Test Study 3

Question 1

What is the difference in a patent and a trade secret.

Answer 1

A patent is legal protection, however what you are protecting is now made public. A trade secret is kept hidden and the only legal protection is from theft.

Question 2

Which application tier involves how an application functions?

Answer 2

Tier 2, application logic

Question 3

What identity method is commonly used by large providers, such as Facebook?

Answer 3

OAuth

Question 4

Which step of the DREAD model talks about how bad an attack may be?

Answer 4

Damage

Question 5

What is a trade secret?

Answer 5

A formula, process, or design that is generally not known by others and has viable commercial use.

Question 6

What are 3 types of backups?

Answer 6

Full backup
Differential
Incremental

Question 7

What part of the RMF involves ongoing review and updating of controls?

Answer 7

Monitor and Update

Question 8

Which step of the DREAD model talks about how easy it is to identify the threat?

Answer 8

Discoverability

Question 9

What two phases of the penetration test loop until the test is completed?

Answer 9

Discovery and Attack

Question 10

What is the term for hiring a person to perform activities normally performed by a computer?

Answer 10

HumBot

Question 11

Which ‘due’ deals with research and planning?

Answer 11

Due diligence

Question 12

A computer is given an IP of 172.17.5.20, what caused this?

Answer 12

RFC1918

Question 13

What is a differential backup?

Answer 13

Backup the changes since the last full backup.

Question 14

Which application tier involves HTML?

Answer 14

Tier 1, presentation tier

Question 15

What US agency upholds the GDPR?

Answer 15

US Department of Commerce

Question 16

What is 802.5

Answer 16

Token Ring

Question 17

What happens during the assess step of the RMF?

Answer 17

Having an independent assessor test the controls.

Question 18

What is a generational fuzzer?

Answer 18

An intelligent fuzzer that has an understanding of the file format or protocol.

Question 19

What is the DREAD model?

Answer 19

Damage
Reproducibility
Exploitability
Affected Users
Discoverability

Question 20

What are the three application tiers?

Answer 20

Tier 1 - Presentation and organization, HTML and Javascript
Tier 2 - Application logic, functions, programming, C#, C++, Java
Tier 3 - Data tier, databases

Question 21

What can obfuscate a message that works on words or entire blocks of words?

Answer 21

Code

Question 22

What is something that XACML does NOT provide?

Answer 22

Authentication

Question 23

What is OVAL?

Answer 23

Open Vulnerability Assessment Language

Open standard for identifying vulnerabilities and not tied to any proprietary architecture.

Question 24

Which fuzzer is only ‘smart’

Answer 24

Generational

Question 25

What business model has four levels?

Answer 25

TOGAF

Question 26

What is an incremental backup?

Answer 26

Backup the changes since the last backup, full or incremental.

Question 27

What permissions are around Open Source?

Answer 27

Permission to use the original source code design and content in any way.

Question 28

What is NoSQL?

Answer 28

A database type created to address the limitations and vulnerabilities associated with relational databases.

Question 29

What part of the RMF involves making risk determinations based on risk assessments?

Answer 29

Authorize

Question 30

What is Graph?

Answer 30

A NoSQL implementation that organizes information as nodes, relationships, and properties.

Question 31

What can be implemented as a policy enforcement point between users and a cloud provider?

Answer 31

CASB

Question 32

In cryptology, what is DEA?

Answer 32

Data encryption algoright

Substitution and permutation to 16 rounds.

Question 33

Which fuzzer is only dumb?

Answer 33

Mutation

Question 34

What database type was created to address the limitations and vulnerabilities associated with relational databases?

Answer 34

NoSQL

Question 35

What are the steps of “the” risk management framework?

Answer 35

Categorize
Select
Implement
Assess
Authorize
Monitor

Question 36

What step of the penetration testing phase involves gaining access, escalating privileges, browsing for additional systems, and installing additional tools?

Answer 36

Attack

Question 37

What protocol provides TCP/IP over serial?

Answer 37

SLIP

Question 38

What is TOGAF?

Answer 38

The Open Group Architecture Framework
Defines four model levels:
Business
Application
Data
Technology

Question 39

Which NIST rule is related to selecting controls to categorize systems?

Answer 39

NIST 800-60

Question 40

What is the standard for token ring?

Answer 40

802.5

Question 41

What provides attribute based access control to provide authorization?

Answer 41

XACML

Question 42

What is a non-proprietary standard for identifying vulnerabilities?

Answer 42

OVAL

Question 43

What permission are around Freeware?

Answer 43

Software provided without charge, however there may be limitations on how it is supposed to be used.

Question 44

Which backup is many small backups that all are required to recover?

Answer 44

Incremental

Question 45

Which step of the DREAD model talks about how easy it is to launch the attacks?

Answer 45

Exploitability

Question 46

What is NIST 800-60

Answer 46

Categorization, controls to categorize systems

Question 47

What happens during the categorize step of the RMF?

Answer 47

Discovering, identifying, and assigning security roles to an IT system,

Question 48

A computer is given an IP of 169.254.3.20, what caused this?

Answer 48

DHCP failure, APIPA

Question 49

What is APIPA?

Answer 49

Automatic Private IP Addressing
Self assigning an IP address in case of DHCP failure.
169.254.x.x range

Question 50

What is a HumBot?

Answer 50

A human robot, a person who will manually perform activities in place of a computer.

Question 51

What happens during the select step of the RMF?

Answer 51

Identify and choose the appropriate controls needed to reduce risk.

Question 52

What does Fibre Channel over Ethernet do?

Answer 52

Replaces FC0 and FC1 layers with Ethernet
Allows Fibre Channel to use 10 Gigabit ethernet networks while maintaining the fibre channel protocol
Encapsulates Fibre Channel frames over ethernet networks

Question 53

Freebie

Answer 53

Blank

Question 54

What database organizes information as nodes, relationships, and properties?

Answer 54

Graph

Question 55

What is a mutation fuzzer?

Answer 55

A dumb fuzzer that blindly fuzzes the input and doesn’t understand the structure.

Question 56

What are the steps in the penetration testing methodology?

Answer 56

Planning
Discovery
Attack
Reporting

Question 57

What part of the RMF involves discovering, identifying, and assigning security roles to an IT system?

Answer 57

Categorize

Question 58

Which ‘due’ deals with activities and decisions?

Answer 58

Due Care

Question 59

What happens during the montior step of the RMF?

Answer 59

Ongoing review and updating of controls and security status.

Question 60

What is the difference in OAuth and OpenID?

Answer 60

OpenID is based on OAuth, however OpenID provides an ID token.

Question 61

What business model has five guides?

Answer 61

ITIL

Question 62

What part of the RMF involves having an independent party test the security controls?

Answer 62

Assess

Question 63

What is RFC1918?

Answer 63

A group of internal IP ranges.

10. x.x.x
11. 16-31.x.x
12. 168.x.x

Question 64

What happens during the authorize step of the RMF?

Answer 64

Management reviews a risk assessment and makes a risk determination on whether the risk is acceptable.

Question 65

What does XACML provide?

Answer 65

Authorization

Question 66

Which step of the DREAD model talks about the scope of the damage?

Answer 66

Affected Users

Question 67

What is SLIP?

Answer 67

Serial line interface protocol

Provides TCP/IP over serial connection.

Question 68

In what pen test phase are the scope and objectives defined?

Answer 68

Planning

Question 69

What part of the RMF involves putting selected controls into place?

Answer 69

Implement

Question 70

What is a CASB?

Answer 70

Cloud access security broker

A security enforcement point between the consumer and the cloud provider.

Question 71

What is the name of the IP range assigned when DHCP fails?

Answer 71

APIPA

Question 72

What are some tenets of ITIL?

Answer 72

It is best practicies on how to use IT as a tool to facilitate business change.
Advocates that services must be aligned to the needs of the business.
Has five core guides.

Question 73

Which non-full backup type has the largest footprint?

Answer 73

Differential

Question 74

Which application tier stores data?

Answer 74

Tier 3, data tier

Question 75

What happens during the implement step of the RMF?

Answer 75

Put into place the selected security controls.

Question 76

What part of the RMF involves choosing the appropriate controls needed to reduce risk?

Answer 76

Select

Question 77

How many rounds does DEA perform on its data?

Answer 77

16

Question 78

Which pen test phase occurs alongside the others?

Answer 78

Reporting

Question 79

What is XACML

Answer 79

Extensible Access Control Markup Language
Implements attribute based access control to determine whether a principal should be granted access to a system. Only provides authorization.