Test Study 6

Question 1

What is the ISC2 code of ethics?

Answer 1

Protect society, the common good, necessary public trust and confidence, and the infrastructure.
Act honorably, honestly, justly , responsibly, and legally.
Provide diligent and competent service to principals.
Advance and protect the profession.

Question 2

What data state (in flight, at rest, etc) does SQLi affect?

Answer 2

Data in use

Question 3

What is SED?

Answer 3

Self-encrypting drives, primarily usb storage with automatic encryption.

Question 4

What is RTOS?

Answer 4

Real time operating system

Used in high speed robotics and manufacturing.

Question 5

What type of system should be used for robotics or manufacturing?

Answer 5

RTOS / Real time operating system

Question 6

What is type 1 virtualization?

Answer 6

Bare metal hypervisors, runs directly on the physical hardware of a host machine and doesn’t require an underlying operating system to load. Most efficient

Question 7

What is type 2 virtualization?

Answer 7

Hosted, runs on a host OS, it relies on the OS it is installed on for certain operations. Supports a wide range of hardware.

Question 8

Which type of virtualization doesn’t require a host operating system?

Answer 8

Type 1 / Bare Metal

Question 9

Which type of virtualization relies on other portions of the system to handle things like CPU calls and network resources?

Answer 9

Type 2 / Hosted

Question 10

What is a SAN certificate?

Answer 10

Subject Alternative Name
Allows a single certificate to possess and authenticate multiple names. Can handle multiple top level and sub domains, but requires explicitness.

Question 11

What is a wildcard certificate?

Answer 11

A certificate to secure multiple subdomains. Doesn’t require an explicit list.

Question 12

Which type of domain certificate is good for multiple uses where you may add new subdomains repeatedly?

Answer 12

Wildcard

Question 13

Which type of domain certificate should be used for multiple domains where you have a complete list of domains it should be used for?

Answer 13

SAN / Subject Alternate Name

Question 14

List and detail the certificate formats.

Answer 14

PEM, DER, PFX, CER, P12, P7B

PEM - most common format for CAs, contains any or all of the whole cert chain and keys, widely used by Unix, base 64 encoded ascii files, extensions such as .pem, .crt, .cer, .key, apache uses PEM

DER - binary form of a PEM key, storage of a single cert without private key or the chain, .cer and .der, typically used by Java

PFX, PKCS12, P12 - interchangeable, for storing a server or intermediate cert along with private key in one encrypted file

P7B / PKCS7 - contains certificates and chains, but not the private key, has extension .p7b, .p7c, used by several platforms.

Question 15

Which is the most common certificate format issued by CAs?

Answer 15

PEM

Question 16

What are the properties and makeup of a PEM file?

Answer 16

Base 64 encoded ascii file, can contain any or all of the cert, chain, and keys, typically uses .pem, .crt, .cer, .key, often used in Apache.

Question 17

What are the properties and makeup of a DER file?

Answer 17

Binary form of PEM, .cer or .der extensions, typically used in Java.

Question 18

What certificate format is typically used in Java?

Answer 18

DER

Question 19

What are the properties and makeup of a PFX key?

Answer 19

PFX, PKCS12, P12
Use for storing the server and intermediate certificates and the private key in one encrypted file.
.pfx, .p12, typically used in Windows

Question 20

Which certificate format is encrypted and stores the certificates and private key in one file?

Answer 20

PFX / PKCS12 / P12

Question 21

What are the properties and makeup of a P7B file?

Answer 21

P7B/PKCS7
Base 64 encoded, can contain certificates and chain, but NOT private key
.p7b, .p7c
Supported by several platforms - Windows, Java, Tomcat

Question 22

Which certificate format is base 64 encoded and contains the certificates and chains in one file, but not the private key?

Answer 22

P7B / PKCS7

Question 23

Which certificate format is base 64 encoded and contains the certificates, chains, and private key in one file?

Answer 23

PEM

Question 24

Which certificate format is supported by several platforms such as Windows, Java, and Tomcat?

Answer 24

P7B / PKCS7

Question 25

What are some properties of transport mode vpn?

Answer 25

Point to point or end to end encryption | The IP payload is protected

Question 26

What are some properties of tunnel encryption?

Answer 26

Uses ESP & AH Tunnel between two network devices, or site to site IP payload AND header are protected, entire IP packet becomes a payload of a new IP packet and header

Question 27

Which vpn mode should be used for end to end encryption?

Answer 27

Transport

Question 28

Which vpn mode should be used between networks?

Answer 28

Tunnel

Question 29

What does transport mode protect?

Answer 29

Only the IP payload.

Question 30

What does tunnel mode protect?

Answer 30

The IP payload and header

Question 31

Which vpn mode encapsulates the entire IP packet?

Answer 31

Tunnel

Question 32

What is FDDI?

Answer 32

Fiber Distributed Data Interface | Optical fiber based networking

Question 33

What is a DISA?

Answer 33

Direct Inward System Access A feature of PBX that allows external callers to dial in to access or configure PBX Allows outside users access to an internal dial tone to allow for internal features used externally.

Question 34

What is a PBX?

Answer 34

Private branch exchange | Central part of an organization's telephone system that interfaces with the PSTN

Question 35

What phone feature allows for a business to split one single phone line among many internal extensions?

Answer 35

PBX

Question 36

What phone feature allows a traveling employee to place a call that appears to come from the business itself?

Answer 36

DISA

Question 37

What are the versions of Kerberos and what encryption do they use?

Answer 37

Kerberos 4 - DES | Kerberos 5 - AES

Question 38

Which version of kerberos uses weaker encryption?

Answer 38

4, DES

Question 39

Which version of kerberos uses AES?

Answer 39

5

Question 40

What is a constrained interface?

Answer 40

A setting that restricts what users can see or limits functionality.

Question 41

What feature can limit user functionality to add security?

Answer 41

Constrained interface

Question 42

What ports might describe a Linux device being on the network?

Answer 42

22 and 111

Question 43

What ports might describe a router being on the network?

Answer 43

22

Question 44

What ports might describe a Windows workstation being on the network?

Answer 44

139 and 445

Question 45

Ports 22 and 111 are found open on an IP, what device likely lives there?

Answer 45

Linux

Question 46

Port 22 is found open on an IP, what device likely lives there?

Answer 46

Router / Switch

Question 47

Ports 139 and 445 are found open on an IP, what device likely lives there?

Answer 47

Windows workstation

Question 48

What is functional testing?

Answer 48

Verifying that the application works according to specifications

Question 49

What is interface testing?

Answer 49

Verifying that different modules of the application work correctly together as a group.

Question 50

What type of testing validates that different components are working together properly?

Answer 50

Interface

Question 51

What type of testing verifies that applications are working according to their specifications?

Answer 51

Functional

Question 52

What classification of evidence may be affected by being highly technical or hard to understand?

Answer 52

Relevance

Question 53

What is something that threatens the relevance of evidence?

Answer 53

Being highly technical or hard to understand.

Question 54

What is MTTR?

Answer 54

Meat time to recovery | How long it takes a system to recover from failure

Question 55

What is the term for the duration it takes a system to recover?

Answer 55

MTTR

Question 56

What is confusion?

Answer 56

Each bit of ciphertext should depend on several parts of the key. Confusion hides the relationship between the ciphertext and the key. Changes the key values used during repeated rounds of encryption Works with stream and block ciphers.

Question 57

What is diffusion?

Answer 57

Changing a single bit of the plaintext then half of the ciphertext should change. Adds randomness to the ciphertext. Mixes up the location of the plaintext throughout the ciphertext. Hides the relationship between the ciphertext and the plain text. Only works with block ciphers.

Question 58

What method of securing a cipher identity only works with block ciphers?

Answer 58

Diffusion

Question 59

What method of securing a cipher identity works with stream and block ciphers?

Answer 59

Confusion

Question 60

What method of securing a cipher identity hides the relationship between the ciphertext and the key?

Answer 60

Confusion

Question 61

What method of securing a cipher identity hides the relationship between the ciphertext and the plain text?

Answer 61

Diffusion

Question 62

What method of securing a cipher identity appears to add randomness to the ciphertext?

Answer 62

Diffusion

Question 63

What method of securing a cipher identity makes the key appear to change repeatedly?

Answer 63

Confusion

Question 64

What is NIST 800-160?

Answer 64

System Security Engineering

Question 65

What is NIST 800-18?

Answer 65

Developing Security Plans

Question 66

What is Nist 800-70

Answer 66

Repository of Security Checklists

Question 67

Which NIST SP covers system security engineering?

Answer 67

800-160

Question 68

Which NIST SP covers developing security plans?

Answer 68

800-18

Question 69

Which NIST SP covers a repository of checklists?

Answer 69

800-70

Question 70

What does ESP do?

Answer 70

Encapsulating security protocol | Secures the payload of a packet by using encryption

Question 71

What does AH do?

Answer 71

Uses a hash function and a secret, shared key to allow integrity and authentication.

Question 72

Which packet header secures the payload?

Answer 72

ESP

Question 73

Which packet header ensures integirty?

Answer 73

AH

Question 74

What is the Oakley protocol?

Answer 74

A key agreement protocol for exchanging keys across an insecure connection using Diffie-Helman, succeeded by IKE

Question 75

What protocol is based on DH for key exchange?

Answer 75

Oakley