Chapter 1

Question 1

CIA/AIC Triad

Answer 1

Confidentiality, Integrity, Availability

Question 2

SOP

Answer 2

Standard Operating Procedure

Question 3

AAA

Answer 3

Authentication, Authorization, and Accounting

Question 3

Operational category of security controls

Answer 3

Security controls operated by PEOPLE

Question 4

MFA

Answer 4

Multi-Factor Authentication

Question 5

Data plane

Answer 5

transmits data in real time

Question 6

Control plane

Answer 6

Manages actions of the data plane

Question 7

Adaptive identity

Answer 7

Part of control plane- adapts and makes authentication process stronger if necessary

Question 8

Policy-driven access control

Answer 8

Part of control plane- combines adaptive identity with established policies to further authenticate end user

Question 9

Policy enforcement point

Answer 9

Part of data plane- end users must pass through the policy enforcement point, which can then allow, monitor, or terminate connections.

Question 10

PEP

Answer 10

Policy Enforcement Point

Question 11

PDP

Answer 11

Policy decision point

Question 11

Policy decision point

Answer 11

Part of control plane- the policy engine and policy administrator come together to make an authentication decision

Question 12

Policy engine

Answer 12

Part of control plane- looks at all requests coming through, and grants, denies, or revokes request.

Question 13

Policy administrator

Answer 13

Part of control plane- Can generate access credentials or tokens. Communicates with Policy Enforcement Point (PEP) in data plane to allow or disallow access.

Question 14

Access control vestibule

Answer 14

A physical security entry system with two gateways, only one of which is open at any one time.

Question 15

Honeypot

Answer 15

A virtual world set up to entice attackers- forces attackers to discern whether they are actual systems or fake

Question 16

Honeynet

Answer 16

A larger deception network with multiple honeypots

Question 17

Honeyfile

Answer 17

Files with fake information or may appear to be important, such as passwords.txt

Question 18

API

Answer 18

Application Programming Interface

Question 19

Honeytoken

Answer 19

A piece of traceable data in a honeynet to track attackers. Could be fake API credentials, browser cookies, or a fake email address.

Question 20

Allow list

Answer 20

Nothing runs unless it’s approved. Very restrictive

Question 21

Deny list

Answer 21

Nothing on the “bad list” can be executed. Uses anti-virus, anti-malware. More liberal than an allow list

Question 22

Dependencies

Answer 22

Having to update extra items just so you can execute a different update. Ex: I want to study, but I have to clean my room so I can focus first.

Question 22

Legacy applications

Answer 22

Applications no longer supported by developer - here before you, will be here after you.

Question 23

Version control

Answer 23

Keeps detailed documentation of each version of software, allows us to keep a copy to revert back to if necessary.

Question 24

PKI

Answer 24

Public Key Infrastructure

Question 25

Symmetric encryption

Answer 25

A single shared key to encrypt and decrypt. Fast to use but not as secure as asymmetric encryption.

Question 26

Public key

Answer 26

Encrypts data in an asymmetric encryption relationship

Question 27

Private key

Answer 27

Decrypts data in an asymmetric encryption relationship

Question 28

Key escrow

Answer 28

3rd party stores your private keys

Question 29

SSD

Answer 29

Type of hard drive that has no moving part, so they are more efficient, run with no noise, emit little heat, and require little power

Question 30

Full-disk/volume level encryption

Answer 30

Everything on device is encrypted

Question 31

FDE

Answer 31

Full Disk Encryption

Question 32

SSL/TLS

Answer 32

Secure Sockets layer / Transport Layer Security - An encryption layer of HTTP that uses public key cryptography to establish a secure connection.

Question 33

Database encryption

Answer 33

An encryption method that targets databases and the data they contain, rather than individual files or whole disks.

Question 34

Cryptography

Answer 34

the art of protecting information by transforming it into an unreadable format, called cipher text

Question 35

IPSec

Answer 35

Internet Protocol Security. Used to encrypt traffic on the wire and can operate in both tunnel mode and transport mode.

Question 36

TPM

Answer 36

Trusted Platform Module

Question 37

Trusted Platform Module

Answer 37

Hardware device that provides cryptographic/encryption functions for a single device. Stores encryption keys. Not vulnerable to brute force or dictionary attacks.

Question 38

HSM

Answer 38

Hardware Security Module

Question 39

Secure enclave

Answer 39

CPU extensions that protect data stored in system memory so that an untrusted process cannot read it.

Question 40

CPU

Answer 40

Central Processing Unit; the brain of the computer.

Question 41

Obfuscation

Answer 41

the action of making information unintelligible or unclear unless you know how to read it; hiding information in plain sight

Question 42

Steganography

Answer 42

A type of obfuscation; hiding information within an image

Question 43

Tokenization

Answer 43

One-time tokens for phone payments. Replaces sensitive data with a placeholder

Question 44

Data masking

Answer 44

Data obfuscation- hides some or most of original data. Think credit card numbers on receipts with asterisks.

Question 45

Hashes

Answer 45

Used to store passwords; represents data as a short string of text; a "fingerprint"- can't recreate a password with a hash or a person with a fingerprint. Can be a digital signature providing non-repudiation, authentication, and integrity.

Question 46

SHA256

Answer 46

SHA-256 is one of the strongest hash functions available.

Question 47

Collision

Answer 47

When 2 diff input info produce the same hash. MD5 hashing algorithm had this issue.

Question 48

Salt

Answer 48

Random data added to password when hashing

Question 49

Key stretching

Answer 49

Hashing the hash to stretch and strengthen stored passwords. Can add additional salt and help thwart brute force and rainbow table attacks.

Question 50

Digital Signatures

Answer 50

Sender signs with private key and recipients verify with public key. Proves message was not altered (integrity), proves the source of the message (authentication), ensures signature is not fake (non-repudiation).

Question 51

Blockchain

Answer 51

A ledger available for anyone to see to keep track of transactions- think Bitcoin, digital voting, and supply chain monitoring. Provides integrity as it throws out unauthorized modified blocks on the chain.

Question 52

Certificate Authority

Answer 52

A trusted third party that validates user identities by means of digital certificates.

Question 53

CA

Answer 53

Certificate Authority

Question 54

CSR

Answer 54

Certificate signing request. A method of requesting a certificate from a CA. Requester sends public key, CA digitally signs with private key.

Question 55

Wildcard certificate

Answer 55

A certificate that can be used for any device associated with the same domain name. It starts with an asterisk.

Question 56

CRL

Answer 56

Certificate Revocation List

Question 57

Certificate Revocation List

Answer 57

A list of all certificates that have been dismissed, stored on the Certificate Authority itself.

Question 58

OCSP

Answer 58

Online Certificate Status Protocol

Question 59

Online Certificate Status Protocol

Answer 59

Allows a browser to check certificate revocation status without relying on CRL (Certificate Revocation List) stored on the Certificate Authority. OCSP is not an option on outdated browsers.

Question 60

Code signing

Answer 60

The process of assigning a certificate to code. The certificate includes a digital signature and validates the code.

Question 61

Threat scope reduction

Answer 61

Part of control plane- decreases # of potential access or entry points to system

Question 62

Backout Plan

Answer 62

Action that allows a change to be reverted to its previous baseline state

Question 63

Asymmetric encryption

Answer 63

2 or more mathematically related keys: a public key and a private key.

Question 64

Transport Encryption

Answer 64

The technique of encrypting data that is in transit, usually over a network like the Internet. Think Https or VPN.

Question 65

Hardware Security Module

Answer 65

Provides cryptographic/encryption functions for hundreds of devices in a large-scale environment. Securely stores thousands of encryption keys.

Question 66

Root of trust

Answer 66

An inherently trusted component of hardware or software that provides trust for an unknown entity/third party

Question 67

Third-Party Certificate Authority

Answer 67

If your browser visits a new website, and a trusted CA has digitally signed it, your computer will trust the website. This function is built into your browser.

Question 68

Self-signed certificate

Answer 68

A digital certificate that has been signed by the entity that issued it, rather than by a CA.