Sybex Cissp 2024 Flashcards

Question

What is SDx?

Answer 1

Software‐defined everything (SDx) refers to a trend of replacing hardware with software using virtualization. SDx includes virtualization, virtualized software, virtual networking, containerization, serverless architecture, infrastructure as code, SDN, VSAN, software‐defined storage (SDS), VDI, VMI, SDV, and software‐defined data center (SDDC).

Answer 2

Fault, blackout, sag, brownout, spike, surge, inrush, noise, clean, ground

Answer 3

Sensitive But Unclassified (SBU) is used for data that is for internal use or office use only. Often SBU is used to protect information that could violate the privacy rights of individuals.

Answer 4

Ad hoc or peer‐to‐peer

Answer 5

Compliance is the act of conforming to or adhering to rules, policies, regulations, standards, or requirements. Compliance is an important concern to security governance. On a personnel level, compliance is related to whether individual employees follow company policy and perform their job tasks in accordance to defined procedures.

Answer 6

The Protection of Personal Information Act (POPIA), which went into effect in 2020, promotes the protection of personal information processed by public and private bodies and introduces specific conditions for the lawful processing of personal information, closely mirroring principles seen in the GDPR.

Answer 7

An on‐premise solution is the traditional deployment concept in which an organization owns the hardware, licenses the software, and operates and maintains the systems on its own usually within their own building.

Answer 8

Over 40 EAP methods are defined, including LEAP, PEAP, EAP‐SIM, EAP‐FAST, EAP‐MD5, EAP‐POTP, EAP‐TLS, EAP‐TTLS, EAP‐IKEv2, and EAP‐NOOB.

Answer 9

IEEE 802.15.1 originally, now Bluetooth SIG.

Answer 10

There should not be equal access to all locations within a facility. Areas that contain assets of higher value or importance should have restricted access. Valuable and confidential assets should be located in the heart or center of protection provided by a facility.

Answer 11

Micro training involves delivering short, focused, and bite‐sized learning modules or content to learners. These brief learning units are typically designed to be highly specific, addressing a single learning objective or a small set of related objectives in a concise and easily digestible format. Micro training is characterized by its brevity and effectiveness in conveying information, making it well suited for the fast‐paced and attention‐challenged digital age. Often, micro training is delivered via mobile apps.

Answer 12

VRF is a technology that allows multiple instances of a routing table to coexist within a router. Each VRF instance operates as a separate and independent routing domain, enabling the isolation of routing information. It allows the same physical router to maintain separate routing tables for different VRF instances, preventing the leakage of routing information between them.

Answer 13

Certain attacks may

Answer 14

VRF is a technology that allows multiple instances of a routing table to coexist within a router. Each VRF instance operates as a separate and independent routing domain, enabling the isolation of routing information.

Answer 15

Certain attacks may result from poor design techniques, questionable implementation practices, and inadequate testing. Poor coding practices and lack of security consideration are common sources of vulnerabilities.

Answer 16

Emanation security involves protecting against the interception of electrical signals or radiation from devices that may contain confidential data. TEMPEST countermeasures include Faraday cages and shielding.

Answer 17

A systematic effort to identify relationships between mission-critical applications, processes, and operations and all necessary supporting elements.

Answer 18

Human error.

Answer 19

Disaster recovery programs should include planning for initial response efforts, personnel, communication, assessment of response efforts, and training to ensure understanding of responsibilities.

Answer 20

Service-oriented architecture (SOA) constructs new applications from existing software services, often leading to unknown security issues.

Answer 21

Mobile site.

Answer 22

Endpoint detection and response (EDR) is a security mechanism that detects, records, evaluates, and responds to suspicious activities.

Answer 23

Writable CDs, DVDs, Blu-ray discs, and flash drives are useful for smaller data amounts compared to enterprise options.

Answer 24

Zero trust is a security concept where nothing inside the organization is automatically trusted. Each access request is verified.

Answer 25

The principle of least privilege.

Answer 26

Some attacks occur in slow increments rather than obvious attempts. Examples include data diddling and the salami attack.

Answer 27

A salt adds extra bits to a password before hashing it to protect against rainbow table attacks.

Answer 28

ATO is a formal approval to operate IT/IS based on an acceptable risk level and an agreed-upon set of security controls.

Answer 29

Vulnerability assessments search for known vulnerabilities, while penetration tests attempt to exploit them to gain access.

Answer 30

Cybersecurity professionals must analyze situations and determine applicable jurisdictions, laws, and standards.

Answer 31

A pseudo-flaw is a false vulnerability intentionally implanted in a system to tempt attackers, often used in honeypots.

Answer 32

The most important aspect of security is protecting people and preventing harm.

Answer 33

Security assessments are comprehensive reviews of a system's security, identifying vulnerabilities and making remediation recommendations.

Answer 34

The noninterference model prevents the actions of one subject from affecting the system state or actions of another subject.

Answer 35

Data classification is the primary means by which data is protected based on categories of secrecy, sensitivity, or confidentiality.

Answer 36

War chalking is a type of graffiti that marks an area with information about the presence of a wireless network.

Answer 37

Process isolation requires the OS to provide separate memory spaces for each process and enforce those boundaries.

Answer 38

Documentation review verifies exchange materials against standards and expectations, typically before on-site inspections.

Answer 39

Cybersecurity insurance provides coverage and financial protection against cyber-related incidents and breaches.

Answer 40

Change management.

Answer 41

169.254.0.1 to 169.254.255.254 with a default Class B subnet mask of 255.255.0.0.

Answer 42

Steganography is the practice of embedding a message within a file.

Answer 43

Terrorist attacks aim to disrupt normal life and instill fear, differing from military attacks that seek secret information.

Answer 44

Threats include abuse, impersonation, masquerading, tailgating, and piggybacking.

Answer 45

Safeguards include intensive auditing, monitoring for abnormal activity, and open communication between employees and managers.

Answer 46

A Zoom room is a dedicated space equipped for hosting video meetings, enhancing online collaboration.

Answer 47

Examples include locks, badges, motion detectors, and intrusion alarms.

Answer 48

A distributed denial-of-service (DDoS) attack occurs when multiple systems attack a single system simultaneously.

Answer 49

Quantitative.

Answer 50

To ensure security control mechanisms implement the security policy throughout the system's life cycle.

Answer 51

The invention must be new, useful, and nonobvious.

Answer 52

Sensitivity refers to information quality that could cause harm if disclosed.

Answer 53

Sensitivity refers to the quality of information that could cause harm or damage if disclosed. Maintaining confidentiality of sensitive information helps to prevent harm or damage.

Answer 54

Routers, switches, hubs, repeaters, bridges, gateways, proxies.

Answer 55

Threat feeds provide organizations with a steady stream of raw data. By analyzing threat feeds, security administrators can learn of current threats. They can then use this knowledge to search through the network, looking for signs of these threats. This is known as threat hunting.

Answer 56

A honeypot is an individual computer created as a trap for intruders. A honeynet is two or more networked honeypots used together to simulate a network. They look and act like legitimate systems, but they do not host data of any real value for an attacker.

Answer 57

An embedded system is a computer implemented as part of a larger system. The embedded system is typically designed around a limited set of specific functions in relation to the larger product of which it's a component. Examples of embedded systems include network‐attached printers, smart TVs, HVAC controls, smart appliances, smart thermostats, Ford SYNC, and medical devices.

Answer 58

An optical communication technology used in fiber‐optic communication systems to increase the capacity and efficiency of the network. DWDM enables multiple data streams or channels to be simultaneously transmitted over a single optical fiber, each using a different wavelength of light.

Answer 59

Pseudonymization.

Answer 60

The stages of the Software Capability Maturity Model (SW‐CMM) are Initial, Repeatable, Defined, Managed, and Optimizing.

Answer 61

A type I hypervisor is a native or bare‐metal hypervisor. A type II hypervisor is a hosted hypervisor.

Answer 62

A Media Access Control (MAC) address is a 6‐byte (48‐bit) binary address written in hexadecimal notation. The first 3 bytes (24 bits) denote the vendor or manufacturer.

Answer 63

Ciphertext‐only attacks require access only to the ciphertext of a message. One example is the brute‐force attack, which attempts to randomly find the correct cryptographic key. Frequency analysis counts characters in the ciphertext to reverse substitution ciphers. Known plain text, chosen ciphertext, and chosen plain‐text attacks require the attacker to have some extra information in addition to the ciphertext.

Answer 64

Static environments, embedded systems, network‐enabled devices, and other limited or single‐purpose computing environments need security management. Techniques may include network segmentation, security layers, application firewalls, and manual updates.

Answer 65

Open relay SMTP servers.

Answer 66

To reconstruct an event, to extract information about an incident, to prove or disprove culpability.

Answer 67

Mutation (dumb) fuzzing takes previous input values and manipulates them. Generational (intelligent) fuzzing develops data models and creates new fuzzed input.

Answer 68

Technology used to host one or more operating systems within the memory of a single host computer, allowing multiple operating systems to work simultaneously on the same hardware.

Answer 69

The zzuf tool automates the process of mutation fuzzing by manipulating input according to user specifications.

Answer 70

Data hiding is preventing data from being known by a subject. Keeping a database from being accessed by unauthorized visitors is a form of data hiding.

Answer 71

Processing capability.

Answer 72

Policies, standards, baselines, guidelines, and procedures.

Answer 73

A directory service.

Answer 74

Not all environments support them; they are expensive, subject to illness, and vulnerable to social engineering.

Answer 75

IEEE 802.1X defines the use of encapsulated EAP to support a wide range of authentication options for LAN connections.

Answer 76

Android is a mobile device OS based on Linux, acquired by Google in 2005. It is used on a wide range of devices, including phones, tablets, and more.

Answer 77

Common Vulnerability Scoring System (CVSS).

Answer 78

Address Resolution Protocol (ARP) is used to resolve IP addresses into MAC addresses.

Answer 79

Offboarding is the removal of an employee's identity from the identity and access management (IAM) system once that person has left the organization.

Answer 80

A network‐based DLP scans all outgoing data. An endpoint‐based DLP can scan files stored on a system.

Answer 81

Mobile device management (MDM) is a software solution to manage mobile devices that employees use to access company resources.

Answer 82

Financial attacks are carried out to unlawfully obtain money or services.

Answer 83

Media analysis, network analysis, software analysis, and hardware/embedded device analysis.

Answer 84

Domain hijacking is the malicious action of changing the registration of a domain name without authorization.

Answer 85

Analog communications occur with a continuous signal. Digital communications occur through the use of on‐off pulses.

Answer 86

Layering is the use of multiple controls in a series to combat threats.

Answer 87

A penetration testing tool used to automatically execute exploits against targeted systems.

Answer 88

A penetration testing tool used to automatically execute exploits against targeted systems. Metasploit uses a scripting language to allow the automatic execution of common attacks, saving testers (and bad actors!) quite a bit of time by eliminating many of the tedious, routine steps involved in executing an attack.

Answer 89

Ransomware uses traditional malware techniques to infect a system and then encrypts data on that system using a key known only to the attacker. The attacker then demands payment of a ransom from the victim in exchange for providing the decryption key.

Answer 90

The storage of credentials in a central location is referred to as credential management. Given the wide range of Internet sites and services, each with its own particular logon requirements, it can be a burden to use unique names and passwords. Credential management solutions offer a means to securely store a plethora of credential sets.

Answer 91

End of life (EOL) is the date announced by a vendor when sales of a product stop. However, the vendor still supports the product after EOL. End of support (EOS) identifies the date when a vendor will no longer support a product.

Answer 92

Good hash functions have five requirements. They must allow input of any length, provide fixed‐length output, make it relatively easy to compute the hash function for any input, provide one‐way functionality, and be collision‐resistant.

Answer 93

An EF is an element of quantitative risk analysis that represents the percentage of loss that an organization would experience if a specific asset were violated by a realized risk. By calculating exposure factors, you are able to implement a sound risk management policy.

Answer 94

Security Assertion Markup Language (SAML) is an open XML‐based standard used to exchange authentication and authorization information. OAuth 2.0 is an authorization framework described in RFC 6749 and supported by many online sites. OASIS maintains OpenID and OpenID Connect (OIDC). OpenID provides authentication. OIDC provides both authentication and authorization by using the OAuth framework and building on the OpenID standard.

Answer 95

Without control over the physical environment, no amount of administrative or technical/logical access controls can provide adequate security. If a malicious person can gain physical access to your facility or equipment, they can do just about anything they want, from destruction to disclosure and alteration.

Answer 96

Electromagnetic interference refers to any noise generated by electric current and can affect any means of data transmission or storage that relies on electromagnetic transport mechanisms.

Answer 97

Cross‐training is often discussed as an alternative to job rotation. In both cases, workers learn the responsibilities and tasks of multiple job positions. However, in cross‐training the workers are just prepared to perform the other job positions; they are not rotated through them on a regular basis. Cross‐training enables existing personnel to fill the work gap when the proper employee is unavailable as a type of emergency response procedure.

Answer 98

Clickjacking is a means to redirect a user's click or selection on a web page to an alternate often malicious target instead of the intended and desired location. One means of clickjacking is to add an invisible or hidden overlay, frame, or image map over the displayed page. The user sees the original page, but any mouse click or selection will be captured by the floating frame and redirected to the malicious target.

Answer 99

Because they are not recognized as incidents

Answer 100

An uninterruptible power supply (UPS) is a type of self‐charging battery that can be used to supply consistent clean power to sensitive equipment.

Answer 101

Security target

Answer 102

Those that store, process, or transmit credit card account information

Answer 103

Dumpster diving

Answer 104

Any activity that results in a malicious user obtaining information about a network or the traffic over that network. Data is captured using a sniffer or protocol analyzer.

Answer 105

Authentication

Answer 106

A tool used to examine the contents of network traffic

Answer 107

Specifications, mechanisms, activities, and individuals

Answer 108

A combination of two or more private, public, and/or community clouds

Answer 109

In 2009, Congress amended HIPAA by passing the Health Information Technology for Economic and Clinical Health (HITECH) Act. This law updated many of HIPAA's privacy and security requirements and was implemented through the HIPAA Omnibus Rule in 2013.

Answer 110

A split‐DNS is deploying a DNS server for public use and a separate DNS server for internal use. All data in the zone file on the public DNS server is accessible by the public via queries or probing. However, the internal DNS is for internal use only. Only internal systems are granted access to interact with the internal DNS server.

Answer 111

Endpoint protection platform (EPP) is a variation of EDR much like IPS is a variation of IDS. The focus on EPP is on four main security functions: predict, prevent, detect, and respond. Thus, EPP is the more active prevent and predict variation of the more passive EDR concept.

Answer 112

To ensure that all of the necessary and required elements of a security solution are properly deployed and functioning as expected.

Answer 113

Security orchestration, automation, and response (SOAR) technologies automate responses to incidents. One of the primary benefits is that this reduces the workload of administrators. It also removes the possibility of human error by having computer systems respond.

Answer 114

Bluesniffing, bluesmacking, bluejacking, BLUFFS (Bluetooth Forward and Future Secrecy) is a series of exploits targeting Bluetooth, aiming to break Bluetooth sessions' forward and future secrecy, compromising the confidentiality of past and future communications between devices) bluesnarfing, and bluebugging.

Answer 115

They can be deployed as a perimeter security control and as detection and deterrent agents, they are costly and require high maintenance, and their use involves insurance and liability issues.

Answer 116

Rule‐based access control models use a set of rules, restrictions, or filters to determine access. A firewall's access control list includes a list of rules that define what access is allowed and access is blocked.

Answer 117

One‐to‐one, one‐to‐many, and many‐to‐many.

Answer 118

Work function or work factor.

Answer 119

recovery, restoration (in either order)

Answer 120

Replay attack.

Answer 121

A microcontroller is similar to but less complex than a system on a chip (SoC). A microcontroller may be a component of an SoC. A microcontroller is a small computer consisting of a CPU (with one or more cores), memory, various input/output capabilities, RAM, and often nonvolatile storage in the form of flash or ROM/PROM/EEPROM. Examples include Raspberry Pi, Arduino, and FPGA.

Answer 122

Symmetric key cryptosystems (or secret key cryptosystems) rely on the use of a shared secret key. They are much faster than asymmetric algorithms, but they lack support for scalability, easy key distribution, and nonrepudiation. Asymmetric cryptosystems use public‐private key pairs for communication between parties but operate much more slowly than symmetric algorithms.

Answer 123

Information/intelligence gathering, war driving, sniffing, eavesdropping, radiation monitoring, dumpster diving, social engineering, port scanning, ping scanning, vulnerability scanning, war dialing, and actual compromise activities.

Answer 124

The information flow model is designed to prevent unauthorized, insecure, or restricted information flow.

Answer 125

The AAA model includes three major components. Authentication confirms that a user, device, or service is who it claims to be. Authorization ensures that users, devices, and services may only perform actions that they are entitled to perform. Accounting creates an audit trail of activity that may be later reviewed.

Answer 126

The AAA model includes three major components. Authentication confirms that a user, device, or service is who it claims to be. Authorization ensures that users, devices, and services may only perform actions that they are entitled to perform. Accounting creates an audit trail of activity that may be later verified.

Answer 127

Wireless access points and wireless clients

Answer 128

Passive monitoring

Answer 129

In a capture‐the‐flag (CTF) exercise, the red team begins with set objectives, such as disrupting a website, stealing a file from a secured system, or causing other security failures. The exercise is scored based on how many objectives the red team was able to achieve compared to how many the blue team prevented them from executing.

Answer 130

A concept of computing where processing and storage are performed elsewhere over a network connection rather than locally

Answer 131

Platform as a service (PaaS) is the concept of providing a computing platform and software solution stack as a virtual or cloud‐based service.

Answer 132

A strategic plan is a long‐term plan that is fairly stable. The tactical plan is a midterm plan that provides more details. Operational plans are short term and highly detailed.

Answer 133

Nonrepudiation, access control, message integrity, source authentication, verified delivery, acceptable use policies, privacy, management, and backup and retention policies

Answer 134

Computer security incident

Answer 135

Privilege creep

Answer 136

A Type C fire extinguisher is for use on electrical devices, thus the extinguishing agent is nonconductive, so the devices might use CO₂, halon, or various alternatives.

Answer 137

A standardized language expressing structured information about cyberthreats and a common framework for organizations to share and analyze threat intelligence

Answer 138

A cloud solution is a deployment concept where an organization contracts with a third‐party cloud provider. The cloud provider owns, operates, and maintains the hardware and software. The organization pays a monthly fee (often based on a per‐user multiplier) to use the cloud solution.

Answer 139

When only one of the input bits is true

Answer 140

Security controls should provide benefits that can be monitored and measured. If a security control's benefits cannot be quantified, evaluated, or compared, then it does not actually provide any security.

Answer 141

Analyzing an environment for risks, evaluating each risk as to its likelihood and damage, assessing the cost of countermeasures, and creating a cost/benefit report to present to upper management.

Answer 142

SRTP (Secure Real‐Time Transport Protocol, or Secure RTP) is a security improvement over RTP (Real‐Time Transport Protocol) that is used in many VoIP (Voice over IP) communications. SRTP aims to minimize the risk of VoIP DoS through robust encryption and reliable authentication.

Answer 143

Supervisory control and data acquisition (SCADA) systems can operate as a stand‐alone device, be networked together with other SCADA systems, or be networked with traditional IT systems. Most SCADA systems are designed with minimal human interfaces.

Answer 144

Using Secure Multipurpose Internet Mail Extensions (S/MIME), Pretty Good Privacy (PGP), DomainKeys Identified Mail (DKIM), Sender Policy Framework (SPF), Domain‐based Message Authentication Reporting and Conformance (DMARC), STARTTLS, and Implicit SMTPS.

Answer 145

The Point‐to‐Point Protocol (PPP) is an encapsulation protocol designed to support the transmission of IP traffic over dial‐up or point‐to‐point links. PPP supports CHAP and PAP for authentication.

Answer 146

Device authentication, full‐device encryption, communication protection, remote wiping, device lockout, screen locks, location services management, content management, application control, push notification management, third‐party app store control, storage segmentation, asset tracking and inventory control, removable storage, connection methods management, deactivating features, rooting/jailbreaking, sideloading, custom firmware, carrier unlocking, OTA updates, key & credential management, and text messaging security.

Answer 147

Confidentiality

Answer 148

Declassification involves any process that purges media or a system in preparation for reuse in an unclassified environment.

Answer 149

Detection control

Answer 150

WPA2 (AES/CCMP)

Answer 151

Entitlement refers to the amount of privileges granted to users, typically when first provisioning an account.

Answer 152

Data analytics is the science of raw data examination with the focus of extracting useful information out of the bulk information set.

Answer 153

Physical access controls are those you can touch, and they directly protect systems, devices, and facilities by controlling access and controlling the environment.

Answer 154

The data custodian is assigned the tasks of implementing the prescribed protection defined by the security policy and upper management.

Answer 155

Natural disaster

Answer 156

RSA, ElGamal, and the elliptic curve algorithm.

Answer 157

Trusted Platform Module (TPM) is a cryptoprocessor chip on a mainboard used to store and process cryptographic keys.

Answer 158

Possible answers include: earthquakes, floods, storms, tornadoes, tsunamis, pandemics, and fires.

Answer 159

Before embarking on any test, it's essential to inform all stakeholders about what to expect. During the test, regular updates are crucial. Post‐test, a debriefing session provides an opportunity for discussing the outcomes.

Answer 160

Sender Policy Framework (SPF) is used to protect against spam and email spoofing.

Answer 161

An access control matrix is a table of subjects and objects that indicates the actions or functions that each subject can perform on each object.

Answer 162

Extended detection and response (XDR) components often include EDR, MDR, and EPP elements.

Answer 163

Infrastructure as code (IaC) is a change in how hardware management is perceived and handled.

Answer 164

Bring-your-own-device (BYOD) is a policy that allows employees to bring their own personal mobile devices to work.

Answer 165

Documentary evidence

Answer 166

Log reviews, account management reviews, and backup verification.

Answer 167

Hiring practices, ongoing job performance reviews, and termination procedures.

Answer 168

The first place to look is in the system and network log files.

Answer 169

A process that protects the contents of packets by encapsulating them in another protocol.

Answer 170

Database partitioning

Answer 171

Security audits use many of the same techniques followed during security assessments but must be performed by independent auditors.

Answer 172

Security can be maintained only if subjects are held accountable for their actions.

Answer 173

Software testing techniques verify that code functions as designed and does not contain security flaws.

Answer 174

Data loss prevention (DLP) systems attempt to detect and block data exfiltration attempts.

Answer 175

RBAC models use task-based roles, and users gain privileges when administrators place their accounts into a role or group.

Answer 176

To ensure the continuous operation of a business in the face of an emergency situation.

Answer 177

Portable device, mobile device, personal mobile device (PMD), personal electronic device (PED), and personally owned device (POD).

Answer 178

To ensure compliance with security policy and to detect abnormalities, unauthorized occurrences, or outright crimes.

Answer 179

Degaussing

Answer 180

A secure facility plan outlines the security measures for protecting a facility.

Answer 181

A secure facility plan outlines the security needs of your organization and emphasizes methods or mechanisms to provide security. Such a plan is developed through risk assessment and critical path analysis.

Answer 182

A real-time operating system (RTOS) is designed to process or handle data as it arrives on the system with minimal latency or delay. An RTOS is usually stored on read-only memory (ROM) and is designed to operate in a hard real-time or soft real-time condition.

Answer 183

Address the issue in the security policy, perform awareness training, use content filtering tools to filter source or word content.

Answer 184

Hot, warm, and cold sites; mobile sites; service bureaus; multiple sites; and reciprocal agreements/mutual assistance agreements (MAAs).

Answer 185

Voice over IP (VoIP) is a tunneling mechanism used to transport voice and/or data over a TCP/IP network. VoIP has the potential to replace or supplant PSTN because it's often less expensive and offers a wider variety of options and features.

Answer 186

Grudge attacks are attacks that are carried out to damage an organization or a person. The damage could be in the loss of information or information processing capabilities or harm to the organization or a person's reputation.

Answer 187

Criminal law protects society against acts that violate the basic principles we believe in. Violations of criminal law are prosecuted by federal and state governments. Civil law provides the framework for the transaction of business between people and organizations. Violations of civil law are brought to the court and argued by the two affected parties. Administrative law is used by government agencies to effectively carry out their day‐to‐day business.

Answer 188

In transport mode, the IP packet data is encrypted, but the header is not. In tunnel mode, the entire IP packet is encrypted, and a new header is added to govern transmission through the tunnel.

Answer 189

Transport layer (OSI layer 4)

Answer 190

Initialization vector (IV)

Answer 191

In 2012, the federal government design committee announced the selection of the Keccak algorithm as the SHA-3 standard. However as of mid-2015, the SHA-3 standard remains in draft form and some technical details still require finalization.

Answer 192

A practice employed to capture and redirect traffic when a user mistypes the domain name or IP address of an intended resource.

Answer 193

Personal area network (PAN)

Answer 194

Social engineering attacks may be used to elicit information or gain access through the use of pretexting and/or prepending. Social engineering attacks include phishing, spear phishing, business email compromise (BEC), whaling, smishing, vishing, spam, shoulder surfing, invoice scams, hoaxes, impersonation, masquerading, tailgating, piggybacking, dumpster diving, identity fraud, typosquatting, and influence campaigns.

Answer 195

BIOS or UEFI

Answer 196

Auditing is the programmatic means by which subjects are held accountable for their actions while authenticated on a system through the documentation or recording of subject activities.

Answer 197

Trike is a threat modeling methodology that focuses on a risk-based approach instead of depending on the aggregated threat model used in STRIDE and DREAD. Trike provides a method of performing a security audit in a reliable and repeatable procedure. It also provides a consistent framework for communication and collaboration among security workers.

Answer 198

Organizations use service-level agreements (SLAs) with outside entities such as vendors. They stipulate performance expectations such as maximum downtimes and often include penalties if the vendor doesn't meet expectations.

Answer 199

The word DevOps is a combination of Development and Operations, symbolizing that these functions must merge and cooperate to meet business requirements. The DevOps approach seeks to resolve these issues by bringing the three functions (software development, quality assurance, and technology operations) together in a single operational model.

Answer 200

Purging, sanitization, or destruction.

Answer 201

A systematic effort to spread ideas, information, or opinions, often of a biased or misleading nature, to promote a particular cause, political viewpoint, or ideology; aims to shape public perception and behavior.

Answer 202

Kerckhoffs' principle.

Answer 203

A padded cell system is similar to a honeypot, but it performs intrusion isolation using a different approach. When an IDS detects an intruder, that intruder is automatically transferred to a padded cell.

Answer 204

The Advanced Encryption Standard (AES) uses the Rijndael algorithm and is the U.S. government standard for the secure exchange of sensitive but unclassified data. AES uses key lengths of 128, 192, and 256 bits and a fixed block size of 128 bits to achieve a much higher level of security than that provided by the older DES algorithm.

Answer 205

Transitive trust is the concept that if A trusts B and B trusts C, then A inherits trust of C through the transitive property, which works like it would in a mathematical equation: if A = B, and B = C, then A = C. In this example, when A requests data from B, then B requests data from C, the data that A receives is essentially from C. Transitive trust is a serious security concern because it may enable bypassing of restrictions or limitations between A and C.

Answer 206

Fibre Channel over Ethernet (FCoE) can be used to support Fibre Channel communications over the existing network infrastructure. FCoE is used to encapsulate Fibre Channel communications over Ethernet networks. It typically requires 10 Gbps Ethernet in order to support the Fibre Channel protocol.

Answer 207

Data localization refers to storing and processing data within a specific country's or region's physical borders or geographical boundaries. This concept is often driven by regulatory requirements or government policies that mandate certain data, especially sensitive or personal information, to be kept within the jurisdiction's borders where it was generated or where the data subject resides.

Answer 208

Failover cluster.

Answer 209

Record retention.

Answer 210

A content-distribution network (CDN) or content delivery network is a collection of resource services deployed in numerous data centers across the Internet in order to provide low-latency, high-performance, high-availability of the hosted content.

Answer 211

Direct addressing.

Answer 212

Committing the plan to writing provides the organization with a written record of the procedures to follow when disaster strikes. It prevents the “it's in my head” syndrome and ensures the orderly progress of events in an emergency.

Answer 213

From a security standpoint, protection rings organize code and components in an OS into concentric rings. The deeper inside the circle you go, the higher the privilege level associated with the code that occupies a specific ring.

Answer 214

Confusion.

Answer 215

A reactive approach to threat modeling takes place after a product has been created and deployed. This deployment could be in a test or laboratory environment or to the general marketplace. This type of threat modeling is also known as the adversarial approach. This technique of threat modeling is the core concept behind ethical hacking, penetration testing, source code review, and fuzz testing.

Answer 216

User behavior analytics (UBA) and user and entity behavior analytics (UEBA) are the concepts of analyzing the behavior of users, subjects, visitors, customers, etc. for some specific goal or purpose.

Answer 217

User behavior analytics (UBA) and user and entity behavior analytics (UEBA) are the concepts of analyzing the behavior of users, subjects, visitors, customers, etc. for some specific goal or purpose. Information collected from UBA/UEBA monitoring can be used to improve personnel security policies, procedures, training, and related security oversight programs.

Answer 218

Big data refers to collections of data that have become so large that traditional means of analysis or processing are ineffective, inefficient, and insufficient. Big data involves numerous difficult challenges, including collection, storage, analysis, mining, transfer, distribution, and results presentation.

Answer 219

Identification is the process by which a subject professes an identity and accountability is initiated. A subject must provide an identity to a system to start the process of authentication, authorization, and accountability/accounting.

Answer 220

Software‐defined network (SDN) is a unique approach to network operation, design, and management. SDN aims at separating the infrastructure layer (i.e., hardware and hardware‐based settings) from the control layer (i.e., network services of data transmission management).

Answer 221

Containerization or OS virtualization is based on the concept of eliminating the duplication of OS elements in a virtual machine. Each application is placed into a container that includes only the actual resources needed to support the enclosed application.

Answer 222

Vendor, consultant, and contractor controls are used to define the levels of performance, expectation, compensation, and consequences for entities, persons, or organizations that are external to the primary organization.

Answer 223

Aggregation

Answer 224

The cryptographic salt is a random value that is added to the end of the password before the operating system hashes the password. It is used to help combat the use of brute‐force attacks, including those aided by dictionaries and rainbow tables.

Answer 225

Make sure your security policy restricts the introduction of untested files to your computer system. Have a good scanner with an up‐to‐date signature database. Frequently scan all files. Implement whitelisting or allow listing of applications.

Answer 226

War dialing means using a modem to search for a system that accepts inbound connection attempts.

Answer 227

Masquerading

Answer 228

An Application layer gateway

Answer 229

To properly plan for security, you must have standards in place for job descriptions, job classification, work tasks, job responsibilities, prevention of collusion, candidate screening, background checks, security clearances, employment agreements, and nondisclosure agreements.

Answer 230

Physical, people

Answer 231

Gamification is a means to encourage compliance and engagement by integrating common elements of game play into other activities, such as security compliance and behavior change.

Answer 232

Goguen–Meseguer model focuses on integrity.

Answer 233

Data remanence is the data that remains on a storage device as residual and potentially recoverable data.

Answer 234

SYN, ACK, FIN, and RES (or RST)

Answer 235

The modification of ARP mappings. When ARP mappings are falsified, packets are not sent to their proper destination.

Answer 236

Discretion is an act of decision whereby an operator can influence or control disclosure in order to minimize harm or damage.

Answer 237

Often a security champion is a member of a group who decides (or is assigned) to take charge of leading the adoption and integration of security concepts into the group's work activities.

Answer 238

Kerberos is the most common SSO method used within organizations. The primary purpose of Kerberos is authentication.

Answer 239

ARP cache poisoning is caused by an attack responding to ARP broadcast queries in order to send back falsified replies. A second form of ARP cache poisoning is to create static ARP entries.

Answer 240

SYN, SYN/ACK, ACK

Answer 241

A private cloud is a cloud service within a corporate network and isolated from the Internet.

Answer 242

Large terrestrial footprint

Answer 243

“Trust but verify” is a traditional security approach of trusting subjects and devices within the company's security perimeter automatically.

Answer 244

Category D (minimal protection)

Answer 245

Confinement restricts a process to reading from and writing to specific resources. Bounds is the limitation of authorization assigned to a process. Isolation is the means by which confinement is implemented through the use of bounds.

Answer 246

Doxing involves researching and publishing private or personally identifiable information about an individual, often with malicious intent.

Answer 247

ARO is an element of quantitative risk analysis that represents the expected frequency with which a specific threat or risk will occur within a single year.

Answer 248

A domain is a realm of trust that shares a common security policy. This is a form of decentralized access control.

Answer 249

System mode, privileged mode, supervisory mode, and kernel mode

Answer 250

SLE = AV × EF [Single Loss Expectancy = Asset Value × Exposure Factor]

Answer 251

If the storage space, computing power, or networking bandwidth capacity is consumed by inappropriate or non-work-related data, the organization loses money.

Answer 252

If the storage space, computing power, or networking bandwidth capacity is consumed by inappropriate or non-work-related (non-profit-producing) data, the organization loses money.

Answer 253

Network segmentation can be used to manage traffic, improve performance, and enforce security. ## Footnote Examples of network segments or subnetworks include intranet, extranet, and screened subnet.

Answer 254

Redundant array of independent disks (RAID)

Answer 255

Two-person control is similar to segregation of duties. It requires the approval of two individuals for critical tasks.

Answer 256

An example of a vulnerability scanner

Answer 257

Viruses use four main propagation techniques—file infection, service injection, boot sector infection, and macro infection—to penetrate systems and spread their malicious payloads. ## Footnote You need to understand these techniques to effectively protect systems on your network from malicious code.

Answer 258

Security token

Answer 259

Awareness, training, and education

Answer 260

Identification of priorities, risk identification, likelihood assessment, impact assessment, and resource prioritization

Answer 261

Asymmetric

Answer 262

Distributed control system (DCS) units are typically found in industrial process plans where the need to gather data and implement control over a large‐scale environment from a single location is essential. ## Footnote An important aspect of DCS is the controlling elements are distributed across the monitored environment, such as a manufacturing floor or a production line, while the centralized monitoring location sends commands out of those localized controllers when gathering status and performance data.

Answer 263

Kerberos attacks attempt to exploit weaknesses in Kerberos tickets. In some attacks, they capture tickets held in the lsass.exe process and use them in pass‐the‐ticket attacks. ## Footnote A silver ticket grants the attacker all the privileges granted to a service account. Attackers can create golden tickets after obtaining the hash of the Kerberos service account (KRBTGT), giving them the ability to create tickets at will within Active Directory.

Answer 264

White noise simply means broadcasting false traffic at all times to mask and hide the presence of real emanations.

Answer 265

A degausser creates a strong magnetic field that erases data on some media in a process called degaussing. ## Footnote Technicians commonly use degaussing methods to remove data from magnetic tapes with the goal of returning the tape to its original state. While it is possible to degauss hard disks, it is not recommended. Degaussing a hard disk will normally destroy the electronics used to access the data.

Answer 266

A virtual application or virtual software is a software product deployed in such a way that it is fooled into believing it is interacting with a full host OS. ## Footnote A virtual (or virtualized) application has been packaged or encapsulated so that it can execute but operate without full access to the host OS. A virtual application is isolated from the host OS so that it cannot make any direct or permanent changes to the host OS.

Answer 267

During the strategy development phase, the BCP team determines which risks they will mitigate. In the provisions and processes phase, the team designs mechanisms and procedures that will mitigate identified risks. ## Footnote The plan must then be approved by senior management and implemented. Personnel must also receive training on their roles in the BCP process.

Answer 268

0 to 2,048 bits

Answer 269

Bad coding

Answer 270

Network Access Control (NAC) is a concept of controlling access to an environment through strict adherence to and implementation of security policy. ## Footnote The goals of NAC are to prevent/reduce zero-day attacks, to enforce security policy throughout the network, and to use identities to perform access control.

Answer 271

Up-to-date antivirus software

Answer 272

Opportunistic TLS for SMTP will attempt to set up an encrypted connection with every other email server in the event that it is supported; otherwise, it will downgrade to plain text. ## Footnote Using opportunistic TLS for SMTP gateways reduces the opportunities for casual sniffing of email.

Answer 273

A local cache is anything that is temporarily stored on the client for future reuse. ## Footnote There are many local caches on a typical client, including ARP cache, DNS cache, and Internet files cache.

Answer 274

The concept of CYOD (choose your own device) provides users with a list of approved devices from which to select the device to implement. ## Footnote A CYOD can be implemented so that employees purchase their own devices from the approved list (a BYOD variant) or the company can purchase the devices for the employees (a COPE variant).

Answer 275

Modbus is a widely used communication protocol in industrial automation and control systems. ## Footnote Developed by Modicon (now part of Schneider Electric) in 1979, Modbus has become a de facto standard for connecting and managing devices within industrial environments. It provides a common language for different devices to exchange data and commands, facilitating communication in supervisory control and data acquisition (SCADA) systems, programmable logic controllers (PLCs), and other industrial applications.

Answer 276

It can cause the disclosure of sensitive information, violating the principle of confidentiality.

Answer 277

Abstraction is used to collect similar elements into groups, classes, or roles that are assigned security controls, restrictions, or permissions as a collective. ## Footnote It adds efficiency to carrying out a security plan.

Answer 278

Knowledge-based (also called signature-based or pattern-matching)

Answer 279

The 5 Pillars of Information Security are confidentiality, integrity, availability, authenticity, and nonrepudiation.

Answer 280

Top secret, secret, confidential, sensitive, and unclassified

Answer 281

Only people who have a need to know

Answer 282

Secure Access Service Edge (SASE) is a framework that converges network security functions with wide area networking (WAN) capabilities, catering to the dynamic, secure access needs of modern organizations. ## Footnote SASE is designed to respond to the evolving IT landscape marked by trends such as cloud adoption, a mobile workforce, and an increased emphasis on network security.

Answer 283

Record retention policies ensure that data is kept in a usable state while it is needed and destroyed when it is no longer needed. ## Footnote Many laws and regulations mandate keeping data for a specific amount of time, but in the absence of formal regulations, organizations specify the retention period within a policy. Audit trail data needs to be kept long enough to reconstruct past incidents, but the organization must identify how far back they want to investigate.

Answer 284

Plenum-rated cable

Answer 285

Delete the file, disinfect the file, or quarantine the file.

Answer 286

Acceptance, assignment, deterrence, avoidance, rejection, and mitigation

Answer 287

Business continuity planning (BCP) is the preventive practice of establishing and planning for threats to business flow, including natural and unnatural risk and threats to daily operations.

Answer 288

Log data is recorded in databases and different types of log files. ## Footnote Common log files include security logs, system logs, application logs, firewall logs, proxy logs, and change management logs. Log files should be protected by centrally storing them and using permissions to restrict access, and archived logs should be set to read‐only to prevent modifications.

Answer 289

Confidentiality, integrity, authenticity/access control, and nonrepudiation

Answer 290

Edge computing is a philosophy of network design where data and the compute resources are located as close as possible in.

Answer 291

Edge computing is a philosophy of network design where data and compute resources are located as close as possible to optimize bandwidth use while minimizing latency. In edge computing, the intelligence and processing are contained within each device.

Answer 292

Change management

Answer 293

Probability × Damage Potential, high/medium/low, or DREAD

Answer 294

In the public key infrastructure, certificate authorities (CAs) generate digital certificates containing the public keys of system users. Users distribute these certificates to people with whom they want to communicate.

Answer 295

Hardware failures

Answer 296

Scope refers to the extent or boundaries of a risk management process, project, or assessment.

Answer 297

Identification, authentication, authorization, accounting, auditing

Answer 298

The identity and access provisioning life cycle refers to the creation, management, and deletion of accounts.

Answer 299

PPTP, L2TP, SSH, and IPSec

Answer 300

Every registered domain name has an assigned authoritative name server. The primary authoritative name server hosts the original zone file for the domain.

Answer 301

FHSS, DSSS, OFDM, MIMO, TDMA, and CDMA

Answer 302

Dynamic testing evaluates the security of software in a runtime environment.

Answer 303

Recovery strategy

Answer 304

A type of firefighting foam used to suppress flammable liquid fires.

Answer 305

These are private VLANs that are configured to use a dedicated or reserved uplink port.

Answer 306

The Economic Espionage Act provides penalties for individuals found guilty of the theft of trade secrets.

Answer 307

Number of open vulnerabilities, Time to resolve vulnerabilities, Number of compromised accounts, Number of software flaws detected in preproduction scanning, Repeat audit findings, User attempts to visit known malicious sites

Answer 308

Job rotation, separation of duties, two-person control, mandatory vacations, workstation change

Answer 309

A hardware-imposed network segmentation created by switches used to manage traffic.

Answer 310

An open source solution is one where the source code is exposed to the public. A closed source solution is one where the source code is hidden from the public.

Answer 311

DREAD is a threat rating system designed to provide a flexible rating solution based on five main questions.

Answer 312

Stand-alone, wired extension, enterprise extended, and bridge

Answer 313

'Keep it simple' encourages avoiding overcomplicating the environment, organization, or product design.

Answer 314

Methods of destruction include incineration, crushing, shredding, disintegration, and dissolving using caustic or acidic chemicals.

Answer 315

Have at least one witness; escort terminated employee off the premises immediately; collect identification, access, or security devices; perform exit interview; deactivate network account.

Answer 316

The state machine model ensures that all instances of subjects accessing objects are secure.

Answer 317

A business attack focuses on illegally obtaining an organization's confidential information.

Answer 318

Systems designed to perform numerous calculations simultaneously include SMP, AMP, and MPP.

Answer 319

Rule-based access control

Answer 320

It sends overlapping packet fragments to the victim machine.

Answer 321

Declassification

Answer 322

Caller ID spoofing, vishing, call manager software/firmware attacks, phone hardware attacks, DoS, adversary-in-the-middle (AitM)/man-in-the-middle (MitM)/on-path attacks, spoofing, and switch hopping.

Answer 323

Terrorist attack

Answer 324

The line of intersection between any two areas, subnets, or environments that have different security requirements or needs.

Answer 325

The MAC model uses labels to identify security domains.

Answer 326

The MAC model uses labels to identify security domains. Subjects need matching labels to access objects. It enforces the need-to-know principle and supports hierarchical and compartmentalized environments, or a combination in a hybrid environment. It is frequently referred to as a lattice-based model.

Answer 327

A fully qualified domain name (FQDN) consists of three main parts: top-level domain (TLD), registered domain name, and subdomain(s) or hostname.

Answer 328

Nonrepudiation

Answer 329

The sender

Answer 330

An attribute-based access control (ABAC) model is typically implemented in software-defined networks (SDNs).

Answer 331

Security practitioners are granted a very high level of authority and responsibility. Without a strict code of personal behavior, there is potential for abuse. Adherence to a code of ethics helps ensure that such power is not abused.

Answer 332

Egress monitoring refers to monitoring outgoing traffic to prevent data exfiltration, which is the unauthorized transfer of data.

Answer 333

The certificate was compromised, erroneously issued, details changed, private key exposed, or change of security association.

Answer 334

Denial. When access is not specifically granted, it should be denied by default.

Answer 335

Account access reviews ensure that accounts don't have excessive privileges and can detect when accounts have excessive privileges or when unused accounts have not been deactivated or deleted.

Answer 336

Software-defined data center (SDDC) or virtual data center (VDC) is the concept of replacing physical IT elements with solutions provided virtually.

Answer 337

Any or all of them, including SESAME, KryptoKnight, NetSP, thin clients, directory services, and scripted access.

Answer 338

A distributed reflective denial-of-service (DRDoS) attack uses a reflected approach to an attack, manipulating traffic or a network service so that attacks are reflected back to the victim from other sources.

Answer 339

System resilience refers to the ability of a system to maintain an acceptable level of service during an adverse event.

Answer 340

Fourth Amendment

Answer 341

Host-based IDSs (HIDSs) monitor activity on a single system, while network-based IDS (NIDS) monitors activity on a network.

Answer 342

The incident reporting guidelines should be in your security policy.

Answer 343

To discourage casual intruders, trespassers, prowlers, and would-be thieves.

Answer 344

The level to which information is mission critical is its measure of criticality.

Answer 345

Anonymization

Answer 346

The BCP team should include representatives from each operational and support department, technical experts, security personnel, legal representatives, and senior management.

Answer 347

Monitoring is used to hold subjects accountable for their actions and to detect abnormal or malicious activities.

Answer 348

Red team members are the attackers, Blue team members are the defenders, and White team members are the observers and judges.

Answer 349

Rooms should be kept at 59 to 89.6 degrees Fahrenheit and humidity should be maintained between 20% and 80%.

Answer 350

A fail-secure system will default to a secure state in the event of a failure.

Answer 351

The owner could voluntarily surrender it, a subpoena could compel surrender, or a law enforcement officer may seize visible evidence.

Answer 352

Salting adds bits to a password before hashing it, while pepper is a large constant number used to increase security.

Answer 353

Firmware is software stored on a ROM chip that contains basic instructions needed to start a computer.

Answer 354

Computer crimes are grouped into military and intelligence attack, business attack, financial attack, terrorist attack, grudge attack, and thrill attack.

Answer 355

Malicious code is any script or program that performs an unwanted, unauthorized, or unknown activity on a computer system.

Answer 356

Authentication Header (AH), Encapsulating Security Payload (ESP), IP Payload Compression protocol (IPComp), and Internet Key Exchange (IKE).

Answer 357

Rogue DNS server, planting false data in a zone file, altering the HOSTS file, and corrupting IP configuration.

Answer 358

Digital rights management (DRM) software uses encryption to enforce copyright restrictions on digital media.

Answer 359

Digital rights management (DRM) software uses encryption to enforce copyright restrictions on digital media. The purpose is to prevent the unauthorized use, modification, and distribution of copyrighted works.

Answer 360

Proprietary data refers to any data that helps an organization maintain a competitive edge. It could be software code it developed, technical plans for products, internal processes, intellectual property, or trade secrets.

Answer 361

Primary versus secondary, volatile versus nonvolatile, and random versus sequential.

Answer 362

The data owner is responsible for classifying information for protection within the security solution.

Answer 363

The D channel is used only for call management, not data.

Answer 364

Tuning is the process of adjusting security controls to better match the needs of the organization and their operational environment. ## Footnote For example, intrusion detection and prevention systems require tuning to reduce the number of false positive alerts that they generate.

Answer 365

Enrollment.

Answer 366

The Federal Information Security Management Act (FISMA), passed in 2002, requires that federal agencies implement an information security program that covers the agency's operations.

Answer 367

Security perimeter.

Answer 368

A rootkit is malware that embeds itself deep within an OS. The term is a derivative of the concept of rooting and a utility kit of hacking tools.

Answer 369

In some applications, there are clear examples of ways that software users might attempt to misuse the application. ## Footnote Software testers use a process known as misuse case testing or abuse case testing to evaluate the vulnerability of their software to these known risks.

Answer 370

DNS poisoning is the act of falsifying the DNS information used by a client to reach a desired system.

Answer 371

OAuth is an open SSO standard designed to work with HTTP, and it allows users to log on with one account. ## Footnote For example, users can log on to their Google account and use the same account to access Facebook and other sites and online services.

Answer 372

Immediate response procedures, notification procedures, and secondary response procedures.

Answer 373

Cyber-physical system is a term used to refer to devices that offer a computational means to control something in the physical world.

Answer 374

Malware is the most common form of security breach in the IT world.

Answer 375

Wi‐Fi Protected Setup (WPS) is a security standard for wireless networks.

Answer 376

The functional order of controls when deployed for physical security is deter, deny, detect, delay, determine, and decide.

Answer 377

The cloud shared responsibility model is the concept that when an organization uses a cloud solution, there is a division of security and stability responsibility between the provider and the customer.

Answer 378

Public keys are freely shared among communicating parties, whereas private keys are kept secret.

Answer 379

Usefulness, timeliness, value or cost, maturity or age, lifetime or expiration period, disclosure damage assessment, modification damage assessment, national or business security implications, storage.

Answer 380

Viruses; buffer overflows; coding errors; user errors; intruders (physical and logical); natural disasters; equipment failure; misuse of data, resources, or services.

Answer 381

An IDS automates the inspection of audit logs and real-time system events, detects intrusion attempts, and watches for violations of confidentiality, integrity, and availability.

Answer 382

A technology that enables high‐speed data transmission over existing electrical power lines.

Answer 383

Security governance is the collection of practices related to supporting, defining, and directing the security efforts of an organization.

Answer 384

The expanded use of cloud services by many organizations requires added attention to conducting reviews of information security controls during the vendor selection process.

Answer 385

Cloud storage is the idea of using storage capacity provided by a cloud vendor as a means to host data files for an organization.

Answer 386

Key performance indicators (KPIs) of physical security are metrics or measurements of the operation of or the failure of various aspects of physical security.

Answer 387

Concentric circle strategy.

Answer 388

Services integration, cloud integration, systems integration, and integration platform as a service (iPaaS) is the design and architecture of an IT/IS solution.

Answer 389

California's SB 1386 implemented the first statewide requirement to notify individuals of a breach of their personal information.

Answer 390

Stakeholders' Needs and Requirements, Requirements Analysis, Architectural Design, Development/Implementation, Integration, Verification and Validation, Transition/Deployment, Operations and Maintenance/Sustainment, and Retirement/Disposal.

Answer 391

Audit trails are the records created by recording information about events and occurrences into one or more databases or log files.

Answer 392

Many components of the information security program generate data that is crucial to security assessment processes.

Answer 393

TCP 53 is used for zone transfers, and UDP 53 is used for queries.

Answer 394

Mobile devices with GPS support enable the embedding of geographical location (geotagging) in the form of latitude and longitude.

Answer 395

An application programming interface (API) allows application developers to bypass traditional web pages and interact directly with the underlying service.

Answer 396

Embedding of geographical location in the form of latitude and longitude as well as date/time information on photos taken with devices.

Answer 397

An application programming interface (API) allows application developers to bypass traditional web pages and interact directly with the underlying service through function calls.

Answer 398

Web vulnerability scanners are special-purpose tools that scour web applications for known vulnerabilities. They may discover flaws not visible to network vulnerability scanners.

Answer 399

A virtual private network (VPN) is a communication tunnel that provides point-to-point transmission of both authentication and data traffic over an intermediary network.

Answer 400

Email is a common delivery mechanism for viruses, worms, Trojan horses, documents with destructive macros, and phishing attacks.

Answer 401

Port 68 for client request broadcast and port 67 for server point‐to‐point response.

Answer 402

Synthetic transactions are scripted transactions with known expected results used to verify system performance.

Answer 403

Data mart.

Answer 404

A cable plant is the collection of interconnected cables and intermediary devices that establish the physical network.

Answer 405

Near‐field communication (NFC) is a standard that establishes radio communications between devices in close proximity.

Answer 406

Intrusion detection system (IDS).

Answer 407

Static testing evaluates the security of software without running it by analyzing either the source code or the compiled application.

Answer 408

Asset valuation.

Answer 409

Computer‐safe fire suppression systems and uninterruptible power supplies.

Answer 410

DevSecOps approaches expand on the DevOps model by introducing security operations activities into the integrated model.

Answer 411

Memory protection is used to prevent an active process from interacting with an area of memory that was not specifically assigned or allocated to it.

Answer 412

Vigenère cipher.

Answer 413

Privacy by design (PbD) is a guideline to integrate privacy protections into products during the early design phase.

Answer 414

Vulnerability scanner or a patch management system.

Answer 415

Primary storage is the same as memory. Secondary storage consists of magnetic, flash, and optical media.

Answer 416

Threat modeling.

Answer 417

Any system that performs a function or requests a service on behalf of another system.

Answer 418

Period analysis.

Answer 419

Evil twin is an attack in which a bad actor operates a false access point that will automatically clone the identity of an access point.

Answer 420

An attack that leverages similarities in character sets to register phony international domain names.

Answer 421

Attenuation, interference, noise, jitter, bandwidth, and propagation delay or latency.

Answer 422

UEFI (Unified Extensible Firmware Interface) is a more advanced interface between hardware and the operating system.

Answer 423

Penetration testing allows you to more accurately judge the security mechanisms deployed by an organization.

Answer 424

An operational investigation examines issues related to the organization's computing infrastructure.

Answer 425

Stream ciphers.

Answer 426

Zero-knowledge proof.

Answer 427

The most common tool used for network discovery scanning is an open source tool called nmap.

Answer 428

The successors to the Secure Hash Algorithm (SHA), SHA-2 and SHA-3.

Answer 429

Fire suppression system.

Answer 430

Assets, threats, and vulnerabilities.

Answer 431

Isolation is the act of keeping something separated from others.

Answer 432

The user's password is hashed, and a timestamp is added.

Answer 433

Most safeguards and countermeasures protect against one specific threat or another.

Answer 434

COBIT is a documented set of best IT security practices crafted by ISACA.

Answer 435

High‐performance computing (HPC) systems are computing platforms designed to perform complex calculations at high speeds.

Answer 436

TEMPEST is a standard for the study and control of electronic signals produced by various types of electronic hardware.

Answer 437

MPP solutions are common examples of HPC systems.

Answer 438

TEMPEST is a standard for the study and control of electronic signals produced by various types of electronic hardware, such as computers, televisions, phones, and so on. Its primary goal is to prevent EMI and RFI radiation from leaving a strictly defined area to eliminate the possibility of external radiation monitoring, eavesdropping, and signal sniffing. The term TEMPEST has become less common, and the corresponding security discipline is now emission security (EMSEC).

Answer 439

The Digital Millennium Copyright Act prohibits the circumvention of copy protection mechanisms placed in digital media and limits the liability of Internet service providers for the activities of their users.

Answer 440

A computer room should be kept at 59 to 89.6 degrees Fahrenheit (15 to 32 degrees Celsius). Humidity in a computer room should be maintained at between 20 and 80 percent.

Answer 441

Stopping the environment, a STOP error, a blue screen of death (BSOD)

Answer 442

Defines protocols and services for automated sharing of structured threat information.

Answer 443

Data portability refers to the ability of individuals to easily and securely move their personal data from one system, service, or application to another. It allows users to transfer their data between different platforms, promoting user control and facilitating competition among service providers.

Answer 444

The waterfall model describes a sequential development process that results in the development of a finished product. Developers may step back only one phase in the process if errors are discovered. The spiral model uses several iterations of the waterfall model to produce a number of fully specified and tested prototypes. Agile development models place an emphasis on the needs of the customer and quickly developing new functionality that meets those needs in an iterative fashion.

Answer 445

Top‐down approach.

Answer 446

A mechanism that allows subjects to authenticate once and access multiple objects without authenticating again.

Answer 447

Software‐defined visibility (SDV) is a framework to automate the processes of network monitoring and response. The goal is to enable the analysis of every packet and make deep intelligence‐based decisions on forwarding, dropping, or otherwise responding to threats.

Answer 448

Scanning and denial of service. They can both potentially be stopped by filtering out the offending packets.

Answer 449

Virtual desktop infrastructure (VDI) is a means to reduce the security risk and performance requirements of end devices by hosting desktop/workstation OS virtual machines on central servers that are remotely accessed by users. Virtual mobile infrastructure (VMI) is where the OS of a mobile device is virtualized on a central server.

Answer 450

nonvolatile.

Answer 451

Awareness establishes a baseline of general security understanding. Training teaches employees to perform their work tasks in compliance with the security policy, standards, guidelines, and procedures mandated by the organization. Education is a more detailed endeavor in which students/users learn much more than they actually need to know to perform their work tasks.

Answer 452

Drive-by download.

Answer 453

Asymmetric cryptography.

Answer 454

Knowledge and consent of management.

Answer 455

In legal proceedings, each side has a duty to preserve evidence related to the case and, through the discovery process, share information with their adversary in the proceedings. This discovery process applies to both paper records and electronic records, and the electronic discovery (or eDiscovery) process facilitates the processing of electronic information for disclosure.

Answer 456

Interior routing protocols are distance vector (Routing Information Protocol [RIP] and Interior Gateway Routing Protocol [IGRP]) and link state (Open Shortest Path First [OSPF] and Intermediate System to Intermediate System [IS‐IS]); an exterior routing protocol is path vector (Border Gateway Protocol [BGP]).

Answer 457

Abstraction is used to collect similar elements into groups, classes, or roles that are assigned security controls, restrictions, or permissions.

Answer 458

A drive-by download is code downloaded and installed on a user's system without the user's knowledge. Attackers modify the code on a web page, and when the user visits, the code downloads and installs malware on the user's system without the user's knowledge or consent.

Answer 459

RIP, IGRP, BGP.

Answer 460

Scanning. The purpose of a scanning attack is to collect information. The real damage to the system occurs in later attacks.

Answer 461

A secure environment should provide mechanisms to prevent the committal of illegal activities, which are actions that violate a legal restriction, regulation, or requirement.

Answer 462

The waterfall model is a sequential development process that results in the development of a finished product. Developers may step back only one phase in the process if errors are discovered. The spiral model uses several iterations of the waterfall model to produce a number of fully specified and tested prototypes. Agile development models place an emphasis on the needs of the customer and quickly developing new functionality that meets those needs in an iterative fashion.

Answer 463

Ensure that people are safe.

Answer 464

Deactivate automatic printing of received faxes.

Answer 465

Storage segmentation is used to artificially compartmentalize various types or values of data on a storage medium. On a mobile device, the device manufacturer and/or the service provider may use storage segmentation to isolate the device's OS and preinstalled apps from user‐installed apps and user data.

Answer 466

Common Object Request Broker Architecture (CORBA) is an international standard (sanctioned by the International Organization for Standardization) for distributed computing.

Answer 467

The use of access controls (auditing and monitoring, for example) reduce fraud and theft.

Answer 468

Any hardware, software, or organizational administrative policy or procedure that maintains confidentiality, integrity, and/or accountability/accounting also counts as an access control.

Answer 469

Fuzz testing is a specialized dynamic testing technique that provides many different types of input to software to stress its limits and find previously undetected flaws. Fuzz testing software supplies invalid input to the software, either randomly generated or specially crafted to trigger known software vulnerabilities.

Answer 470

It prevents any single subject from being able to circumvent or deactivate security mechanisms.

Answer 471

Directing floods of messages to a victim's email inbox or other messaging system. Such attacks cause DoS issues by filling up storage space and preventing legitimate messages from being delivered.

Answer 472

A software bill of materials (SBOM) is a structured and comprehensive inventory or list of all the software components and dependencies that make up a software application or system. An SBOM provides detailed information about the various software components used in a system, including their versions, sources, and relationships. The primary purpose of an SBOM is to enhance software transparency, security, compliance, and management.

Answer 473

Simultaneous Authentication of Equals (SAE) performs a zero‐knowledge proof process known as Dragonfly Key Exchange, which is itself a derivative of Diffie–Hellman. The process uses a preset password and the MAC addresses of the client and AP to perform authentication and session key exchange.

Answer 474

Repeaters, hubs, modems, bridges, switches, routers, LAN extenders, jumpboxes, sensors, collectors, and aggregators.

Answer 475

Integrity verification procedure (IVP).

Answer 476

Planning, Overview, Preparation, Inspection, Rework.

Answer 477

The Software Assurance Maturity Model (SAMM) is an open source project with five business functions: Governance, Design, Implementation, Verification, and Operations.

Answer 478

Analytic attack

Answer 479

The Computer Fraud and Abuse Act (as amended) protects computers used by the government or in interstate commerce from a variety of abuses. The Electronic Communications Privacy Act (ECPA) makes it a crime to invade the electronic privacy of an individual.

Answer 480

Security controls use access rules to limit the access by a subject to an object.

Answer 481

Implementation attack

Answer 482

Most antivirus programs use signature‐based detection algorithms to look for telltale patterns of known viruses. This makes it essential to periodically update virus definition files in order to maintain protection against newly authored viruses as they emerge. Behavior‐based detection monitors target users and systems for unusual activity and either blocks it or flags it for investigation.

Answer 483

A Faraday cage is an EM‐blocking enclosure, often a wire mesh that fully surrounds an area on all sides. This metal skin acts as an EMI absorbing capacitor that prevents electromagnetic signals from exiting or entering the area that the cage encloses.

Answer 484

Protected health information (PHI) is any health‐related information that can be related to a specific person. In the United States, the Health Insurance Portability and Accountability Act (HIPAA) mandates the protection of PHI.

Answer 485

Recent years marked the rise of sophisticated attackers known as advanced persistent threats (APTs). These attackers are well funded and have advanced technical skills and resources. They act on behalf of a nation‐state, organized crime, terrorist group, or other sponsor and wage highly effective attacks against a very focused target in order to maintain persistent unauthorized access or effect.

Answer 486

Refers to rendering a device completely nonfunctional or as useless as a brick, typically through a malfunction or intentional action. When a device is “bricked,” it loses its normal functionality and becomes inoperable, often requiring significant efforts to restore its original state.

Answer 487

A characteristic of a service, security control, or access mechanism that ensures it is unseen by users.

Answer 488

Never assume the default settings of any product are secure. It is always up to the system's administrator and/or company security staff to alter a product's settings to comply with the organization's security policies.

Answer 489

Trap door (or back door)

Answer 490

Authentication provides assurances as to the identity of a user. One possible scheme that uses authentication is the challenge‐response protocol, in which the remote user is asked to encrypt a message using a key known only to the communicating parties. Authentication can be achieved with both symmetric and asymmetric cryptosystems.

Answer 491

Ready, running, waiting, supervisory, and stopped.

Answer 492

Business continuity planning involves four distinct phases: project scope and planning, business impact analysis, continuity planning, and approval and implementation.

Answer 493

Security kernel

Answer 494

Need to know is the requirement to have access to, knowledge of, or possession of data or a resource in order to perform specific work tasks.

Answer 495

Attackers use privilege escalation techniques to gain additional privileges after exploiting a single system. They typically try to gain additional privileges on the exploited systems first.

Answer 496

Mandatory access controls

Answer 497

Focused on assets, focused on attackers, and focused on software.

Answer 498

By establishing a chain of evidence.

Answer 499

Three main security issues surround secondary storage devices: removable media can be used to steal data, access controls and encryption must be applied to protect data, and data can remain on the media even after file deletion or media formatting.

Answer 500

In stateful mode, DHCPv6 assigns specific IPv6 addresses to devices and manages the allocation of network configuration parameters. In stateless mode, DHCPv6 provides network configuration parameters without assigning specific IPv6 addresses.

Answer 501

Examples of administrative physical security controls are facility construction and selection, site management, building design, personnel controls, awareness training, and emergency response and procedures.

Answer 502

Social engineering is a form of attack that exploits human nature and human behavior. The common social engineering principles are authority, intimidation, consensus, scarcity, familiarity, trust, and urgency.

Answer 503

A proactive approach to threat modeling takes place during early stages of systems development, specifically during initial design and specifications establishment.

Answer 504

Versioning typically refers to version control used in software configuration management. A labeling or numbering system differentiates between different software sets and configurations across multiple machines or at different points in time on a single machine.

Answer 505

The difference between total risk and residual risk. The controls gap is the amount of risk that is reduced by implementing safeguards.

Answer 506

Reverse engineering

Answer 507

Polymorphic virus

Answer 508

The take‐grant model dictates how rights can be passed from one subject to another or from a subject to an object.

Answer 509

The Risk Maturity Model (RMM) is a means to assess the key indicators and activities of a mature, sustainable, and repeatable risk management process.

Answer 510

A series of questions about facts or predefined responses that only the subject should know.

Answer 511

A corporate‐owned mobile strategy is when the company purchases the mobile devices that can support security compliance with the security policy.

Answer 512

The cost associated with a single realized risk against a specific asset. SLE = asset value (AV) × exposure factor (EF).

Answer 513

The cost associated with a single realized risk against a specific asset. SLE = asset value (AV) × exposure factor (EF). The SLE is expressed as a dollar value.

Answer 514

An industrial control system (ICS) is a form of computer‐management device that controls industrial processes and machines (aka operational technology (OT)). ICS examples include distributed control systems (DCSs), programmable logic controllers (PLCs), and supervisory control and data acquisition (SCADA). ICSs are used across a wide range of industries, including manufacturing, fabrication, electricity generation and distribution, water distribution, sewage processing, and oil refining.

Answer 515

Defense in depth, multiple layers of security, concentric circles of security.

Answer 516

Network Address Translation (NAT) allows the private IP addresses defined in RFC 1918 to be used in a private network while still being able to communicate with the Internet.

Answer 517

Data at rest is any data stored on media such as system hard drives, external USB drives, storage area networks (SANs), and backup tapes. Data in transit (sometimes called data in motion) is any data transmitted over a network. This includes data transmitted over an internal network using wired or wireless methods and data transmitted over public networks such as the Internet. Data in use refers to data in temporary storage buffers while an application is using it.

Answer 518

Risk avoidance is the process of selecting alternate options or activities that have less associated risk than the default, common, expedient, or cheap option. For example, choosing to fly to a destination instead of drive is a form of risk avoidance. Another example is to locate a business in Arizona instead of Florida to avoid hurricanes.

Answer 519

The IPsec protocol standard provides a common framework for encrypting network traffic and is built into a number of common operating systems. In IPsec transport mode, packet contents are encrypted for peer‐to‐peer communication. In tunnel mode, the entire packet, including header information, is encrypted for gateway‐to‐gateway communications.

Answer 520

A reference profile or a reference template.

Answer 521

Quality of service (QoS) controls protect the integrity of data networks under load. Many different factors contribute to the quality of the end user experience, and QoS attempts to manage all of those factors to create an experience that meets business requirements.

Answer 522

In late 2017, a concept of attack known as KRACK (Key Reinstallation AttaCKs) was disclosed that is able to corrupt the initial four‐way handshake between client and WAP into reusing a previously used key and in some cases use a key composed of only zeros.

Answer 523

It is important to perform periodic content reviews of all training materials. This is to ensure that the training materials and presentation stays in line with business goals, organizational mission, and security objectives. Some means of verification should be used to measure whether the training is beneficial or a waste of time and resources.

Answer 524

Baseband technology uses a direct current to support a single communication channel. Broadband technology uses frequency modulation to support multiple simultaneous signals.

Answer 525

Violation of the principle of least privilege policy, as incidents of excessive privileges or privilege creep.

Answer 526

8: echo request, 0: echo reply.

Answer 527

Scrum is an organized approach to implementing the Agile philosophy. It relies on daily scrum meetings to organize and review work. Development focuses on short sprints of activity that deliver finished products. Integrated product teams (IPTs) are an early effort at this approach that was used by the U.S. Department of Defense.

Answer 528

SCRM is means to ensure that all the vendors or links in the supply chain are reliable, trustworthy, reputable organizations that disclose their practices and security requirements to their business partners. SCRM includes evaluating risks associated with hardware, software, and services; performing third‐party assessment and monitoring; establishing minimum security requirements; and enforcing service‐level requirements.

Answer 529

Sanitization is a combination of processes that removes data from a system or from media. It ensures that data cannot be recovered by any means.

Answer 530

The tendency for various technologies, solutions, utilities, and systems to evolve and merge over time. Often this results in multiple systems performing similar or redundant tasks or one system taking over the features and abilities of another. While in some instances this can result in improved efficiency and cost savings, it can also be an increased single point of failure and can become a more valuable target for hackers and intruders.

Answer 531

RFID (radio frequency identification) is a tracking technology based on the ability to power a radio transmitter using current generated in an antenna when placed in a magnetic field. RFID can be triggered/powered and read from a considerable distance away (often hundreds of meters).

Answer 532

The Network layer (layer 3) offers confidentiality, authentication, and integrity.

Answer 533

Site, type, system.

Answer 534

In circuit switching, a dedicated physical pathway is created between the two parties. Packet switching occurs when the message is broken up into packets and sent across the intermediary network.

Answer 535

A VPC is a virtualized network infrastructure provided by a cloud computing service provider. It allows users to create and manage isolated, logically segmented networks within the public cloud environment. A VPC enables organizations to host their applications and resources in a secure and dedicated space in the cloud while maintaining control over network configuration.

Answer 536

Privacy concerns, regulation compliance difficulties, use of open/closed source solutions, adoption of open standards, and whether or not cloud‐based data is actually secured (or even securable).

Answer 537

Bind variable.

Answer 538

An advanced implementation of a rule‐BAC is an attribute‐based access control (ABAC) model. ABAC models use policies that include multiple attributes for rules. Many software‐defined networking applications use ABAC models.

Answer 539

Identification, authentication, authorization, and auditing.

Answer 540

Botnets represent significant threats due to the massive number of computers that can launch attacks, so it's important to know what they are. A botnet is a collection of compromised computing devices (often called bots or zombies) organized in a network controlled by a criminal known as a bot herder. Bot herders use a command‐and‐control server to remotely control the zombies and often use the botnet to launch attacks on other systems or send spam or phishing emails. Bot herders also rent botnet access out to other criminals.

Answer 541

Most organizations are subject to a wide variety of legal and regulatory requirements related to information security. Building a compliance program ensures that you become and remain compliant with these often overlapping requirements.

Answer 542

Data remanence.

Answer 543

Zero‐day exploit.

Answer 544

A failover cluster includes two or more servers, and if one of the servers fails, another server in the cluster can take over its load in an automatic process called failover. Failover clusters can include multiple servers (not just two), and they can also provide fault tolerance for multiple services or applications.

Answer 545

A community cloud is a cloud environment maintained, used, and paid for by a group of users or organizations for their shared benefit, such as collaboration and data exchange. This may allow for some cost savings compared to accessing private or public clouds independently.

Answer 546

Microsoft developed a threat categorization scheme known as STRIDE. STRIDE is often used in relation to assessing threats against applications or operating systems. However, it can also be used in other contexts as well. STRIDE is an acronym standing for Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, and Elevation of privilege.

Answer 547

The penetration test goes beyond vulnerability testing techniques because it actually attempts to exploit systems. Security professionals performing penetration tests actually try to defeat security controls and break into a targeted system or application to demonstrate the flaw.

Answer 548

A term used to describe deliberately fabricated news stories or hoaxes presented as genuine journalism. It can also be used to label genuine, factual, and accurate journalism as false.

Answer 549

A penetration test goes beyond vulnerability testing techniques by attempting to exploit systems to demonstrate flaws.

Answer 550

A term used to describe deliberately fabricated news stories or hoaxes presented as genuine journalism. It can also label genuine journalism as false.

Answer 551

Snapshots are backups of virtual machines that offer a quick means to recover from errors or poor updates.

Answer 552

A persistent virtual desktop infrastructure (VDI) maintains user desktop changes.

Answer 553

Pass‐the‐hash attacks allow an attacker to impersonate a user with the captured hash of a user's password instead of the password.

Answer 554

Crime Prevention Through Environmental Design (CPTED) structures the physical environment to influence potential offenders' decisions.

Answer 555

Clark–Wilson is an integrity model that relies on the access control triplet (subject/program/object).

Answer 556

Certification and accreditation.

Answer 557

Countermeasures include patching the OS, enabling source/destination verification on routers, and employing an IDS.

Answer 558

Polymorphism.

Answer 559

Gray‐box testing or semi‐known environment testing.

Answer 560

Evidence storage retains logs, drive images, and other datasets. Protections include isolated storage, activity tracking, and encryption.

Answer 561

Cost of purchase, development, maintenance, and usefulness.

Answer 562

Rainbow table attacks. Bcrypt salts passwords.

Answer 563

Economic and Protection of Proprietary Information Act of 1996.

Answer 564

Cold site.

Answer 565

Workgroup recovery.

Answer 566

Honeynets are fake networks used to lure intruders to create audit trails for tracking them down.

Answer 567

Attackers exploit buffer overflows, backdoors, and rootkits to gain illegitimate access.

Answer 568

Common mode noise is generated by the difference in power between hot and ground wires.

Answer 569

Media storage facilities should securely store media and protect against theft and corruption.

Answer 570

Shoulder surfing.

Answer 571

Recording event data, log analysis, and monitoring.

Answer 572

Behavior‐based (also called statistical‐intrusion detection or anomaly detection).

Answer 573

Fencing, lighting, locks.

Answer 574

Scoping refers to reviewing baseline security controls and selecting only those controls that apply to the IT system you're trying to protect. Tailoring refers to modifying the list of security controls within a baseline so that they align with the mission of the organization.

Answer 575

Erasing media is simply performing a delete operation against a file, a selection of files, or the entire media. In most cases, the deletion or removal process removes only the directory or catalog link to the data. The actual data remains on the drive.

Answer 576

Black‐box testing or unknown environment testing

Answer 577

An NDA is used to protect the confidential information within an organization from being disclosed by a former employee. When a person signs an NDA, they agree not to disclose any information that is defined as confidential to anyone outside the organization.

Answer 578

Confidentiality is one of the major goals of cryptography. It protects the secrecy of data while it is both at rest and in transit. Integrity provides the recipient of a message with the assurance that data was not altered (intentionally or unintentionally) between the time it was created and the time it was accessed. Nonrepudiation provides undeniable proof that the sender of a message actually authored it. It prevents the sender from subsequently denying that they sent the original message.

Answer 579

When an organization no longer needs sensitive data, personnel should destroy it. Proper destruction ensures that it cannot fall into the wrong hands and result in unauthorized disclosure.

Answer 580

A trusted system is one in which all protection mechanisms work together to process sensitive data for many types of users while maintaining a stable and secure computing environment. In other words, trust is the presence of a security mechanism or capability. Assurance is the degree of confidence in satisfaction of security needs. In other words, assurance is how reliable the security mechanisms are at providing security.

Answer 581

Just‐in‐time (JIT) provisioning creates user accounts on third‐party sites the first time a user logs onto the site. JIT reduces the administrative workload compared to a manual identity and access management solution.

Answer 582

A flood of unwanted Ethernet broadcast network traffic

Answer 583

Managed security service providers (MSSPs) can provide centrally controlled advanced security solutions (such as XDR). MSSP solutions can be deployed fully on‐premise, fully in the cloud, or in a hybrid structure. MSSP solutions can be overseen through a local or remote SOC. Typically, working with an MSSP can allow an organization to gain the benefits of advanced security products and leverage the experience and expertise of the MSSP's staff of security management and response professionals.

Answer 584

Memory protection, virtualization, Trusted Platform Module (TPM), encryption/decryption, interfaces, and fault tolerance

Answer 585

Audit patches, or use a vulnerability scanner to verify patches have been applied

Answer 586

Prudent actions refer to actions or decisions that are marked by a high degree of caution, care, and foresight. They are characterized by careful consideration of potential risks, a focus on preventing harm, and a commitment to acting in a manner that is consistent with established best practices or industry standards.

Answer 587

Six months

Answer 588

Evaluate, test, apply, and audit patches

Answer 589

Key exchange

Answer 590

Partial‐knowledge team

Answer 591

Grid computing is a form of parallel distributed processing that loosely groups a significant number of processing nodes toward the completion of a specific processing goal.

Answer 592

If a facility employs restricted areas to control physical security, then a mechanism to handle visitors is required. Often an escort is assigned to visitors, and their access and activities are monitored closely. Failing to track the actions of outsiders when they are granted access to a protected area can result in malicious activity against the most protected assets.

Answer 593

Synthetic monitoring (or active monitoring)

Answer 594

Proximity devices can be a passive device, a field‐powered device, or a transponder.

Answer 595

A distributed system or a distributed computing environment (DCE) is a collection of individual systems that work together to support a resource or provide a service. The primary security concern is the interconnectedness of the components.

Answer 596

Risk perspectives (aka risk management perspectives or approaches) are different lenses through which organizations and individuals can view and address risks. Each perspective emphasizes certain aspects of risk and can guide decision‐making, risk assessment, and mitigation strategies. There are innumerable options of risk perspective, including asset, outcome, vulnerability, threat, financial, strategic, operational, compliance, legal, reputational, supply chain, third‐party, and workforce.

Answer 597

Data owners are responsible for defining data and asset classifications and ensuring that data and systems are properly marked. Additionally, data owners define requirements to protect data at different classifications, such as encrypting sensitive data at rest and in transit. Data classifications are typically defined within security policies or data policies.

Answer 598

Encryption, GPS, password‐protected screen locks, and remote wipe

Answer 599

Defense in breadth or diversity of defense is also an important related concept to defense in depth. It can be problematic if elements of several security layers are from the same vendor or share common code, since a vulnerability could affect numerous layers simultaneously. By using a range of security products from varied vendors, the risk of a single exploit compromising several layers at once is significantly reduced or avoided.

Answer 600

Segregation of duties is similar to a separation of duties and responsibilities policy, but it also combines the principle of least privilege. The goal is to ensure that individuals do not have excessive system access that may result in a conflict of interest.

Answer 601

S/MIME, MOSS, PEM, and PGP

Answer 602

Scanning attacks are reconnaissance attacks that usually precede another, more serious attack.

Answer 603

Multithreading

Answer 604

Emission security (EMSEC) involves implementing various measures to prevent unauthorized individuals from obtaining valuable information that could be derived through intercepting and analyzing compromising emanations from cryptographic equipment, automated information systems (AISs), and telecommunications systems. EMSEC has mostly replaced TEMPEST.

Answer 605

MPLS (multiprotocol label switching) is a high‐throughput, high‐performance network technology that directs data across a network based on short path labels rather than longer network addresses.

Answer 606

Symmetric cryptosystems operate in several discrete modes: Electronic Codebook (ECB) mode, Cipher Block Chaining (CBC) mode, Cipher Feedback (CFB) mode, Output Feedback (OFB) mode, Counter (CTR) mode, Galois/Counter mode (GCM), and Counter with Cipher Block Chaining Message Authentication Code mode (CCM). ECB mode is considered the least secure and is used only for short messages.

Answer 607

Basic preventive measures can prevent many incidents from occurring. These include keeping systems up‐to‐date, removing or deactivating unneeded protocols and services, using intrusion detection and prevention systems, using antimalware software with up‐to‐date signatures, and enabling both host‐based and network‐based firewalls.

Answer 608

Managed detection and response (MDR) focuses on threat detection and mediation, but is not limited to the scope of endpoints. MDR is a service that attempts to monitor an IT environment in real time in order to quickly detect and resolve threats. Often an MDR solution is a combination and integration of numerous technologies, including SIEM, network traffic analysis (NTA), EDR, and IDS.

Answer 609

Mandatory vacations

Answer 610

While testing is an important part of any software development process, it is unfortunately impossible to completely test any piece of software. There are simply too many ways that software might malfunction or undergo attack. Software testing professionals often conduct a test coverage analysis to estimate the degree of testing conducted against the new software.

Answer 611

A service set identifier (SSID) is a network name for a single WAP. An ESSID (extended service set identifier) is used when there are multiple WAPs supporting a network. An independent service set identifier (ISSID) is used by Wi‐Fi Direct or in ad hoc mode. The BSSID (basic service set identifier) is the MAC address of the base station (or ad hoc/Wi‐Fi Direct initiating device).

Answer 612

The increased use of third‐party and cloud services

Answer 613

The emerging standard for encrypted messages is the S/MIME protocol. Another popular email security tool is Phil Zimmerman's Pretty Good Privacy (PGP). Most users of email encryption rely on having this technology built into their email client or their web‐based email service.

Answer 614

Flash memory is a derivative concept from EEPROM. It is a nonvolatile form of storage media that can be electronically erased and rewritten. The primary difference between EEPROM and flash memory is that EEPROM must be fully erased to be rewritten, while flash memory can be erased and written in blocks or pages.

Answer 615

6, 17, 1, 2

Answer 616

Mean time to failure (MTTF) is the expected typical functional lifetime of the device given a specific operating environment. Mean time to repair (MTTR) is the average length of time required to perform a repair on the device. Mean time between failures (MTBF) is an estimation of the time between the first and any subsequent failures.

Answer 617

The purpose of load balancing is to obtain more optimal infrastructure utilization, minimize response time, maximize throughput, reduce overloading, and eliminate bottlenecks. A load balancer is used to spread or distribute network traffic load across several network links or network devices.

Answer 618

Actual Cost Value (ACV)

Answer 619

Throughout the employment lifetime of personnel, managers should regularly review or audit the job descriptions, work tasks, privileges, and responsibilities for every staff member.

Answer 620

Graham–Denning focuses on the secure creation and deletion of both subjects and objects.

Answer 621

A specific entity or component within a system that is inherently trusted. It serves as a reference point for establishing trust in other entities or components within the system. The trust anchor is typically a well‐protected and tamper‐resistant element, and trust in the overall system is derived from the trustworthiness of the trust anchor.

Answer 622

Input validators and user training

Answer 623

Security information and event management (SIEM), security event management (SEM), and security information management (SIM)

Answer 624

Data hiding

Answer 625

Vulnerability scanner

Answer 626

Infrastructure as a service (IaaS) takes the platform as a service (PaaS) model another step forward. It provides not just on‐demand operating solutions but complete outsourcing options as well. This can include utility or metered computing services, administrative task automation, dynamic scaling, virtualization services, policy implementation and management services, and managed/filtered Internet connectivity.

Answer 627

Network vulnerability scans go deeper than discovery scans. They don't stop with detecting open ports but continue on to probe a targeted system or network for the presence of known vulnerabilities. These tools contain databases of thousands of known vulnerabilities along with tests they can perform to identify whether a system is susceptible to each vulnerability in the system's database.

Answer 628

Initiating, Diagnosing, Establishing, Acting, and Learning.

Answer 629

The CISSP Security Operations domain lists incident management steps as detection, response, mitigation, reporting, recovery, remediation, and lessons learned.

Answer 630

Test data method

Answer 631

Frequency analysis

Answer 632

Test data method.

Answer 633

Frequency analysis.

Answer 634

An edge network is a carefully designed data architecture that strategically allocates computing resources to edge devices within a network.

Answer 635

Tokenization replaces data elements with a string of characters or a token.

Answer 636

The gathering of a competitor's confidential information, also called industrial espionage, is not a new phenomenon.

Answer 637

Anycast technology supports communications where a single sender transmits data to the nearest or best‐suited node among a group of potential receivers. Geocast technology supports communications where data is sent to all devices within a specific geographical area.

Answer 638

Integrity.

Answer 639

Implementation of changes in an orderly manner, formalized testing, ability to reverse changes, ability to inform users of changes, systematical analysis of changes, minimization of negative impact of changes.

Answer 640

Communications Assistance for Law Enforcement Act (CALEA) of 1994.

Answer 641

Mandatory access controls.

Answer 642

Excessive privileges (also known as the violation of least privilege).

Answer 643

Sensitive information is any type of classified information, and proper management helps prevent unauthorized disclosure.

Answer 644

Thrill attacks are the attacks launched only for the fun of it.

Answer 645

A criminal investigation investigates the alleged violation of criminal law.

Answer 646

Serverless architecture is a cloud computing concept where code is managed by the customer and the platform is managed by the cloud service provider.

Answer 647

An attack that prevents the system from receiving, processing, or responding to legitimate traffic.

Answer 648

A security control assessment (SCA) is the formal evaluation of a security infrastructure's individual mechanisms against a baseline.

Answer 649

Being able to launch individual instances of servers or services as needed, real‐time scalability.

Answer 650

Clipping levels.

Answer 651

Boot sector.

Answer 652

Managed services in the cloud include any resources stored in or accessed via the cloud.

Answer 653

Qualitative risk analysis assigns subjective and intangible values to the loss of an asset.

Answer 654

Preventive, deterrent, detection, corrective, recovery, compensation, directive.

Answer 655

The data owner is responsible for classifying, labeling, and protecting data.

Answer 656

The concept of COPE (company‐owned, personally enabled) is for the organization to purchase devices and provide them to employees.

Answer 657

JavaScript is the most widely used scripting language in the world and is embedded into HTML documents.

Answer 658

Risk deterrence is the process of implementing deterrents to would‐be violators of security and policy.

Answer 659

DNS pharming is the malicious redirection of a valid website's URL or IP address to a fake website.

Answer 660

You must ensure that the evidence has not changed, and you must be able to validate its integrity.

Answer 661

Sampling, or data extraction, is the process of extracting specific elements from a large collection of data.

Answer 662

To digitally sign a message, first use a hashing function to generate a message digest.

Answer 663

Periodic backups.

Answer 664

The network containers are OSI layers 7–5 protocol data unit (PDU), layer 4 segment (TCP) or a datagram (UDP), layer 3 packet, layer 2 frame, and layer 1 bits.

Answer 665

ROM is nonvolatile and can't be written to by the end user.

Answer 666

Safety of personnel.

Answer 667

Disaster recovery planning (DRP).

Answer 668

(ALE before safeguard – ALE after implementing the safeguard) – annual cost of safeguard = value of the safeguard to the company.

Answer 669

Risk analysis is the process by which upper management is provided with details to make decisions about which risks are to be mitigated.

Answer 670

A physically unclonable function (PUF) is a specialized physical electronic component or function that generates a unique digital identifier.

Answer 671

Electronic access control (EAC).

Answer 672

Refers to a potential source or situation that has the capability to cause harm.

Answer 673

An active‐active system is a form of load balancing that uses all available pathways or systems during normal operations.

Answer 674

Concurrency.

Answer 675

Session management processes help prevent unauthorized access by closing unattended sessions.

Answer 676

Locard's exchange principle is the core principle that underlies the field of forensic science.

Answer 677

Fog computing is another example of advanced computation architectures, often used as an element in an IoT deployment.

Answer 678

Program Evaluation Review Technique (PERT).

Answer 679

In the /etc/shadow file.

Answer 680

SAFe is a comprehensive approach to applying agile principles and practices at the enterprise scale.

Answer 681

Federal Information Processing Standards (FIPS‐140‐2)/140‐3.

Answer 682

They are able to adapt and react to any condition or situation.

Answer 683

A pepper can be added to a salt to add additional protection for passwords.

Answer 684

Failure management includes programmatic error handling and input sanitization.

Answer 685

Clustering or key clustering.

Answer 686

Backup media should be handled with the same security precautions as any other asset.

Answer 687

The Domain Name System (DNS) is the hierarchical naming scheme used in both public and private networks.

Answer 688

Indefinitely.

Answer 689

Security guards, supervising users, incident investigations, and intrusion detection systems.

Answer 690

Organizations may purchase commercial off‐the‐shelf (COTS) software to meet their requirements.

Answer 691

The leftmost bit.

Answer 692

Risk reporting involves the production of a risk report and a presentation of that report to the interested parties.

Answer 693

A risk‐based access control model evaluates the environment and the situation.

Answer 694

Administrative physical security controls, technical physical security controls, physical controls for physical security.

Answer 695

Wi‐Fi Protected Access 3 (WPA3) uses 192‐bit AES CCMP encryption.

Answer 696

The role of a system security policy is to define the security requirements.

Answer 697

Administrative physical security controls, technical physical security controls, physical controls for physical security

Answer 698

Wi‐Fi Protected Access 3 (WPA3) uses 192‐bit AES CCMP encryption, whereas WPA3‐PER remains at 128‐bit AES CCMP. WPA3‐PER uses Simultaneous Authentication of Equals (SAE).

Answer 699

The role of a system security policy is to inform and guide the design, development, implementation, testing, and maintenance of a particular system. Thus, this kind of security policy tightly targets a single implementation effort.

Answer 700

Reduction analysis is also known as decomposing the application, system, or environment. The purpose of this task is to gain a greater understanding of the logic of the product as well as its interactions with external elements. Whether an application, a system, or an entire environment, it needs to be divided into smaller containers or compartments.

Answer 701

This act established procedures that govern access to data held by technology companies across national borders. This piece of legislation was introduced as a way to improve law enforcement's ability to gather digital evidence stored on servers regardless of where the servers are located, provided that the company is based within the United States or subject to U.S. jurisdiction.

Answer 702

A corporate‐owned mobile strategy (COMS) or corporate‐owned, business‐only (COBO) strategy is when the company purchases the mobile devices that can support security compliance with the security policy. These devices are to be used exclusively for company purposes, and users should not perform any personal tasks on the devices. This often requires workers to carry a second device for personal use.

Answer 703

It acts as a central storage point for developers to place their source code. It may also provide version control, bug tracking, web hosting, release management, and communications functions that support software development.

Answer 704

War driving, wireless scanners/crackers, rogue access points, evil twin, disassociation, jamming, IV abuse, and replay

Answer 705

A silicon root of trust (RoT), also known as a Hardware Root of Trust, is a foundational and tamper‐resistant component within a computer's hardware that provides a secure starting point for establishing trust and security in a system. The primary purpose of a silicon RoT is to ensure the integrity, authenticity, and confidentiality of the system's boot process and software.

Answer 706

Maximum tolerable downtime (MTD)

Answer 707

Contain or constrain the intrusion.

Answer 708

The five stages of the business impact analysis process are the identification of priorities, risk identification, likelihood assessment, impact analysis, and resource prioritization.

Answer 709

To reduce the number of security‐related design and coding defects, and to reduce the severity of any remaining defects

Answer 710

A site survey is a formal assessment of wireless signal strength, quality, and interference using an RF signal detector. A site survey is performed by placing a wireless base station in a desired location and then collecting signal measurements from the area. The signal measurements are overlaid onto a blueprint of the building to determine whether sufficient signal is present where needed, while minimizing signals outside the desired location.

Answer 711

Remediation and Review

Answer 712

Authentication Header (AH)

Answer 713

Arbitration, deconfliction, and contention‐based

Answer 714

An ABAC model is an advanced implementation of a rule‐based access control model, applying rules based on attributes. Software‐defined networks (SDNs) often use an ABAC model.

Answer 715

An attack using double‐encapsulated IEEE 802.1Q VLAN tags to fool a switch into allowing traffic to jump to a different VLAN from which the traffic originated.

Answer 716

Logical access controls include authentication, authorization, and permissions. They limit who can access information, settings, and use of information, systems, devices, facilities, applications, and services.

Answer 717

Polyinstantiation

Answer 718

A split tunnel is a VPN configuration that allows a VPN‐connected client system (i.e., remote node) to access both the organizational network over the VPN and the internet directly at the same time. A full tunnel is a VPN configuration in which all of the client's traffic is sent to the organizational network over the VPN link, and then any Internet‐destined traffic is routed out of the organizational network's proxy or firewall interface to the Internet.

Answer 719

802.11 networking, Bluetooth (802.15.1/Bluetooth SIG), mobile phones, and cordless phones

Answer 720

Protection profile

Answer 721

Remote wipe lets you delete all data and possibly even configuration settings from a device remotely. The wipe process can be triggered over mobile phone service or sometimes over any Internet connection.

Answer 722

Simple substitution

Answer 723

Intentionally false or misleading information spread with the purpose of deceiving or manipulating people; often used as a tool for political, ideological, or malicious agendas.

Answer 724

HOSTS poisoning, authorized DNS server attack, caching DNS server attack, changing a DNS server address, and DNS query spoofing

Answer 725

Copyrights protect original works of authorship, such as books, articles, poems, and songs. Trademarks are names, slogans, and logos that identify a company, product, or service. Patents provide protection to the creators of new inventions. Trade secret law protects the operating secrets of a firm.

Answer 726

Business leaders must exercise due diligence to ensure that shareholders' interests are protected in the event disaster strikes. Some industries are also subject to federal, state, and local regulations that mandate specific BCP procedures. Many businesses also have contractual obligations to their clients that they must meet before, during, and after a disaster.

Answer 727

Third‐party governance is the system of oversight that may be mandated by law, regulation, industry standards, or licensing requirements. The actual method of governance may vary but generally involves an outside investigator or auditor.

Answer 728

Upgrade the baseline.

Answer 729

The amount of risk an organization would face if no safeguards were implemented. A formula for total risk is threats × vulnerabilities × asset value = total risk.

Answer 730

SYN flood attack

Answer 731

M of N control

Answer 732

Virtualization technology is used to host one or more operating systems within the memory of a single host computer. This mechanism allows virtually any OS to operate on any hardware. Such an OS is also known as a guest operating system. From the perspective that there is an original or host OS installed directly on the computer hardware, the additional OSs hosted by the hypervisor system are guests.

Answer 733

Programmable logic controller (PLC) units are effectively single‐purpose or focused‐purpose digital computers. They are typically deployed for the management and automation of various industrial electromechanical operations, such as controlling systems on an assembly line or a large‐scale digital light display.

Answer 734

Directive control

Answer 735

A risk framework is a guideline or recipe for how risk is to be assessed, resolved, and monitored.

Answer 736

Reducing risk or risk mitigation; assigning risk or transferring; risk deterrence; risk avoidance; accepting risk

Answer 737

Macro virus

Answer 738

Security tests verify that a control is functioning properly. These tests include automated scans, tool‐assisted penetration tests, and manual attempts to undermine security.

Answer 739

Attribute‐based access control, rule‐based access control, firewall rules

Answer 740

An authentication method often used by mobile device management (MDM) systems to identify mobile device users. It includes multiple elements such as the location of the user, the time of day, and the mobile device.

Answer 741

A mobile device deployment policy should address data ownership, support ownership, patch and update management, security product management, forensics, privacy, onboarding/offboarding, adherence to corporate policies, user acceptance, architecture/infrastructure considerations, legal concerns, acceptable use policies, onboard cameras/video, recording microphone, Wi‐Fi Direct, tethering and hotspots, and contactless payment methods.

Answer 742

Authorization ensures that the requested activity or object access is possible, given the authenticated identity's privileges. Common authorization mechanisms include implicit deny, access control lists, access control matrixes, capability tables, constrained interfaces, content‐dependent controls, and context‐dependent controls. These mechanisms enforce security principles such as need to know, the principle of least privilege, and separation of duties.

Answer 743

Loss of goodwill among client base, loss of employees after prolonged downtime, social/ethical responsibilities to the community, and negative publicity.

Answer 744

Denial of service, eavesdropping, impersonation, replay, and modification.

Answer 745

URL hijacking refers to the practice of displaying a link or advertisement that looks like that of a well‐known product, service, or site, but when clicked redirects the user to an alternate location, service, or product. This may be accomplished by posting sites and pages and exploiting search engine optimization (SEO), or through the use of adware that replaces legitimate ads and links with those leading to alternate or malicious.

Answer 746

When straightforward hashing is used to store passwords in a password file, attackers may use rainbow tables of precomputed values to identify commonly used passwords. Adding salts to the passwords before hashing them reduces the effectiveness of rainbow table attacks. Common password hashing algorithms that use key stretching to further increase the difficulty of attack include PBKDF2, bcrypt, and scrypt.

Answer 747

Erasing, clearing, and overwriting media that will be used in the same classification environments; purging, sanitizing, and degaussing if media is used in different classification environments.

Answer 748

For a one‐time pad to be successful, the key must be generated randomly without any known pattern. The key must be at least as long as the message to be encrypted. The pads must be protected against physical disclosure, and each pad must be used only one time and then discarded.

Answer 749

Water leakage and flooding should be addressed in your environmental safety policy and procedures. Plumbing leaks are not an everyday occurrence, but when they occur, they often cause significant damage. Water and electricity don't mix. If your computer systems come in contact with water, especially while they are operating, damage is sure to occur. Whenever possible, locate server rooms and critical computer equipment away from any water source or transport pipes.

Answer 750

Internet Small Computer System Interface (iSCSI) is a networking storage standard based on IP. This technology can be used to enable location‐independent file storage, transmission, and retrieval over LAN, WAN, or public Internet connections. iSCSI is often viewed as a low‐cost alternative to Fibre Channel.

Answer 751

Job rotation is when employees are rotated into different jobs, or tasks are assigned to different employees. It may be implemented as a defense against collusion. Collusion is an agreement among multiple persons to perform some unauthorized or illegal actions.

Answer 752

Retina scans

Answer 753

Spectrum‐use techniques manage the simultaneous use of the limited radio frequencies, including FHSS, DSSS, and OFDM.

Answer 754

Remote wipe

Answer 755

In the business organization analysis, the individuals responsible for leading the business continuity planning (BCP) process determine which departments and individuals have a stake in the business continuity plan. This analysis serves as the foundation for BCP team selection and, after validation by the BCP team, is used to guide the next stages of BCP development.

Answer 756

Microsegmentation is dividing up an internal network in numerous subzones, potentially as small as a single device, such as a high‐value server or even a client or endpoint device. Each zone is separated from the others by internal segmentation firewalls (ISFWs), subnets, or VLANs.

Answer 757

When the scanner tests a system for vulnerabilities, it uses the tests in its database to determine whether a system may contain the vulnerability. In some cases, the scanner may not have enough information to conclusively determine that a vulnerability exists and it reports a vulnerability when there really is no problem. This situation is known as a false positive report and is sometimes seen as a nuisance to system administrators.

Answer 758

DNP3 (Distributed Network Protocol) is a multilayer protocol primarily used in the electric and water utility and management industries. It is used to support communications between data acquisition systems and the system control equipment. DNP3 is an open and public standard. DNP3 is a multilayer protocol that functions similarly to TCP/IP, in that it has link, transport, and transportation layers.

Answer 759

No matter the quality of the equipment your organization chooses to purchase and install, eventually it will fail. Preparing for equipment failure may include purchasing replacement parts, storing equipment, or having an SLA with a vendor.

Answer 760

Security management planning ensures proper creation, implementation, and enforcement of a security policy. Security management planning aligns the security functions to the strategy, goals, mission, and objectives of the organization. This includes designing and implementing security based on business cases, budget restrictions, or scarcity of resources.

Answer 761

Cable failures and misconfigurations.

Answer 762

Wet pipe system, dry pipe system, deluge system, preaction system.

Answer 763

The concept that each individual device must maintain local security whether or not its network or telecommunications channels provide or offer security.

Answer 764

Security management planning aligns the security functions to the strategy, goals, mission, and objectives of the organization. This includes designing and implementing security based on business cases, budget restrictions, or scarcity of resources.

Answer 765

Foreign key.

Answer 766

Select, Update, Delete, Insert, Grant, and Revoke.

Answer 767

A ping flood attack floods a victim with ping requests. This can be very effective when launched by zombies within a botnet as a DDoS attack.

Answer 768

The Internet of Things (IoT) is a class of devices that are internet‐connected in order to provide automation, remote control, or AI processing to appliances or devices.

Answer 769

Stage I is Definition the Objectives (DO), Stage II is Definition of the Technical Scope (DTS), Stage III is Application Decomposition and Analysis (ADA), Stage IV is Threat Analysis (TA), Stage V is Weakness and Vulnerability Analysis (WVA), Stage VI is Attack Modeling & Simulation (AMS), and Stage VII is Risk Analysis & Management (RAM).

Answer 770

Control access to a facility can be accomplished using fences, gates, turnstiles, person‐trap, bollards, and barricades.

Answer 771

Threat hunting is the activity of looking for existing evidence of a compromise once symptoms or an IoC of an exploit become known.

Answer 772

Security control baselines provide a listing of controls that an organization can apply as a baseline.

Answer 773

Mandatory access control (MAC).

Answer 774

Vulnerability assessment.

Answer 775

Bell–LaPadula subjects have a clearance level that allows them to access only those objects with the corresponding classification levels, which protects confidentiality.

Answer 776

Physical controls for physical security are fencing, lighting, locks, construction materials, guard dogs, and security guards.

Answer 777

Checklists.

Answer 778

Full backups, incremental backups, and differential backups.

Answer 779

Something you know, something you have, and something you are.

Answer 780

Copyrights, patents, and trade secret laws provide protection for proprietary data.

Answer 781

Real evidence consists of actual objects that can be brought into the courtroom. Documentary evidence consists of written documents that provide insight into the facts. Testimonial evidence consists of verbal or written statements made by witnesses.

Answer 782

The TCP/IP model is a protocol model derived from TCP/IP and has four layers: Application, Transport, Internet, and Link.

Answer 783

Threat modeling is the security process where potential threats are identified, categorized, and analyzed.

Answer 784

65,536 sockets, numbered from 0 to 65,535.

Answer 785

The combination of hardware, software, and controls that form a trusted base enforcing the security policy.

Answer 786

Malicious code is thwarted with a combination of tools, including antimalware software and policies that enforce basic security principles.

Answer 787

Secrecy is the activity of keeping something a secret or preventing the disclosure of information.

Answer 788

Smart devices are a range of mobile devices that offer the user customization options, typically through installing apps.

Answer 789

Certificate authorities (CAs).

Answer 790

Piggybacking.

Answer 791

Fire detection and suppression must not be overlooked. Protecting personnel from harm should always be the most important goal.

Answer 792

Codes are cryptographic systems of symbols that operate on words or phrases. Ciphers are always meant to hide the true meaning of a message.

Answer 793

The security design principle that indicates that organizations do not operate in isolation.

Answer 794

A MAC filter is a list of authorized wireless client interface MAC addresses used by a WAP to block access to nonauthorized devices.

Answer 795

Smartcards are credit card–sized IDs with an embedded magnetic stripe, bar code, or integrated circuit chip.

Answer 796

Risk management is the process of identifying factors that could damage or disclose data, evaluating those factors, and implementing cost-effective solutions.

Answer 797

Maturity models help software organizations improve the maturity and quality of their software processes.

Answer 798

Personal Information Protection Law (PIPL), which came into effect in 2021.

Answer 799

Personally identifiable information (PII) is any information that can identify an individual.

Answer 800

Overloaded electrical distribution outlets.

Answer 801

The target of evaluation (TOE).

Answer 802

Role‐based access control (RBAC).

Answer 803

The adversary‐in‐the‐middle attack fools both parties into communicating with the attacker. The birthday attack attempts to find collisions in hash functions. The replay attack attempts to reuse authentication requests.

Answer 804

Once countermeasures are implemented, the risk that remains is known as residual risk.

Answer 805

Expert systems consist of a knowledge base and an inference engine. Machine learning techniques discover knowledge from datasets. Neural networks simulate the functioning of the human mind.

Answer 806

A four‐digit PIN.

Answer 807

Fingerprints, face scans, iris scans, retina scans, palm topography, heart/pulse pattern, voice pattern, signature dynamics.

Answer 808

Anything as a service (XaaS) is a catchall term for any type of computing service provided through a cloud solution.

Answer 809

Security is always changing, thus any implemented security solution requires updates and changes over time.

Answer 810

Risk Management Framework (RMF), NIST Cybersecurity Framework (CSF), COBIT, and ITIL.

Answer 811

Smart devices are a range of devices that offer customization options and may use machine learning processing.

Answer 812

The three basic components of change control are request control, change control, and release control.

Answer 813

Biba prevents subjects with lower security levels from writing to objects at higher security levels.

Answer 814

RSA, ECDSA, and EdDSA.

Answer 815

Any information that is factually incorrect or inaccurate.

Answer 816

Application whitelisting prohibits unauthorized software from executing unless it's on the preapproved exception list.

Answer 817

Compliance checking.

Answer 818

Guards, fences, motion detectors, locked doors, CCTV, and alarms.

Answer 819

Erasing a file doesn't delete it. Clearing media overwrites it. Purging removes data so that the media can be reused. Degaussing removes data from tapes and magnetic drives.

Answer 820

Sandboxing provides a security boundary for applications and prevents them from interacting with other applications.

Answer 821

Legacy systems may not be receiving security updates from their vendors.

Answer 822

Provide Stakeholder Value, Holistic Approach, Dynamic Governance System, Governance Distinct from Management, Tailored to Enterprise Needs, and End‐to‐End Governance System.

Answer 823

You will lose valuable evidence unless you ensure that critical log files are retained for a reasonable period of time.

Answer 824

Humans are often considered the weakest element in any security solution but can also become a key security asset when properly trained.

Answer 825

A group of attackers sponsored by a government, highly motivated, skilled, and focused on a single target.

Answer 826

Threats can originate from numerous sources, and threat assessment should be performed as a team effort.

Answer 827

A group of records from one or more databases or logs that can be used to reconstruct events after an incident.

Answer 828

The European Union (EU) General Data Protection Regulation (GDPR) regulates the transfer of personal data in and out of the EU.

Answer 829

Electronic vaulting, remote journaling, and remote mirroring technology.

Answer 830

Open System Authentication (OSA) and Shared Key Authentication (SKA).

Answer 831

A hosted solution is a deployment.

Answer 832

Databases benefit from three backup technologies: electronic vaulting, remote journaling, and remote mirroring.

Answer 833

A hosted solution is a deployment concept where the organization must license software and then operates and maintains the software. The hosting provider owns, operates, and maintains the hardware that supports the organization's software.

Answer 834

Disinformation, misinformation, propaganda, false information, fake news, and doxing.

Answer 835

No read‐down.

Answer 836

A mechanism used to systematically manage change, involving extensive logging, auditing, and monitoring of activities related to security controls and solutions.

Answer 837

A virtualized network or network virtualization is the combination of hardware and software networking components into a single integrated entity, allowing for software control over all network functions.

Answer 838

Vulnerability scans automatically probe systems, applications, and networks looking for weaknesses that may be exploited by an attacker.

Answer 839

iOS is the mobile device OS from Apple that is available on the iPhone and is not licensed for use on non‐Apple hardware.

Answer 840

Disaster recovery planning (DRP) is the practice of establishing and executing recovery actions as part of an emergency response following a disaster.

Answer 841

The auditor is responsible for testing and verifying that the security policy is properly implemented.

Answer 842

Converged protocols are the merging of specialty or proprietary protocols with standard protocols, allowing the use of existing TCP/IP infrastructure.

Answer 843

Site selection should be based on the security needs of the organization, prioritizing security requirements over cost, location, and size.

Answer 844

Benefits include encryption, flexibility, and resiliency; drawbacks include covert channels and filter bypass.

Answer 845

Site accreditation.

Answer 846

Building access controls, intrusion detection, and security cameras.

Answer 847

Data sovereignty is the concept that digital data is subject to the laws and regulations of the country or region in which it is located.

Answer 848

VAST (Visual, Agile, and Simple Threat) is a threat modeling concept based on Agile project management principles.

Answer 849

Nonrepudiation prevents a subject from claiming not to have sent a message or performed an action.

Answer 850

An attack in which a malicious user is positioned between the two endpoints of a communication's link.

Answer 851

Classifying and labeling assets.

Answer 852

Encapsulation is the addition of a header, and possibly a footer, to the data received by each layer before it's handed off to the layer below.

Answer 853

Full and incremental.

Answer 854

Common Vulnerability and Exposures (CVE) is a dictionary that provides a standard convention used to identify vulnerabilities.

Answer 855

XXUAPRSF, where X represents two flags no longer used, followed by Urgent, Acknowledgment, Push, Reset, Synchronization, and Finish.

Answer 856

ALE = SLE × ARO.

Answer 857

Evidence must be relevant, material, and competent.

Answer 858

Full‐knowledge team.

Answer 859

Vulnerability analysis.

Answer 860

A civil investigation typically involves internal employees and outside consultants working on behalf of a legal team.

Answer 861

Input/output devices can be subject to eavesdropping, shoulder surfing, and unauthorized access.

Answer 862

WPA2 is defined by IEEE 802.11i and supports preshared key or enterprise authentication.

Answer 863

Knowledge‐based uses a signature database; behavior‐based learns about normal activities.

Answer 864

Statistical attack.

Answer 865

Parallel data systems are designed to perform numerous calculations simultaneously.

Answer 866

The U.S. Department of Defense.

Answer 867

Data controllers decide what data to process; processors handle data at the direction of controllers; administrators grant access; users access data.

Answer 868

A hybrid attack.

Answer 869

VM escaping occurs when software within a guest OS breaches isolation protection provided by the hypervisor.

Answer 870

Personnel time and attention.

Answer 871

Interface testing assesses the performance of modules against the interface specifications.

Answer 872

Maintaining physical access security, using encryption, and employing one‐time authentication methods.

Answer 873

Security management planning ensures proper creation, implementation, and enforcement of a security policy.

Answer 874

Federal Emergency Management Agency (FEMA).

Answer 875

Preventing disclosure, destruction, and alteration of data.

Answer 876

Open systems are designed using industry standards; closed systems are proprietary and harder to integrate.

Answer 877

Education, policies, and tools.

Answer 878

Computer crime is a crime directed against or directly involving a computer.

Answer 879

Microservices are an architectural style where an application is structured as a collection of small, independently deployable services.

Answer 880

The information or privilege required to perform an operation is divided among multiple users.

Answer 881

WAN links require a DTE and a DCE at each connection point; PVC is always available, SVC is established using the best paths.

Answer 882

A public cloud is a cloud service accessible to the general public, typically over an Internet connection.

Answer 883

Government Information Security Reform Act.

Answer 884

Purging is a more intense form of clearing that prepares media for reuse in less secure environments.

Answer 885

User accesses objects; owner is liable for protection; custodian classifies and protects data.

Answer 886

The U.S. has various privacy laws; the EU has the General Data Protection Regulation; Canada has PIPEDA.

Answer 887

In the DAC model, all objects have owners who can modify permissions.

Answer 888

Polyinstantiation.

Answer 889

A hybrid cloud is a mixture of private and public cloud components.

Answer 890

To ensure that trusted employees do not abuse their privileges and to detect many attacks.

Answer 891

The Delphi technique is an anonymous feedback‐and‐response process used to arrive at a consensus.

Answer 892

Privacy refers to keeping personally identifiable information confidential.

Answer 893

It can pinpoint compromised resources but cannot detect network‐only attacks.

Answer 894

Actions that are in line with what a person of ordinary prudence and judgment would do.

Answer 895

OIDC is an authentication layer using the OAuth 2.0 framework, providing both authentication and authorization.

Answer 896

Subjects should be granted only the amount of access required to accomplish their assigned work tasks.

Answer 897

Video surveillance, monitoring, CCTV, and security cameras deter unwanted activity.

Answer 898

OIDC uses a JavaScript Object Notation (JSON) Web Token (JWT), also called an ID token.

Answer 899

Subjects should be granted only the amount of access to objects that is required to accomplish their assigned work tasks.

Answer 900

Video surveillance, video monitoring, closed‐circuit television (CCTV), and security cameras are all means to deter unwanted activity and create a digital record of the occurrence of events. Cameras can be overt or hidden; can record locally or to a cloud storage service; may offer pan, tilt, and zoom; may operate in visible or infrared light; may be triggered by movement; and may support time‐lapse recording, tracking, facial recognition, gait analysis, object detection, or infrared or color‐filtered recording.

Answer 901

A security system feature commonly employed in access control systems to automatically signal to unlock a secured door or gate when someone wishes to exit a protected area.

Answer 902

Some security issues surround memory components: the fact that data may remain on the chip after power is removed and the control of access to memory in a multiuser system.

Answer 903

Hardware segmentation is similar to process isolation in purpose—it prevents the access of information that belongs to a different process/security level.

Answer 904

Virtual desktop infrastructure (VDI) is a means to reduce the security risk and performance requirements of end devices by hosting virtual machines on central servers that are remotely accessed by users.

Answer 905

Password Authentication Protocol (PAP) transmits usernames and passwords in cleartext. Challenge Handshake Authentication Protocol (CHAP) performs authentication using a challenge‐response dialogue that cannot be replayed. Extensible Authentication Protocol (EAP) allows customized authentication security solutions.

Answer 906

Software as a service (SaaS) provides on‐demand online access to specific software applications or suites without the need for local installation.

Answer 907

Configuration management, monitoring and analysis, troubleshooting and diagnostics, security management, user account management, software updates and patch management, backup and recovery tasks, and policy enforcement.

Answer 908

Sensitive data is any information that isn't public or unclassified. It can include confidential, proprietary, protected, or any other type of data that an organization needs to protect due to its value to the organization or to comply with existing laws and regulations.

Answer 909

Sanitization.

Answer 910

Virtual mobile infrastructure (VMI) is a technology where the operating system of a mobile device is virtualized on a central server.

Answer 911

Availability.

Answer 912

Concealment is the act of hiding or preventing disclosure.

Answer 913

A cloud access security broker (CASB) is a security policy enforcement solution that may be installed on‐premises, or it may be cloud‐based.

Answer 914

Parallel run.

Answer 915

Uninterruptible power supply (UPS).

Answer 916

Preventive control.

Answer 917

A virtualized network or network virtualization is the combination of hardware and software networking components into a single integrated entity.

Answer 918

Hot sites, warm sites, and cold sites.

Answer 919

A unilateral NDA is used when one party needs to share sensitive data with another party while retaining control and protection over that data. A bilateral NDA is a legally binding contract between two parties where both parties agree to protect each other's confidential information. A multilateral NDA is a legal contract involving three or more parties.

Answer 920

Without a job description, there is no consensus on what type of individual should be hired.

Answer 921

Mobile site.

Answer 922

Children's Online Privacy Protection Act.

Answer 923

Host‐based IDS.

Answer 924

Application (7), Presentation (6), Session (5), Transport (4), Network (3), Data Link (2), and Physical (1).

Answer 925

Read‐through tests, structured walk‐throughs, simulation tests, parallel tests, and full‐interruption tests.

Answer 926

Industrial Internet of Things (IIoT) is a derivative of IoT that focuses on industrial, engineering, manufacturing, or infrastructure level oversight.

Answer 927

Logic bomb.

Answer 928

Security as a service (SECaaS) is a cloud provider concept in which security is provided to an organization through or by an online entity.

Answer 929

Port security can mean the physical control of all connection points, such as RJ‐45 wall jacks or device ports.

Answer 930

Bell–LaPadula protects confidentiality; Biba and Clark–Wilson protect integrity.

Answer 931

Clearing, or overwriting, is a process of preparing media for reuse.

Answer 932

Ethical hacker.

Answer 933

Accountability is maintained for individual subjects through the use of auditing.

Answer 934

In dropped ceilings, raised floors, server rooms, private offices and public areas, HVAC vents, elevator shafts, the basement, and so on.

Answer 935

The beacon frame contains the SSID by default.

Answer 936

Several protocols provide centralized authentication, authorization, and accounting services.

Answer 937

NAT66 allows multiple devices within a private IPv6 network to share the same public IPv6 address.

Answer 938

Discretionary access control (DAC).

Answer 939

Protection of evidence.

Answer 940

Omnidirectional pole antennas, as well as many directional antennas, such as Yagi, cantenna, panel, and parabolic.

Answer 941

Declassification.

Answer 942

Software escrow agreements.

Answer 943

The Common Criteria (ISO/IEC 15408) is a subjective security function evaluation tool.

Answer 944

Microcode.

Answer 945

To help software organizations improve the maturity and quality of their software processes.

Answer 946

Personnel transfers may be treated as a fire/rehire rather than a personnel move.

Answer 947

The possible yearly cost of all instances of a specific realized threat against a specific asset. ALE = single loss expectancy (SLE) × annualized rate of occurrence (ARO).

Answer 948

The de facto standard for secure web traffic is the use of HTTP over Transport Layer Security (TLS).

Answer 949

The first form exploits a vulnerability in hardware or software. The second form floods the victim's communication pipeline with garbage network traffic.

Answer 950

An advanced high‐speed interconnect technology developed to address the increasing demands of data‐intensive workloads in modern computing systems.

Answer 951

Quantitative risk analysis assigns real dollar figures to the loss of an asset.

Answer 952

Once a subject is authenticated, its access must be authorized.

Answer 953

A collection or ledger of records, transactions, operations, or other events that are verified using hashing, timestamps, and transaction data.

Answer 954

Virtualization doesn't lessen the security management requirements of an OS.

Answer 955

A specific type of attack in which various types of technology are used to circumvent the telephone system.

Answer 956

FIPS‐186‐5 is the Digital Signature Standard (DSS).

Answer 957

White‐box testing or known environment testing.

Answer 958

Destruction of sensitive circuits.

Answer 959

Multitasking is the simultaneous execution of more than one application and is managed by the OS.

Answer 960

Static packet filtering, application‐level, circuit‐level, stateful inspection, NGFW, ISFW, virtual firewall.

Answer 961

To ensure that users do not have.

Answer 962

Multithreading permits multiple concurrent tasks to be performed within a single process.

Answer 963

Static packet filtering, application‐level, circuit‐level, stateful inspection, NGFW, ISFW, virtual firewall, filters/rules/ACLs/tuples, bastion host, ingress, egress, RTBH, stateless vs. stateful, WAF, SWG, TCP wrapper, DPI, and content and URL filtering.

Answer 964

To ensure that users do not have excessive privileges and that accounts are managed appropriately.

Answer 965

When a person attempts to deceive an insider within an organization to divulge sensitive information or to perform sensitive actions on their behalf.

Answer 966

Seclusion refers to storing something in an out‐of‐the‐way location with strict access controls to enforce confidentiality protections.

Answer 967

Service bureaus lease computer time via contractual agreements and can meet an organization's entire IT needs in the event of disaster or catastrophic failure.

Answer 968

Stage 3: Flame.

Answer 969

A hardware‐based RoT refers to the implementation of the root of trust using dedicated hardware components like TPMs or HSMs for secure cryptographic operations.

Answer 970

Inputs, behaviors, and outputs.

Answer 971

A wiring closet is where networking cables are connected to essential equipment. Security focuses on preventing unauthorized physical access to avoid theft or tampering.

Answer 972

A collection of techniques to discover that a wireless network is present at a given location.

Answer 973

Synchronous communications rely on a timing or clocking mechanism, while asynchronous communications rely on a stop and start delimiter bit.

Answer 974

Family Educational Rights and Privacy Act.

Answer 975

Onboarding is the process of adding new employees to the IAM system of an organization or when an employee's role changes.

Answer 976

An agreement ensuring that a cloud provider will provide the resources needed to support disaster recovery operations.

Answer 977

A hardware security module (HSM) is a cryptoprocessor used to manage/store digital encryption keys and improve authentication.

Answer 978

Certification.

Answer 979

A documented argument to define a need for a decision or action, often to justify a new project related to security.

Answer 980

Adherence to the ISC2 Code of Ethics is mandatory, and acceptance is a condition of certification.

Answer 981

Code review is the foundation of software assessment programs where developers review code for defects.

Answer 982

Means of memory addressing include register addressing, immediate addressing, direct addressing, indirect addressing, and base+offset addressing.

Answer 983

Always err on the side of caution, request proof of identity, classify information, and never change passwords over the phone.

Answer 984

Prevention of unauthorized intrusion and knowledge that personal information won't be shared without consent.

Answer 985

A malicious user records traffic between a client and server and retransmits it with variations.

Answer 986

Defense Information Technology Security Certification and Accreditation Process (DITSCAP).

Answer 987

Enrollment times longer than 2 minutes are unacceptable; subjects will typically accept a throughput rate of about 6 seconds or faster.

Answer 988

Human‐made or person‐made disaster.

Answer 989

Confidential, private, sensitive, public.

Answer 990

They validate the ongoing effectiveness of security controls through various tools like vulnerability assessments and penetration tests.

Answer 991

SLAAC is based on routers sending Router Advertisement messages to facilitate stateless DHCPv6 for IPv6 address formation.

Answer 992

An authentication technique that redirects a newly connected wireless client to a portal access control page.

Answer 993

The attacker pretends to be someone or something else, spoofing identities, IP addresses, and more.

Answer 994

Distributed control systems (DCSs), programmable logic controllers (PLCs), and supervisory control and data acquisition (SCADA).

Answer 995

A fail‐open system will fail in an open state, granting all access.

Answer 996

Monitoring is used to watch for security policy violations and detect unauthorized activities.

Answer 997

Covert timing channel.

Answer 998

Privileged accounts such as administrator or root user accounts.

Answer 999

Identification, authentication, authorization, auditing, and accounting.

Answer 1000

It can monitor a large network and is hardened against attack but requires a central view of traffic and can't pinpoint compromised resources.

Answer 1001

Inaccurate or misleading information spread without malicious intent, often due to errors or misunderstandings.

Answer 1002

Patching software, reconfiguring security, employing firewalls, updating filters, using IDSs/IPSs, and improving physical access control.

Answer 1003

Dynamic testing.

Answer 1004

Ring, bus, star, and mesh.

Answer 1005

The practice of embedding an image or pattern in paper or digital documents to thwart counterfeiting attempts.

Answer 1006

Developers write code in various languages, use software development toolsets, and manage code through repositories.

Answer 1007

Decision support system.

Answer 1008

When a vulnerability scanner misses a vulnerability and fails to alert the administrator.

Answer 1009

Cryptographic keys provide secrecy to a cryptosystem, with modern symmetric keys at least 128 bits and asymmetric keys at least 2,048 bits long.

Sybex Cissp 2024 Flashcards

(1098 cards)