Messer exam 1

Question 1

fencing

Answer 1

the process of** isolating a node of a computer cluster or protecting shared resources** when a node appears to be malfunctioning.

Question 2

Authentication token

Answer 2

piece of information that verifies the identity of a user to a website, server, or anyone requesting verification of the user’s identity.

Question 3

Biometrics

Answer 3

the process of using electronic devices to identify people by recording and analyzing their unique physical or behavioral characteristics. used to access door

Question 4

Lighting

Answer 4

for outside building

Question 5

Security guard

Answer 5

protect lobby

Question 6

Access badge

Answer 6

used for door entrance

Question 7

Access control vestibule

Answer 7

also known as a mantrap, is a physical access control system that creates a space between two sets of interlocking doors. used in lobby

Question 8

operational

Answer 8

are often implemented by people instead of systems.
Security guards and awareness programs are examples of an operational control

Question 9

managerial

Answer 9

are **administrative controls associated with security design **
and implementation. ```
A set of policies and procedures would be an example of a
managerial control

Question 10

Physical

Answer 10

are used to** limit physical access**.

Badge readers, fences, and 
guard shacks 

are categorized as physical controls

Question 11

Technical

Answer 11

are implemented using systems. Operating system controls,
firewalls, and automated processes are considered technical controls.

Question 12

Something you have

Answer 12

During the login process, ```
your phone receives a
text message with a one-time passcode
~~~

Question 13

something you know

Answer 13

PIN

Question 14

something you are

Answer 14

bio metrics–fingerprint

Question 15

somewhere you are

Answer 15

Your login will not work unless you are
connected to the VPN

Question 16

Passive reconnaissance

Answer 16

**gathering as much information from
open sources such as social media, corporate websites, and business **
organizations

Question 17

Vulnerability scanning

Answer 17

Some active reconnaissance tests will query systems directly to see if a
vulnerability currently exists

Question 18

Supply chain analysis

Answer 18

will examine the security associated with a
supplier, and the analysis will not provide any information regarding a
company’s own servers and data

Question 19

Regulatory audit

Answer 19

A regulatory audit is a detailed security analysis based on existing laws or
private guidelines. A regulatory audit commonly requires access to internal
systems and data

Question 20

**DMARC **
**(Domain-based Message Authentication Reporting and Conformance)**

Answer 20

specifies the disposition of spam emails. The legitimate
owner of the originating email domain can choose to have these messages
accepted, sent to a spam folder, or rejected

Question 21

SPF (Sender Policy Framework)

Answer 21

is

a list of all authorized mail servers for 
a specific domain

. All legitimate emails would be sent from one of the
servers listed in the SPF configuration

Question 22

NAC (Network Access Control)

Answer 22

is a way to limit network access to only
authorized users. NAC is not commonly used to manage the transfer of
email messages.

Question 23

DKIM (Domain Keys Identified Mail)

Answer 23

provides a way to validate all
digitally signed messages from a specific email server. DKIM does not
determine how the receiving server categorizes these digitally signed
messages

Question 24

Root cause analysis

Answer 24

The goal of a root cause analysis is to explain the ultimate cause of an
incident. Once the cause is known, it becomes easier to protect against
similar attacks in the future

Question 25

`E-discovery`

Answer 25

**relates to the collection, preparation, review, interpretation, and production of electronic documents**. E-discovery itself is not involved with the research and determination of an attack's root cause

Question 26

`Risk appetite`

Answer 26

**describes the amount of risk an organization is willing to take before taking any action to reduce that risk**. Risk appetite is not part of a root cause analysis

Question 27

`Data subject`

Answer 27

**describes any information relating to an identified or identifiable natural person**, especially when describing or managing private information about the subject

Question 28

`Automation`

Answer 28

**Automation ensures that compliance checks can be performed on a regular basis** without the` need for human` `intervention`

Question 29

`Maintenance window`

Answer 29

****** describes the scheduling associated with the change control process . Systems and services generally have limited availability during a maintenance window

Question 30

`Attestation and acknowledgment`

Answer 30

With compliance, the process of attestation and acknowledgment is the **final verification of the formal compliance documentation**

Question 31

`External audit`

Answer 31

*can be a valuable tool* ``` for verifying the compliance process, ``` but an automated alert from a monitoring system would not be part of an external audit

Question 32

`Obfuscated`

Answer 32

describes the modification of data **to make something understandable into something very difficult to understand.**

Question 33

`Data in use`

Answer 33

**describes information actively processing** in the memory of a *system, such as system RAM, CPU registers, or CPU cache.*

Question 34

`Regulated`

Answer 34

**Reports and information created for governmental use** *are regulated by laws regarding the disclosure of certain types of data.*

Question 35

`Federation`

Answer 35

***allow members of one organization to authenticate using the credentials of another organization***

Question 36

EAP **(Extensible Authentication Protocol)**

Answer 36

**is an authentication framework ** *commonly associated with network access control*.

Question 37

MTBF (Mean Time Between Failures)

Answer 37

is a prediction of how often a repairable system will fail

Question 38

RTO (Recovery Time Objectives

Answer 38

define a timeframe needed to restore a particular service level

Question 39

MTTR (Mean Time to Restore)

Answer 39

is the amount of time it takes to repair a component

Question 40

RPO **(Recovery Point Objective)**

Answer 40

***describes the minimum data or operational state required to categorize a system as recovered.***

Question 41

MOA (Memorandum of Agreement) partner

Answer 41

is a formal document where both sides agree to a broad set of goals and objectives associated with the partnership.

Question 42

`SLA (Service Level Agreement)`

Answer 42

is **commonly provided** as a formal *contract between two parties* **that documents the minimum terms for services provided.**

Question 43

SOW (Statement of Work)

Answer 43

is a detailed list of items to be completed as part of overall project deliverables

Question 44

NDA (Non-Disclosure Agreement)

Answer 44

is a confidentiality agreement between parties. This question did not mention any requirement for privacy or confidentiality. More information

Question 45

Integrity

Answer 45

refers to the trustworthiness of data.

Question 46

Confidentiality

Answer 46

describes the privacy of data

Question 47

Availability

Answer 47

y describes the ability of an authorized user to access data

Question 48

Race condition

Answer 48

occurs when two processes occur at similar times, and usually with unexpected results.

Question 49

Memory injection

Answer 49

is commonly used by malicious software to add code to the memory of an existing process.

Question 50

Malicious update

Answer 50

occurs when a software patch installs unwanted or unauthorized code

Question 51

Deterrent

Answer 51

A deterrent control does not directly stop an attack, but it may discourage an action.

Question 52

Preventive control

Answer 52

A preventive control physically limits access to a device or area

Question 53

Corrective control

Answer 53

A corrective control can actively work to mitigate any damage

Question 54

Detective control

Answer 54

may not prevent access, but it can identify and record any intrusion attempts

Question 55

Compensating

Answer 55

doesn’t prevent an attack, but it does restore from an attack using other means

Question 56

Directive

Answer 56

is relatively weak control which relies on security compliance from the end users.

Question 57

Continuity of operations

Answer 57

Continuity of operations planning ensures that the business will continue to operate when these issues occur.

Question 58

Platform diversity

Answer 58

Using different operating systems and platforms can help mitigate issues associated with a single OS

Question 59

Cold site

Answer 59

has space and power, and likely connectivity, but will require that systems and data be put in place to be used

Question 60

Warm sites

Answer 60

have systems, connectivity, and power but do not have the live or current data to immediately take over operations

Question 61

hot site

Answer 61

can immediately take over operations

Question 62

Tabletop exercise

Answer 62

A tabletop exercise usually consists of a meeting where members of a recovery team or disaster recovery talk through a disaster scenario.

Question 63

Bollards

Answer 63

barricades are often used on the exterior of a facility to prevent access to motorized vehicles and channel people through a specific access location.

Question 64

Pressure sensors

Answer 64

are commonly used on doors or windows to detect movement in those devices.

Question 65

Record-level encryption

Answer 65

is commonly used with databases to encrypt individual columns within the database. This would store some information in the database as plaintext and other information as encrypted data

Question 66

Full-disk encryption

Answer 66

ensures that all data on a storage drive is protected

Question 67

Asymmetric encryption

Answer 67

uses a public and private key pair to encrypt data.

Question 68

Key escrow

Answer 68

describes the storage and management of decryption keys by a third-party

Question 69

Journaling

Answer 69

writes data to a temporary journal before writing the information to the database. If power is lost, the system can recover the last transaction from the journal when power is restored

Question 70

Off-site backups

Answer 70

can be used to recover a corrupted database, but this does not minimize or prevent database corruption from occurring

Question 71

Replication

Answer 71

is used to create a duplicate copy of data.

Question 72

MDM (Mobile Device Manager)

Answer 72

provides a centralized management system for all mobile devices. From this central console, security administrators can set policies for many different types of mobile devices.

Question 73

Segmentation

Answer 73

describes the separation of user data from company data, but the implementation all policies is managed by the MDM

Question 74

COPE (Corporately Owned and Personally Enabled)

Answer 74

commonly purchased by the corporation and allows the use of the mobile device for both business and personal use.

Question 75

False negative

Answer 75

A false negative is a result that fails to detect an issue when one actually exists

Question 76

Exploit

Answer 76

is an attack against a vulnerability.

Question 77

Compensating controls

Answer 77

are used to mitigate a vulnerability when an optimal security response may not be available. For example, if a company can't deploy a patch for a vulnerability, they can revoke or limit application access until a patch is provided

Question 78

Escalation

Answer 78

Automation can recognize security events and escalate a security-related ticket to the incident response team without any additional human interaction.

Question 79

Guard rails

Answer 79

are used by application developers to provide a set of automated validations to user input and behavior. Guard rails are not used by the help desk team

Question 80

Continuous integration

Answer 80

provides an automated method of constantly developing, testing, and deploying code.

Question 81

Resource provisioning

Answer 81

can be automated during the on-boarding and off-boarding process to quickly create or remove rights and permissions. Resource provisioning is not commonly part of the automation associated with security event notification.

Question 82

A33