Domain 1

Question 1

CIA - Authorization - Attacks

Answer 1

Confidentiality - MAC - Social Engineering
Integrity - RBAC - HASH
Availability - DAC - DDoS

Question 2

IAAA

Answer 2

Id
Authentication - something ur, know, have
Authorization - DAC, MAC, RBAC, ABAC
Accounting - Logs

Question 3

Content base AC vs Context

Answer 3

Access content based on rights
Access based on parameters/ conditions

Question 4

Qualitative risk vs quantitative

Answer 4

How likely it is to happen
How much it’ll cost if it happens

Question 5

DAC, MAC, RBAC, ABAC

Answer 5

Access based on given rights by owner
Confidentiality like military
Access based on role given and assigned job
Policy engine gives access based on conditions and role

Question 6

Access control category

Answer 6

Admin (directive) - policy
Tech (logic) - hardware/ software
Physical - locks

Question 7

Access Control Types

Answer 7

CC PDD
corrective, compensating, preventive, detective, deterrent

Question 8

Risk Cyle

Answer 8

ID risk > risk assessment (Q2) > risk response (second, transfer, avoidance, Do not Reject risk) > Contro/monitoring ( KGI, KPI, KRI)

Question 9

Risk = threat X vulnerability

Answer 9

Likelihood

Question 10

Criminal, Civil, ECPA, CFAA, PC-DSS

Answer 10

Punish/ deter society, individuals/ group, protect against wire tapping, law to prosecute crime, credit card standard

Question 11

Security governance principle
Vision, mission, strategic objectives, Action, guidelines

Answer 11

Hope, motivation, plans/goals, resource, recommendation (non mandatory)

Question 12

BCP, COOP, crisis communication plan, OEP, BRP

Answer 12

process of creating long term strategic planning and procedure after disaster.
How we operate during a disaster.
Person speaks to press.
How we protect facility and staff in disaster.
List of steps needed to recover back to normal business from disaster.

Question 13

CMP

Answer 13

Coordination w management in an emergency, steps to ensure safety of personnel

Question 14

DRP cycle

Answer 14

Disaster recovery plan
Mitigation ( pre disaster mitigation), preparation (educ), response ( emergency plan), recovery ( post disaster recovery)

Question 15

DRP Simulated test - Review, read through, walk through, simulation

Answer 15

Team looks at gaps
Manager goes through recovery process
Tabletop
The whole team does scenario

Question 16

DRP physical test - partial interruption, response, recovery

Answer 16

Off hours
How we react
Re establish recovery

Question 17

BIA, RPO, MTTR, MOR, MTBF

Answer 17

Id critical and non critical system
Acceptable data we can loose
how long it’ll take to recover
Minimum requirements to operate
How long new component will fail

Question 18

Incident management (event)

Answer 18

Monitor/ detection of security event and react to them
Event > alert > incident > problem > inconvenience > emergency > disaster > catastrophe

Question 19

Incident management life cycle

Answer 19

Prep (prepare for incident) > detect (analyze IPS) > response (team works on affected system) > mitigation (know the cause) > Report/recover/remediation > lessons learned

Question 20

Identify and access provisioning life cycle

Answer 20

Policy defines a persons credential access NO activity FOR 30 days

Question 21

Federated ID, FIDM, SSO

Answer 21

Persons electronic ID across systems
Policy to manage ID of user across org USAF
CAC - single sign on for multiple system

Question 22

Lights, CCTV, fence, TSA, Guard, Dog

Answer 22

Detect/deter
Deter/preventative
Preventative, detective, deterrent
Deterrence, detect, prevent, compensate
Deter, detect, compensate

Question 23

Separation of duties, Job rotation, Mandatory vacation

Answer 23

Need 2 people to do the task.
Detect error/ fraud like turnover, rotate jobs.
One person is not performing the same task

Question 24

Data classification

Answer 24

TS war plans - Confidential trade secrets (grave danger)
S deployment plans - Private PII (serious damage)
Confidential report - Sensitive system info (damage)

Question 25

Circuit switching, packet switching, QoS

Answer 25

One dedicated circuit (Caro) Switches packets (cheap) Prioritizes specific data traffic like voip

Question 26

LAN, MAN, WAN, GAN

Answer 26

Local like Campus KState Like Manhattan Manhattan to KC Global

Question 27

IPV4 vs IPV6

Answer 27

32 bits 128 and IPSEC

Question 28

ARP, ICMP

Answer 28

Has IP and ask network who has it to receive MAC address so they can communicate. Network analysis tool, ping, trace route

Question 29

HTTP, HTTPS, DHCP ports, NAC

Answer 29

80 443 67 server 68 client assigns IP to client System adheres to security policy

Question 30

STP, UTP

Answer 30

Extra shielded Un shielded wire

Question 31

VLAN, VXLAN Layer

Answer 31

Layer 2 Physically shares switch but virtually separated Beyond switch can go to multiple locations

Question 32

Router layer, static, default gate way, dynamic route, metric

Answer 32

Layer 3 IP and port connect LAN to WAN. Preconfigured route admin has to create. Sends non local traffic to ISP our exit to internet. Auto routing. Determines best route.

Question 33

OSI layers

Answer 33

Please(bit) do(frame) not(packet) throw(segment) sausage pizza away (data)

Question 34

TCP/IP

Answer 34

Link physical (1-2), network 3, transport 4, application (5,6,7)

Question 35

SDN, SD-WAN, SDx

Answer 35

Control/manage network via software separate control and data plane. Connects multiple WAN in single point to use resource. Connects to everything

Question 36

Stealth, polymorphic, multipart, macro

Answer 36

Hide from OS, changes signature definition, spreads in different vector, document/file

Question 37

Signature, heuristic

Answer 37

Looks for signature (pattern) Behavior

Question 38

HIPS, NIDS/NIPS

Answer 38

Can see unencrypted data on workstation. Can’t look at encrypted

Question 39

IDS, IPS, attacks fragmentation, avoid default, low bandwidth

Answer 39

Sends alert Takes action Sends fragmented packet Attacker using unexpected port Did attackers using numerous ports

Question 40

TP, TN, FP, FN

Answer 40

Attack/system acts Normal traffic/nothing Normal traffic/ system attacks Attack/ system doesn’t act

Question 41

SOAR

Answer 41

SEIM W AI

Question 42

Firewall layer, stateful filtering, attack, proxy

Answer 42

Layer 1-3. 1-4 if in routing table it’s good, need to connect with outside so they can communicate. DDoS to overwhelm table. Gateway from one net to another asking request from internet

Question 43

NGFW, DMZ, stuxnet, hypervisor, type 1 and 2, attack on cloud

Answer 43

IDS/IPS antivirus w deep packet inspection. Segregated network between firewall. 3 modules worm>link>rootkit. Controls access bw guest and host hardware. Metal installed on top of hardware, everything runs on HV. Runs in computers OS. VM escape attacker jumps from host to client.