SBOLC Security Fundamentals Exam Review Questions
and Answers
Onboarding Process - AnswerProcedures for new employees
-Signing of NDAs, AUPs, and signing for equipment
/.MD5 - Answer-a hashing algorithm that results in a 128-bit output.
-bit strength is 128
/.Integer Overflow - Answer-Large number being place into a buffer designed for smaller
numbers
-Can lead to DoS and data corruption
-Countermeasure: bounds checking
-Numeric Values
/.X.509 V3 - AnswerA digital certificate that contains an extension field that permits any
number of additional fields to be added to the certificate.
/.Initialization Vector (IV) - Answer-Random values used in conjunction with algorithms.
Applied to plaintext data, the key, or the ciphertext before encryption is completed.
-Increases the strength of ciphertext
-Mitigates exploitable patterns in the code
-Harder to discover the encryption key or password
-Can be used as a component to key stretching
-Similar terms: Nonce, salt
/.Snapshot - Answer-A Virtual Machine rollback capability
-Allows you to revert back to a savepoint or known good state
/.PKI - AnswerPublic Key Infrastructure
-the set of hardware, software, policies, processes, and procedures required to create,
manage, distribute, use, store, and revoke digital certificates and public-keys.
, -overall framework
/.Change Management - Answer-Policy that defines the formalized manners to
introduce transformations/change within the organization
-Documents and introduces change to the organization
-Change may introduce new risk
-Updates the baselines
/.Hash - Answer-A hash is a mathematical function that converts an input of arbitrary
length into an encrypted output of a fixed length
-Fixed link output (message digest)
/.Script Kiddies - AnswerAttackers who lack the knowledge of how the protocols and
technologies work
/.RMF - AnswerRisk Management Framework
-Identifies risk in a 7 Step Model
/.What is the organizational policy that helps to uncover fraud? - AnswerMandatory
Vacation
/.Data Controller - AnswerThe person who controls the data being released
-Coud release data to a 3rd party and handles sensitive information internally
/.Proprietary - AnswerInternal to an organization, gives you a competitive edge, a
design concept you do not want leaked
/.RoT - AnswerRoot of Trust
-Trustworthy hardware and trustworthy software promoting security to a higher system
-A source that can always be trusted within a cryptographic system
/.VPN Tunnel Methods - Answer-Full Tunnel: All network traffic is passed through the
tunnel
-Split Tunnel: Only network traffic destined to the corporate network is passed through
the tunnel, all other traffic goes directly to the internet
-Always-on VPN tunnel: VPN client solution that uses a VPN tunnel whenever the client
is connecting to an untrusted network
and Answers
Onboarding Process - AnswerProcedures for new employees
-Signing of NDAs, AUPs, and signing for equipment
/.MD5 - Answer-a hashing algorithm that results in a 128-bit output.
-bit strength is 128
/.Integer Overflow - Answer-Large number being place into a buffer designed for smaller
numbers
-Can lead to DoS and data corruption
-Countermeasure: bounds checking
-Numeric Values
/.X.509 V3 - AnswerA digital certificate that contains an extension field that permits any
number of additional fields to be added to the certificate.
/.Initialization Vector (IV) - Answer-Random values used in conjunction with algorithms.
Applied to plaintext data, the key, or the ciphertext before encryption is completed.
-Increases the strength of ciphertext
-Mitigates exploitable patterns in the code
-Harder to discover the encryption key or password
-Can be used as a component to key stretching
-Similar terms: Nonce, salt
/.Snapshot - Answer-A Virtual Machine rollback capability
-Allows you to revert back to a savepoint or known good state
/.PKI - AnswerPublic Key Infrastructure
-the set of hardware, software, policies, processes, and procedures required to create,
manage, distribute, use, store, and revoke digital certificates and public-keys.
, -overall framework
/.Change Management - Answer-Policy that defines the formalized manners to
introduce transformations/change within the organization
-Documents and introduces change to the organization
-Change may introduce new risk
-Updates the baselines
/.Hash - Answer-A hash is a mathematical function that converts an input of arbitrary
length into an encrypted output of a fixed length
-Fixed link output (message digest)
/.Script Kiddies - AnswerAttackers who lack the knowledge of how the protocols and
technologies work
/.RMF - AnswerRisk Management Framework
-Identifies risk in a 7 Step Model
/.What is the organizational policy that helps to uncover fraud? - AnswerMandatory
Vacation
/.Data Controller - AnswerThe person who controls the data being released
-Coud release data to a 3rd party and handles sensitive information internally
/.Proprietary - AnswerInternal to an organization, gives you a competitive edge, a
design concept you do not want leaked
/.RoT - AnswerRoot of Trust
-Trustworthy hardware and trustworthy software promoting security to a higher system
-A source that can always be trusted within a cryptographic system
/.VPN Tunnel Methods - Answer-Full Tunnel: All network traffic is passed through the
tunnel
-Split Tunnel: Only network traffic destined to the corporate network is passed through
the tunnel, all other traffic goes directly to the internet
-Always-on VPN tunnel: VPN client solution that uses a VPN tunnel whenever the client
is connecting to an untrusted network
