ISC² CC Certified in Cybersecurity — Full Study Guide

Document specific requirements that a customer has about any aspect of a vendor's service performance.

_________ identifies and triages risks.

_________ are external forces that jeopardize security.

_________ are methods used by attackers.

_________ are the combination of a threat and a vulnerability.

We rank risks by _________ and _________.

_________ use subjective ratings to evaluate risk likelihood and impact.

_________ use objective numeric ratings to evaluate risk likelihood and impact.

_________ analyzes and implements possible responses to control risk.

_________ changes business practices to make a risk irrelevant.

_________ reduces the likelihood or impact of a risk.

An organization's _________ is the set of risks that it faces.

_________ Initial Risk of an organization.

_________ Risk that remains in an organization after controls.

_________ is the level of risk an organization is willing to accept.

_________ reduce the likelihood or impact of a risk and help identify issues.

_________ stop a security issue from occurring.

_________ identify security issues requiring investigation.

_________ remediate security issues that have occurred.

Hardening ==

Virus ==

Backups ==

_________ use technology to achieve control objectives.

_________ use processes to achieve control objectives.

_________ impact the physical world.

_________ tracks specific device settings.

_________ provide a configuration snapshot.

_________ assigns numbers to each version.

_________ serve as important configuration artifacts.

_________ and _________ help ensure a stable operating environment.

Purchasing an insurance policy is an example of which risk management strategy?

What two factors are used to evaluate a risk?

What term best describes making a snapshot of a system or application at a point in time for later comparison?

What type of security control is designed to stop a security issue from occurring in the first place?

What term describes risks that originate inside the organization?

What four items belong to the security policy framework?

_________ describe an organization's security expectations.

_________ describe specific security controls and are often derived from policies.

_________ describe best practices.

_________ step-by-step instructions.

_________ describe authorized uses of technology.

_________ describe how to protect sensitive information.

_________ cover password security practices.

_________ cover use of personal devices with company information.

_________ cover the use of personally identifiable information.

_________ cover the documentation, approval, and rollback of technology changes.

Which element of the security policy framework includes suggestions that are not mandatory?

What law applies to the use of personal information belonging to European Union residents?

What type of security policy normally describes how users may access business information with their own devices?

_________ the set of controls designed to keep a business running in the face of adversity, whether natural or man-made.

BCP is also known as _________.

Defining the BCP Scope: What business activities will the plan cover? What systems will it cover? What controls will it consider?

_________ identifies and prioritizes risks.

BCP in the cloud requires _________ between providers and customers.

_________ protects against the failure of a single component.

_________ identifies and removes SPOFs.

_________ continues until the cost of addressing risks outweighs the benefit.

_________ uses multiple systems to protect against service failure.

_________ makes a single system resilient against technical failures.

_________ spreads demand across systems.

3 Common Points of Failure in a system.

Disk Mirroring is which RAID level?

Disk striping with parity is which RAID level?

What goal of security is enhanced by a strong business continuity program?

What is the minimum number of disk required to perform RAID level 5?

What type of control are we using if we supplement a single firewall with a second standby firewall ready to assume responsibility if the primary firewall fails?

_________ provide structure during cybersecurity incidents.

_________ describe the policies and procedures governing cybersecurity incidents.

_________ leads to strong incident response.

Incident Response Plans should include:

_________ should be consulted when developing a plan.

Incident response teams must have personnel available _________.

_________ is crucial to effective incident identification.

_________ security solution that collects information from diverse sources, analyzes it for signs for security incidents and retains it for later use.

The highest priority of a first responder must be containing damage through _________.

During an incident response, what is the highest priority of first responders?

You are normally required to report security incidents to law enforcement if you believe a law may have been violated. True or False

_________ restores normal operations as quickly as possible.

What are the initial response goals regarding Disaster Recovery?

_________ is the amount of time to restore service.

_________ is the amount of data to recover.

_________ is the percentage of service to restore.

_________ provide a data "safety net"

Types of Backup Media:

_________ include a complete copy of all data.

_________ are types of full backups.

_________ include all data modified since the last full backup.

_________ include all data modified since the last full or incremental backup.

Joe performs full backups every Sunday evening and differential backups every weekday evening. His system fails on Friday morning. What backups does he restore?

Joe performs full backups every Sunday evening and incremental backups every weekday evening. His system fails on Friday morning. What backups does he restore?

_________ provide alternate data processing.

Disaster Recovery Facility Sites:

_________ fully operational data centers stock with equipment an data and are available at a moment's notice. Very expensive.

_________ empty data centers stock with core equipment, network, and environmental controls but do not have servers. Relatively Inexpensive but can take weeks or even months to become operational.

_________ stock with all necessary equipment and data but are not maintained in a parallel fashion. Similar in expense to hot sites and can become operational in hours or days.

_________ these are geographically distant, offer site resiliency, require manual transfer or site replication through SAN or VM and provide online or offline backups.

Disaster Recovery Testing Goals:

Disaster Recovery Test types:

_________ ask each team member to review their role in the disaster recovery process and provide feedback.

_________ gather the team together for a formal review of the disaster recovery plan.

_________ use a practice scenario to test the disaster recovery plan.

_________ activate the disaster recovery environment but do not switch operations there.

_________ this switches primary operations to the alternate environment and can be very disruptive to business.

Which type of backup includes only those files that have changes since the most recent full or incremental backup?

(Revisit) What disaster recovery metric provides the targeted amount of time to restore a service after a failure?

(Revisit) Which disaster recovery tests involve the actual activation of the DR site?

What type of disaster recovery site is able to be activated most quickly in the event of a disruption?

Within the organization, who can identify risk? (D1, L1.2.2)

Glen is an (ISC)² member. Glen receives an email from a company offering a set of answers for an (ISC)² certification exam. What should Glen do? (D1, L1.5.1)

A system that collects transactional information and stores it in a record in order to show which users performed which actions is an example of providing ________. (D1, L1.1.1)

In risk management concepts, a(n) ___________ is something or someone that poses risk to an organization or asset. (D1, L1.2.1)

A software firewall is an application that runs on a device and prevents specific types of traffic from entering that device. This is a type of ________ control. (D1, L1.3.1)

Tina is an (ISC)² member and is invited to join an online group of IT security enthusiasts. After attending a few online sessions, Tina learns that some participants in the group are sharing malware with each other, in order to use it against other organizations online. What should Tina do? (D1, L1.5.1)

The city of Grampon wants to ensure that all of its citizens are protected from malware, so the city council creates a rule that anyone caught creating and launching malware within the city limits will receive a fine and go to jail. What kind of rule is this? (D1, L1.4.1)

The Payment Card Industry (PCI) Council is a committee made up of representatives from major credit card providers (Visa, Mastercard, American Express) in the United States. The PCI Council issues rules that merchants must follow if the merchants choose to accept payment via credit card. These rules describe best practices for securing credit card processing technology, activities for securing credit card information, and how to protect customers' personal data. This set of rules is a _____. (D1, L1.4.2)

Aphrodite is a member of (ISC)² and a data analyst for Triffid Corporation. While Aphrodite is reviewing user log data, Aphrodite discovers that another Triffid employee is violating the acceptable use policy and watching streaming videos during work hours. What should Aphrodite do? (D1, L1.5.1)

Triffid Corporation has a rule that all employees working with sensitive hardcopy documents must put the documents into a safe at the end of the workday, where they are locked up until the following workday. What kind of control is the process of putting the documents into the safe? (D1, L1.3.1)

Kerpak works in the security office of a medium-sized entertainment company. Kerpak is asked to assess a particular threat, and he suggests that the best way to counter this threat would be to purchase and implement a particular security solution. This is an example of _______. (D1, L1.2.2)

The Triffid Corporation publishes a policy that states all personnel will act in a manner that protects health and human safety. The security office is tasked with writing a detailed set of processes on how employees should wear protective gear such as hardhats and gloves when in hazardous areas. This detailed set of processes is a _________. (D1, L1.4.1)

The senior leadership of Triffid Corporation decides that the best way to minimize liability for the company is to demonstrate the company's commitment to adopting best practices recognized throughout the industry. Triffid management issues a document that explains that Triffid will follow the best practices published by SANS, an industry body that addresses computer and information security. The Triffid document is a ______, and the SANS documents are ________. (D1, L1.4.2)

Zarma is an (ISC)² member and a security analyst for Triffid Corporation. One of Zarma's colleagues is interested in getting an (ISC)2 certification and asks Zarma what the test questions are like. What should Zarma do? (D1, L1.5.1)

Of the following, which would probably not be considered a threat? (D1, L1.2.1)

Siobhan is an (ISC)² member who works for Triffid Corporation as a security analyst. Yesterday, Siobhan got a parking ticket while shopping after work. What should Siobhan do? (D1, L1.5.1)

Which of the following is an example of a "something you are" authentication factor? (D1, L1.1.1)

For which of the following systems would the security concept of availability probably be most important? (D1, L1.1.1)

In risk management concepts, a(n) _________ is something a security practitioner might need to protect. (D1, L1.2.1)

Triffid Corporation has a policy that all employees must receive security awareness instruction before using email; the company wants to make employees aware of potential phishing attempts that the employees might receive via email. What kind of control is this instruction? (D1, L1.3.1)

What is the overall objective of a disaster recovery (DR) effort? (D2, L2.3.1)

True or False? Business continuity planning is a reactive procedure that restores business operations after a disruption occurs.

An attacker outside the organization attempts to gain access to the organization's internal files. This is an example of a(n) ______. (D2, L2.1.1)

What is the most important goal of a business continuity effort? (D2, L2.2.1)

What is the risk associated with resuming full normal operations too soon after a DR effort? (D2, L2.3.1)

What is the goal of an incident response effort? (D2, L2.1.1)

When should a business continuity plan (BCP) be activated? (D2, L2.2.1)

In order for a biometric security to function properly, an authorized person's physiological data must be ______. (D3, L3.2.1)

At Parvi's place of work, the perimeter of the property is surrounded by a fence; there is a gate with a guard at the entrance. All inner doors only admit personnel with badges, and cameras monitor the hallways. Sensitive data and media are kept in safes when not in use. (D3, L3.1.1)

Tekila works for a government agency. All data in the agency is assigned a particular sensitivity level, called a "classification." Every person in the agency is assigned a "clearance" level, which determines the classification of data each person can access. What is the access control model being implemented in Tekila's agency? (D3, L3.3.1)

Prachi works as a database administrator for Triffid, Inc. Prachi is allowed to add or delete users, but is not allowed to read or modify the data in the database itself. When Prachis logs onto the system, an access control list (ACL) checks to determine which permissions Prachi has. Which security concept is being applied in this situation? (D3, L3.1.1)

Network traffic originating from outside the organization might be admitted to the internal IT environment or blocked at the perimeter by a ________. (D3, L3.2.1)

What is the most critical element of an organization's security program?

What is the primary purpose of a security policy?

What is the role of a security manager?

What is a vulnerability assessment?

What is the difference between a vulnerability assessment and a penetration test?

What is the CIA triad?

What is the difference between confidentiality and privacy?

What is the principle of least privilege?

What is a firewall?

What is a DMZ?

What is encryption?

What is a digital signature?

What is a certificate authority?

What is a secure socket layer (SSL)?

What is a virtual private network (VPN)?

What is multi-factor authentication?

What is a denial of service (DoS) attack?

What is social engineering?

What is a malware?

What is a phishing attack?

What is a man-in-the-middle (MitM) attack?

What is a rootkit?

What is a honeypot?

What is a security incident?

What is the difference between a vulnerability and a risk?

What is a security control?

What is the difference between a security control and a security countermeasure?

What is the concept of defense in depth?

What is a security incident response plan?

What is a security audit?

What is a risk assessment?

What is the difference between a vulnerability scan and a penetration test?

What is a security baseline?

What is the difference between symmetric and asymmetric encryption?

What is an access control list (ACL)?

What is a security information and event management (SIEM) system?

What is a data loss prevention (DLP) system?

What is a bring your own device (BYOD) policy?

What is a security awareness training program?

What is a secure coding practice?

What is the difference between a vulnerability disclosure program and a bug bounty program?

What is a security clearance?

What is a secure development lifecycle (SDLC)?

What is a threat actor?

What is a zero-day vulnerability?

What is a security incident response team (SIRT)?

What is the difference between a security incident and a security event?

What is a security token?

What is a security information exchange (SIE)?

What is a security posture?

What is a security control objective?

What is a risk management framework?

What is a business continuity plan?

What is a disaster recovery plan?

What is a security incident report?

What is a security risk assessment report?

What is a security operations center (SOC)?

What is a security clearance investigation?

What is a security baseline configuration?

What is a security incident response playbook?

What is a security key management system?

What is a security governance framework?

What is a security key exchange protocol?

What is a security information exchange format (STIX)?

What is a security content automation protocol (SCAP)?

What is a security information management (SIM) system?

What is a security event correlation system?

What is a security access management (SAM) system?

What is a security audit trail?

What is a security exception management process?

What is a security incident response communication plan?

What is a security vulnerability management program?

What is a security breach notification law?

What is a security token service (STS)?

What is a security content repository?

What is a security incident management process?

What is a security posture assessment?

What is a security information and event management (SIEM) correlation rule?

What is a security information and event management (SIEM) dashboard?

What is a security vulnerability scanner?

What is a security threat intelligence feed?

What is a security assessment framework?

What is a security classification system?

What is a security architecture framework?

What is a security control assessment?

What is a security patch management program?

What is a security incident severity level?

What is a security exception request process?

What is a security log analysis tool?

What is a security vulnerability exploit?

What is a security incident response plan testing?

What is a security information and event management (SIEM) retention policy?

What is a security information and event management (SIEM) correlation engine?

What is a security control validation?

What is a security incident response playbook testing?

What is a security maturity model?

What is a security culture?

What is a security governance committee?

What is a security risk management plan?

What is a security policy lifecycle?

A computer responsible for hosting applications to user workstations. NIST SP 800-82 Rev.2

An algorithm that uses one key to encrypt and a different key to decrypt the input plaintext.

A digit representing the sum of the correct digits in a piece of stored or transmitted digital data, against which later comparisons can be made to detect errors in the data.

The altered form of a plaintext message so it is unreadable for anyone except the intended recipients. In other words, it has been turned into a secret.

Classification identifies the degree of harm to the organization, its stakeholders or others that might result if an information asset is divulged to an unauthorized person, process or organization. In short, classification is focused first and foremost on maintaining the confidentiality of the data, based on the data sensitivity.

A process and discipline used to ensure that the only changes made to a system are those that have been authorized and validated.

One who performs cryptanalysis which is the study of mathematical techniques for attempting to defeat cryptographic techniques and/or information systems security. This includes the process of looking for errors or weaknesses in the implementation of an algorithm or of the algorithm itself.

The study or applications of methods to secure or protect the meaning and content of messages, files, or other information, usually by disguise, obscuration, or other transformations of that content and meaning.

System capabilities designed to detect and prevent the unauthorized use and transmission of information.

The reverse process from encryption. It is the process of converting a ciphertext message back into plaintext through the use of the cryptographic algorithm and the appropriate key for decryption (which is the same for symmetric encryption, but different for asymmetric encryption). This term is also used interchangeably with the "deciphering."

A technique of erasing data on disk or tape (including video tapes) that, when performed properly, ensures that there is insufficient magnetic remanence to reconstruct data.

The result of a cryptographic transformation of data which, when properly implemented, provides the services of origin authentication, data integrity, and signer non-repudiation. NIST SP 800-12 Rev. 1

Monitoring of outgoing network traffic.

The process and act of converting the message from its plaintext to ciphertext. Sometimes it is also referred to as enciphering. The two terms are sometimes used interchangeably in literature and have similar meanings.

The total set of algorithms, processes, hardware, software, and procedures that taken together provide an encryption and decryption capability.

A reference to the process of applying secure configurations (to reduce the attack surface) and locking down various hardware, communications systems, and software, including operating system, web server, application server, application, etc. Hardening is normally performed based on industry guidelines and benchmarks, such as those provided by the Center for Internet Security (CIS).

An algorithm that computes a numerical value (called the hash value) on a data file or electronic message that is used to represent that file or message and depends on the entire contents of the file or message. A hash function can be considered to be a fingerprint of the file or message. NIST SP 800-152

The process of using a mathematical algorithm against data to produce a numeric value that is representative of that data. Source CNSSI 4009-2015

The requirements for information sharing by an IT system with one or more other IT systems or applications, for information sharing to support multiple internal or external organizations, missions, or public programs. NIST SP 800-16

Monitoring of incoming network traffic.

A digital signature that uniquely identifies data and has the property such that changing a single bit in the data will cause a completely different message digest to be generated. NISTIR-8011 Vol.3

The software "master control application" that runs the computer. It is the first program loaded when the computer is turned on, and its main component, the kernel, resides in memory at all times. The operating system sets the standards for all application programs (such as the Web server) that run in the computer. The applications communicate with the operating system for most user interface and file management operations. NIST SP 800-44 Version 2

A software component that, when installed, directly modifies files or device settings related to a different software component without changing the version number or release details for the related software component. Source: ISO/IEC 19770-2

The systematic notification, identification, deployment, installation and verification of operating system and application software code revisions. These revisions are known as patches, hot fixes, and service packs. Source: CNSSI 4009

A message or data in its natural format and in readable form; extremely vulnerable from a confidentiality perspective.

The recordings (automated and/or manual) of evidence of activities performed or results achieved (e.g., forms, reports, test results), which serve as a basis for verifying that the organization and the information system are performing as intended. Also used to refer to units of related data fields (i.e., groups of data fields that can be accessed by a program and that contain the complete set of information on particular items). NIST SP 800-53 Rev. 4

A practice based on the records life cycle, according to which records are retained as long as necessary, and then are destroyed after the appropriate time interval has elapsed.

Residual information remaining on storage media after clearing. NIST SP 800-88 Rev. 1

The first stage of change management, wherein a change in procedure or product is sought by a stakeholder.

The entirety of the policies, roles, and processes the organization uses to make security decisions in an organization.

Tactics to infiltrate systems via email, phone, text, or social media, often impersonating a person or agency in authority or offering a gift. A low-tech method would be simply following someone into a secure building.

An algorithm that uses the same key in both the encryption and the decryption processes.

A computer that provides World Wide Web (WWW) services on the Internet. It includes the hardware, operating system, Web server software, and Web site content (Web pages). If the Web server is used internally and not by the public, it may be known as an "intranet server." NIST SP 800-44 Version 2

Phishing attacks that attempt to trick highly placed officials or private individuals with sizable assets into authorizing large fund wire transfers to previously unknown entities.

A set of routines, standards, protocols, and tools for building software applications to access a web-based software application or web tool.

The most essential representation of data (zero or one) at Layer 1 of the Open Systems Interconnection (OSI) model.

Broadcast transmission is a one-to-many (one-to-everyone) form of sending internet traffic.

The byte is a unit of digital information that most commonly consists of eight bits.

A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. NIST 800-145

A system in which the cloud infrastructure is provisioned for exclusive use by a specific community of consumers from organizations that have shared concerns (e.g., mission, security requirements, policy and compliance considerations). It may be owned, managed and operated by one or more of the organizations in the community, a third party or some combination of them, and it may exist on or off premises. NIST 800-145

The opposite process of encapsulation, in which bundles of data are unpacked or revealed.

The prevention of authorized access to resources or the delaying of time-critical operations. (Time-critical may be milliseconds or it may be hours, depending upon the service provided.) Source: NIST SP 800-27 Rev A

This acronym can be applied to three interrelated elements: a service, a physical server and a network protocol.

Enforcement of data hiding and code hiding during all phases of software development and operational use. Bundling together data and methods is the process of encapsulation; its opposite process may be called unpacking, revealing, or using other terms. Also used to refer to taking any set of data and packaging it or hiding it in another data structure, as is common in network protocols and encryption.

The process and act of converting the message from its plaintext to ciphertext. Sometimes it is also referred to as enciphering. The two terms are sometimes used interchangeably in literature and have similar meanings.

The internet protocol (and program) used to transfer files between hosts.

In a fragment attack, an attacker fragments traffic in such a way that a system is unable to put data packets back together.

The physical parts of a computer and related devices.

A combination of public cloud storage and private cloud storage where some critical data resides in the enterprise's private cloud while other data is stored and accessible from a public cloud storage provider.

The provider of the core computing, storage and network hardware and software that is the foundation upon which organizations can build and then deploy applications. IaaS is popular in the data center where software and servers are purchased as a fully outsourced service and usually billed on usage and how much of the resource is used.

An IP network protocol standardized by the Internet Engineering Task Force (IETF) through RFC 792 to determine if a particular service or host is available.

Standard protocol for transmission of data from source to destinations in packet-switched communications networks and interconnected systems of such networks. CNSSI 4009-2015

An attack where the adversary positions himself in between the user and the system so that he can intercept and alter data traveling between them. Source: NISTIR 7711

Part of a zero-trust strategy that breaks LANs into very small, highly localized zones using firewalls or similar technologies. At the limit, this places firewall at every connection point.

Purposely sending a network packet that is larger than expected or larger than can be handled by the receiving system, causing the receiving system to fail unexpectedly.

Representation of data at Layer 3 of the Open Systems Interconnection (OSI) model.

The primary action of a malicious code attack.

An information security standard administered by the Payment Card Industry Security Standards Council that applies to merchants and service providers who process credit or debit card transactions.

The web-authoring or application development middleware environment that allows applications to be built in the cloud before they're deployed as SaaS assets.

The phrase used to describe a cloud computing platform that is implemented within the corporate firewall, under the control of the IT department. A private cloud is designed to offer the same features and benefits of cloud systems, but removes a number of objections to the cloud computing model, including control over enterprise and customer data, worries about security, and issues connected to regulatory compliance.

A set of rules (formats and procedures) to implement and control some type of association (that is, communication) between systems. NIST SP 800-82 Rev. 2

The cloud infrastructure is provisioned for open use by the general public. It may be owned, managed, and operated by a business, academic, or government organization, or some combination of them. It exists on the premises of the cloud provider. NIST SP 800-145

The standard communication protocol for sending and receiving emails between senders and receivers.

Computer programs and associated data that may be dynamically written or modified during execution. NIST SP 80--37 Rev. 2

The cloud customer uses the cloud provider's applications running within a cloud infrastructure. The applications are accessible from various client devices through either a thin client interface, such as a web browser or a program interface. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user-specific application configuration settings. Derived from NIST 800-145

Faking the sending address of a transmission to gain illegal entry into a secure system. CNSSI 4009-2015

Internetworking protocol model created by the IETF, which specifies four layers of functionality: Link layer (physical communications), Internet Layer (network-to-network communication), Transport Layer (basic channels for connections and connectionless exchange of data between hosts), and Application Layer, where other protocols and user applications programs make use of network services.

A virtual local area network (VLAN) is a logical group of workstations, servers, and network devices that appear to be on the same LAN despite their geographical distribution.

A virtual private network (VPN), built on top of existing networks, that can provide a secure communications mechanism for transmission between networks.

A wireless area network (WLAN) is a group of computers and devices that are located in the same vicinity, forming a network based on radio transmissions rather than wired connections. A Wi-Fi network is a type of WLAN.

The graphical user interface (GUI) for the Nmap Security Scanner, an open-source application that scans networks to determine everything that is connected as well as other information.

Removing the design belief that the network has any trusted space. Security is managed at each possible level, representing the most granular asset. Microsegmentation of workloads is a tool of the model.

Independent review and examination of records and activities to assess the adequacy of system controls, to ensure compliance with established policies and operational procedures. NIST SP 1800-15B

An architectural approach to the design of buildings and spaces which emphasizes passive features to reduce the likelihood of criminal activity.

Information security strategy integrating people, technology, and operations capabilities to establish variable barriers across multiple layers and missions of the organization. Source: NIST SP 800-53 Rev 4

A certain amount of access control is left to the discretion of the object's owner, or anyone else who is authorized to control the object's access. The owner can determine who should have access rights to an object and what those rights should be. NIST SP 800-192

To protect private information by putting it into a form that can only be read by people who have permission to do so.

Devices that enforce administrative security policies by filtering incoming traffic based on a set of rules.

An entity with authorized access that has the potential to harm an information system through destruction, disclosure, modification of data, and/or denial of service. NIST SP 800-32

An operating system manufactured by Apple Inc. Used for mobile devices.

The use of multiple controls arranged in series to provide several consecutive controls to protect an asset; also called defense in depth.

An operating system that is open source, making its source code legally available to end users.

A system irregularity that is identified when studying log entries which could represent events of interest for further surveillance.

Collecting and storing user activities in a log, which is a record of the events occurring within an organization's systems and networks. NIST SP 1800-25B.

An automated system that controls an individual's ability to access one or more computer system resources, such as a workstation, network, application or database. A logical access control system requires the validation of an individual's identity through some mechanism, such as a PIN, card, biometric or other token. It has the capability to assign different access privileges to different individuals depending on their roles and responsibilities in an organization. NIST SP 800-53 Rev.5.

Access control that requires the system itself to manage access controls in accordance with the organization's security policies.

An entrance to a building or an area that requires people to pass through two doors with only one door opened at a time.

Passive information system-related entity (e.g., devices, files, records, tables, processes, programs, domains) containing or receiving information. Access to an object (by a subject) implies access to the information it contains. See subject. Source: NIST SP 800-53 Rev 4

Controls implemented through a tangible mechanism. Examples include walls, fences, guards, locks, etc. In modern organizations, many physical control systems are linked to technical/logical systems, such as badge readers connected to door locks.

The principle that users and programs should have only the minimum privileges necessary to complete their tasks. NIST SP 800-179

An information system account with approved authorizations of a privileged user. NIST SP 800-53 Rev. 4

A type of malicious software that locks the computer screen or files, thus preventing or limiting a user from accessing their system and data until money is paid.

An access control system that sets up user permissions based on roles.

An instruction developed to allow or deny access to a system by comparing the validated identity of the subject to an access control list.

The practice of ensuring that an organizational process cannot be completed by a single person; forces collusion as a means to reduce insider threats. Also commonly known as Separation of Duties.

Generally an individual, process or device causing information to flow among objects or change to the system state. Source: NIST SP800-53 R4

The security controls (i.e., safeguards or countermeasures) for an information system that are primarily implemented and executed by the information system through mechanisms contained in the hardware, software or firmware components of the system.

A one-way spinning door or barrier that allows only one person at a time to enter a building or pass through an area.

An operating system used in software development.

The process of creating, maintaining and deactivating user identities on a system.

Events with a negative consequence, such as system crashes, network packet floods, unauthorized use of system privileges, defacement of a web page or execution of malicious code that destroys data.

The loss of control, compromise, unauthorized disclosure, unauthorized acquisition or any similar occurrence where: a person other than an authorized user accesses or potentially accesses personally identifiable information; or an authorized user accesses personally identifiable information for other than an authorized purpose. Source: NIST SP 800-53 Rev. 5

Actions, processes and tools for ensuring an organization can continue critical operations during a contingency.

The documentation of a predetermined set of instructions or procedures that describe how an organization's mission/business processes will be sustained during and after a significant disruption.

An analysis of an information system's requirements, functions, and interdependencies used to characterize system contingency requirements and priorities in the event of a significant disruption. Reference: https://csrc.nist.gov/glossary/term/business-impact-analysis

In information systems terms, the activities necessary to restore IT and communications services to an organization during and after an outage, disruption or disturbance of any kind or scale.

The processes, policies and procedures related to preparing for recovery or continuation of an organization's critical business functions, technology infrastructure, systems and applications after the organization experiences a disaster. A disaster is when an organization's critical business function(s) cannot be performed at an acceptable level within a predetermined period following a disruption.

Any observable occurrence in a network or system. Source: NIST SP 800-61 Rev 2

A particular attack. It is named this way because these attacks exploit system vulnerabilities.

An event that actually or potentially jeopardizes the confidentiality, integrity or availability of an information system or the information the system processes, stores or transmits.

The mitigation of violations of security policies and recommended practices. Source: NIST SP 800-61 Rev 2

The mitigation of violations of security policies and recommended practices. Source: NIST SP 800-61 Rev 2

The documentation of a predetermined set of instructions or procedures to detect, respond to and limit consequences of a malicious cyberattack against an organization's information systems(s). Source: NIST SP 800-34 Rev 1

A security event, or combination of security events, that constitutes a security incident in which an intruder gains, or attempts to gain, access to a system or system resource without authorization. Source: IETF RFC 4949 Ver 2

A centralized organizational function fulfilled by an information security team that monitors, detects and analyzes events on the network or system to prevent and resolve issues before they result in business disruptions.

Weakness in an information system, system security procedures, internal controls or implementation that could be exploited or triggered by a threat source. Source: NIST SP 800-128.

A previously unknown system vulnerability with the potential of exploitation without risk of detection or prevention because it does not, in general, fit recognized patterns, signatures or methods.

Security commensurate with the risk and the magnitude of harm resulting from the loss, misuse or unauthorized access to or modification of information. Source: OMB Circular A-130

Controls implemented through policy and procedures. Examples include access control processes and requiring multiple personnel to conduct a specific operation. Administrative controls in modern environments are often enforced in conjunction with physical and/or technical controls, such as an access-granting policy for new users that requires login and approval by the hiring manager.

The ability of computers and robots to simulate human intelligence and behavior.

Anything of value that is owned by an organization. Assets include both tangible items such as information systems and physical property and intangible assets such as intellectual property.

Access control process validating that the identity being claimed by a user or entity is known to the system, by comparing one (single factor or SFA) or more (multi-factor authentication or MFA) factors of identification.

The right or a permission that is granted to a system entity to access a system resource. NIST 800-82 Rev.2

Ensuring timely and reliable access to and use of information by authorized users.

A documented, lowest level of security configuration allowed by a standard or organization.

Biological characteristics of an individual, such as a fingerprint, hand geometry, voice, or iris patterns.

Malicious code that acts like a remotely controlled "robot" for an attacker, with other Trojan and worm capabilities.

Information that has been determined to require protection against unauthorized disclosure and is marked to indicate its classified status and classification level when in documentary form.

The characteristic of data or information when it is not made available or disclosed to unauthorized persons or processes. NIST 800-66

A measure of the degree to which an organization depends on the information or information system for the success of a mission or of a business function. NIST SP 800-60 Vol. 1, Rev. 1

The property that data has not been altered in an unauthorized manner. Data integrity covers data in storage, during processing and while in transit. Source: NIST SP 800-27 Rev A

The process and act of converting the message from its plaintext to ciphertext. Sometimes it is also referred to as enciphering. The two terms are sometimes used interchangeably in literature and have similar meanings.

In 2016, the European Union passed comprehensive legislation that addresses personal privacy, deeming it an individual human right.

The process of how an organization is managed; usually includes all aspects of how decisions are made for that organization, such as policies, roles, and procedures the organization uses to make those decisions.

This U.S. federal law is the most important healthcare information regulation in the United States. It directs the adoption of national standards for electronic healthcare transactions while protecting the privacy of individual's health information. Other provisions address fraud reduction, protections for individuals with health insurance and a wide range of other healthcare-related activities. Est. 1996.

The magnitude of harm that could be caused by a threat's exercise of a vulnerability.

The potential adverse impacts to an organization's operations (including its mission, functions and image and reputation), assets, individuals, other organizations, and even the nation, which results from the possibility of unauthorized access, use, disclosure, disruption, modification or destruction of information and/or information systems.

The property of information whereby it is recorded, used and maintained in a way that ensures its completeness, accuracy, internal consistency and usefulness for a stated purpose.

The ISO develops voluntary international standards in collaboration with its partners in international standardization, the International Electro-technical Commission (IEC) and the International Telecommunication Union (ITU), particularly in the field of information and communication technologies.

The internet standards organization, made up of network designers, operators, vendors and researchers, that defines protocol standards (e.g., IP, TCP, DNS) through a process of collaboration and consensus. Source: NIST SP 1800-16B

The probability that a potential vulnerability may be exercised within the construct of the associated threat environment.

A weighted factor based on a subjective analysis of the probability that a given threat is capable of exploiting a given vulnerability or set of vulnerabilities.

Using two or more distinct instances of the three factors of authentication (something you know, something you have, something you are) for identity verification.

The NIST is part of the U.S. Department of Commerce and addresses the measurement infrastructure within science and technology efforts within the U.S. federal government. NIST sets standards in a number of areas, including information security within the Computer Security Resource Center of the Computer Security Divisions.

The inability to deny taking an action such as creating information, approving information and sending or receiving a message.

The National Institute of Standards and Technology, known as NIST, in its Special Publication 800-122 defines PII as "any information about an individual maintained by an agency, including (1) any information that can be used to distinguish or trace an individual's identity, such as name, Social Security number, date and place of birth, mother's maiden name, or biometric records; and (2) any other information that is linked or linkable to an individual, such as medical, educational, financial and employment information."

Controls implemented through a tangible mechanism. Examples include walls, fences, guards, locks, etc. In modern organizations, many physical control systems are linked to technical/logical systems, such as badge readers connected to door locks.

The right of an individual to control the distribution of information about themselves.

The chances, or likelihood, that a given threat is capable of exploiting a given vulnerability or a set of vulnerabilities. Source: NIST SP 800-30 Rev. 1

Information regarding health status, the provision of healthcare or payment for healthcare as defined in HIPAA (Health Insurance Portability and Accountability Act).

A method for risk analysis that is based on the assignment of a descriptor such as low, medium or high. Source: NISTIR 8286

A method for risk analysis where numerical values are assigned to both impact and likelihood based on statistical probabilities and monetarized valuation of loss or gain. Source: NISTIR 8286

A possible event which can have a negative impact upon the organization.

Determining that the potential benefits of a business function outweigh the possible risk impact/likelihood and performing that business function with no other action.

Determining that the potential benefits of a business function outweigh the possible risk impact/likelihood and performing that business function with no other action.

The process of identifying and analyzing risks to organizational operations (including mission, functions, image, or reputation), organizational assets, individuals and other organizations. The analysis performed as part of risk management which incorporates threat and vulnerability analyses and considers mitigations provided by security controls planned or in place.

Determining that the impact and/or likelihood of a specific risk is too great to be offset by the potential benefits and not performing a certain business function because of that determination.

The process of identifying, evaluating and controlling threats, including all the phases of risk context (or frame), risk assessment, risk treatment and risk monitoring.

A structured approach used to oversee and manage risk for an enterprise. Source: CNSSI 4009

Putting security controls in place to reduce the possible impact and/or likelihood of a specific risk.

The level of risk an entity is willing to assume in order to achieve a potential desired result. Source: NIST SP 800-32. Risk threshold, risk appetite and acceptable risk are also terms used synonymously with risk tolerance.

Paying an external party to accept the financial impact of a given risk.

The determination of the best way to address an identified risk.

The management, operational and technical controls (i.e., safeguards or countermeasures) prescribed for an information system to protect the confidentiality, integrity and availability of the system and its information. Source: FIPS PUB 199

A measure of the importance assigned to information by its owner, for the purpose of denoting its need for protection. Source: NIST SP 800-60 Vol 1 Rev 1

Use of just one of the three available factors (something you know, something you have, something you are) to carry out the authentication process being requested.

The condition an entity is in at a point in time.

The quality that a system has when it performs its intended function in an unimpaired manner, free from unauthorized manipulation of the system, whether intentional or accidental. Source: NIST SP 800-27 Rev. A

Security controls (i.e., safeguards or countermeasures) for an information system that are primarily implemented and executed by the information system through mechanisms contained in the hardware, software or firmware components of the system.

Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image or reputation), organizational assets, individuals, other organizations or the nation through an information system via unauthorized access, destruction, disclosure, modification of information and/or denial of service. Source: NIST SP 800-30 Rev 1

An individual or a group that attempts to exploit vulnerabilities to cause or force a threat to occur.

The means by which a threat actor carries out their objectives.

A physical object a user possesses and controls that is used to authenticate the user's identity. Source: NISTIR 7711

Weakness in an information system, system security procedures, internal controls or implementation that could be exploited by a threat source. Source: NIST SP 800-30 Rev 1

IEEE is a professional organization that sets standards for telecommunications, computer engineering and similar disciplines.

Which of the following is a biometric access control mechanism? (D3, L3.2.1)

All of the following are typically perceived as drawbacks to biometric systems, except: (D3, L3.2.1)

Which of the following is probably most useful at the perimeter of a property? (D3, L3.2.1)

Gary is unable to log in to the production environment. Gary tries three times and is then locked out of trying again for one hour. Why? (D3, L3.3.1)

Larry and Fern both work in the data center. In order to enter the data center to begin their workday, they must both present their own keys (which are different) to the key reader, before the door to the data center opens. Which security concept is being applied in this situation? (D3, L3.1.1)

A human guard monitoring a hidden camera could be considered a ______ control. (D3, L3.2.1)

Which of the following statements is true? (D3, L3.3.1)

Visitors to a secure facility need to be controlled. Controls useful for managing visitors include all of the following except: (D3, L3.2.1)

Trina and Doug both work at Triffid, Inc. Doug is having trouble logging into the network. Trina offers to log in for Doug, using Trina's credentials, so that Doug can get some work done. What is the problem with this? (D3, L3.3.1)

Trina is a security practitioner at Triffid, Inc. Trina has been tasked with selecting a new product to serve as a security control in the environment. After doing some research, Trina selects a particular product. Before that product can be purchased, a manager must review Trina's selection and determine whether to approve the purchase. This is a description of: (D3, L3.1.1)

Handel is a senior manager at Triffid, Inc., and is in charge of implementing a new access control scheme for the company. Handel wants to ensure that employees who are assigned to new positions in the company do not retain whatever access they had in their old positions. Which method should Handel select? (D3, L3.3.1)

Handel is a senior manager at Triffid, Inc., and is in charge of implementing a new access control scheme for the company. Handel wants to ensure that employees transferring from one department to another, getting promoted, or cross-training to new positions can get access to the different assets they'll need for their new positions, in the most efficient manner. Which method should Handel select? (D3, L3.3.1)

Which of the following activities is usually part of the configuration management process, but is also extremely helpful in countering potential attacks? (D4.2 L4.2.3)

Ludwig is a security analyst at Triffid, Inc. Ludwig notices network traffic that might indicate an attack designed to affect the availability of the environment. Which of the following might be the attack Ludwig sees? (D4.2 L4.2.1)

A VLAN is a _____ method of segmenting networks. (D4.3 L4.3.3)

A device that filters network traffic in order to enhance overall security/performance. (D4.1 L4.1.1)

A tool that filters inbound traffic to reduce potential threats. (D4.2 L4.2.3)

The section of the IT environment that is closest to the external world; where we locate IT systems that communicate with the Internet. (D4.3 L4.3.3)

Which common cloud service model offers the customer the most control of the cloud environment? (D4.3 L4.3.2)

Which of the following would be best placed in the DMZ of an IT environment? (D4.3 L4.3.3)

A device typically accessed by multiple users, often intended for a single purpose, such as managing email or web pages. (D4.1 L4.1.1)

Cyril wants to ensure all the devices on his company's internal IT environment are properly synchronized. Which of the following protocols would aid in this effort? (D4, L4.1.2)

Gary is an attacker. Gary is able to get access to the communication wire between Dauphine's machine and Linda's machine and can then surveil the traffic between the two when they're communicating. What kind of attack is this? (D4.2 L4.2.1)

The logical address of a device connected to the network or Internet. (D4.1 L4.1.1)

A tool that monitors local devices to reduce potential threats from hostile software. (D4.2 L4.2.3)

A tool that aggregates log data from multiple sources, and typically analyzes it and reports potential threats. (D4.2 L4.2.2)

Which of the following is not a typical benefit of cloud computing services? (D4.3 L4.3.2)

Carol is browsing the Web. Which of the following ports is she probably using? (D4, L4.1.2)

Which type of fire-suppression system is typically the safest for humans? (D4.3 L4.3.1)

Triffid, Inc., has deployed anti-malware solutions across its internal IT environment. What is an additional task necessary to ensure this control will function properly? (D4.2 L4.2.3)

If two people want to use asymmetric communication to conduct a confidential conversation, how many keys do they need? (D5.1, L5.1.2)

Which of these is the most important reason to conduct security instruction for all employees. (D5.4, L5.4.1)

An organization must always be prepared to ______ when applying a patch. (D5.2, L5.2.1)

By far, the most crucial element of any security instruction program. (D5.4, L5.4.1)

The output of any given hashing algorithm is always _____. (D5.1, L5.1.3)

Data _____ is data left behind on systems/media after normal deletion procedures have been attempted. (D5.1, L5.1.1)

Proper alignment of security policy and business goals within the organization is important because: (D5.3, L5.3.1)

When data has reached the end of the retention period, it should be _____. (D5.1, L5.1.1)

When Pritha started working for Triffid, Inc., Pritha had to sign a policy that described how Pritha would be allowed to use Triffid's IT equipment. What policy was this? (D5.3, L5.3.1)

Who dictates policy? (D5.3, L5.3.1)

If two people want to use symmetric encryption to conduct a confidential conversation, how many keys do they need? (D5.1, L5.1.3)

Security needs to be provided to ____ data. (D5.1, L5.1.1)

Data retention periods apply to ____ data. (D5.1, L5.1.1)

Two people must enter sensitive areas together is known as what?

Two people must jointly approve sensitive actions is known as what?

What set of principles uses the built environment to improve security?

What type of lock always requires entering a code to enter the facility?

What type of physical security control should always be disclosed to visitors when used?

Attestation reviews formal approval documentation.

_____________ adds user location information to logs.

_____________ alerts when a device leaves defined boundaries.

After onboarding, administrators create authentication credentials and grant appropriate authorization. What is this known as?

During the offboarding process, administrators disable accounts and revoke authorizations at the appropriate time. What is this known as?

True or False: A Routine Workflow is when an administrator disables accounts on a scheduled basis for planned departures.

True or False: A Emergency Workflow is when an administrator disables accounts immediately when a user is unexpectedly terminated.

True or False: Authentication determines what an authorized user can do.

What are the most stringent access control types?

What access control system is flexible and is determined by file owners? (This access control is most common)

What access control type grants permissions to groups of people?

What principle states that individuals should only have the minimum set of permissions necessary to carry out their job functions?

Local Area Networks (LAN) are connected to what?

RJ-45 (Ethernet Cables) connectors have how many pins?

What are RJ-11 cables used for?

RJ-11 cables have how many pins?

Bluetooth devices create what type of networks?

Range for a Bluetooth network is what?

TCP is a ________________________ oriented protocol.

How does the TCP Threeway Handshake look?

At what stage of the TCP Threeway Handshake is the request to connect generated?

Which TCP Flag indicates a connection needs to be opened?

What is known as a lightweight, connectionless protocol?

At what layer of the OSI model do cables exist?

At what layer of the OSI model does TCP and UDP exist?

At what layer of the OSI model does data translation and encryption/decryption take place?

How many layers does the TCP model have?

How many layers does the OSI model have?

What are the layer names for the TCP model?

How many possible ports are there on a network?

What port range is known as the "well-known" ports?

What port range is known as the "registered" ports?

What port range is known as "dynamic" ports?

What is port 21 used for?

What is port 22 used for?

What is port 3389 used for?

What are ports 137, 138, and 139 used for?

What is port 53 used for?

What is port 25 used for?

What is port 110 used for?

What is port 143 used for?

What is port 80 used for?

What is port 443 used for?

Wi-Fi Protected Access (WPA) changes keys with the ______________ Key Integrity Protocol (TKIP).

Wi-Fi Protected Access v2 (WPA2) adds security with _____________.

What new authentication technology is introduced with Wi-Fi Protected Access v3 (WPA3)?

What is it known when a ping request is successfully received?

What is it known when a ping request is successfully sent?

What TCP flag indicates that a packet is requesting a new connection?

What type of network is most often used to connect peripherals to computers and mobile devices?

Which one of the following ports is not normally used by email systems?

What technology provides the translation that assigns public IP addresses to privately addressed systems that wish to communicate on the Internet?

What command may be used to determine the network path between two locations?

Brad is configuring a new wireless network for his small business. What wireless security standard should he use?

How many components does Malware have?

What is the best way to protect against viruses?

___________ steal computing power, network bandwidth, and storage capacity.

______________ attacks exploit flaws in browsers and browser plugins.

True or False: In a Replay Attack, the attacker can see the encoded credentials.

_________________ tricks browsers into using unencrypted communications.

________________________ use externally forced errors.

What type of malware spreads under its own power?

Which one of the following techniques is useful in preventing replay attacks?

_________________ monitor network traffic for signs of malicious activity.

True or False: An IDS can detect SQL Injection attacks, malformed packets used to create a DoS, unusual login patterns outside of normal hours or geographic area, and botnet traffic.

_____________________ block malicious activity automatically.

The following are detection types for an IDS: 1. Signature Based Detection (Also known as Behavior Based Detection) 2. Anomaly Base Detection (Also known as Heuristic Based Detection)

True or False: In-band (inline) IPS deployment mode sits in the path of network communications.

True or False: Out-of-band (passive) IPS deployment mode connects to a SPAN port on a switch.

What type of malware prevention is most effective against known viruses?

Rachel recently investigated a security alert from her intrusion detection system and, after exhaustive research, determined that the alert was not the result of an intrusion. What type of error occurred?

Nmap is an example of a _____ tool.

Nessus is an example of a _____ tool.

What temperature range should be maintained in a data center?

What dew point range should be maintained in a data center?

True or False: Pipes that contain water and are ready to deploy when a fire strikes is known as "Wet Pipe Systems".

Network Border Firewalls have three different security zones, these are called:

Intranet segments that are extended to business partners.

Decoy networks designed to attract attackers.

Temporary networks that may bypass security controls.

What do professionals call network traffic that exists between systems located in the data center?

What do professionals call network traffic that exists between systems and systems on the internet?

Switches operate at which layers of the OSI model? (Pick two)

___________ firewalls evaluate each connection independently.

_____________ firewalls track open connections.

What firewall rule receives traffic not explicitly allowed by a firewall rule, then that traffic must be blocked?

What are 4 types of VPN Endpoints?

IPSec (Internet Protocol Security) operates at what layer of the OSI model?

SSL/TLS VPNs work at the application layer (Layer 7) of the OSI model over TCP port _________.

True or False: Full Tunnel VPN's allow all network traffic to leave a connected device and routes it through a VPN tunnel, regardless of its final destination.

True or False: Split Tunnel VPN's allow only traffic destined for the corporate network and is sent through a VPN tunnel. Other traffic is routed directly over the internet.

True or False: Split Tunnel VPN's provide users with a false sense of security.

Network Access Control (NAC) uses __________ authentication.

True or False: Network segmentation is the most important control for embedded devices.

What is the piece of software running on a device that enables it to connect to a NAC-protected network?

What network port is used for SSL/TLS VPN connections?

What is the most important control to apply to smart devices?

What network device can connect together multiple networks?

Ricky would like to separate his network into three distinct security zones. Which one of the following devices is best suited to that task?

What security principle does a firewall implement with traffic when it does not have a rule that explicitly defines an action for that communication?

Which one of the following devices carries VLANs on a network?

What is the minimum acceptable temperature for a data center?

What is known as a ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction?

What are the three cloud service categories?

Which cloud service category allows customers to purchase an entire app and have it built?

Which cloud service category allows customers to purchase servers/storage?

Which cloud service category allows customers to purchase an app platform?

True or False: The security responsibility for IaaS platforms are separated into two categories: vendor is responsible for the hardware and data center, and the customer is responsible for the OS, application, and Data maintained.

True or False: The security responsibility for PaaS platforms are separated into two categories: vendor is responsible for the hardware, OS, and data center, and the customer is responsible for the application and Data maintained.

True or False: The security responsibility for SaaS platforms are separated into two categories: vendor is responsible for the hardware, OS, application, and data center, and the customer is responsible for just the Data maintained.

________ cloud computing uses a shared responsibility model.

___________ combines resources from two different public cloud vendors.

_____________ provide security services for other organizations as a managed service.

MSSPs may also be referred to as ____________.

_______________ add a third-party security layer to the interactions that users have with other cloud services.

True or False: Ensure that vendor security policies are at least as stringent as your own.

What is the Vendor Management Life Cycle?

Vendors extend your organization's technology environment. If they handle data on your behalf, you should expect they execute the same degree of care that you would in your own operations.

Which cloud deployment model exclusively uses dedicated cloud resources for a customer?

What type of agreement is used to define availability requirements for an IT service that an organization is purchasing from a vendor?

Purchasing server instances and configuring them to run your own software is an example of what cloud deployment model?

Which one of the following is not a characteristic of cloud computing?

In ______________ encryption you encrypt and decrypt with the same shared secret key.

You encrypt with the _________ key and decrypt with the _________ key.

In ______________ encryption you encrypt and decrypt with the same shared secret key.

_________________ algorithms use keypairs where each user gets a public key and a private key.

Keys used for ____________ encryption and decryption must be from the same pair.

AES is ___________ and RSA is ____________.

___________ is a one-way function that transforms a variable length input into a unique, fixed-length output.

True or False: Hash Functions may fail if they are reversible or if they are not collision-resistant.

MD5 produces _____ bit hashes.

True or False: MD5 is no longer a secure hashing algorithm.

SHA-1 produces _____ bit hashes.

True or False: SHA-1 is a secure hashing algorithm.

SHA-2 produces _____ bit hashes.

_______ uses a completely different hash generation approach than SHA-2.

RIPEMD produces _____ bit hashes.

_____ combines symmetric cryptography and hashing.