Bucket List 2

Question 1

What are the four cloud architecture types?

Answer 1

Private, Public, Community, Hybrid

Question 2

What is 802.1P

Answer 2

qos/priority

Question 3

What are the steps to the penetration testing methodology?

Answer 3

Plan, Discover, Attack, Report

Question 4

What is quality control?

Answer 4

The focus is on the quality of the product after it has been created, it is reactive.

Question 5

In forensics, what is the order of volatility mean?

Answer 5

Capture most volatile, short term memory first?

Question 6

Which layer is TCP/UDP at?

Answer 6

Layer 4, Transport

Question 7

What filters network traffic?

Answer 7

Firewall

Question 8

Which layer is best for encryption, https?

Answer 8

Layer 7, Applcation

Question 9

What is the difference between HMAC and a Digital Signature?

Answer 9

HMAC - both parties need the same key, Digial Sig is public/private key

Question 10

What are the types of cloud offerings?

Answer 10

PaaS
IaaS
NaaS
SaaS
IDaaS
SecaaS

Question 11

What are the characteristics of cloud?

Answer 11

BRROMM - 
Broad network access
Rapid elasticity
Resource pooling
On demand self service
Measured service
Multi-tenancy

Question 12

Which security model is focused on creation, ownership, and the 8 basic rights?

Answer 12

Graham-Denning

Question 13

What is quality assurance?

Answer 13

The big picture of process involving quality, it is proactive.
Ensure the process of making a product has high quality.

Question 14

Which security model is write up / read down?

Answer 14

Bell-LaPadula

Question 15

What does does Radius authentication make use of?

Answer 15

Certificates

Question 16

Which layer contains hubs?

Answer 16

Layer 1, Physical

Question 17

What is a smurf attack?

Answer 17

Directed broadcast using PING / ICMP

Question 18

Which layer contains IP

Answer 18

Layer 3, Network

Question 19

What are the steps to incident management?

Answer 19

DR MRRRL
Detection
Response
Mitigation
Reporting
Recovery
Remediation
Lessons Learned

Question 20

What is Kerkhoff’s Principle?

Answer 20

That any cryptographic system should be secure if every part of it is public except for the key.

Question 21

Which part of CIA is threatened by DDOS or ransomware?

Answer 21

Availability

Question 22

What are the three keys of biometric accuracy?

Answer 22

Type 1 - FRR - False Rejection Rate
Type 2 - FAR - False Acceptance Rate
CER - Crossover Error Rate

Question 23

What is the A in ACID and what does it mean?

Answer 23

Atomicity - that a transaction must fully complete or not go through at all

Question 24

What is the least effective type of media sanitation?

Answer 24

Clearing

Question 25

Which access control is based on rules?

Answer 25

RBAC

Question 26

Which security model focuses on subject-program-rights?

Answer 26

Clark-Wilson

Question 27

Which access control is the least strict?

Answer 27

DAC

Question 28

What helps achieve the A in CIA

Answer 28

Redundancy

Question 29

Which part of CIA is threatened by unintended data change?

Answer 29

Integrity

Question 30

What access control is based upon tags on records?

Answer 30

ABAC

Question 31

What is Linus’ law?

Answer 31

Sufficient eyeballs looking at code will make all bugs become apparent.

Question 32

Which is proactive, QA or QC?

Answer 32

QA

Question 33

What are four types of VPN?

Answer 33

IPSec, L2TP, PPTP, HTTPS

Question 34

Which security model is focused on constraining data?

Answer 34

Clark-Wilson

Question 35

Which IP version contains Anycast?

Answer 35

IPv6

Question 36

Which layer contains bits?

Answer 36

Layer 1, Physical

Question 37

What is a documented method of media destruction?

Answer 37

Defensible destruction

Question 38

What is an HMAC?

Answer 38

Hashed Message Authentication Code, it provides authentication and integrity, it is fast, both parties need a key.

Question 39

Which layer contains switches?

Answer 39

Layer 2, Data link

Question 40

What are the layers of the OSI model?

Answer 40

Physical
Data
Network
Transport
Session
Presentation
Application

Question 41

What type of media sanitation removes data without hope of recovery, but the media remains usable?

Answer 41

Purging

Question 42

What type of controls do Firewalls vs Routers impose?

Answer 42

Firewall - rules, Router - ACLs

Question 43

What’s the best way to protect applications?

Answer 43

WAF / Application Proxy

Question 44

List memory in the order of volatility.

Answer 44

Cache Level 1
Cache Level 2
RAM
SSD / USB
HDD
TAPE

Question 45

Which is a EU version of an authentication server?

Answer 45

Diameter

Question 46

Which access control is the most strict?

Answer 46

MAC

Question 47

Which part of CIA is threatened by information leakage, sniffing, or protocol analysis?

Answer 47

Confidentiality

Question 48

What is 802.3

Answer 48

ethernet

Question 49

Which layer contains routers?

Answer 49

Layer 3 , Network

Question 50

What helps achieve the I in CIA

Answer 50

Hashing

Question 51

Which is the most accurate biometric?

Answer 51

Iris

Question 52

What is 802.1Q

Answer 52

VLANs

Question 53

Which layer contains VLANS?

Answer 53

Layer 2, Data Link

Question 54

What are 4 authentication servers

Answer 54

Kerberos, Radius, Diameter, TACACS

Question 55

What are the characteristics of IPv6?

Answer 55

Unicast, Multicast, Anycast, 128 bit address, ipsec on by default

Question 56

What are the characteristics of IPv4?

Answer 56

Unicast, Multicast, Broadcast, 32 bit address

Question 57

What form of authentication does Kerberos use?

Answer 57

Tickets

Question 58

Which authentication server is best?

Answer 58

Kerberos

Question 59

What form of authentication does TACACS use?

Answer 59

Acces list, ACL

Question 60

Which layer contains packets?

Answer 60

Layer 3, Network

Question 61

What is the port security standard?

Answer 61

802.1x

Question 62

What function of IPv4 is stopped by routers?

Answer 62

Broadcast

Question 63

How many bits is IPv4 and IPv6?

Answer 63

32 and 128

Question 64

Which security model is read up / write down?

Answer 64

Biba

Question 65

What is the difference in verification and validation?

Answer 65

Verification means that it meets specifications. Validation means that the specifications are correct.

Question 66

Which security model is based on object, subject, and rights?

Answer 66

Grahm-Denning

Question 67

What are three types of media sanitization?

Answer 67

Overwrite, degauss, encryption

Question 68

What is the QOS / priority protocol?

Answer 68

802.1P

Question 69

What are some outdated routing protocols?

Answer 69

RIP, RIPv2

Question 70

Which is reactive, QA or QC?

Answer 70

QC

Question 71

What is the spanning tree protocol standasrd?

Answer 71

802.1D

Question 72

Which layer contains segments?

Answer 72

Layer 4, Transport

Question 73

What is the vlan protocol?

Answer 73

802.1Q

Question 74

Which security model requires transactions to be signed off by a third party?

Answer 74

Clark-Wilson

Question 75

What are the types of fire extinguishers?

Answer 75

ACBDK
Ash - paper
Current - electric
Boiling - flammable liquid
Dynamite - explosive
Kitchen - grease

Question 76

What are the requirements for forensic evidence have?

Answer 76

COAA - Comprehensive, Objective, Accurate, Admissible

Question 77

What is 802.1D

Answer 77

spanning tree / loops

Question 78

Which access control is based on roles?

Answer 78

RBAC

Question 79

What is defensible destruction?

Answer 79

Documented proof that you’ve destroyed something.

Question 80

What does ACID mean?

Answer 80

Atomicity
Consistency
Integrity
Durability

Question 81

Which authentication service involves tickets?

Answer 81

Kerberos

Question 82

Which authentication service involves certificates?

Answer 82

Radius

Question 83

What is the ethernet protocol?

Answer 83

802.3

Question 84

What are Cisco specific routing protocols?

Answer 84

IGRP, EIGRP

Question 85

What are the current routing protocols?

Answer 85

BGP, OSPF

Question 86

Which layer contains frames?

Answer 86

Layer 2, Data Link

Question 87

What is 802.1x

Answer 87

Port security

Question 88

What does CIA stand for?

Answer 88

Confidentiality, Integrity, Availability

Question 89

What helps achieve the C in CIA

Answer 89

Encryption

Question 90

Which security model helps prevent conflict of interest?

Answer 90

Brewer-Nash

Question 91

Which security model is based on preventing a subject from seeing certain objects?

Answer 91

HRU, Harrison, Ruzzo, Ullman