testing questions missed

Question 1

what is MAC dealing with OSI and what layer

Answer 1

• Media Access Control
• Layer 2

Question 2

OSI layer 2 - what is it and what operates there

Answer 2

• mac addresses
  1. 48 bits
  2. threats: mac spoofing and mac flooding
• bridges and switches (L2) (asume L2 switch unless it says on the test)
• LLC (logic link control)

Question 3

what is layer 4 of OSI model, what works there, what devices, what ports

Answer 3

• Transport layer
• responsible for end to end connection with error correction and detection
• Ports - 65,535 total (know some common ports)
• TCP/UDP and SSL/TLS(used to encrypt http and other data traffic) (makes sure to know tcp/udp nuances)

Question 4

What are three major public key cryptosystems (algorithms)

Answer 4

• RSA
• El Gamal (less used)
• elliptic curve (strongest)

Question 5

what type of network discovery scan only uses the fist two steps of the TCP handshake?

1. tcp connect scan
2. xmas scan
3. tcp syn scan
4. tcp ack scan

Answer 5

3. tcp syn scan

Note: the syn scan is all you need because
* you send the syn and get the reply back of syn ack (first two steps)

Question 6

what type of interface testing would identify flaws in a program’s command-line interface?

1. application programming interface testing
2. user interface testing
3. physical interface testing
4. security inteface testing

Answer 6

2. user interface testing
   * user inteface testing includes assessments of boht graphical user interfaces (GUIs) and command line interfaces (CLI) for a software program

Question 7

Paul would like to test his application against slightly modified versions of previously used input. what type of test does Paul intend to perform?

1. code review
2. application vulernability review
3. mutation fuzzing
4. gereration fuzzing

Answer 7

3. mutation fuzzing

uses bit flipping an other techniquest to slightly modifiy input testing

Question 8

what information security management task ensures that the organization’s data protection requirements are met effectively?

1. account management
2. backup verification
3. log review
4. key performance indicators

Answer 8

2. backup verification

NOTE: this was slighly tricky. verifying the backup processes are running properly is a check to help verify data protection

just enough to provide an answer - try not to over think

I went after performance indicators, thinking backup verification was not enough but I was wrong

Question 9

which of the following steps would be included in a change management process (select all that apply)

1. immediately implement the change if it will improve performance
2. request the change
3. create a rollback plan for the change
4. document the change

Answer 9

2. request the change
3. create a rollback of the change
4. document the change

documentation is not after the change request, its part of it

Question 10

security administrators are regularly monitoring threat feeds and using that information to check systems with the network. their goal is to discover any infections or attacks that haven’t been detected by existing tools. what does this describe?

1. threat hunting
2. threat intelligence
3. implementing the kill chain
4. using artificial intelligence

Answer 10

1. threat hunting.

Note: they are actively looking for attacks, not just using the intelligence gathered to build a better defense.

Question 11

you operate a grain processing business and are developing your restoration priorities. which one of the following systems would likely be your highest priority?

1. order processing system
2. fire suppression system
3. payroll system
4. website

Answer 11

2. fire suppression system

Note: always choose human life - fire suppression equals saving human life

Human safety is always NUMBER one

Question 12

Electronic Discovery steps (EDRM)

eDiscovery steps

Answer 12

1. Identification
2. Preservation
3. Collection
4. Processing
5. Review and Production

Question 13

which one of the following attacker actions is most indicative of a terrorist attack

1. altering sensitive trade secret documents
2. damaging the ability to communicate a respond to a physical attack
3. trasferring funds from an unapproved source into your account
4. selling a botnet for use in a DDoS attack

Answer 13

2. damaging the ability to communicate a respond to a physical attack

Question 14

UEBA is what

Answer 14

• User and entity behavior analytices
• baselines of behavior modeling
• this typically involves machine learning
• denys, alerting, etc. when something is outside the norm

Question 15

Cobit

Answer 15

• framework developed by the information systems audit and control association (ISACA) and the IT governance Institution (ITGI)
• defines goals for the controls that should properly manage IT and ensure IT maps to business needs, not just security needs
• COBIT broadly focuses on risk management that can be applied to various business areas

COBIT address what is to be achieved… ITIL address how to achieve

Question 16

ITIL

Answer 16

• The Information Technology Infrastructure Library
• the de facto standard of best practices for IT service management
• a customizable framework, ITIL provides the goals, the general activities necessary to achieve these goals, and the input and output value for each process requied to meet these goals

COBIT address what is to be achieved..ITIL address how to achieve

Question 17

OECD

Answer 17

• Organization for Economic Co-operationand Developement
• develeped guidelines for various countries so that data is properly protected and everyone follows the same rules

Question 18

What is IP Masquerade

Answer 18

• IP Masquerade is a networking function in Linux similar to the one-to-many

Question 19

a number of factors should be considered when assigning values to assets. which of the following is not used to determine the value of an asset?

1. the assets value in the external marketplace
2. the level of insurance required to cover the asset
3. the initial and outgoing cost of purchasing, licensing, and supporting the asset
4. the asset’s value to the organization’s production operations

Answer 19

2. the level of insurance required to cover the asset

NOTE: the cost of insurance is not the important factor. you need to know the asset value before getting an isurance cost ( i guess duh)

Question 20

risk assessment has several different methodologies. which of the follwing official risk methodologies was not created for the purpoose of analyzing security risks

1. FAP
2. OCTAVE
3. ANZ 4360
4. NIST SP 800-30

Answer 20

3. anz 4360 -
   * it can be used for risk assessment but was not created for that purpose
   * ANZ 4360 can be used to understand a complany’s financial, capital, human safety and business decisions risk

Question 21

name some offical risk assessment methodologies

Answer 21

• FRAP - (Facilitated Risk Analysis Process) aims to get conclusions about risks quicker.
• OCTAVE - a risk-based strategic assessment and planning technique for security
• NIST SP 800-30 - guide for conduction risk assessment

Question 22

threat modeling methodology uses one of 3 approaches - what are these approaches

Answer 22

1. attacker centric
2. asset centric
3. system (software) - centric
   * according to CBK system or software centric methods like stride are the most useful

Question 23

what is a threat modeling methodology that is an example of attacker centric and some attributes

Answer 23

1. PASTA
   * focuses on each threat and its TTP (tactics, techniques and procedures)
   * starts by identifying threats then attempts to find vulnerability attack paths

Question 24

what is an example of asset centric threat modeling methodology

Answer 24

1. NIST 800-154
   * first identifies critical assets
   * then determines how threats might compromise them

Question 25

of the 3 threat modeling methodoloies, according to CBK, one of them is more useful.
which one are they refering to and list some attributes

Answer 25

1. system or (software) centric are the most useful
   * STRIDE is an example
   * they represent interconnected processes
   * often use data flow diagrams to access trust boundries and needed controls

Question 26

what is 802.1x

Answer 26

• port based network access control (PNAC)

Question 27

what is 802.1q

Answer 27

• Virtual Local Area Networking
  (VLAN)

Question 28

In what phase of the Capability Maturity Model for Software (SW-CMM) are quantitative measures used to gain a detailed understanding of the software development process?

1. repeatable
2. defined
3. managed
4. optimizing

Answer 28

3. managed

Question 29

NIST maturity model steps

Answer 29

1. Initial - no organized processes (adhoc)
2. Repeatable - some processes are reteatable, a formal program has been initiated. some processes defined an dcoumented
3. Defined - processes have become formal, standardized, and defined (consistency)
4. Managed - organization begins to measure, refine, and adapt their security processes. more effective and effecient based on information from the program
5. Optimizing - has processes that are automated, documented, and constantly analyzed for optimization. cybersecurity is part of the overall culture

Question 30

type I biometric error

Answer 30

• False positive
• False Reject Rate

Question 31

you have been selected to manage a software development project. your supervisor asked you to follow the phases oin the systems/sofware develpment life cycle.
In which phases will the system be tested by an independent third party
1. acceptance
2. testing and evaluation controls
3. documentation and common program controls
4. functional requirements definition

Answer 31

1. acceptance - is the phase at which the software is tested by an independent third party. the testing process includes functionality test and security test, which should verify that the software meets all the functional and security specifications that were documented in previous phases

Question 32

What is an example to explain this process
MAC (message authentication code) or HMAC
(hased message authentication code) without using PKI

Answer 32

• bob and alice decide on a shared secret
• bob hashes the mesage (sha2)
• bob encrypts that hashed message with the shared secret known only by alice
• this is MAC or HMAC
• alice reverses the process to provide authentication

Question 33

if something is cod signed does it mean its safe to use on your computer?

Answer 33

it does not! it simply means the creator has been verified

Question 34

digital Signature - non-repudiation

Answer 34

• DSA (digital signature algorithm)
• SHA1 or SHA2
• asymmetric (RSA or ECC) encryption and (RSA or ECC) keys on the hash

Question 35

FM-200 question below

Answer 35

• Not to be confused with a CO2 System, FM 200 fire suppression systems are electrically non conductive and safe for humans.

Question 36

what can be used to obtain the plaintext value of a hashed password

Answer 36

rainbow table
* hashed algorithms like md5 and sha1 can be used to create a message digest of data

Question 37

which of the follwing must a user have for all information precess in system high mode?

1. security clearance, access approval and a valid need to know
2. a security clearance and access approval
3. a security clearance and valid need to know
4. security clearance

Answer 37

2. a security clearance and access approval

Question 38

is licensing part of the SDLC

Answer 38

no

Question 39

what mode is AH typically used with ESP and why
1. transport
2. tunnel

Answer 39

Transport

Question 40

what is double encoding used for

Answer 40

• the act of encoding data twice in a row using the same encoding scheme. It is usually used as an attack technique to bypass authorization schemes or security filters that intercept user input

Question 41

what is forced browsing

Answer 41

• Forced browsing is an attack where the aim is to enumerate and access resources that are not referenced by the application, but are still accessible.
• An attacker can use Brute Force techniques to search for unlinked contents in the domain directory, such as temporary directories and files, and old backup and configuration files. These resources may store sensitive information about web applications and operational systems, such as source code, credentials, internal network addressing, and so on, thus being considered a valuable resource for intruders

Question 42

what is PIPEDA

Answer 42

The Personal Information Protection and Electronic Documents Act is a Canadian law relating to data privacy.

Question 43

lockdown enclosure is for what

Answer 43

• Lockdown enclosure prevents theft of computer equipment

Question 44

what are these fire extinquishers for
1. A
2. B.
3. C

Answer 44

1. A – wooed, paper, cloth
2. B – flammable liquids
3. C – electrical panel, motor wiring etc.

Question 45

Electronic vaulting

Answer 45

• Electronic vaulting makes a copy of data to a backup location. This is a batch process operation that functions to keep a copy of all current records, transactions, or files at an offsite location

Question 46

what is CYOD

Answer 46

1. choose your own device
   * sometimes this is an option for devices to use at work. they are typically chosen from an approved list

Question 47

with SDN what is plane is centralized
* SDN management
* SDN control
* SDN data
* SDN Policy

Answer 47

• SDN Architecture The SDN control plane is centralized

Question 48

circuit switching

Answer 48

• once built the circuit is always there even when not used
• this can be considered a waste of resources
• common types
• POTS
• PSTN
• T1, E1, T3, E3
• ISDN

Question 49

packet switching

Answer 49

• Packet switching is how we think of networking today. We take our data, we put it into a wireless network, or a wired network, and we send the traffic on its way, and it finds its way to its destination. This might be data, it might be video, it might be voice– doesn’t matter. We’re sending this data out over the network and it’s finding its way and switching based on what’s in the packet. Usually this media is shared.

Question 50

XOR

Answer 50

• if the values are the same its a 0
• if the values are different its a 1

Question 51

ARP

Answer 51

translating IP to MAC
* computer has the IP of the device, just needs to MAC so they can talk at lower layers

Question 52

what is NAC

Answer 52

• NAC systems are there to ensure that only the right users with authenticated and reliable devices (whether they belong to the company or the individual themselves) can log on to the network. Once they are there, the NAC regulates the areas of the network users can access while monitoring and logging their activity
• principle of 3 (AAA)
• authentication, authorization, accounting

Question 53

which is NOT likely a vulnerability with kerboros authentication method
* theft of cached credentials
* a single point of failure
* a password guessing attack
* susceptibality to eavesdropping

Answer 53

• susceptibality to eavesdropping

Question 54

which of the following is not a method for protecting data at rest

1. network level encryption
2. database level encryption
3. folder level encryption
4. application level encryption

Answer 54

• network level encryption is not
• note: i originally answered this wrong. I think application level, is data in use, apparently if its in flash its considered rest. I did not think about that data that could be stored on the application server

Question 55

which of the following best describe the purpose of a key destribution center (KDC)

• sending a service ticket (ST) to an authenticated user when the user requires a network service
• enabling single single sign on services by acting as a trusted thirdparty authentication server
• enabling an authenticated user to request access to network services
• sending a second session key to an authenticated user when the user requires access to a network service

Answer 55

• enabling single single sign-on services by acting as a trusted third-party authentication server

Question 56

what device increases broadcast domains

Answer 56

• router
• in a router, each interface is a seperate broadcast domain
• routers do not forward broadcast
  ***note: not for the test; however a L3 switch does this also. its why i got it wrong. I was thinking L3 not L2 when i answered. The test considers switches L2 unless they say different (remember)

Question 57

ALE formula

Answer 57

SLE X ARO
Note: remember if you are comparing something you are buying to a lease. you have to make sure the cost of the purchase is included in teh forumala over time.
Example : cost of printer then figure your ale over X amount of years. you have to add the cost of original purchase to the ALE cost over that span of years compared to a lease over that same span of time.

Question 58

a TFTP server recieves a request from a client devic on UDP 69.
which port number will the server use to send a response back to the client

Answer 58

• The TFTP server listens continuously for requests on well-known UDP port number 69, which is reserved for TFTP
• The client chooses for its initial communication an ephemeral port number, as is usually the case in TCP/IP
  ** ephemeral ports are short period communications RANGE - 1024-65535

Question 59

what is the primary concern with bluetooth version 2.1

Answer 59

• weak encryption
• verion 4.1 has a much stronger cipher EAS-CCM

Question 60

which privacy act was created in 74 to provide citizens with access to private information that is being collected and maintained by teh governmant

Answer 60

U.S. Privacty act

Question 61

what is the job duties of a security administrator

Answer 61

• responsible for user account management and reivews of audit data
• assigning user accounts and security settings
• usual lesser permissions compared to system administrators

Question 62

what is the role of a system administrator

Answer 62

• monitors and maintains the systems and applications
• can be more specialized such as DBA or network admin

Question 63

what is true about OSPF

Answer 63

• it learns the entire network topology for the area

Question 64

what best decribes groupings of subjects and objects that have the same security requirement

• security domains
• layering
• obstraction
• the ring model

Answer 64

• security domain

Question 65

what database type does DNS use

Answer 65

• Hierarchical database

Question 66

what is object reuse

Answer 66

the process of reusing data or authentication credentials that application or process has shared in memory or cachedd to disk. when data or credentials are retrieved and used by another user, applications, or process, unauthorized priveilege escalation can occur.
*** object reuse can be mitigated by developing tight controls over the sharing of such objects in memory and by ensuring that a cached credentials are removed from memory when they are no longer required

Question 67

what type of obfuscation deals with making a program obscure to computers

Answer 67

Pevention obfuscation

Question 68

can a switch reduce collision domains

Answer 68

a switch creates seperate collision domains for each switch port

Question 69

what type of physical lock is the most vulnerable to shoulder surfing and brute force(trying every combo possible)

Answer 69

• a lock with a keypad
  *** they are easier to see you put in your code and typically less digits, so easier to attempt a brute force

Question 70

what secruity architecture model are you most likely to implement to avoid covert channel attacks

Answer 70

noninterference

Question 71

what is the purpose is WS-secureconversation web services specifications

Answer 71

• to create security contexts for faster message exchanges

Question 72

what is security marking for

Answer 72

reflects applicable laws, directives, policies, regulations and standards

Question 73

which is correct regarding encapsulation

1. frames are encapsulated in segments
2. segments are encapuslated in packets
3. packets are converted into bits
4. bits are encapulated in frames

Answer 73

segments are encapsulated in packets

Question 74

Do we want high coupling or low coupling

Answer 74

low coupling - an object that is mostly independent of other objects

Question 75

high cohesion vs low cohestion

Answer 75

high cohesion -
Cohesion refers to the degree to which the elements of a module/class belong together, it is suggested that the related code should be close to each other, so we should strive forhigh cohesion

Question 76

is sso a federated identity managment (FIM)

Answer 76

• nope, they do similar things but
• SSO is within the organization
• FIM is across various enterprises (cloud for example or across multiple enterpises)

Question 77

If a brute force is being attempted on a cipher what does the attacker normally have access to

1. ciphertext
2. neither th eplaintext nor the ciphertext
3. both the plaintext and the ciphertext
4. only the plaintext

Answer 77

they have access to only the ciphertext

Question 78

having employees acknowledge that they have read and understood the complany security policy does what

1. ensure that they unerstand the policy
2. ensure that the company is protected
3. ensure that they have read the policy
4. ensure they they follow the policy

Answer 78

2. ensure the that company is protected

if there was a breach and its covered in the policy, the company has to show proof that they employee knew that information

Question 79

a dev team using a source code repository has achieved the diesired level of functionality on a current project. the last dev commits changes, what is the latest change to the code repository

1. code freezing
2. code commit
3. code check in
4. code check out

Answer 79

• code freezing

Question 80

what does a database view contain

Answer 80

the results of a database query

Question 81

government classifications (5) and level of damage

Answer 81

1. Top secret - severe (grave) damage to national securirty
2. Secret - critical damage to national secuirity
3. Confidential - some serious
4. Sensitive but unclassified - no damge to national securirty
5. unclassified - not sensitive

Question 82

3 FIM (federated identity management) what are they

Answer 82

• cross site certifcation - enables participants to trust another partipants pubolick key infrastructure
• trusted third party - uses a single organziation to manage the authentication and verification process for each company that is partipating in the model
• bridge model - trust model also know as brige

Question 83

different between PGP and SMIME

Answer 83

• PGP can be used to encrypt not only email messages, but also files and entire disk drives
• both can be used for confidentiality, integrity and non repudiation for email
• confidentiality is accomplished with 3DES
• intengity is accomplished with sha1
• nonerepudiation by creating digital signatures with asymmetrick encription method such as RSA

Question 84

what of the following is a legal liability concept that defines the minimum level of information protection that an organziation must achieve

• due diligent
• due care

Answer 84

due care
NOTE: due care is the legal liability concept that defines the minimum level of information protection that an organization must achieve.

due diligence - legal liability concept that requires an organization to continually review its practices.

Question 85

kerberos attributes

Answer 85

• SSO using tickets
• authentication service
• uses ticket to allow users to security authenticate to a variety of network based servcies
• weakness kerberos
  1. KDC store plaintext keys of all principals(clients and servers)
  2. KDC can be a single point of failure
  3. short key suseptable to attack
  4. password guessing, kerberos does not know if a dictionary attack is taking place
  5. clock timing

Question 86

the MAC model supports different environment types. which of the following grants users access using predefiend labels for specific labels?

1. a compartmentalized environment
2. hierarchical environment
3. centralized environement
4. hybrid environment

Answer 86

2. Hierarchical environment

• Answer: In a hierarchical environment, the various classification labels are assigned in an ordered structure from low security to high security.
• (MAC) model supports three environments: hierarchical, compartmentalized, and hybrid

Question 87

A risk assessment includes the evaluation of threats for each identified asset. What are the potential areas of concern related to third-party connectivity? (Choose all that apply.

1. business partnership
2. cloud services
3. telecommuting
4. a business branch vpn link

Answer 87

1,2 and 3
Answer: The potential areas of concern related to third-party connectivity are those in which an actual outsider is to be directly connected to on-premises networks; these situations include business partnerships, cloud services, and telecommuting. Third-party connectivity is not involved when using VPN links to connect business branches.

Question 88

A cloud-based provider has implemented an SSO technology using JSON Web Tokens. The tokens provide authentication information and include user profiles. Which of the following best identifies this technology?

1. OIDC
2. OAuth
3. SAML
4. OpenID

Answer 88

1. OIDC

Answer: OpenID Connect (OIDC) uses a JavaScript Object Notation (JSON) Web Token (JWT) that provides both authentication and profile information for internet-based single sign-on (SSO). None of the other answers use tokens. OIDC is built on the OAuth 2.0 framework. OpenID provides authentication but doesn’t include profile information.

Question 89

Customers frequently return to an e-commerce site to make additional purchases. The company wants to allow customers to be automatically logged on when they visit. Which of the following will meet this need?

A. Service authentication
B. The Credential Management API
C. Single sign-on (SSO)
D. Session management

Answer 89

The Credential Management application programming interface (API) will meet this need. It was published by the World Wide Web Consortium (W3C) as a working draft in January 2019.

Question 90

What is the most common and inexpensive form of physical access control device for both interior and exterior use?

Answer 90

key locks

Question 91

A company server is currently operating at near maximum resource capacity, hosting just seven virtual machines. Management has instructed you to deploy six new applications onto additional VMs without purchasing new hardware since the IT/IS budget is exhausted. How can this be accomplished?
1. Microservices
2. Docker
3. Service oriented archetecture (soa)
4. Containerization

Answer 91

4. Containerization

Containerization is based on the concept of eliminating the duplication of OS elements in a virtual machine. Instead, each application is placed into a container that includes only the actual resources needed to support the enclosed application, and the common or shared OS elements are then part of the hypervisor. The system as a whole could be redeployed using a containerization solution, and each of the applications previously present in the original seven VMs could be placed into containers, as well as the six new applications. This should result in all 13 applications being able to operate reasonably well without the need for new hardware.

Question 92

Which of the following approaches uses mathematical algorithms to analyze data, developing models that may be used to predict future activity?

Answer 92

Machine learning

Question 93

The Board of Directors of a firm would like to hire an auditor to review the firm’s financial statements. Which one of the following groups would be best suited for this engagement?

A. Internal audit group
B. Finance team
C. Independent auditor
D. Board committee

Answer 93

• Independent auditors

External audits, such as the one requested by the Board, should always be conducted by independent, qualified audit firms.

Question 94

is cros site request forgery (XSRF)
what is the mitigations methods

Answer 94

websites use of completely automated public turing test to tell computers and humans apart (captcha), two facctor authentication or by adding a nonce to web requests

Question 95

ipv6 loopback

Answer 95

::1

Question 96

what dept is a security person least likely to be a part of

Answer 96

• the internal audit deptartment

Question 97

common criteria - breaksdown into 4 terms

Answer 97

• target of evaluation (ToE): systme or produc to that is to be tested
• security target (ST): documentation that describes the ToE and any secuity requirements
• PP: a set of security rquirements and objects for the type of product to be tested
• evaluation assurance level (EAL): a ratign level that is assigned to the product after the product has been tested

Question 98

7 ratings of Common Criterea

Answer 98

• EAL1: functionally tested
• EAL2: structrually tested
• EAL3: Methodically tested and checked
• EAL4: methodically designed, tested, and reviewed
• EAL5: semi-formally designed and tested
• EAL6: semi-formally verfied, designed, and tested
• EAL7: formally verified, designed, and tested

Question 99

which protocol data unit (PDU) exist at the data link layer of the OSI model
* frames
* packets
* segments
* bits

Answer 99

• frames

Question 100

what pdu (protocol data unit) is at the transport layer

Answer 100

segments

Question 101

what pdu (protocol data unit) is at the network layer

Answer 101

packets

Question 102

what pdu (protocol data unit) is at the data link layer

Answer 102

frames

Question 103

what pdu (protocol data unit) is at the physical link

Answer 103

bits

Question 104

which access control principle ensures that information does not flow between groups of users

Answer 104

• compartmentalization

A nonhierarchical grouping of sensitive information used to control access to data more finely than with hierarchical security classification alone. The isolation of the operating system, user programs, and data files from one another in main storage to protect them against unauthorized or concurrent access by other users or programs

Question 105

object reuse can be memory and/or hard drive
true or false

Answer 105

True

Question 106

what is the weakest form of biometrics

Answer 106

• Fingerprint

Question 107

CPU pipelining

Answer 107

The CPU is capable of executing a series of basic operations, including fetch, decode, execute, and write. Pipelining combines multiple steps into one process. The CPU has the capability to fetch instructions and then process them. The CPU can function in one of four states:

Ready state—Program is ready to resume processing
Supervisor state—Program can access entire system
Problem state—Only nonprivileged instructions executed
Wait state—Program waiting for an event to complete

Question 108

Non-interference Model

Answer 108

This model ensures that the actions of different objects and subjects aren’t seen by (and don’t interfere with) other objects and subjects on the same system.. By implementing this model, the organization can be assured that covert channel communication does not occur because the information cannot cross

A covert channel is a policy-violating communication that is hidden from the owner or users of a data system.

Question 109

WPA3 attributes

Answer 109

• enterprise supports AES-GCMP (galois/counter mode protrocol)
• personal suppports AES-CCMP at minimum, like WPA2
• supports (PFM) protected management frames
• supports (SAE) simultaneous athentication of equals

Question 110

smurf attack

Answer 110

• ICMP echo request
• DOS
• attacker sends ICMP echo requests packets with a spoofed source address to a directeed broadcast address

Question 111

fraggle attack

Answer 111

• DoS ICMP echo request
• UDP
• attacker sends UDP packets witha spoofed source address to a directed broadcast attack
• every device the recieves a UDP broadcast will reply to the spoofed source address

Question 112

Teardrop attack

Answer 112

• DoS ICMP echo requests
• several large overlapping IP fragments

Question 113

LAND attack

Answer 113

• DoS ICMP
• malformed IP packets
• victim recieves the packets, becomes confused and can crash

Question 114

garbage collection

Answer 114

A language mechanism that automatically deallocates memory for objects that are not accessible or referenced.

Question 115

malware taht does not leave any trace of its presence nor saves itself to a storage devcie, but is still able to stay resident and active on a computer is know as what

Answer 115

fileless malware

Question 116

what software development concept was pioneered by teh defese department in the 1990s as an effor tto bring together divers product development teams

1. integrated product team
2. agile methodology
3. scrum approach
4. user stories

Answer 116

integrated product team

Question 117

what 3 types of interfaces are typically test during software testing

1. netowrk, physical and application
2. APIs, UIs, and physical interfaces
3. network interfaces, APIs and UIs
4. application programmatic, and user interfaces

Answer 117

2.. APIs, UIs, and physical interfaces

tested during the software testing perocess

Question 118

charlie is seeking a common naming scheme that he can use to describe system configurations during vulerability analysis. which one of the follow SCAP components would be best suited to the task.

1. CVE
2. CPE
3. CVSS
4. CCE

Answer 118

• CCE

common configuraion enumeration (CCE) provides a naming system for system configiguration issues

Question 119

OWASP SAMM
software assurance maturity model

Answer 119

• SAMM steps
• there are levels at each category
• similar to L1 - L3

Question 120

using the OSI model, what format does the data link layer use to format messages recieve from higher up the stack

• data stream
• frame
• segment
• datagram

Answer 120

frame

Question 121

which is not a typical part of a penetration test report

1. a list of identified vlunerabilities
2. all sensitive data that was gathered during the test
3. risk rating for each issue discovered
4. mitgation guidance for issues identified

Answer 121

2. all sensitive data that was gathered during the test

Question 122

which of the folowing security controls cannot be reversed and is the best choice to permanently protect personal information in a dataset transferred out of the EU?

1. psedonymization
2. encryption
3. tokenization
4. randomized masking

Answer 122

4. randomized masking

answer: randomized masking is one of many anonymization methods and is the best choice of the given answers. when done correctly, it cannot be reversed to discover the original data.

Question 123

tom is investigation a security incident and found that the attacker was able to directly modify the contents of a system’s memory.
what type of application vlunerability would most directly faccilitate this action

1. rootkit
2. back door
3. TOC/TOU
4. buffer overflow

Answer 123

4. buffer overflow

Answer: buffer overflow attacks allow an attacker to modify the contents of a systems memory by writing beyond the space allocated for the variable

Question 124

types of mandatory access control

Answer 124

1. hierarchical
2. campartmentalized
3. hybrid

Question 125

serverless architecure attributes

Answer 125

• microservice features scalable but can be complex
• is part of FaaS (function as a service)
• FaaS is a subcategory of (Paas)
• remember this if a question answer should be FaaS and only PaaS is an option

Question 126

what principle states that an individual should make every effrot to complete his or her responsibliities in an accurate and timely manner

• least privilege
• seperation of duties
• due care
• due diligence

Answer 126

• due diligence

Answer: due diligence is a more specific component of due care, that states that an individual assigned a responsiblitiy should exercise due care to complete it accurately and in a timely manner

Question 127

SPML (services provisioning markup language) attributes

Answer 127

• services provisioning markup language
• XML-based standard that facilitates the exchange of account provisioning information among applications, services and organizations
• SPML allows organizations to securely create, update and delete end-user accounts for many web services and applications using a single request from a central point.

Question 128

dana is selecting a hash function for use in her organization and would like to balance a concern for a cryptographically strong hash with the speed and efficiency of the algorithm
which hash functions would best meet her needs

1. MD5
2. ripemd
3. sha-2
4. sha-3

Answer 128

3. sha-2

Answer: dont over think it. md5 and ripemd suck.
sha-3 is less effecient comparted to sha-2

Question 129

SSAE-18

Question 130

rons organization does not have the resouces to conduct penteration testing that uses time-intesive manual techniques, but he would like to achieve some of the benefits of penetration testing.
which technique could he engage in the requires the least manual effort

1. white box testing
2. black box testing
3. gray box testing
4. breach and attack simulation

Answer 130

4. breach and attack simulation
   * allow you to create a wide array of attacks on prodcution netowrk without risk to data, applications or users

Answer: platforms are intended to automate some aspects of penetration testing. these systems are designed to inject threat indicators onto systems and networks in an effort to trigger other security controls

Question 131

In a single lvel security environment. when classifying information systems according to the type of information that they process. what procedure would be teh best way to assign assets classifications

1. assign system the classification of the highest level of information they they are expected to process regularly
2. assign systems the classification of the highest level of information they they are ever expected to process
3. assign systems the classification of information they they most commonly process

Answer 131

2. assign systems the classification of the highest level of information they they are ever expected to process

Answer: in a single level security environment. this is the way

Question 132

darren is troubleshooting an authentication issue for kerberized applicaton used by his organizaton. he believes the issue is with teh generation of session keys. what kerberos servic should he investigate first?

1. kdc
2. tgt
3. as
4. tgs

Answer 132

4. TGS (ticket granting service)

Question 133

kim is the system admin for a small business network as she was in the office after hours with nobody else there. one moment systems across the office were working fine but now are exhibiting signs of infection one after the other.
what type of malware is kim likely dealing with

1. virus
2. worm
3. trojan horse
4. logic bomb

Answer 133

2. worm

answer: worms - have built in progagation mechanisms that do not require user interactions, such as scanning for systems containing known vulnerabilities and then exploiting those vulnerabilities to gain access.
Logic Bombs - do not spread from system to sytem

Question 134

a chief audit executive (CAE) should report to who
1. CIO
2. CISO
3. CEO
4. CFO

Answer 134

3. CEO

answer: CAE should report to teh most seior possible leader to avoid conflichs of interest.

Question 135

jitter vs latency

Answer 135

• latency - delay in teh deilver of packets
• jitter - is a variation in the latency for different packets

latency delay (packets are the same)
jitter- packets are not in correct order when they arrive

Question 136

OpenID Connect attributes

Answer 136

• OpenID Connect (OIDC) uses a JavaScript Object Notation (JSON) Web Token (JWT) that provides both authentication and profile information for internet-based single sign-on (SSO).
• maintained by openid foundation but uses RFC 6749 as a framework
• decentralized authentication maintained by OpenID foundation
• open authentication protocol that works on top of the OAuth 2.0
• Targeted toward consumers, OIDC allows individuals to use single sign-on (SSO)
• Each time users sign on to an application or service using OIDC, they are redirected to their OP (OpenID provider), where they authenticate and are then redirected back to the application or service.

Question 137

Differences between SAML, OpenID Connect

Answer 137

• SAML is known for its flexibility, but most developers find OIDC easier to use because it is less complex.
• SAML is used to access browser-based applications and does not support SSO for mobile devices or provide API access. OAuth provides API access and OIDC provides access to APIs, mobile native applications, and browser-based applications.
• OIDC is about who someone is. OAuth 2.0 is about what they are allowed to do.
• SAML uses tokens written in XML and OIDC uses JWTs, which are portable and support a range of signature and encryption algorithms.
  *

Question 138

OAuth biggest difference compared to SAML and OIDC (openid connect)

Answer 138

• The primary difference between these standards is that OAuth is an authorization framework used to protect specific resources, such as applications or sets of files, while SAML and OIDC are authentication standards used to create secure sign-on experiences.

Question 139

what are two factors for accountability

Answer 139

• identification
• authentication

Question 140

techique used to exploit TOC/TOU

Answer 140

• algorithmic complexity

Question 141

smart card uses what standard
1. X.500
2. X.509
3. 802.11x
4. X.516

Answer 141

2. X.509

answer: standards for public key certs

Question 142

what you should set to ensure that syslog notifies you of actual issues not just normal operations

1. facility code
2. log priority
3. security level
4. severity level

Answer 142

4. severity level

Question 143

during which phase of the incident reponse process would an organization determine whether it is required to notify law enforcment officials or other regulators of the incidnet

1. detection
2. recovery
3. remidiation
4. reporting

Answer 143

4. reporting

Answer: during reporting, incident responders assess thier obligations under laws and regulation to report the incident go government agencies and other regulators

Question 144

which one of the following components should be included in an organizations emergency response guildlines

1. immediate response procedures
2. long term business continuity protocols
3. activation procedures for the organiazations cold sites
4. contact ifnromation for ordering equipment

Answer 144

1. immediate response procedures

Question 145

false acceptance rate is what error type

Answer 145

Type II

Answer: FALSE ACCEPTANCE RATE. WHEN BIOMETRIC SYSTEM ACCEPTS IMPOSTORS WHOE SHOULD BE REJECTED

False acceptance is TYPE II -reverse alphabet (acceptance type II)

Question 146

real evidence

Answer 146

Real Evidence: Tangible and Physical objects, in IT Security: Hard Disks, USB Drives – NOT the data on them.

Question 147

system logs

Answer 147

• System Log (syslog): a record of operating system events. It includes startup messages, system changes, unexpected shutdowns, errors and warnings, and other important processes. Windows, Linux, and macOS all generate syslogs
• Log files are a historical record of everything and anything that happens within a system, including events such as transactions, errors and intrusions. That data can be transmitted in different ways and can be in both structured, semi-structured and unstructured format.

Question 148

SSAE18

Answer 148

• SSAE 18 and SOC 1 are used interchangeably or together to describe this audit, thus for clarity just remember the SSAE 18 is actually the professional AICPA standard used for issuing SOC 1 Type 1 and SOC 1 Type 2 reports by a licensed CPA firm.

Question 149

what passwords are the hardest to manage
1. dynamic password
2. one time password (OTP)
3. passphrase
4. static password

Answer 149

2. one time password

• Note: (short string of characters) hardest to remember maybe and deal with if forgotten or misplaced
• remember there are one time passwords that are generated and good until they are used

Question 150

which of the following oasis standards is most commonly used by (SDN) software defined networking systems
1. oauth 2.0
2. security assertion markup language (SAML)
3. security provisioning markup langauge (SPML)
4. extensible access control markup language (XACML)

Answer 150

4. extensible access control markup language (XACML)

Answer: of the avialable choices, xacml is the oasis standard that is most commonly used by SDN system
* XML based, typically used to define access control policies (attribute or role based)

Question 151

security assertion markup language (SAML) attributes

Answer 151

• OASIS standard
• commonly used by web applications for single sign-on
• XML based open standard
• can be used to exchange authentication and authorization

Question 152

security provisioning markup langauge (SPML) attributes

Answer 152

• OASIS standard
• XML based
• used for federated identitity SSO
• also based on directory services markup language (DSML)
• DSML is xml based and can be used to present LDAP information in XML format

Question 153

what keys are created with TPM chip

Answer 153

• storage root key - Each TPM has a master wrapping key, called the storage root key, which is stored within the TPM itself
• endorsement key - is created in a TPM is never exposed to any other component, software, process, or user.

Computers that incorporate a TPM can create cryptographic keys and encrypt them so that they can only be decrypted by the TPM. This process, often called wrapping or binding a key, can help protect the key from disclosure

Question 154

Take-Grant Model

Answer 154

• another confidentiality-based model
• four basic operations: take, grant, create, and revoke
• allows subjects with the take right the ability to remove take rights from other subjects.
• the grant right allows a subject to grant this right to other subjects.
• The create and revoke operations work in the same manner: Someone with the create right can give the create right to others, and those with the revoke right can remove that right from others.

Question 155

Brewer and Nash Model

Answer 155

• similar to the Bell-LaPadula model and is also called the Chinese Wall model.
• It was developed to prevent conflict of interest (COI) problems.
• example, imagine that your security firm does security work for many large firms. If one of your employees could access information about all the firms that your company has worked for, he might be able to use this data in an unauthorized way. Therefore, the Chinese Wall model would prevent a worker consulting for one firm from accessing data belonging to another, thereby preventing any COI.

Question 156

Clark-Wilson

Answer 156

• integrity based
• created in 1987
• separation of duties must be enforced
• subjects must access data through an application, and auditing is required
• differs from the Biba model in that subjects are restricted
  meaning: subject at one level of access can read one set of data, whereas a subject at another level of access has access to a different set of data.

Question 157

Noninterference model

Answer 157

• As its name states, this model’s job is to make sure that objects and subjects of different levels don’t interfere with the objects and subjects of other levels.

Question 158

Direct Evidence

Answer 158

• Testimony from a first hand witness, what they experienced with their 5 senses.

Question 159

Best Evidence Rule

Answer 159

• The courts prefer the best evidence possible.
• Evidence should be accurate, complete, relevant, authentic, and convincing.

Question 160

Secondary Evidence

Answer 160

Secondary Evidence – This is common in cases involving IT.
* Logs and documents from the systems are considered secondary evidence.

Question 161

pets, cattle, chicken, insect - is what

Answer 161

an anology comparing
* servers - like pets, name them, care for them, they last for years
* instances (AWS, AZIURE)- like cattle - you number them, if they get sick, you terminate. add more and reduce your stock as needed - short lifespans, do not expect to see uptimes of years
* containers - like chickens, short liftespan comparted to cattle, less resource intensive, take up less space, consume less resources (cpu, ram), takes seconds to launch. they last a few days to a few hours or minutes
* serverless -function as a service (FaaS) -Insects have a much lower life expectancy than chickens; This fits in with serverless and Functions as a Service as these have a lifespan of seconds

Organizations who have pets are slowly moving their infrastructure to be more like cattle. Those who are already running their infrastructure as cattle are moving towards chickens to get the most out of their resources. Those running chickens are going to be looking at how much work is involved in moving their application to run as insects by completely decoupling their application into individually executable components.

Question 162

containerless architecture

Answer 162

diagram

Question 163

cipher suites

Answer 163

example

Question 164

TCB flow

Answer 164

Question 165

NIST 800-161 - what is it

Answer 165

supply chain

Question 166

you have ciphertext and the corresponding plaintext, what attack is this

Answer 166

known plaintext

Question 167

used against public key cryptosystem

Answer 167

chosen ciphertext

Question 168

man in the middle is a type of what

Answer 168

eavesdropping

Question 169

what attack are you trying whe you are trying all possible combinations

Answer 169

brute force

Question 170

the attacker can capture ciphertext and along with plaintext attempt to determine the key

Answer 170

known plaintext

Question 171

the hardest type of this attack becasue you only have the encrpted message

Answer 171

ciphertext only

Question 172

question below

Answer 172

answer below

Question 173

which of the following data encryption standards (DES) moes propagate encryption errors

• electronic code book (ECB) mode
• couter (CTR) mode
• cipher block chaining (CBC) mode
• output feedback (OFB) mode

Answer 173

• cipher block chaining (CBC) mode

Question 174

which of the following is least likely to be included in a noncompete aggreement (NCA)

• nondisclosure demand
• geopgraphic restriction
• job description
• expiration date

Answer 174

• nondisclosure demand

Question 175

what is in system logs

Answer 175

• service modifications
• computer system events (computer starts and stops)
• operating system events (services start and stop)

Question 176

a few GDRP requirements

Answer 176

• inform of a major breach 72 hrs
• each EU member nation must create a centralized data protection authority
• individuals must have access to their own data
• information regarding an individual must be transferrable to another service provider at the individuals request
• individuals retain the right be forgotten and have their information deleted if it is no longer required
• organizations located outside the EU must adhere to the GDPR if they collect information about EU residents

Question 177

if the questions is about object oriented programming and the answers are polymorphism or polyinstantiation - answer is

Answer 177

polymorphism