Random Questions to remember

Question 1

COOP

Answer 1

Continuous Of Operations Plan

Question 2

What are the steps in the cyber kill chain

Answer 2

Reconnaissance,

Weaponization,
Delivery,
Exploitation,
Installation,
Command and Control (C2), and

Actions on Objectives.

Question 3

What is the primary role of the DPO (Data protection Officer)?

Answer 3

The primary role of the data protection officer (DPO) is to ensure that her organization processes the personal data of its staff, customers, providers, or any other individuals (also referred to as data subjects) in compliance with the applicable data protection rules.

They must understand how any privacy information is used within business operations. Therefore, they are the best person for the auditor to interview to get a complete picture of the data usage.

An Auditor may talk to them in regards to understanding how the PII data from a particular database is used within a business.

Question 4

What is SPI (Sensitive Personal Information)

Answer 4

Sensitive Personal Information (SPI). Sensitive personal information (SPI)

is information about a subject’s opinions, beliefs, and nature afforded specially protected status by privacy legislation. As it cannot be used to identify somebody or make any relevant assertions about health uniquely, it is neither PII nor PHI.

Question 5

Which Hashing algorithm results in a 160- bit fixed output?

Answer 5

RIPMED - 160 Bits
NTLM - 128
SHA-2 - 256
MD-5 - 128

Question 6

Methods available to sanitize a hard drive?

Answer 6

Sanitizing a hard drive can be done using Cryptographic erase (CE),
Secure Erase (SE),
Zero-fill, or
Physical destruction.

The cryptographic erase (CE) method sanitizes a self-encrypting drive by erasing the media encryption key and then reimaging the drive.

A secure erase (SE) is used to perform the sanitization of flash-based devices (such as SSDs or USB devices) when cryptographic erase is not available.

The zero-fill method relies on overwriting a storage device by setting all bits to the value of zero (0), but this is not effective on SSDs or hybrid drives, and it takes much longer than the CE method.

“Clear or format” - simple overwriting data once with zeros.

Physical destruction occurs by mechanical shredding, incineration, or degaussing magnetic hard drives.

Question 7

provide an example of a symmetric cryptographic algorithm

Answer 7

AES - Advanced Encryption Standard is a symmetric-key algorithm for encrypting established as an electronic data encryption standard by NIST in 2001. AES can use a 128-bit key and uses a 128- bit block size

RC4
AES
3DES
DES
Twofish

are all symmetric algorithms.

Question 8

Which Technology could allow certain users to only use certain ports in the network, but allow other users full access in the same ports?

Answer 8

Network Access Control

Network Access Control (NAC) uses a set of protocols to define and implement a policy that describes how to secure access to network nodes whenever a device initially attempts to access the network. NAC can utilize an automatic remediation process by fixing non-compliant hosts before allowing network access

Question 9

Provide an example of an asymmetric cryptographic algorithm

Answer 9

PGP - Pretty Good Privacy is an encryption program that provides cryptographic privacy and authentication for data communication.

PGP is used for signing, encrypting, and decrypting texts, emails, files, directories, and whole disk partitions and to increase the security of email communications. PGP is a public-key cryptosystem and relies on an asymmetric algorithm.

GPG,
ECC,
DSA
Diffie helman

are all asymmetric algorithms.250410

Question 10

Which Analysis framework provides a graphical depiction of the attackers approach relative to a kill chain?

Answer 10

The Diamond Model provides an excellent methodology for communicating cyber events and allowing analysts to derive mitigation strategies implicitly.

The Diamond Model is constructed around a graphical representation of an attacker’s behavior. T

Question 11

What is a FM-200

Answer 11

FM-200 is a fire extinguishing system commonly used in data center. When protecting a data center, think always fire first.

Question 12

What File Transfer Protocol negotiates a tunnel before the exchange of any commands?

Answer 12

FTPS - FTPES

Question 13

What Port does DNS Sec use

Answer 13

53 TCP

Question 14

What port or service is likely used in phone calls, email, banking, shopping

Answer 14

HTTPS 443

Question 15

What SSL/TLS version supports Secure Hashing Algorithm - SHA-256 Cipher

Answer 15

TLS 1.2, Thats the primary difference between TLS 1.1 and 1.2 - SSL 3.0 is less secure and it does not support SHA 256

Question 16

Whats a protocol for management and monitoring that supports encryption and have a strong user based authentication

Answer 16

SNMPv3 - older versions send community names in plain text

Question 17

examples where TLS can provide encrypted communication and where it can’t

Answer 17

Can do: Directory services, File transfer, Web

Can’t - Time synchronization

Question 18

Names of mode in which the entire network packet is encrypted

Answer 18

Tunnel mode

Question 19

IPSec Mode in which only the payload is encrypted

Answer 19

Transport mode

Question 20

Which EAP Wireless supports tLS and whic doesn’t

Answer 20

Do: Eap-ttls
Peap
Eap-tls

Leap doesn’t It’s Iightweight.

Question 21

What Does Nist RMF Stand for and what are the steps?

Answer 21

NIST is the National Institute of Standards and Technology. RMF is Risk Management Framework the steps are:

1.- Prepare
2.- Categorize System
3.- Select controls
4.- Implement controls
5.- Assess controls
6.- Authorize system
7.- Monitor Controls

Question 22

Name Types of Government data classification

Answer 22

Confidential
Secret
Top Secret

Question 22

Name Types of Government data classification

Answer 22

Confidential
Secret
Top Secret

Question 23

How do you calculate SLE?

Answer 23

Av * EF

Asset value * exposure factor

Question 24

What are the ste[s In IR Incident Response

Answer 24

Prepration, Identification, Containment, Eradication, Recovery, and lessons learned

Question 25

What is the diference between a playbook and a runbook

Answer 25

A Playbook lists the actions that an organization will take as part of a response process. Playbooks tend to be used to document process

A Runbook lists the steps required to perform an action like notification, removing malware, or similar tasks.
Runbooks tend to be used for specific actions

Question 26

Describe the various classes of fire extinguishers and their uses

Answer 26

Certainly! Here’s a list of fire extinguisher classes A, B, C, D, and K, along with their uses:

Class A Fire Extinguishers:

Use: Designed for fires involving ordinary combustible materials, such as wood, paper, cloth, and plastics.
Examples: Water extinguishers, foam extinguishers.
Class B Fire Extinguishers:

Use: Suitable for fires involving flammable liquids and gases.
Examples: Foam extinguishers, carbon dioxide (CO2) extinguishers, dry chemical extinguishers.
Class C Fire Extinguishers:

Use: Intended for fires caused by energized electrical equipment.
Examples: Carbon dioxide (CO2) extinguishers, dry chemical extinguishers.
Class D Fire Extinguishers:

Use: Designed for fires involving combustible metals, such as magnesium, titanium, potassium, and sodium.
Examples: Specialized dry powder extinguishers for specific metal fires.
Class K Fire Extinguishers:

Use: Specifically designed for fires in commercial kitchens involving cooking oils, fats, and grease.
Examples: Wet chemical extinguishers.

Question 27

What are CAM Tables and what are they for?

Answer 27

Tje Content-Adressable-Memory (CAM) Tables on switches contain a list of all the devices they have talked to and will give someone the best chance of identifying the devices on the network.

Question 28

What is Cuckoo dor the Sec+

Answer 28

Cuckoo is a malware analysis tool used to analyze suspicious files and detect malware. Here are key points to know:

Purpose: Cuckoo is designed to provide detailed information about the behavior of malware samples in a controlled environment.

Sandbox Environment: It creates a virtual sandbox environment to execute the malware safely and observe its activities without affecting the host system.

Dynamic Analysis: Cuckoo monitors and records the actions and interactions of the malware, including network traffic, system calls, registry modifications, and file changes.

Indicators of Compromise (IOCs): Cuckoo helps identify IOCs, such as malicious network connections, file modifications, and changes in system behavior, to assist in threat intelligence and incident response.

Reporting: Cuckoo generates comprehensive reports that include behavioral analysis, network traffic captures, and detected malicious activities.

Integration: Cuckoo can be integrated with other security tools, such as antivirus scanners, intrusion detection systems (IDS), and threat intelligence platforms.

Limitations: While Cuckoo is a powerful tool, it has limitations. It may not be able to analyze sophisticated or heavily obfuscated malware. Additionally, attackers may design malware to detect and evade sandbox environments.

Question 29

What is Exiftool?

Answer 29

ExifTool is a powerful command-line tool used for reading, writing, and manipulating metadata in various file formats, particularly image and multimedia files. Here are key points to know:

Purpose: ExifTool allows examination and modification of metadata, which includes information about the file itself, the device or software used to create it, and other details.

Supported File Formats: ExifTool supports a wide range of file formats, including image formats (JPEG, PNG, TIFF), audio formats (MP3, WAV), video formats (MP4, AVI), and document formats (PDF, DOCX).

Metadata Extraction: ExifTool can extract a broad range of metadata, such as camera make and model, date and time of creation, geolocation information, camera settings, software details, and more.

Metadata Modification: ExifTool allows modification of metadata, enabling users to update or remove specific metadata fields from files.

Batch Processing: ExifTool supports batch processing, allowing users to apply metadata operations to multiple files simultaneously, which is useful for automating repetitive tasks.

Integration: ExifTool can be integrated into scripts or used in conjunction with other tools for enhanced metadata manipulation and analysis.

Limitations: While ExifTool is a versatile tool for working with metadata, it does not analyze the content of files or provide deep forensic analysis. It focuses primarily on metadata extraction and manipulation.

Understanding ExifTool and its capabilities is important for handling metadata in various file formats, performing forensic investigations, and managing digital assets.

Question 30

What is Netcat? or NC?

Answer 30

Netcat, also known as “nc,” is a versatile networking utility used for reading from and writing to network connections. Here are key points to know:

Purpose: Netcat is primarily used for network troubleshooting, port scanning, transferring files, and establishing network connections.

Connection Modes: Netcat supports multiple connection modes, including client mode, server mode, and a combination of both (sometimes referred to as “listener” mode).

Port Scanning: Netcat can be used to perform basic port scanning by attempting to establish connections with target hosts on specific ports to determine their availability.

File Transfer: Netcat allows file transfer between systems using various protocols, such as TCP or UDP. It can be used to send and receive files over the network.

Remote Shell: Netcat can be used to establish a remote shell on a target system, enabling command execution and interaction with the remote machine.

Banner Grabbing: Netcat can retrieve banner information from network services, helping to identify the operating system, service version, or other details.

Reverse Shells: Netcat enables the creation of reverse shells, allowing remote access to a target machine by establishing a connection initiated from the target to the attacker’s system.

Limitations: While Netcat is a powerful tool, it lacks encryption and authentication mechanisms, making it insecure for transmitting sensitive data over untrusted networks.

Question 31

What benefit does symmetric encryption have over asymmetric encryption?

Answer 31

Symmetric Encryption is faster.
Key Distribution is more challenging with Symmetric Key - 1 to one needed.

Question 32

What is Entropy

Answer 32

Entropy is a measure of uncertainty. - It’s a key element in a Pseudo - Random Number Generators (PRNG) -
Some PRNG - relies on input from keyboards or mice to have a source of entropy data

Question 33

What are RFC’s and what are they for?

Answer 33

RFCs or “Request for comment” are how internet protocols are defined and documented.

Question 34

What is CER ?

Answer 34

Cross-over Error Rate - is where the False Acceptance Rate and the False Rejection Rate cross over.

Question 35

What are Stored Procedure?

Answer 35

Widely used in many database management systems to contain SQL The Database Administrator, creates the various SQL statements that are needed in that business, and then programmers can simply call the stored procedures.

Question 36

What is Protected Cable Distribution?

Answer 36

Protected Cable Distribution uses controls such as electrical, electromagnetic and even acoustic or air pressure sensors to ensure that cables and distribution infrastructure are not accessed, allowing sensitive information to be transmitted Unencryped form. The Us Government identifies three options: Hardened carrier, alarmed carrier, and continuously viewed protected distribution system.

Question 37

What type of Access controls does Windows and Linux use?

Answer 37

Discretionary Access Control

Question 38

Regarding ABAC Access controls which is an issue that is specific to ABAC that may cause it to incorrectly reject logins?

Answer 38

Geographic location

Question 39

Whats the best way to secure NTP (Network Time protocol)

Answer 39

SSH Tunneling

Question 40

What’s the difference between a stateful and stateless firewall

Answer 40

stateless firewall filters individual packets based on their attributes, while a stateful firewall maintains knowledge about active connections to make more informed decisions about allowing or blocking traffic.

Stateful firewalls are generally more advanced and capable of providing better network security compared to stateless firewalls.

Question 41

What was CHAP authentication protocol designed for?

Answer 41

to sop session hijacking
PReventsa replay attacks
It’s better than PAP
Not as good as EAP or EAP-TLS EAP-PEAP

Question 42

wHAT IS Tacacs+

Answer 42

ertainly! TACACS+ (Terminal Access Controller Access Control System Plus) is an authentication, authorization, and accounting (AAA) protocol used to control access to network devices. Here’s a concise overview of TACACS+ for your Security+ certification:

AAA Protocol: TACACS+ is an AAA protocol used to manage user access to network devices, such as routers, switches, and firewalls.

Separation of Functions: TACACS+ separates authentication, authorization, and accounting into distinct phases, allowing for more flexibility and security in network access control.

Encryption: TACACS+ encrypts the entire authentication process, ensuring that sensitive information like usernames and passwords remain secure during transmission.

Remote Authentication: TACACS+ allows centralized authentication, which means user credentials are verified by a TACACS+ server. This centralized approach streamlines management and security.

Authorization: After authentication, TACACS+ can also handle authorization, specifying the level of access and the commands a user is allowed to execute on the network device.

Accounting: TACACS+ provides accounting functionality, which allows the tracking and recording of user activities on network devices. This is crucial for audit trails and security analysis.

Vendor-Neutral: TACACS+ is vendor-neutral, meaning it can be used with devices from various manufacturers.

Enhanced Security: TACACS+ offers improved security compared to its predecessor, TACACS, by using encryption and providing more extensive control over access permissions.

TCP Port 49: TACACS+ typically uses TCP port 49 for communication between the client (network device) and the TACACS+ server.

Common Alternatives: While TACACS+ is prevalent in Cisco environments, RADIUS (Remote Authentication Dial-In User Service) is another popular AAA protocol widely used in many other networking scenarios.

Remember that TACACS+ is widely used for network device management, but its implementation and usage may vary across different organizations. Understanding its principles will help you grasp the fundamentals of network access control and security.

Question 43

Describe EAP-TLS (Transport Layer Security):

Answer 43

Provides strong security by using digital certificates to authenticate both the client and the server. Requires the deployment and management of certificates.

Question 44

Describe EAP-PEAP

Answer 44

Protected Extensible Authentication Protocol): Encapsulates EAP within a TLS tunnel, providing encryption for the authentication process. Simplifies certificate management, as only the authentication server requires a certificate.

Question 45

EAP-TTLS

Answer 45

(Tunneled Transport Layer Security): Also encapsulates EAP within a TLS tunnel but allows for a variety of authentication methods within the inner tunnel. Simplifies the migration from insecure legacy systems.

Question 46

EAP-MD5

Answer 46

(Message Digest 5): Simple EAP method that uses MD5 for hashing passwords. Not recommended for use due to its vulnerability to password cracking attacks.

Question 47

What is 801.1x ?

Answer 47

802.1X is an IEEE standard for network access control that provides port-based authentication. It allows the network to authenticate users or devices before granting access. Several EAP (Extensible Authentication Protocol) based protocols can be used with 802.1X. Here’s a concise overview of the EAP-based protocols for your Security+ certification:

EAP-TLS (Transport Layer Security): Provides strong security by using digital certificates to authenticate both the client and the server. Requires the deployment and management of certificates.

EAP-PEAP (Protected Extensible Authentication Protocol): Encapsulates EAP within a TLS tunnel, providing encryption for the authentication process. Simplifies certificate management, as only the authentication server requires a certificate.

EAP-TTLS (Tunneled Transport Layer Security): Also encapsulates EAP within a TLS tunnel but allows for a variety of authentication methods within the inner tunnel. Simplifies the migration from insecure legacy systems.

EAP-FAST (Flexible Authentication via Secure Tunneling): Combines elements of EAP-TLS and EAP-TTLS, providing a secure tunnel for credentials exchange. Designed for fast deployment and works well in low-resource environments.

EAP-MD5 (Message Digest 5): Simple EAP method that uses MD5 for hashing passwords. Not recommended for use due to its vulnerability to password cracking attacks.

EAP-SIM (Subscriber Identity Module): Primarily used in cellular networks, it enables devices to use the SIM card for authentication.

EAP-AKA (Authentication and Key Agreement): Similar to EAP-SIM but used in 3G and 4G cellular networks, providing mutual authentication between the device and the network.

EAP-GTC (Generic Token Card): Allows for a wide range of authentication methods, typically used in token-based systems.

When deploying 802.1X, the choice of EAP-based protocol will depend on the specific security requirements, ease of deployment, and compatibility with the network infrastructure and devices.

Question 48

Wawa