Test Study 6 Flashcards

Question 1

Q

What is the ISC2 code of ethics?

Answer

A

Protect society, the common good, necessary public trust and confidence, and the infrastructure.
Act honorably, honestly, justly , responsibly, and legally.
Provide diligent and competent service to principals.
Advance and protect the profession.

Question 2

Q

What data state (in flight, at rest, etc) does SQLi affect?

Answer

A

Data in use

Question 3

Q

What is SED?

Answer

A

Self-encrypting drives, primarily usb storage with automatic encryption.

Question 4

Q

What is RTOS?

Answer

A

Real time operating system

Used in high speed robotics and manufacturing.

Question 5

Q

What type of system should be used for robotics or manufacturing?

Answer

A

RTOS / Real time operating system

Question 6

Q

What is type 1 virtualization?

Answer

A

Bare metal hypervisors, runs directly on the physical hardware of a host machine and doesn’t require an underlying operating system to load. Most efficient

Question 7

Q

What is type 2 virtualization?

Answer

A

Hosted, runs on a host OS, it relies on the OS it is installed on for certain operations. Supports a wide range of hardware.

Question 8

Q

Which type of virtualization doesn’t require a host operating system?

Answer

A

Type 1 / Bare Metal

Question 9

Q

Which type of virtualization relies on other portions of the system to handle things like CPU calls and network resources?

Answer

A

Type 2 / Hosted

Question 10

Q

What is a SAN certificate?

Answer

A

Subject Alternative Name
Allows a single certificate to possess and authenticate multiple names. Can handle multiple top level and sub domains, but requires explicitness.

Question 11

Q

What is a wildcard certificate?

Answer

A

A certificate to secure multiple subdomains. Doesn’t require an explicit list.

Question 12

Q

Which type of domain certificate is good for multiple uses where you may add new subdomains repeatedly?

Question 13

Q

Which type of domain certificate should be used for multiple domains where you have a complete list of domains it should be used for?

Answer

A

SAN / Subject Alternate Name

Question 14

Q

List and detail the certificate formats.

Answer

A

PEM, DER, PFX, CER, P12, P7B

PEM - most common format for CAs, contains any or all of the whole cert chain and keys, widely used by Unix, base 64 encoded ascii files, extensions such as .pem, .crt, .cer, .key, apache uses PEM

DER - binary form of a PEM key, storage of a single cert without private key or the chain, .cer and .der, typically used by Java

PFX, PKCS12, P12 - interchangeable, for storing a server or intermediate cert along with private key in one encrypted file

P7B / PKCS7 - contains certificates and chains, but not the private key, has extension .p7b, .p7c, used by several platforms.

Question 15

Q

Which is the most common certificate format issued by CAs?

Question 16

Q

What are the properties and makeup of a PEM file?

Answer

A

Base 64 encoded ascii file, can contain any or all of the cert, chain, and keys, typically uses .pem, .crt, .cer, .key, often used in Apache.

Question 17

Q

What are the properties and makeup of a DER file?

Answer

A

Binary form of PEM, .cer or .der extensions, typically used in Java.

Question 18

Q

What certificate format is typically used in Java?

Question 19

Q

What are the properties and makeup of a PFX key?

Answer

A

PFX, PKCS12, P12
Use for storing the server and intermediate certificates and the private key in one encrypted file.
.pfx, .p12, typically used in Windows

Question 20

Q

Which certificate format is encrypted and stores the certificates and private key in one file?

Answer

A

PFX / PKCS12 / P12

Question 21

Q

What are the properties and makeup of a P7B file?

Answer

A

P7B/PKCS7
Base 64 encoded, can contain certificates and chain, but NOT private key
.p7b, .p7c
Supported by several platforms - Windows, Java, Tomcat

Question 22

Q

Which certificate format is base 64 encoded and contains the certificates and chains in one file, but not the private key?

Answer

A

P7B / PKCS7

Question 23

Q

Which certificate format is base 64 encoded and contains the certificates, chains, and private key in one file?

Question 24

Q

Which certificate format is supported by several platforms such as Windows, Java, and Tomcat?

Answer

A

P7B / PKCS7

Question 25

Q

What are some properties of transport mode vpn?

Answer

A

Point to point or end to end encryption

The IP payload is protected

Question 26

Q

What are some properties of tunnel encryption?

Answer

A

Uses ESP & AH
Tunnel between two network devices, or site to site
IP payload AND header are protected, entire IP packet becomes a payload of a new IP packet and header

Question 27

Q

Which vpn mode should be used for end to end encryption?

Answer

A

Transport

Question 28

Q

Which vpn mode should be used between networks?

Question 29

Q

What does transport mode protect?

Answer

A

Only the IP payload.

Question 30

Q

What does tunnel mode protect?

Answer

A

The IP payload and header

Question 31

Q

Which vpn mode encapsulates the entire IP packet?

Question 32

Q

What is FDDI?

Answer

A

Fiber Distributed Data Interface

Optical fiber based networking

Question 33

Q

What is a DISA?

Answer

A

Direct Inward System Access
A feature of PBX that allows external callers to dial in to access or configure PBX
Allows outside users access to an internal dial tone to allow for internal features used externally.

Question 34

Q

What is a PBX?

Answer

A

Private branch exchange

Central part of an organization’s telephone system that interfaces with the PSTN

Question 35

Q

What phone feature allows for a business to split one single phone line among many internal extensions?

Question 36

Q

What phone feature allows a traveling employee to place a call that appears to come from the business itself?

Question 37

Q

What are the versions of Kerberos and what encryption do they use?

Answer

A

Kerberos 4 - DES

Kerberos 5 - AES

Question 38

Q

Which version of kerberos uses weaker encryption?

Question 39

Q

Which version of kerberos uses AES?

Question 40

Q

What is a constrained interface?

Answer

A

A setting that restricts what users can see or limits functionality.

Question 41

Q

What feature can limit user functionality to add security?

Answer

A

Constrained interface

Question 42

Q

What ports might describe a Linux device being on the network?

Answer

A

22 and 111

Question 43

Q

What ports might describe a router being on the network?

Question 44

Q

What ports might describe a Windows workstation being on the network?

Answer

A

139 and 445

Question 45

Q

Ports 22 and 111 are found open on an IP, what device likely lives there?

Question 46

Q

Port 22 is found open on an IP, what device likely lives there?

Answer

A

Router / Switch

Question 47

Q

Ports 139 and 445 are found open on an IP, what device likely lives there?

Answer

A

Windows workstation

Question 48

Q

What is functional testing?

Answer

A

Verifying that the application works according to specifications

Question 49

Q

What is interface testing?

Answer

A

Verifying that different modules of the application work correctly together as a group.

Question 50

Q

What type of testing validates that different components are working together properly?

Answer

A

Interface

Question 51

Q

What type of testing verifies that applications are working according to their specifications?

Answer

A

Functional

Question 52

Q

What classification of evidence may be affected by being highly technical or hard to understand?

Answer

A

Relevance

Question 53

Q

What is something that threatens the relevance of evidence?

Answer

A

Being highly technical or hard to understand.

Question 54

Q

What is MTTR?

Answer

A

Meat time to recovery

How long it takes a system to recover from failure

Question 55

Q

What is the term for the duration it takes a system to recover?

Question 56

Q

What is confusion?

Answer

A

Each bit of ciphertext should depend on several parts of the key.
Confusion hides the relationship between the ciphertext and the key.
Changes the key values used during repeated rounds of encryption
Works with stream and block ciphers.

Question 57

Q

What is diffusion?

Answer

A

Changing a single bit of the plaintext then half of the ciphertext should change.
Adds randomness to the ciphertext.
Mixes up the location of the plaintext throughout the ciphertext.
Hides the relationship between the ciphertext and the plain text.
Only works with block ciphers.

Question 58

Q

What method of securing a cipher identity only works with block ciphers?

Answer

A

Diffusion

Question 59

Q

What method of securing a cipher identity works with stream and block ciphers?

Answer

A

Confusion

Question 60

Q

What method of securing a cipher identity hides the relationship between the ciphertext and the key?

Answer

A

Confusion

Question 61

Q

What method of securing a cipher identity hides the relationship between the ciphertext and the plain text?

Answer

A

Diffusion

Question 62

Q

What method of securing a cipher identity appears to add randomness to the ciphertext?

Answer

A

Diffusion

Question 63

Q

What method of securing a cipher identity makes the key appear to change repeatedly?

Answer

A

Confusion

Question 64

Q

What is NIST 800-160?

Answer

A

System Security Engineering

Answer 52

A

Developing Security Plans

Answer 53

A

Repository of Security Checklists

Answer 54

A

Encapsulating security protocol

Secures the payload of a packet by using encryption

Answer 55

A

Uses a hash function and a secret, shared key to allow integrity and authentication.

Answer 56

A

A key agreement protocol for exchanging keys across an insecure connection using Diffie-Helman, succeeded by IKE

Brainscape's Knowledge GenomeTM

Test Study 6 Flashcards

Brainscape's Knowledge Genome^TM