Exam

Question 1

ISO27000 INFORMATION SECurity

Answer 1

Preservation of confidentiality, integrity and availability of information

Question 2

What determines a good hash function?

Answer 2

Fast
Not possible to revert
No collisions

Question 3

3 stages of security control

Answer 3

Storage, transmission and processing

Question 4

Application of hash functions

Answer 4

MAC
Check if a download is correct (no byte tampering)
Storing information such as password (compare the hashes to eachother)

Question 5

What does TLS achieve?

Answer 5

Encryption, authentication

Question 6

PORT for HTTPS and HTTP?

Answer 6

HTTPS: 443
HTTP: 80

Question 7

Confidentiality

Answer 7

The property that information is not made available or
disclosed to unauthorized individuals, entities, or
processes

Question 8

Availability

Answer 8

The property of being accessible and usable

upon demand by an authorized entity.

Question 9

Integrity

Answer 9

The property of accuracy and completeness

Question 10

ISO27001

Answer 10

Information Security Management System

It describes a framework setting up and managing an ISMS,
i.e. establishing and operating a security program within an organisation

Question 11

ISO27005

Answer 11

risk management process

Question 12

ISO27002

Answer 12

Code of practice for information security management

It provides a checklist of security controls that organisations
can consider using and implementing.

Question 13

Risk treatment strategies

Answer 13

– Reduce,
share,
retain/accept,
avoid

Question 14

Authorization

Answer 14

Authorization is to specify access and usage permissions for entities, roles or
processes

Question 15

biometric requierment

Answer 15

Universality:
Each person should have the characteristic;
Distinctiveness:
Any two persons should be sufficiently different in
terms of the characteristic;
Permanence:
The characteristic should be sufficiently invariant
(with respect to the matching criterion) over a period
of time;
Collectability:

Question 16

Threat scenario modelling:

Answer 16

– Attacker centric, architecture centric, and asset centric

Question 17

TPM

Answer 17

TRustedf platform module
-Sealed storage/encryption
Authenticated boot
-Remote attestation

Question 18

Phases in incident response

Answer 18

analysis
– containment
– eradictation
– normalization

Question 19

Parameters (block and key size) of AES

Answer 19

Block: 128
Key: 128, 192, 256

Question 20

3 categories of security controls

Answer 20

physcial: lock
administrative: polciies
, technologiaal: encryption

Question 21

3 functional sec

Answer 21

Preventive: Encryption
detective: Intrusion detection system
corrective security: REstore to backup

Question 22

Type 1 and type 2 virtualization architecture

Answer 22

Type1: Hyeprvisoper -1, OS 0
Type2: OS 0: Rest is 3 (including hypervisor)

Question 23

Type 1 and type 2 virtualization architecture

Answer 23

Type1 (No hostOS between): Hyeprvisoper -1, OS 0

Type2: OS 0: Rest is 3 (including hypervisor)

Question 24

phases in incident response

Answer 24

analysis
– containment
– eradictation
– normalization

Question 25

Risk assessment process

Answer 25

Identification: Assets, threats
Analysis: Value of assets, likelyhood
Evaluation: Rank risk, compare with criteria

Question 26

Elkement of ISMS cycle

Answer 26

Planning, Risk assessment, security controlls, evaluation, reporting

Question 27

entity

Answer 27

A person, organisation, agent, system, session, process, etc

Question 28

identity

Answer 28

A set of names / attributes of entity in a specific domain
An entity may have identities in multiple domains
An entity may have multiple identities in one domain

Question 29

DAC

Answer 29

Discretionary access control

Linux, r,w,x

Question 30

tls dh

Answer 30

Client and server perform Diffie-Hellman-Exchange (DH)
Server signs his DH value with server private key (RSA)
Client validates signature with server public key (RSA)

Question 31

tls pic

Answer 31

see pic pohne