Sec+ Review

Question 1

Name the 4 control categories

Answer 1

1. Technical
2. Managerial
3. Operational
4. Physical

Question 2

What are the 6 control types

Answer 2

1. Preventative
2. Deterrent
3. Detective
4. Corrective
5. Compensating
6. Directive

Question 3

What is the CIA triad

Answer 3

Confidentiality
Integrity
Availability

Question 4

What is non- repudation

Answer 4

Prevents denial of actions

Question 5

What upholds non- repudation

Answer 5

Digital sigs
Audit trails
Access control

Question 6

What is AAA

Answer 6

Authentication
Authorization
Accounting

Question 7

What is RADIUS

Answer 7

Remote authentication dial- in user service. Protocol to manage AAA for users to connect to a network.

Question 8

5 stages of gap analysis

Answer 8

1. Current assessments
2. Benchmarking
3. Identification where things fall short
4. Prioritization
5. Remediation

Question 9

Zero trust control plane

Answer 9

Uses subject/identity with company policy, threat intelligence data to decide access

Question 10

What are the Data plane zones

Answer 10

1. Implicit trust zone - trust assumed
2. Internal network zone - lan
3. Dmz - screened subnet
4. External network

Question 11

What does a honeypot do

Answer 11

Find attack methods

Question 12

What does a honey file do

Answer 12

Lures attackers and sets off alarms

Question 13

What is a honey tolken

Answer 13

Easily tracked dummy data

Question 14

Fake info

Answer 14

Black hole of fake info

Question 15

Change management considerations

Answer 15

Change advisory board
Approval process
Ownership
Stakeholders
Impact analysis
Yesterday results
Blackout plan
Maintenance windows
Sop’s
Tech implications
Documentation

Question 16

4 Cryptographic tools for securing data

Answer 16

Obfuscation
Hashing
Signatures
Keys

Question 17

What does a public key do

Answer 17

Encrypts data
Verify sigs

Question 18

What does a private key do

Answer 18

Employs sig
Decryption

Question 19

What is a key escrow

Answer 19

3rd party key safe

Question 20

What is a hsm

Answer 20

Hardware security module for securing keys. Ensures integrity of boot, offers authentication, and supports encryption tasks.

Question 21

What is the ssh encryption process

Answer 21

1. 3 way handshake
2. Encryption
3. Transmission
4. Decryption

Question 22

Homomorphic encryption

Answer 22

Allows data to be processed while encrypted

Question 23

What is a tpm

Answer 23

Trusted platform module. Specialized chip based key manager and os firmware.

Question 24

What is a key management system

Answer 24

Software solution for keys

Question 25

TCP three way handshake

Answer 25

1. Syn-synchronize. Packet sent to ask to state a connection. 2. Syn/ACK- SYNCH/Acknowledge - agreement reply 3. Acknowledge- agreeing and confirming the connection

Question 26

What doesn't a business email compromise do?

Answer 26

Request passwords

Question 27

What doesn't brand impersonation do?

Answer 27

Specify the communication channel

Question 28

What does a statefull firewall do?

Answer 28

Analysis traffic patterns For unusual behavior

Question 30

What security systems are set up on a LAN?

Answer 30

Ips Ids Load balancer Switches Sensors Internal firewall

Question 31

What security systems are part of the screened subnet?

Answer 31

Ips Ids Jump server Proxy server Reverse proxy Load balancer Sensors Perimeter firewall

Question 32

9 benefits of security zones

Answer 32

1. Segmentation 2. Data protection 3. Access control 4. Monitoring and logging 5. Isolation 6. Compliance 7. Incident containment 8. Operational efficiency 9. Defense of depth

Question 33

What are all the attack surfaces and their vulnerabilities?

Answer 33

1. Endpoints-bad os, software or configs 2. Network services- inadequate patching, misconfiguration or outdated software 3. Ports and protocols 4. User accounts and credentials. 5. 3rd party issues 6. Cloud services 7. Human factors

Question 34

How to mitigate attack surfaces in general?

Answer 34

1. Vulnerability assessments- Nessus 2. Access control 3. Segmentation 4. Build redundancies 5. Constant security updates 6. Strong auth 7. Regular auditing and pen testing. 8. Security awareness for employees

Question 35

What are the 4 security device types?

Answer 35

1. Active-firewalls 2. Passive- cameras, logs 3. Inline 4. Tap/monitor

Question 36

What is a jump server?

Answer 36

Intermediary between clients outside of the network and remote managing critical network components

Question 37

What is a proxy server?

Answer 37

Intermediary between clients and the internet. Filters requests and content.

Question 38

What is a reverse proxy?

Answer 38

Filters requests coming into the network.

Question 39

What is a intrusion protection system?

Answer 39

Identifies suspicious activities and tries to block and mitigate threats

Question 40

What is an intrusion detection system?

Answer 40

Collects data and sounds alarm if problem is detected.

Question 41

What are all network based and host based ips and ids are called?

Answer 41

Nips, nids Hips, hids

Question 42

What are the 2 load balancers and place on OSI

Answer 42

Layer 7: screens by content Layer 4: based on ip and ports

Question 43

4 Load balancer options

Answer 43

1. Least utilized host 2. Affinity: sticky session. Keeps ips with the same server every time a new session is set up 3. Dns round robin 4. Sensors: used by ids to find malicious activity

Question 44

Ways to secure ports

Answer 44

Stickey mac. Store good ip addresses Disable ports when not in use Use radius 802.1x server to check certificates and selectively permit port usage Use extensible authentication protocol(eap)-enhances 802.1x by making sure authentication process is standardized accross all platforms.