Quantum Review

Question 1

What is another term for a hash

Answer 1

One-way cryptograhpy

Question 2

True or false IVs are commonly used in hashing or one-way cryptography

Answer 2

False, IVs are typically used for standard encryption

Question 3

Which if the CIA Triad are the most important for ICS and OT Environments

Answer 3

Availability, because of the potential for harm and loss of life. If you cannot access an OT system, tehre could be a catastrophe

Question 4

How can you mitigate detected XSS vulnerabilities

Answer 4

Output encoding, and escaping special characters - When you add a special character that affects how a string is interprereted, you can essentially mitigate the possiblity of code being executed by client browsers

Question 5

What would the act of inserting untrusted data into a webpage best describe

Answer 5

Possible XSS. This could be through stored forms like a forum, or though manipulating the code stored in a website itself.

Question 6

What is a main concern for many companies when deciding whether or not to archive or remove data

Answer 6

Data Retention Policy. When a company is sorting through old data assets, this is likley their top priority

Question 7

True or False SOC 2 reports validate Security Controls

Answer 7

False, SOC 2 reports on Technical controls

Question 8

True or False A pentest will test security controls, and a lack thereof, by safeley trying to exploit vulnerabilites

Answer 8

True

Question 9

What is the purpose of a risk assessment

Answer 9

To determine what risks the organization exist, and then to determine what controls, if any to deploy

Question 10

What is the first step to developing as SAT?

Answer 10

Understand the security posture. You need to understand the current weaknesses, vulnerabilities, and security issues to tailor the SAT to maximly benefit the org

Question 11

What is proveneance for evidence

Answer 11

The history of the evidence, including how it was colelcted, handled, and the chain of custory.

Ensuring the COC is properly documented is important.

Question 12

What is the difference between data didling and a salami attack

Answer 12

Data Diddling is an incremental attack where an attacker makes small random changes to hide their actvitiy

Salam attacks are when small transactions deduct tiny amounts of money from different accounts.

Question 13

What is a policy

Answer 13

High level document that help guide decisions for senior management to make informaed decisions about the organization

Question 14

Wat is a mission statement

Answer 14

A formal summary of the goals of an ORG

Question 15

What layer of the OSI model does Eavesdropping occur?

Answer 15

Data-Link Layer

Question 16

What layer of the OSI Model Do Trogans occur

Answer 16

Layer 7 - app layer

Question 17

What layer of the model do Worms Exist

Answer 17

Layer 7

Question 18

What layer of the OSI model do Fraggle attacks occur

Answer 18

Layer 5 - Transport

Question 19

True or false, Rainbow tables are .txt files

Answer 19

False, they are databases containing hashes and the value used to generate that hash.

Question 20

What is the next step following a risk assessment, risk and risk treatment for risk identified in the previous step

Answer 20

Perform risk assessment, the process is never complete, and you need to evaluate what you put in place is treated

Question 21

Describe the sutherland Model

Answer 21

Focuses on preventing interference in order to ensure the integrity of data. Is used to prevent attacks like covert channels. Biba, Bell Lapadula, and Take-Grant do not prevent covert channels

Question 22

What are the first 3 steps in E-Discovery

Answer 22

• Information Goverance - Ensure information is well organized
• Identification - Locate information covered by a discovery request
• Preservation - Protect discoverable information against deletion or alteration

Question 23

What are the three steps following Preservation

Answer 23

• Collection - Gather info centrally for discovery
• Process - Sceen ollected infomration to filter out unecessary info prior to review
• Analysis - Deep inspection of content and context of remaining infomration

Question 24

What are the final 2 steps to e-discovery

Answer 24

• Production - Places information into a form that can be shared
• Presentation - Displays information to people

Question 25

What does ISO 270001 provide

Answer 25

The framework for establishing, implementing, maintianig, and continously improving an ISMS.

Question 26

Whare are the domains of 270001

Answer 26

Physicial Sec, Access Control, Risk Assessment, Incident Management.

Question 27

True or False Two Person Control is the same as SOD

Answer 27

False, Dual control is requiring two people in order to do a specific task Seperation of duties splits work functions and actions up between different people so that one person isn't doing all the work

Question 28

What items are you typically going to audit durring an account management assessment

Answer 28

You will likley begin with Highly Privelged accounts, then move on to a random sample of the larger population. Accounts that have been around longer are likley to have privilege creep

Question 29

What does the hearsay rule establish

Answer 29

You cannot testify in court about something someone told you. HOWEVER, computer logs and how they were collected are exempt from this rule.

Question 30

True or False, KRIs can be used to provide real-time incident response information

Answer 30

False, they are for risk planning and risk perceptions, not designed for real time IR

Question 31

True or False Trojans have built in propogation methods

Answer 31

False, Worms have propogation methods that require no user interaction to spread.

Question 32

True or False, Syslog uses priority level for the level of logging

Answer 32

False, it is called the secverity level. This outlines the level of logging that will be forwarded.

Question 33

Describe Raid 0

Answer 33

Improves read/write performance through disk striping, but doesn’t offer redundancy

Question 34

Describe Raid 1

Answer 34

Provides redundancy through disk mirroring. Contain two physical disks. Each disk contains copies of the same data, and either one may be used in the event the other disk fail

Question 35

Describe RAID 5

Answer 35

Offers better storage efficiency with distributed parity. commonly used because it balances resilience and efficiency of storage space

Question 36

Describe Raid 10

Answer 36

Combines mirroring (RAID 1) and striping (RAID 0) for both performance and redundancy.

Question 37

Desceibe RAID 0

Answer 37

RAID 0 uses two disks as a single volume, allowing for an increase in speed but a decrease in reliability

Question 38

What type of authenticator generates dynamic passwords using time‐ or algorithm‐based methods?

Answer 38

Tokens are hardware devices (something you have) that generate a one‐time password (OTP) based on time or an algorithm

Question 39

What is the formula for determining the number of encryption keys required by a symmetric algorithm

Answer 39

((n*(n − 1))/2). With six users, you will need ((6*5)/2), or 15 keys.

Question 40

What is the name of an SMTP Server that doesn't authenticate prior to relaying a message

Answer 40

Open Relay

Question 41

True or False, an Emergency Response Guidline will include Long Term actions

Answer 41

False, The emergency response guidelines should include the immediate steps an organization should follow in response to an emergency situation

Question 42

What interfaces are typically tested durring software testing

Answer 42

APIs, UIs, and physical interfaces

Question 43

What two factors does Accountability rely on

Answer 43

Identification and authentication

Question 44

What layer of the OSI model does eavesdropping occur at

Answer 44

The Data-Link Layer

Question 45

What are some characteristics of the waterfall method

Answer 45

7 steps, allows for going back to previous step. Each phase must be completed before the next step.

Question 46

True or False, the waterfall methodology is good for projects that have little up front planning

Answer 46

False, WF methodoffers limited flexibility for changes once the project has started. It’s well suited to projects that require heavy upfront planning

Question 47

What are the first steps of the waterfall method

Answer 47

System Requirements Software Requirements Preliminary Design

Question 48

What step of the waterfall method follows Preliminary Desgin

Answer 48

Detailed Design Code and Debug Testing Ops and Maintentence

Question 49

What are the four principles to Agile

Answer 49

Individuals and Interactions over processes and tools Working software over comprehensive documentation Cutomer collaboration over contract negotiation Responding to change over folling a plan

Question 50

What is SAFe

Answer 50

Scaled Agile - Builds on Agile by fostering: Cooridnation accross teams Strategic Alignment with the orgs objectives Emphasizes qualit Archetectula Syncrhronization Lean-Agile Leadserhip

Question 51

An attacker compromises a KDC and is then able to generate a forged TGT, What attack has occured?

Answer 51

Goldent Ticket

Question 52

An attacker steals a valid Kerberos ticket and uses it for authentication in place of a password, what has occured

Answer 52

Pass the ticket attack

Question 53

An attacker brute forces a service ticket, what Kerberos Authentication do they circumvent by doing this, and what is this attack called

Answer 53

Silver ticket - They bypass the need for a ticket granting ticket

Question 54

An attacker makes use of Service Principle Names and attempts to crack the encypted portion of the ticket offline. What might they gather, and what is the name of this attack

Answer 54

Kerberoasting - They can get the service account password

Question 55

An attacker converted a stolen NTLM hash into a full kerberos ticket. What is this exploit called

Answer 55

Overpass-the-hash

Question 56

If you wanted an internationally recognized framwork for Supply chains and management systems, which iso standard would work

Answer 56

ISO 28000

Question 57

If you wanted an internationally recognized risk manamgement framework, which ISO standard would you adopt

Answer 57

ISO 31000

Question 58

If you wanted an internationally recognized Business Continuity Planning Framework, which ISO Standard could you adopt

Answer 58

ISO 22301

Question 59

What NIST Standard defines the NIST RMF

Answer 59

800-53