ASAP PACE CERTIFICATE (2025 - 2026
UPDATED QUESTIONS AND ANSWERS )
5,steps,of,the,operations,security,process,ANS,-1.Identification,of,critical,information
2.Analysis,of,threats
3.Analysis,of,vulnerabilities
4.Assessment,of,risks
5.Application,of,countermeasures
6,main,hardening,categories,ANS,-1.,Removing,unnecessary,software
2.,Removing,or,turning,off,unessential,services
3.,Making,alterations,to,common,accounts
4.,Applying,the,principle,of,least,privilege
5.,Applying,software,updates,in,a,timely,manner
6.,Making,use,of,logging,and,auditing,functions
ABAC,(attribute-based,access,control),ANS,-
access,control,model,in,which,access,is,based,on,attributes,(of,a,person,,a,resource,,or,an,environment)
acceptability,ANS,-A,measure,of,how,agreeable,a,particular,characteristic,is,to,the,users,of,a,system
accountability,ANS,-
this,provides,us,with,the,means,to,trace,activities,in,our,environment,back,to,their,source
ACL,(Access,Control,List),ANS,-
typically,built,to,a,certain,resource,,these,contain,the,identifiers,of,the,party,allowed,to,access,the,resourc
e,and,what,that,party,is,allowed,to,do
administrative,controls,ANS,-
based,on,rules,,laws,,policies,,procedures,,guidelines,,and,other,items,that,are,"paper",in,nature
AES,(Advanced,Encryption,Standard),ANS,-
A,set,of,symmetric,block,ciphers,endorsed,by,the,US,government,through,NIST.,Shares,the,same,block,mo
des,that,DES,uses,and,also,includes,other,modes,such,as,XEX-based,Tweaked,CodeBook,(TCB),mode
allowing,access,ANS,-An,act,that,grants,a,particular,party,access,to,a,given,resource
analysis,of,threats,ANS,-
2nd,step,in,the,OPSEC,process:,to,look,at,the,potential,harm,or,financial,impact,that,might,be,caused,by,cr
itical,information,being,exposed,,and,who,might,exploit,that,exposure
,analysis,of,vulnerabilities,ANS,-
3rd,step,in,the,OPSEC,process:,to,look,at,the,weaknesses,that,can,be,used,to,harm,us
anomaly-based,IDS,ANS,-
an,IDS,that,takes,a,baseline,of,normal,network,traffic,and,activity,and,measures,current,traffic,against,this
,baseline,to,detect,unusual,events
anti-malware,tool,ANS,-
A,type,of,tool,that,uses,signature,matching,or,anomaly,detection,(heuristics),to,detect,malware,threats,,ei
ther,in,real-time,or,by,performing,scans,of,files,and,processes
appliance,of,countermeasures,ANS,-
5th,step,in,the,OPSEC,process:,to,put,measures,in,place,to,mitigate,risks
arbitrary,code,execution,ANS,-
An,attack,that,exploits,an,applications,vulnerability,into,allowing,the,attacker,to,execute,commands,on,a,
user's,computer.
*,arbitrary,code,execution,in,intrinsic,or,securable,SQL,elements
ASLR,(Address,Space,Layout,Randomization),ANS,-
a,security,method,that,involves,shifting,the,contents,of,memory,around,to,make,tampering,difficult
assessment,of,risks,ANS,-
4th,step,in,the,OPSEC,process:,to,determine,what,issues,we,really,need,to,be,concerned,about,(areas,with
,matching,threats,and,vulnerabilities)
asymmetric,key,cryptography,(public,key,cryptography),ANS,-
this,method,uses,2,keys,,a,public,key,and,a,private,key
attack,surface,ANS,-The,total,of,the,areas,through,which,our,operating,system,might,be,attacked
auditing,ANS,-a,methodical,examination,and,review,that,ensures,accountability,through,technical,means;
,ensures,compliance,with,applicable,laws,,policies,,and,other,bodies,of,administrative,control,,and,detects
,misuse
authentication,ANS,-a,set,of,methods,we,use,to,establish,a,claim,of,identity,as,being,true
corroborates,the,identity,of,an,entity,,whether,it,is,the,sender,,the,sender's,computer,,some,device,,or,so
me,information
authentication,attack,ANS,-
A,type,of,attack,that,can,occur,when,we,fail,to,use,strong,authentication,mechanisms,for,our,applications
authenticity,ANS,-allows,for,attribution,as,to,the,owner,or,creator,of,the,data,in,question
authorization,ANS,-enables,us,to,determine,what,users,are,allowed,to,do
authorization,attack,ANS,-
A,type,of,attack,that,can,occur,when,we,fail,to,use,authorization,best,practices,for,our,applications
, availability,ANS,-refers,to,the,ability,to,access,our,data,when,we,need,it
availability,,residual,data,,backups,ANS,-Name,the,3,main,considerations,for,protecting,data
BCP,(Business,Continuity,Plan),ANS,-
the,plans,we,put,in,place,to,ensure,that,critical,business,functions,can,continue,operations,in,the,event,of,
an,emergency
Bell-LaPadula,Model,ANS,-
A,combination,of,DAC,and,MAC,,primarily,concerned,with,the,confidentiality,of,the,resource.,
-
,2,security,properties,define,how,information,can,flow,to,and,from,the,resource:,the,simple,security,prop
erty,and,the,*,property
Biba,model,ANS,-
Primarily,concerned,with,protecting,the,integrity,of,data,,even,at,the,expense,of,confidentiality.,
-,2,security,rules:,the,simple,integrity,axiom,and,the,*,integrity,axiom
BinScope,Binary,Analyzer,ANS,-
A,tool,developed,by,Microsoft,to,examine,source,code,for,general,good,practices
biometrics,ANS,-
Unique,physical,characteristics,of,an,individual,,such,as,the,color,patterns,in,an,iris,,fingerprints,,or,handp
rints
block,cipher,ANS,-
A,type,of,cipher,that,takes,a,predetermined,number,of,bits,in,the,plaintext,message,(commonly,64,bits),a
nd,encrypts,that,block
bounds,checking,ANS,-
to,set,a,limit,on,the,amount,of,data,we,expect,to,receive,to,set,aside,storage,for,that,data
*required,in,most,programming,languages
*,prevents,buffer,overflows
Brewer,and,Nash,model,ANS,--,Designed,to,prevent,conflicts,of,interest
-,commonly,used,in,industries,that,handle,sensitive,data
-,3,main,resources,classes,are,considered,in,this,model:,objects,,company,groups,,and,conflict,classes
buffer,overflow,(overrun),ANS,-
The,act,of,inputting,more,data,than,an,application,is,expecting,from,a,particular,input,,creating,the,possib
ility,of,executing,commands,by,specifically,crafting,the,excess,data
burp,suite,ANS,-A,well-
known,GUI,web,analysis,tool,that,offers,a,free,and,professional,version;,the,pro,version,includes,advance
d,tools,for,conducting,more,in-depth,attacks
UPDATED QUESTIONS AND ANSWERS )
5,steps,of,the,operations,security,process,ANS,-1.Identification,of,critical,information
2.Analysis,of,threats
3.Analysis,of,vulnerabilities
4.Assessment,of,risks
5.Application,of,countermeasures
6,main,hardening,categories,ANS,-1.,Removing,unnecessary,software
2.,Removing,or,turning,off,unessential,services
3.,Making,alterations,to,common,accounts
4.,Applying,the,principle,of,least,privilege
5.,Applying,software,updates,in,a,timely,manner
6.,Making,use,of,logging,and,auditing,functions
ABAC,(attribute-based,access,control),ANS,-
access,control,model,in,which,access,is,based,on,attributes,(of,a,person,,a,resource,,or,an,environment)
acceptability,ANS,-A,measure,of,how,agreeable,a,particular,characteristic,is,to,the,users,of,a,system
accountability,ANS,-
this,provides,us,with,the,means,to,trace,activities,in,our,environment,back,to,their,source
ACL,(Access,Control,List),ANS,-
typically,built,to,a,certain,resource,,these,contain,the,identifiers,of,the,party,allowed,to,access,the,resourc
e,and,what,that,party,is,allowed,to,do
administrative,controls,ANS,-
based,on,rules,,laws,,policies,,procedures,,guidelines,,and,other,items,that,are,"paper",in,nature
AES,(Advanced,Encryption,Standard),ANS,-
A,set,of,symmetric,block,ciphers,endorsed,by,the,US,government,through,NIST.,Shares,the,same,block,mo
des,that,DES,uses,and,also,includes,other,modes,such,as,XEX-based,Tweaked,CodeBook,(TCB),mode
allowing,access,ANS,-An,act,that,grants,a,particular,party,access,to,a,given,resource
analysis,of,threats,ANS,-
2nd,step,in,the,OPSEC,process:,to,look,at,the,potential,harm,or,financial,impact,that,might,be,caused,by,cr
itical,information,being,exposed,,and,who,might,exploit,that,exposure
,analysis,of,vulnerabilities,ANS,-
3rd,step,in,the,OPSEC,process:,to,look,at,the,weaknesses,that,can,be,used,to,harm,us
anomaly-based,IDS,ANS,-
an,IDS,that,takes,a,baseline,of,normal,network,traffic,and,activity,and,measures,current,traffic,against,this
,baseline,to,detect,unusual,events
anti-malware,tool,ANS,-
A,type,of,tool,that,uses,signature,matching,or,anomaly,detection,(heuristics),to,detect,malware,threats,,ei
ther,in,real-time,or,by,performing,scans,of,files,and,processes
appliance,of,countermeasures,ANS,-
5th,step,in,the,OPSEC,process:,to,put,measures,in,place,to,mitigate,risks
arbitrary,code,execution,ANS,-
An,attack,that,exploits,an,applications,vulnerability,into,allowing,the,attacker,to,execute,commands,on,a,
user's,computer.
*,arbitrary,code,execution,in,intrinsic,or,securable,SQL,elements
ASLR,(Address,Space,Layout,Randomization),ANS,-
a,security,method,that,involves,shifting,the,contents,of,memory,around,to,make,tampering,difficult
assessment,of,risks,ANS,-
4th,step,in,the,OPSEC,process:,to,determine,what,issues,we,really,need,to,be,concerned,about,(areas,with
,matching,threats,and,vulnerabilities)
asymmetric,key,cryptography,(public,key,cryptography),ANS,-
this,method,uses,2,keys,,a,public,key,and,a,private,key
attack,surface,ANS,-The,total,of,the,areas,through,which,our,operating,system,might,be,attacked
auditing,ANS,-a,methodical,examination,and,review,that,ensures,accountability,through,technical,means;
,ensures,compliance,with,applicable,laws,,policies,,and,other,bodies,of,administrative,control,,and,detects
,misuse
authentication,ANS,-a,set,of,methods,we,use,to,establish,a,claim,of,identity,as,being,true
corroborates,the,identity,of,an,entity,,whether,it,is,the,sender,,the,sender's,computer,,some,device,,or,so
me,information
authentication,attack,ANS,-
A,type,of,attack,that,can,occur,when,we,fail,to,use,strong,authentication,mechanisms,for,our,applications
authenticity,ANS,-allows,for,attribution,as,to,the,owner,or,creator,of,the,data,in,question
authorization,ANS,-enables,us,to,determine,what,users,are,allowed,to,do
authorization,attack,ANS,-
A,type,of,attack,that,can,occur,when,we,fail,to,use,authorization,best,practices,for,our,applications
, availability,ANS,-refers,to,the,ability,to,access,our,data,when,we,need,it
availability,,residual,data,,backups,ANS,-Name,the,3,main,considerations,for,protecting,data
BCP,(Business,Continuity,Plan),ANS,-
the,plans,we,put,in,place,to,ensure,that,critical,business,functions,can,continue,operations,in,the,event,of,
an,emergency
Bell-LaPadula,Model,ANS,-
A,combination,of,DAC,and,MAC,,primarily,concerned,with,the,confidentiality,of,the,resource.,
-
,2,security,properties,define,how,information,can,flow,to,and,from,the,resource:,the,simple,security,prop
erty,and,the,*,property
Biba,model,ANS,-
Primarily,concerned,with,protecting,the,integrity,of,data,,even,at,the,expense,of,confidentiality.,
-,2,security,rules:,the,simple,integrity,axiom,and,the,*,integrity,axiom
BinScope,Binary,Analyzer,ANS,-
A,tool,developed,by,Microsoft,to,examine,source,code,for,general,good,practices
biometrics,ANS,-
Unique,physical,characteristics,of,an,individual,,such,as,the,color,patterns,in,an,iris,,fingerprints,,or,handp
rints
block,cipher,ANS,-
A,type,of,cipher,that,takes,a,predetermined,number,of,bits,in,the,plaintext,message,(commonly,64,bits),a
nd,encrypts,that,block
bounds,checking,ANS,-
to,set,a,limit,on,the,amount,of,data,we,expect,to,receive,to,set,aside,storage,for,that,data
*required,in,most,programming,languages
*,prevents,buffer,overflows
Brewer,and,Nash,model,ANS,--,Designed,to,prevent,conflicts,of,interest
-,commonly,used,in,industries,that,handle,sensitive,data
-,3,main,resources,classes,are,considered,in,this,model:,objects,,company,groups,,and,conflict,classes
buffer,overflow,(overrun),ANS,-
The,act,of,inputting,more,data,than,an,application,is,expecting,from,a,particular,input,,creating,the,possib
ility,of,executing,commands,by,specifically,crafting,the,excess,data
burp,suite,ANS,-A,well-
known,GUI,web,analysis,tool,that,offers,a,free,and,professional,version;,the,pro,version,includes,advance
d,tools,for,conducting,more,in-depth,attacks
