All

Question 1

What is Change Management?

Answer 1

Formal process to make a change

Important for managing risks in an organization.

Question 2

Why is Change Management important?

Answer 2

• Avoid downtime
• Prevent confusion
• Reduce mistakes

It addresses one of the most common risks in organizations.

Question 3

What are the steps in an approval change process?

Answer 3

• Request forms
• Identify the scope
• Schedule date and time
• Determine affected systems
• Analyze risks
• Get approval/rejection
• End-user acceptance

These steps ensure a structured approach to implementing changes.

Question 4

Who is responsible for ownership in Change Management?

Answer 4

Individual or entity that needs to make a change

They oversee/manage the change but do not perform it.

Question 5

What is Impact Analysis in Change Management?

Answer 5

Identify risks involved with making a change

It assesses the potential impact on different parts of the organization.

Question 6

What is a Backout plan?

Answer 6

Plan to revert everything back to before the change

Implemented if something goes wrong during the change.

Question 7

What are Maintenance Windows?

Answer 7

Scheduled times for changes to minimize business interference

Usually done overnight to avoid disruption.

Question 8

What is an Allow/Deny List in Technical Change Management?

Answer 8

• Allow: only approved applications run
• Deny: everything runs except denied applications

This helps manage application security.

Question 9

What are Restricted Activities in Change Management?

Answer 9

Must follow specific change scope and window time

Only approved changes can be made.

Question 10

What is the purpose of Documentation in Change Management?

Answer 10

Must be a living document, ongoing updates

Includes updating diagrams, policies, and procedures.

Question 11

What are the motivations of Threat Actors?

Answer 11

• Data exfiltration
• Espionage
• Service disruption
• Blackmail
• Financial gain
• Philosophical or political
• Ethical
• Revenge
• War

These motivations drive various cyber attacks.

Question 12

What are the types of Threat Actors?

Answer 12

• Nation-state
• Unskilled/script kiddies
• Hacktivist
• Insider threat
• Organized crime
• Shadow IT

Each type has different capabilities and motivations.

Question 13

What are Human vectors/social engineering attacks?

Answer 13

• Phishing
• Vishing
• Smishing
• Misinformation
• Disinformation
• Impersonation
• Business email compromise
• Pretexting
• Watering hole
• Brand impersonation
• Typosquatting

These attacks exploit human behavior to gain unauthorized access.

Question 14

What is SQL injection (SQLi)?

Answer 14

Type of code injection attack adding info into data stream

Often done through web browsers into forms or fields.

Question 15

What is XSS?

Answer 15

Cross-Site Scripting, uses JavaScript to exploit trust in browsers

Types include non-persistent, persistent, and DOM-based XSS.

Question 16

What are Application Vulnerabilities?

Answer 16

• Memory injections
• Buffer overflow
• Race condition
• Time of check to time of use attack (TOCTU)

These vulnerabilities allow malware to exploit applications.

Question 17

What are OS based vulnerabilities fixed by?

Answer 17

Regular patching

Keeping operating systems updated is crucial for security.

Question 18

What are Cloud-specific vulnerabilities?

Answer 18

• DoS/DDoS
• Authentication bypass
• Directory traversal
• Remote code execution

These vulnerabilities target cloud services and applications.

Question 19

What is a Zero-day vulnerability?

Answer 19

Unknown vulnerabilities with no available patch

These pose significant risks as they are exploited before being discovered.

Question 20

What is Ransomware?

Answer 20

Malware that demands money

Often delivered through phishing or email compromise.

Question 21

What is a Trojan?

Answer 21

Malware disguised as legitimate software

Relies on human interaction for delivery.

Question 22

What is a Botnet?

Answer 22

A collection of systems controlled by a command and control server

Used for various malicious activities.

Question 23

What is Privilege escalation?

Answer 23

Gaining higher-level access to a system

Can be achieved by exploiting known vulnerabilities.

Question 24

What is CSRF (Cross-Site Request Forgery)?

Answer 24

Exploits the trust a web application has for the user

Prevented using cryptographic tokens.

Question 25

What is a **Downgrade attack**?

Answer 25

Forces hosts to use old insecure protocols ## Footnote This reintroduces vulnerabilities to the system.

Question 26

What is **forgery** in the context of web applications?

Answer 26

Takes advantage of the trust that web application has for the user ## Footnote This can lead to unauthorized actions being performed on behalf of the user.

Question 27

What is a **crypto token** used for?

Answer 27

To prevent forgery ## Footnote Crypto tokens help ensure that requests are legitimate and not forged.

Question 28

Define **directory traversal**.

Answer 28

Read files from web server that are outside of website’s file directory ## Footnote This can lead to unauthorized access to sensitive files.

Question 29

What is a **downgrade attack**?

Answer 29

Forces hosts to use old insecure protocols that reintroduces vulnerabilities ## Footnote This can compromise the security of the system.

Question 30

What does **SSL stripping** do?

Answer 30

Removes TLS encryption to read contents of traffic ## Footnote This can downgrade HTTPS to HTTP, exposing sensitive data.

Question 31

What is a **collision attack**?

Answer 31

When plaintext maps to the same hash value ## Footnote This can compromise the integrity of hashed data.

Question 32

What is a **birthday attack**?

Answer 32

A type of collision attack that takes advantage of probability ## Footnote It exploits the likelihood of two different inputs producing the same hash.

Question 33

What is **spraying** in password attacks?

Answer 33

Using the same password/common passwords for multiple accounts ## Footnote This method targets many accounts with minimal effort.

Question 34

Define **brute force** password attack.

Answer 34

Trying every single possible password/combination ## Footnote This method can be time-consuming but is effective against weak passwords.

Question 35

List indicators of **malicious activity**.

Answer 35

* Account lockout * Concurrent session usage * Blocked content * Impossible travel * Resource consumption * Resource inaccessibility * Out of cycle logging * Published/documented private company data * Missing logs ## Footnote These indicators can signal potential security breaches.

Question 36

What are the types of **segmentation**?

Answer 36

* Physical - separating physical devices * Logical - network switches through VLANs * Virtual - cloud-based, virtual machines ## Footnote Segmentation helps improve performance and security.

Question 37

What are **ACLs**?

Answer 37

Access control lists that allow or disallow traffic ## Footnote ACLs can be based on categories, IPs, destination ports, etc.

Question 38

What is the purpose of **encryption** in data protection?

Answer 38

Limit data that attackers can access ## Footnote Encryption is crucial for safeguarding sensitive information.

Question 39

What does **EFS** stand for?

Answer 39

Windows Encrypting File System ## Footnote EFS is used for file-level encryption in Windows.

Question 40

What is **FDE**?

Answer 40

Full Disk Encryption ## Footnote FDE encrypts everything on the drive to protect data at rest.

Question 41

What is the role of **constant monitoring** in security?

Answer 41

Log all information ## Footnote Monitoring can be done through built-in sensors, separate devices, or integrated systems.

Question 42

What is **least privilege**?

Answer 42

A principle that limits user access to only what is necessary ## Footnote This minimizes potential damage from compromised accounts.

Question 43

What is **system hardening**?

Answer 43

Updates, user accounts, limit network access, monitoring with antivirus/anti-malware ## Footnote Hardening techniques are essential for securing systems.

Question 44

What does **HIPS** stand for?

Answer 44

Host Intrusion Prevention System ## Footnote HIPS recognizes and blocks known attacks.

Question 45

What is **data at rest**?

Answer 45

Data stored on a storage device ## Footnote Protecting data at rest involves encryption and access permissions.

Question 46

What is **data in transit**?

Answer 46

Data transmitted over a network ## Footnote Protection during transit can include firewalls and transport encryption.

Question 47

What is **data in use**?

Answer 47

Data actively being processed ## Footnote This data is typically decrypted while being processed.

Question 48

What is **tokenization**?

Answer 48

Replaces sensitive data with non-sensitive placeholders ## Footnote Tokenization is used to protect sensitive information during transactions.

Question 49

What are **secure baselines**?

Answer 49

Foundation baselines for securing applications ## Footnote They include firewall settings, patch levels, and OS file versions.

Question 50

What is **media sanitization**?

Answer 50

Removing data so no usable info remains ## Footnote This is crucial for disposal or decommissioning of storage devices.

Question 51

What is the purpose of **vulnerability scanning**?

Answer 51

Minimally invasive testing to identify open/closed ports ## Footnote Tools like Nessus and Nmap are commonly used for this purpose.

Question 52

What is a **penetration test**?

Answer 52

Simulates an attack to exploit vulnerabilities ## Footnote This helps organizations understand their security posture.

Question 53

What does **CVSS** stand for?

Answer 53

Common Vulnerability Scoring System ## Footnote CVSS is used to assess the severity of vulnerabilities.

Question 54

What is the **AAA Framework**?

Answer 54

Authentication, Authorization, Accounting ## Footnote This framework is essential for managing user access and resources.

Question 55

What is **WPA3**?

Answer 55

Wi-Fi Protected Access 3 ## Footnote WPA3 provides enhanced security for wireless networks.

Question 56

What is **input validation**?

Answer 56

Checking and correcting all input methods ## Footnote This is crucial for preventing injection attacks.

Question 57

What is **sandboxing**?

Answer 57

Isolating applications to limit their resource access ## Footnote This can be used during development or runtime.

Question 58

What are the **key components** of **remote access** security monitoring?

Answer 58

* Authentications * Server monitoring * Applications * Infrastructure ## Footnote These components help ensure the security of remote access systems.

Question 59

What is the purpose of **log aggregation** in security monitoring?

Answer 59

* Centralized reporting * Correlation between diverse systems * Tracking application access * Measuring data transfers ## Footnote Log aggregation is typically done through a SIEM.

Question 60

What does **SCAP** stand for in security protocols?

Answer 60

Security Content Automation Protocol ## Footnote SCAP is part of NIST and standardizes vulnerability communication across tools.

Question 61

True or false: An **agent** in security monitoring needs to be installed and maintained.

Answer 61

TRUE ## Footnote An agent is always on and running, providing continuous monitoring.

Question 62

What are the **functions** of a **SIEM**?

Answer 62

* Log collection of security alerts * Log aggregation and long-term storage * Data correlation * Forensic analysis ## Footnote SIEMs are central databases for security information and event management.

Question 63

What is the **incident response lifecycle** according to NIST SP800-61?

Answer 63

* Preparation * Detection * Analysis * Containment * Eradication * Recovery * Lessons Learned ## Footnote This lifecycle outlines the steps to effectively respond to security incidents.

Question 64

What is the purpose of **digital forensics** in incident response?

Answer 64

* Acquisition * Analysis * Reporting * Preservation ## Footnote Digital forensics involves collecting and protecting information related to an intrusion.

Question 65

What types of logs are important for **investigating security incidents**?

Answer 65

* Firewall Logs * Application Logs * Endpoint Logs * IDS/IPS Logs * Network Logs ## Footnote These logs provide detailed security-related information for analysis.

Question 66

What are the **elements of effective security governance**?

Answer 66

* Security Policies * Governance structures * External considerations * Data roles and responsibilities ## Footnote Effective governance ensures compliance and security within an organization.

Question 67

What is the purpose of a **Business Continuity Plan**?

Answer 67

To continue operations if something goes wrong ## Footnote This plan must be documented and tested to ensure effectiveness.

Question 68

What does **SLA** stand for in vendor agreements?

Answer 68

Service Level Agreement ## Footnote SLA outlines minimum terms for services provided between customers and service providers.

Question 69

What are the **consequences of non-compliance** with security regulations?

Answer 69

* Fines * Loss of employment * Reputational damage * Contractual impacts ## Footnote Non-compliance can have serious legal and financial repercussions.

Question 70

What is the purpose of **phishing campaigns** in security awareness training?

Answer 70

To help employees recognize phishing attempts ## Footnote These campaigns simulate phishing attacks to improve awareness.

Question 71

What are the **key roles** in data management?

Answer 71

* Data Owner * Data Controller * Data Processor * Data Custodian/Steward ## Footnote Each role has specific responsibilities regarding data security and compliance.

Question 72

Fill in the blank: **________** is a legal technique to preserve relevant information for litigation.

Answer 72

Legal Hold ## Footnote Legal holds ensure that data is not modified or tampered with during legal proceedings.

Question 73

What is the **function** of **alert tuning** in security monitoring?

Answer 73

To improve alert accuracy ## Footnote Alert tuning helps reduce false positives and ensures relevant alerts are prioritized.