Practice Exam 2 Flashcards
(25 cards)
Which of the following terms describes the process of identifying differences between an organization’s current security posture and its desired security posture?
Answer: Gap analysis.
What is Gap Analysis:
Identifies gaps between current and desired security posture
Helps prioritize improvements and reduce risk
Used in planning and compliance efforts
Quick Explanation:
Gap analysis shows what’s missing so the organization can take action to improve security.
Memory Tip:
“Gap Analysis = Find what’s missing.”
(From where you are to where you need to be.)
The term “Zero Trust security” refers to a cybersecurity model that eliminates implicit trust from networks and requires all users and devices to be continuously verified before being granted access to resources. The implementation of the Zero Trust security involves two distinct components: a Data Plane, responsible for defining and managing security policies, and a Control Plane, responsible for enforcing the security policies established by the Data Plane.
Answer: False.
What Zero Trust Security is:
No implicit trust — always verify users/devices
Continuous authentication & authorization
Trust is earned, not assumed — even inside the network
False Statement Clarified:
The Control Plane defines and manages policies, while the Data Plane enforces them — the statement reversed their roles.
Memory Tip:
“Zero Trust = Always verify. Trust nothing, verify everything.”
(And remember: Control = policy, Data = enforcement.)
Which of the answers listed below refers to a Zero Trust Control Plane security approach that takes into account user identity, device security, network conditions, and other contextual information to enable dynamic access decisions?
Answer: Adaptive identity
What is Adaptive Identity in Zero Trust:
Part of the Control Plane
Considers user identity, device health, location, network conditions, etc.
Enables real-time, dynamic access decisions based on context
Quick Explanation:
Adaptive identity ensures access is continuously evaluated using multiple risk factors — not just login credentials.
Memory Tip:
“Adaptive = Smart access control.”
(It adjusts based on who you are, what you’re using, and where you are.)
What are the key components of the Zero Trust Control Plane’s Policy Decision Point (PDP)? (Select 2 answers)
Answer: Policy Engine (PE) and Policy Administrator (PA).
Policy Engine (PE) – makes the decision to allow or deny access
Policy Administrator (PA) – coordinates between PE and enforcement points
Memory Tip:
“PDP = Think & Command”
(PE = Think | PA = Command | PEP = Act)
In the Zero Trust security architecture, the Policy Enforcement Point (PEP) is a Data Plane component that enforces the security policies defined at the Control Plane by the Policy Decision Point (PDP).
Answer: True.
What the role of the PEP in Zero Trust is:
True – PEP is part of the Data Plane
It enforces access decisions made by the Control Plane (PDP)
Works at the point of access (e.g., network device, app gateway)
Quick Explanation:
PEP acts on instructions from the Policy Administrator and allows or blocks access based on policy.
Memory Tip:
“PEP = Policy Gatekeeper”
(It lets traffic in or stops it, based on PDP’s decision.)
An access control vestibule (a.k.a. mantrap) is a physical security access control system used to prevent unauthorized users from gaining access to restricted areas. An example mantrap could be a two-door entrance point connected to a guard station wherein a person entering from the outside remains locked inside until he/she provides authentication token required to unlock the inner door.
Answer: True.
True – It’s a two-door system to prevent tailgating and unauthorized access
Often monitored or controlled by a guard or authentication system
Only one door opens at a time to control entry
Quick Explanation:
A mantrap adds a layer of physical security by forcing step-by-step identity verification.
Memory Tip:
“Mantrap = Two doors, one check.”
(You’re stuck in the middle until verified.)
Which of the following statements about honeypots are true? (Select 2 answers)
Answer: Honeypots mimic real systems to attract cyber attackers and Honeypots contain apparent vulnerabilities that are closely monitored by a security team.
Mimic real systems to lure attackers
Contain fake vulnerabilities that are monitored by security teams
Quick Explanation:
Honeypots are decoys designed to attract attackers, observe their behavior, and learn about threats without risking real systems.
Memory Tip:
“Honeypot = Fake target, real insight.”
(Catches bad actors while protecting real assets.)
What is a honeynet in the context of cybersecurity?
Answer: A network of honeypots.
A network of multiple honeypots
Used to simulate a full environment to attract and study attackers
Helps security teams analyze attack patterns and tools
Quick Explanation:
A honeynet provides a broader, more realistic target for attackers, giving defenders deeper insights.
Memory Tip:
“Honeynet = Honeypots working together.”
(A web of traps for better threat intelligence.)
Which of the answers listed below refers to a honeynet example?
Answer: A network of fake websites, A network of fake servers, A network of fake databases, and A network of fake file shares.
Fake websites
Fake servers
Fake databases
Fake file shares
Quick Explanation:
A honeynet uses various decoy systems to mimic a real network, trick attackers into engaging, and log their behavior.
Memory Tip:
“Honeynet = Fake network, real data on threats.”
(It’s like a trap city made of fake buildings.)
A honeyfile can be any type of file (e.g., a document, email message, image, or video file) containing real user data intentionally placed within a network or system to attract potential attackers or unauthorized users.
Answer: False.
What is a honeyfile:
False – A honeyfile does not contain real user data
It’s a decoy file meant to attract and detect unauthorized access
Used to trigger alerts if accessed or exfiltrated
Quick Explanation:
Honeyfiles are fake but convincing files (e.g., “passwords.doc”) designed to bait attackers without exposing real data.
Memory Tip:
“Honeyfile = Fake file, real trap.”
(Never real data—just a lure to catch intruders.)
A honeyfile can be used for:
Answer: Attracting cyber attackers, Triggering alerts when accessed, and Monitoring network activity.
Attracting cyber attackers
Triggering alerts when accessed
Monitoring attacker activity on the network
Quick Explanation:
Honeyfiles serve as decoys to detect and track unauthorized access early.
Memory Tip:
“Honeyfile = Bait + Alarm + Watch.”
(Catches attackers and lets you know.)
What is a honeytoken?
Answer: A unique identifier that is designed to track attackers.
A unique, fake identifier or data piece
Used to track or detect attackers if accessed or used
Can be a fake username, database entry, or file
Quick Explanation:
Honeytokens act as bait data to alert security teams when attackers try to use or steal them.
Memory Tip:
“Honeytoken = Fake key to catch the thief.”
(Triggers alerts when tampered with.)
Which of the following should not be used as honeytokens? (Select all that apply)
Answer: Active user account credentials and Actual URLs to live websites or resources.
Quick Explanation:
Using real accounts or live resources as honeytokens can expose real systems to risk if accessed or abused.
Memory Tip:
“Honeytokens = Fake only, never functional.”
(Don’t risk real assets!)
A process used by organizations to assess and evaluate the potential impact of disruptive incidents or disasters on their critical business functions and operations is referred to as:
Answer: BIA (business impact analysis).
What is BIA (Business Impact Analysis):
A process to assess the impact of disruptions on business functions
Identifies critical systems and prioritizes recovery steps
Helps estimate downtime tolerance and potential losses
Quick Explanation:
BIA helps organizations plan for and recover from outages or disasters effectively.
Memory Tip:
“BIA = What breaks, how bad, and how fast to fix.”
(Essential for continuity planning.)
A hierarchical system for the creation, management, storage, distribution, and revocation of digital certificates is known as:
Answer: PKI (public key infrastructure)
What is PKI (Public Key Infrastructure):
A hierarchical system for managing digital certificates
Handles creation, storage, distribution, and revocation
Uses a Certificate Authority (CA) to verify trust
Quick Explanation:
PKI enables secure communication and identity verification using encryption and digital signatures.
Memory Tip:
“PKI = Trust tree for digital keys.”
(It builds and manages secure identities.)
Which of the answers listed below best describes the characteristics of a public-private key pair?
Answer: A pair of keys where one is used for encryption and the other for decryption.
What best describes a public-private key pair:
A matched pair of cryptographic keys
One key encrypts, the other decrypts
Public key is shared; private key is kept secret
Quick Explanation:
Used in asymmetric encryption, this key pair ensures confidentiality, integrity, and authenticity in secure communication.
Memory Tip:
“Lock with one, unlock with the other.”
(Public to lock, private to unlock.)
What is the typical use of a public key?
Answer: Data encryption.
Used for data encryption
Shared openly to let others securely send info
Also used to verify digital signatures
Quick Explanation:
The public key lets anyone encrypt data, but only the holder of the private key can decrypt it.
Memory Tip:
“Public locks it, private unlocks it.”
(Public key = encryption tool)
Key escrow is a cryptographic technique that enables storing copies of encryption keys with a trusted third party. A Recovery Agent (RA) is a trusted third party (an individual, entity, or system) who is authorized to assist in the retrieval of encryption keys and data on behalf of the data owner. Key escrow and RA are both used to ensure that encrypted data can be decrypted even if the data owner loses access to their encryption key. Since key escrow and RAs are both components of a single security solution, the only way to implement key escrow systems is with the use of RAs.
Answer: False.
Q: Is using a Recovery Agent the only way to implement key escrow?
Key Points:
Key escrow = Storing encryption keys with a trusted third party
Recovery Agent (RA) = A person or entity authorized to retrieve keys
Other escrow methods exist that don’t rely on RAs (e.g., automated systems, hardware modules)
Quick Explanation:
While RAs are commonly used in key escrow systems, they’re not the only method for implementing them.
Memory Tip:
“Escrow ≠ RA only — it’s just one way.”
Which of the following answers refers to a data storage device equipped with hardware-level encryption functionality?
Answer: SED (self encrypting drive).
Q: What is a Self-Encrypting Drive (SED)?
A storage device with built-in hardware encryption
Encrypts/decrypts data automatically with no user action
Often uses a password or key to unlock the drive
Quick Explanation:
SEDs protect data at rest by ensuring everything written to the drive is encrypted by default, with minimal performance impact.
Memory Tip:
“SED = Storage with built-in shield.”
(Encryption is always on, behind the scenes.)
Which of the answers listed below refers to software technology designed to provide confidentiality for an entire data storage device?
Answer: FDE (full disk encryption).
Q: What is Full Disk Encryption (FDE)?
Software-based encryption for the entire storage device
Protects all data at rest, including system and temp files
Requires authentication (e.g., password or key) to boot/access
Quick Explanation:
FDE encrypts everything on a disk so that unauthorized users can’t access any data without the correct credentials.
Memory Tip:
“FDE = Freezes the whole disk until unlocked.”
(Total protection from boot-up to shutdown.)
An MS Windows component that enables encryption of individual files is called:
Answer: EFS (encrypting file system).
File-level encryption on NTFS drives
Built into Windows (Pro & Enterprise)
Encrypts individual files/folders (not entire drive)
Uses user-specific certificates for access
Encryption is transparent to authorized users
Helps protect data if device is lost/stolen
Supports recovery agents in case of key loss
Memory Tip:
EFS = Encrypt Files Specifically (not full disk)
Which of the following software application tools are specifically designed for implementing encryption algorithms to secure data communication and storage? (Select 2 answers)
Answer: GPG (GNU privacy guard) and PGP (pretty good privacy).
Q: What are GPG and PGP used for?
Software tools for encrypting data
Secure communications and file storage
Use public-key cryptography (asymmetric encryption)
Protect data confidentiality and authenticity
Quick Explanation:
Both GPG and PGP help users encrypt and sign emails, files, and messages to keep data private and verify the sender.
Memory Tip:
“GPG/PGP = Privacy guards for your data.”
What is the name of a network protocol that secures web traffic via SSL/TLS encryption?
Answer: HTTPS
Q: What is HTTPS?
Network protocol for secure web traffic
Uses SSL/TLS encryption to protect data
Ensures confidentiality, integrity, and authentication
Commonly seen as “https://” in URLs
Quick Explanation:
HTTPS encrypts data between your browser and website to prevent eavesdropping or tampering.
Memory Tip:
“HTTPS = Secure HTTP.”
(Lock icon means your data is safe.)
Which of the answers listed below refers to a deprecated TLS-based method for secure transmission of email messages?
Answer: SMPTS
Q: What is SMPTS?
Deprecated method for secure email transmission
Uses TLS encryption over SMTP protocol
Replaced by more modern, secure methods
Quick Explanation:
SMPTS tried to secure emails by wrapping SMTP with TLS but is now outdated and less used.
Memory Tip:
“SMPTS = Old secure email method (deprecated).”
