Flashcards

Question 1

EISA

Answer 1

Enterprise Information Security Architecture - the practice of applying a comprehensive and rigorous method for describing a current and/or future structure and behavior for an organization’s security processes

Question 2

What are the 5 asset ownership categories?

Answer 2

1. Owner – owns the information, determines the classification level
2. Steward – manages the data/metadata, ensures compliance (standards/controls) and data quality
3. Custodian – keeper of the information, ensures CIA is maintained (security role)
4. User – accesses data
5. CPO – Chief Privacy Officer ensures privacy of all data in the entire organization, manages all other roles

Question 3

Define a Data Retention Policy.

Answer 3

A data retention policy identifies how, where, and why data will be retained (e.g. operational use, adherence to legal and regulatory requirements, periodic audits, etc.) The intent is to define how long data needs to be kept.

Question 4

What is the difference between data Sanitization and data Destruction?

Answer 4

Data Sanitization – Data is irreversibly removed from media

Data Destruction – Data and media are both destroyed

Question 5

Name 4 methods of data sanitization.

Answer 5

1. Degaussing – removing the magnetic field of drive
2. Purging – clearing everything off the media
3. Wiping – overwriting every sector of drive with 1 and 0
4. Encryption – encrypting all files before deleting or disposing of media

Question 6

Name 4 methods of data destruction.

Answer 6

1. Burning – incinerating fibers
2. Shredding – cutting vertical/horizontal lines
3. Pulverizing – reducing fibers into fine particles using crushing, grinding, etc.
4. Pulping – breaks down fibers using chemicals

Question 7

What are the government data type categories?

Answer 7

• Top Secret
• Secret
• Confidential
• Sensitive But Unclassified (SBU)
• Unclassified

Question 8

What are the private sector data type categories?

Answer 8

• Confidential
• Private
• Sensitive
• Public

Question 9

What are the 5 security control types?

Answer 9

• Preventive – Stops attacker from performing attack
• Detective – Identifies an attack that is happening
• Corrective – Restores a system to state before attack
• Deterrent – Discourages attacker from performing attack
• Compensating (recover) – Aids controls already in place

Question 10

What are the three security control categories?

Answer 10

1. Administrative – Defines policies, procedures, and guidelines (e.g. password policy, hiring/screening policy, mandatory vacations, training).
2. Technical – Controls access to a resource (e.g. firewalls, encryption, passwords, IDS/IPS, smartcards, biometrics, etc.)
3. Physical – Controls access to facility (e.g. locks, guards, fences, video cameras, gates, etc.)

Question 11

What are the three data states?

Answer 11

• Data at Rest (storage) – Data on hard disks, memory cards, datacenters, cloud storage, archives, and backups, external and removable drives, etc.
• Data in motion (transit) – Data sent on LAN, WAN, MAN, dedicated lines, wired, wireless, etc.
• Data in use – Data in CPU registers, RAM memory, volatile storage such as router/switch, etc.

Question 12

How do you protect data at rest?

Answer 12

• Conventional perimeter-based defenses like firewalls, IPS, and antivirus programs
• Defense-in-depth access controls and MFA
• Volume, disk, and file encryption
• Partitioned storage (i.e. container security)

Question 13

How do you protect data in motion?

Answer 13

• Encapsulation
• Dedicated Channels (e.g. B2B)
• Transport Layer Security (SSL/TLS 1.2)
• IPSec VPNs
• Extensible Authentication Protocol (EAP) wireless variants
• 802.1X and 802.11AE MACsec

Question 14

What does CIA or Security Triad stand for?

Answer 14

• Confidentiality – ensuring only authorized users have the ability to access sensitive information
• Integrity – ensuring only authorized subjects can edit/change/delete data
• Availability – ensuring data access is uninterrupted

Question 15

What is a cryptographic hash?

Answer 15

Maps data of any size to a fixed-length string (e.g. hash value, fingerprint, checksum, message digest, etc.). It is a one-way mathematical function with 128-512 bit length

Question 16

What is hashing used for?

Answer 16

• Authentication
• Data integrity
• Nonrepudiation
• Fingerprinting
• Password storage

Question 17

What are common hashing functions?

Answer 17

• MD5 (128-bit digest produced)
• SHA-1 (160-bit digest produced)
• SHA-2 and SHA-3
• RIPEMD (128-, 160-, 256-, 320-bit versions)
• Hashes are actually only half as strong as the key lengths due to the birthday paradox

Question 18

What is a Substitution Ciphers?

Answer 18

Replaces one letter for another. They are based on a rotation scheme or other key. Common ciphers include ROT13 and Caesar ciphers.

Question 19

What is a Polyalphabetic Cipher?

Answer 19

Replaces letters using multiple substitution alphabets and character sets. Vigenere is an example that uses a series of different Caesar ciphers based on the letters of a keyword (or secret key).

Question 20

What is a Transposition Cipher?

Answer 20

Rearranges or permutates letters (e.g. Rail Fence Cipher)

Question 21

What is the One-Time Pad (OTP) encryption cipher?

Answer 21

Considered unbreakable. Uses random number generator (RNG) or pseudorandom (PRNG) keys to generate values. Must be as long as the original message, which makes it difficult to deploy. (e.g. Vernam’s cipher)

Question 22

What are the different types of encryption keys?

Answer 22

• Manually generated
• Number generated
o Random number generator (RNG)
o Pseudorandom number generator (PRNG)
• Static keys
• Session keys
• Ephemeral keys  (not stored in long-term memory)

Question 23

What does “Forward Secrecy” mean to encryption?

Answer 23

Forward Secrecy is the use of short-term keys not used in any past sessions. It protects past sessions against future compromises of secret keys or passwords. A public-key cryptosystem has the optional property of forward secrecy when it generates one random secret key per session to complete a key agreement without using a deterministic algorithm (i.e. IPSec).

Question 24

What is the difference between Symmetric and Asymmetric encryption?

Answer 24

Symmetric algorithms use the same secret key for encryption and decryption. Asymmetric algorithms use different keys.

Question 25

What are the characteristics of Symmetric Algorithms?

Answer 25

• Same secret key is used for encryption and decryption (key must be shared between sender and receiver securely)
• Key is typically from 40 – 512 bits in length
• Examples: DES (inactive), 3DES (3 iterations of DES – encryption, decryption, encryption), RC4, Blowfish/Twofish, AES (standard – 128, 192, and 256 Bits), and AWS uses AES-246 GCM

Question 26

What are the Benefits of Symmetric Algorithms?

Answer 26

Fast (wire-speed encryption, used for bulk data encryption such as VPN)

Question 27

What are the characteristics of Asymmetric Algorithms?

Answer 27

• Different keys are used for encryption and decryption (generated together and mathematically related)
• Public Key is shared with many, Private key is kept secret by owner
• Keys range from 512 to 4,096 bits in length
• Examples: RSA, DSA, Elliptic curve DSA, PGP/GPG, Diffie-Hellman

Question 28

What are the benefits of Asymmetric Algorithms?

Answer 28

• Key management is simpler and more secure

* Best suited for digital signatures and session key exchange or agreement protection

Question 29

What are the downsides of Asymmetric Algorithms?

Answer 29

• Slower than symmetric encryption (not suitable for bulk data encryption)
• Design based on large numbers, computing discrete logarithms of large numbers

Question 30

How does asymmetric encryption change for Privacy vs Authentication?

Answer 30

• Privacy = Encrypt with public key, Decrypt with private key
• Authentication (Origin) = Encrypt with private key, Decrypt with public key

Question 31

What is the most popular encryption algorithm worldwide?

Answer 31

• RSA (Ron Rivest, Adi Shamir, and Leonard Adleman) – 1978 at MIT
• Based on factoring large numbers into their original prime number
• Commonly used for digital signatures, key exchanges, and encryption

Question 32

What encryption is primarily used by governments and military?

Answer 32

• DSA (Digital Signature Algorithm)
• Patented in 1991 by David W. Kravits, former NSA employee, but NIST made the patent royalty-free
• Commonly used for digital signatures

Question 33

What does a Data Loss Prevention (DLP) solution provide?

Answer 33

Provides strategic methods for ensuring that end users do not transmit sensitive or critical information outside the corporate network to stop data breaches and data leakage.

Question 34

What does PII stand for?

Answer 34

Personally Identifiable Information (PII) = Individual’s identifiable information (e.g. first name, last name, etc.)

Question 35

What does PHI stand for?

Answer 35

Protected Health Information (PHI) = Individual’s identifiable health information that contains at least on piece of information – name, address, birth date, phone number, mail or e-mail address, SSN, URL, IP, etc.

Question 36

What does AUP stand for?

Answer 36

Acceptable Use Policy

Question 37

What is Crypto Collision?

Answer 37

When two message inputs generate the same hash value

Question 38

What is the difference between Cryptography and Cryptanalysis?

Answer 38

Cryptography – Study and practice of security communications (e.g. encryption, hashing)
Cryptanalysis – study and practice of exploiting weaknesses in communication

Question 39

What is Ellptic Curve asymmetric encryption?

Answer 39

• Rich mathematical functions (Values of points on a curve used in formula for encryption and decryption)
• Most efficient (smaller keys providing exceptional strength – 3,072 standard key – 246 elliptic curve key – used in IOT devices with limited resources)
• Commonly uses include digital signatures, key distribution, encryption

Question 40

What is the Diffie-Hellman asymmetric algorithm?

Answer 40

• The first key agreement asymmetric algorithm used for generating shared secret keys
• Same shared secret used all the time between parties

Question 41

What does DH encryption stand for?

Answer 41

Diffie-Hellman

• Same shared secret used all the time between parties

Question 42

What does DHE/EDH encryption stand for?

Answer 42

Ephemeral Diffie-Hellman

• Different shared secret used each time between parties

Question 43

What does ECDH encryption stand for?

Answer 43

Elliptic-curve Diffie-Hellman
• Uses EC Public/Private key pair
• Same shared secret used all the time between parties

Question 44

What does ECDHE/ECEDH encryption stand for?

Answer 44

Ellptical-Curve Ephemeral Diffie-Hellman
• Uses EC public/private key pair
• Different shared secret used each time between parties

Question 45

Name 5 different encryption attack classifications.

Answer 45

• Ciphertext only – attacker has access only to a collection of ciphertexts or codetexts
• Known plaintext – attacker has a set of ciphertexts to which he or she knows the corresponding plaintext
• Chosen Plaintext – attacker can get the ciphertexts (plaintexts) corresponding to an arbitrary set of plaintexts (ciphertexts)
• Adaptive Chosen Plaintext – attacker can choose subsequent plaintexts based on info learned from previous encryptions
• Related Key – attacker can obtain ciphertexts encrypted under two different keys, keys are unknown but relationship is known

Question 46

What security-related activities do Routers perform?

Answer 46

o Network Address Translation (NAT)
o Infrastructure Access Control List (ACLs)
o Unicast and multicast Reverse Path Forwarding
o Integrated and modular L2-7 NGFW and IPS
o VPN gateways for TLS and IPSec
o URL filtering and caching
o Integration with various cloud services (web, email, DLP, antimalware)

Question 47

What are firewalls?

Answer 47

• Integrated systems of threat defense functioning at Layers 2 – 7
• Physical or virtual firewalls should be placed between all zones, domains, and partitions
• Network or application-based firewalls
• Restrictive (locked-down) vs. Permissive (allow, unless)
• Stateless (packet filtering) vs. Stateful (maintains state)
• Classic firewalls use interface-based ACLs and inspection rules

Question 48

What can next-generation firewalls (NGFW) do?

Answer 48

• Layer 5-7 policies
• Authentication proxy
• Identity services
• Integrated IDS/IPS
• Content security
• Advanced malware protection
• URL filtering
• Botnet filtering
• Cloud correlation and participation

Question 49

What is an Asynchronous Transfer Mode (ATM) network?

Answer 49

A non-IP cell-switching protocol running on multiple layers: Physical, ATM, and ATM adaptation Layers

Question 50

What is a Converged IP network?

Answer 50

Commonly refers to a unified LAN, WAN, or MAN that uses multiple media (wired, wireless, cellular, satellite) to carry a variety of traffic types (data, voice, video, conferencing, etc.) without the need for separate networks for each.

Question 51

Describe the 7 Network Layers of the Open Systems Interconnect (OSI) Model.

Answer 51

Layer 7 – Application
Layer 6 – Presentation (compression, encryption)
Layer 5 – Session
Layer 4 – Transport
Layer 3 – Network
Layer 2 – Data Link (LLC, node to node data delivery, physical/MAC addresses, frames)
Layer 1 – Physical (Cables, Connectors, Repeaters, Hubs)

Question 52

What activity occurs at the Data Link (Layer 2) of the OSI model?

Answer 52

• Physical addressing
• Frame traffic control
• Frame sequencing
• Frame acknowledgement
• Frame delimiting
• Frame error checking
• Establishing and terminating links
• Media access management
• Error control
• Flow control
• Access control

Question 53

What does the Logical Link Control (LLC) sublayer of the Data Link layer determine?

Answer 53

The LLC is the interface between media access methods and the network layer protocols. It determines if communication will be Connectionless (UDP) or Connection-Oriented (TCP).

Question 54

What is a MAC Address?

Answer 54

A Medium Access Control (MAC) address is responsible for connection to physical media. It is a 12-digit hexadecimal number unique to every computer.

Question 55

What activity occurs at the Network (Layer 3) of the OSI model?

Answer 55

• Packet addressing
• Converting MAC (Physical) to IP (Logical) address
• Source-to-destination delivery
• Routing (provides logical connection between different networks, combines various networks to form a larger network)
• Subnet control (throttling)