SBOLC Security Fundamentals
Exam Review 100% Accurate!!
Onboarding Process - ANSWERSProcedures for new employees
-Signing of NDAs, AUPs, and signing for equipment
MD5 - ANSWERS-a hashing algorithm that results in a 128-bit output.
-bit strength is 128
Integer Overflow - ANSWERS-Large number being place into a buffer designed for
smaller numbers
-Can lead to DoS and data corruption
-Countermeasure: bounds checking
-Numeric Values
X.509 V3 - ANSWERSA digital certificate that contains an extension field that permits
any number of additional fields to be added to the certificate.
Initialization Vector (IV) - ANSWERS-Random values used in conjunction with
algorithms. Applied to plaintext data, the key, or the ciphertext before encryption is
completed.
-Increases the strength of ciphertext
-Mitigates exploitable patterns in the code
-Harder to discover the encryption key or password
-Can be used as a component to key stretching
-Similar terms: Nonce, salt
Snapshot - ANSWERS-A Virtual Machine rollback capability
-Allows you to revert back to a savepoint or known good state
PKI - ANSWERSPublic Key Infrastructure
, -the set of hardware, software, policies, processes, and procedures required to create,
manage, distribute, use, store, and revoke digital certificates and public-keys.
-overall framework
Change Management - ANSWERS-Policy that defines the formalized manners to
introduce transformations/change within the organization
-Documents and introduces change to the organization
-Change may introduce new risk
-Updates the baselines
Hash - ANSWERS-A hash is a mathematical function that converts an input of arbitrary
length into an encrypted output of a fixed length
-Fixed link output (message digest)
Script Kiddies - ANSWERSAttackers who lack the knowledge of how the protocols and
technologies work
RMF - ANSWERSRisk Management Framework
-Identifies risk in a 7 Step Model
What is the organizational policy that helps to uncover fraud? - ANSWERSMandatory
Vacation
Data Controller - ANSWERSThe person who controls the data being released
-Coud release data to a 3rd party and handles sensitive information internally
Proprietary - ANSWERSInternal to an organization, gives you a competitive edge, a
design concept you do not want leaked
RoT - ANSWERSRoot of Trust
-Trustworthy hardware and trustworthy software promoting security to a higher system
-A source that can always be trusted within a cryptographic system
VPN Tunnel Methods - ANSWERS-Full Tunnel: All network traffic is passed through the
tunnel
-Split Tunnel: Only network traffic destined to the corporate network is passed through
the tunnel, all other traffic goes directly to the internet
Exam Review 100% Accurate!!
Onboarding Process - ANSWERSProcedures for new employees
-Signing of NDAs, AUPs, and signing for equipment
MD5 - ANSWERS-a hashing algorithm that results in a 128-bit output.
-bit strength is 128
Integer Overflow - ANSWERS-Large number being place into a buffer designed for
smaller numbers
-Can lead to DoS and data corruption
-Countermeasure: bounds checking
-Numeric Values
X.509 V3 - ANSWERSA digital certificate that contains an extension field that permits
any number of additional fields to be added to the certificate.
Initialization Vector (IV) - ANSWERS-Random values used in conjunction with
algorithms. Applied to plaintext data, the key, or the ciphertext before encryption is
completed.
-Increases the strength of ciphertext
-Mitigates exploitable patterns in the code
-Harder to discover the encryption key or password
-Can be used as a component to key stretching
-Similar terms: Nonce, salt
Snapshot - ANSWERS-A Virtual Machine rollback capability
-Allows you to revert back to a savepoint or known good state
PKI - ANSWERSPublic Key Infrastructure
, -the set of hardware, software, policies, processes, and procedures required to create,
manage, distribute, use, store, and revoke digital certificates and public-keys.
-overall framework
Change Management - ANSWERS-Policy that defines the formalized manners to
introduce transformations/change within the organization
-Documents and introduces change to the organization
-Change may introduce new risk
-Updates the baselines
Hash - ANSWERS-A hash is a mathematical function that converts an input of arbitrary
length into an encrypted output of a fixed length
-Fixed link output (message digest)
Script Kiddies - ANSWERSAttackers who lack the knowledge of how the protocols and
technologies work
RMF - ANSWERSRisk Management Framework
-Identifies risk in a 7 Step Model
What is the organizational policy that helps to uncover fraud? - ANSWERSMandatory
Vacation
Data Controller - ANSWERSThe person who controls the data being released
-Coud release data to a 3rd party and handles sensitive information internally
Proprietary - ANSWERSInternal to an organization, gives you a competitive edge, a
design concept you do not want leaked
RoT - ANSWERSRoot of Trust
-Trustworthy hardware and trustworthy software promoting security to a higher system
-A source that can always be trusted within a cryptographic system
VPN Tunnel Methods - ANSWERS-Full Tunnel: All network traffic is passed through the
tunnel
-Split Tunnel: Only network traffic destined to the corporate network is passed through
the tunnel, all other traffic goes directly to the internet
