Sybex Cissp 2024 Flashcards
What is the IEEE standard for WiMax?
802.16
What is InfiniBand over Ethernet (IBOE)?
InfiniBand over Ethernet (IBOE) refers to the encapsulation of InfiniBand traffic within Ethernet frames, allowing InfiniBand protocols to run over Ethernet networks. InfiniBand is a high‐performance and low‐latency interconnect technology commonly used in high‐performance computing (HPC) environments. IBOE provides a way to integrate InfiniBand technology into existing Ethernet infrastructures.
What is the range of valid values of keys for an algorithm called?
Key space
In which ring (layer) of the protection ring scheme do user applications reside?
Ring 3
What are covert channels?
A covert channel is a method that is used to pass information over a path that is not normally used for communication. Using a covert channel provides a means to violate, bypass, or circumvent a security policy undetected. Basic types are timing and storage.
What is a type of bar chart that shows the interrelationships over time between projects and schedules?
Gantt chart
Describe broadcast, multicast, and unicast communications.
A broadcast supports communications to all possible recipients. A multicast supports communications to multiple specific recipients. A unicast supports only a single communication to one recipient.
Name at least seven security management concepts and principles.
CIA Triad, confidentiality, integrity, availability, privacy, identification, authentication, authorization, auditing, accountability, and nonrepudiation
In which phase of the Software Capability Maturity Model do you often find hardworking people charging ahead in a disorganized fashion?
Initial
What is the typical process for a new employee to establish their identity?
New employees establish their identity with official documentation such as a passport, driver’s license, or birth certificate. HR personnel then begin the registration process, which includes creating an account for new employees. When biometric authentication is used, the registration process also collects biometric data. Identity proofing includes knowledge‐based authentication and cognitive passwords. These ask users a series of questions that only the user would know.
What are three remote access authentication mechanisms or AAA services?
RADIUS, DIAMETER, and TACACS+
What are due care and due diligence?
Due diligence is establishing a plan, policy, and process to protect the interests of an organization. Due care is practicing the individual activities that maintain the due diligence effort. Due diligence is knowing what should be done and planning for it; due care is doing the right action at the right time.
What is IDaaS?
Identity as a service, or identity and access as a service (IDaaS), is a third‐party service that provides identity and access management. IDaaS effectively provides SSO for the cloud and is especially useful when internal clients access cloud‐based software‐as‐a‐service (SaaS) applications.
What is condition monitoring?
Condition monitoring is monitoring and assessing the operational parameters, performance, and health of machinery, equipment, or systems in real time or periodically. The primary goal of condition monitoring is to identify any deviations from normal operating conditions that could indicate potential faults, defects, or deterioration. This proactive approach helps predict and prevent equipment failures, minimize downtime, and optimize maintenance strategies.
What is the process of authentication?
Authentication is the process of verifying or testing that a claimed identity is valid. Authentication requires information (i.e., authentication factors) from the subject that must exactly correspond to the identity indicated.
What is a static system?
A static system or static environment is a set of conditions, events, and surroundings that don’t change. In theory, once understood, a static environment doesn’t offer new or surprising elements. A static IT environment is any system that is intended to remain unchanged by users and administrators. The goal is to prevent or at least reduce the possibility of a user implementing change that could result in reduced security or functional operation.
When a penetration test team is privy only to what it itself can learn about the target organizations for the test, how might this team be described?
Zero‐knowledge team (performs black‐box testing or unknown environment testing)
What is DNSSEC?
DNSSEC (Domain Name System Security Extensions) is a security improvement to the existing DNS infrastructure. The primary function of DNSSEC is to provide reliable authentication between devices during DNS operations. DNSSEC has been implemented across a significant portion of the DNS system. Each DNS server is issued a digital certificate, which is then used to perform mutual certificate authentication.
What are the two requirements for acceptance of a trademark application?
The trademark must not be confusingly similar to another trademark, and it must not be descriptive.
What term describes a mathematical function that easily produces output values for each possible combination of inputs but makes it impossible to retrieve the input values?
One‐way function
What are the parameters of the HITECH data breach notification requirements?
Under the HITECH Breach Notification Rule, HIPAA‐covered entities that experience a data breach must notify affected individuals of the breach and must also notify both the Secretary of Health and Human Services and the media when the breach affects more than 500 individuals.
In what two ways can storage devices be accessed?
Randomly and sequentially
What form of access control can combine levels of security domains with compartments of additional control and isolation?
MAC (specifically, a hybrid MAC environment)
Define the various types of software license agreements.
Perpetual licenses, subscription licenses, open source licenses, freeware, enterprise license agreements (ELAs), end‐user license agreements (EULAs), concurrent use licenses, named user licenses, and cloud services license agreements.
What is SDx?
Software‐defined everything (SDx) refers to a trend of replacing hardware with software using virtualization. SDx includes virtualization, virtualized software, virtual networking, containerization, serverless architecture, infrastructure as code, SDN, VSAN, software‐defined storage (SDS), VDI, VMI, SDV, and software‐defined data center (SDDC).
What are the electrical terms and definitions you should be aware of?
Fault, blackout, sag, brownout, spike, surge, inrush, noise, clean, ground
Define Sensitive But Unclassified (SBU)?
Sensitive But Unclassified (SBU) is used for data that is for internal use or office use only. Often SBU is used to protect information that could violate the privacy rights of individuals.
What mode is used when a wireless network link is established without the use of an access point?
Ad hoc or peer‐to‐peer
What is compliance?
Compliance is the act of conforming to or adhering to rules, policies, regulations, standards, or requirements. Compliance is an important concern to security governance. On a personnel level, compliance is related to whether individual employees follow company policy and perform their job tasks in accordance to defined procedures.
What is South Africa’s primary legislation governing data protection?
The Protection of Personal Information Act (POPIA), which went into effect in 2020, promotes the protection of personal information processed by public and private bodies and introduces specific conditions for the lawful processing of personal information, closely mirroring principles seen in the GDPR.
Define on‐premise solution.
An on‐premise solution is the traditional deployment concept in which an organization owns the hardware, licenses the software, and operates and maintains the systems on its own usually within their own building.
What are examples of EAP methods?
Over 40 EAP methods are defined, including LEAP, PEAP, EAP‐SIM, EAP‐FAST, EAP‐MD5, EAP‐POTP, EAP‐TLS, EAP‐TTLS, EAP‐IKEv2, and EAP‐NOOB.
What was the original IEEE standard for Bluetooth? And what is the current standard?
IEEE 802.15.1 originally, now Bluetooth SIG.
What are features of secure work areas?
There should not be equal access to all locations within a facility. Areas that contain assets of higher value or importance should have restricted access. Valuable and confidential assets should be located in the heart or center of protection provided by a facility.
What is micro training?
Micro training involves delivering short, focused, and bite‐sized learning modules or content to learners. These brief learning units are typically designed to be highly specific, addressing a single learning objective or a small set of related objectives in a concise and easily digestible format. Micro training is characterized by its brevity and effectiveness in conveying information, making it well suited for the fast‐paced and attention‐challenged digital age. Often, micro training is delivered via mobile apps.
What is VRF (virtual routing and forwarding)?
VRF is a technology that allows multiple instances of a routing table to coexist within a router. Each VRF instance operates as a separate and independent routing domain, enabling the isolation of routing information. It allows the same physical router to maintain separate routing tables for different VRF instances, preventing the leakage of routing information between them.
What are some security concerns due to design and coding flaws?
Certain attacks may
What is VRF?
VRF is a technology that allows multiple instances of a routing table to coexist within a router. Each VRF instance operates as a separate and independent routing domain, enabling the isolation of routing information.
What are some security concerns due to design and coding flaws?
Certain attacks may result from poor design techniques, questionable implementation practices, and inadequate testing. Poor coding practices and lack of security consideration are common sources of vulnerabilities.
Define emanation security.
Emanation security involves protecting against the interception of electrical signals or radiation from devices that may contain confidential data. TEMPEST countermeasures include Faraday cages and shielding.
What is critical path analysis?
A systematic effort to identify relationships between mission-critical applications, processes, and operations and all necessary supporting elements.
What is the most common cause of failure of a water-based suppression system?
Human error.
What are the major elements in a disaster recovery program?
Disaster recovery programs should include planning for initial response efforts, personnel, communication, assessment of response efforts, and training to ensure understanding of responsibilities.
What is SOA?
Service-oriented architecture (SOA) constructs new applications from existing software services, often leading to unknown security issues.
What type of recovery site is particularly suited to workgroup recovery options?
Mobile site.
What is EDR?
Endpoint detection and response (EDR) is a security mechanism that detects, records, evaluates, and responds to suspicious activities.
What backup media may be appropriate for personal backups but not for network backups?
Writable CDs, DVDs, Blu-ray discs, and flash drives are useful for smaller data amounts compared to enterprise options.
What is zero trust?
Zero trust is a security concept where nothing inside the organization is automatically trusted. Each access request is verified.
What principle is involved when users are granted only the minimum access necessary?
The principle of least privilege.
What are incremental attacks?
Some attacks occur in slow increments rather than obvious attempts. Examples include data diddling and the salami attack.
What is the purpose of a cryptographic salt?
A salt adds extra bits to a password before hashing it to protect against rainbow table attacks.
What is Authorization to Operate (ATO)?
ATO is a formal approval to operate IT/IS based on an acceptable risk level and an agreed-upon set of security controls.
What is the purpose of vulnerability assessments and penetration tests?
Vulnerability assessments search for known vulnerabilities, while penetration tests attempt to exploit them to gain access.
What are the legal responsibilities of a cybersecurity professional?
Cybersecurity professionals must analyze situations and determine applicable jurisdictions, laws, and standards.
What is a pseudo-flaw?
A pseudo-flaw is a false vulnerability intentionally implanted in a system to tempt attackers, often used in honeypots.
What is the most important goal for all security solutions?
The most important aspect of security is protecting people and preventing harm.
What is a security assessment?
Security assessments are comprehensive reviews of a system’s security, identifying vulnerabilities and making remediation recommendations.
True or false? Senior management should be included in the BCP process from the beginning.
True.
Define the noninterference model.
The noninterference model prevents the actions of one subject from affecting the system state or actions of another subject.
What is data classification?
Data classification is the primary means by which data is protected based on categories of secrecy, sensitivity, or confidentiality.
What is war chalking?
War chalking is a type of graffiti that marks an area with information about the presence of a wireless network.
What is process isolation?
Process isolation requires the OS to provide separate memory spaces for each process and enforce those boundaries.
What is documentation review?
Documentation review verifies exchange materials against standards and expectations, typically before on-site inspections.
What is cybersecurity insurance?
Cybersecurity insurance provides coverage and financial protection against cyber-related incidents and breaches.
What helps prevent inadvertent weakening of security from unauthorized outages?
Change management.
What is the APIPA range?
169.254.0.1 to 169.254.255.254 with a default Class B subnet mask of 255.255.0.0.
What is steganography?
Steganography is the practice of embedding a message within a file.
What are terrorist attacks?
Terrorist attacks aim to disrupt normal life and instill fear, differing from military attacks that seek secret information.
What are some common threats to physical access controls?
Threats include abuse, impersonation, masquerading, tailgating, and piggybacking.
What are some safeguards against sabotage?
Safeguards include intensive auditing, monitoring for abnormal activity, and open communication between employees and managers.
What is a Zoom room?
A Zoom room is a dedicated space equipped for hosting video meetings, enhancing online collaboration.
What are some examples of internal physical security controls?
Examples include locks, badges, motion detectors, and intrusion alarms.
What is DDoS?
A distributed denial-of-service (DDoS) attack occurs when multiple systems attack a single system simultaneously.
What type of decision making is mainly concerned with metrics such as dollar values and downtime?
Quantitative.
What is the purpose of assurance procedures?
To ensure security control mechanisms implement the security policy throughout the system’s life cycle.
What are the three requirements for acceptance of a patent application?
The invention must be new, useful, and nonobvious.
Define the aspect of confidentiality known as sensitivity.
Sensitivity refers to information quality that could cause harm if disclosed.
Define the aspect of confidentiality known as sensitivity.
Sensitivity refers to the quality of information that could cause harm or damage if disclosed. Maintaining confidentiality of sensitive information helps to prevent harm or damage.
Name at least five networking device types other than firewalls.
Routers, switches, hubs, repeaters, bridges, gateways, proxies.
What are threat feeds and why use them?
Threat feeds provide organizations with a steady stream of raw data. By analyzing threat feeds, security administrators can learn of current threats. They can then use this knowledge to search through the network, looking for signs of these threats. This is known as threat hunting.
What is a honeypot or a honeynet?
A honeypot is an individual computer created as a trap for intruders. A honeynet is two or more networked honeypots used together to simulate a network. They look and act like legitimate systems, but they do not host data of any real value for an attacker.
What is an embedded system?
An embedded system is a computer implemented as part of a larger system. The embedded system is typically designed around a limited set of specific functions in relation to the larger product of which it’s a component. Examples of embedded systems include network‐attached printers, smart TVs, HVAC controls, smart appliances, smart thermostats, Ford SYNC, and medical devices.
What is dense wavelength division multiplexing (DWDM)?
An optical communication technology used in fiber‐optic communication systems to increase the capacity and efficiency of the network. DWDM enables multiple data streams or channels to be simultaneously transmitted over a single optical fiber, each using a different wavelength of light.
Administrators are replacing all data in data records that can be used to identify an individual with pseudonyms. What is this process called?
Pseudonymization.
What are the stages of the SW‐CMM?
The stages of the Software Capability Maturity Model (SW‐CMM) are Initial, Repeatable, Defined, Managed, and Optimizing.
What are the two types of hypervisors?
A type I hypervisor is a native or bare‐metal hypervisor. A type II hypervisor is a hosted hypervisor.
What is a MAC address?
A Media Access Control (MAC) address is a 6‐byte (48‐bit) binary address written in hexadecimal notation. The first 3 bytes (24 bits) denote the vendor or manufacturer.
Explain the cryptographic attacks: ciphertext‐only attacks, brute‐force attack, frequency analysis, and known plain text, chosen ciphertext, and chosen plain-text attacks.
Ciphertext‐only attacks require access only to the ciphertext of a message. One example is the brute‐force attack, which attempts to randomly find the correct cryptographic key. Frequency analysis counts characters in the ciphertext to reverse substitution ciphers. Known plain text, chosen ciphertext, and chosen plain‐text attacks require the attacker to have some extra information in addition to the ciphertext.
What are embedded systems and static environment security concerns?
Static environments, embedded systems, network‐enabled devices, and other limited or single‐purpose computing environments need security management. Techniques may include network segmentation, security layers, application firewalls, and manual updates.
What type of system is a common target of attackers who want to disseminate email spam?
Open relay SMTP servers.
How are audit trails used?
To reconstruct an event, to extract information about an incident, to prove or disprove culpability.
Name two types of fuzz testing.
Mutation (dumb) fuzzing takes previous input values and manipulates them. Generational (intelligent) fuzzing develops data models and creates new fuzzed input.
What is virtualization?
Technology used to host one or more operating systems within the memory of a single host computer, allowing multiple operating systems to work simultaneously on the same hardware.
What is the zzuf tool used for?
The zzuf tool automates the process of mutation fuzzing by manipulating input according to user specifications.
What is data hiding?
Data hiding is preventing data from being known by a subject. Keeping a database from being accessed by unauthorized visitors is a form of data hiding.
What is the primary difference between memory cards and smartcards?
Processing capability.
What should the documents that make up a formalized security structure include?
Policies, standards, baselines, guidelines, and procedures.
What is a centralized database of resources available to the network?
A directory service.
What are the disadvantages of security guards?
Not all environments support them; they are expensive, subject to illness, and vulnerable to social engineering.
What is 802.1X?
IEEE 802.1X defines the use of encapsulated EAP to support a wide range of authentication options for LAN connections.
What is Android (the OS)?
Android is a mobile device OS based on Linux, acquired by Google in 2005. It is used on a wide range of devices, including phones, tablets, and more.
What SCAP component provides a standardized scoring system for describing the severity of security vulnerabilities?
Common Vulnerability Scoring System (CVSS).
What is ARP?
Address Resolution Protocol (ARP) is used to resolve IP addresses into MAC addresses.
What is offboarding?
Offboarding is the removal of an employee’s identity from the identity and access management (IAM) system once that person has left the organization.
Name two common types of DLP.
A network‐based DLP scans all outgoing data. An endpoint‐based DLP can scan files stored on a system.
True or false? All codes are meant to obscure the meaning of a message.
False.
What is MDM?
Mobile device management (MDM) is a software solution to manage mobile devices that employees use to access company resources.
What are financial attacks?
Financial attacks are carried out to unlawfully obtain money or services.
What are the branches of forensic analysis?
Media analysis, network analysis, software analysis, and hardware/embedded device analysis.
What is domain hijacking?
Domain hijacking is the malicious action of changing the registration of a domain name without authorization.
What is the difference between analog and digital signals?
Analog communications occur with a continuous signal. Digital communications occur through the use of on‐off pulses.
What is layering?
Layering is the use of multiple controls in a series to combat threats.
What is Metasploit?
A penetration testing tool used to automatically execute exploits against targeted systems.
What is Metasploit?
A penetration testing tool used to automatically execute exploits against targeted systems. Metasploit uses a scripting language to allow the automatic execution of common attacks, saving testers (and bad actors!) quite a bit of time by eliminating many of the tedious, routine steps involved in executing an attack.
What is the threat posed by ransomware?
Ransomware uses traditional malware techniques to infect a system and then encrypts data on that system using a key known only to the attacker. The attacker then demands payment of a ransom from the victim in exchange for providing the decryption key.
What is credential management?
The storage of credentials in a central location is referred to as credential management. Given the wide range of Internet sites and services, each with its own particular logon requirements, it can be a burden to use unique names and passwords. Credential management solutions offer a means to securely store a plethora of credential sets.
What is the difference between EOL and EOS?
End of life (EOL) is the date announced by a vendor when sales of a product stop. However, the vendor still supports the product after EOL. End of support (EOS) identifies the date when a vendor will no longer support a product.
What are the fundamental requirements of a hash function?
Good hash functions have five requirements. They must allow input of any length, provide fixed‐length output, make it relatively easy to compute the hash function for any input, provide one‐way functionality, and be collision‐resistant.
What is an exposure factor (EF)?
An EF is an element of quantitative risk analysis that represents the percentage of loss that an organization would experience if a specific asset were violated by a realized risk. By calculating exposure factors, you are able to implement a sound risk management policy.
What are examples of single sign‐on methods used on the Internet?
Security Assertion Markup Language (SAML) is an open XML‐based standard used to exchange authentication and authorization information. OAuth 2.0 is an authorization framework described in RFC 6749 and supported by many online sites. OASIS maintains OpenID and OpenID Connect (OIDC). OpenID provides authentication. OIDC provides both authentication and authorization by using the OAuth framework and building on the OpenID standard.
Why is there no security without physical security?
Without control over the physical environment, no amount of administrative or technical/logical access controls can provide adequate security. If a malicious person can gain physical access to your facility or equipment, they can do just about anything they want, from destruction to disclosure and alteration.
What does EMI stand for, and what does it mean?
Electromagnetic interference refers to any noise generated by electric current and can affect any means of data transmission or storage that relies on electromagnetic transport mechanisms.
What is cross‐training?
Cross‐training is often discussed as an alternative to job rotation. In both cases, workers learn the responsibilities and tasks of multiple job positions. However, in cross‐training the workers are just prepared to perform the other job positions; they are not rotated through them on a regular basis. Cross‐training enables existing personnel to fill the work gap when the proper employee is unavailable as a type of emergency response procedure.
What is clickjacking?
Clickjacking is a means to redirect a user’s click or selection on a web page to an alternate often malicious target instead of the intended and desired location. One means of clickjacking is to add an invisible or hidden overlay, frame, or image map over the displayed page. The user sees the original page, but any mouse click or selection will be captured by the floating frame and redirected to the malicious target.
What is the leading reason many incidents are not reported?
Because they are not recognized as incidents
What does UPS stand for, and what does it mean?
An uninterruptible power supply (UPS) is a type of self‐charging battery that can be used to supply consistent clean power to sensitive equipment.
What are the security features of a designed system called under Common Criteria?
Security target
What types of organizations need to comply with PCI DSS?
Those that store, process, or transmit credit card account information
What term is used to describe hackers rooting through trash looking for useful information?
Dumpster diving
What is a sniffer attack?
Any activity that results in a malicious user obtaining information about a network or the traffic over that network. Data is captured using a sniffer or protocol analyzer.
Items of information used to establish or prove authorized identities are known as what kind of factors?
Authentication
What is a protocol analyzer?
A tool used to examine the contents of network traffic
What are the four components covered by assessments under NIST 800‐53A?
Specifications, mechanisms, activities, and individuals
What is a hybrid cloud?
A combination of two or more private, public, and/or community clouds
What is HITECH?
In 2009, Congress amended HIPAA by passing the Health Information Technology for Economic and Clinical Health (HITECH) Act. This law updated many of HIPAA’s privacy and security requirements and was implemented through the HIPAA Omnibus Rule in 2013.
What is split‐DNS?
A split‐DNS is deploying a DNS server for public use and a separate DNS server for internal use. All data in the zone file on the public DNS server is accessible by the public via queries or probing. However, the internal DNS is for internal use only. Only internal systems are granted access to interact with the internal DNS server.
What is EPP?
Endpoint protection platform (EPP) is a variation of EDR much like IPS is a variation of IDS. The focus on EPP is on four main security functions: predict, prevent, detect, and respond. Thus, EPP is the more active prevent and predict variation of the more passive EDR concept.
What is the purpose of compliance testing?
To ensure that all of the necessary and required elements of a security solution are properly deployed and functioning as expected.
What is SOAR?
Security orchestration, automation, and response (SOAR) technologies automate responses to incidents. One of the primary benefits is that this reduces the workload of administrators. It also removes the possibility of human error by having computer systems respond.
What are examples of Bluetooth attacks?
Bluesniffing, bluesmacking, bluejacking, BLUFFS (Bluetooth Forward and Future Secrecy) is a series of exploits targeting Bluetooth, aiming to break Bluetooth sessions’ forward and future secrecy, compromising the confidentiality of past and future communications between devices) bluesnarfing, and bluebugging.
What are the benefits and disadvantages of guard dogs?
They can be deployed as a perimeter security control and as detection and deterrent agents, they are costly and require high maintenance, and their use involves insurance and liability issues.
What are the key concepts of the rule‐based access control model?
Rule‐based access control models use a set of rules, restrictions, or filters to determine access. A firewall’s access control list includes a list of rules that define what access is allowed and access is blocked.
What is the communication to or input of an object?
Message
What type of relationships can be established with relational databases? With hierarchical databases? With distributed databases?
One‐to‐one, one‐to‐many, and many‐to‐many.
What is a way of measuring the strength of a cryptography system by measuring the effort in terms of cost and/or time?
Work function or work factor.
It is sometimes useful to separate disaster ___________________ tasks from disaster ___________________ tasks.
recovery, restoration (in either order)
What type of cryptographic attack is used against algorithms that don’t incorporate temporal protections?
Replay attack.
What is a microcontroller?
A microcontroller is similar to but less complex than a system on a chip (SoC). A microcontroller may be a component of an SoC. A microcontroller is a small computer consisting of a CPU (with one or more cores), memory, various input/output capabilities, RAM, and often nonvolatile storage in the form of flash or ROM/PROM/EEPROM. Examples include Raspberry Pi, Arduino, and FPGA.
What are the differences between symmetric and asymmetric cryptosystems?
Symmetric key cryptosystems (or secret key cryptosystems) rely on the use of a shared secret key. They are much faster than asymmetric algorithms, but they lack support for scalability, easy key distribution, and nonrepudiation. Asymmetric cryptosystems use public‐private key pairs for communication between parties but operate much more slowly than symmetric algorithms.
What types of activities can be used as penetration tests?
Information/intelligence gathering, war driving, sniffing, eavesdropping, radiation monitoring, dumpster diving, social engineering, port scanning, ping scanning, vulnerability scanning, war dialing, and actual compromise activities.
Define the information flow model.
The information flow model is designed to prevent unauthorized, insecure, or restricted information flow.
What are the components of the AAA model of access control?
The AAA model includes three major components. Authentication confirms that a user, device, or service is who it claims to be. Authorization ensures that users, devices, and services may only perform actions that they are entitled to perform. Accounting creates an audit trail of activity that may be later reviewed.
What are the components of the AAA model of access control?
The AAA model includes three major components. Authentication confirms that a user, device, or service is who it claims to be. Authorization ensures that users, devices, and services may only perform actions that they are entitled to perform. Accounting creates an audit trail of activity that may be later verified.
What two items are required for infrastructure mode wireless networking?
Wireless access points and wireless clients
What type of website monitoring technique is only able to detect issues after they occur?
Passive monitoring
Describe capture‐the‐flag (CTF) exercises.
In a capture‐the‐flag (CTF) exercise, the red team begins with set objectives, such as disrupting a website, stealing a file from a secured system, or causing other security failures. The exercise is scored based on how many objectives the red team was able to achieve compared to how many the blue team prevented them from executing.
What is cloud computing?
A concept of computing where processing and storage are performed elsewhere over a network connection rather than locally
What term identifies the data extraction technique whereby elements of data are extracted from a much larger body of data to construct a meaningful representation of its overall contents?
Sampling
What is PaaS?
Platform as a service (PaaS) is the concept of providing a computing platform and software solution stack as a virtual or cloud‐based service.
Which form of antivirus response not only removes the virus from the system but also repairs any related damage?
Cleaning
What are the three types of plans employed in security management planning?
A strategic plan is a long‐term plan that is fairly stable. The tactical plan is a midterm plan that provides more details. Operational plans are short term and highly detailed.
What are some important aspects to consider when designing email security?
Nonrepudiation, access control, message integrity, source authentication, verified delivery, acceptable use policies, privacy, management, and backup and retention policies
An attack has a negative effect on the confidentiality, integrity, or availability of an organization’s assets. What is this called?
Computer security incident
What is it called when a user accumulates privileges over time as their job roles and assigned tasks change but unneeded privileges are not revoked?
Privilege creep
What are often added to passwords to make their resultant hash secure and resistant to rainbow attacks?
Salts
What is a Type C fire extinguisher used for, and what is it made of?
A Type C fire extinguisher is for use on electrical devices, thus the extinguishing agent is nonconductive, so the devices might use CO₂, halon, or various alternatives.
What is Structured Threat Information eXpression (STIX)?
A standardized language expressing structured information about cyberthreats and a common framework for organizations to share and analyze threat intelligence
Define cloud solution.
A cloud solution is a deployment concept where an organization contracts with a third‐party cloud provider. The cloud provider owns, operates, and maintains the hardware and software. The organization pays a monthly fee (often based on a per‐user multiplier) to use the cloud solution.
When is the XOR function true?
When only one of the input bits is true
What is the purpose of security monitoring and measurement?
Security controls should provide benefits that can be monitored and measured. If a security control’s benefits cannot be quantified, evaluated, or compared, then it does not actually provide any security.
What is generally involved in the processes of risk management?
Analyzing an environment for risks, evaluating each risk as to its likelihood and damage, assessing the cost of countermeasures, and creating a cost/benefit report to present to upper management.
What is SRTP?
SRTP (Secure Real‐Time Transport Protocol, or Secure RTP) is a security improvement over RTP (Real‐Time Transport Protocol) that is used in many VoIP (Voice over IP) communications. SRTP aims to minimize the risk of VoIP DoS through robust encryption and reliable authentication.
What is SCADA?
Supervisory control and data acquisition (SCADA) systems can operate as a stand‐alone device, be networked together with other SCADA systems, or be networked with traditional IT systems. Most SCADA systems are designed with minimal human interfaces.
What are examples of email security solutions?
Using Secure Multipurpose Internet Mail Extensions (S/MIME), Pretty Good Privacy (PGP), DomainKeys Identified Mail (DKIM), Sender Policy Framework (SPF), Domain‐based Message Authentication Reporting and Conformance (DMARC), STARTTLS, and Implicit SMTPS.
What are the characteristics of PPP?
The Point‐to‐Point Protocol (PPP) is an encapsulation protocol designed to support the transmission of IP traffic over dial‐up or point‐to‐point links. PPP supports CHAP and PAP for authentication.
What are some elements of mobile device security?
Device authentication, full‐device encryption, communication protection, remote wiping, device lockout, screen locks, location services management, content management, application control, push notification management, third‐party app store control, storage segmentation, asset tracking and inventory control, removable storage, connection methods management, deactivating features, rooting/jailbreaking, sideloading, custom firmware, carrier unlocking, OTA updates, key & credential management, and text messaging security.
What is the proper term for ensuring that information is accessible only to authorized parties?
Confidentiality
In relation to storage media, what is declassification?
Declassification involves any process that purges media or a system in preparation for reuse in an unclassified environment.
What ITU standard describes the contents of a digital certificate?
X.509
What type of malicious code spreads through the sharing of infected media?
Viruses
What kind of control should be used to verify the effectiveness of other security controls?
Detection control
What are the standards‐based form(s) of encryption of 802.11 wireless networks and the cryptography protocols related to WPA2?
WPA2 (AES/CCMP)
What is entitlement?
Entitlement refers to the amount of privileges granted to users, typically when first provisioning an account.
What is data analytics?
Data analytics is the science of raw data examination with the focus of extracting useful information out of the bulk information set.
What is the proper name for the illegal intent behind obtaining and profiting from sensitive information that belongs to some third party?
Espionage
How do physical access controls protect assets?
Physical access controls are those you can touch, and they directly protect systems, devices, and facilities by controlling access and controlling the environment.
What is the data custodian security role?
The data custodian is assigned the tasks of implementing the prescribed protection defined by the security policy and upper management.
What term describes damage from disruptive and irresistible forces of nature?
Natural disaster
What are the three major public key cryptosystems?
RSA, ElGamal, and the elliptic curve algorithm.
What is TPM?
Trusted Platform Module (TPM) is a cryptoprocessor chip on a mainboard used to store and process cryptographic keys.
Name some common natural disasters.
Possible answers include: earthquakes, floods, storms, tornadoes, tsunamis, pandemics, and fires.
Describe the three aspects of test communications.
Before embarking on any test, it’s essential to inform all stakeholders about what to expect. During the test, regular updates are crucial. Post‐test, a debriefing session provides an opportunity for discussing the outcomes.
What is SPF?
Sender Policy Framework (SPF) is used to protect against spam and email spoofing.
Define the concept of access control matrix.
An access control matrix is a table of subjects and objects that indicates the actions or functions that each subject can perform on each object.
What term is used to refer to the user or process that makes a request to access a resource?
Subject
What is XDR?
Extended detection and response (XDR) components often include EDR, MDR, and EPP elements.
What is IaC?
Infrastructure as code (IaC) is a change in how hardware management is perceived and handled.
What is BYOD?
Bring-your-own-device (BYOD) is a policy that allows employees to bring their own personal mobile devices to work.
What is used to provide long-term fault tolerance for a power failure?
Generator
What type of evidence is an authenticated computer log?
Documentary evidence
What are examples of security management tasks which are used to provide oversight to the information security program?
Log reviews, account management reviews, and backup verification.
What are the important factors in personnel management?
Hiring practices, ongoing job performance reviews, and termination procedures.
Where should you begin looking to find information about an incident that occurred in the recent past?
The first place to look is in the system and network log files.
What is tunneling, and why is it used?
A process that protects the contents of packets by encapsulating them in another protocol.
What database security feature can be used to subvert aggregation, inferencing, and contamination vulnerabilities?
Database partitioning
What is a security audit?
Security audits use many of the same techniques followed during security assessments but must be performed by independent auditors.
What is the importance of accountability?
Security can be maintained only if subjects are held accountable for their actions.
Which VPN protocol supports multiple simultaneous connections?
IPSec
Why is it important to perform software testing to validate code before moving it into production?
Software testing techniques verify that code functions as designed and does not contain security flaws.
What is DLP?
Data loss prevention (DLP) systems attempt to detect and block data exfiltration attempts.
What are the key concepts of the role‐based access control (RBAC) model?
RBAC models use task-based roles, and users gain privileges when administrators place their accounts into a role or group.
What is the goal of business continuity planning (BCP)?
To ensure the continuous operation of a business in the face of an emergency situation.
Name five generic terms that refer to mobile phones, tablets, and other similar devices.
Portable device, mobile device, personal mobile device (PMD), personal electronic device (PED), and personally owned device (POD).
What is the purpose of auditing?
To ensure compliance with security policy and to detect abnormalities, unauthorized occurrences, or outright crimes.
What is the name for the demagnetization process used to erase disk drives or tapes to wipe out all previously stored data?
Degaussing
What is a security facility plan?
A secure facility plan outlines the security measures for protecting a facility.
What is a security facility plan?
A secure facility plan outlines the security needs of your organization and emphasizes methods or mechanisms to provide security. Such a plan is developed through risk assessment and critical path analysis.
What is RTOS?
A real-time operating system (RTOS) is designed to process or handle data as it arrives on the system with minimal latency or delay. An RTOS is usually stored on read-only memory (ROM) and is designed to operate in a hard real-time or soft real-time condition.
What is the cornerstone of computer security?
Education
What are some ways to keep inappropriate content to a minimum?
Address the issue in the security policy, perform awareness training, use content filtering tools to filter source or word content.
What are some examples of alternate processing facilities that should be considered when designing a DRP?
Hot, warm, and cold sites; mobile sites; service bureaus; multiple sites; and reciprocal agreements/mutual assistance agreements (MAAs).
What is the most common open source database vulnerability scanner?
sqlmap
What is VoIP?
Voice over IP (VoIP) is a tunneling mechanism used to transport voice and/or data over a TCP/IP network. VoIP has the potential to replace or supplant PSTN because it’s often less expensive and offers a wider variety of options and features.
What are grudge attacks?
Grudge attacks are attacks that are carried out to damage an organization or a person. The damage could be in the loss of information or information processing capabilities or harm to the organization or a person’s reputation.
What are the differences between criminal law, civil law, and administrative law?
Criminal law protects society against acts that violate the basic principles we believe in. Violations of criminal law are prosecuted by federal and state governments. Civil law provides the framework for the transaction of business between people and organizations. Violations of civil law are brought to the court and argued by the two affected parties. Administrative law is used by government agencies to effectively carry out their day‐to‐day business.
What are the two modes available through IPSec, and what do they do?
In transport mode, the IP packet data is encrypted, but the header is not. In tunnel mode, the entire IP packet is encrypted, and a new header is added to govern transmission through the tunnel.
At what layer does SSL and TLS function?
Transport layer (OSI layer 4)
What is a random bit string (a nonce) that is the same length as the block size that is XORed with the message and adds strength to cryptography systems?
Initialization vector (IV)
In 2012, the committee overseeing the development of SHA-3 made what announcement?
In 2012, the federal government design committee announced the selection of the Keccak algorithm as the SHA-3 standard. However as of mid-2015, the SHA-3 standard remains in draft form and some technical details still require finalization.
What is typosquatting?
A practice employed to capture and redirect traffic when a user mistypes the domain name or IP address of an intended resource.
What is another name for the area of Bluetooth connectivity?
Personal area network (PAN)
Name several examples of types of social engineering attacks.
Social engineering attacks may be used to elicit information or gain access through the use of pretexting and/or prepending. Social engineering attacks include phishing, spear phishing, business email compromise (BEC), whaling, smishing, vishing, spam, shoulder surfing, invoice scams, hoaxes, impersonation, masquerading, tailgating, piggybacking, dumpster diving, identity fraud, typosquatting, and influence campaigns.
Where are the operating system–independent primitive instructions that a computer needs to start and load the operating system stored?
BIOS or UEFI
What is auditing (related to AAA services)?
Auditing is the programmatic means by which subjects are held accountable for their actions while authenticated on a system through the documentation or recording of subject activities.
What is Trike?
Trike is a threat modeling methodology that focuses on a risk-based approach instead of depending on the aggregated threat model used in STRIDE and DREAD. Trike provides a method of performing a security audit in a reliable and repeatable procedure. It also provides a consistent framework for communication and collaboration among security workers.
What is an SLA?
Organizations use service-level agreements (SLAs) with outside entities such as vendors. They stipulate performance expectations such as maximum downtimes and often include penalties if the vendor doesn’t meet expectations.
What is DevOps?
The word DevOps is a combination of Development and Operations, symbolizing that these functions must merge and cooperate to meet business requirements. The DevOps approach seeks to resolve these issues by bringing the three functions (software development, quality assurance, and technology operations) together in a single operational model.
What method will remove all data with assurances that it cannot be removed using any known methods?
Purging, sanitization, or destruction.
What is propaganda?
A systematic effort to spread ideas, information, or opinions, often of a biased or misleading nature, to promote a particular cause, political viewpoint, or ideology; aims to shape public perception and behavior.
What is the name of the assumption that all algorithms should be public but all keys should remain private?
Kerckhoffs’ principle.
What is a padded cell?
A padded cell system is similar to a honeypot, but it performs intrusion isolation using a different approach. When an IDS detects an intruder, that intruder is automatically transferred to a padded cell.
What are the characteristics of the Advanced Encryption Standard (AES)?
The Advanced Encryption Standard (AES) uses the Rijndael algorithm and is the U.S. government standard for the secure exchange of sensitive but unclassified data. AES uses key lengths of 128, 192, and 256 bits and a fixed block size of 128 bits to achieve a much higher level of security than that provided by the older DES algorithm.
What is transitive trust?
Transitive trust is the concept that if A trusts B and B trusts C, then A inherits trust of C through the transitive property, which works like it would in a mathematical equation: if A = B, and B = C, then A = C. In this example, when A requests data from B, then B requests data from C, the data that A receives is essentially from C. Transitive trust is a serious security concern because it may enable bypassing of restrictions or limitations between A and C.
What is FCoE?
Fibre Channel over Ethernet (FCoE) can be used to support Fibre Channel communications over the existing network infrastructure. FCoE is used to encapsulate Fibre Channel communications over Ethernet networks. It typically requires 10 Gbps Ethernet in order to support the Fibre Channel protocol.
What is data localization?
Data localization refers to storing and processing data within a specific country’s or region’s physical borders or geographical boundaries. This concept is often driven by regulatory requirements or government policies that mandate certain data, especially sensitive or personal information, to be kept within the jurisdiction’s borders where it was generated or where the data subject resides.
What is used to provide fault tolerance for a server?
Failover cluster.
What governs how long records are kept to substantiate system security assessments and support system analysis?
Record retention.
What is a CDN?
A content-distribution network (CDN) or content delivery network is a collection of resource services deployed in numerous data centers across the Internet in order to provide low-latency, high-performance, high-availability of the hosted content.
What addressing scheme supplies the CPU with the actual address of the memory location to be accessed?
Direct addressing.
What is the importance of comprehensively documenting an organization’s business continuity plan?
Committing the plan to writing provides the organization with a written record of the procedures to follow when disaster strikes. It prevents the “it’s in my head” syndrome and ensures the orderly progress of events in an emergency.
What are protection rings?
From a security standpoint, protection rings organize code and components in an OS into concentric rings. The deeper inside the circle you go, the higher the privilege level associated with the code that occupies a specific ring.
What name is given to the cryptographic concept of making the relationship between the plain text and the key so complex that an attacker can’t use known plain‐text attacks to determine the key?
Confusion.
Define reactive threat modeling.
A reactive approach to threat modeling takes place after a product has been created and deployed. This deployment could be in a test or laboratory environment or to the general marketplace. This type of threat modeling is also known as the adversarial approach. This technique of threat modeling is the core concept behind ethical hacking, penetration testing, source code review, and fuzz testing.
What are user behavior analytics (UBA) and user and entity behavior analytics (UEBA)?
User behavior analytics (UBA) and user and entity behavior analytics (UEBA) are the concepts of analyzing the behavior of users, subjects, visitors, customers, etc. for some specific goal or purpose.
What are user behavior analytics (UBA) and user and entity behavior analytics (UEBA)?
User behavior analytics (UBA) and user and entity behavior analytics (UEBA) are the concepts of analyzing the behavior of users, subjects, visitors, customers, etc. for some specific goal or purpose. Information collected from UBA/UEBA monitoring can be used to improve personnel security policies, procedures, training, and related security oversight programs.
What is big data?
Big data refers to collections of data that have become so large that traditional means of analysis or processing are ineffective, inefficient, and insufficient. Big data involves numerous difficult challenges, including collection, storage, analysis, mining, transfer, distribution, and results presentation.
How does identification work?
Identification is the process by which a subject professes an identity and accountability is initiated. A subject must provide an identity to a system to start the process of authentication, authorization, and accountability/accounting.
What is SDN?
Software‐defined network (SDN) is a unique approach to network operation, design, and management. SDN aims at separating the infrastructure layer (i.e., hardware and hardware‐based settings) from the control layer (i.e., network services of data transmission management).
What is containerization?
Containerization or OS virtualization is based on the concept of eliminating the duplication of OS elements in a virtual machine. Each application is placed into a container that includes only the actual resources needed to support the enclosed application.
What is the purpose of vendor, consultant, and contractor controls?
Vendor, consultant, and contractor controls are used to define the levels of performance, expectation, compensation, and consequences for entities, persons, or organizations that are external to the primary organization.
What attack collects numerous low‐level security items or low‐value items and combines them to create something of a higher security level or value?
Aggregation
What is a cryptographic salt and what is it used for?
The cryptographic salt is a random value that is added to the end of the password before the operating system hashes the password. It is used to help combat the use of brute‐force attacks, including those aided by dictionaries and rainbow tables.
How do you protect your system from a malicious code incident?
Make sure your security policy restricts the introduction of untested files to your computer system. Have a good scanner with an up‐to‐date signature database. Frequently scan all files. Implement whitelisting or allow listing of applications.
What is war dialing?
War dialing means using a modem to search for a system that accepts inbound connection attempts.
What term describes the act of using another person’s security ID to gain unauthorized entry into a facility?
Masquerading
What network device works primarily at the Application layer?
An Application layer gateway
What are the security implications of hiring new employees?
To properly plan for security, you must have standards in place for job descriptions, job classification, work tasks, job responsibilities, prevention of collusion, candidate screening, background checks, security clearances, employment agreements, and nondisclosure agreements.
__________ controls are your first line of defense, while ________ are your last line of defense.
Physical, people
What is gamification as it applies to personnel security management?
Gamification is a means to encourage compliance and engagement by integrating common elements of game play into other activities, such as security compliance and behavior change.
What label applies to a site that is already provisioned with hardware and software to take over for a primary facility but that needs to obtain and install a backup or image of client‐specific data before going online?
Warm site
What does the Goguen–Meseguer model focus on?
Goguen–Meseguer model focuses on integrity.
What is data remanence?
Data remanence is the data that remains on a storage device as residual and potentially recoverable data.
What is the term for exercising reasonable care in protecting organizational assets and interests?
Due care
What are the four TCP header flags that are used in virtual circuit setup and teardown?
SYN, ACK, FIN, and RES (or RST)
What is an ARP attack?
The modification of ARP mappings. When ARP mappings are falsified, packets are not sent to their proper destination.
Define the aspect of confidentiality known as discretion.
Discretion is an act of decision whereby an operator can influence or control disclosure in order to minimize harm or damage.
What is a security champion?
Often a security champion is a member of a group who decides (or is assigned) to take charge of leading the adoption and integration of security concepts into the group’s work activities.
What is Kerberos?
Kerberos is the most common SSO method used within organizations. The primary purpose of Kerberos is authentication.
What are two forms of ARP poisoning?
ARP cache poisoning is caused by an attack responding to ARP broadcast queries in order to send back falsified replies. A second form of ARP cache poisoning is to create static ARP entries.
What are the three phases of the three‐way handshake used by TCP/IP?
SYN, SYN/ACK, ACK
What is a private cloud?
A private cloud is a cloud service within a corporate network and isolated from the Internet.
What is the primary weakness of satellite communications?
Large terrestrial footprint
Define “trust but verify.”
“Trust but verify” is a traditional security approach of trusting subjects and devices within the company’s security perimeter automatically.
What TCSEC category is reserved for systems that have been evaluated but do not meet the requirements of any other category?
Category D (minimal protection)
Define confinement, bounds, and isolation.
Confinement restricts a process to reading from and writing to specific resources. Bounds is the limitation of authorization assigned to a process. Isolation is the means by which confinement is implemented through the use of bounds.
What is doxing?
Doxing involves researching and publishing private or personally identifiable information about an individual, often with malicious intent.
What is annualized rate of occurrence (ARO)?
ARO is an element of quantitative risk analysis that represents the expected frequency with which a specific threat or risk will occur within a single year.
How are domains related to decentralized access control?
A domain is a realm of trust that shares a common security policy. This is a form of decentralized access control.
What is the collection of the common methods from a set of objects that is used to define the behavior of those objects?
Class
What are some of the terms used to describe the CPU mode that gives access to the full range of supported instructions?
System mode, privileged mode, supervisory mode, and kernel mode
What is the formula for computing single loss expectancy?
SLE = AV × EF [Single Loss Expectancy = Asset Value × Exposure Factor]
True or false? All ciphers are meant to obscure the meaning of a message.
True
Why is it important to protect against resource waste?
If the storage space, computing power, or networking bandwidth capacity is consumed by inappropriate or non-work-related data, the organization loses money.
Why is it important to protect against resource waste?
If the storage space, computing power, or networking bandwidth capacity is consumed by inappropriate or non-work-related (non-profit-producing) data, the organization loses money.
What are the various types and purposes of network segmentation?
Network segmentation can be used to manage traffic, improve performance, and enforce security.
Examples of network segments or subnetworks include intranet, extranet, and screened subnet.
What is used to provide fault tolerance for a disk subsystem?
Redundant array of independent disks (RAID)
What is two-person control?
Two-person control is similar to segregation of duties. It requires the approval of two individuals for critical tasks.
What is Nessus?
An example of a vulnerability scanner
What are the propagation techniques used by viruses?
Viruses use four main propagation techniques—file infection, service injection, boot sector infection, and macro infection—to penetrate systems and spread their malicious payloads.
You need to understand these techniques to effectively protect systems on your network from malicious code.
What is a separate object that is associated with a resource and describes its security attributes?
Security token
What are the three learning levels of security?
Awareness, training, and education
What are the five steps of the business impact assessment process?
Identification of priorities, risk identification, likelihood assessment, impact assessment, and resource prioritization
What type of cryptography relies on the use of public and private keys?
Asymmetric
What are the results or output exhibited by an object based on processing a message through a method?
Behavior
What is the standard that wireless networking technology is based on?
802.11
Where are DCS systems used and why?
Distributed control system (DCS) units are typically found in industrial process plans where the need to gather data and implement control over a large‐scale environment from a single location is essential.
An important aspect of DCS is the controlling elements are distributed across the monitored environment, such as a manufacturing floor or a production line, while the centralized monitoring location sends commands out of those localized controllers when gathering status and performance data.
What are examples of Kerberos exploitation attacks?
Kerberos attacks attempt to exploit weaknesses in Kerberos tickets. In some attacks, they capture tickets held in the lsass.exe process and use them in pass‐the‐ticket attacks.
A silver ticket grants the attacker all the privileges granted to a service account. Attackers can create golden tickets after obtaining the hash of the Kerberos service account (KRBTGT), giving them the ability to create tickets at will within Active Directory.
What is white noise (as related to EMI)?
White noise simply means broadcasting false traffic at all times to mask and hide the presence of real emanations.
What is degaussing?
A degausser creates a strong magnetic field that erases data on some media in a process called degaussing.
Technicians commonly use degaussing methods to remove data from magnetic tapes with the goal of returning the tape to its original state. While it is possible to degauss hard disks, it is not recommended. Degaussing a hard disk will normally destroy the electronics used to access the data.
What is virtual software?
A virtual application or virtual software is a software product deployed in such a way that it is fooled into believing it is interacting with a full host OS.
A virtual (or virtualized) application has been packaged or encapsulated so that it can execute but operate without full access to the host OS. A virtual application is isolated from the host OS so that it cannot make any direct or permanent changes to the host OS.
What is the process used to develop a continuity strategy in relation to BCP?
During the strategy development phase, the BCP team determines which risks they will mitigate. In the provisions and processes phase, the team designs mechanisms and procedures that will mitigate identified risks.
The plan must then be approved by senior management and implemented. Personnel must also receive training on their roles in the BCP process.
What are the valid key sizes for RC5?
0 to 2,048 bits
What security problem cannot be prevented or compensated for by environmental controls or hardware devices?
Bad coding
What is NAC?
Network Access Control (NAC) is a concept of controlling access to an environment through strict adherence to and implementation of security policy.
The goals of NAC are to prevent/reduce zero-day attacks, to enforce security policy throughout the network, and to use identities to perform access control.
What is the best protection against a computer joining a botnet?
Up-to-date antivirus software
What is opportunistic TLS?
Opportunistic TLS for SMTP will attempt to set up an encrypted connection with every other email server in the event that it is supported; otherwise, it will downgrade to plain text.
Using opportunistic TLS for SMTP gateways reduces the opportunities for casual sniffing of email.
What is a local cache?
A local cache is anything that is temporarily stored on the client for future reuse.
There are many local caches on a typical client, including ARP cache, DNS cache, and Internet files cache.
Define CYOD.
The concept of CYOD (choose your own device) provides users with a list of approved devices from which to select the device to implement.
A CYOD can be implemented so that employees purchase their own devices from the approved list (a BYOD variant) or the company can purchase the devices for the employees (a COPE variant).
What is Modbus?
Modbus is a widely used communication protocol in industrial automation and control systems.
Developed by Modicon (now part of Schneider Electric) in 1979, Modbus has become a de facto standard for connecting and managing devices within industrial environments. It provides a common language for different devices to exchange data and commands, facilitating communication in supervisory control and data acquisition (SCADA) systems, programmable logic controllers (PLCs), and other industrial applications.
Why is it important to protect against privilege abuse?
It can cause the disclosure of sensitive information, violating the principle of confidentiality.
What is the concept of abstraction?
Abstraction is used to collect similar elements into groups, classes, or roles that are assigned security controls, restrictions, or permissions as a collective.
It adds efficiency to carrying out a security plan.
What type of IDS detects attacks based on known methods?
Knowledge-based (also called signature-based or pattern-matching)
What are the 5 Pillars of Information Security?
The 5 Pillars of Information Security are confidentiality, integrity, availability, authenticity, and nonrepudiation.
What is the government/military data classification scheme?
Top secret, secret, confidential, sensitive, and unclassified
Who should have access to audit reports?
Only people who have a need to know
What is Secure Access Service Edge (SASE)?
Secure Access Service Edge (SASE) is a framework that converges network security functions with wide area networking (WAN) capabilities, catering to the dynamic, secure access needs of modern organizations.
SASE is designed to respond to the evolving IT landscape marked by trends such as cloud adoption, a mobile workforce, and an increased emphasis on network security.
Describe record retention policies.
Record retention policies ensure that data is kept in a usable state while it is needed and destroyed when it is no longer needed.
Many laws and regulations mandate keeping data for a specific amount of time, but in the absence of formal regulations, organizations specify the retention period within a policy. Audit trail data needs to be kept long enough to reconstruct past incidents, but the organization must identify how far back they want to investigate.
What type of cabling must be used to comply with building code safety requirements?
Plenum-rated cable
What can antivirus programs do when they encounter a virus infection?
Delete the file, disinfect the file, or quarantine the file.
What are the possible responses to a risk?
Acceptance, assignment, deterrence, avoidance, rejection, and mitigation
What does BCP stand for, and what does it mean?
Business continuity planning (BCP) is the preventive practice of establishing and planning for threats to business flow, including natural and unnatural risk and threats to daily operations.
What are examples of types of log files?
Log data is recorded in databases and different types of log files.
Common log files include security logs, system logs, application logs, firewall logs, proxy logs, and change management logs. Log files should be protected by centrally storing them and using permissions to restrict access, and archived logs should be set to read‐only to prevent modifications.
If a message is signed and encrypted, what security services are you providing?
Confidentiality, integrity, authenticity/access control, and nonrepudiation
What is edge computing?
Edge computing is a philosophy of network design where data and the compute resources are located as close as possible in.
What is edge computing?
Edge computing is a philosophy of network design where data and compute resources are located as close as possible to optimize bandwidth use while minimizing latency. In edge computing, the intelligence and processing are contained within each device.
What term refers to any hardware, software, or data that can be used to prove the identity and actions of an attacker?
Evidence
What helps prevent outages that can occur from unauthorized modifications?
Change management
Name three methods to rank and prioritize threats.
Probability × Damage Potential, high/medium/low, or DREAD
What is public key infrastructure (PKI)?
In the public key infrastructure, certificate authorities (CAs) generate digital certificates containing the public keys of system users. Users distribute these certificates to people with whom they want to communicate.
What is the most common cause of unplanned downtime?
Hardware failures
In the context of a risk management process, what is scope?
Scope refers to the extent or boundaries of a risk management process, project, or assessment.
Name the four key principles upon which access control relies.
Identification, authentication, authorization, accounting, auditing
What is the identity and access provisioning life cycle?
The identity and access provisioning life cycle refers to the creation, management, and deletion of accounts.
What are some common VPN protocols?
PPTP, L2TP, SSH, and IPSec
When a domain name is registered, where and how is it stored?
Every registered domain name has an assigned authoritative name server. The primary authoritative name server hosts the original zone file for the domain.
Name six wireless frequency access technologies.
FHSS, DSSS, OFDM, MIMO, TDMA, and CDMA
What is dynamic testing?
Dynamic testing evaluates the security of software in a runtime environment.
What kind of strategy drives defining practices, policies, and procedures to restore a business to normal operation in the wake of some kind of outage or disaster?
Recovery strategy
What is aqueous film forming foam (AFFF)?
A type of firefighting foam used to suppress flammable liquid fires.
What is port isolation or private ports in relation to VLANs?
These are private VLANs that are configured to use a dedicated or reserved uplink port.
What are the basic provisions of the Economic Espionage Act of 1996?
The Economic Espionage Act provides penalties for individuals found guilty of the theft of trade secrets.
Security managers should monitor key performance and risk indicators on an ongoing basis. Name some potential examples of metrics that should be monitored.
Number of open vulnerabilities, Time to resolve vulnerabilities, Number of compromised accounts, Number of software flaws detected in preproduction scanning, Repeat audit findings, User attempts to visit known malicious sites
What security mechanisms are countermeasures to collusion?
Job rotation, separation of duties, two-person control, mandatory vacations, workstation change
What is a VLAN?
A hardware-imposed network segmentation created by switches used to manage traffic.
Describe open and closed source.
An open source solution is one where the source code is exposed to the public. A closed source solution is one where the source code is hidden from the public.
What is DREAD?
DREAD is a threat rating system designed to provide a flexible rating solution based on five main questions.
Name four examples of infrastructure mode wireless networking.
Stand-alone, wired extension, enterprise extended, and bridge
What is the principle of ‘keep it simple’?
‘Keep it simple’ encourages avoiding overcomplicating the environment, organization, or product design.
What are some methods of storage media destruction?
Methods of destruction include incineration, crushing, shredding, disintegration, and dissolving using caustic or acidic chemicals.
What are the elements of a termination procedure policy?
Have at least one witness; escort terminated employee off the premises immediately; collect identification, access, or security devices; perform exit interview; deactivate network account.
What are often added to passwords under Linux to make their resultant hash even more secure?
Salts
Define the state machine model.
The state machine model ensures that all instances of subjects accessing objects are secure.
What does a business attack focus on?
A business attack focuses on illegally obtaining an organization’s confidential information.
Describe large-scale parallel data systems.
Systems designed to perform numerous calculations simultaneously include SMP, AMP, and MPP.
Which access control scheme requires administrative rules to be defined along with the various conditions under which they apply as well as applicable object permissions?
Rule-based access control
How does the teardrop attack operate?
It sends overlapping packet fragments to the victim machine.
When an asset no longer needs or warrants a high-security sensitivity label, what should occur?
Declassification
What are some security issues related to VoIP?
Caller ID spoofing, vishing, call manager software/firmware attacks, phone hardware attacks, DoS, adversary-in-the-middle (AitM)/man-in-the-middle (MitM)/on-path attacks, spoofing, and switch hopping.
Which type of computer crime would likely be timed to occur simultaneously with a physical attack to reduce the ability to effectively respond to the physical attack?
Terrorist attack
What is a security boundary?
The line of intersection between any two areas, subnets, or environments that have different security requirements or needs.
What are key concepts of the mandatory access control (MAC) model?
The MAC model uses labels to identify security domains.
What are key concepts of the mandatory access control (MAC) model?
The MAC model uses labels to identify security domains. Subjects need matching labels to access objects. It enforces the need-to-know principle and supports hierarchical and compartmentalized environments, or a combination in a hybrid environment. It is frequently referred to as a lattice-based model.
What components make up a FQDN?
A fully qualified domain name (FQDN) consists of three main parts: top-level domain (TLD), registered domain name, and subdomain(s) or hostname.
Reviewing the recorded images from CCTV is what type of security control?
Detection
What is it called when an authorized party indicates its intention to fulfill some contractual obligation and forgoes its right to dispute that fulfillment after the fact?
Nonrepudiation
Who has the responsibility to ensure that communications are secured?
The sender
Where are you most likely to see an ABAC model?
An attribute-based access control (ABAC) model is typically implemented in software-defined networks (SDNs).
What is the importance of ethics to security personnel?
Security practitioners are granted a very high level of authority and responsibility. Without a strict code of personal behavior, there is potential for abuse. Adherence to a code of ethics helps ensure that such power is not abused.
What is egress monitoring?
Egress monitoring refers to monitoring outgoing traffic to prevent data exfiltration, which is the unauthorized transfer of data.
What are some common reasons a certificate might need to be revoked?
The certificate was compromised, erroneously issued, details changed, private key exposed, or change of security association.
What’s the most desirable default setting for access control?
Denial. When access is not specifically granted, it should be denied by default.
What is the purpose of account access reviews?
Account access reviews ensure that accounts don’t have excessive privileges and can detect when accounts have excessive privileges or when unused accounts have not been deactivated or deleted.
What is SDDC?
Software-defined data center (SDDC) or virtual data center (VDC) is the concept of replacing physical IT elements with solutions provided virtually.
With what other forms of single sign-on can Kerberos be combined?
Any or all of them, including SESAME, KryptoKnight, NetSP, thin clients, directory services, and scripted access.
What is DRDoS?
A distributed reflective denial-of-service (DRDoS) attack uses a reflected approach to an attack, manipulating traffic or a network service so that attacks are reflected back to the victim from other sources.
What is system resilience?
System resilience refers to the ability of a system to maintain an acceptable level of service during an adverse event.
When a disaster strikes but your ability to perform work tasks is only threatened, not actually interrupted, what response should be used?
BCP
What amendment to the U.S. Constitution forms the basis for privacy rights?
Fourth Amendment
What are the differences between HIDSs and NIDSs?
Host-based IDSs (HIDSs) monitor activity on a single system, while network-based IDS (NIDS) monitors activity on a network.
If an incident has occurred that has violated no laws or regulations, how do you determine whether to report it?
The incident reporting guidelines should be in your security policy.
What is the primary purpose of lighting as a physical security device?
To discourage casual intruders, trespassers, prowlers, and would-be thieves.
Define the aspect of confidentiality known as criticality.
The level to which information is mission critical is its measure of criticality.
Administrators are removing all data from data records that can be used to identify an individual. What is this process called?
Anonymization
Who are the necessary members of the business continuity planning team?
The BCP team should include representatives from each operational and support department, technical experts, security personnel, legal representatives, and senior management.
What is the purpose of monitoring and uses of monitoring tools?
Monitoring is used to hold subjects accountable for their actions and to detect abnormal or malicious activities.
When conducting an exercise, participants are often divided into three teams. What are the names of those teams and their purpose?
Red team members are the attackers, Blue team members are the defenders, and White team members are the observers and judges.
Magnetic/optical media devices are classified as what type of memory?
Secondary
What are the optimal environmental levels for rooms containing electronic equipment?
Rooms should be kept at 59 to 89.6 degrees Fahrenheit and humidity should be maintained between 20% and 80%.
Define a fail-secure system.
A fail-secure system will default to a secure state in the event of a failure.
What are the basic alternatives for confiscating evidence and when is each one appropriate?
The owner could voluntarily surrender it, a subpoena could compel surrender, or a law enforcement officer may seize visible evidence.
How do salt and pepper thwart password attacks?
Salting adds bits to a password before hashing it, while pepper is a large constant number used to increase security.
What are computers in a botnet commonly called?
Zombies
What is the purpose of firmware?
Firmware is software stored on a ROM chip that contains basic instructions needed to start a computer.
What are the six categories of computer crimes?
Computer crimes are grouped into military and intelligence attack, business attack, financial attack, terrorist attack, grudge attack, and thrill attack.
What is malicious code?
Malicious code is any script or program that performs an unwanted, unauthorized, or unknown activity on a computer system.
What are the four components of IPSec?
Authentication Header (AH), Encapsulating Security Payload (ESP), IP Payload Compression protocol (IPComp), and Internet Key Exchange (IKE).
What form of access control is best suited to those organizations with a high rate of employee turnover?
RBAC
What are some of the means for a DNS poisoning or attack to occur?
Rogue DNS server, planting false data in a zone file, altering the HOSTS file, and corrupting IP configuration.
What is DRM?
Digital rights management (DRM) software uses encryption to enforce copyright restrictions on digital media.
What is DRM?
Digital rights management (DRM) software uses encryption to enforce copyright restrictions on digital media. The purpose is to prevent the unauthorized use, modification, and distribution of copyrighted works.
What is proprietary data?
Proprietary data refers to any data that helps an organization maintain a competitive edge. It could be software code it developed, technical plans for products, internal processes, intellectual property, or trade secrets.
What are the variations of storage types?
Primary versus secondary, volatile versus nonvolatile, and random versus sequential.
What is the function of the data owner security role?
The data owner is responsible for classifying information for protection within the security solution.
What makes the usable throughput of ISDN less than the stated bandwidth?
The D channel is used only for call management, not data.
In the context of security controls, what is tuning?
Tuning is the process of adjusting security controls to better match the needs of the organization and their operational environment.
For example, intrusion detection and prevention systems require tuning to reduce the number of false positive alerts that they generate.
What is the process by which you are issued a digital certificate?
Enrollment.
What is FISMA?
The Federal Information Security Management Act (FISMA), passed in 2002, requires that federal agencies implement an information security program that covers the agency’s operations.
What is the imaginary boundary that separates the TCB from the rest of the system?
Security perimeter.
What is a rootkit?
A rootkit is malware that embeds itself deep within an OS. The term is a derivative of the concept of rooting and a utility kit of hacking tools.
What is misuse case testing?
In some applications, there are clear examples of ways that software users might attempt to misuse the application.
Software testers use a process known as misuse case testing or abuse case testing to evaluate the vulnerability of their software to these known risks.
What is DNS poisoning?
DNS poisoning is the act of falsifying the DNS information used by a client to reach a desired system.
What is OAuth?
OAuth is an open SSO standard designed to work with HTTP, and it allows users to log on with one account.
For example, users can log on to their Google account and use the same account to access Facebook and other sites and online services.
What are some of the elements that should be included in emergency response guidelines?
Immediate response procedures, notification procedures, and secondary response procedures.
What is a cyber-physical system?
Cyber-physical system is a term used to refer to devices that offer a computational means to control something in the physical world.
Why is antivirus protection important?
Malware is the most common form of security breach in the IT world.
What is WPS?
Wi‐Fi Protected Setup (WPS) is a security standard for wireless networks.
What is the functional order of controls when deployed for physical security?
The functional order of controls when deployed for physical security is deter, deny, detect, delay, determine, and decide.
What is the cloud shared responsibility model?
The cloud shared responsibility model is the concept that when an organization uses a cloud solution, there is a division of security and stability responsibility between the provider and the customer.
What are the key types used in asymmetric cryptography?
Public keys are freely shared among communicating parties, whereas private keys are kept secret.
What criteria are used to classify data?
Usefulness, timeliness, value or cost, maturity or age, lifetime or expiration period, disclosure damage assessment, modification damage assessment, national or business security implications, storage.
Name at least five possible threats that should be evaluated when performing a risk analysis.
Viruses; buffer overflows; coding errors; user errors; intruders (physical and logical); natural disasters; equipment failure; misuse of data, resources, or services.
What are the functions of an intrusion detection system (IDS)?
An IDS automates the inspection of audit logs and real-time system events, detects intrusion attempts, and watches for violations of confidentiality, integrity, and availability.
What is broadband over power lines (BPL)?
A technology that enables high‐speed data transmission over existing electrical power lines.
What is security governance?
Security governance is the collection of practices related to supporting, defining, and directing the security efforts of an organization.
How should an organization incorporate security into the procurement and vendor governance process?
The expanded use of cloud services by many organizations requires added attention to conducting reviews of information security controls during the vendor selection process.
What is cloud storage?
Cloud storage is the idea of using storage capacity provided by a cloud vendor as a means to host data files for an organization.
What are KPIs of physical security?
Key performance indicators (KPIs) of physical security are metrics or measurements of the operation of or the failure of various aspects of physical security.
What is the practice of defense in depth called when it involves a multilayered security infrastructure?
Concentric circle strategy.
What is services integration?
Services integration, cloud integration, systems integration, and integration platform as a service (iPaaS) is the design and architecture of an IT/IS solution.
What are the terms of the notification requirements placed on organizations that experience a data breach within the United States?
California’s SB 1386 implemented the first statewide requirement to notify individuals of a breach of their personal information.
What are the typical stages of the information system life cycle?
Stakeholders’ Needs and Requirements, Requirements Analysis, Architectural Design, Development/Implementation, Integration, Verification and Validation, Transition/Deployment, Operations and Maintenance/Sustainment, and Retirement/Disposal.
What are audit trails?
Audit trails are the records created by recording information about events and occurrences into one or more databases or log files.
What is security process data and where can it come from?
Many components of the information security program generate data that is crucial to security assessment processes.
What ports are used by DNS and for what purposes?
TCP 53 is used for zone transfers, and UDP 53 is used for queries.
What is geotagging?
Mobile devices with GPS support enable the embedding of geographical location (geotagging) in the form of latitude and longitude.
What is an API?
An application programming interface (API) allows application developers to bypass traditional web pages and interact directly with the underlying service.
What is geotagging?
Embedding of geographical location in the form of latitude and longitude as well as date/time information on photos taken with devices.
What is an API?
An application programming interface (API) allows application developers to bypass traditional web pages and interact directly with the underlying service through function calls.
What are web vulnerability scanners?
Web vulnerability scanners are special-purpose tools that scour web applications for known vulnerabilities. They may discover flaws not visible to network vulnerability scanners.
What is a VPN?
A virtual private network (VPN) is a communication tunnel that provides point-to-point transmission of both authentication and data traffic over an intermediary network.
What are some common threats that may occur through email?
Email is a common delivery mechanism for viruses, worms, Trojan horses, documents with destructive macros, and phishing attacks.
What port is used by DHCP?
Port 68 for client request broadcast and port 67 for server point‐to‐point response.
What are synthetic transactions?
Synthetic transactions are scripted transactions with known expected results used to verify system performance.
What is more secure than a data warehouse and designed to store metadata?
Data mart.
What does a cable plant management policy address?
A cable plant is the collection of interconnected cables and intermediary devices that establish the physical network.
What is NFC?
Near‐field communication (NFC) is a standard that establishes radio communications between devices in close proximity.
What kind of system is designed to detect intrusions, breaches, or attack attempts?
Intrusion detection system (IDS).
What is static software testing?
Static testing evaluates the security of software without running it by analyzing either the source code or the compiled application.
What process identifies the actual value of assets?
Asset valuation.
Provide two examples of devices that might be used to harden a system.
Computer‐safe fire suppression systems and uninterruptible power supplies.
What is DevSecOps?
DevSecOps approaches expand on the DevOps model by introducing security operations activities into the integrated model.
What is the purpose of memory protection?
Memory protection is used to prevent an active process from interacting with an area of memory that was not specifically assigned or allocated to it.
What is an example of a polyalphabetic substitution cipher?
Vigenère cipher.
What is privacy by design?
Privacy by design (PbD) is a guideline to integrate privacy protections into products during the early design phase.
What can be used to verify patches have been applied?
Vulnerability scanner or a patch management system.
What term describes any violation or threatened violation of a security policy?
Incident.
Describe the different characteristics of storage devices used by computers.
Primary storage is the same as memory. Secondary storage consists of magnetic, flash, and optical media.
What process identifies and categorizes potential threats?
Threat modeling.
What is a proxy, and what is it used for?
Any system that performs a function or requests a service on behalf of another system.
What attack is often successful against polyalphabetic substitution ciphers?
Period analysis.
What is the evil twin attack?
Evil twin is an attack in which a bad actor operates a false access point that will automatically clone the identity of an access point.
Name an example of a link state routing protocol.
OSPF.
What is a homograph attack?
An attack that leverages similarities in character sets to register phony international domain names.
What are elements that make up quality of service (QoS)?
Attenuation, interference, noise, jitter, bandwidth, and propagation delay or latency.
What is UEFI?
UEFI (Unified Extensible Firmware Interface) is a more advanced interface between hardware and the operating system.
How does penetration testing improve your system’s security?
Penetration testing allows you to more accurately judge the security mechanisms deployed by an organization.
What does an operational investigation focus on?
An operational investigation examines issues related to the organization’s computing infrastructure.
What form of encryption is used to protect communications that occur in real time?
Stream ciphers.
What is a concept of communication whereby a specific type of information is exchanged but no real data is exchanged?
Zero-knowledge proof.
What is nmap?
The most common tool used for network discovery scanning is an open source tool called nmap.
What are the hashing algorithms in primary use today?
The successors to the Secure Hash Algorithm (SHA), SHA-2 and SHA-3.
What disaster recovery system is often highly dependent on the public water supply?
Fire suppression system.
When evaluating access control attacks, what are three primary elements that must be identified?
Assets, threats, and vulnerabilities.
Define the aspect of confidentiality known as isolation.
Isolation is the act of keeping something separated from others.
How is the ticket-granting ticket used by Kerberos generated?
The user’s password is hashed, and a timestamp is added.
Why isn’t there an effective direct countermeasure against the threat of malicious hackers or crackers?
Most safeguards and countermeasures protect against one specific threat or another.
What is Control Objectives for Information and Related Technology (COBIT)?
COBIT is a documented set of best IT security practices crafted by ISACA.
What are HPC systems?
High‐performance computing (HPC) systems are computing platforms designed to perform complex calculations at high speeds.
What is TEMPEST?
TEMPEST is a standard for the study and control of electronic signals produced by various types of electronic hardware.
What are common examples of HPC systems?
MPP solutions are common examples of HPC systems.
What is TEMPEST?
TEMPEST is a standard for the study and control of electronic signals produced by various types of electronic hardware, such as computers, televisions, phones, and so on. Its primary goal is to prevent EMI and RFI radiation from leaving a strictly defined area to eliminate the possibility of external radiation monitoring, eavesdropping, and signal sniffing. The term TEMPEST has become less common, and the corresponding security discipline is now emission security (EMSEC).
What are the basic provisions of the Digital Millennium Copyright Act of 1998?
The Digital Millennium Copyright Act prohibits the circumvention of copy protection mechanisms placed in digital media and limits the liability of Internet service providers for the activities of their users.
What are the typical HVAC requirements for a computer room?
A computer room should be kept at 59 to 89.6 degrees Fahrenheit (15 to 32 degrees Celsius). Humidity in a computer room should be maintained at between 20 and 80 percent.
What is a valid security response when an application violates OS‐imposed security?
Stopping the environment, a STOP error, a blue screen of death (BSOD)
What is Trusted Automated eXchange of Intelligence Information (TAXII)?
Defines protocols and services for automated sharing of structured threat information.
What is data portability?
Data portability refers to the ability of individuals to easily and securely move their personal data from one system, service, or application to another. It allows users to transfer their data between different platforms, promoting user control and facilitating competition among service providers.
What are the models of systems development?
The waterfall model describes a sequential development process that results in the development of a finished product. Developers may step back only one phase in the process if errors are discovered. The spiral model uses several iterations of the waterfall model to produce a number of fully specified and tested prototypes. Agile development models place an emphasis on the needs of the customer and quickly developing new functionality that meets those needs in an iterative fashion.
What is the name of the security management approach in which senior management calls the shots?
Top‐down approach.
What is single sign-on (SSO)?
A mechanism that allows subjects to authenticate once and access multiple objects without authenticating again.
What is SDV?
Software‐defined visibility (SDV) is a framework to automate the processes of network monitoring and response. The goal is to enable the analysis of every packet and make deep intelligence‐based decisions on forwarding, dropping, or otherwise responding to threats.
Which two types of incidents are the easiest to stop by dynamically altering filtering rules?
Scanning and denial of service. They can both potentially be stopped by filtering out the offending packets.
What are VDI and VMI?
Virtual desktop infrastructure (VDI) is a means to reduce the security risk and performance requirements of end devices by hosting desktop/workstation OS virtual machines on central servers that are remotely accessed by users. Virtual mobile infrastructure (VMI) is where the OS of a mobile device is virtualized on a central server.
Memory devices designed to retain their data when power is removed are known as ___________________.
nonvolatile.
Why should an organization implement security awareness, training, and education?
Awareness establishes a baseline of general security understanding. Training teaches employees to perform their work tasks in compliance with the security policy, standards, guidelines, and procedures mandated by the organization. Education is a more detailed endeavor in which students/users learn much more than they actually need to know to perform their work tasks.
What is it called when malware is installed on a user’s system after visiting a website?
Drive-by download.
What form of encryption can provide secure communications between two parties when they have no prior method of communicating securely?
Asymmetric cryptography.
What is required before starting a penetration test?
Knowledge and consent of management.
What is electronic discovery?
In legal proceedings, each side has a duty to preserve evidence related to the case and, through the discovery process, share information with their adversary in the proceedings. This discovery process applies to both paper records and electronic records, and the electronic discovery (or eDiscovery) process facilitates the processing of electronic information for disclosure.
What are the basic labels, groupings, and examples of routing protocols?
Interior routing protocols are distance vector (Routing Information Protocol [RIP] and Interior Gateway Routing Protocol [IGRP]) and link state (Open Shortest Path First [OSPF] and Intermediate System to Intermediate System [IS‐IS]); an exterior routing protocol is path vector (Border Gateway Protocol [BGP]).
How is abstraction used?
Abstraction is used to collect similar elements into groups, classes, or roles that are assigned security controls, restrictions, or permissions.
What is a drive-by download?
A drive-by download is code downloaded and installed on a user’s system without the user’s knowledge. Attackers modify the code on a web page, and when the user visits, the code downloads and installs malware on the user’s system without the user’s knowledge or consent.
Name one or more examples of vector routing protocol.
RIP, IGRP, BGP.
Which type of incident generally does not cause direct damage to the victim?
Scanning. The purpose of a scanning attack is to collect information. The real damage to the system occurs in later attacks.
How are security and illegal activities related?
A secure environment should provide mechanisms to prevent the committal of illegal activities, which are actions that violate a legal restriction, regulation, or requirement.
Describe the models of systems development.
The waterfall model is a sequential development process that results in the development of a finished product. Developers may step back only one phase in the process if errors are discovered. The spiral model uses several iterations of the waterfall model to produce a number of fully specified and tested prototypes. Agile development models place an emphasis on the needs of the customer and quickly developing new functionality that meets those needs in an iterative fashion.
What is the first thing you should do when a disaster strikes?
Ensure that people are safe.
What is the primary method to improve fax security?
Deactivate automatic printing of received faxes.
What is storage segmentation on a mobile device?
Storage segmentation is used to artificially compartmentalize various types or values of data on a storage medium. On a mobile device, the device manufacturer and/or the service provider may use storage segmentation to isolate the device’s OS and preinstalled apps from user‐installed apps and user data.
What is CORBA?
Common Object Request Broker Architecture (CORBA) is an international standard (sanctioned by the International Organization for Standardization) for distributed computing.
How can you protect data against fraud and theft?
The use of access controls (auditing and monitoring, for example) reduce fraud and theft.
What kinds of items qualify as access controls?
Any hardware, software, or organizational administrative policy or procedure that maintains confidentiality, integrity, and/or accountability/accounting also counts as an access control.
What is fuzz testing?
Fuzz testing is a specialized dynamic testing technique that provides many different types of input to software to stress its limits and find previously undetected flaws. Fuzz testing software supplies invalid input to the software, either randomly generated or specially crafted to trigger known software vulnerabilities.
Explain why the separation of duties and responsibilities is a common security practice.
It prevents any single subject from being able to circumvent or deactivate security mechanisms.
What is a spamming attack?
Directing floods of messages to a victim’s email inbox or other messaging system. Such attacks cause DoS issues by filling up storage space and preventing legitimate messages from being delivered.
What is a software bill of materials (SBOM)?
A software bill of materials (SBOM) is a structured and comprehensive inventory or list of all the software components and dependencies that make up a software application or system. An SBOM provides detailed information about the various software components used in a system, including their versions, sources, and relationships. The primary purpose of an SBOM is to enhance software transparency, security, compliance, and management.
What is SAE?
Simultaneous Authentication of Equals (SAE) performs a zero‐knowledge proof process known as Dragonfly Key Exchange, which is itself a derivative of Diffie–Hellman. The process uses a preset password and the MAC addresses of the client and AP to perform authentication and session key exchange.
What are common network devices?
Repeaters, hubs, modems, bridges, switches, routers, LAN extenders, jumpboxes, sensors, collectors, and aggregators.
In the Clark–Wilson security model, what is a procedure that scans data items and confirms their integrity?
Integrity verification procedure (IVP).
The Fagan code review process has six steps. Name them.
Planning, Overview, Preparation, Inspection, Rework.
What are the functions of SAMM?
The Software Assurance Maturity Model (SAMM) is an open source project with five business functions: Governance, Design, Implementation, Verification, and Operations.
What cryptographic attack attempts to find a weakness in the algorithm?
Analytic attack
Name the two primary laws that are designed to protect society against computer crime and their basic provisions.
The Computer Fraud and Abuse Act (as amended) protects computers used by the government or in interstate commerce from a variety of abuses. The Electronic Communications Privacy Act (ECPA) makes it a crime to invade the electronic privacy of an individual.
What is the purpose of security controls?
Security controls use access rules to limit the access by a subject to an object.
What cryptographic attack attempts to find a weakness in the software code?
Implementation attack
How do antivirus software packages detect known viruses?
Most antivirus programs use signature‐based detection algorithms to look for telltale patterns of known viruses. This makes it essential to periodically update virus definition files in order to maintain protection against newly authored viruses as they emerge. Behavior‐based detection monitors target users and systems for unusual activity and either blocks it or flags it for investigation.
What is a Faraday cage?
A Faraday cage is an EM‐blocking enclosure, often a wire mesh that fully surrounds an area on all sides. This metal skin acts as an EMI absorbing capacitor that prevents electromagnetic signals from exiting or entering the area that the cage encloses.
What is PHI?
Protected health information (PHI) is any health‐related information that can be related to a specific person. In the United States, the Health Insurance Portability and Accountability Act (HIPAA) mandates the protection of PHI.
What is an APT?
Recent years marked the rise of sophisticated attackers known as advanced persistent threats (APTs). These attackers are well funded and have advanced technical skills and resources. They act on behalf of a nation‐state, organized crime, terrorist group, or other sponsor and wage highly effective attacks against a very focused target in order to maintain persistent unauthorized access or effect.
What is bricking?
Refers to rendering a device completely nonfunctional or as useless as a brick, typically through a malfunction or intentional action. When a device is “bricked,” it loses its normal functionality and becomes inoperable, often requiring significant efforts to restore its original state.
What encryption algorithm was selected for the Advanced Encryption Standard (AES)?
Rijndael
What is transparency?
A characteristic of a service, security control, or access mechanism that ensures it is unseen by users.
What are some concerns about defaults?
Never assume the default settings of any product are secure. It is always up to the system’s administrator and/or company security staff to alter a product’s settings to comply with the organization’s security policies.
What is the term used to describe a secret method used by a programmer to gain access to the system?
Trap door (or back door)
How can cryptosystems be used to achieve authentication goals?
Authentication provides assurances as to the identity of a user. One possible scheme that uses authentication is the challenge‐response protocol, in which the remote user is asked to encrypt a message using a key known only to the communicating parties. Authentication can be achieved with both symmetric and asymmetric cryptosystems.
What are the common process states?
Ready, running, waiting, supervisory, and stopped.
How many rounds of encryption does DES utilize?
16
What are the four steps of the business continuity planning process?
Business continuity planning involves four distinct phases: project scope and planning, business impact analysis, continuity planning, and approval and implementation.
What is the collection of trusted computing base (TCB) components that work together to implement the reference monitor functions?
Security kernel
What is need to know?
Need to know is the requirement to have access to, knowledge of, or possession of data or a resource in order to perform specific work tasks.
What is privilege escalation?
Attackers use privilege escalation techniques to gain additional privileges after exploiting a single system. They typically try to gain additional privileges on the exploited systems first.
Which type of controls considers static attributes of the subject and the object to determine the permissibility of an access?
Mandatory access controls
Name the three common approaches to identifying threats.
Focused on assets, focused on attackers, and focused on software.
If a witness is not able to uniquely identify an object, how else may it be authenticated in court?
By establishing a chain of evidence.
Name the security issues surrounding secondary storage devices.
Three main security issues surround secondary storage devices: removable media can be used to steal data, access controls and encryption must be applied to protect data, and data can remain on the media even after file deletion or media formatting.
What are the two DHCPv6 modes of operation?
In stateful mode, DHCPv6 assigns specific IPv6 addresses to devices and manages the allocation of network configuration parameters. In stateless mode, DHCPv6 provides network configuration parameters without assigning specific IPv6 addresses.
Name three examples of administrative physical security controls.
Examples of administrative physical security controls are facility construction and selection, site management, building design, personnel controls, awareness training, and emergency response and procedures.
Define social engineering and its common principles.
Social engineering is a form of attack that exploits human nature and human behavior. The common social engineering principles are authority, intimidation, consensus, scarcity, familiarity, trust, and urgency.
Define proactive threat modeling.
A proactive approach to threat modeling takes place during early stages of systems development, specifically during initial design and specifications establishment.
What is versioning?
Versioning typically refers to version control used in software configuration management. A labeling or numbering system differentiates between different software sets and configurations across multiple machines or at different points in time on a single machine.
What is the controls gap?
The difference between total risk and residual risk. The controls gap is the amount of risk that is reduced by implementing safeguards.
What is it called when programmers decompile vendor code in order to understand the intricate details of its functionality?
Reverse engineering
What type of virus modifies itself each time it infects a new system in an attempt to avoid detection?
Polymorphic virus
Define the take‐grant model.
The take‐grant model dictates how rights can be passed from one subject to another or from a subject to an object.
What is the Risk Maturity Model (RMM)?
The Risk Maturity Model (RMM) is a means to assess the key indicators and activities of a mature, sustainable, and repeatable risk management process.
What is a cognitive password?
A series of questions about facts or predefined responses that only the subject should know.
What protocol uses the RSA encryption algorithm to provide encrypted mail support for a number of common commercial email packages?
S/MIME
What is the internal code that defines the actions an object performs in response to a message?
Method
Describe the concept of a corporate‐owned mobile strategy.
A corporate‐owned mobile strategy is when the company purchases the mobile devices that can support security compliance with the security policy.
What is single loss expectancy, and how is it calculated?
The cost associated with a single realized risk against a specific asset. SLE = asset value (AV) × exposure factor (EF).
What is single loss expectancy, and how is it calculated?
The cost associated with a single realized risk against a specific asset. SLE = asset value (AV) × exposure factor (EF). The SLE is expressed as a dollar value.
What is an ICS?
An industrial control system (ICS) is a form of computer‐management device that controls industrial processes and machines (aka operational technology (OT)). ICS examples include distributed control systems (DCSs), programmable logic controllers (PLCs), and supervisory control and data acquisition (SCADA). ICSs are used across a wide range of industries, including manufacturing, fabrication, electricity generation and distribution, water distribution, sewage processing, and oil refining.
What type of approach to security is considered better than a fortress mentality approach?
Defense in depth, multiple layers of security, concentric circles of security.
What is NAT?
Network Address Translation (NAT) allows the private IP addresses defined in RFC 1918 to be used in a private network while still being able to communicate with the Internet.
What are the three data states and their definitions?
Data at rest is any data stored on media such as system hard drives, external USB drives, storage area networks (SANs), and backup tapes. Data in transit (sometimes called data in motion) is any data transmitted over a network. This includes data transmitted over an internal network using wired or wireless methods and data transmitted over public networks such as the Internet. Data in use refers to data in temporary storage buffers while an application is using it.
What is risk avoidance?
Risk avoidance is the process of selecting alternate options or activities that have less associated risk than the default, common, expedient, or cheap option. For example, choosing to fly to a destination instead of drive is a form of risk avoidance. Another example is to locate a business in Arizona instead of Florida to avoid hurricanes.
What are the common applications of cryptography to secure networking?
The IPsec protocol standard provides a common framework for encrypting network traffic and is built into a number of common operating systems. In IPsec transport mode, packet contents are encrypted for peer‐to‐peer communication. In tunnel mode, the entire packet, including header information, is encrypted for gateway‐to‐gateway communications.
What is the stored sample of a biometric factor called?
A reference profile or a reference template.
What use is QoS?
Quality of service (QoS) controls protect the integrity of data networks under load. Many different factors contribute to the quality of the end user experience, and QoS attempts to manage all of those factors to create an experience that meets business requirements.
What is the Wi‐Fi attack known as KRACK?
In late 2017, a concept of attack known as KRACK (Key Reinstallation AttaCKs) was disclosed that is able to corrupt the initial four‐way handshake between client and WAP into reusing a previously used key and in some cases use a key composed of only zeros.
What is the need for periodic content reviews and effectiveness evaluations?
It is important to perform periodic content reviews of all training materials. This is to ensure that the training materials and presentation stays in line with business goals, organizational mission, and security objectives. Some means of verification should be used to measure whether the training is beneficial or a waste of time and resources.
What is the difference between baseband and broadband communications?
Baseband technology uses a direct current to support a single communication channel. Broadband technology uses frequency modulation to support multiple simultaneous signals.
What can a user entitlement review detect?
Violation of the principle of least privilege policy, as incidents of excessive privileges or privilege creep.
What two ICMP type field values are employed in a successful ping activity?
8: echo request, 0: echo reply.
What is Scrum?
Scrum is an organized approach to implementing the Agile philosophy. It relies on daily scrum meetings to organize and review work. Development focuses on short sprints of activity that deliver finished products. Integrated product teams (IPTs) are an early effort at this approach that was used by the U.S. Department of Defense.
What is supply chain risk management (SCRM)?
SCRM is means to ensure that all the vendors or links in the supply chain are reliable, trustworthy, reputable organizations that disclose their practices and security requirements to their business partners. SCRM includes evaluating risks associated with hardware, software, and services; performing third‐party assessment and monitoring; establishing minimum security requirements; and enforcing service‐level requirements.
In relation to storage media, what is sanitization?
Sanitization is a combination of processes that removes data from a system or from media. It ensures that data cannot be recovered by any means.
What is technology convergence?
The tendency for various technologies, solutions, utilities, and systems to evolve and merge over time. Often this results in multiple systems performing similar or redundant tasks or one system taking over the features and abilities of another. While in some instances this can result in improved efficiency and cost savings, it can also be an increased single point of failure and can become a more valuable target for hackers and intruders.
What is RFID?
RFID (radio frequency identification) is a tracking technology based on the ability to power a radio transmitter using current generated in an antenna when placed in a magnetic field. RFID can be triggered/powered and read from a considerable distance away (often hundreds of meters).
True or false? The IDEA algorithm is available free for noncommercial use.
True.
List the security features offered by the Network layer of the OSI model.
The Network layer (layer 3) offers confidentiality, authentication, and integrity.
What are the three forms of accreditation offered by National Information Assurance Certification and Accreditation Process (NIACAP)?
Site, type, system.
What is the difference between packet switching and circuit switching?
In circuit switching, a dedicated physical pathway is created between the two parties. Packet switching occurs when the message is broken up into packets and sent across the intermediary network.
What is a virtual private cloud (VPC)?
A VPC is a virtualized network infrastructure provided by a cloud computing service provider. It allows users to create and manage isolated, logically segmented networks within the public cloud environment. A VPC enables organizations to host their applications and resources in a secure and dedicated space in the cloud while maintaining control over network configuration.
What are some issues or concerns regarding cloud computing?
Privacy concerns, regulation compliance difficulties, use of open/closed source solutions, adoption of open standards, and whether or not cloud‐based data is actually secured (or even securable).
What is a placeholder for SQL literal values such as numbers or character strings?
Bind variable.
What is ABAC?
An advanced implementation of a rule‐BAC is an attribute‐based access control (ABAC) model. ABAC models use policies that include multiple attributes for rules. Many software‐defined networking applications use ABAC models.
What are the requirements for accountability?
Identification, authentication, authorization, and auditing.
What are botnets, botnet controllers, and bot herders?
Botnets represent significant threats due to the massive number of computers that can launch attacks, so it’s important to know what they are. A botnet is a collection of compromised computing devices (often called bots or zombies) organized in a network controlled by a criminal known as a bot herder. Bot herders use a command‐and‐control server to remotely control the zombies and often use the botnet to launch attacks on other systems or send spam or phishing emails. Bot herders also rent botnet access out to other criminals.
What is the importance of a well‐rounded compliance program?
Most organizations are subject to a wide variety of legal and regulatory requirements related to information security. Building a compliance program ensures that you become and remain compliant with these often overlapping requirements.
What is the term that identifies data on a disk after the data has supposedly been erased?
Data remanence.
An attacker has launched an attack using a vulnerability known only to him. What is this called?
Zero‐day exploit.
What is a failover cluster?
A failover cluster includes two or more servers, and if one of the servers fails, another server in the cluster can take over its load in an automatic process called failover. Failover clusters can include multiple servers (not just two), and they can also provide fault tolerance for multiple services or applications.
What is a community cloud?
A community cloud is a cloud environment maintained, used, and paid for by a group of users or organizations for their shared benefit, such as collaboration and data exchange. This may allow for some cost savings compared to accessing private or public clouds independently.
What is STRIDE?
Microsoft developed a threat categorization scheme known as STRIDE. STRIDE is often used in relation to assessing threats against applications or operating systems. However, it can also be used in other contexts as well. STRIDE is an acronym standing for Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, and Elevation of privilege.
What is a penetration test?
The penetration test goes beyond vulnerability testing techniques because it actually attempts to exploit systems. Security professionals performing penetration tests actually try to defeat security controls and break into a targeted system or application to demonstrate the flaw.
What is fake news?
A term used to describe deliberately fabricated news stories or hoaxes presented as genuine journalism. It can also be used to label genuine, factual, and accurate journalism as false.
What is a penetration test?
A penetration test goes beyond vulnerability testing techniques by attempting to exploit systems to demonstrate flaws.
What is fake news?
A term used to describe deliberately fabricated news stories or hoaxes presented as genuine journalism. It can also label genuine journalism as false.
What are snapshots?
Snapshots are backups of virtual machines that offer a quick means to recover from errors or poor updates.
What type of VDI maintains a user’s desktop changes?
A persistent virtual desktop infrastructure (VDI) maintains user desktop changes.
What is the pass‐the‐hash attack?
Pass‐the‐hash attacks allow an attacker to impersonate a user with the captured hash of a user’s password instead of the password.
What is CPTED?
Crime Prevention Through Environmental Design (CPTED) structures the physical environment to influence potential offenders’ decisions.
Define the Clark–Wilson model.
Clark–Wilson is an integrity model that relies on the access control triplet (subject/program/object).
What process evaluates the technical and nontechnical security features of an IT system?
Certification and accreditation.
What are countermeasures to spoofing attacks?
Countermeasures include patching the OS, enabling source/destination verification on routers, and employing an IDS.
What characteristic describes an object that exhibits different behaviors based on the same message?
Polymorphism.
What form of testing examines the input and output of a program with access to the internal logical structures?
Gray‐box testing or semi‐known environment testing.
What are security concerns of evidence storage?
Evidence storage retains logs, drive images, and other datasets. Protections include isolated storage, activity tracking, and encryption.
What should be considered when establishing the value of an asset?
Cost of purchase, development, maintenance, and usefulness.
What type of attack is thwarted with the use of bcrypt?
Rainbow table attacks. Bcrypt salts passwords.
What law extends the definition of property to include proprietary economic information?
Economic and Protection of Proprietary Information Act of 1996.
What label applies to a partial standby facility without operational computing facilities?
Cold site.
Lower ___________ provides better software design because objects are more independent.
coupling.
What type of disaster recovery separates recovery sites by business teams?
Workgroup recovery.
What is a honeynet, and what is it used for?
Honeynets are fake networks used to lure intruders to create audit trails for tracking them down.
What are the various types of application attacks attackers use to exploit poorly written software?
Attackers exploit buffer overflows, backdoors, and rootkits to gain illegitimate access.
What are the types of noise or interference and their sources?
Common mode noise is generated by the difference in power between hot and ground wires.
What are security needs for media storage?
Media storage facilities should securely store media and protect against theft and corruption.
What term describes the act of gathering information about a system by observing?
Shoulder surfing.
What types of activities are labeled as auditing?
Recording event data, log analysis, and monitoring.
What type of IDS detects attacks based on comparing it to a baseline?
Behavior‐based (also called statistical‐intrusion detection or anomaly detection).
What term is used to describe intelligent code objects that perform actions on behalf of a user?
Agent.
Name three physical controls for physical security.
Fencing, lighting, locks.
What are scoping and tailoring?
Scoping refers to reviewing baseline security controls and selecting only those controls that apply to the IT system you’re trying to protect. Tailoring refers to modifying the list of security controls within a baseline so that they align with the mission of the organization.
In relation to storage media, what is erasing?
Erasing media is simply performing a delete operation against a file, a selection of files, or the entire media. In most cases, the deletion or removal process removes only the directory or catalog link to the data. The actual data remains on the drive.
What form of testing examines the input and output of a program without focusing on the internal logical structures?
Black‐box testing or unknown environment testing
What is the need for a nondisclosure agreement (NDA)?
An NDA is used to protect the confidential information within an organization from being disclosed by a former employee. When a person signs an NDA, they agree not to disclose any information that is defined as confidential to anyone outside the organization.
What is the role that confidentiality, integrity, and nonrepudiation play in cryptosystems?
Confidentiality is one of the major goals of cryptography. It protects the secrecy of data while it is both at rest and in transit. Integrity provides the recipient of a message with the assurance that data was not altered (intentionally or unintentionally) between the time it was created and the time it was accessed. Nonrepudiation provides undeniable proof that the sender of a message actually authored it. It prevents the sender from subsequently denying that they sent the original message.
When sensitive data is no longer needed by an organization, what should be done with it?
When an organization no longer needs sensitive data, personnel should destroy it. Proper destruction ensures that it cannot fall into the wrong hands and result in unauthorized disclosure.
Define trust and assurance.
A trusted system is one in which all protection mechanisms work together to process sensitive data for many types of users while maintaining a stable and secure computing environment. In other words, trust is the presence of a security mechanism or capability. Assurance is the degree of confidence in satisfaction of security needs. In other words, assurance is how reliable the security mechanisms are at providing security.
What is JIT provisioning in relation to IAM?
Just‐in‐time (JIT) provisioning creates user accounts on third‐party sites the first time a user logs onto the site. JIT reduces the administrative workload compared to a manual identity and access management solution.
What is a broadcast storm?
A flood of unwanted Ethernet broadcast network traffic
What are MSSPs?
Managed security service providers (MSSPs) can provide centrally controlled advanced security solutions (such as XDR). MSSP solutions can be deployed fully on‐premise, fully in the cloud, or in a hybrid structure. MSSP solutions can be overseen through a local or remote SOC. Typically, working with an MSSP can allow an organization to gain the benefits of advanced security products and leverage the experience and expertise of the MSSP’s staff of security management and response professionals.
What are the typical security capabilities of information systems?
Memory protection, virtualization, Trusted Platform Module (TPM), encryption/decryption, interfaces, and fault tolerance
True or false? Modern cryptosystems rely on the secrecy of the encryption algorithm.
False
What should be done to verify patches have been applied?
Audit patches, or use a vulnerability scanner to verify patches have been applied
In legal and ethical contexts to describe different standards of behavior or decision‐making, especially related to risk management, what are prudent actions?
Prudent actions refer to actions or decisions that are marked by a high degree of caution, care, and foresight. They are characterized by careful consideration of potential risks, a focus on preventing harm, and a commitment to acting in a manner that is consistent with established best practices or industry standards.
What is the minimum timeframe covered by an SSAE 16 or SSAE 18 Type II report?
Six months
What are the steps of a patch management program?
Evaluate, test, apply, and audit patches
What is the Diffie‐Hellman algorithm most commonly used for?
Key exchange
When a penetration test team is privy to detailed information about organizational assets, including hardware and software inventory, but not to other information (accounts, users, naming conventions, and so on), how might this team be described?
Partial‐knowledge team
What is grid computing?
Grid computing is a form of parallel distributed processing that loosely groups a significant number of processing nodes toward the completion of a specific processing goal.
How should visitors be handled at a secure facility?
If a facility employs restricted areas to control physical security, then a mechanism to handle visitors is required. Often an escort is assigned to visitors, and their access and activities are monitored closely. Failing to track the actions of outsiders when they are granted access to a protected area can result in malicious activity against the most protected assets.
What type of website monitoring technique executes artificial transactions against the site?
Synthetic monitoring (or active monitoring)
What are examples of proximity devices?
Proximity devices can be a passive device, a field‐powered device, or a transponder.
What occurs when a change in the plain text results in multiple changes spread throughout the cipher text?
Diffusion
What are distributed systems?
A distributed system or a distributed computing environment (DCE) is a collection of individual systems that work together to support a resource or provide a service. The primary security concern is the interconnectedness of the components.
What are risk perspectives?
Risk perspectives (aka risk management perspectives or approaches) are different lenses through which organizations and individuals can view and address risks. Each perspective emphasizes certain aspects of risk and can guide decision‐making, risk assessment, and mitigation strategies. There are innumerable options of risk perspective, including asset, outcome, vulnerability, threat, financial, strategic, operational, compliance, legal, reputational, supply chain, third‐party, and workforce.
What is the importance of data and asset classifications?
Data owners are responsible for defining data and asset classifications and ensuring that data and systems are properly marked. Additionally, data owners define requirements to protect data at different classifications, such as encrypting sensitive data at rest and in transit. Data classifications are typically defined within security policies or data policies.
What methods can be used to protect mobile devices such as a smartphone?
Encryption, GPS, password‐protected screen locks, and remote wipe
What is defense in breadth or diversity of defense?
Defense in breadth or diversity of defense is also an important related concept to defense in depth. It can be problematic if elements of several security layers are from the same vendor or share common code, since a vulnerability could affect numerous layers simultaneously. By using a range of security products from varied vendors, the risk of a single exploit compromising several layers at once is significantly reduced or avoided.
What is segregation of duties?
Segregation of duties is similar to a separation of duties and responsibilities policy, but it also combines the principle of least privilege. The goal is to ensure that individuals do not have excessive system access that may result in a conflict of interest.
What are possible mechanisms for adding security to email?
S/MIME, MOSS, PEM, and PGP
What are scanning attacks?
Scanning attacks are reconnaissance attacks that usually precede another, more serious attack.
What technology allows multiple users to make use of the same process without interfering with each other?
Multithreading
What is emission security (EMSEC)?
Emission security (EMSEC) involves implementing various measures to prevent unauthorized individuals from obtaining valuable information that could be derived through intercepting and analyzing compromising emanations from cryptographic equipment, automated information systems (AISs), and telecommunications systems. EMSEC has mostly replaced TEMPEST.
What is MPLS?
MPLS (multiprotocol label switching) is a high‐throughput, high‐performance network technology that directs data across a network based on short path labels rather than longer network addresses.
What are the basic operational modes of symmetric cryptosystems?
Symmetric cryptosystems operate in several discrete modes: Electronic Codebook (ECB) mode, Cipher Block Chaining (CBC) mode, Cipher Feedback (CFB) mode, Output Feedback (OFB) mode, Counter (CTR) mode, Galois/Counter mode (GCM), and Counter with Cipher Block Chaining Message Authentication Code mode (CCM). ECB mode is considered the least secure and is used only for short messages.
Why implement basic preventive measures?
Basic preventive measures can prevent many incidents from occurring. These include keeping systems up‐to‐date, removing or deactivating unneeded protocols and services, using intrusion detection and prevention systems, using antimalware software with up‐to‐date signatures, and enabling both host‐based and network‐based firewalls.
What is MDR?
Managed detection and response (MDR) focuses on threat detection and mediation, but is not limited to the scope of endpoints. MDR is a service that attempts to monitor an IT environment in real time in order to quickly detect and resolve threats. Often an MDR solution is a combination and integration of numerous technologies, including SIEM, network traffic analysis (NTA), EDR, and IDS.
True or false? The Hashed Message Authentication Code (HMAC) provides nonrepudiation.
False
What policy requires users to spend at least a week away from their jobs on an annual basis to help prevent fraud?
Mandatory vacations
What is test coverage analysis?
While testing is an important part of any software development process, it is unfortunately impossible to completely test any piece of software. There are simply too many ways that software might malfunction or undergo attack. Software testing professionals often conduct a test coverage analysis to estimate the degree of testing conducted against the new software.
What is an SSID and what types are there?
A service set identifier (SSID) is a network name for a single WAP. An ESSID (extended service set identifier) is used when there are multiple WAPs supporting a network. An independent service set identifier (ISSID) is used by Wi‐Fi Direct or in ad hoc mode. The BSSID (basic service set identifier) is the MAC address of the base station (or ad hoc/Wi‐Fi Direct initiating device).
What trend makes it especially important to incorporate an assessment of security controls in contracting and procurement reviews?
The increased use of third‐party and cloud services
What are the common applications of cryptography to secure email?
The emerging standard for encrypted messages is the S/MIME protocol. Another popular email security tool is Phil Zimmerman’s Pretty Good Privacy (PGP). Most users of email encryption rely on having this technology built into their email client or their web‐based email service.
What is flash memory?
Flash memory is a derivative concept from EEPROM. It is a nonvolatile form of storage media that can be electronically erased and rewritten. The primary difference between EEPROM and flash memory is that EEPROM must be fully erased to be rewritten, while flash memory can be erased and written in blocks or pages.
What is the IP header protocol field value for TCP? UDP? ICMP? IGMP?
6, 17, 1, 2
What are MTTF, MTTR, and MTBF?
Mean time to failure (MTTF) is the expected typical functional lifetime of the device given a specific operating environment. Mean time to repair (MTTR) is the average length of time required to perform a repair on the device. Mean time between failures (MTBF) is an estimation of the time between the first and any subsequent failures.
What is a load balancer?
The purpose of load balancing is to obtain more optimal infrastructure utilization, minimize response time, maximize throughput, reduce overloading, and eliminate bottlenecks. A load balancer is used to spread or distribute network traffic load across several network links or network devices.
How many primary keys may each database table have?
One
What feature of insurance can improve your ability to replace lost or damaged assets?
Actual Cost Value (ACV)
Network devices at what layer and above separate collision domains?
Layer 2
What are the common elements of employee oversight?
Throughout the employment lifetime of personnel, managers should regularly review or audit the job descriptions, work tasks, privileges, and responsibilities for every staff member.
True or false? There is an accepted standards document defining the requirements for an electronic vaulting solution.
False
Define the Graham–Denning model.
Graham–Denning focuses on the secure creation and deletion of both subjects and objects.
What is a trust anchor?
A specific entity or component within a system that is inherently trusted. It serves as a reference point for establishing trust in other entities or components within the system. The trust anchor is typically a well‐protected and tamper‐resistant element, and trust in the overall system is derived from the trustworthiness of the trust anchor.
What countermeasures are moderately effective against errors and omissions?
Input validators and user training
Many organizations use a centralized application to automate monitoring of systems on a network. Name three terms that refer to these types of systems.
Security information and event management (SIEM), security event management (SEM), and security information management (SIM)
What concept ensures that data existing at one level of security is not visible to processes running at different security levels?
Data hiding
What port is used by IMAP?
143
What tool can check for weaknesses in systems?
Vulnerability scanner
What is IaaS?
Infrastructure as a service (IaaS) takes the platform as a service (PaaS) model another step forward. It provides not just on‐demand operating solutions but complete outsourcing options as well. This can include utility or metered computing services, administrative task automation, dynamic scaling, virtualization services, policy implementation and management services, and managed/filtered Internet connectivity.
What are network vulnerability scans?
Network vulnerability scans go deeper than discovery scans. They don’t stop with detecting open ports but continue on to probe a targeted system or network for the presence of known vulnerabilities. These tools contain databases of thousands of known vulnerabilities along with tests they can perform to identify whether a system is susceptible to each vulnerability in the system’s database.
What are the phases of the IDEAL Model?
Initiating, Diagnosing, Establishing, Acting, and Learning.
What are the typical steps in incident response?
The CISSP Security Operations domain lists incident management steps as detection, response, mitigation, reporting, recovery, remediation, and lessons learned.
What form of testing examines the extent of the system testing in order to locate untested program logic?
Test data method
What attack is often successful against substitution ciphers?
Frequency analysis
What form of testing examines the extent of the system testing in order to locate untested program logic?
Test data method.
What attack is often successful against substitution ciphers?
Frequency analysis.
What is the length of the key used by the standard DES algorithm?
56 bits.
What is an edge network?
An edge network is a carefully designed data architecture that strategically allocates computing resources to edge devices within a network.
What is tokenization?
Tokenization replaces data elements with a string of characters or a token.
What is industrial espionage?
The gathering of a competitor’s confidential information, also called industrial espionage, is not a new phenomenon.
Define anycast and geocast.
Anycast technology supports communications where a single sender transmits data to the nearest or best‐suited node among a group of potential receivers. Geocast technology supports communications where data is sent to all devices within a specific geographical area.
What does the Sutherland model focus on?
Integrity.
What are the goals of change management?
Implementation of changes in an orderly manner, formalized testing, ability to reverse changes, ability to inform users of changes, systematical analysis of changes, minimization of negative impact of changes.
What law requires all communications carriers to make wiretaps possible for law enforcement?
Communications Assistance for Law Enforcement Act (CALEA) of 1994.
What access control technique employs security labels?
Mandatory access controls.
What is it called when a user has more access, privilege, or permission than their assigned work tasks dictate?
Excessive privileges (also known as the violation of least privilege).
How should an organization approach the management of sensitive information?
Sensitive information is any type of classified information, and proper management helps prevent unauthorized disclosure.
What are thrill attacks?
Thrill attacks are the attacks launched only for the fun of it.
What does a criminal investigation focus on?
A criminal investigation investigates the alleged violation of criminal law.
What is the minimum amount of information needed by a wireless client to connect to a network?
SSID.
What is serverless architecture?
Serverless architecture is a cloud computing concept where code is managed by the customer and the platform is managed by the cloud service provider.
What is a denial‐of‐service attack?
An attack that prevents the system from receiving, processing, or responding to legitimate traffic.
Define security control assessment (SCA).
A security control assessment (SCA) is the formal evaluation of a security infrastructure’s individual mechanisms against a baseline.
What are some benefits of virtualization?
Being able to launch individual instances of servers or services as needed, real‐time scalability.
What is a nonstatistical sampling method that only records or alerts on events that exceed a threshold?
Clipping levels.
What is another term for the master boot record?
Boot sector.
What are security issues with managed services in the cloud?
Managed services in the cloud include any resources stored in or accessed via the cloud.
What are the characteristics of qualitative risk analysis?
Qualitative risk analysis assigns subjective and intangible values to the loss of an asset.
What are the classifications of security control types?
Preventive, deterrent, detection, corrective, recovery, compensation, directive.
What are the responsibilities of the roles of data owner, system owner, and business/mission owner?
The data owner is responsible for classifying, labeling, and protecting data.
Define COPE.
The concept of COPE (company‐owned, personally enabled) is for the organization to purchase devices and provide them to employees.
What is the minimum length of a TCP header?
20 bytes.
Describe some JavaScript security concerns.
JavaScript is the most widely used scripting language in the world and is embedded into HTML documents.
What is risk deterrence?
Risk deterrence is the process of implementing deterrents to would‐be violators of security and policy.
What is DNS pharming?
DNS pharming is the malicious redirection of a valid website’s URL or IP address to a fake website.
What must you do to make sure evidence is kept viable for use in a trial?
You must ensure that the evidence has not changed, and you must be able to validate its integrity.
In relation to auditing and monitoring, what is sampling?
Sampling, or data extraction, is the process of extracting specific elements from a large collection of data.
How are digital signatures generated and verified?
To digitally sign a message, first use a hashing function to generate a message digest.
What form of backup, when used to restore data, will always result in some amount of data loss?
Periodic backups.
What are the network container names at each OSI model layer?
The network containers are OSI layers 7–5 protocol data unit (PDU), layer 4 segment (TCP) or a datagram (UDP), layer 3 packet, layer 2 frame, and layer 1 bits.
Describe the different types of memory used by a computer.
ROM is nonvolatile and can’t be written to by the end user.
What is always your top priority when dealing with a disaster of any type or significance?
Safety of personnel.
What process brings order to the chaotic events surrounding the interruption of an organization’s normal activities by an emergency?
Disaster recovery planning (DRP).
What is the cost/benefit analysis equation for countermeasures?
(ALE before safeguard – ALE after implementing the safeguard) – annual cost of safeguard = value of the safeguard to the company.
What are the key elements of risk analysis?
Risk analysis is the process by which upper management is provided with details to make decisions about which risks are to be mitigated.
What is a physically unclonable function (PUF)?
A physically unclonable function (PUF) is a specialized physical electronic component or function that generates a unique digital identifier.
What type of lock consists of three elements: an electromagnet, a credential reader, and a door‐closed sensor?
Electronic access control (EAC).
In relation to risk, what is a hazard?
Refers to a potential source or situation that has the capability to cause harm.
What is the difference between active/active and active/passive?
An active‐active system is a form of load balancing that uses all available pathways or systems during normal operations.
What database security feature uses locking to prevent simultaneous write access to cells?
Concurrency.
What is the proper name for a criminal act committed against an organization by a current or former employee?
Sabotage.
What is session management?
Session management processes help prevent unauthorized access by closing unattended sessions.
What is the Locard’s exchange principle?
Locard’s exchange principle is the core principle that underlies the field of forensic science.
True or false? PEM provides protection against replay attacks.
False.
What is fog computing?
Fog computing is another example of advanced computation architectures, often used as an element in an IoT deployment.
What is a project‐scheduling tool that is used to judge the size of a software product in development?
Program Evaluation Review Technique (PERT).
Where are passwords stored in a Unix or Linux system?
In the /etc/shadow file.
What is Scaled Agile Framework (SAFe)?
SAFe is a comprehensive approach to applying agile principles and practices at the enterprise scale.
What defines the hardware and software requirements of cryptographic modules in use by the federal government?
Federal Information Processing Standards (FIPS‐140‐2)/140‐3.
Network devices at what layer and above separate broadcast domains?
Layer 3.
What are the benefits of security guards?
They are able to adapt and react to any condition or situation.
What is the purpose of a cryptographic pepper?
A pepper can be added to a salt to add additional protection for passwords.
What is the concept of fail securely?
Failure management includes programmatic error handling and input sanitization.
What is it called when a plain‐text message generates identical ciphertext messages using the same algorithm but different keys?
Clustering or key clustering.
With what level of security precautions should backup media be treated?
Backup media should be handled with the same security precautions as any other asset.
What is DNS?
The Domain Name System (DNS) is the hierarchical naming scheme used in both public and private networks.
How long does trade secret protection last?
Indefinitely.
What are some examples of detection access controls?
Security guards, supervising users, incident investigations, and intrusion detection systems.
What is the impact of acquired software on the organization?
Organizations may purchase commercial off‐the‐shelf (COTS) software to meet their requirements.
What is the most significant bit in a string?
The leftmost bit.
What is risk reporting?
Risk reporting involves the production of a risk report and a presentation of that report to the interested parties.
What are the key concepts of the risk‐based access control model?
A risk‐based access control model evaluates the environment and the situation.
Highly __________ objects are not as dependent on other objects.
cohesive.
What are the three main types of physical security controls?
Administrative physical security controls, technical physical security controls, physical controls for physical security.
Define WPA3.
Wi‐Fi Protected Access 3 (WPA3) uses 192‐bit AES CCMP encryption.
What is the need for a system security policy?
The role of a system security policy is to define the security requirements.
Highly __________ objects are not as dependent on other objects.
cohesive
What are the three main types of physical security controls?
Administrative physical security controls, technical physical security controls, physical controls for physical security
Define WPA3.
Wi‐Fi Protected Access 3 (WPA3) uses 192‐bit AES CCMP encryption, whereas WPA3‐PER remains at 128‐bit AES CCMP. WPA3‐PER uses Simultaneous Authentication of Equals (SAE).
What is the need for a system security policy?
The role of a system security policy is to inform and guide the design, development, implementation, testing, and maintenance of a particular system. Thus, this kind of security policy tightly targets a single implementation effort.
What is reduction analysis?
Reduction analysis is also known as decomposing the application, system, or environment. The purpose of this task is to gain a greater understanding of the logic of the product as well as its interactions with external elements. Whether an application, a system, or an entire environment, it needs to be divided into smaller containers or compartments.
What is the Clarifying Lawful Overseas Use of Data (CLOUD) Act?
This act established procedures that govern access to data held by technology companies across national borders. This piece of legislation was introduced as a way to improve law enforcement’s ability to gather digital evidence stored on servers regardless of where the servers are located, provided that the company is based within the United States or subject to U.S. jurisdiction.
What is COMS?
A corporate‐owned mobile strategy (COMS) or corporate‐owned, business‐only (COBO) strategy is when the company purchases the mobile devices that can support security compliance with the security policy. These devices are to be used exclusively for company purposes, and users should not perform any personal tasks on the devices. This often requires workers to carry a second device for personal use.
What is a code repository?
It acts as a central storage point for developers to place their source code. It may also provide version control, bug tracking, web hosting, release management, and communications functions that support software development.
What are examples of Wi‐Fi attacks?
War driving, wireless scanners/crackers, rogue access points, evil twin, disassociation, jamming, IV abuse, and replay
What is silicon root of trust (RoT)?
A silicon root of trust (RoT), also known as a Hardware Root of Trust, is a foundational and tamper‐resistant component within a computer’s hardware that provides a secure starting point for establishing trust and security in a system. The primary purpose of a silicon RoT is to ensure the integrity, authenticity, and confidentiality of the system’s boot process and software.
What business impact analysis/assessment variable is used to describe the longest period of time a resource can be unavailable without causing irreparable harm to the business?
Maximum tolerable downtime (MTD)
When an intrusion is detected, what should be the first response?
Contain or constrain the intrusion.
What are the steps of the business impact analysis process?
The five stages of the business impact analysis process are the identification of priorities, risk identification, likelihood assessment, impact analysis, and resource prioritization.
What are the two goals of SD3+C?
To reduce the number of security‐related design and coding defects, and to reduce the severity of any remaining defects
What is a site survey?
A site survey is a formal assessment of wireless signal strength, quality, and interference using an RF signal detector. A site survey is performed by placing a wireless base station in a desired location and then collecting signal measurements from the area. The signal measurements are overlaid onto a blueprint of the building to determine whether sufficient signal is present where needed, while minimizing signals outside the desired location.
In which stage of incident response should a root cause analysis be conducted?
Remediation and Review
Which IPSec protocol provides integrity, authentication, and replay protection to the secure message exchange?
Authentication Header (AH)
What are three methods used to manage and control access to the communication medium in LANs?
Arbitration, deconfliction, and contention‐based
What are the key concepts of the attribute‐based access control (ABAC) model?
An ABAC model is an advanced implementation of a rule‐based access control model, applying rules based on attributes. Software‐defined networks (SDNs) often use an ABAC model.
What is VLAN hopping?
An attack using double‐encapsulated IEEE 802.1Q VLAN tags to fool a switch into allowing traffic to jump to a different VLAN from which the traffic originated.
How do logical access controls protect assets?
Logical access controls include authentication, authorization, and permissions. They limit who can access information, settings, and use of information, systems, devices, facilities, applications, and services.
What security principle ensures that multiple records are created in a database table for viewing at different security levels?
Polyinstantiation
What is a split tunnel and a full tunnel?
A split tunnel is a VPN configuration that allows a VPN‐connected client system (i.e., remote node) to access both the organizational network over the VPN and the internet directly at the same time. A full tunnel is a VPN configuration in which all of the client’s traffic is sent to the organizational network over the VPN link, and then any Internet‐destined traffic is routed out of the organizational network’s proxy or firewall interface to the Internet.
Name at least four technologies commonly called wireless.
802.11 networking, Bluetooth (802.15.1/Bluetooth SIG), mobile phones, and cordless phones
What are the security requests of a client called under Common Criteria?
Protection profile
What is remote wiping?
Remote wipe lets you delete all data and possibly even configuration settings from a device remotely. The wipe process can be triggered over mobile phone service or sometimes over any Internet connection.
What type of cipher is the Caesar cipher?
Simple substitution
What is disinformation?
Intentionally false or misleading information spread with the purpose of deceiving or manipulating people; often used as a tool for political, ideological, or malicious agendas.
What are five examples of DNS poisoning?
HOSTS poisoning, authorized DNS server attack, caching DNS server attack, changing a DNS server address, and DNS query spoofing
What are the differences among copyrights, trademarks, patents, and trade secrets?
Copyrights protect original works of authorship, such as books, articles, poems, and songs. Trademarks are names, slogans, and logos that identify a company, product, or service. Patents provide protection to the creators of new inventions. Trade secret law protects the operating secrets of a firm.
What are the legal and regulatory requirements that face business continuity planners?
Business leaders must exercise due diligence to ensure that shareholders’ interests are protected in the event disaster strikes. Some industries are also subject to federal, state, and local regulations that mandate specific BCP procedures. Many businesses also have contractual obligations to their clients that they must meet before, during, and after a disaster.
What is third‐party governance?
Third‐party governance is the system of oversight that may be mandated by law, regulation, industry standards, or licensing requirements. The actual method of governance may vary but generally involves an outside investigator or auditor.
After a network is upgraded, what must be done with a behavior‐based IDS?
Upgrade the baseline.
What is total risk?
The amount of risk an organization would face if no safeguards were implemented. A formula for total risk is threats × vulnerabilities × asset value = total risk.
What type of attack leverages part of the TCP three‐way handshake?
SYN flood attack
What is an example of split knowledge employed to protect key escrow?
M of N control
What is a guest OS?
Virtualization technology is used to host one or more operating systems within the memory of a single host computer. This mechanism allows virtually any OS to operate on any hardware. Such an OS is also known as a guest operating system. From the perspective that there is an original or host OS installed directly on the computer hardware, the additional OSs hosted by the hypervisor system are guests.
What is a PLC?
Programmable logic controller (PLC) units are effectively single‐purpose or focused‐purpose digital computers. They are typically deployed for the management and automation of various industrial electromechanical operations, such as controlling systems on an assembly line or a large‐scale digital light display.
What kind of control does any security tool provide when it’s used to guide the security implementation within an organization?
Directive control
What does imaging provide in relation to configuration management?
Baseline
What is a risk framework?
A risk framework is a guideline or recipe for how risk is to be assessed, resolved, and monitored.
What are the possible valid responses by upper/senior management to risk?
Reducing risk or risk mitigation; assigning risk or transferring; risk deterrence; risk avoidance; accepting risk
What type of virus embeds itself in application documents?
Macro virus
What is a security test used for?
Security tests verify that a control is functioning properly. These tests include automated scans, tool‐assisted penetration tests, and manual attempts to undermine security.
What are examples of rule‐based access control?
Attribute‐based access control, rule‐based access control, firewall rules
What is context‐aware authentication?
An authentication method often used by mobile device management (MDM) systems to identify mobile device users. It includes multiple elements such as the location of the user, the time of day, and the mobile device.
What are common elements of a mobile device deployment policy?
A mobile device deployment policy should address data ownership, support ownership, patch and update management, security product management, forensics, privacy, onboarding/offboarding, adherence to corporate policies, user acceptance, architecture/infrastructure considerations, legal concerns, acceptable use policies, onboard cameras/video, recording microphone, Wi‐Fi Direct, tethering and hotspots, and contactless payment methods.
What are common authorization mechanisms?
Authorization ensures that the requested activity or object access is possible, given the authenticated identity’s privileges. Common authorization mechanisms include implicit deny, access control lists, access control matrixes, capability tables, constrained interfaces, content‐dependent controls, and context‐dependent controls. These mechanisms enforce security principles such as need to know, the principle of least privilege, and separation of duties.
What determines how often an audit should be performed?
Risk
What are some of the qualitative factors that must be taken into account when assessing the cost of a disaster?
Loss of goodwill among client base, loss of employees after prolonged downtime, social/ethical responsibilities to the community, and negative publicity.
What are the most common threats against communication systems?
Denial of service, eavesdropping, impersonation, replay, and modification.
What is URL hijacking?
URL hijacking refers to the practice of displaying a link or advertisement that looks like that of a well‐known product, service, or site, but when clicked redirects the user to an alternate location, service, or product. This may be accomplished by posting sites and pages and exploiting search engine optimization (SEO), or through the use of adware that replaces legitimate ads and links with those leading to alternate or malicious.
How do salts improve the security of password hashing?
When straightforward hashing is used to store passwords in a password file, attackers may use rainbow tables of precomputed values to identify commonly used passwords. Adding salts to the passwords before hashing them reduces the effectiveness of rainbow table attacks. Common password hashing algorithms that use key stretching to further increase the difficulty of attack include PBKDF2, bcrypt, and scrypt.
What are the processes that can be applied to used media in order to prepare the media for reuse in various environments?
Erasing, clearing, and overwriting media that will be used in the same classification environments; purging, sanitizing, and degaussing if media is used in different classification environments.
What are the requirements for successful use of a one‐time pad?
For a one‐time pad to be successful, the key must be generated randomly without any known pattern. The key must be at least as long as the message to be encrypted. The pads must be protected against physical disclosure, and each pad must be used only one time and then discarded.
How should an organization prepare for managing water leakage and flooding?
Water leakage and flooding should be addressed in your environmental safety policy and procedures. Plumbing leaks are not an everyday occurrence, but when they occur, they often cause significant damage. Water and electricity don’t mix. If your computer systems come in contact with water, especially while they are operating, damage is sure to occur. Whenever possible, locate server rooms and critical computer equipment away from any water source or transport pipes.
What is iSCSI?
Internet Small Computer System Interface (iSCSI) is a networking storage standard based on IP. This technology can be used to enable location‐independent file storage, transmission, and retrieval over LAN, WAN, or public Internet connections. iSCSI is often viewed as a low‐cost alternative to Fibre Channel.
What is job rotation and why consider implementing it?
Job rotation is when employees are rotated into different jobs, or tasks are assigned to different employees. It may be implemented as a defense against collusion. Collusion is an agreement among multiple persons to perform some unauthorized or illegal actions.
What is the most unacceptable form of biometric control to end users?
Retina scans
What is spread spectrum?
Spectrum‐use techniques manage the simultaneous use of the limited radio frequencies, including FHSS, DSSS, and OFDM.
What is it called when an object is an example of a class because the object contains a method from that class?
Instance
What can be used to remove data on a lost smartphone?
Remote wipe
What is business organization analysis?
In the business organization analysis, the individuals responsible for leading the business continuity planning (BCP) process determine which departments and individuals have a stake in the business continuity plan. This analysis serves as the foundation for BCP team selection and, after validation by the BCP team, is used to guide the next stages of BCP development.
What is microsegmentation?
Microsegmentation is dividing up an internal network in numerous subzones, potentially as small as a single device, such as a high‐value server or even a client or endpoint device. Each zone is separated from the others by internal segmentation firewalls (ISFWs), subnets, or VLANs.
What is a false positive?
When the scanner tests a system for vulnerabilities, it uses the tests in its database to determine whether a system may contain the vulnerability. In some cases, the scanner may not have enough information to conclusively determine that a vulnerability exists and it reports a vulnerability when there really is no problem. This situation is known as a false positive report and is sometimes seen as a nuisance to system administrators.
What label applies to a standby facility that is ready to take over for a primary facility as soon as notice is received that the primary facility has gone down?
Hot site
What is DNP3?
DNP3 (Distributed Network Protocol) is a multilayer protocol primarily used in the electric and water utility and management industries. It is used to support communications between data acquisition systems and the system control equipment. DNP3 is an open and public standard. DNP3 is a multilayer protocol that functions similarly to TCP/IP, in that it has link, transport, and transportation layers.
What is the importance of prepping for equipment failure?
No matter the quality of the equipment your organization chooses to purchase and install, eventually it will fail. Preparing for equipment failure may include purchasing replacement parts, storing equipment, or having an SLA with a vendor.
What is the purpose of alignment of security function to business strategy, goals, mission, and objectives?
Security management planning ensures proper creation, implementation, and enforcement of a security policy. Security management planning aligns the security functions to the strategy, goals, mission, and objectives of the organization. This includes designing and implementing security based on business cases, budget restrictions, or scarcity of resources.
What are the most common causes of network failure?
Cable failures and misconfigurations.
What are the four types of water‐based fire suppression systems?
Wet pipe system, dry pipe system, deluge system, preaction system.
What is endpoint security?
The concept that each individual device must maintain local security whether or not its network or telecommunications channels provide or offer security.
What is security management planning?
Security management planning aligns the security functions to the strategy, goals, mission, and objectives of the organization. This includes designing and implementing security based on business cases, budget restrictions, or scarcity of resources.
What type of database key enforces relationships between tables?
Foreign key.
What are the six basic SQL commands?
Select, Update, Delete, Insert, Grant, and Revoke.
What is a ping flood?
A ping flood attack floods a victim with ping requests. This can be very effective when launched by zombies within a botnet as a DDoS attack.
What is IoT?
The Internet of Things (IoT) is a class of devices that are internet‐connected in order to provide automation, remote control, or AI processing to appliances or devices.
What are the seven elements of PASTA?
Stage I is Definition the Objectives (DO), Stage II is Definition of the Technical Scope (DTS), Stage III is Application Decomposition and Analysis (ADA), Stage IV is Threat Analysis (TA), Stage V is Weakness and Vulnerability Analysis (WVA), Stage VI is Attack Modeling & Simulation (AMS), and Stage VII is Risk Analysis & Management (RAM).
What are common elements of physical perimeter security controls?
Control access to a facility can be accomplished using fences, gates, turnstiles, person‐trap, bollards, and barricades.
What is threat hunting?
Threat hunting is the activity of looking for existing evidence of a compromise once symptoms or an IoC of an exploit become known.
What are security control baselines?
Security control baselines provide a listing of controls that an organization can apply as a baseline.
What kind of access control is determined by the system in which the object resides rather than its owner?
Mandatory access control (MAC).
What would be completed to check an entire organization for weaknesses?
Vulnerability assessment.
Define the Bell–LaPadula model.
Bell–LaPadula subjects have a clearance level that allows them to access only those objects with the corresponding classification levels, which protects confidentiality.
Name three physical controls for physical security.
Physical controls for physical security are fencing, lighting, locks, construction materials, guard dogs, and security guards.
What is the most common document type used for emergency response plans?
Checklists.
What are the three major types of filesystem backups?
Full backups, incremental backups, and differential backups.
What are the three commonly recognized authentication factors?
Something you know, something you have, and something you are.
What legal protections exist for proprietary data?
Copyrights, patents, and trade secret laws provide protection for proprietary data.
True or false? Organizations participating in a mutual assistance agreement are typically located in the same geographic region.
True.
What are the various types of evidence that may be used in a criminal or civil trial?
Real evidence consists of actual objects that can be brought into the courtroom. Documentary evidence consists of written documents that provide insight into the facts. Testimonial evidence consists of verbal or written statements made by witnesses.
What is the TCP/IP model?
The TCP/IP model is a protocol model derived from TCP/IP and has four layers: Application, Transport, Internet, and Link.
What is threat modeling?
Threat modeling is the security process where potential threats are identified, categorized, and analyzed.
How many sockets does TCP have?
65,536 sockets, numbered from 0 to 65,535.
What is a trusted computing base (TCB)?
The combination of hardware, software, and controls that form a trusted base enforcing the security policy.
What are methods used to block malicious code?
Malicious code is thwarted with a combination of tools, including antimalware software and policies that enforce basic security principles.
Define the aspect of confidentiality known as secrecy.
Secrecy is the activity of keeping something a secret or preventing the disclosure of information.
What is a smart device?
Smart devices are a range of mobile devices that offer the user customization options, typically through installing apps.
Who issues digital certificates?
Certificate authorities (CAs).
What is the entry technique called when one person follows another through a secured gate without authentication?
Piggybacking.
What is the importance of fire detection and suppression?
Fire detection and suppression must not be overlooked. Protecting personnel from harm should always be the most important goal.
What is the difference between a code and a cipher?
Codes are cryptographic systems of symbols that operate on words or phrases. Ciphers are always meant to hide the true meaning of a message.
What is shared responsibility?
The security design principle that indicates that organizations do not operate in isolation.
What is MAC filtering?
A MAC filter is a list of authorized wireless client interface MAC addresses used by a WAP to block access to nonauthorized devices.
What are smartcards?
Smartcards are credit card–sized IDs with an embedded magnetic stripe, bar code, or integrated circuit chip.
True or false? S‐HTTP secures individual messages between a client and a server.
True.
Define the concept of risk management.
Risk management is the process of identifying factors that could damage or disclose data, evaluating those factors, and implementing cost-effective solutions.
Describe the purpose of software development maturity models.
Maturity models help software organizations improve the maturity and quality of their software processes.
What is the name of the data protection and privacy law of China?
Personal Information Protection Law (PIPL), which came into effect in 2021.
What is PII?
Personally identifiable information (PII) is any information that can identify an individual.
What is the most common cause of fires in a data center?
Overloaded electrical distribution outlets.
What does ITSEC call the system that is being evaluated?
The target of evaluation (TOE).
Which access control scheme requires organizational roles to be defined?
Role‐based access control (RBAC).
Explain the cryptographic attacks: adversary‐in‐the‐middle, birthday attack, and replay attack.
The adversary‐in‐the‐middle attack fools both parties into communicating with the attacker. The birthday attack attempts to find collisions in hash functions. The replay attack attempts to reuse authentication requests.
What is residual risk?
Once countermeasures are implemented, the risk that remains is known as residual risk.
What are expert systems, machine learning, and neural networks?
Expert systems consist of a knowledge base and an inference engine. Machine learning techniques discover knowledge from datasets. Neural networks simulate the functioning of the human mind.
What is the primary security feature of Bluetooth pairing?
A four‐digit PIN.
Name at least eight biometric factors.
Fingerprints, face scans, iris scans, retina scans, palm topography, heart/pulse pattern, voice pattern, signature dynamics.
What is XaaS?
Anything as a service (XaaS) is a catchall term for any type of computing service provided through a cloud solution.
Why is continuous improvement necessary?
Security is always changing, thus any implemented security solution requires updates and changes over time.
Name several risk frameworks.
Risk Management Framework (RMF), NIST Cybersecurity Framework (CSF), COBIT, and ITIL.
What are smart devices?
Smart devices are a range of devices that offer customization options and may use machine learning processing.
What are the important elements of change and configuration management?
The three basic components of change control are request control, change control, and release control.
Define the Biba model.
Biba prevents subjects with lower security levels from writing to objects at higher security levels.
What are the three encryption algorithms supported by the Digital Signature Standard?
RSA, ECDSA, and EdDSA.
What is false information?
Any information that is factually incorrect or inaccurate.
What is application whitelisting or allow listing?
Application whitelisting prohibits unauthorized software from executing unless it’s on the preapproved exception list.
What term is used to describe code sent by a server to a client for execution on the client machine?
Applet.
What kind of check should be applied to ensure that all necessary elements of a security solution are properly deployed?
Compliance checking.
What are some examples of physical access controls?
Guards, fences, motion detectors, locked doors, CCTV, and alarms.
Compare the various data destruction methods.
Erasing a file doesn’t delete it. Clearing media overwrites it. Purging removes data so that the media can be reused. Degaussing removes data from tapes and magnetic drives.
What is sandboxing?
Sandboxing provides a security boundary for applications and prevents them from interacting with other applications.
What should be known about legacy system security risk?
Legacy systems may not be receiving security updates from their vendors.
What are the six key principles for governance and management of enterprise IT according to COBIT?
Provide Stakeholder Value, Holistic Approach, Dynamic Governance System, Governance Distinct from Management, Tailored to Enterprise Needs, and End‐to‐End Governance System.
What is the importance of retaining investigatory data?
You will lose valuable evidence unless you ensure that critical log files are retained for a reasonable period of time.
What role do humans play as a key element in security?
Humans are often considered the weakest element in any security solution but can also become a key security asset when properly trained.
What is an advanced persistent threat (APT)?
A group of attackers sponsored by a government, highly motivated, skilled, and focused on a single target.
What are key concerns related to threat evaluation?
Threats can originate from numerous sources, and threat assessment should be performed as a team effort.
What is an audit trail?
A group of records from one or more databases or logs that can be used to reconstruct events after an incident.
What is the GDPR?
The European Union (EU) General Data Protection Regulation (GDPR) regulates the transfer of personal data in and out of the EU.
What are the technologies that may assist with database backup?
Electronic vaulting, remote journaling, and remote mirroring technology.
What two forms of authentication are supported by 802.11?
Open System Authentication (OSA) and Shared Key Authentication (SKA).
Define hosted solution.
A hosted solution is a deployment.
What are the technologies that may assist with database backup?
Databases benefit from three backup technologies: electronic vaulting, remote journaling, and remote mirroring.
Define hosted solution.
A hosted solution is a deployment concept where the organization must license software and then operates and maintains the software. The hosting provider owns, operates, and maintains the hardware that supports the organization’s software.
What types of misleading content are there?
Disinformation, misinformation, propaganda, false information, fake news, and doxing.
In the Biba integrity model, what is the Simple Integrity Axiom also called?
No read‐down.
What is change control or change management?
A mechanism used to systematically manage change, involving extensive logging, auditing, and monitoring of activities related to security controls and solutions.
What is virtual networking?
A virtualized network or network virtualization is the combination of hardware and software networking components into a single integrated entity, allowing for software control over all network functions.
What are vulnerability scans?
Vulnerability scans automatically probe systems, applications, and networks looking for weaknesses that may be exploited by an attacker.
What is iOS?
iOS is the mobile device OS from Apple that is available on the iPhone and is not licensed for use on non‐Apple hardware.
What does DRP stand for, and what does it mean?
Disaster recovery planning (DRP) is the practice of establishing and executing recovery actions as part of an emergency response following a disaster.
What is the function of the auditor security role?
The auditor is responsible for testing and verifying that the security policy is properly implemented.
What are converged protocols?
Converged protocols are the merging of specialty or proprietary protocols with standard protocols, allowing the use of existing TCP/IP infrastructure.
What is important to know about site selection?
Site selection should be based on the security needs of the organization, prioritizing security requirements over cost, location, and size.
What are the benefits and drawbacks of multilayer protocols?
Benefits include encryption, flexibility, and resiliency; drawbacks include covert channels and filter bypass.
What type of accreditation evaluates systems and applications at a specific location?
Site accreditation.
Name three examples of technical physical security controls.
Building access controls, intrusion detection, and security cameras.
What is data sovereignty?
Data sovereignty is the concept that digital data is subject to the laws and regulations of the country or region in which it is located.
What is VAST?
VAST (Visual, Agile, and Simple Threat) is a threat modeling concept based on Agile project management principles.
What is nonrepudiation?
Nonrepudiation prevents a subject from claiming not to have sent a message or performed an action.
What is an adversary‐in‐the‐middle (AitM) or on‐path attack?
An attack in which a malicious user is positioned between the two endpoints of a communication’s link.
True or false? In most circumstances, it is illegal for an employer to monitor an employee’s email.
False.
What is an early step in asset security?
Classifying and labeling assets.
What is encapsulation?
Encapsulation is the addition of a header, and possibly a footer, to the data received by each layer before it’s handed off to the layer below.
What forms of backup always set the archive bit to 0?
Full and incremental.
What is CVE?
Common Vulnerability and Exposures (CVE) is a dictionary that provides a standard convention used to identify vulnerabilities.
What are the six flags from the TCP header that we still commonly use?
XXUAPRSF, where X represents two flags no longer used, followed by Urgent, Acknowledgment, Push, Reset, Synchronization, and Finish.
What is the formula for computing annualized loss expectancy?
ALE = SLE × ARO.
What are the three major evidence admissibility requirements?
Evidence must be relevant, material, and competent.
A penetration testing team has full knowledge about a target. What is this team called?
Full‐knowledge team.
What process is used to identify weaknesses?
Vulnerability analysis.
What does a civil investigation focus on?
A civil investigation typically involves internal employees and outside consultants working on behalf of a legal team.
What are security risks that input and output devices can pose?
Input/output devices can be subject to eavesdropping, shoulder surfing, and unauthorized access.
Define WPA2.
WPA2 is defined by IEEE 802.11i and supports preshared key or enterprise authentication.
What are the differences between knowledge‐based and behavior‐based detection methods used by IDS?
Knowledge‐based uses a signature database; behavior‐based learns about normal activities.
What cryptographic attack attempts to exploit weaknesses in the computer hardware or operating system?
Statistical attack.
What are parallel data systems?
Parallel data systems are designed to perform numerous calculations simultaneously.
Which organization developed the Bell–LaPadula security model?
The U.S. Department of Defense.
What are the responsibilities of data custodian, data processor, data administrator, and user?
Data controllers decide what data to process; processors handle data at the direction of controllers; administrators grant access; users access data.
What form of password attack consists first of a dictionary attack and then a brute‐force attack?
A hybrid attack.
What is VM escaping?
VM escaping occurs when software within a guest OS breaches isolation protection provided by the hypervisor.
What resource is in greatest demand during the BCP testing, training, and maintenance process?
Personnel time and attention.
What is interface testing?
Interface testing assesses the performance of modules against the interface specifications.
What are some countermeasures to eavesdropping?
Maintaining physical access security, using encryption, and employing one‐time authentication methods.
What is security management planning?
Security management planning ensures proper creation, implementation, and enforcement of a security policy.
What organization sponsors the National Flood Insurance Program?
Federal Emergency Management Agency (FEMA).
How long is a UDP header?
8 bytes.
What are the goals of managing backup media?
Preventing disclosure, destruction, and alteration of data.
Describe open and closed systems.
Open systems are designed using industry standards; closed systems are proprietary and harder to integrate.
What three generic elements can help prevent malware infections?
Education, policies, and tools.
What is the definition of computer crime?
Computer crime is a crime directed against or directly involving a computer.
What does malicious code often create on an infected system?
Backdoor.
What are microservices?
Microservices are an architectural style where an application is structured as a collection of small, independently deployable services.
What is the basic idea of split knowledge?
The information or privilege required to perform an operation is divided among multiple users.
What is the greatest security risk to RAM modules?
Theft.
How are PVC, SVC, DTE, and DCE used in a WAN network link?
WAN links require a DTE and a DCE at each connection point; PVC is always available, SVC is established using the best paths.
What acts as a placeholder variable in mathematical functions?
Nonce.
What is a public cloud?
A public cloud is a cloud service accessible to the general public, typically over an Internet connection.
What law created the category of mission‐critical computer systems?
Government Information Security Reform Act.
In relation to storage media, what is purging?
Purging is a more intense form of clearing that prepares media for reuse in less secure environments.
Name the three types of subjects and their roles in a security environment.
User accesses objects; owner is liable for protection; custodian classifies and protects data.
What are the major laws that govern privacy of personal information in the United States, the European Union, and Canada?
The U.S. has various privacy laws; the EU has the General Data Protection Regulation; Canada has PIPEDA.
What are the key concepts of the discretionary access control (DAC) model?
In the DAC model, all objects have owners who can modify permissions.
What feature of databases allows two or more rows to appear to have identical primary key elements?
Polyinstantiation.
What is a hybrid cloud?
A hybrid cloud is a mixture of private and public cloud components.
Why monitor privileged operations?
To ensure that trusted employees do not abuse their privileges and to detect many attacks.
What is the Delphi technique?
The Delphi technique is an anonymous feedback‐and‐response process used to arrive at a consensus.
Define the aspect of confidentiality known as privacy.
Privacy refers to keeping personally identifiable information confidential.
What are the pros and cons of a host‐based IDS?
It can pinpoint compromised resources but cannot detect network‐only attacks.
What are reasonable actions in legal and ethical contexts?
Actions that are in line with what a person of ordinary prudence and judgment would do.
What is OpenID Connect (OIDC)?
OIDC is an authentication layer using the OAuth 2.0 framework, providing both authentication and authorization.
What is the principle of least privilege?
Subjects should be granted only the amount of access required to accomplish their assigned work tasks.
What are security concepts related to cameras?
Video surveillance, monitoring, CCTV, and security cameras deter unwanted activity.
What is OIDC?
OIDC uses a JavaScript Object Notation (JSON) Web Token (JWT), also called an ID token.
What is the principle of least privilege?
Subjects should be granted only the amount of access to objects that is required to accomplish their assigned work tasks.
What are security concepts related to cameras?
Video surveillance, video monitoring, closed‐circuit television (CCTV), and security cameras are all means to deter unwanted activity and create a digital record of the occurrence of events. Cameras can be overt or hidden; can record locally or to a cloud storage service; may offer pan, tilt, and zoom; may operate in visible or infrared light; may be triggered by movement; and may support time‐lapse recording, tracking, facial recognition, gait analysis, object detection, or infrared or color‐filtered recording.
What is Automatic REquest to eXit (AREX)?
A security system feature commonly employed in access control systems to automatically signal to unlock a secured door or gate when someone wishes to exit a protected area.
Name some security issues surrounding memory components.
Some security issues surround memory components: the fact that data may remain on the chip after power is removed and the control of access to memory in a multiuser system.
What is the purpose of hardware segmentation?
Hardware segmentation is similar to process isolation in purpose—it prevents the access of information that belongs to a different process/security level.
What is VDI?
Virtual desktop infrastructure (VDI) is a means to reduce the security risk and performance requirements of end devices by hosting virtual machines on central servers that are remotely accessed by users.
Define PAP, CHAP, and EAP.
Password Authentication Protocol (PAP) transmits usernames and passwords in cleartext. Challenge Handshake Authentication Protocol (CHAP) performs authentication using a challenge‐response dialogue that cannot be replayed. Extensible Authentication Protocol (EAP) allows customized authentication security solutions.
What is SaaS?
Software as a service (SaaS) provides on‐demand online access to specific software applications or suites without the need for local installation.
What are common network administrative functions?
Configuration management, monitoring and analysis, troubleshooting and diagnostics, security management, user account management, software updates and patch management, backup and recovery tasks, and policy enforcement.
What is sensitive data?
Sensitive data is any information that isn’t public or unclassified. It can include confidential, proprietary, protected, or any other type of data that an organization needs to protect due to its value to the organization or to comply with existing laws and regulations.
What should be done before disposing of a desktop computer at the end of its life cycle?
Sanitization.
What is VMI?
Virtual mobile infrastructure (VMI) is a technology where the operating system of a mobile device is virtualized on a central server.
What protocol is used by ping, pathping, and traceroute?
ICMP.
What is the proper term for the assurance that information and security controls used to protect information are accessible and usable when needed?
Availability.
Define the aspect of confidentiality known as concealment.
Concealment is the act of hiding or preventing disclosure.
What is a cloud access security broker (CASB)?
A cloud access security broker (CASB) is a security policy enforcement solution that may be installed on‐premises, or it may be cloud‐based.
What is the form of new system deployment testing called when the new system and the old system are run simultaneously?
Parallel run.
What is used to provide short‐term fault tolerance for a power failure?
Uninterruptible power supply (UPS).
What kind of control does any mechanism, tool, or practice provide if it deters or mitigates undesirable actions or events?
Preventive control.
What is a virtualized network?
A virtualized network or network virtualization is the combination of hardware and software networking components into a single integrated entity.
What are the three major options for alternative processing sites?
Hot sites, warm sites, and cold sites.
What are the types and purposes of NDAs?
A unilateral NDA is used when one party needs to share sensitive data with another party while retaining control and protection over that data. A bilateral NDA is a legally binding contract between two parties where both parties agree to protect each other’s confidential information. A multilateral NDA is a legal contract involving three or more parties.
What is the importance of job descriptions?
Without a job description, there is no consensus on what type of individual should be hired.
How might you describe a site housed in self‐contained transportable units with all the control, hardware, and software elements necessary to establish an operational, safe computing environment?
Mobile site.
What law requires that websites provide parents with the opportunity to review any information collected from their children?
Children’s Online Privacy Protection Act.
What form of IDS is easier for an intruder to discover and deactivate?
Host‐based IDS.
Name the seven layers of the OSI model by their layer name and layer number.
Application (7), Presentation (6), Session (5), Transport (4), Network (3), Data Link (2), and Physical (1).
What are the five types of disaster recovery plan tests and the impact each has on normal business operations?
Read‐through tests, structured walk‐throughs, simulation tests, parallel tests, and full‐interruption tests.
What is IIoT?
Industrial Internet of Things (IIoT) is a derivative of IoT that focuses on industrial, engineering, manufacturing, or infrastructure level oversight.
What type of malicious code launches itself when certain conditions (such as a specific date) are met?
Logic bomb.
What is security as a service (SECaaS)?
Security as a service (SECaaS) is a cloud provider concept in which security is provided to an organization through or by an online entity.
What is port security?
Port security can mean the physical control of all connection points, such as RJ‐45 wall jacks or device ports.
The Bell–LaPadula, Biba, and Clark–Wilson access control models were all designed to protect a single aspect of security. Name the corresponding aspect for each model.
Bell–LaPadula protects confidentiality; Biba and Clark–Wilson protect integrity.
In relation to storage media, what is clearing?
Clearing, or overwriting, is a process of preparing media for reuse.
What do you call a person who is trained in responsible network security methods?
Ethical hacker.
How is accountability maintained?
Accountability is maintained for individual subjects through the use of auditing.
Where should fire detectors be placed?
In dropped ceilings, raised floors, server rooms, private offices and public areas, HVAC vents, elevator shafts, the basement, and so on.
On an 802.11 wireless network, what contains the regular announcement of the network name by default?
The beacon frame contains the SSID by default.
What is the purpose of AAA protocols?
Several protocols provide centralized authentication, authorization, and accounting services.
What is NAT66?
NAT66 allows multiple devices within a private IPv6 network to share the same public IPv6 address.
What kind of access control enforces access policy determined by the owner of the object to which the control applies?
Discretionary access control (DAC).
While containing an incident, what is the next important consideration?
Protection of evidence.
What are types of wireless antenna?
Omnidirectional pole antennas, as well as many directional antennas, such as Yagi, cantenna, panel, and parabolic.
What kinds of processes must be applied when confidential storage media is prepared for reuse in questionably secure environments?
Declassification.
What can be used to protect a company against the failure of a developer to provide adequate support?
Software escrow agreements.
Define the Common Criteria.
The Common Criteria (ISO/IEC 15408) is a subjective security function evaluation tool.
What is another term often used for firmware?
Microcode.
What is the purpose of software development maturity models?
To help software organizations improve the maturity and quality of their software processes.
How should an organization handle employee transfers?
Personnel transfers may be treated as a fire/rehire rather than a personnel move.
What is annualized loss expectancy, and how is it calculated?
The possible yearly cost of all instances of a specific realized threat against a specific asset. ALE = single loss expectancy (SLE) × annualized rate of occurrence (ARO).
What are the common applications of cryptography to secure web activity?
The de facto standard for secure web traffic is the use of HTTP over Transport Layer Security (TLS).
What are the two main forms of DoS?
The first form exploits a vulnerability in hardware or software. The second form floods the victim’s communication pipeline with garbage network traffic.
What is Compute Express Link (CXL)?
An advanced high‐speed interconnect technology developed to address the increasing demands of data‐intensive workloads in modern computing systems.
What are the characteristics of quantitative risk analysis?
Quantitative risk analysis assigns real dollar figures to the loss of an asset.
What is the function of authorization?
Once a subject is authenticated, its access must be authorized.
Define blockchain.
A collection or ledger of records, transactions, operations, or other events that are verified using hashing, timestamps, and transaction data.
What are some security issues of virtualization?
Virtualization doesn’t lessen the security management requirements of an OS.
What is phreaking?
A specific type of attack in which various types of technology are used to circumvent the telephone system.
What is FIPS‐186‐5?
FIPS‐186‐5 is the Digital Signature Standard (DSS).
What form of testing examines the internal logical structures of a program?
White‐box testing or known environment testing.
What type of damage occurs when static electricity discharges exceed 40 volts?
Destruction of sensitive circuits.
Explain the differences between multitasking, multicore, multiprocessing, multiprogramming, and multithreading.
Multitasking is the simultaneous execution of more than one application and is managed by the OS.
What are some examples of the various types of firewalls?
Static packet filtering, application‐level, circuit‐level, stateful inspection, NGFW, ISFW, virtual firewall.
What is the purpose of an access review and audit?
To ensure that users do not have.
What is efficiency in multithreading?
Multithreading permits multiple concurrent tasks to be performed within a single process.
What are some examples of the various types of firewalls?
Static packet filtering, application‐level, circuit‐level, stateful inspection, NGFW, ISFW, virtual firewall, filters/rules/ACLs/tuples, bastion host, ingress, egress, RTBH, stateless vs. stateful, WAF, SWG, TCP wrapper, DPI, and content and URL filtering.
What is the purpose of an access review and audit?
To ensure that users do not have excessive privileges and that accounts are managed appropriately.
What is social engineering?
When a person attempts to deceive an insider within an organization to divulge sensitive information or to perform sensitive actions on their behalf.
Define the aspect of confidentiality known as seclusion.
Seclusion refers to storing something in an out‐of‐the‐way location with strict access controls to enforce confidentiality protections.
What roles can a service bureau play in disaster recovery?
Service bureaus lease computer time via contractual agreements and can meet an organization’s entire IT needs in the event of disaster or catastrophic failure.
At what stage of a fire is a flame visible?
Stage 3: Flame.
What is a hardware‐based RoT?
A hardware‐based RoT refers to the implementation of the root of trust using dedicated hardware components like TPMs or HSMs for secure cryptographic operations.
What are the three major characteristics of a functional requirement?
Inputs, behaviors, and outputs.
What are the security concerns of a wiring closet?
A wiring closet is where networking cables are connected to essential equipment. Security focuses on preventing unauthorized physical access to avoid theft or tampering.
What is war driving?
A collection of techniques to discover that a wireless network is present at a given location.
What is the difference between synchronous and asynchronous communications?
Synchronous communications rely on a timing or clocking mechanism, while asynchronous communications rely on a stop and start delimiter bit.
What law grants privacy rights to students enrolled in educational institutions that accept government funding?
Family Educational Rights and Privacy Act.
What is onboarding?
Onboarding is the process of adding new employees to the IAM system of an organization or when an employee’s role changes.
What is a resource capacity agreement?
An agreement ensuring that a cloud provider will provide the resources needed to support disaster recovery operations.
What is an HSM?
A hardware security module (HSM) is a cryptoprocessor used to manage/store digital encryption keys and improve authentication.
What term describes the technical evaluation of each part of a computer system to assess its concordance with security standards?
Certification.
What is a business case?
A documented argument to define a need for a decision or action, often to justify a new project related to security.
Is adherence to the ISC2 Code of Ethics recommended, mandatory, or optional for CISSPs?
Adherence to the ISC2 Code of Ethics is mandatory, and acceptance is a condition of certification.
What is code review?
Code review is the foundation of software assessment programs where developers review code for defects.
What are the concepts of memory addressing?
Means of memory addressing include register addressing, immediate addressing, direct addressing, indirect addressing, and base+offset addressing.
What are elements of effective user training against social‐engineering attacks?
Always err on the side of caution, request proof of identity, classify information, and never change passwords over the phone.
What is privacy?
Prevention of unauthorized intrusion and knowledge that personal information won’t be shared without consent.
What is a replay or playback attack?
A malicious user records traffic between a client and server and retransmits it with variations.
What acts as an interface between backend database systems and user applications?
ODBC.
What is the name of the accreditation process of the Department of Defense?
Defense Information Technology Security Certification and Accreditation Process (DITSCAP).
What are the issues related to user acceptance of biometric enrollment and throughput rate?
Enrollment times longer than 2 minutes are unacceptable; subjects will typically accept a throughput rate of about 6 seconds or faster.
What term describes damage resulting from arson, human error, acts of terrorism, or power outages?
Human‐made or person‐made disaster.
What is the commercial business/private sector classification scheme?
Confidential, private, sensitive, public.
What is the importance of security assessment and testing programs?
They validate the ongoing effectiveness of security controls through various tools like vulnerability assessments and penetration tests.
What is Stateless Address Autoconfiguration (SLAAC)?
SLAAC is based on routers sending Router Advertisement messages to facilitate stateless DHCPv6 for IPv6 address formation.
What is a captive portal?
An authentication technique that redirects a newly connected wireless client to a portal access control page.
What is a spoofing attack?
The attacker pretends to be someone or something else, spoofing identities, IP addresses, and more.
What are three forms of ICS?
Distributed control systems (DCSs), programmable logic controllers (PLCs), and supervisory control and data acquisition (SCADA).
Define a fail‐open system.
A fail‐open system will fail in an open state, granting all access.
Why is monitoring an important part of a security policy?
Monitoring is used to watch for security policy violations and detect unauthorized activities.
Which security vulnerability conveys information by altering the performance of a system component?
Covert timing channel.
What types of accounts are focused on during a user entitlement review?
Privileged accounts such as administrator or root user accounts.
What are the five elements of an AAA service?
Identification, authentication, authorization, auditing, and accounting.
What are the pros and cons of a network‐based IDS?
It can monitor a large network and is hardened against attack but requires a central view of traffic and can’t pinpoint compromised resources.
What is misinformation?
Inaccurate or misleading information spread without malicious intent, often due to errors or misunderstandings.
What are some countermeasures to common attack methods?
Patching software, reconfiguring security, employing firewalls, updating filters, using IDSs/IPSs, and improving physical access control.
What type of software testing is most appropriate when the tester does not have access to the underlying source code?
Dynamic testing.
Name the common network topologies.
Ring, bus, star, and mesh.
What is watermarking?
The practice of embedding an image or pattern in paper or digital documents to thwart counterfeiting attempts.
What are the roles of different coding tools in software development ecosystems?
Developers write code in various languages, use software development toolsets, and manage code through repositories.
What type of application analyzes business data for decision-making?
Decision support system.
What is a false negative?
When a vulnerability scanner misses a vulnerability and fails to alert the administrator.
What is the importance of key security?
Cryptographic keys provide secrecy to a cryptosystem, with modern symmetric keys at least 128 bits and asymmetric keys at least 2,048 bits long.
