Various Concepts x2

Question 1

A solution that provides real time or near real time analysis of security alerts generated by network hardware and applications.

Answer 1

SIEM

Question 2

A class of security tools the help facilitate incident response, threat hunting, and security configuration by orchestrating automated runbooks and delivering data enrichment. AKA next generation SIEM.

Answer 2

SOAR

Question 3

commonly used to gather information about routers, switches, and other network devices including status indicators, and CPU and memory utilization.

Answer 3

SNMP

Question 4

Inactive data that is archived

Answer 4

Data at Rest

Question 5

Data that is crossing the network or that resides in the computer’s memory.

Answer 5

Data in Transit

Question 6

Data that is undergoing change.

Answer 6

Data in Use

Question 7

an algorithm that performs the encryption or decryption.

Answer 7

Cipher

Question 8

A single key encrypts and decrypts the data.

Answer 8

Symmetric Encryption

Question 9

One key encrypts and a second key decrypts the data.

Answer 9

Asymmetric Encryption

Question 10

encrypts data bit by bit using a mathematical XOR function to create the cipher text. (Symmetric).

Answer 10

Stream cipher

Question 11

breaks the input into fixed-length blocks of data and performs encryption on the blocks of data.

Answer 11

Block Cipher

Question 12

breaks the input into 64-bit blocks and uses transposition and substitution to create the cipher text and a key strength of only 56-bits. Considered insecure.

Answer 12

DES - Symmetric cipher

Question 13

uses 3 separate symmetric keys to encrypt, decrypt, and then encrypt the cipher text to increase the strength of its predecessor.

Answer 13

3DES - Symmetric cipher

Question 14

block cipher which uses 64-bit blocks to encrypt plaintext to cipher text.

Answer 14

IDEA symmetric

Question 15

block cipher that uses 128, 192, or 256-bit blocks and a matching key size to encrypt plain text to cipher text. The standard for U.S. government.

Answer 15

AES Symmetric

Question 16

block cipher uses 64-bit blocks and a variable length key to encrypt plain text to cipher text.

Answer 16

Blowfish symmetric

Question 17

block cipher that replaced blowfish and uses 128-bit blocks and 128, 192, of 256-bit keys to encrypt plain text to cipher text.

Answer 17

Twofish symmetric

Question 18

stream cipher using a variable key size from 40 to 2048-bits that is used in SSL and WEP.

Answer 18

RC4 Symmetric

Question 19

block cipher using key sizes up to 2048-bits.

Answer 19

RC5 symmetric

Question 20

block cipher introduced as a replacement for DES, but AES was chosen instead.

Answer 20

RC6 symmetric

Question 21

State the symmetric algorithms (9):

Answer 21

DES, 3DES, AES, Twofish, Blowfish, IDEA, RC4, RC5, and RC6

Question 22

Asymmetric algorithms are also known as this:

Answer 22

Public Key Cryptography.

Question 23

a hash digest of a message encrypted with the sender’s private key to let the recipient know that the document was created and sent by the person claiming to have sent it.

Answer 23

Digital Signature

Question 24

Used to conduct key exchanges and secure key distribution over an unsecure network. Used to establish a VPN tunnel with IPSEC.

Answer 24

Diffie-Hellman Asymmetric Algorithm

Question 25

relies on the mathematical difficulty of factoring large prime numbers. Supports key sizes from 1024 to 4096-bits.

Answer 25

RSA (Rivest, Shamir, and Adleman) Asymmetric Algorithm

Question 26

based upon the algebraic structure of elliptic curves over finite fields to define the keys. More efficient than RSA. Commonly used in mobile devices and low-power computing devices.

Answer 26

ECC (Elliptic Curve Cryptography) Asymmetric

Question 27

State the 3 Asymmetric algorithms

Answer 27

ECC, RSA, Diffie-Hellman

Question 28

An encryption program used for signing, encrypting, and decrypting emails. Uses IDEA and hybrid encryption.

Answer 28

PGP (pretty good privacy)

Question 29

Newer version of PGP that uses AES for its symmetric encryption functions. Also is cross platform (linux, windows, etc. ).

Answer 29

GNU Privacy Guard (GPG)

Question 30

stream cipher using XOR that encrypts plaintext information with a secret random key that is the same length as the plaintext input.

Answer 30

One-Time Pad

Question 31

PRNG

Answer 31

Pseudo Random Number Generator.

Question 32

A shared, immutable ledger for recording transactions, tracking assets, and building trust.

Answer 32

Blockchain

Question 33

a cryptographic key is generated for each execution of the key process. The keys last a “short” time.

Answer 33

Ephemeral

Question 34

allows calculations to be performed on data without it being decrypted. Used for privacy preserving data in cloud storage and outsourced computations.

Answer 34

Homomorphic encryption

Question 35

a one-way cryptographic function which takes an input and produces a unique message digest.

Answer 35

Hashing

Question 36

occurs when 2 files create the same hash digest

Answer 36

Collision

Question 37

fixed-length 128-bit hash value unique to the input file.

Answer 37

MD5

Question 38

fixed-length 160-bit hash value unique to the input file. Replaced MD5 to reduce collisions.

Answer 38

SHA-1

Question 39

family of algorithms with longer hash digests that include SHA-224, SHA-256, SHA-348, and SHA-512

Answer 39

SHA-2

Question 40

hash digests between 224 and 512-bits.

Answer 40

SHA-3

Question 41

open-source algorithm that creates unique 160,256, or320-bit hash message digests for each input file.

Answer 41

RIPEMD

Question 42

hashing algorithm used to create a level of assurance as to the integrity and authenticity of a given message or file.

Answer 42

HMAC

Question 43

original version of password hashing used by Windows that uses DES and is limited to 14 characters.

Answer 43

LANMAN Hash(LM hash)

Question 44

replacement to LM Hash that uses RC4 and released with Windows 3.1 in 1993.

Answer 44

NT LAN Manager Hash (NTLM Hash)

Question 45

replaced NTLM and uses HMAC-MD5 and is considered difficult to crack.

Answer 45

NTLMv2 Hash

Question 46

A technique that allows an attacker to authenticate to a server or service by using the underlying NTLM or LM hash instead or requiring the plaintext password.

Answer 46

Pass the Hash

Question 47

a technique used to mitigate a weaker key by increasing the time needed to crack it,

Answer 47

Key Stretching

Question 48

adding random data into a one-way hash to help protect against password cracking techniques.

Answer 48

Salting

Question 49

An entire system of hardware, software, policies, procedures, and people that is based on asymmetric encryption.

Answer 49

PKI

Question 50

digitally signed electronic documents that bind a public key with a user’s identity.

Answer 50

Certificates

Question 51

digital certificate standard used in PKI that contains owner, user, and certificate authority information.

Answer 51

X.509

Question 52

allow all the subdomains of a website to use the same public key certificate and have it displayed as valid.

Answer 52

Wildcard certificates

Question 53

Allows a certificate owner to specify additional domains and IP addresses to be supported.

Answer 53

SAN Subject Alternate Name

Question 54

only require the server to be validated

Answer 54

Single-sided certificates

Question 55

require both the server and the user to be validated.

Answer 55

Dual-sided certificates

Question 56

standard that contains encoding methods that include BER, CER, and DER.

Answer 56

X.690

Question 57

original ruleset covering the encoding of data structures for certificates where several different encoding types can be used.

Answer 57

BER (Basic Encoding Rules)

Question 58

A restricted version of BER that only allows one encoding type.

Answer 58

CER (Canonical Encoding Rules)

Question 59

restricted version of BER that has one encoding type and stricter rules for length, character strings, and how elements of digital certificate are stored in x.509

Answer 59

DER (Distinguished Encoding Rules)

Question 60

used to verify information about a user prior to requesting that a CA issue the certificate.

Answer 60

Registration Authority (RA)

Question 61

the entity that issues certificates to a user

Answer 61

CA Certificate Authority

Question 62

online list of digital certificates that the CA has revoked.

Answer 62

CRL Certificate Revocation List

Question 63

a protocol that allows you to determine the revocation status of a digital certificate using its serial number.

Answer 63

OCSP Online Certificate Status Protocol

Question 64

allows the certificate holder to get the OCSP record from the server at regular intervals and include it as part of the ssl or tls handshake.

Answer 64

OCSP Stapling

Question 65

allows an https website to resist impersonation attacks by presenting a set of trusted public keys to the user’s browser as part of the HTTP header.

Answer 65

Public Key Pinning

Question 66

occurs when a secure copy of a user’s private key is held in case the user accidentally loses their key. Usually require 2 persons (separation of duties) to retrieve the key.

Answer 66

Key Escrow

Question 67

a specialized type of software that allows the restoration of a lost or corrupt key.

Answer 67

Key Recovery Agent

Question 68

a decentralized trust model that addresses issues associated with the public authentication of public keys within a CA-based PKI system and is a concept used in PGP and GNuPg.

Answer 68

Web of Trust

Question 69

is a web of trust. Peer to peer self-signed certificate where the more people know you, the more people will trust you. Examples include the ebay seller rating system.

Answer 69

PGP (Pretty Good Privacy)

Question 70

a standard that provides cryptographic security for electronic messaging, email.

Answer 70

S/MIME secure multipurpose internet mail extensions

Question 71

a protocol that encrypts PPP packets and sends data as encrypted traffic. It also can use CHAP based authentication which is considered insecure.

Answer 71

PPTP port1723. PPTP

Question 72

is a tunneling protocol used to support virtual private networks (VPNs) or as part of the delivery of services by ISPs.

Answer 72

LT2P port1701

Question 73

A TCP/IP protocol that authenticates and encrypts IP packets and effectively secures communications between devices using this protocol. It also provides CIA, confidentiality through encryption, integrity through hashing, and authentication through a key exchange.

Answer 73

IPSec

Question 74

method used by IPSec to create the vpn tunnel by encrypting the connection between authenticated peers.

Answer 74

IKE Internet Key Exchange

Question 75

this is a set of IPSec specifications that are negotiated between devices that are establishing an IPSec relationship

Answer 75

SA Security Association

Question 76

protocol in IPSec that provides integrity and authentication.

Answer 76

Authentication Header AH

Question 77

provides confidentiality through encryption, hashing of the AH, and integrity by encapsulation in the IPSec protocol.

Answer 77

ESP

Question 78

Two IPSec vpn modes

Answer 78

Transport and Tunnel.

Question 79

only encrypts the payload and not the header. Semi- truck comparison- only the trailer is encrypted and not the cab.

Answer 79

Transport Mode

Question 80

encrypts both the payload and headers. Semi- truck comparison- both the cab and trailer are encrypted.

Answer 80

Tunnel mode

Question 81

an unexpected increase in the amount of voltage provided

Answer 81

Surge

Question 82

a short transient in voltage that can be due to a short circuit, tripped breaker, power outage, or lightning strike.

Answer 82

Spike

Question 83

An unexpected decrease in a power supply.

Answer 83

Sag

Question 84

occurs when the voltage drops low enough that it typically causes the lights to dim and can cause a computer to shut off.

Answer 84

Brownout

Question 85

totally loss of power for a prolonged amount of time.

Answer 85

Blackout

Question 86

Allows the combination of multiple hard disks into a logical single disk drive that is recognized by the system.

Answer 86

RAID Redundant Array of Inexpensive Disks

Question 87

provides data striping across multiple disks to increase performance. Requires at least 2 drives.

Answer 87

RAID 0

Question 88

provides redundancy by mirroring the data identically on two hard disks. Requires at least 2 drives.

Answer 88

RAID 1

Question 89

provides redundancy by striping data and parity data across the disk drives. Requires at least 3 different drives.

Answer 89

RAID 5

Question 90

provides redundancy and double parity data across the disk drives. Requires at least 4 different drives.

Answer 90

RAID 6

Question 91

creates a striped RAID of two mirrored RAIDs.

Answer 91

RAID 10 It is a combination of RAID 1 and RAID 0, equaling a RAID 10.

Question 92

two or more servers working together to perform a particular job function.

Answer 92

Cluster

Question 93

the second server can take over if the active server fails.

Answer 93

Failover Cluster

Question 94

servers are clustered in order to share resources.

Answer 94

Load-balancing cluster

Question 95

near duplicate of working site and can be up and running in minutes.

Answer 95

Hot site

Question 96

A site partially equipped but will require some configuration prior to being active.

Answer 96

Warm site

Question 97

A minimally equipped site with no configuration.

Answer 97

Cold Site

Question 98

All of the contents of the data storage are copied.

Answer 98

Full Backup

Question 99

Only backs up the changes to the data storage since the last full backup or this type of backup

Answer 99

Incremental Backup. Quicker backup times, longer restoral in the event of a failure.

Question 100

Only backs up the changes to the data storage since the last full backup

Answer 100

Differential Backup.
Quicker restoral time in the event of a failure, longer backup times.

Question 101

each data storage tape is used once a day for 2 weeks, and then the entire set is reused.

Answer 101

10 Tape Rotation

Question 102

Three sets of backup tapes are used: son = daily, father=weekly, and grandfather=monthly.

Answer 102

Grandfather-father-son

Question 103

three sets of back up tapes used to store data. One tape = every other day, tape 2 = every four days, and tape three = every eight days.

Answer 103

Towers of Hanoi backup system

Question 104

type of backup primarily used to capture the entire operating system image including all applications and data.

Answer 104

Snapshot backup

Question 105

A systematic activity that identifies organizational risks and determines their effect on ongoing, mission critical operations.

Answer 105

Business Impact Analysis

Question 106

MTD

Answer 106

Maximum Tolerable Downtime

Question 107

WRT

Answer 107

Work Recovery Time

Question 108

The longest time a organization can sustain lost access to data

Answer 108

RPO Recovery Point Objective.

Question 109

When a thief attempts to take responsibility for a shipment by diverting the delivery to a nearby location.

Answer 109

Diversion theft

Question 110

this provides a comprehensive security management framework.

Answer 110

Governance

Question 111

this defines the role of security in an organization and establishes the desired end state of the security program.

Answer 111

Policies

Question 112

this is used to implement a policy in an organization.

Answer 112

Standards

Question 113

this is used to recommend actions.

Answer 113

Guidelines

Question 114

This is detailed step-by-step instructions that are created to ensure that personal can perform a given action.

Answer 114

Procedures

Question 115

the attacker sends a TCP SYN request using the same IP address and port as both the source and destination IP address and port. the system replies to itself exhausting resources and leading to a system crash.

Answer 115

land attack,

Question 116

this is any information that can result in a loss of security or the advantage a company has if it is accessed by unauthorized persons.

Answer 116

Sensitive Data

Question 117

Data that would have no impact to the organization if it were leaked.

Answer 117

Public Data

Question 118

Data that will have minimal impact to the organization if it were leaked.

Answer 118

Sensitive Data

Question 119

Data that should only be used inside of the organization.

Answer 119

Private Data

Question 120

The highest level of data classification such as trade secrets, intellectual property, etc that would seriously affect the organization if disclosed.

Answer 120

Confidential Data

Question 121

Government data that can be released to the public.

Answer 121

Unclassified Data

Question 122

Government data that would not impact national security but would affect those the data represents.

Answer 122

Sensitive, but Unclassified

Question 123

Government data that could seriously affect the government if unauthorized disclosure occurs.

Answer 123

Confidential Data

Question 124

Government data that would damage national security if disclosed.

Answer 124

Secret Data

Question 125

Government data that could gravely damage national security if released to unauthorized persons.

Answer 125

Top Secret Data

Question 126

A senior executive role with responsibility for maintaining the CIA of information assets.

Answer 126

Data Owner

Question 128

A role that focuses on maintaining the quality of the data and associated metadata.

Answer 128

Data Steward

Question 129

A role that focuses on handling the management of the systems on which the data is stored.

Answer 129

Data Custodian

Question 130

A role responsible for the oversight of any PII/SPI/PHI assets managed by the company.

Answer 130

Privacy officer

Question 131

Affects US government computer systems that stores, collects, or uses PII.

Answer 131

Privacy Act of 1974

Question 132

Affects publicly traded US companies and requires certain accounting methods and financial reporting requirements.

Answer 132

Sarbanes-Oxley SOX

Question 133

Affects banks, mortgage, loan, insurance, and credit card companies that prohibits the sharing of PII or financial information with third parties.

Answer 133

Gramm-Leach-Bliley GLBA

Question 134

Requires each government agency to develop, document, and implement an agency wide systems security program to protect their data.

Answer 134

Federal Information Security Act of 2002 FISMA

Question 135

provides regulations that govern the security, confidentiality, and integrity of the PII collected, stored, and processed during the election and voting process.

Answer 135

Help America Vote Act HAVA of 2002

Question 136

Requires any California business that stores PII to disclose a breach.

Answer 136

SB1386

Question 137

methods and technologies that remove identifying information from data before it is distributed.

Answer 137

Deidentification

Question 138

A deidentification method where generic or placeholder labels are substituted for real data while preserving the structure of the original data.

Answer 138

Data Masking

Question 139

A deidentification method where a unique token is substituted for real data.

Answer 139

Tokenization

Question 140

a deidentification method where data is generalized to protect the individuals involved.

Answer 140

Aggregation and Banding

Question 141

An attack that combines a deidentified dataset with other data sources to discover how secure the deidentification method is.

Answer 141

Reidentification

Question 142

agreement between two parties that identifies what data is confidential and cannot be shared outside of the relationship.

Answer 142

Non-disclosure Agreement NDA

Question 143

A non-binding agreement between two or more parties to detail a common line of action.

Answer 143

MOU Memorandum of Understanding

Question 144

an agreement concerned with the ability to support and respond to problems within a given timeframe and continuing to provide the agreed upon level of service to the user.

Answer 144

Service-level Agreement SLA

Question 145

an agreement for the owners and operators of IT systems to document what technical requirements each must meet.

Answer 145

Interconnection Security Agreement ISA

Question 146

Conducted between two business partners that establish the conditions of their relationship.

Answer 146

Business Partnership Agreement BPA

Question 147

Exposes the hard drive to a powerful magnetic field which causes the data written on the drive to be erased.

Answer 147

Degaussing

Question 148

the act of removing data in a manner that it cannot be reconstructed using any known forensic techniques.

Answer 148

Purging (Sanitizing)

Question 149

the act of removing data with a certain amount of assurance cannot be reconstructed.

Answer 149

Clearing

Question 150

this is a risk driven architecture the considers the who, what, when, where, and why.

Answer 150

SABSA Sherwood Applied Business Security Architecture

Question 151

A security framework that divides IT into four domains: plan and organize, acquire and implement, deliver and support, and monitor and evaluate.

Answer 151

COBIT Control Objectives for Information and Related Technology

Question 152

this is a security control framework developed by the Department of Commerce.

Answer 152

NIST 800-53

Question 153

considered to be the de facto standard for IT security practices.

Answer 153

ITIL Information Technology Infrastructure Library

Question 154

a frame work with consensus-developed secure configuration guidelines for hardening and prioritized sets of best practices for IT security.

Answer 154

Center for Internet Security CIS

Question 155

a framework developed by NIST and used in government applications that integrates security and management activities into the system development life cycle.

Answer 155

Risk Management Framework RMF

Question 156

a set of industry standards and best practices developed by NIST to help organizations manage cyber related risks.

Answer 156

Cybersecurity Framework CSF

Question 157

State the five categories of CSF

Answer 157

Identify, Protect, Detect, Respond, and Recover

Question 158

an international standard that identifies requirements for implementing, maintaining, and improving information security management systems ISMS.

Answer 158

ISO 27001

Question 159

an international standard that provides best practice recommendations on information security controls for use by those responsible for initiating, implementing, or maintaining information security management systems ISMS.

Answer 159

ISO 27002

Question 160

Punycode format for representing ASCII characters in legacy or international dns systems

Answer 160

xn–

Question 161

an attack where a malicious dns server is used to tunnel other protocols.

Answer 161

dns tunneling

Question 162

an attack where he browser is redirected to the malicious web page that delivers the exploit to the victim’s machine through a series of redirections.

Answer 162

http302 cushioning

Question 163

Zero Trust model protects these 3 areas

Answer 163

Workforce, workload, and workplace.

Question 164

acts as a privacy extension to ISO 27001 with additional requirements for establishing and maintaining PIMS (privacy information management systems).

Answer 164

ISO 27701

Question 165

an international standard for enterprise risk management that replaces a myriad of other standards and methodologies.

Answer 165

ISO 3100

Question 166

a suite of reports produced during an audit which is used by service organizations to issue validated reports on internal controls over those information systems and their users.

Answer 166

System and Organizational Controls SOC

Question 167

provides fundamental security principles to guide cloud vendors and to assist cloud customers in assessing the risks with cloud solutions.

Answer 167

Cloud Security Alliance’s Cloud Control Matrix

Question 168

a set of procedures that an investigator follows when examining a security event.

Answer 168

Incident Response

Question 169

What are the six incident response steps, in order:

Answer 169

Preparation, identification, containment, eradication, recovery, and lessons learned.

Question 170

A linux cmd line utility used for querying and displaying logs from journald, the systemd logging service in Linux.

Answer 170

Journalctl

Question 171

a multiplatform, open source log management tool that helps easily identify security risks, policy breaches, or analyze various operational logging systems.

Answer 171

Nxlog

Question 172

a proprietary network protocol developed by Cisco that collects active IP traffic as it flow in or out of an interface, including its point of origin, destination, and paths on the network.

Answer 172

Netflow

Question 173

an open source version of netflow

Answer 173

Sflow

Question 174

A universal standard of export for IP flow information from routers, probes, etc used by various information systems and defines how that information should be formatted and transferred to a collector.

Answer 174

Internet Protocol Flow Information Export IPFIX

Question 175

Two methods that combat shellcode attacks:

Answer 175

ADSLR and DEP

Question 176

This is an indicator that shellcode is traversing the network.

Answer 176

Detecting patterns that contain NOP (no-operation) instructions.

Question 177

A process designed to preserve all relevant information when litigation is reasonably expected to occur.

Answer 177

Legal Hold

Question 178

Name two popular digital forensic tools:

Answer 178

FTK (Forensics ToolKit) and EnCase

Question 179

What can be used to investigate Windows security, system, and application logs?

Answer 179

Event Viewer

Question 180

exchanging/swapping out multiple IP addresses that are associated with a malicious FQDN

Answer 180

Fast Fluxing

Question 181

an early IPS evasion technique that split malicious traffic that bypassed IPS sensors.

Answer 181

Fragmentation

Question 182

Open Source software and an open network that enables anonymous communications so that users can browse the web anonymously.

Answer 182

TOR The Onion Router

Question 183

a very popular P2P file sharing application that is still in use.

Answer 183

BitTorrent

Question 184

malware that downloads a file over the network and then executes that file.

Answer 184

Dropper

Question 185

7 steps in Lockheed Martin’s cyber kill chain

Answer 185

Reconnaissance, Weaponization, Delivery, Exploitation, Installation, C2, and Actions on Objectives