problem is identified

Question 56

FTPS

Answer 56

File Transfer Protocol Secure – Transfers files from hosts to hosts over encrypted connection using TLS
Port 989/990 TCP

Question 57

Fuzzing

Answer 57

Method of testing software that inputs random or unexpected data to examine the results

Used to test input validation by entering random, unexpected data into application fields to see how the software program reacts

Question 58

Highly available

Answer 58

Environment maintains the availability of a system if a problem occurs. In a highly available environment, the corrections are implemented automatically and usually without the knowledge of the end user. An application platform that is constantly changing many not necessarily be highly available Refers to a system that needs to remain up and operational

Question 59

HMAC

Answer 59

Hash-based Message Authentication Code - can check for data integrity and authenticity with a hash, does not provide encryption or decryption

Question 60

Host-based firewall

Answer 60

Monitors traffic flows on host network. Does not commonly log hardware or USB drive access

Question 61

HSM

Answer 61

Hardware Security Module - high-end cryptographic hardware appliance that can securely store keys and certificates for all devices. Physical device that acts as a secure cryptoprocessor during the encryption process

Question 62

IaC

Answer 62

Infrastructure as code - describes the virtualization of infrastructure components such as firewalls, routers, and switches

Question 63

Incremental Backup

Answer 63

Starts with a full backup. It backs up anything that has changed since the last full or incremental backup

Question 64

Integrity measurement

Answer 64

Designed to check for the secure baseline of firewall settings, patch levels, operating system versions, and any other security components associated with the application. These secure baselines may vary between different application versions

Question 65

IoT

Answer 65

Internet of Things – wearable tech, home automation devices. Objects that must be connected to the internet (Ex. refrigerator, thermostat, apple watch)

Question 66

IPS logs

Answer 66

Can show attacks that may be attempting to exploit this vulnerability

Question 67

ISO

Answer 67

International Organization for Standardization - international standard development organization

Question 68

Isolation and containment (incident response)

Answer 68

During an incident, it’s useful to separate infected systems from the rest of the network

Question 69

Kerberos

Answer 69

Uses public-key cryptography to provide security during the authentication process. Uses a ticket-based system to securely provide SSO (Single Sign-On) functionality. You only need to authenticate once with Kerberos to gain access to multiple resources. Port 88

Question 70

Kernel Statistics

Answer 70

Stored in memory

Question 71

LDAPS

Answer 71

Lightweight Directory Access Protocol Secure or LDAPS over TLS - Standard for accessing a network directory. Can provide an authentication method, but it does not provide any single sign-on functionality

Port 636

Question 72

Lessons learned (incident response)

Answer 72

Once the event is over, it’s useful to revisit the process to learn and improve for next time

Question 73

MAC

Answer 73

Mandatory Access Control - allows access based on the security level assigned to an object. Only users with the object’s assigned security level or higher may access the resource.

Question 74

MAC filtering

Answer 74

Media access control filtering - Blocks traffic based on MAC addresses. This is a weak system because it’s easy to spoof MAC addresses. Device can see access point but will not be able to connect to it

Question 75

SSID Broadcast suppression

Answer 75

Service Set Identifier - Broadcast will hide the name from the list of available wireless networks. Properly configured client devices can still connect to the network wireless

Question 76

Master image

Answer 76

Used to quickly copy a server for easy deployment. This image will need to be updated and maintained to prevent the issues associated with unexpected vulnerabilities

Question 77

MD5

Answer 77

Hashing algorithm. Doesn’t provide a method of encrypting and decrypting info. Neither a symmetric nor asymmetric

Question 78

MDM

Answer 78

Mobile Device Manager – provides a centralized management system for all mobile devices

Question 79

MFD

Answer 79

Multi-function Devices – All in one printer

Question 80

Most common way a Trojan is delivered?

Answer 80

A download

Question 81

MTBF

Answer 81

Mean Time Between Failures – Prediction of how often a repairable system will fail

Question 82

MTTF

Answer 82

Mean Time to Failure – Expected lifetime of a non-repairable product or system.

Question 83

MTTR

Answer 83

Mean Time to Restore – Amount of time it takes to repair a component

Question 84

nbtstat

Answer 84

Command line tool. NetBIOS over TCP/IP statistics - used in Windows to send NetBIOS queries to other Windows devices

Question 85

netstat

Answer 85

Command Line tool. Provides a list of network statistics, and the default view shows the traffic sessions between the local device and other devices on the network

Displays network status and protocol statistics. You can display the status of TCP and UDP, routing table info, and interface info

Question 86

Nmap

Answer 86

Command line tool. Can query services and determine version numbers without any special rights or permissions, which makes it well suited for non-credentialed scans

Scans network that a computer is connected to and shows a list of ports, device names, operating systems, and several other identifiers that help the user understand the details behind their connection status.

Can be used by hackers to gain access to uncontrolled ports on a system

Question 87

Non-persistent

Answer 87

Stateless. Environment is always in motion, and application instances can be created, changed, or removed at any time. Desktop state is automatically destroyed at regular intervals. Depending on company policy, it could be at each logoff, every night, or even once a week. Nothing is saved

If you shut down computer, all your data remains as-is on your hard drive, you have persistence. If you shut down computer, all the contents of your computer’s memory are erased, that’s non-persistence. With the growth of automation and public cloud, non-persistence has become more important. With non-persistence, you can more easily automate

Question 88

Nonce

Answer 88

Random or semi-random number that is generated for a specific use. Adds additional randomization to a cryptographic function. This means that an authentication hash sent across the network will be different for each authentication request

Number used once

Question 89

Normalization

Answer 89

Used to check & correct input to an application. (Ex. A first name should not include numbers. If a first name was submitted with a number, the normalization process would correct the name or prompt for a correction)

Question 90

NTPsec

Answer 90

Network Time Protocol Secure – Used to sync the time across all devices on a network securely Port 4460 TCP

Question 91

Obfuscation

Answer 91

The process of making something normally understandable more difficult to understand

Question 92

Partition Data

Answer 92

A means of managing large amounts of data & controlling where it goes. (File System)

Question 93

PEAP

Answer 93

Protected Extensible Authentication Protocol – Extra security for EAP. Provides a method of authentication over a protected TLS tunnel for EAP

Question 94

Penetration test

Answer 94

Determines if a system can be exploited. Attempts to break system. Could cause a denial of service or loss of data, so the best practice is to perform the penetration test during non-production hours or in a test environment

Question 95

PHI

Answer 95

Protected Health Information – Healthcare data

Question 96

PII

Answer 96

Personally Identifiable Information - often associated with privacy and compliance concerns

Question 97

Polymorphic virus

Answer 97

Modifies itself each time it’s downloaded. Could potentially install a backdoor, but would not be able to activate without user intervention

Changes part of code

Question 98

Port Scan

Answer 98

Type of active reconnaissance determines, determines which ports on a network are open

Question 99

Precursors (incident response)

Answer 99

Log files and alerts can often warn you of potential problems

Question 100

Privacy Officer

Answer 100

Sets privacy policies and implements privacy processes and procedures

Responsible for oversight of any PII/SPI/PHI assets managed by the company

Question 101

Private Key

Answer 101

Asymmetric encryption, the private key is used to decrypt information that has been encrypted with the public key. To ensure continued access to the encrypted data, the company must have a copy of each private key

Question 102

Privilege Escalation

Answer 102

Attack that allows a user to exceed their normal rights and permissions…moves up

Question 103

Process Table

Answer 103

Keeps track of system process and stores info in ROM

Question 104

Protocol Analyzer

Answer 104

Can provide more detail about specific traffic flows

Question 105

Public Key

Answer 105

Asymmetric encryption, a public key is already available to everyone

Question 106

QA Testing

Answer 106

Quality Assurance testing - commonly used for finding bugs and verifying application functionality.

Checking for problems and making sure everything is going properly

Question 107

Race Conditions

Answer 107

Occurs when two processes occur at similar times, usually with unexpected results

Question 108

RADIUS Federation

Answer 108

Remote Authentication Dial-In User Service with federation - allows members of one organization to authenticate using the credentials of another organization. Federation allows you can link a user’s identity across multiple authentication systems. Uses 802.1X as the authentication method

Question 109

Rainbow Table Attack

Answer 109

Offline attack type built prior to an attack to match a specific password hashing technique…if a different hashing technique is used, a completely different rainbow table must be built. Not a useful method if passwords use salt

Question 110

RBAC

Answer 110

Role-based Access Control - assigns rights & permissions based on the role of a user. Administrators define the access that a particular role will have

Question 111

RC4

Answer 111

Encryption cipher, symmetric

Question 112

Redundant

Answer 112

Environment maintains the availability of the system if a problem occurs. This redundancy may need to be manually enabled if an issue is identified. Duplicating critical systems to provide fault tolerance

Question 113

Replay Attack

Answer 113

Captures information and then replays that information as the method of attack

Question 114

ROM data

Answer 114

Memory storage

Question 115

RTO

Answer 115

Recovery Time Objectives – Define a set of objectives needed to restore a particular service level

Question 116

RTOS

Answer 116

Real Time Operating System – Used in manufacturing and cars

Question 117

Running a virus scan does what?

Answer 117

A virus scan may identify and attempt to remove the malware, but there’s no guarantee that the anti-virus software can completely remove all of the malware

Question 118

S/MIME

Answer 118

Secure/Multipurpose Internet Mail Extensions - provides a way to integrate public key encryption and digital signatures into most modern email clients. This would encrypt all email information from client to client, regardless of the communication used between email servers

Question 119

SaaS

Answer 119

Software as a Service - Provides all the hardware, operating system, software, and applications needed for a complete service to be delivered

Question 120

Sandbox

Answer 120

Commonly used as a development environment. Used for testing

Question 121

Secure IMAP

Answer 121

Internet Message Access Protocol - encrypts communication downloaded from an email server, but it would not provide any security for outgoing email messages

Port 993

Question 122

Session keys

Answer 122

Commonly used temporarily to provide confidentiality during a single session. Once the session is complete, the keys are discarded. Not used to provide long-term data encryption

Question 123

SHA-2

Answer 123

Secure Hash Algorithm 2 - Hashing algorithm. Does not provide any encryption or decryption functionality. Neither a symmetric nor asymmetric

Question 124

SIEM

Answer 124

Security Information & Event Manager – Saves logs from devices and creates audit reports. Software provides real-time security analysis of systems, applications, and network hardware. Can generate alerts when issues arise

Question 125

SLE

Answer 125

Single Loss Expectancy - describes the financial impact of a single event.

Question 126

SNMPv3

Answer 126

Simple Management Network Protocol – Used to remotely monitor network devices. Provides secure access to devices by encrypting data packets over network. Uses encrypted communication to manage devices

Protocol for managing/monitoring devices over a network. Commonly used in monitoring tools to obtain device info such as model number, firmware and software versions, & configuration info. Version 3 adds cryptographic capabilities

Question 127

SoC

Answer 127

System/Software on a Chip – Multiple components that run on a single chip (Ex. robot vacuum)…used within embedded systems

Question 128

Spoofing

Answer 128

When a device pretends to be a different device or pretends to be something they aren’t

Question 129

SRTP

Answer 129

Secure Real-Time Transport Protocol/Secure RTP – Uses AES to encrypt the voice/video. Uses VoIP to make sure calls and videos are secure

Question 130

SSH

Answer 130

Secure Shell – Encrypted Terminal Communication, replaces Telnet. Uses symmetric and asymmetric encryption. Access switches using CLI terminal screen. Useful for encrypted terminal sessions. Port 22 TCP

Question 131

SSL/TLS certificate

Answer 131

Digital certificate that authenticates a website’s identity and enables an encrypted connection

Question 132

Tabletop Exercise

Answer 132

Allows a disaster recovery team to evaluate and plan disaster recovery processes without performing a full-scale drill

Question 133

TACACS+

Answer 133

Terminal Access Controller Access-Control System Plus - Cisco-proprietary remote authentication system. Common authentication method, but it does not provide any single sign-on functionality Port 49 Introduced as an alternative to RADIUS

Question 134

Temporary File System

Answer 134

Holds info temporarily while file is being created/modified. Stores, moves, and recovers lost data

Question 135

TLS

Answer 135

Transport Layer Security - commonly used for HTTPS (Hypertext Transfer Protocol Secure) and FTPS (File Transfer Protocol Secure), but it’s not used for SRTP traffic

Port 443

Question 136

TLS

Answer 136

Transport Layer Security - encryption mechanism that’s associated with web server communication. Uses public-key cryptography

Question 137

TOTP

Answer 137

Time-based One-Time Passwords

Question 138

TPM

Answer 138

Trusted Platform Module - used on individual devices to provide cryptographic functions and securely store encryption keys on motherboard.

Question 139

traceroute

Answer 139

Command line tool. Lists the route between devices and shows the IP address information of the routers at each hop.

Maps each hop by slowly incrementing the TTL (Time to Live) value during each request. When the TTL reaches zero, the receiving router drops the packet and sends an ICMP (Internet Control Message Protocol) TTL Exceeded message back to the original station

Question 140

dig

Answer 140

Commang line tool. Domain Information Groper - queries DNS servers for the fully qualified domain name and IP address information of other devices

Question 141

True Negative

Answer 141

Normal activity is identified as normal activity

Question 142

True Positive

Answer 142

Malicious activity is identified as an attack

Question 143

UEFI/BIOS

Answer 143

Unified Extensible Firmware Interface/Basic Input/Output System - Firmware that provides the computer instructions for how to accept input and send output

Question 144

UPS

Answer 144

Uninterruptible Power Supply - Combines the functionality of a surge protector with that of a battery backup

Question 145

UTM

Answer 145

Unified Threat Manager – watches traffic flows across the network. A single device that combines many other network security devices. Does not commonly manage the storage options on individual computers

Question 146

VDI

Answer 146

Virtual Desktop Infrastructure – refers to the use of virtual machines to provide and manage virtual desktops. Allows a cloud provider to offer a full desktop operating system to an end user from a centralized server

Question 147

VMI

Answer 147

Virtual Mobile Infrastructure - allows access to applications from many different types of devices without the requirement of a mobile device management or concern about corporate data on the devices

Allows organizations to host their mobile apps on servers and provide personalized, remote access to their apps from any device

Question 148

VPN Full Tunneling

Answer 148

ALL traffic is sent through encrypted tunnel

Question 149

VPN Split tunneling

Answer 149

VPN configuration that only sends a portion of the traffic through the encrypted tunnel. A split tunnel would allow work-related traffic to securely traverse the VPN, and all other traffic would use the non-tunneled option

Question 150

Vulnerability Scan

Answer 150

Scans for vulnerability, does not try to exploit vulnerability. Will minimize potential for any downtime or data loss.
Vulnerability scanner can check the status of a vulnerability on a device and create a report of which devices may be susceptible to a particular vulnerability

Question 151

WAF

Answer 151

Web Application Firewall - commonly used to monitor the input to web-based applications

Question 152

Web server issues relating to trust are generally associated with the status of?

Answer 152

The web server certificate

Question 153

What does it mean to reimage a computer?

Answer 153

Completely wiping the drive with a new image is an effective way to completely remove any malware from a computer

Question 154

What will segment a network without requiring additional switches?

Answer 154

VLANs (Virtual Local Area Networks)

Question 155

Wiping

Answer 155

Process that deletes information off of a hard drive

Question 156

WPA2

Answer 156

Wi-Fi Protected Access 2 - encryption with AES, common encryption method for wireless networks

Question 157

WPA2-PSK

Answer 157

Wi-Fi Protected Access -Preshared Key - shared password

AES-based encryption protocol

Question 158

WPS

Answer 158

Wi-Fi Protected Setup - connects users to a wireless network using a shared PIN