Section 2 - ISC2

Question 1

Confidentiality, Integrity and Availability are referred to as

Answer 1

the CIA Triad

Question 2

PII Stands for
PHI Stands for

Answer 2

Personal Identifiable Information
Protected Health Information

Question 3

What is the measure of the importance assigned to information by its owner

Answer 3

Sensitivity

Question 4

What term is Availability typically associated with

Answer 4

Criticality

Question 5

What is the process called of verifying or providing the users identification is know as

Answer 5

Authentication

Question 6

Name 3 Common methods of Authentication

Answer 6

Something you know - passwords or phrases (Knowledge Base)
Something you have - Token, cards (Token-Base)
Something you are - Biometrics (Characteristics Base)

Question 7

True or False - Best practice is to use all 3 of the common methods of communication

Answer 7

False - 2 at least two is recommended

Question 8

Name the legal term as defined as the protection against an individual falsely denying having performed a particular action

Answer 8

Non-repudiation

Question 9

Name 3 Risk Management Terminology and their definitions

Answer 9

Asset - something that needs protection
Vulnerability - is a gap or weakness
Threat - something or someone that aims to exploit a vulnerability

Question 10

Name Threat Actors

Answer 10

Insiders
Outside Individuals
Formal Entities
Nation States
Technology such as bots

Question 11

Threat Vector is

Answer 11

the approach and technique

Question 12

The magnitude of the harm that can be expected and can result in a chain reaction is called

Answer 12

Impact

Question 13

Name the 4 Risk Treatments

Answer 13

Avoidance - exit the service due to high risks
Acceptance - risk averse or low likelihood
Mitigation - Most common taking steps to minimize
Transfer - insurance for eg

Question 14

Name the 3 Security Controls

Answer 14

Physical Controls
Administrator Controls
Technical Controls (logical controls)

Question 15

What is the detailed steps to complete a task that supports departmental or organizational policies

Answer 15

Procedure

Question 16

Used by governance teams to provide a framework to introduce policies and procedures in support of regulations

Answer 16

Standard

Question 17

Put in place by organizational governance such as executive management to provide guidance

Answer 17

Policies

Question 18

in form of laws typically from government and can carry financial penalties

Answer 18

Regulations

Question 19

Name the Code of Ethics Cannons

Answer 19

Protect Society, the common good, necessary public trust and confidence in the infrastructure

Act honorably, honestly, justly, responsibility and legally

Provide diligent and competent services to principles

Advance and protect the profession

Question 20

The process and act of converting the message from plaintext to ciphertext sometimes referred to as enciphering

Answer 20

Encyrption

Question 21

The process of how an organization is managed, usually includes all aspects of how decisions are made for that organization, such as policies, roles and procedures

Answer 21

Governance

Question 22

Define Likelihood of Occurrence

Answer 22

based on a weighted factor on subjective analysis of the probability that a given threat is capable of exploiting a given vulnerability

Question 23

What Department is NIST part of?

Answer 23

US Dept. of Commerce

Question 24

Qualitative Risk vs Quantitative Risk Analysis

Answer 24

Qualitative - assignment based on low, medium and high
Quantitative - numerical values are assigned to both impact and likelihood based on stats and monetized

Question 25

Is BCP an Incident Response Plan

Answer 25

Yes

Question 26

Name the Components of an Incident Response Plan

Answer 26

Preparation - policy, identify critical data, train staff on response, ERT, Roles and responsibilities, Communication between stakeholders

Detection and Analysis - monitor attack vectors, Analyze incidents, prioritize, standard incident docs

Containment , Eradication and Recovery

Post Incident Activity - identify evidence, document lessons learned

Question 27

T or F Business Continuity is to bring all systems fully operational

Answer 27

Fales - just critical systems

Question 28

What is the nickname of the book of procedures for BCP

Answer 28

RedBook

Question 29

True or False DR starts where BC leaves off

Answer 29

True

Question 30

What part of the CIA Triad is Incident Response, Business Continuity and Disaster Recovery

Answer 30

Availablity

Question 31

What is the mitigations of violations of security policies and recommended practices

Answer 31

Incident Handling/Incident Response

Question 32

Is a Firewall considered a Security Control

Answer 32

Yes

Question 33

for Access Controls Subjects constitute the following

Answer 33

User, a process, a procedure, client or server, program, workstations,

Question 34

What is the term for anything that the subject is trying to access referred to

Answer 34

Objects

Note: Objects are passive and do not contain their own access control logic and need to be protected

Question 35

What is the term for an instruction developed to allow or deny access to an object by comparing the validated identity of the subject to an access control list

Answer 35

Rule

Question 36

What are the implementations of access control and are part of a _________ strategy

Answer 36

Layered Defense also know as defense in depth

Question 37

It is acceptable to do profile user copies to save time T or F

Answer 37

False

Question 38

An entrance to a building where two doors with only one open at a time

Answer 38

Mantrap

Question 39

What is CPTED

Answer 39

Crime Prevention Through Environmental Design

Question 40

What are the common two types of Biometics

Answer 40

Physiological - Fingerprint, Iris (colored portion around the outside of the pupil), retinal (blood vessels in the back of the eye)

Behavioral - how a person acts by measuring voiceprints, signature dynamics and keystroke dynamics.

Question 41

What is DAC

Answer 41

Discretionary Access Control

Most common access control giving the user rights to pass the information, grant privilege’s, change security attributes

They are controlled by each individual object owner and not scalable

Question 42

Which Access Control is uniformly enforced across all data subject and provide detail

Answer 42

Mandatory Access Control
Only properly designated security administrators as trusted subjects can modify any of the security rules

Question 43

What is RBAC

Answer 43

Role Based Access Controls
Assigned by roles to each of the applicable systems

Question 44

True or False that encapsulation occurs when data moves down the OSI Model

Answer 44

True
This is coming from the previous layers header address

Question 45

As data moves up the OSI model what is that process called

Answer 45

de-encapsulation
header and footer are discarded

Question 46

What Layer in the TCP/IP Stack is ICMP and what is its function

Answer 46

Internet Layer
Used to determine the health of the network or specific link. Used by Ping, traceroute and other network management tools

Question 47

What is FTP’s insecure Port and SFTP Secure Port

Answer 47

21 - FTP
22 - SFTP

Question 48

What is Telnets Port and it Secure Counterpart

Answer 48

Telnet - 23
SSH - 22

Question 49

What is SMTP port and its secure counterpart

Answer 49

SMTP - 25
SMTP with TLS - 587

Question 50

What is time’s port and replaced by what

Answer 50

Time - 37
Network Time Protocol (NTP) - 123

Question 51

What is DNS port and replaced by what

Answer 51

DNS - 53
DNS over TLS - 853

Question 52

True or False - communication between endpoint and server requires a 3 way handshake

Answer 52

True

Question 53

What is the type of threat that places themselves between two devices such as a web browser and web server

Answer 53

On-Path Attack

Question 54

What is a passive, noninvasive attack to observe the operation of a device

Answer 54

Side-channel
power monitoring, timing and fault analysis attacks

Question 55

Which attack refers to threats that demonstrate an unusually high level of technical and operational sophistication spanning months or even years.

Answer 55

Advanced Persistent Threat (APT)

performed by organized groups such as Nation states

Question 56

True of False a Host-Based Intrusion System will monitor multiple servers and networks

Answer 56

False - it monitors activity on a single computer and is more detailed than a Network IDS. They are more costly to manage since they require administration on each of the systems they reside on

Question 57

True or False Network Intrusion Systems can monitor encrypted traffic

Answer 57

False - it can monitor other package details. a NIDS can monitor a large network by using remote sensors to collect data at key network locations and send to centralized console

Question 58

What refers to the process of designing, using our operating different process in ways that isolate high-risk activities from lower risk ones.

Answer 58

Firewalling

Question 59

Traditionally what OSI layer do firewalls operate at

Answer 59

Layer 4 - session

Question 60

What are Joint Operating Agreements and name them

Answer 60

Memo of Understanding and Memo of Agreement between organizations sometimes competitors that can work together in a disaster

Question 61

Micro segmentation of networks with firewalls at every connecting point is referred to as ________

Answer 61

Zero Trust

Question 62

True or False Network Access Control (NAC) can create policies along with enforcing them

Answer 62

False - they only enforce the polices that are in place.

Question 63

What type of devices would NAC enforce

Answer 63

Medical Devices
IoT Devices
BYOD such as phones and tablets
Guest users and contractor

example would be Hotel based Internet access. Logging in and validating room number and name

Question 64

True of False a DMZ is an example of Network Segmentation

Answer 64

True

Question 65

What is a Web-Application Firewall used for and can replace

Answer 65

It is used to control both internal and external traffic including encrypted like a traditional firewall.

It can replace a DMZ

Question 66

Key reason to segment Embedded Systems and IoT

Answer 66

These systems often control mechanisms such as AC, power, medical devices special care should be taken to isolate them from other devices on the network

Question 67

VLAN is a form of Micro segmentation - T or F

Answer 67

True

VPN and Security Groups are other examples

Question 68

What is the term when a malicious user can see traffic on other VLAN’s

Answer 68

VLAN Hopping

Question 69

True of False - All VPN are encrypted

Answer 69

False

Question 70

Name the 6 Major Sets of the Data Life Cycle

Answer 70

Create
Store
Use
Share
Archive
Destroy/Delete

Question 71

True of False - OSHA Requires if there is a claim that employee data is kept for 30 years

Answer 71

True

Question 72

Degausing is ____________

Answer 72

using magnets to erase data on hard drives

Question 73

What is the definition of Classification in Data Handling

Answer 73

Identifies the degree of harm that that asset if exposed would cause to the organization. Focused on maintaining confidentiality of the data based on sensitivity

Question 74

What type of data classification control of assigning a level of sensitivity

Answer 74

Labeling

Question 75

True of False it is acceptable to apply the longest retention period to all types of information in an orginization

Answer 75

False

Question 76

What is the term for any data that is left on media after deleting? What can be done to remediate

Answer 76

Remanence

Clearing the device using Random values also called overwriting or zeroing

Purging the device such as degaussing

Physical Destruction

Question 77

True of False Ingress Monitors the outbound traffic

Answer 77

False - Egress is the monitoring of outbound traffic

Question 78

What is part of Egress Monitoring

Answer 78

Data Loss/Leak Prevention (DLP)

Question 79

What are the two functions that provide Integrity with Encryption

Answer 79

Hash Functions - a finger print of the file

Digital Signatures - electronic signature providing non-repudiation

Question 80

True of False - all plaintexts are fully readable by humans

Answer 80

False -

Question 81

_______ Encryption is where both sender and receiver have the same Key.

Answer 81

Symmetric Encryption

Note- not very scalable if every person needs a key to communicate with each other

Question 82

Which type of Encryption requires out of band key distribution

Answer 82

Symmetric

Question 83

Same Key
Single Key
Shared Key
Secret Key and
Session Key are all names for what Encryption

Answer 83

Symmetric

Question 84

________ Encryptions uses one key to encrypt and a different key to decrypt

Answer 84

Asymmetric Encryption

Question 85

List some key benefits of Asymmetric Encryption

Answer 85

More scalable with no overhead of key exchange
Non-Repudiation of origin and delivery, access control and data integrity
More Secure

Question 86

Which Encryption has the best performance. Asymmetric or Symmetric

Answer 86

Symmetric.

The amount of processing espeically with large amounts of data is not practical for Asymmetric

Question 87

Who performs the study the mathematical techniques to attempting to defeat cryptography

Answer 87

CryptAnalysts

Question 88

What is the process where it takes an input set of data and returns a fixed length result called ______

Answer 88

Hash Value - most common method of ensuring message integrity today

Question 89

What is the term of comparing the digest code to the original called

Answer 89

Checksum

Question 90

Using a rogue interactive voice response (IVR) to recreate legitimate sounding bank or other institutions is called

Answer 90

Phone Phishing or Vishing

Question 91

The human equivalent of phishing where someone impersonates an authority or trusted figure

Answer 91

Pretexting

Question 92

Quid pro quo in Social Engineering is

Answer 92

request for information in exchange for something