Deck 1

Question 1

What is DAC?

Answer 1

Discretionary access control

Question 2

What is kismet?

Answer 2

Kismet is an open source wireless sniffer. It can monitor wireless networks and the devices connected to them. As well as create coverage maps based on signal strength.

Question 3

Where should a WAF be placed?

Answer 3

A Web Application Firewall (WAF) helps protect web applications from common attacks. It needs to sit in front of the web servers to perform its job and should be placed behind the firewall, as it does not replace the firewall

Question 4

What is AES?

Answer 4

Advanced Encryption Standard (AES), another symmetric algorithm, is the replacement for DES. It can provide three different block sizes: 128, 192, and 256. Each goes through more iterations of computing the algorithm applied to the message.

Question 5

What is DES?

Answer 5

Digital Encryption Standard (DES), a symmetric algorithm, uses a 64-bit key and divides the message into 64-bit blocks, with 16 rounds of transposition and substitution performed on each block. Replaced by AES

Question 6

What is IDEA?

Answer 6

International Data Encryption Algorithm (IDEA) is a symmetric block cipher that uses 64-bit blocks. Each block is divided into 16 smaller blocks and then computed several times.

Question 7

What is AEAD?

Answer 7

Authentication Encryption with Associated Data (AEAD) encrypts data with a symmetric key and generates an authentication tag that can verify the data’s authenticity.

Question 8

What is a state-based threshold?

Answer 8

State-based thresholds are triggered when a system state changes, such as a firewall beginning a graceful shutdown or starting up after rebooting.

Question 9

What is a fixed threshold?

Answer 9

Fixed thresholds are based on fixed numeric values or calculations.

Question 10

What is a historical threshold?

Answer 10

Historical thresholds consider past and present values and are often used to compare different periods.

Question 11

What is the perimeter network?

Answer 11

Perimeter network is the boundary between an internal network and the external network.

Question 12

What is an Integer overflow?

Answer 12

An integer overflow occurs if an application tries to store a number that is larger than the size allocated to it. This can cause the number to wrap around or cause unusual behavior.

Question 13

What is Javasnoop

Answer 13

JavaSnoop is for testing the security of Java applications

Question 14

What is diStorm3?

Answer 14

The diStorm3 tool is for reverse engineering software

Question 15

What is Haschat?

Answer 15

Haschat is a password cracking tool

Question 16

What is a VLAN?

Answer 16

Virtual local area networks (VLANs) are logical subdivisions of a switch that segregate ports from one another as if they were in different LANs. VLANs can also span multiple switches, meaning that devices connected to the switches in different parts of a network can be placed in the same VLAN, regardless of physical location.

Question 17

What is Port Mirroring?

Answer 17

Port mirroring is the process of replicating data transmitted over one switch port on another port

Question 18

What is a collision domain?

Answer 18

Collision domains are segments of a network where packets may collide (e.g., an entire network hub or an individual switch port).

Question 19

What is a broadcast domain?

Answer 19

Broadcast domains are a segment of a network that all receive the same broadcast messages.

Question 20

What is a hashing collision?

Answer 20

When a hashing algorithm produces the same output from two different inputs

Hashing algorithms are often used for data integrity and authentication. It is important for them to produce different outputs (hash values) given a different input. When two different inputs create the same hash value, cybersecurity professionals call that a collision

Question 21

What are the 4 ways to handle risk?

Answer 21

The four ways to handle risk are:
• Avoid - Eliminate the risk in some way. For example, an organization may avoid doing something or stop doing something.
• Accept - Accept the risk and proceed anyway. An informed decision has been made to move forward despite the risk.
• Transfer - Transfer the risk to some other organization or person. A common example of transferring risk is purchasing insurance.
• Mitigate - A control(s) is implemented to reduce risk.

Question 22

What is OWASP?

Answer 22

The Open Web Application Security Project (OWASP) is a group that monitors attacks, specifically web attacks. They seek to provide additional information to those affected by any cyber attacks and maintain a list of the top 10 attacks impacting web applications (the “OWASP Top 10).

Question 23

What is SCAP?

Answer 23

The Security Content Automation Protocol (SCAP) is maintained by the National Institute of Standards (NIST) and includes specifications that help standardize cybersecurity automation tasks including vulnerability and compliance management.

Question 24

What is IEC?

Answer 24

The International Electrotechnical Commission (IEC) maintains electronic and electrical engineering standards

Question 25

What is ISO?

Answer 25

The International Organization for Standardization (ISO) maintains a variety of engineering standards, but not electronic and electrical engineering standards (which are maintained by the IEC).

Question 26

What is a CDN?

Answer 26

A CDN (content delivery network) is a network of servers that provides content like images, videos, and web pages to help improve website speed and availability

Question 27

What is SOAR?

Answer 27

SOAR (security orchestration, automation, and response) tools help centralize security management and automate responses.

Question 28

What is bootstrapping?

Answer 28

In data science and cybersecurity, bootstrapping refers to the process of extrapolating a conclusion based on a data set. Bootstrapping can be useful in helping machine learning algorithms used in tools like SOAR tools to better detect threats and patterns. 

Question 29

What is ISACs?

Answer 29

Information Sharing and Analysis Centers (ISACs) is specifically mentioned in the exam objectives, and it refers to a website that grows "a diverse community of companies that leverage information technology and have in common a commitment to cyber-security." Its website is at www.it-isac.org.

Question 30

What is OVAL?

Answer 30

The Open Vulnerability and Assessment Language (OVAL) is used for sharing information about vulnerabilities

Question 31

What is NIST?

Answer 31

The National Institute of Technology (NIST) focuses on measurements, standards, and research.

Question 32

What is packet capturing?

Answer 32

Packet capturing is used to capture packets of data on a network for analysis. If the packets are not encrypted, an attacker can learn a lot of sensitive information

Question 33

What is keylogging?

Answer 33

Keylogging is used to capture sensitive information that a user types on their keyboard.

Question 34

Does a vulnerability scan capture packets?

Answer 34

No

Question 35

Rank from most volatile to least

Answer 35

1. Cache and registers 2. Routing tables, kernel statistics, memory, etc. 3. Temporary file systems/swap space 4. Data on hard disk 5. Remote logging data and monitoring data 6. Physical configurations and network topology 7. Archival media

Question 36

What is OCSP?

Answer 36

The Online Certificate Satus Protocol (OCSP) is used to check the revocation status of a digital certificate.

Question 37

What is SNMP?

Answer 37

The Simple Network Monitoring Protocol (SNMP) is used to monitor and manage network devices.

Question 38

What is EAP?

Answer 38

Extensible Authentication Protocol (EAP) is a framework for authentication in networks

Question 39

What is SCAP?

Answer 39

The Security Content Automation Protocol (SCAP) is used to automate security tasks.

Question 40

What is ESP?

Answer 40

Encapsulating security payload (ESP) provides data confidentiality

Question 41

What is AH?

Answer 41

Authentication Header (AH) provides data integrity and authentication.

Question 42

What is ISAKMP?

Answer 42

Internet Security Association and Key Management Protocol (ISAKMP) handles the creation of the security association for the session and exchange keys

Question 43

What is IKE?

Answer 43

Internet Key Exchange (IKE) is also sometimes referred to as IPsec Key Exchange. It provides the authentication material used to create the keys exchanged by ISAKMP during peer authentication.

Question 44

What is IPsec?

Answer 44

IPSec is a set of communication rules or protocols for setting up secure connections over a network. Internet Protocol (IP) is the common standard that determines how data travels over the internet. IPSec adds encryption and authentication to make the protocol more secure. For example, it scrambles the data at its source and unscrambles it at its destination. It also authenticates the source of the data.

Question 45

Explain directory services

Answer 45

Directory services are used to provide organizational information such as users, servers, printers, other resources on a network. LDAP is an example of a directory service protocol.

Question 46

What is a federation?

Answer 46

A federation is a group of domains with an established trust

Question 47

What is peering?

Answer 47

Peering is a technique for directly connecting two networks.