Exam Review 2

Question 1

What is the main goal of digital forensics?

Answer 1

To collect and protect information relating to an intrusion.

Question 2

What does RFC 3227 provide guidelines for?

Answer 2

Evidence Collection and Archiving in digital forensics.

Question 3

What is a legal hold in digital forensics?

Answer 3

A technique to preserve relevant information in preparation for impending litigation.

Question 4

What is the purpose of capturing video in digital forensics?

Answer 4

To record events and gather information external to the computer and network.

Question 5

What is important in maintaining a chain of custody for digital evidence?

Answer 5

Controlling evidence to maintain integrity and documenting everyone who contacts the evidence.

Question 5

What does the term ‘admissibility’ refer to in digital forensics?

Answer 5

The acceptability of data as evidence in a court of law.

Question 6

How is time offset important in digital forensics?

Answer 6

It helps to accurately interpret the timestamps of data collected from different file systems.

Question 7

Why are event logs significant in digital forensics?

Answer 7

They document important operating system and application events for future reference.

Question 8

How are network infrastructure devices secured?

Answer 8

Through configurations like authentication settings, security updates, and access limitations.

Question 9

What is the standard process for digital forensics?

Answer 9

Acquisition, analysis, and reporting of digital evidence.

Question 10

Why is operating system hardening important?

Answer 10

To secure the OS through updates, user account management, and network security measures.

Question 11

What is the purpose of application server hardening?

Answer 11

To secure programming languages and runtime libraries, disable unnecessary services, and apply security patches.

Question 12

What does the ISO/IEC 27001 framework focus on?

Answer 12

Information Security Management Systems.

Question 13

What is SSAE SOC 2 Type I/II in security standards?

Answer 13

An auditing standard for evaluating security controls like firewalls and intrusion detection.

Question 14

What is PCI DSS in security standards?

Answer 14

Payment Card Industry Data Security Standard, a standard for protecting credit card information.

Question 15

What role do deterrent controls play in security?

Answer 15

They discourage intrusion attempts without directly preventing access.

Question 16

What are compensating controls in security?

Answer 16

Controls that restore security using alternate means, like re-imaging or backup restoration.

Question 17

What are corrective controls in security?

Answer 17

Designed to mitigate damage, like IPS blocking attackers or backups for ransomware infection.

Question 18

How do detective controls function in security?

Answer 18

They identify and record intrusion attempts, like motion detectors and IDS/IPS.

Question 19

What is the purpose of preventive controls in security?

Answer 19

To physically control access, such as door locks and firewalls.

Question 20

What are the categories of security controls?

Answer 20

Managerial, operational, and technical controls.

Question 21

Symmetric Cryptographic Algorithms

Answer 21

Symmetric encryption uses a single shared key for both encryption and decryption. It’s faster than asymmetric encryption, with less overhead.

Question 22

How to review Sudo Commands?

Answer 22

The specific command to review all sudo commands issued by Terri is not detailed in the study guide.

Question 23

Power Distribution Units (PDUs)

Answer 23

PDUs provide multiple power outlets, usually in a rack, and often include monitoring and control to manage power capacity and enable/disable individual outlets.

Question 24

Uninterruptible Power Supply (UPS)

Answer 24

There are different types of UPS, including Offline/Standby, Line-interactive, and On-line/Double-conversion. Features include auto shutdown, battery capacity, and outlets.

Question 25

What does Cross-Site Scripting, SQL Injection, XML Injection Attacks have in common?

Answer 25

These are enabled due to bad programming and improper handling of input and output.

Question 26

What makes the Strongest Encryption Key?

Answer 26

Larger keys tend to be more secure. Common symmetric encryption key lengths are 128-bit or larger. Asymmetric encryption uses larger keys, often 3072 bits or larger.

Question 27

What is an Access Control List?

Answer 27

An ACL involves group/user rights and permissions and can be centrally administered. It’s used for accessing information stored on various media.

Question 28

What is a hardware root of trust?

Answer 28

It’s the basis of security trust, verifying if data is safely encrypted or if an OS has been infected. Examples include TPM and HSM.

Question 29

Why is boot integrity important?

Answer 29

It’s important because the boot process is a perfect infection point for rootkits, which run in kernel mode with the same rights as the operating system.

Question 30

What are some important network protocols?

Answer 30

IPSec (Authentication Header, Encapsulation Security Payload), FTPS, SFTP, and LDAP.

Question 31

What are the considerations for cipher suites?

Answer 31

Be wary of weak or null encryption (less than 128-bit key sizes), outdated hashes (MD5), and insecure protocols.

Question 32

What is a Faraday Cage and what is its purpose?

Answer 32

A Faraday Cage blocks electromagnetic fields, discovered by Michael Faraday in 1836. It’s made of conductive material and cancels electromagnetic fields’ effects on the interior.

Question 33

What are the methods for secure data destruction?

Answer 33

Methods include physically destroying the media, sanitizing the media for reuse, shredding/pulverizing, drilling/hammering, and electromagnetic degaussing.

Question 34

What is an air gap in the context of network security?

Answer 34

Information about air gaps was not found in the guide.

Question 35

What are the differences between on-premises and off-premises computing environments?

Answer 35

On-premises involves local hardware and servers in your building, while off-premises/hosted means servers are not in your building and might not run on your hardware.

Question 36

What is a differential backup?

Answer 36

It starts with a full backup, followed by subsequent backups containing data changed since the last full backup. Restoration requires the full backup and the last differential backup.

Question 37

Public Key Infrastructure (PKI)

Answer 37

Involves policies, procedures, hardware, software, and people for digital certificates creation, distribution, management, storage, and revocation.

Question 38

Cryptographic Protocols

Answer 38

Involves confidentiality, authentication, access control, non-repudiation, and integrity. Terms include plaintext, ciphertext, cipher, and cryptanalysis.