Mod A

Question 1

Also known as encapsulation, a characteristic of object-oriented programming (OOP) and used to isolate objects and subjects from each other

Answer 1

data hiding

Question 2

Processors typically support 2 states:

Answer 2

supervisor aka kernel mode
problem aka user mode

Question 3

In ____ state, the processor is operating at the highest privileges which means running process has access to all info on that system

Answer 3

supervisor

Question 4

In ____ state, the processor can access info that is has been granted the privileges to access

Answer 4

problem

Question 5

The process of logically segregating functions of hardware and software so that changes in the processes do not affect the other layers.

Answer 5

layering

Question 6

In a brute force attack, the attacker has access to only the ______ text

Answer 6

cipher

Question 7

In a known plaintext attack, the attacker has access to _____ text

Answer 7

both plain and cipher text

Question 8

A type of known plain text attack in which multiple sets of plaintext and corresponding ciphertext can be analyzed for patterns or trends which can help extract the key

Answer 8

Linear cryptanalysis

Question 9

A legal liability concept that requires an organization review its practices to ensure that protection requirements are met.

Answer 9

due diligence

Question 10

Practicing due diligence can help create a defense against _____

Answer 10

negligence

Question 11

A legal liability concept that defines the minimum level of info protection that a business must achieve

Answer 11

due care

Question 12

The process of measuring business practices against the judgement of any reasonable individual is also known as the ______ rule

Answer 12

prudent man

Question 13

This law was created in 1974 to govern the way federal agencies use and distribute personal information of U.S. citizens. It states that agencies cannot disseminate personal info without the permission of the individual. U.S. census and labor statistics are exempt.

Answer 13

U.S. Privacy Act of 1974

Question 14

Created to provide a framework for how info traverses international borders. This guideline contains the following principles:

collection limitation
data quality
purpose specification
use limitation
security safeguards
openness principle
individual participation
accountability

Answer 14

OECD Guidelines

Question 15

A link-state routing protocol that learns the entire network topology for the area using cost

Answer 15

OSPF

Question 16

A distance-vector routing protocol that is only aware of directly connected neighbor routers and uses hop count as a metric

Answer 16

RIP

Question 17

____ routing protocols send updates only when the network topology changes.

Answer 17

link-state

Question 18

____ routing protocol sends entire content of the routing table to all neighbor routers every 30 seconds by default whether or not a topology change occurs

Answer 18

RIP

Question 19

Data stored in a cloud is considered data at ___ and is not considered in transit until accessed over the internet

Answer 19

rest

Question 20

Data stored in a SAN is considered data at ____-

Answer 20

rest

Question 21

DNS servers use a ______ to store information about how to resolve IP addresses to domain names

Answer 21

hierarchical database

Question 22

A ___ file is a flat file database that stores domain name resolution info locally. When DNS is unavailable, the computer might be able to resolve IP addresses of domain names by looking up info stored on this file.

Answer 22

hosts

Question 23

A ____ database can be accessed, read, and written to by using code written in OOP language

Answer 23

Object-oriented

Question 24

This database created relationship between records in tables by using primary keys.

Answer 24

relational

Question 25

An open standard defined in Request for Comments (RF) 6749 that provides third-party application delegated access to resources without providing the owners credentials to the application

Answer 25

OAuth 2.0

Question 26

An open standard developed by OASIS used to exchange authentication and authorization info. It is used to provide a standard way of encoding info so that info can be read and processed by multiple independent systems

Answer 26

SAML (extensible markup language (XML))

Question 27

A XML based open standard developed by OASIS used for SSO. It is based on DSML (directory services markup lanaguage) that can be used to present LDAP info in XML format.

Answer 27

SPML (security provisioning markup language)

Question 28

A XML based open standard developed by OASIS and is used to define access control policies. Most commonly used for attribute or role based policies and used in combination with SDN (software defined networking) systems

Answer 28

XACML

Question 29

Port numbers from ___ to ___ are registered ports and are assigned by IANA. Also called user ports.

Answer 29

1024 - 49151

Question 30

Port numbers from ___ to ___ are system ports and are assigned by IANA. Also called well known ports.

Answer 30

0 - 1023

Question 31

Using antivirus software is a _____ access control

corrective
directive
preventive
detective

Answer 31

corrective

(ex: antivirus can take corrective action to repair damage caused by a computer virus)

Question 32

A security standard based on British Standard 7799 (BS 7799) focused on security governance

Answer 32

ISO 27001

Question 33

This standard use to be ISO 17799 and is based on British Standard 7799 (BS 7799). It defines security objectives and provide a list of security controls based on industry best practices

Answer 33

ISO 27002

Question 34

An IT management framework created by the Information Systems Audit Control Association (ISACA) and IT Governance Institute (ITGI). It is used by security architects to provide an example of minimum security requirements of any organization.

Answer 34

COBIT (Control objects for information and related technology)

Question 35

RTO + WRT = ?

Answer 35

MTD (max tolerable downtime)

Question 36

The amount of time a business can survive without a particular service

Answer 36

RTO (recovery time objective)

Question 37

A hardware rating that indicates how long a system should run before failing, on average.

Answer 37

MTBF (mean time between failures)

Question 38

Indicates the amount of time it will take to recover a failed device or system

Answer 38

MTTR (mean time to repair)

Question 39

AH is typically used wtih ESP in ___ mode

Answer 39

transport

(because IP headers are encrypted in tunnel mode)

Question 40

ESP provides _____ for IPSec VPN tunnels

Answer 40

confidentiality

Question 41

AH provides ____ and ___ for IPSec VPN tunnels

Answer 41

authentication and integrity

Question 42

In ____ mode, ESP encrypts the entire packet including the IP headers and data. AH uses the IP headers to authenticate packets.

Answer 42

tunnel

Question 43

In ___ mode, ESP encrypts only the packet data, leaving the IP headers unencrypted

Answer 43

transport

Question 44

When AH and ESP are used together, ______ must establish separate SAs (4 total) for each protocol.

Answer 44

Internet Security Association and Key Management Protocol (ISAKMP)

Question 45

A ___ creates a separate collision domain for each port on it.

Answer 45

switch

Question 46

Groupings of subject and objects that have the same security requirements are called

Answer 46

security domains

Question 47

Ring 0 of CPU ring model

Answer 47

Kernel

Question 48

Ring 1 of CPU ring model

Answer 48

OS components that are not the kernel

Question 49

Ring 2 of CPU ring model

Answer 49

Device drivers

Question 50

Ring 3 of CPU ring model

Answer 50

Users

Question 51

Process of hiding the operational complexity of a system from a system’s user

Answer 51

Abstraction

Question 52

What are the 5 rules of evidence?

Answer 52

Be authentic
Be accurate
Be complete
Be convincing
Be admissable

Question 53

An open standard method for decentralized authentication that is maintained by Open ID Foundation but uses RFC 6749 as a framework. It uses JSON Web Tokens (JWTs) and operates as a REST web service

Answer 53

OpenID Connect

Question 54

Standard defined by RFC 5849

Answer 54

OAuth 1.0

Question 55

A ____ is designed to prevent theft of computer equipment and is typically bolted to the wall, floor, or large immobile surface

Answer 55

lockdown enclosure

Question 56

System ____ involves removing system service that are not required for the system to perform its intended function

Answer 56

hardening

Question 56

Is a firewall a multihomed device?

Answer 56

Yes

Question 57

___ firewalls maintain a state table and make forwarding decisions based on the state of each session

Answer 57

state

Question 58

____ filtering firewalls makes simple filtering decision based on each individual packet

Answer 58

packet

Question 59

Are stateful firewalls more secure than packet filtering firewalls?

Answer 59

Yes, because packet filtering requires you open both inbound and outbound traffic, meaning exposure of the internal network to undesirable inbound traffic on that port.

Question 60

____ firewalls terminate the connection with the source device and initiate a new connection with the destination to hide the true source of the traffic

Answer 60

Proxy

Question 61

What is the documentation for a system or product to be tested? It is used to test the security of IT products with the goal to identify and remove known vulnerabilities from a product rather than discover new vulnerabilities.

Answer 61

Common Criteria (CC) Security Target (ST

Question 62

In CC ST, the ____ is the system or product that is to be tested

Answer 62

target of evaluation

Question 63

In CC ST, the ___ is the documentation that describes the ToE and any security requirements

Answer 63

ST (security target)

Question 64

In CC ST, the ___ is a set of security requirements and objects for the type of product to be tested

Answer 64

Protection Profile (PP)

Question 65

In CC ST, the ___ is a rating level that is assigned to the product after the product has been tested

Answer 65

Evaluation Assurance Level (EAL)

Question 66

How many EALs are in CC ST? Name them.

Answer 66

7 ratings

1. functionally tested
2. structurally tested
3. methodically tested and checked
4. methodically designed, tested, and reviewed
5. semi-formally designed and tested
6. semi-formally verified, designed, and tested
7. formally verified, designed, and tested

Question 67

The safest fire suppression system in an electrical environment is

Answer 67

FE-13 because it is safe for humans and computer equipment

Question 68

Is FE-13 safer than FM 200?

Answer 68

Yes, FE-13 can be breathed up to 24 percent while FM-200 is 9 percent

Question 69

___ should be used as a fire suppression agent only in areas that are unstaffed

Answer 69

CO2

Question 70

The ____ requires that each EU member nation create its own centralized data protection authority

Answer 70

GDPR

Question 71

GDPR requires companies to inform authorities of major data breached within how many hours?

Answer 71

72

Question 72

Although sometimes used interchangeably, security marking and security labeling are different:

______ marking refers to the use of human readable security attributes while ____ refers to the use of security attributes for internal data structures within the information systems

Answer 72

marking; labeling

Question 73

___ stacks enable hosts to communicate with both IPv4 and IPv6 hosts. They are configured with both addresses.

Answer 73

Dual

Question 74

The tunneling method, ____ is used to pass IPv4 traffic over an IPv6 only network

Answer 74

4to6 tunneling

vice versa = 6to4 tunneling

Question 75

A ____ can quarantine a host that does not comply with a security policy. It intercepts hosts that are not yet registered on the network then sends the host’s information to an authentication server to see if the host complies.

Answer 75

NAC (network admission control)

Question 76

RAID ___ provides striping for a set of mirrored disks

Answer 76

10

Question 77

RAID ___ aka a striped set, uses striping which is a method of writing data across multiple hard desks to increase performance.

Answer 77

0

Question 78

RAID ___ provides mirroring but not increased write performance. AKA a mirrored set

Answer 78

1

Question 79

RAID 3 and 4 provides striping for a set of mirrored disks that use parity to provide fault tolerance. RAID ___ stripes data at the byte level while RAID ___ stripes data at the block level.

Answer 79

3;4

Question 80

What are the BCP (business continuity plan) steps?

Answer 80

1. Develop a BCP policy statement
2. Conduct a BIA
3. Identify preventive controls
4. Develop recovery strategies
5. Develop an IT contingency plan
6. Perform DRP training and testing
7. Perform BCP/DRP maintenance

Question 81

___ level managers are responsible for developing and agreeing to the BCP policy statement

Answer 81

C-level (ex: CEO, CFO, CIO)

Question 82

A ____ identifies business systems and processes that are critical for a company to continue to operate

Answer 82

BIA (business impact analysis)

Question 83

A _____ is also called a tabletop exercise and is a simulation where no actual recovery occurs. The teams talk through the process to identify any logical gaps

Answer 83

structured walk-through test

Question 84

A _____ also called a walk-through drill is a simulation in which team members actually carry out the recovery process and performed after regular business hours.

Answer 84

simulation test

Question 85

The BCP and DRP should be reviewed every ___ months and a formal audit should be performed ___

Answer 85

3; annually

Question 86

____ security guards are guards that are trained and employed by the company that requires them.

Answer 86

Proprietary

Question 87

ASTM standard Class 1 gate is

Answer 87

Residential (house)

Question 88

ASTM standard Class 2 gate is

Answer 88

Commercial/General Access (parking garage)

Question 89

ASTM standard Class 3 gate is

Answer 89

Industrial/Limited access (loading dock for 18 wheeler trucks)

Question 90

ASTM standard Class 4 gate is

Answer 90

Restricted Access (airports, prisons)

Question 91

Kerberos and Secure European System for Applications in a Multi-vendor Environment (SESAME) are examples of ___ model

Answer 91

SSO (single sign on)

Question 92

___ is the process of providing access to a company’s data resources to organizations or parties that are not owned by the company

Answer 92

FIM (federated identity management)

Question 93

____ model of FIM uses a single organization to manage the authentication and verification process for each company that is participating in the model. Also known as bridge model

Answer 93

trusted third-party

Question 94

___ model of FIM that enables participants to trust another participants PKI. It is difficult to manage as the organization increases

Answer 94

cross-certification

Question 95

You can find a X.509 certificates’s serial number or revocation date on a ___

Answer 95

CRL (certificate revocation list)

Question 96

The Online Certificate Status Protocol (OCSP) server will tell you a X.509 certificate’s ____

Answer 96

status

Question 97

A CA’s revocation data can be found on an _____

Answer 97

ARL (authority revocation list)

Question 98

Are symmetric encryptions stronger per bit than asymmetric encryption?

Answer 98

Yes

Question 99

Lifetime session keys makes Kerberos more vulnerable to ____ attacks

Answer 99

replay

Question 100

Describe the Kerberos authentication steps

Answer 100

1. Client requests authentication from a KDC (key distribution center)
2. When the KDC authenticates the client, it sends the client a ticket-granting-ticket (TGT) and a session key
3. The client decrypts the session key and sends it to the Kerberos ticket granting server (TGS) along with the TGT (which is encrypted with a secret key for that TGS)
4. The TGS uses the TGT and session key to verify the identify of the user
5. Once verified, the TGS sends the user a service ticket (ST) that is encrypted with a key specific to the device that the client wants to access. The TGS also sends the client a second session key.
6. The client sends the ST and second session key to the device the client wants to access.
7. The device then uses the ST and second session key to verify the client has permission to access that device.

Question 101

Kerberos does not by itself require any sort of password complexity and therfore is vulnerable to _____ attacks

Answer 101

password guessing

Question 102

Deploying multiple KDC and TGS in the Kerberos realm mitigates ____

Answer 102

single point of failure

Question 103

Since the Kerberos KDC database stores user’s credentials in a clear text format, it is vulnerable to ______

Answer 103

theft of cached credentials

Question 104

A ___ is another name for a table in a relational database

Answer 104

relation

Question 105

A ___ is another name for a row of data in a relational database

Answer 105

tuple

Question 106

A ___ is another name for a column of data in a relational database

Answer 106

attribute

Question 107

A ____ contains the data within a relational database

Answer 107

cell

Question 108

True or False

Both SSH and FTP are used to transfer files over a network. SSH is secure while FTP sends data in clear text.

Answer 108

True

Question 109

TCP is ____ oriented while UDP is ____ oriented

Answer 109

connection; connectionless

Question 110

Database view contains the results of what?

Answer 110

a database query

Question 111

In system high mode, users must have?

Answer 111

security clearance and access approval that permits access to all info processed by the system

Question 112

In dedicated mode, users must have?

Answer 112

security clearance, access approval, and a valid need to know for all information processed by the system

Question 113

in compartmented mode, users must have?

Answer 113

security clearance

Question 114

In multilevel mode, users must have?

Answer 114

security clearance, access approval, need to know only information they will access on the system, not all info

Question 115

Prevention obfuscation attempts to make a code obscure to _____ by making it hard to decompile code

Answer 115

computers

Question 116

____ obfuscation deals with renaming classes, fields, and methods, replacing them with new identifiers that lack intuitive meaning

Answer 116

Lexical

Question 117

___ obfuscation deals with modifying data and data structures in order to hide what the data is used for or what the structures do

Answer 117

Data

Question 118

___ obfuscation deals with making an application harder to understand or to decompile. ex: grouping unrelated structures

Answer 118

Control flow

Question 119

PDU at network layer

Answer 119

packet

Question 120

PDU at transport layer

Answer 120

segment

Question 121

PDU at data link layer

Answer 121

frame

Question 122

PDU at physical layer

Answer 122

bits

Question 123

Formula for ALE?

Answer 123

ARO x SLE

Question 124

A printer that fails once every 4 years has an ARO of?

Answer 124

0.25 or 25%

1 failure/ 4 years = 0.25 failures per year

Question 125

The frequency at which equipment fails is called the what?

Answer 125

ARO (annual rate of occurency)

Question 126

The cost of one occurrence failure is called what?

Answer 126

SLE (single loss expectancy)

Question 127

The cost to maintain or replace equipment is called what?

Answer 127

ALE (annual loss expectancy)

Question 128

___ investigations attempt to resolve disputes between two parties such as private individuals or corporate entities.

Answer 128

Civil

Question 129

___ investigations are typically conducted by law enforcement personnel and attempt to determine whether a criminal law has been violated. They depend on ‘beyond a reasonable’ doubt standard of proof.

Answer 129

Criminal

Question 130

____ investigations attempt to determine whether an administrative law or industry standard has been violated

Answer 130

Regulatory

Question 131

___ investigations are internal investigations that attempt to determine whether organizational policies or operational procedures have been violated

Answer 131

Administrative

Question 132

A _____ is another name for a hypervisor

Answer 132

VMM (virtual machine monitor)

Question 133

Type __ hypervisors are installed on bare metal servers meaning it is it’s own OS. Because of their proximity to the physical hardware, they tend to perform well.

Answer 133

1

Question 134

Type __ hypervisors are applications installed on host OSs. like Windows, MAC, and Linux. They are easy to deploy and maintain.

Answer 134

2

Question 135

A ____ plane is centralize on the SDN network.

Answer 135

Control

Question 136

The SDN consists of what 3 planes?

Answer 136

application, control, and data

Question 137

A simulation test where employees are relocated to the DRP’s recovery location

Answer 137

parallel test