Security

Question 1

Strategies to reduce risk of data confidentiality

Answer 1

Provider ensured data fully destroyed

Multiple encryption keys

Logical isolation of multiple customers

Question 2

Federated identity management

Answer 2

Arrangement between two or more trust domains

Use same digital idenity

Question 3

Security risks of user identity federation

Answer 3

Less control over use lifecycle

Single point of failure

Question 4

____ Identity Server can act as a hub that connects multiple identity providers to authenticate users to a particular service provider

Answer 4

WSO2

Question 5

The Google ____ 2.0 system supports server-to-server interactions such
as those between a web application and a Google service

Answer 5

0Auth

Question 6

Difference between WSO2 and 0Auth

Answer 6

0Auth supports server to server interactions

WSO2 acts as a hub, “more frontend”

Question 7

RACI stands for

Answer 7

Responsible Accountable Consulted Informed Model

Question 8

Bussiness COntinuty

Answer 8

Activity performed to ensure bussiness continues in case of disaster

Question 9

What is it important contracts define froma bussienss continuity and resilience perspective

Answer 9

Recovery time

Objects

Monetary Penalty if downtime

Question 10

BS 259999

Answer 10

Now ISO 22301

International Standard for implementing and maintaining effective business continuity plans

Question 11

Usage of data consideration

Answer 11

• Personal died used without consent
• Data sent across borders
• No opt out features
• Lack of individual control
• Local law

Question 12

What can be done to data to make it be used for more general purposes?

Answer 12

De-identification

Question 13

Risks of multi-tenancy if managed uncorrectly

Answer 13

• Inadequate local seperation
• Co-mingled tenant data
• Uncoordinated change controls
• Performance risks

Question 14

Visually descriobe a multi-tenant application

Answer 14

Ref img

Question 15

Multi-tennacy - keys

Answer 15

Per Tenant Key management

Question 16

What is important to manage risk

Answer 16

Third Party Assessments

Question 17

In the event of a security incident, applications and services hosted at a Cloud provider are

Answer 17

difficul to investgate

distributed logging

Question 18

Infrastructure Security Architecture- Cloud

Answer 18

Tiered zones

Only allow required access in each zone

Question 19

Examples of third party audit lifecycle

Answer 19

Vulnerability identification

Results Analysis

Risk Assessment

Redmediation

Question 20

Improving security of network and apps is referred to as

Answer 20

Hardening

Question 21

Are non-prod enviroments immune to exposure?

Answer 21

No - even more at risk due to
generic authentication crdes
security flaws
then PIVOTING into production

Question 22

Use cloud for secret app?

Answer 22

no

Question 23

Security MEtric

Answer 23

Measurable value - how well company doing to reduce cyber security risks

Question 24

Types of security metrics

Answer 24

Process
Network
Software

Question 25

What do process security metrics usually refer to?

Answer 25

Measure processes and procedures Compliance/Governance driven Generally support better security Actual impact hard to define

Question 26

What type of security metric would be associated with the following: No. of policy violations % of systems with formal risk assessments % of system with tested security controls % of weak passwords No. of identified risks and their severity % of systems with contingency plans

Answer 26

Process Security Metric

Question 27

Network Security Metric - common features

Answer 27

* Driven by products * Readily available * Widely used * Gives sense of control

Question 28

Examples of network security metrics

Answer 28

* Succesfull/unsucceful logs * No of incidents * No of cirus blocked * No of virus inections * No of port probes * Traffic analysis

Question 29

What type of security metric is associated with the following: Successful/unsuccessful logons No. of incidents No. of viruses blocked No. of patches applied No. of spam blocked No. of virus infections

Answer 29

Network Security Metric

Question 30

Charateristics of software security metric

Answer 30

Complex Context sENSITIVE eNVIROMENT dEPENDENT

Question 31

Levels of software seucrity metric

Answer 31

System Level Design level Code level

Question 32

Follow are examples of what security metric? Size and complexity Defects over time Cost per defect Layers of security Design Flaws

Answer 32

Software Security Metric

Question 33

Threat Modelling to do with

Answer 33

Explore vulnerabiles, threats and create strategies for these

Question 34

Who released Bitcoin

Answer 34

Pen name Satoshi Nakamoto 2008

Question 35

What type of blockchain is bitcoin

Answer 35

Distributed ledger

Question 36

Three parts of a chain in a blockchain

Answer 36

Data Hash Previous Hash

Question 37

What ensures the integrity of a proof of work blockchain?

Answer 37

The number of blocks in chain - to change one piece of data would require to rehash the entire change, impossible

Question 38

Explain how a blockchain links up

Answer 38

Ref to img

Question 39

Different blockchain consensus mechanism

Answer 39

Proof of Work Proof of Stake

Question 40

Disadvantages of proof of work

Answer 40

Lack of speed Poor Scalability Inefficient Energy COnsumption

Question 41

What consensus mechanism does Ethereum use

Answer 41

Proof of stake

Question 42

Role of validators in Proof of Stake chain

Answer 42

no energy-intensive computational process to earn the right to validate. Instead of working to solve proofs of work, validators “stake” some of the blockchain’s native tokens to become eligible for selection as a validator node. The prospective validator will essentially stake crypto tokens native to the blockchain to serve as collateral.

Question 43

Distributed LEdger TEchnology (DLT) is often associated with what type of blochain

Answer 43

Consortium / Private blockchain

Question 44

Is hashing alone enough to secure a block chain? If not, what else is used?>

Answer 44

No *Consensus Mechanism *Distributed peer-to-peer network

Question 45

Proof of work conesus mechanism

Answer 45

achieving agreement on Blockchain network to confirm transactions and addnew blocks to the chain solve mathematical problem

Question 46

How does adding proof of work increase bitcoin security?

Answer 46

Takes alot of time to recalculate each block

Question 47

Centralized, Decentralized and Distributed Difference

Answer 47

Ref img

Question 48

To succefully tamper with a proof of work blockchain you would have to

Answer 48

Temper with all blocks Redo proof of work for each block Take control of > 50% of peer-peer network to generate consensur

Question 49

How can blochcain support confidentiality

Answer 49

encrypt block data

Question 50

Future component of blocbhain

Answer 50

*Smart Contract - Get rid of need for intermedieries *Blockbhain Cloud Storage *IoT BLockchain

Question 51

Smart Contract Use Cases

Answer 51

* Supply chain * REal estate * Insurnace * Personal Identity

Question 52

Describe Blockchain Cloud Storage

Answer 52

1. Shard data 2. Encrypt shards 3. Distributed shards across nodes with synched ledger 4. Record transactions on blockhain ledger

Question 53

What is this an example of?

Answer 53

Smart Contracts in a supply chain Each level validated it has received product and performed their respective process