4.0 Security Operations

Question 1

Q: What is MDM (Mobile Device Management)?

Answer 1

A: Software that manages and secures mobile devices used in an organization.

Question 2

Q: What should you always do with default credentials?

Answer 2

A: Change them immediately — they are a major security risk.

Question 3

Q: What is WPA2 vulnerable to?

Answer 3

A: PSK brute force via the 4-way handshake.

Question 4

Q: What is WPA3 with GCMP?

Answer 4

A: Uses AES and GCMP for stronger encryption and MIC for integrity.

Question 5

Q: What is SAE (Simultaneous Authentication of Equals)?

Answer 5

A: A Diffie-Hellman-based key exchange used in WPA3, replacing the 4-way handshake.

Question 6

Q: What is the Dragonfly Handshake?

Answer 6

A: WPA3’s mutual authentication method using SAE — no pre-shared hash sent.

Question 7

Q: What is the AAA framework?

Answer 7

A: Authentication, Authorization, and Accounting — tracks user identity and actions.

Question 8

Q: What are secure cookies?

Answer 8

A: Cookies sent over HTTPS that are marked as secure and HttpOnly.

Question 9

Q: What is SAST (Static Application Security Testing)?

Answer 9

A: Analyzes source code for security flaws without running it.

Question 10

Q: What is fuzzing?

Answer 10

A: Sending random inputs to an app to find crashes or unexpected behavior.

Question 11

Q: What is code signing?

Answer 11

A: Using digital signatures to verify code integrity and authenticity.

Question 12

Q: What is degaussing?

Answer 12

A: Using a magnetic field to wipe data from storage media.

Question 13

Q: What is media sanitization?

Answer 13

A: Removing sensitive data before reuse or disposal.

Question 14

Q: What is CVE?

Answer 14

A: Common Vulnerabilities and Exposures — catalog of known security flaws.

Question 15

Q: What is SIEM?

Answer 15

A: Security Information and Event Management — collects, analyzes, and alerts on security logs.

Question 16

Q: What is SCAP?

Answer 16

A: Security Content Automation Protocol — standardizes security tool output and benchmarks.

Question 17

Q: What is SNMP?

Answer 17

A: Simple Network Management Protocol — gathers network stats via polling or traps.

Question 18

Q: What is NetFlow?

Answer 18

A: A protocol for collecting IP traffic data across a network.

Question 19

Q: What is Active Directory?

Answer 19

A: A Microsoft service for managing users, groups, and devices in a network.

Question 20

Q: What is SELinux?

Answer 20

A: Security-enhanced Linux — uses Mandatory Access Control (MAC) for stricter permissions.

Question 21

Q: What are examples of insecure vs secure protocols?

Answer 21

Telnet → SSH

HTTP → HTTPS

FTP → SFTP

IMAP → IMAPS

Question 22

Q: What is SPF (Sender Policy Framework)?

Answer 22

A: Email authentication method that specifies allowed sending mail servers.

Question 23

Q: What is DKIM (DomainKeys Identified Mail)?

Answer 23

A: Uses digital signatures to validate email content integrity.

Question 24

Q: What is DMARC?

Answer 24

A: Defines how to handle emails failing SPF or DKIM checks.

Question 25

Q: What is FIM (File Integrity Monitoring)?

Answer 25

A: Detects changes to files by comparing them to a known-good baseline.

Question 26

Q: What is SFC (System File Checker)?

Answer 26

A: Windows tool that scans and restores corrupted system files.

Question 27

Q: What is EDR (Endpoint Detection & Response)?

Answer 27

A: Detects and investigates suspicious behavior on endpoints.

Question 28

Q: What is XDR (Extended Detection & Response)?

Answer 28

A: Expands EDR across multiple systems with deeper insights and threat detection.

Question 29

Q: What is IAM?

Answer 29

A: Identity and Access Management — defines who users are and what they can access.

Question 30

Q: What is LDAP?

Answer 30

A: A protocol based on X.500 used for accessing directory services.

Question 31

Q: What is OAuth + OpenID Connect?

Answer 31

A: OAuth handles authorization; OpenID handles authentication (SSO).

Question 32

Q: What is SAML?

Answer 32

A: Used for third-party web-based authentication via tokens.

Question 33

Q: What are the types of access control?

Answer 33

MAC: Access based on labels DAC: Owner decides access ABAC: Access based on attributes like time, location

Question 34

Q: What is NIST’s role in incident response?

Answer 34

A: Provides guidelines for handling and recovering from security incidents.

Question 35

Q: What is the chain of custody?

Answer 35

A: Documentation showing who handled evidence and when.

Question 36

Q: What are log files used for?

Answer 36

A: Recording system events (e.g., blocked traffic, app crashes).

Question 37

Q: What types of logs are important for security?

Answer 37

A: Application, OS, network, IPS/IDS, endpoint, metadata.