Bucket List 1

Question 1

What are some types of key escrow?

Answer 1

Dual knowledge, split key, dual key

Question 2

What is OCSP?

Answer 2

Online certificate status protocol

Question 3

What is the access controls NIST policy?

Answer 3

800-192

Question 4

What is Public/private key, slow, subject to mitm, can provide CI/A

Answer 4

Asymmetric Encryption

Question 5

What does a detective security control do?

Answer 5

Aids in discovery

Question 6

What is a CA with PKI?

Answer 6

Certificate Authority, trusted third party, root authority

Question 7

What is an unauthorized wireless router?

Answer 7

Rogue AP

Question 8

Name the wireless authentication types and their encryption standards

Answer 8

WEP+RC4, WPA1+TKIP, WPA2+AES-CCMP

Question 9

How do you secure DNS?

Answer 9

DNSSEC

Question 10

Integrity, detects changes, non-reversible

Answer 10

Hashing

Question 11

What is often the biggest threat?

Answer 11

Disgruntled employee, personnel

Question 12

What is a non-water fire suppression chemical?

Answer 12

FM-200

Question 13

What is the certificate standard

Answer 13

X.509v3

Question 14

Who creates data, is accountable for the data?

Answer 14

Data owner

Question 15

What is the credential management NIST policy?

Answer 15

800-63

Question 16

In risk, what is AV?

Answer 16

Asset value

Question 17

What is the formula for a single loss?

Answer 17

AV * EF, asset value times exposure factor

Question 18

What security control will stop an event?

Answer 18

Preventative

Question 19

What does AUP stand for?

Answer 19

Acceptable use policy

Question 20

What does JOA stand for?

Answer 20

Joint operating agreement

Question 21

In risk, what is ALE?

Answer 21

Annual loss expectancy

Question 22

What is multiple defenses called

Answer 22

Defense in depth

Question 23

What type of testing is external and potentially harmful

Answer 23

penetration testing

Question 24

What are the SNMP passwords and what are they called?

Answer 24

Public/Private and community strings

Question 25

How far will an ethernet cable successfully carry data?

Answer 25

100M

Question 26

What is the difference between due care and due diligence.

Answer 26

Due care are actions and approaches that are owed to the customer.

Due diligence is a research and study to ensure due care is properly being taken.

Question 27

What is an RA with PKI?

Answer 27

Recovery agent, someone who can get the keys.

Registration authority, someone who registers certs on your behalf.

Question 28

What is EER in encryption?

Answer 28

Asymmetric Encryption, El-Gamal, ECC, RSA,

Question 29

What are four written aspects of governance

Answer 29

Policy, Procedures, Guidelines, Standards

Question 30

What is the security controls NIST policy?

Answer 30

800-53

Question 31

What are the ways to handle risk?

Answer 31

Avoid, Mitigate, Accept, Transfer, Ignore

Question 32

What is used to aid encryption in IPSEC

Answer 32

CTR / counter mode

Question 33

Who maintains the infrastructure of the data and is responsible, but not accountable, for the data?

Answer 33

Data Custodian

Question 34

What is the training NIST policy?

Answer 34

800-50

Question 35

What does MOU stand for?

Answer 35

Memorandum of understanding

Question 36

What are the best practices of governance?

Answer 36

Guidelines

Question 37

What security control reduces likelihood?

Answer 37

Deterrent

Question 38

What does ARP bind?

Answer 38

IP to MAC

Question 39

What NIST policy is Managing Information Security Risk?

Answer 39

800-39

Question 40

What is X.509v3

Answer 40

Certificate standard

Question 41

What does EULA stand for?

Answer 41

End user license agreement

Question 42

What is the name of the act discussing dual use items

Answer 42

Wassenaar

Question 43

Way to protect Asymmetric Encryption?

Answer 43

Initialization Vector

Question 44

Name some data classification types.

Answer 44

PII, PHI (or HIPAA), PCI, PIPEDA, GLBA, FERPA, FISMA

Question 45

Static, secret key, same, super fast, problem is key distribution

Answer 45

Symmetric Encryption

Question 46

What type of testing is internal and safe?

Answer 46

vulnerability testing

Question 47

What are some threat modeling frameworks?

Answer 47

STRIDE, VAST

Question 48

What does DNS bind?

Answer 48

IP to Hostname

Question 49

Which NIST policy is for applying the risk management framework?

Answer 49

800-37

Question 50

What is the repeatable actions portion of governance

Answer 50

Procedures

Question 51

What is a way to backup encryption keys?

Answer 51

Key escrow

Question 52

What is the categorization NIST policy?

Answer 52

800-60

Question 53

What is the formula for the losses expected to occur in a given year?

Answer 53

ALE = SLE * ARO

Question 54

How often should you renew, in general?

Answer 54

Annually

Question 55

What are the security control frameworks?

Answer 55

CRICI - COBIT, RMF (NIST), ISO27001, CSA Star, ITIL

Question 56

What are the types of SOC reports and what do they show?

Answer 56

Type 1 - Point in time, type 2 - over time. Type 2 shows effectiveness of process.

Question 57

What is the standard for logging?

Answer 57

Syslog

Question 58

What security control is part of a mandate?

Answer 58

Directive

Question 59

What is usually the last step in a process?

Answer 59

Lessons learned, documentation, follow up

Question 60

What is the wifi standard?

Answer 60

802.11

Question 61

What is an attempt to look like a good wifi network, while being malicious?

Answer 61

Evil twin

Question 62

What is ARO?

Answer 62

Annual rate of occurance, how many times a year a loss will happen.

Question 63

What does a recovery security control do?

Answer 63

Helps you get your data back after the fact

Question 64

What is the patch management NIST policy?

Answer 64

800-40

Question 65

How do you prevent the disgruntled employee?

Answer 65

Thorough background check

Question 66

32BRAIDS-SC

Answer 66

Symmetric Encryption, Triple DES, 2Fish, Blowfish, RC4, AES, IDEA, DES, Serpet, Safer, Cast

Question 67

How do you protect hashes

Answer 67

Salt

Question 68

MD5, SHA

Answer 68

Hash Algorithsm

Question 69

What is the name of a wifi network?

Answer 69

SSID

Question 70

Which SOC report is public?

Answer 70

SOC 3

Question 71

What is the security testing NIST policy?

Answer 71

800-115

Question 72

Name the parts of ALE = SLE * ARO

Answer 72

Annual loss expectancy, single loss expectancy, annual rate of occurance

Question 73

What security control is covered by reacting immediately to a situation?

Answer 73

Corrective

Question 74

What does NDA stand for?

Answer 74

Non disclosure agreement

Question 75

What is the directory services standard?

Answer 75

X.500

Question 76

What is DEERI in encryption?

Answer 76

Key exchanges, Diffie-Helman, ECC, ElGamal, RSA, IKE

Question 77

What are the specific mandates of governance?

Answer 77

Policy

Question 78

In risk, what is SLE?

Answer 78

Single loss expectancy

Question 79

In risk, what is EF?

Answer 79

Exposure factor

Question 80

What should you always follow?

Answer 80

Policy and procedure

Question 81

What is encryption collision called?

Answer 81

Key clustering

Question 82

Which SOC report is more focused on IT

Answer 82

SOC 2

Question 83

What does a directive security control do?

Answer 83

Follows a mandate

Question 84

What does the wassenaar act pertain to

Answer 84

dual use items / tech such as encryption and its export

Question 85

Which SOC report is financial in nature?

Answer 85

SOC 1

Question 86

What does a compensating security control do?

Answer 86

Helps to mitigate existing risk

Question 87

Length of SHA 1

Answer 87

160 bit

Question 88

what does NCA stand for?

Answer 88

Non compete agreement

Question 89

What is an RA with PKI?

Answer 89

Registration authority, broker of keys

Question 90

What are the Risk Frameworks

Answer 90

NIIC - NIST, ISO, ISACA, COSOF

Question 91

What does a deterrent security control do?

Answer 91

Reduces likelihood

Question 92

What does a corrective security control do?

Answer 92

Helps you react to the situation immediately

Question 93

What is X.500

Answer 93

Directory Services

Question 94

What is Pharming

Answer 94

DNS Hacking

Question 95

How do you separate a network?

Answer 95

VLANs

Question 96

What does a certificate contain

Answer 96

The digital signature of the CA

Question 97

What is the media sanitization NIST policy

Answer 97

800-88

Question 98

What manages certs and keys

Answer 98

PKI

Question 99

What security control will get data back?

Answer 99

Recovery

Question 100

What is the logging NIST policy?

Answer 100

800-92

Question 101

What is the forensics NIST policy?

Answer 101

800-86

Question 102

What does SLA stand for?

Answer 102

Service level agreement

Question 103

What is a CRL with PKI?

Answer 103

Certificate revocation list

Question 104

What security control helps mitigate a vulnerability?

Answer 104

Compensating

Question 105

What is the order of “request for” when getting new contracts?

Answer 105

RFI > RFQ > RFP

Question 106

What security control will help you discover a breach?

Answer 106

Detective

Question 107

What is NIST 800-37?

Answer 107

Applying Risk Management Framework (Federal)

Question 108

What is NIST 800-39?

Answer 108

Managing Information Security Risk