CompSecFinal

Question 1

Magnetic tapes came to the forefront as a storage medium during this “chilly” period in American history.

Answer 1

Cold War Era

Question 2

The governmental agency that became the backbone of the internet.

Answer 2

ARPA/DARPA

Question 3

This Navy read admiral was credited with finding the first computer ‘bug’ as well as developing the first interpreter so people could develop software in a more native language rather than machine code.

Answer 3

Grace Hopper

Question 4

This was one of the first fully electric and reprogrammable computers developed at the university of Pennsylvania to calculate military ballistic trajectories.

Answer 4

ENIAC

Question 5

Name the two main figures that worked at Bletchley Park during WWII to decrypt the enigma and Lorenz Electro-Mechanical Rotor Cipher Machines.

Answer 5

Alan Turing and Gordon Welchman

Question 6

These type of keys can be used to defeat door locks with a ‘whack’.

Answer 6

Bump keys

Question 7

This two door entry system tries to prevent ‘piggybacking’.

Answer 7

Mantrap

Question 8

Putting razorwire on top of your 10 foot high fence would shift your security posture from deterrent to this other more severe option.

Answer 8

Preventative

Question 9

These security cameras no longer harken to their namesake as they are often put on the general network where they can be exposed to hacking.

Answer 9

Close circuit television

Question 9

We learned that proper disposal of paperwork as well as old storage media is important to thwart this attack vector.

Answer 9

Dumpster diving

Question 10

The concept where you should give users only the permissions they need.

Answer 10

Least privilege

Question 11

A vulnerability for which there currently is no patch

Answer 11

Zero day

Question 12

When someone changes position with an organization but their access from their previous position is not revoked … even though they no longer need it.

Answer 12

Creeping privileges

Question 13

A malicious organization, often backed by government funding, that specializes on delving deep into your network and maintaining persistent access to perpetrate exfiltration and more heinous attacks.

Answer 13

Advanced persistent threats (APTS)

Question 14

Hiding secret messages inside of other file types; such as images

Answer 14

Steganography

Question 15

This is the 3-letter core ‘shape’ of information security

Answer 15

C.I.A. Triangle

Question 16

This is what the AAA of infosec stands for.

Answer 16

Authentication, Authorization, and Accounting

Question 17

There are 3 group policies in this category that are instrumental in thwarting brute-force attacks.

Answer 17

Account-lockout

Question 18

Bob, from accounting, perpetrating an SQL injection attack against the corporate database via a web accessible frontend would be this type of entity in a threat landscape; not something as specific as a hacker but more specific than just a general threat.

Answer 18

Threat agent

Question 19

The 3 something you ____’s that go into multifactor authentication

Answer 19

1] something you know
2] something you are
3] something you have

Question 20

A hash this type of directional function; cannot be reversed

Answer 20

One-way

Question 21

This term refers to a small change in the input text resulting in a large change in the hashed value.

Answer 21

High amplification

Question 22

This is probably the most popular hashing algorithm to date and comes in varieties of 1, 2, and 3 while 3 still has not had wide implementation

Answer 22

SHA

Question 23

These are pre-hashed passwords that can help speedup password attacks by already having done the computational intensive calculations for common passwords

Answer 23

Rainbow tables

Question 24

This hash algorithm only has a 128 bit digest and is no longer considered secure as it has been shown to suffer from 'collisions'

Answer 24

MD-5

Question 25

Connection oriented protocol that is good for file transfers

Answer 25

TCP

Question 26

This is a plan that larger organizations should maintain which details how they will continue to operate in a disaster situation

Answer 26

Business continuity plan

Question 27

You don't want to just go around giving this NTFS permission to everyone as it would allow them to change permissions on items themselves

Answer 27

Full control

Question 28

The three letters used to refer to the 3 main permission types for files and folders

Answer 28

R, W, X

Question 29

Password strength is made up of these two items

Answer 29

Length and complexity

Question 30

The type of access control that windows NTFS permissions use; the creator / owner is able to assign access

Answer 30

Discretionary Access Control (DAC)

Question 31

This is when an organization assigns access rights absed on the position one holds within the company

Answer 31

Role based access control (RBAC)

Question 32

This was the access control that I said the government often uses with labels like 'secret' and 'top secret'

Answer 32

Mandatory Access Control (MAC)

Question 33

This access control method may use things like geolocation to determine whether or not you can access an item

Answer 33

Attribute Based Access Control (ABAC)

Question 34

A firewall uses this form of access control through ACLS

Answer 34

Rule Base Access Control (RBAC)

Question 35

When performing a risk assessment, you would want to do this step first; setting how broad the assessment will be

Answer 35

Scope

Question 36

The biggest threat to any organization is its own what?

Answer 36

Employees

Question 37

In order to identify and analyze risks, one must know these two things that general Sun Tzu Wu emphasized in his book 'The Art of War'

Answer 37

1] Know yourself 2] Know your enemy

Question 38

These are rules that an organization may have to follow based on the industry they are in

Answer 38

Compliance

Question 39

Give me two of the three questions you should ask yourself in the evaluate / prioritize phase of a risk assessment

Answer 39

1] what threats have you faced in the past? 2] what risks are you willing to take? 3] what risks can youa afford protections for?

Question 40

Cryptographic algorithms that use the same key to encrypt and decrypt are said to be this type of encryption

Answer 40

Symmetric

Question 41

This type of server verifies SSL certificates for websites ... among other things

Answer 41

Certificate Authority (CA)

Question 42

When you enter your username when logging into a computer, you are performing this first step of the login process

Answer 42

Identification

Question 43

This is not a 'permission' as it is an action that you are granted the ability to carry out on a system

Answer 43

Right

Question 44

This is one of the most widely used asymmetric encryption algorithms developed way back in 1977 but still used today; involves computations with large prime numbers

Answer 44

RSA

Question 45

'Fishy' encryption algorithm that sounds like it was taken from a Dr. Suess book

Answer 45

Twofish

Question 46

This type of symmetric key encryption transposes plaintext to ciphertext one bit at a time and is often implemented in hardware

Answer 46

Stream

Question 47

The first federally backed encryption algorithm adopted for non-classified data and developed by IBM

Answer 47

DES

Question 48

Current symmetric algorithm that offers 128, 192, and 256 bit keys

Answer 48

AES

Question 49

Asymmetric encryption algorithm that achieves greater protection with a smaller key (defying logic) by using a special type of curve

Answer 49

Elliptic curve

Question 50

This type of camera is generally more vandal resistant and can also hide where exactly it is pointing

Answer 50

Dome

Question 51

A receptionist is this general type of security 'barrier' for security

Answer 51

Deterrent

Question 52

This rating tells you how much light is needed for a security camera to capture a good image

Answer 52

LUX

Question 53

Name two 'biological' entities (aside from humans) that we mentioned can be used for physical security?

Answer 53

1] guard dogs 2] trees [plants]

Question 54

Name 2 benefits of using card (proximity or swipe) to secure doors over physical keys

Answer 54

1] easily revoked if lost or stolen 2] create a log of people entering and/or exiting

Question 55

This type of 'interview' is one that should be held when someone is leaving your organization

Answer 55

Exit interview

Question 56

This is how you must transfer a private key...

Answer 56

Out of band

Question 57

This type of authentication attack just steals the 'token' you are granted by active directory and uses that to gain access; no need to know your password

Answer 57

Pass the hash

Question 58

New form of authentication that utilizes public/private keys and never really exchanges anything (like a password) with the server you are logging into; you just unlock your device and have access

Answer 58

Passkeys