Stuff from Exams I don't know #5

Question 1

SDN

Answer 1

Software Defined Network

SofG

Question 2

GEO/LEO networks?

Answer 2

Geo-stationary, Low-earth Orbit.

Both are satellite internet options, but LEO is faster with lower latency.

Question 2

GDPR Privacy Shield, and relationship to Safe Harbor

Answer 2

NONE - Safe Harbor is deprecated, used prior to GDPR.

Question 3

Decentralized vs centralized access controls - benefits and drawbacks

Answer 3

A decentralized access-control system keeps user IDs, rights, and permissions in different locations on the network. These locations are often spread out across different subnets by placing them on servers connected to networks contiguous to the user requesting access and utilizing linked or associated databases.
- More redundancy
- harder to scale
- harder to administer

A Centralized Access Control system keeps user IDs, rights, and permissions in a database on a central server.
-single point of failure
- easier to scale
- easier to administer

Question 3

Major driver of Zero Trust

Answer 3

Proliferation of endpoint devices

Question 4

PIDAS

Answer 4

PIDAS stands for perimeter intrusion detection and assessment system.

Question 5

In DRP - is “Cloud Site” a term?

Answer 5

YES

Question 6

Technology Convergence

Answer 6

Technological convergence is the tendency for technologies that were originally unrelated to become more closely integrated and even unified as they develop and advance.

Question 7

RADIUS - TCP or UDP?

Answer 7

UDP

Question 8

SMP, MPP Related to distributed computing?

Answer 8

SMP: Symmetric parallel processing

Mpp: Technology used to create systems that house hundreds or even thousands of processors, each of which has its own operating system and memory/bus resources.

Question 9

SCA - security controls assessment?

Answer 9

NIST 800-53

The testing and/or evaluation of the management, operational, and technical security controls in an information system to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system.

Question 10

DoD Model?

Answer 10

4 layers, analogous to TCP/IP system

Question 11

Characteristics of Microservices

Answer 11

Derived from service-oriented-architecture:

A singular element, feature, capability, or funcion of a web app that can be called upon by other web apps.

Question 12

NIST 800-53

Answer 12

Sec and Privacy controls for Federal Info Systems

Question 13

Supervised learning vs unsupervised learning - machine learning

Answer 13

Supervised learning uses labeled training data, and unsupervised learning does not.

Question 14

Slack Space

Answer 14

The unused space in a group of disk sectors. Or, the difference in empty bytes of the space that is allocated in clusters minus the actual size of the data files.

Question 15

Expert Systems

Answer 15

A system that seeks to embody the accumulated knowledge of humankind on a particular subject and apply it in a consistent fashion to future decisions. The application of computer based artificial intelligence in areas of specialized knowledge.

Question 16

Coverage Analysis

Answer 16

Test coverage analysis, or simply “coverage analysis,” refers to the relationship between the amount of source code in a given application and the percentage of code that has been covered by the completed tests.

Question 17

Remember - RADIUS is not encrypted

Question 18

SOAP - WS-Security

Answer 18

Web Services Security (WS-Security, WSS) is an extension to SOAP to apply security to Web services.

Question 19

PCoIP

Answer 19

Type of remote access

Question 20

bit-level image vs whole-disk copy

Answer 20

I don’t think whole-disk copy is technically a term.

Question 21

TPI - Two person integrity?

Answer 21

form of M of N Control??

Question 22

Can iSCSI run on ethernet?

Answer 22

YES - doesn’t typically use fiber

Question 23

VPN - what is the Trailer used for?

Answer 23

Integrity check, trailer contains the hash of the payload.

Question 24

A Remote Authentication Dial-In User Service (RADIUS) server uses ______ for authentication.

Answer 24

Symmetric Keys

Question 25

IPSec - which mode provides true end to end encryption?

Answer 25

IPSec tunnel mode offers true end to end encryption. IPSec in transport mode offers point to point encryption. Neither HTML nor HTTP offers encryption.

Question 26

Is XML Gateway a thing?

Answer 26

Yes

Question 27

Credential Management API WC3 January 2019

Answer 27

The Credential Management API lets a website store and retrieve password, public key, and federated credentials

Question 28

HPC - High Performance Computing

Answer 28

Used when Real-time or near real-time processing of massive data is needed for a particular task or application.

Three main components:

Compute Resources, Network capabilities, storage capacity

Question 29

MAC Environments - Hierarchical, Compartmentalized, Hybrid

Answer 29

Hierarchicacl - can only access at own level.

Compartment - can only access in your compartment, but at all levels.

Hybrid - both are in place.

Question 30

Client based CDN

Answer 30

AKA P2P, example, Bittorrent

Question 31

Machine learning

Answer 31

Uses mathematical approaches to analyze data, searching for patterns that predict future activity.

Question 32

SRAM vs DRAM

Answer 32

SRAM - uses inexpensive memory with latches called flip-flops

DRAM - Stores bits in small capacitors

Question 33

Most Secure form of EAP

Answer 33

EAP-TLS because it requires mutual authentication

Question 34

Combinatorial software testing

Answer 34

Combinatorial software testing is a black-box testing method that seeks to identify and test all unique combinations of software inputs.

Question 35

MTD = RTO + WRT

Answer 35

RTO = time to bring system back online

WRT = time to configure system after back online

Question 36

Acceptance Testing

Answer 36

Determines whether software meets end user/customer expectations.

Question 37

photoelectric sensor

Answer 37

Photoelectric smoke detectors help detect smoke from smoldering fires.

Question 38

Serverless Architecture AKA FAAS (function as a service)

Answer 38

Serverless architecture refers to a cloud computing model where the cloud provider manages the infrastructure and servers dynamically, allocating resources as needed. In a serverless architecture, developers can focus on writing code and deploying applications without worrying about managing the underlying infrastructure such as servers, operating systems, or scaling resources.

Question 39

Cloud based federation

Answer 39

Cloud-based federation typically uses the third party service to share federated identities.

A common method is to match the users internal login ID with a federated identity externally.

Question 40

On premise federation

Answer 40

This is a federation hosted on premises. One example is if two companies merge and have separate SSO systems, but both organizations need to be able to authenticate with each other.

Question 41

Hybrid federation

Answer 41

Combination of cloud-based and on-premise solution. For example, acme has a cloud-based federation providing employees with online training, but after a merger with EMCA, they implement an on-premises solution to share identities with the two companies.

Question 42

Compliance checks

Answer 42

Compliance checks are a part of security testing and assessment programs for regulated firms. These checks verify that all controls listed are in compliance and functioning properly and effectively meeting regulatory requirements.

Question 43

DAD triad

Answer 43

Opposite of CIA

disclosure, alteration, destruction

Question 44

URL rewriting

Answer 44

With URL rewriting, all links that are returned to the browser or that get redirected have the session ID appended to them

Question 45

Avalanche Effect

Answer 45

Hashing - when one input character changes, the entire hash changes as well.

Question 46

Is a Signed Check an example of MFA??

Answer 46

Yes! the Signature is “Something you are” the Check is “Something you have”

Question 47

Session keys use what kind of key?

Answer 47

Symmetric

Question 48

What secure sanitization method is available to Cloud Users?

Answer 48

Cryptoshredding.

Question 49

Aggregation vs Inference Attack

Answer 49

Aggregation attack as an individual used his access to specific pieces of information to piece together a larger picture than he/she is authorized to access. An inference as the attacker used several pieces of generic nonsensitive information to determine or learn specific sensitive value.

Question 50

ECDSA

Answer 50

Elliptic curve digital signature algorithm - hashing algorithm that provides integrity and nonrepudiation

Question 51

System High Mode

Answer 51

Information systems security mode of operation wherein each user, with direct or indirect access to the information system, its peripherals, remote terminals, or remote hosts, has all of the following:

valid security clearance for all information within an information system;

formal access approval and signed nondisclosure agreements for all the information stored and/or processed (including all compartments, sub compartments and/or special access programs);

and
valid need-to- know for some of the information contained within the information system.

Question 52

Isolation Breach??

Answer 52

IN a distributed compute environment - an isolation breach is where one distributed computing client gains access to all other devices in the distributed environment.

Question 53

Types of ATOs (authorization to operate)

Answer 53

Authroization to operate, common control authorization, authorization to use.

Question 54

Distributed compute environment, AKA Distributed System

Answer 54

Primary concern is interconnectedness of the components.

Examples, DNS, MMORPGs, mobile networks, and most websites.

Question 55

Common Control Security Target

Answer 55

Specify the claims of security from the vendor that are built into the Target of Evaluation.

Lists out what the vendor will provide

Question 56

Who adds a certificate to the CRL?

Answer 56

The CA that issued the certificate.

Question 57

New 5G enhancements over 4G

Answer 57

Enhanced subscriber identity protection

Mutual auth capabilities

Question 58

Prudent Man Rule

Answer 58

Requires that Senior Management take personal responsibility for ensuring due care.

Question 59

Multitasking vs MultiThreading

Question 60

CCMP WPA2

Answer 60

AES based encryption method for WPA2

Question 61

Lost update - SQL

Answer 61

When one transaction writes a value to the DB that was needed by a transaction with earlier precedence.

Question 62

ECPA

Answer 62

Electronic communications privacy act. Makes it a crime to have had the privacy of others electronically

Question 63

Brewer Nash model

Answer 63

Explanation

The Brewer-Nash model allows access controls to change dynamically based upon a user’s actions. It is often used in environments like Matthew’s to implement a “Chinese wall” between data belonging to different clients.

Question 64

Minimum effective time for mandatory vacation

Answer 64

One week

Question 65

Does roll-based access control allow users to be part of multiple groups?

Answer 65

Yes

Question 66

SLR

Answer 66

Service level requirement