Unknown answers

Question 1

What are the stages of digital Forensics?

Answer 1

Acquisition
* Obtain Data without altering origional evidence
* Look for artifacts, left behind log information etc.

Reporting
* Document all findings
* Summary information

Preservation
* Handling Evidence
* Manage collection process

Question 2

Differerence between Vertical and Horizontal password attacks

Answer 2

Vertical
* Targeting one account with large number of possible passwords
Horizontal
* Targeting multiple accounts trying a few common passwords

Question 3

Why is inventory important

Answer 3

• Enables a organization to maintain up-to-date records of hardware, software and data assets
• This enables timely patch management, as administrators can easily identify assets that require updates or patches

Question 4

Explain Buffer overflow

Answer 4

• Occurs when an application receives more data than it´s allocated to handle
• Causing the excess data to overflow into adjacent memory locations
• Can lead to application crashes potentially allowing attacker to execute arbitrary code

Question 5

What is a Golden Image?

Answer 5

• Ensures consistency and saves time by providing a standardized confoguration for each VM empoyed

Question 5

What is SCAP

Answer 5

** Security Content Automation Protocol **
* Different standards for automating the management of computer security threats and vulnerabilities
* Ensures organizations infrastructure is compliant with regulatory standards and guidelines
* Provides common language for security content
* Aids in automating the process of detecting vulnerabilities and managing configurations in a system

Question 6

What is a Security custodian?

Answer 6

• Responsible for day-today management and implementation of security controls
• Work under guidance of CISO or Security owner to ensure security measures are applied
• Do not have primary responsibility for defining and establishing organization wide security procedures

Question 7

What is a Data Controller

Answer 7

• Responsible for determining the purposes and means of processing personel data
• Defining how personal data is handled
• Data governance and compliancewith data protection regulations

Question 8

How is the ALE calculated?

Answer 8

SLE x ARO
SIngle Loss expectancy x Annual Rate of Occurrence

Question 8

What is Federation?

Answer 8

• Linking together of of several seperate systems, databases or applications to create unified cooperative system
• Allows different computing system,s and organozations to share and access data
• Typically in cloud environments

Question 9

What is the main significance of implementing XDR?

Answer 9

• Ability to integrate and correlate security data from various souces
• Endpoints, networ, and cloud environments
• Detect and respond to sophisticated, multi-vector threats
• Still, primary role is detect and respond

Question 10

What is a rogue WAP and which attack can you conclude from it?

Answer 10

Refers to any Wifi access point that has ben installed without explicit authorization from a network administrator

• On-path-attack

Question 11

WAF

Answer 11

• Web application Firewall
• Protects Web applications by monitoring, filtering and blocking HTTP/HTTPS traffic
• Layer 7

Question 12

Client based

Answer 12

• Software that runs on computer and requires installation and configuration
• May have vulnerabilities if not patched

Question 13

ABAC

Answer 13

Attribute-Based Access Control
* Access permissions based on various user attributes: Job Role, department, location, and time of access

Question 14

RBAC

Answer 14

Role-based Access Control
* Soley based on job roles or job functions

Question 15

DAC

Answer 15

Discretionary access control
* Allows individual users to have discretion or control over their own resources

Question 16

What is Enumeration in the effective management of Hardware, software, and data assets?

Answer 16

• Practice of assigning unique identifiers, access controls and attributes to each asset
• Helps establish ensurance only authorized users can interact with assets

Question 17

Cellular

Answer 17

• Use GSM or CDMA technologies to provide wireless communication between devices
• Secure
• Best way for secure and reliable communication between offices

Question 18

What is an AUP?

Answer 18

Acceptable use policy
* Is a directive control because it helps direct employee behavior by specifying what actions are allowed and not allowed when using company resources

Question 19

What could be a security implication of Microservices?

Answer 19

As applications are broken down into microservices, ecah service might need specific access controls potentially complicating permissions landscape

Question 20

What is the purpose of an audit committee?

Answer 20

Overseeing and evaluating an organizations internal controls, financial reporting and compliance processes

Question 21

Which common method of authenticating systems is used in SSL/TLS?

Answer 21

Uses digital certificates to authenticate the identity of the server and optionally client during SSL/TLS handshake

Question 22

How is a CVE identifier formated?

Answer 22

Year and sequence of numbers
2023-12345

Question 23

Volume encryption

Answer 23

Affects defined, formatted block of storage which could span across multiple partitions

Question 24

Name SCADA systems vulnerabilities

Answer 24

• Hard to patch
• Often legacy protocols without encryption

Question 24

Partition Encryption

Answer 24

Encrypts only defined partition on a storage device

Question 25

False Negative

Answer 25

Dismisses threath

Question 25

false positive

Answer 25

Legitimate action but labeled as threath

Question 26

Data owner

Answer 26

The owner’s role is accountable for the data’s security and compliance with the organization’s strategic objectives. Outlines the purposes, conditions, and methods of personal data processing to comply with GDPR pertain to the controller role, not the owner.

Question 27

What is the primary purpose of internal compliance reporting?

Answer 27

Provide updates on compliance status, identify potential issues, and inform organizations management

Question 28

ECC

Answer 28

Elliptic Curve Cryptography
* Primarily used for digital signatures and key exchanges rather than direct encryption of data

Question 29

What means Employee retention?

Answer 29

• Organization can retain experienced staff who have gained valuable knowledge and expertise

Question 30

Explain an audit comittee

Answer 30

• Makes sure that an organization meets necessary regulatory standards.
• Overerseeing risks and ensuring regulatory compliance

Question 31

Kerberos

Answer 31

• Network Authentication protocol designed to provide stron authentication for client/server applications
• Central authority (KDC) provides tickegt to users after credentials are verified
• This ticket is then used to access various services within the network

Question 32

SAML

Answer 32

Security Assertion Markup Language
* Commonly used in single sign ons (login once, acces multiple applications)
* Standard for exchanging authentication and authorization data between an identity provider and service provider

Question 33

OAuth

Answer 33

Granting application Access to resources in another application

Question 34

LDAP

Answer 34

Lightweight Directory Access protocol
* Widely used protocol for managing and accessing directory information services over an IP network

Question 35

SRTP

Answer 35

Secure Real-time Transport Protocol
* Provides encryption, message authentication, and integrity for voice communications over IP

Question 36

SASE

Answer 36

Secure Access service Edge
* Combines network security funtions with wide-area networking
* dynamic, secure access needs of organizations

Question 37

IPsec

Answer 37

Internet Protocol Security
* Secure IP communication by authenticating and encrypting each IP packet of session

Question 38

SD-WAN

Answer 38

Allows Cloud based applications to communicate directly to the cloud instead of hopping through central point

Question 39

Homorphic encryption

Answer 39

Sophisticted form of Cryptography where encrypted data can be processed without decrypting it first.
* Secures Data in Use

Question 40

Record-level encryption

Answer 40

Encrypts individual entries or records within a database

Question 41

Probability

Answer 41

Refers to the expected frequency of occurrence of a specific risk within a given time frame.

Question 42

ARO

Answer 42

The annualized rate of occurrence (ARO) is a quantitative risk analysis metric that represents the expected number of times a specific risk occurs in a year.

Question 43

Likelihood

Answer 43

Likelihood is a qualitative term used to express the chance of a risk occurring, typically described in terms of low, medium, or high.

Question 44

Exposure Factor

Answer 44

The exposure factor represents the percentage of asset loss that would occur if a specific risk is realized. It is a quantitative risk analysis metric

Question 45

In Dion Training’s data management framework, Scherazade determines the why and how data will be collected. She then directs Sahra what should be done with the data that is collected. Which of the following BEST describes the roles that Scherazade and Sahra?

Answer 45

Scherazade is the data controller because the data controller determines how and why the data is collected and used. Sahra is the data processor because the data processor follows the data controller’s directions for using the data that is collected. The data owner is the person who is ultimately responsible for the confidentiality, integrity, and availability of the data. The data custodian handles the management of the system used to store and collect the data. The data owner is the person who is ultimately responsible for the confidentiality, integrity, and availability of the data.

Question 46

What is the safest form of critical encryption safeguarding dara during transmission?

Answer 46

End-to-end Encryption
By encrypting data at the source and decrypting it only at the destination, the organization ensures that even if intercepted during transmission, the data remains confidential and unreadable.

Question 47

What does an exposure factor do?

Answer 47

Measures the likelihood of a vulnerability being exploited
* Essential to priorititze risk posed by potential attacks

Question 48

Explain an end-of-life vulnerability

Answer 48

Refers to hardware that is no longer supported by manufacturers, often leading to unpatched and exploitable vulnerabilities

Question 49

S/MIME

Answer 49

Secure Multipart Internet Message Extension
Leverages email certificates to both sign an encrypt email content.
* Ensuring authenticity and confodentiality

Question 50

What does the Policy Administrator do within Zero trust paradigm?

Answer 50

Maintaining and updating policies for Access Control

Question 51

Data retention

Answer 51

• Dictate how long different types of data should be kept
• Often driven by legal requirements
• Industry specific

Question 52

Computer Security Act 1987

Answer 52

This act specifically requires federal agencies to develop policies to secure computer systems that process sensitive or confidential information.

Question 53

GDPR

Answer 53

(General Data Protection Regulation)
is a European Union regulation that deals with the protection of personal data, and it doesn’t pertain to US federal agencies’ computer systems.

Question 54

GLBA

Answer 54

(Gramm–Leach–Bliley Act)
Is focused primarily on financial institutions and requires them to ensure the security and confidentiality of customer data.

Question 55

SOX

Answer 55

(Sarbanes-Oxley Act)
Does emphasize transparency and accountability in financial reporting.

Question 56

E-Discovery

Answer 56

• E-discovery is an essential component of incident response and primarily relates to the collection and handling of electronic data.
• Designed to be used as evidence in legal cases and includes in its scope anything that is stored electronically - emails, documents, databases, presentation files, voicemails, video/audio files, social media posts, and mor

Question 57

Root Cause analysis

Answer 57

• Crucial in incident response
• Helps to understand how the incident occurred, what vulnerabilities were exploited, and how to prevent similar incidents in the future.
• By identifying the root cause, organizations can address underlying weaknesses in their security measures and implement necessary improvements to enhance their overall security posture.

Question 58

Incremental backup

Answer 58

• Backup that only copies files that have changed since most recent backup

Question 59

Differential Backup

Answer 59

• Captures all changes made since last full backup

Question 60

Journaling

Answer 60

• Keeping record (journal) of changes before they are implemented
• Protection agianst corruption in event of system crash or power failure

Question 61

What can be consequences of single point of failure

Answer 61

• Can lead to system outages and compromise reliability of automated security operations

Question 62

Quantitative risk analysis

Answer 62

• Involves calculating or numerical scoring of financial impact of specific risk events
• Considering probability of occurence and potential loss in monetary terms

Question 63

Qualitative risk analysis

Answer 63

• Assigning subjective values to risks based on decriptive terms
• High, low, medium

Question 64

AES

Answer 64

*Advanced Encryption Standard
* Symmetric encrytion algorithm

Question 65

RSA

Answer 65

Rivest Shamir Adleman
* Asymmetric encrytion technique

Question 66

ECC

Answer 66

Elliptic Curve Cryprography
* Public and private keys based on Eliptic curve mathematics

Question 67

Diffie-Hellmann

Answer 67

Asymmetric key exchange method used to exchange keys over a public channel

Question 68

Acqusition as Incident Response step

Answer 68

• Identifying an gathering evidence related to Incident
• Collecting Logs, taking disk images, or other procedures to catalogue everything that might be used in court

Question 69

Boards

Answer 69

• Panel of specialists
• Sets taks or requirements for comitees

Question 70

Comitees

Answer 70

• Subject matter experts
• Considers input from boards
• Determines nect stept for a topic at hand
• Presents results to boards

Question 71

SLA

Answer 71

Service Level Agreement
* Minimum terms for services provided
* Uptime, response time agreement, etc.
* Commonly used between customers and service providers

Question 72

MOU

Answer 72

• Both sides aggree in general to contents on memorandum
• common goals
• Informal, no signed contract

Question 73

MOA

Answer 73

Memorandum of Agreement
* Conditonally agreeing to objectives
* Can also be legal document
* Unlike contract, may not contain legally enforcable promises

Question 74

MSA

Answer 74

Master Service Agreement
* Legal contract and agreement of terms
* Broad framework to cover later transactions

Question 75

WO / SOW

Answer 75

Work order / Statement of work
* Detailled instructions and requirements for specific tasks or projects to be carried out by a vendor

Question 76

BPA

Answer 76

Buisness Partners Agreement
* Who makes business decisions
* Lists specific individuals and scope
* Financial issues
* Disaster recovery

Question 77

RTO

Answer 77

Recovery time objective
* Sets the goal for the time taken to recover business operations after an outage
* Essential for continuity planning

Question 78

BCP

Answer 78

Business continuity planning
* Overall process

Question 79

RPO

Answer 79

Recovery point objective
* maximum acceptable amount of data loss measured in time from disaster to disruption

Question 80

Custodian

Question 81

What is the most secure and widely adopted encryption protocol?

Answer 81

AES