Part 2 Of Exam 1

Question 1

Plaintext encryptionciphertextdecryptionplaintext

*one key for encryption and decryption

Answer 1

Encryption and decryption

Question 2

Plaintextencryption[public key]ciphertextdecryption[private key]plaintext

Answer 2

Public key cryptography

Question 3

Original textsigning[private key]signed text verifying[public key]verified text

Answer 3

Digital signatures

Question 4

Has public key value

Then: holder’s unique name (DN), issue’s unique name, version of cert. format, certificate serial number, signature algorithm identifier (for certificate issuer’s signature), certificate issuer’s name (the certification authority), validity period (start/expiration dates/times) and extensions

Certification Authority’s digital signature from certification authority’s private key/root of CA certificate

Answer 4

Digital certificates

Question 5

is an anonymous, decentralized virtual currency
Online drug market where bitcoin is the standard currency
______ is exchanged peer-to-peer

Answer 5

Bitcoin

Question 6

a data file containing private crypto keys to the attacker

Answer 6

Wallet

Question 7

______ on the standard file location for a Bitcoin wallet

Answer 7

Trojan

Question 8

Client computer [browser, HTML, JavaScript]HTTPWeb Server [Apache, HTML, PHP and SQL]

Answer 8

Client server

Question 9

WOT

Answer 9

Web of trust

Question 10

Fake MP3 _____ Detected on 27% of PCs

The malicious media files appear to be either MP3 audio files or MPEG video files and can be found on file-sharing services McAfee believes they were placed there by cybercriminals

Prompted to download a file called PLAY MP3.exe

In the end you’re left with a fake MP3 file taking up space, a worthless MP3 player adware that claims not only to display popups, but also to block them, and more adware that successfully displays popup and popular ads.

Answer 10

Trojan

Question 11

nodes are encrypted and are routed through other nodes to make it extremely difficult to determine who is requesting the info and what its content is.
Users contribute to the network by giving bandwidth and a portion of their hard drive… for storing files
Files are encrypted, so generally the user cannot easily discover what is in his datastore, and hopefully can’t be held accountable for it
Chat forums, websites, and search functionality, are all built on top of this distributed data store.

Answer 11

Freenet

Question 12

Without app sandbox all user data, the app and all system resources have unrestricted access to each other
With app sandbox: the app is quarantined so it does not have access to user data and system resources.

Answer 12

Sand boxing

Question 13

File is divided into segments called pieces. Each peer receives a new piece of the file it becomes a source of that piece for other peers. So the original piece doesn’t have to send itself to every computer who wants it. The task of distributing the file is shared by those who want it

Answer 13

BitTorrent

Question 14

a special software that interfaces the major hardware components of your computer with the operating system

Answer 14

BIOS

Question 15

a technique of loading a program into a computer by means of a few initial instructions that enable the introduction of the rest of the program from an input device

Answer 15

Bootstrap

Question 16

BIOS #1

Is configuration data read by BIOS

Answer 16

CMOS (complementary metal oxide semiconductor) Setup

Question 17

BIOS #2

POST

Answer 17

power-on self test

Question 18

BIOS steps #3

Answer 18

Determine which devices are bootable (USB vs. hard drive)

Question 19

BIOS checks information and stores it in

Answer 19

tiny (64 bytes) amount of RAM on a complementary metal oxide semiconductor (CMOS)

Question 20

translators between the hardware components and the operating system

Answer 20

Interrupt handlers

Question 21

this certification is for people just getting into the field

Answer 21

Security+

Question 22

for serious, dedicated information security professionals who intend to stay in the field and grow

$110,342
For security managers and professionals who develop policies and procedures in information security. Gold standard in information security certifications

Answer 22

CISSP (Certified Information Systems Security Professional)

Question 23

-$80,066
Network security, compliance and operational security, threats and vulnerabilities, access control and identity management, cryptography and application, and data and host security. Candidates will also be tested on their knowledge of security concepts, tools, and procedures to react to security incidents

Answer 23

CompTIA Security+

Question 24

True

Information security (protection of info and info systems from unauthorized access, use, disclosure, disruption, modification or destruction in order to provide confidentiality, integrity and availability) is a bubble inside of information assurance (measures that protect and defend information and info systems by ensuring their availability, integrity, authentication, confidentiality and on-repudiation).

Answer 24

T

Question 25

Risk identificationrisk analysisrisk planningrisk monitoring[back to] risk analysis >list of potential risks >prioritized risk list >risk avoidance and contingency plans >risk asses. [last row are all products]

Answer 25

Risk management process

Question 26

are specific, measurable steps that can be taken to meet the goal

Answer 26

Objective

Question 27

an overarching principle that guides decision making

Answer 27

Goal

Question 28

an algorithm or hash (a number derived from a string of text) that uniquely identifies a specific virus

Answer 28

Signature

Question 29

similar to signature scanning, except that instead of looking for specific signatures, heuristic scanning looks for certain instructions or commands within a program that are not found in typical application programs.

Answer 29

Heuristic scanning

Question 30

file emulation allows the file to run in a controlled virtual system (or sandbox) to see what it does. If the file acts like a virus it’s deemed a virus

Answer 30

Sandbox testing

Question 31

occurs when you manipulate or trick a person into weakening the security of an organization. To be successful, an attacker needs the employee to violate policies is more economical for the hacker than trying to break through an automated control like a firewall One characteristic all humans share is that they make mistakes from 1) carelessness, 2) lack of knowledge, or 3) inadequate oversight or 4) training.

Answer 31

Social engineering

Question 32

the practice of presenting oneself as someone else in order to obtain private information

Answer 32

Pretexting

Question 33

any item that has value (could be organizational or personal)

Answer 33

Asset

Question 34

a wannabe hacker, a person of any age with little or no skill (can buy tutorials and programs off of the black web).

Answer 34

Script key

Question 35

Policy: (SANS -has suggested 27 policies) a document that states how the organizations is to perform… Standard: (from higher up) established and proven norm… Procedure: (more detailed than policy) steps required… Guideline: suggested but optional…

Answer 35

Policy framework

Question 36

software that identify the base hardware components such as keyboard, mouse, hard drive

Answer 36

Device drivers