Additional Info

Question 1

Port 20 and 21

Answer 1

FTP, File Transfer Protocol

Question 2

22

Answer 2

ssh, secure shell

Question 3

23

Answer 3

telnet

Question 4

25

Answer 4

SMTP, Simple Mail Transport Protocol

Question 5

53

Answer 5

DNS

Question 6

69

Answer 6

TFTP, Trivial File Transfer Protocol

Question 7

80

Answer 7

HTTP, HyperText Transfer Protocol

Question 8

110

Answer 8

POP3

Question 9

124

Answer 9

NTP, Network Time Protocol

Question 10

143

Answer 10

IMAP, Internet Message Access Protocol (version 4)

Question 11

161

Answer 11

SNMP, Simple Network Management Protocol

Question 12

3389

Answer 12

RDP, Remote Desktop Protocol

Question 13

RC-4, AES, 3DES are examples of what type of Cryptography? Symmetric or Asymmetric

Answer 13

Symmetric

Question 14

RC-4 is a certain type of Symmetric Cryptography. What type?

Answer 14

Stream

Question 15

What encryption algorithm is the default standard for most applications?

Answer 15

AES

Question 16

The process of hashing a message, encrypting the hash with the senders private key, the receiver decrypting it with the sender’s public key and then hashing the message to make sure the hashes match is called what?

Answer 16

A digital signature.

Question 17

Formula to determine the amount of keys needed for Asymmetric crypto

Answer 17

2N

Question 18

Formula to determine the amount of keys needed for Symmetric crypto

Answer 18

(N*(N-1))/2

Question 19

Six common Asymmetric algorithms that might be on the test. (Everything else is Symmetric)

Answer 19

DSA, RSA, ECC (Eliptical Curve) EL Gamal, Diffie Hellman, Knapsack

Question 20

MD-5 Hashing Algorithm length

Answer 20

128 bit

Question 21

SHA-1 Hashing Algorithm length

Answer 21

160 bit

Question 22

SHA-256 Hashing Algorithm length

Answer 22

256 bit

Question 23

A digital signature gives you integrity and authentication which equals non repudiation. What does it not give you?

Answer 23

Privacy of the message is not protected by a digital signature.

Question 24

Digital Certs follow which standard

Answer 24

X.509 v.4 standard

Question 25

Two ways to check and see if a certificate has been revoked

Answer 25

CRL or OCSP (Online Certificate Status Protocol)

Question 26

government standard hash functions developed by the National Institute of Standards and Technology (NIST) and specif ed in an official governmentpublication—the Secure Hash Standard (SHS), also known as Federal Information Processing Standard (FIPS) 180

Answer 26

SHA-1 and SHA-2

Question 27

Name the four variants of SHA-2

Answer 27

SHA-256, SHA-512, SHA-224, SHA-384

Question 28

What part of IPSec provides integrity, authenticity and non repudiation

Answer 28

AH (Authentication Header) through the use of an ICV (Integrity Check Value)

Question 29

What part of IPSec provides Confidentiality

Answer 29

ESP (Encapsulating Security Payload). If you need confidentiality then you must use ESP.

Question 30

IPSec on it’s own does not provide security. It only provides encapsulation. What sub protocols of IPSec provide the security?

Answer 30

AH (Authentication Header), ESP (Encapsulating Security Payload) and IKE (Internet Key Exchange)

Question 31

ISO 15408 uses protection profiles and security targets. It is also commonly called what?

Answer 31

Common Criteria

Question 32

In the Block Cipher method called _______, the relationship between the plaintext and key are so complicated that the attacker can’t alter the plaintext in an attempt to determine the key used to encrypt the plaintext.

Answer 32

Confusion

Question 33

This occurs when a change in the plain text results in multiple changes spread throughout the ciphertext.

Answer 33

Diffusion

Question 34

MTBF

Answer 34

Mean Time Between Failure

Question 35

MTTR

Answer 35

Mean Time To Recover

Question 36

MTD

Answer 36

Max Tolerable Downtime

Question 37

RPO

Answer 37

Recovery Point Objective - How current should data be

Question 38

Least privilege is about rights and what you can do. Need to know is about data and knowledge.

Answer 38

Least privilege is you don’t get to change date and time on a system. Need to know is you don’t get to access finance data with finance info.

Question 39

Likelihood that a threat will exploit a vulnerability

Answer 39

Risk

Question 40

This has the potential to harm an asset

Answer 40

Threat

Question 41

A weakness or lack of a safeguard

Answer 41

Vulnerability

Question 42

An instance of a compromise

Answer 42

Exploit

Question 43

In DBMS this refers to transactions being all or nothing.

Answer 43

Atomicity

Question 44

In DBMS this property ensures that any transaction will bring the database from one valid state to another. Any data written to the database must be valid according to all defined rules, including but not limited to constraints, cascades, triggers, and any combination thereof.

Answer 44

Consistency

Question 45

In DBMS this property ensures that the concurrent execution of transactions results in a system state that would be obtained if transactions were executed serially, i.e. one after the other. This is the main goal of concurrency control.

Answer 45

Isolation

Question 46

Name the 3 main Risk Assessment methodologies.

Answer 46

OCTAVE, FRAP and NIST 800-30

Question 47

Risk management Guide for Information Technology Systems

Answer 47

NIST 800-30

Question 48

The four main concepts of the Risk Management Process

Answer 48

Risk Assessment, Risk Analysis, Risk Mitigation and Manage Risk

Question 49

COBIT, COSO, ITIL and ISO 27000 Series are all examples of what?

Answer 49

Security Governance Frameworks

Question 50

COBIT and COSO both focus on goals for security

Answer 50

If we see anything related to IT security goals then they are talking about COBIT or COSO

Question 51

For ITIL need to remember ‘IT Service Management’

Answer 51

IT Service Management = ITIL

Question 52

For OCTAVE remember Self directed risk evaluation

Answer 52

Self directed = OCTAVE

Question 53

This security governance framework describes how Establishment Implementation, Control and improvement of the ISMS (information security management system)

Answer 53

ISO 27001

Question 54

This security governance framework provides practical advice for how to implement security controls. It uses 10 domains to address ISMS.

Answer 54

ISO 27002

Question 55

What is the purpose of Knowledge Transfer and/or User Training

Answer 55

To modify employee behavior. That is the ultimate goal. To raise security awareness could also be an option.

Question 56

The safety and welfare of society and the common good, duty to our principles, and to each other, requires that we adhere, and be seen to adhere, to the highest ethical standards of behavior.

Answer 56

ISC2 Code of Ethics Preamble

Question 57

ISC2 Code of Ethics Canons

Answer 57

Protect society, the common good, necessary public trust and confidence, and the infrastructure.
Act honorably, honestly, justly, responsibly, and legally.
Provide diligent and competent service to principles.
Advance and protect the profession.

Question 58

What is the length of a copyright?

Answer 58

the lifetime of the author plus 70 years for individuals. 75 years from the start of copyright for corporations.

Question 59

Patent are for inventors. What are the length of patents?

Answer 59

20 years from cradle to grave (idea starts the 20 year time)

Question 60

What is the main international organization run by the UN that deals with Intellectual property

Answer 60

WIPO (World Intellectual Property Organization)

Question 61

Which Export law restricts exporting cryptographic software?

Answer 61

WASSENAAR Agreement

Question 62

What 3 entities does HIPAA apply to?

Answer 62

Health Insurers, Health Providers and Health care clearing houses (claim processing agencies)

Question 63

This specific law requires financial agencies to better protect customer’s PII

Answer 63

GLBA (Gramm-Leach-Bliley)

Question 64

Name the four phases of Business Continuity planning

Answer 64

Project scope and planning
Business impact assessment
continuity planning
Approval and implementation

Question 65

The following activities happen during which phase of the BCP: obtain senior management’s support, secure funding and resource allocation and select members of the bcp team

Answer 65

Project scope and planning

Question 66

Name the 5 types of tests that can be performed in BCP.

Answer 66

Checklist test, Structured Walk-Through Test, Simulation Test, Parallel Test, and Full-Interruption Test

Question 67

What phase of the BCP do we indentify and prioritize all business functions based on criticality. During this phase we create quantitative and qualitative values to address the impact on the organization.

Answer 67

Business impact assessment or analysis

Question 68

Recovery Point objective vs Recovery Time Objective

Answer 68

Recovery point refers to data; recover data to a certain point in time. Recovery time refers to recovering hardware or software; how long will it take to rebuild a server.

Question 69

T or F? When a BCP plan is updated original copies are retrieved and destroyed

Answer 69

True

Question 70

IP header protocol field 6

Answer 70

TCP

Question 71

IP header protocol field 1

Answer 71

ICMP

Question 72

IP header protocol field 17

Answer 72

UDP