Chapter 1

Question 1

CIA security Triad

Answer 1

Confidentiality, Integrity, Availability

Question 2

Use Case

Answer 2

A goal that an organization wants to achieve

Question 3

Confidentiality

Answer 3

prevents the unauthorized disclosure of data. In other words, authorized personnel can access the data, but unauthorized personnel cannot access the data.

Question 4

Encryption

Answer 4

Encryption scrambles data to make it unreadable by unauthorized personnel. Authorized personnel can decrypt the data to access it,

a strong technical control used to protect the confidentiality of data.

Question 5

(PII)

Answer 5

Personally Identifiable Information such as medical information or credit card data via email.

Question 6

Access Controls

Answer 6

Identification, authentication, and authorization combined provide access controls and help ensure authorized personnel can access the data

Question 7

Identification.

Answer 7

Users claim an identity with a unique username.

Question 8

Authentication.

Answer 8

Users prove their identity with authentication, such as with a password.

Question 9

Authorization.

Answer 9

grant or restrict access to resources using an authorization method, such as permissions.

Question 10

Obfuscation

Answer 10

attempt to make something unclear or difficult to understand.

Question 11

Integrity

Answer 11

provides assurances that data has not changed. This includes ensuring that no one has modified, tampered with, or corrupted the data.

Question 12

Hashing

Answer 12

only tells you that the message has been modified.

verify that integrity is maintained when files are downloaded or transferred.

hash is simply a number created with a hashing algorithm.

Question 13

Fault Tolerance

Answer 13

a system with fault tolerance can suffer a fault, but it can tolerate it and continue to operate.

Question 14

single point of failure (SPOF).

Answer 14

its failure takes down the server.

Question 15

Disk redundancies.

Answer 15

RAID-1 (mirroring), RAID-5 (striping with parity), and RAID-10 (striping with a mirror), allow a system to continue to operate even if a disk fails.

Question 16

Server redundancies.

Answer 16

In a failover cluster, the service switches from the failed server in a cluster to an operational server in the same cluster.

Question 17

Load balancing.

Answer 17

uses multiple servers to support a single service, such as a high-volume web site. It can increase the availability of web sites and web-based applications.

Question 18

Site redundancies.

Answer 18

If a site can no longer function due to a disaster, the organization can move critical systems to an alternate site.

Question 19

Backups.

Answer 19

personnel back up important data, they can restore it if the original data is lost.

Question 20

Alternate power.

Answer 20

Uninterruptible power supplies (UPSs) and power generators can provide power to key systems even if commercial power fails.

Question 21

Cooling systems.

Answer 21

Heating, ventilation, and air conditioning (HVAC) systems improve the availability of systems by reducing outages from overheating.

Question 22

Patching

Answer 22

When software vendors discover the bugs, they develop and release code that patches or resolves these problems.

Question 23

Risk

Answer 23

the possibility or likelihood of a threat exploiting a vulnerability resulting in a loss.

Question 24

threat

Answer 24

is any circumstance or event that has the potential to compromise confidentiality, integrity, or availability.

Question 25

security incident

Answer 25

can negatively affect the confidentiality, integrity, or availability of an organization’s information technology (IT) systems and data.

Question 26

Risk mitigation

Answer 26

reduces the chances that a threat will exploit a vulnerability.

Question 27

Technical controls

Answer 27

use technology to reduce vulnerabilities.

Question 28

Antivirus software.

Answer 28

provides protection against malware infection.

Question 29

Intrusion detection systems (IDSs) and intrusion prevention systems (IPSs).

Answer 29

can monitor a network or host for intrusions and provide ongoing protection against various threats.

Question 30

Firewalls.

Answer 30

firewalls restrict network traffic going in and out of a network.

Question 31

Least privilege.

Answer 31

individuals or processes are granted only the privileges they need to perform their assigned tasks or functions, but no more.

Question 32

Administrative controls

Answer 32

mandated by organizational policies or other guidelines.

Question 33

Risk assessments.

Answer 33

help quantify and qualify risks within an organization so that the organization can focus on the serious risks.

Question 34

Vulnerability assessments.

Answer 34

attempts to discover current vulnerabilities or weaknesses.

Question 35

Penetration tests.

Answer 35

exploit vulnerabilities.

Question 36

Configuration and change management.

Answer 36

Configuration management often uses baselines to ensure that systems start in a secure, hardened state. Change management helps ensure that changes don’t result in unintended configuration errors.

Question 37

Contingency planning.

Answer 37

help an organization plan and prepare for potential system outages. The goal is to reduce the overall impact on the organization if an outage occurs.

Question 38

Media protection.

Answer 38

Media includes physical media such as USB flash drives, external and internal drives, and backup tapes.

Question 39

Physical and environmental protection.

Answer 39

This includes physical controls, such as cameras and door locks, and environmental controls, such as heating and ventilation systems.

Question 40

Physical controls

Answer 40

are any controls that you can physically touch. Some examples include lighting, signs, fences, security guards, and more.

Question 41

Hardening.

Answer 41

making a system or application more secure than its default configuration. This uses a defense-in-depth strategy with layered security. This includes disabling unnecessary ports and services, implementing secure protocols, using strong passwords along with a robust password policy, and disabling default and unnecessary accounts.

Question 42

Security awareness and training.

Answer 42

Ensuring that users are aware of security vulnerabilities and threats helps prevent incidents.

Question 43

Security guards.

Answer 43

Guards prevent and deter many attacks. For example, guards can prevent unauthorized access into secure areas of a building by first verifying user identities.

Question 44

Change management.

Answer 44

Change management ensures that changes don’t result in unintended outages. In other words, instead of administrators making changes on the fly, they submit the change to a change management process.

Question 45

Account disablement policy.

Answer 45

An account disablement policy ensures that user accounts are disabled when an employee leaves.

Question 46

Detective controls

Answer 46

attempt to detect when vulnerabilities have been exploited,

Question 47

Log monitoring.

Answer 47

Several different logs record details of activity on systems and networks. For example, firewall logs record details of all traffic that the firewall blocked.

Question 48

Trend analysis.

Answer 48

analyzing past alerts, you can identify trends, such as an increase of attacks on a specific system.

Question 49

Security audit.

Answer 49

Security audits can examine the security posture of an organization.

Question 50

IPS.

Answer 50

intrusion prevention system (IPS) attempts to detect attacks and then modify the environment to block the attack from continuing.

Question 51

Deterrent controls

Answer 51

attempt to discourage a threat. Some deterrent controls attempt to discourage potential attackers from attacking, and others attempt to discourage employees from violating a security policy.

Question 52

Compensating controls

Answer 52

are alternative controls used instead of a primary control.

Question 53

Virtualization

Answer 53

allows you to host one or more virtual systems, or virtual machines (VMs), on a single physical system. allows multiple virtual servers to operate on a single physical server. It provides increased availability with lower operating costs.

Question 54

Hypervisor.

Answer 54

The software that creates, runs, and manages the VMs

Question 55

Host.

Answer 55

physical system hosting the VMs is the host. It requires more resources than a typical system, such as multiple processors, massive amounts of RAM, fast and abundant hard drive space, and one or more fast network cards.

Question 56

Guest.

Answer 56

Operating systems running on the host system are guests or guest machines.

Question 57

Host elasticity and scalability.

Answer 57

Elasticity and scalability refer to the ability to resize computing capacity based on the load.

Question 58

Type I. Type I hypervisors

Answer 58

run directly on the system hardware. They are often called bare-metal hypervisors because they don’t need to run within an operating system.

Question 59

Type II. Type II hypervisors

Answer 59

run as software within a host operating system. For example, the Microsoft Hyper-V hypervisor runs within a Microsoft operating system.

Question 60

VM escape

Answer 60

attack that allows an attacker to access the host system from within the virtual system.

Question 61

VM sprawl

Answer 61

occurs when an organization has many VMs that aren’t managed properly.

Question 62

launch the Windows Command Prompt window.

Answer 62

right- click the Start button and select Command Prompt,

Question 63

Ping

Answer 63

basic command used to test connectivity for remote systems. You can also use it to verify a system can resolve valid host names to IP addresses, test the NIC, and check the security posture of a network.

Question 64

Ipconfig,(windows) | Internet Protocol configuration

Answer 64

shows the Transmission Control Protocol/Internet Protocol (TCP/IP) configuration information for a system. This includes items such as the computer’s IP address, subnet mask, default gateway, MAC address, and the address of a Domain Name System (DNS) server. first step when troubleshooting network problems.

Question 65

ifconfig (Linux) interface configuration)

Answer 65

has more capabilities than ipconfig, allowing you to use it to configure the NIC in addition to listing the properties of the NIC.

Question 66

Entering ipconfig.

Answer 66

provides basic information about the NIC, such as the IP address, subnet mask, and default gateway.

Question 67

Entering ipconfig /all.

Answer 67

command shows a comprehensive listing of TCP/IP configuration information for each NIC. It includes the media access control (MAC) address, the address of assigned DNS servers, and the address of a Dynamic Host Configuration Protocol (DHCP) server if the system is a DHCP client. You can use ifconfig -a on Linux systems.

Question 68

Entering ipconfig /displaydns.

Answer 68

it stores the result in the DNS cache and this command shows the contents of the DNS cache. It also shows any host name to IP address mappings included in the hosts file.

Question 69

Entering ipconfig /flushdns.

Answer 69

You can erase the contents of the DNS cache with this command.

Question 70

netstat network statistics)

Answer 70

allows you to view statistics for TCP/IP protocols on a system. It also gives you the ability to view active TCP/IP network connections.

Question 71

tracert

Answer 71

identify faulty routers on the network. lists the routers between two systems.

Question 72

Arp

Answer 72

view and manipulate the ARP cache.

Question 73

Steganography

Answer 73

(hiding data inside other data)