CERTIFIED DEVSECOPS PROFESSIONAL (CDP) DEVOPS INSTITUTE PRACTICE EXAM, Exams of Software Engineering

CERTIFIED DEVSECOPS PROFESSIONAL (CDP) DEVOPS INSTITUTE PRACTICE EXAM

Typology: Exams

2025/2026

Available from 03/23/2026

chris¬harvey
chris¬harvey 🇿🇦

151 documents

1 / 19

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
CERTIFIED DEVSECOPS PROFESSIONAL (CDP)
DEVOPS INSTITUTE PRACTICE EXAM
1. What is Session Jacking?
How can you prevent it? - ANSWERS-An attack where an intruder gains access
to a session ID to authenticate as the victim.
Prevention Methods: Encryption, Salting
2. COPE - ANSWERS-Corporate Owned, Personally Enabled: a mobile device management
strategy where an organization owns devices used by employees.
3. CYOD - ANSWERS-Choose Your Own Device: a policy allowing employees to select
approved devices for work purposes.
4. MDM - ANSWERS-Mobile Device Management: software for managing, securing, and
monitoring mobile devices.
5. BYOD - ANSWERS-Bring Your Own Device: a policy permitting employees to use personal
devices within an organization.
6. Impact Analysis - ANSWERS-A structured approach evaluating the effects of changes,
decisions, or events within an organization or system.
7. Blackout Plan - ANSWERS-Predefined procedures to reverse changes made during
planned activities.
8. Change Advisory Board - ANSWERS-It is a formal group within an organization
responsible for evaluating, prioritizing, approving, and overseeing changes to IT
infrastructure, systems, applications, and services.
9. Cryptographic Erasure - ANSWERS-Encrypting the data on the storage media and then
securely deleting the encryption key, rendering the encrypted data unreadable without
the key
10. Degaussing - ANSWERS-Erasing data by exposing storage media to a strong magnetic
field.
11. Attestation - ANSWERS-Provides an opinion of a companies' security positioning. A 3rd
party generally attests to a companies' security posture after testing the system
12. Passive Reconnaissance - ANSWERS-Gathering information about an organization
without network interaction. (using social media, dumpster diving, etc)
13. Active Reconnaissance - ANSWERS-Actively probing a target network to gather
information. (Using pings, Nmap, DNS Queries, etc.)
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13

Partial preview of the text

Download CERTIFIED DEVSECOPS PROFESSIONAL (CDP) DEVOPS INSTITUTE PRACTICE EXAM and more Exams Software Engineering in PDF only on Docsity!

CERTIFIED DEVSECOPS PROFESSIONAL (CDP)

DEVOPS INSTITUTE PRACTICE EXAM

  1. What is Session Jacking?  How can you prevent it? - ANSWERS- An attack where an intruder gains access to a session ID to authenticate as the victim.  Prevention Methods: Encryption, Salting
  2. COPE - ANSWERS- Corporate Owned, Personally Enabled: a mobile device management strategy where an organization owns devices used by employees.
  3. CYOD - ANSWERS - Choose Your Own Device: a policy allowing employees to select approved devices for work purposes.
  4. MDM - ANSWERS- Mobile Device Management: software for managing, securing, and monitoring mobile devices.
  5. BYOD - ANSWERS- Bring Your Own Device: a policy permitting employees to use personal devices within an organization.
  6. Impact Analysis - ANSWERS- A structured approach evaluating the effects of changes, decisions, or events within an organization or system.
  7. Blackout Plan - ANSWERS- Predefined procedures to reverse changes made during planned activities.
  8. Change Advisory Board - ANSWERS- It is a formal group within an organization responsible for evaluating, prioritizing, approving, and overseeing changes to IT infrastructure, systems, applications, and services.
  9. Cryptographic Erasure - ANSWERS- Encrypting the data on the storage media and then securely deleting the encryption key, rendering the encrypted data unreadable without the key
  10. Degaussing - ANSWERS - Erasing data by exposing storage media to a strong magnetic field.
  11. Attestation - ANSWERS- Provides an opinion of a companies' security positioning. A 3rd party generally attests to a companies' security posture after testing the system
  12. Passive Reconnaissance - ANSWERS- Gathering information about an organization without network interaction. (using social media, dumpster diving, etc)
  13. Active Reconnaissance - ANSWERS- Actively probing a target network to gather information. (Using pings, Nmap, DNS Queries, etc.)
  1. List all the classification levels from highest to lowest for Commercial Business - ANSWERS- 1. Critical Data 2. Confidential Data 3. Private Data 4. Sensitive Data 5. Public Data
  2. Known Environment - ANSWERS- An environment where detailed information about network architecture, systems, and security measures is available to pen-testers.
  3. Partially Known Environment - ANSWERS- An environment where some information is available to pen-testers, but gaps exist in understanding.
  4. Kerberos - ANSWERS- An authentication protocol using tickets to prevent eavesdropping and replay attacks.
  5. SAML - ANSWERS- An XML-based standard for exchanging authentication and authorization data, focusing on Single Sign-On.
  6. CVE - ANSWERS- CVE's offer a standardized way to share vulnerability data. While cves detail vulnerabilities, they don't typically prescribe specific mitigation methods.
  7. Sophistication - ANSWERS- Refers to the intricacy and advancement of a threat actor's tactics, techniques, and procedures More sophisticated threat actor groups possess customized attack tools and have access to skilled personnel, such as strategists and hackers.
  8. Capability - ANSWERS- Pertains to a threat actor's ability to devise new exploits and tools. It doesn't necessarily denote the intricacy of their methods.
  9. Resource Reuse - ANSWERS - A vulnerability exploiting shared CPU resources to access or modify data between virtual machines.
  10. Time-of-check (TOC) - ANSWERS- A race condition that occurs when a process checks the state or value of a resource before using it, but another process changes it in between.
  11. Alerting - ANSWERS- Provides real-time notifications of security incidents and potential threats. These timely alerts enable security teams to respond promptly and implement mitigation measures
  12. Virtualization - ANSWERS- Technology creating isolated environments on a single physical device for resource optimization and security.
  13. Package Monitoring (Vulnerability Management) - ANSWERS- Tracking software package versions and security patches to identify vulnerabilities.
  1. Journaling - ANSWERS- Journaling writes data to a temporary journal before writing the information to the database. If power is lost, the system can recover the last transaction
  2. End-of-life vulnerability - ANSWERS- End-of-life refers to hardware that is no longer supported by the manufacturer, often leading to unpatched and exploitable vulnerabilities.
  3. Define S/MIME - ANSWERS- Secure Multipart Internet Message Extensions Leverages email certificates to both sign and encrypt email content, ensuring both authenticity and confidentiality.
  4. Horizontal password attack - ANSWERS- An attacker targets multiple accounts by trying a few common passwords across them.
  5. What is enumeration in the context of hardware, software, and data asset management - ANSWERS- Refers to the practice of assigning unique identifiers, access controls, and attributes to each asset.
  6. Define SCAP - ANSWERS- The Security Content Automation Protocol is a method for using specific standards to enable automated vulnerability management, measurement, and policy compliance evaluation of systems deployed in an organization
  7. Common Vulnerability Scoring System (CVSS) - ANSWERS- A free and open industry standard for assessing the severity of computer system security vulnerabilities (Collection of CVE's)
  8. Workforce multiplier - ANSWERS- The ability to scale and amplify the effectiveness of the security team by combining the efforts of human professionals with automation and orchestration
  9. Computer Security Act (1987) - ANSWERS- An act that specifically requires federal agencies to develop policies to secure computer systems that process sensitive or confidential information.
  10. E-discovery - ANSWERS- Essential component of incident response and primarily relates to the collection and handling of electronic data
  11. Asymmetric, Symmetric or Hashing: RSA - ANSWERS - RSA (Rivest-Shamir-Adleman) is Asymmetric
  12. Asymmetric, Symmetric or Hashing: AES - ANSWERS- AES (Advanced Encryption Standard) is Symmetric
  13. Asymmetric, Symmetric or Hashing: ECC - ANSWERS- ECC (Elliptic Curve Cryptography) is Asymmetric
  1. Asymmetric, Symmetric or Hashing: DSA - ANSWERS - (DSA) Digital Signature Algorithm is Asymmetric
  2. Asymmetric, Symmetric or Hashing: DES - ANSWERS- DES (Data Encryption Standard) is Symmetric
  3. Asymmetric, Symmetric or Hashing: 3DES - ANSWERS- 3DES (Triple DES) is Symmetric
  4. Asymmetric, Symmetric or Hashing: MD5 - ANSWERS- MD5 (Message Digest Algorithm 5) is used for hashing
  5. Asymmetric, Symmetric or Hashing: SHA-1, SHA-256, SHA- 3 - ANSWERS- SHA (Secure Hash Algorithm) 1,3, and 256 are used for hashing
  6. Asymmetric, Symmetric or Hashing: RIPEMD - ANSWERS- RIPEMD (RACE Integrity Primitives Evaluation Message Digest) is used for hashing
  7. Orchestration - ANSWERS- Orchestration involves automating the coordination and management of complex processes and tasks, which includes account creation.
  8. Jump Server - ANSWERS- Server that acts as an intermediary between external networks and internal resources, allowing secure access while minimizing exposure to the internal environment
  9. DRP - ANSWERS- Disaster Recovery Plan
  10. Chain of custody - ANSWERS- Refers to the process of maintaining and documenting the handling of evidence, ensuring that it is preserved in a way that maintains its integrity for legal and investigative purposes.
  11. Serverless framework - ANSWERS- Serverless architectures allow developers to build and run applications without managing servers, often leading to cost savings as you only pay for the compute resources used during execution.
  12. Threat hunting - ANSWERS- Involves proactively searching for signs of malicious activity within a network or system, especially when known indicators of compromise (iocs) or tactics are not yet detected by automated systems like SIEM.
  13. Define Tuning - ANSWERS - Refers to the process of adjusting alerting thresholds or rules in security systems to reduce false positives and ensure that only relevant alerts are triggered.
  14. Define CVSS - ANSWERS- CVSS provides a standardized way to assign scores to vulnerabilities, quantitatively measuring their criticality based on factors such as exploitability and impact.
  1. Preventive Controls - ANSWERS- Objective: Prevent security incidents from occurring. Examples: Firewalls, Access control mechanisms (e.g., passwords, biometrics) Intrusion prevention systems (IPS), Security policies and procedures
  2. Deterrent Controls - ANSWERS- Objective: Discourage potential attackers from attempting to compromise a system. Examples: Warning signs, Security awareness training, Visible security measures (e.g., security guards, CCTV)
  3. Detective Controls - ANSWERS- Objective: Detect and alert on security incidents as they occur. Examples: Intrusion detection systems (IDS), Security information and event management (SIEM) systems, Audit logs and monitoring, Surveillance cameras
  4. Corrective Controls - ANSWERS- Objective: Correct and mitigate the impact of security incidents. Examples: Antivirus and anti-malware software, Backup and recovery procedures, Patch management systems, Incident response plans
  5. Compensating Controls - ANSWERS- Compensating controls are security measures implemented to provide an alternative method of protecting assets when standard controls are not feasible. Examples: Temporary access restrictions, Alternative authentication mechanisms, Additional monitoring when primary controls are down
  6. Directive Controls - ANSWERS- Objective: Specify acceptable practices and expected behaviour. Examples: Security policies and guidelines, Employee handbooks, Standard operating procedures (sops), Codes of conduct
  7. Define the Five Core principles of Information Security (CIANA) - ANSWERS- Confidentiality, Integrity, Availability, Non-Repudiation, Authentication
  8. Gap Analysis Steps - ANSWERS- Define the scope, Gather data about the current infrastructure, Analyze the data and identify the gaps, Develop a plan to bridge the gap
  9. Honeypot - ANSWERS- A honeypot is a decoy system or resource designed to attract and deceive attackers. It appears to be a legitimate part of the network but is isolated and monitored to gather information about attackers' tactics, techniques, and motives.
  10. Honey net - ANSWERS- A honey net is a network of honeypots that are interconnected to simulate a larger and more realistic environment for attracting and monitoring attackers. It allows organizations to capture and analyze broader attack patterns and behaviours.
  11. Honey file - ANSWERS- A honey file is a file or document that is intentionally created and placed in a network to act as bait for attackers. It contains seemingly valuable information that, if accessed or modified, triggers alerts and provides insights into unauthorized access attempts.
  12. Honey token - ANSWERS- A honey token is a piece of data or credential that is intentionally placed within an information system to serve as a decoy or indicator of

unauthorized access. If a honey token is accessed or used, it alerts security teams to potential security breaches.

  1. Non-Repudiation - ANSWERS- A security principle ensuring that a party in a communication cannot deny the authenticity of their signature on a document or the sending of a message that they originated. This is typically achieved through the use of cryptographic methods, such as digital signatures and public key infrastructure (PKI).
  2. What are the five factors of Authentication - ANSWERS- Knowledge Factor: Something You Know, Possession Factor: Something You Have, Inherence Factor: Something You Are, Behavioural Biometrics: Something You Do, Location Factor: Somewhere You Are
  3. PTZ - ANSWERS- Pan-Tilt-Zoom
  4. FRR - ANSWERS- False Rejection Rate - How often a biometric system fails to allow a user access who should have had access
  5. Chiper Lock - ANSWERS- A Mechanical locking mechanism that uses a mechanical keypad for entry
  6. Infrared Sensor - ANSWERS- IR sensors can be either active or passive. Active IR sensors emit infrared light and measure the reflection, while passive IR sensors detect the infrared light naturally emitted by objects. Used in: Motion Detection, Remote Controls, Thermal Cameras, Temperature sensors
  7. Microwave Sensor - ANSWERS- A microwave sensor uses microwave radar to detect objects and motion. These sensors emit microwaves and measure the time it takes for the waves to be reflected back after hitting an object. Used in: Automatic Doors, Speed Radars, Occupancy Sensing, Motion sensors
  8. Ultrasonic Sensor - ANSWERS- An ultrasonic sensor uses ultrasonic sound waves to detect objects and measure distances. The sensor emits sound waves at a high frequency and measures the time it takes for the echo to return after hitting an object. Used in: Parking Assistance, Robotics, Industrial Automation
  9. Shadow IT - ANSWERS- A type of threat actor that creates internal threats involving the use of systems, devices, software, applications, and services that are used within an organization without explicit approval or knowledge of the organization's IT department.
  10. Name all four Security Controls - ANSWERS- Detective, Compensating, Directive, Corrective
  11. Social Proof - ANSWERS- A psychological and social phenomenon where individuals copy the actions of others in an attempt to reflect correct behaviour for a given situation. This concept is often exploited in social engineering attacks
  1. Piggybacking - ANSWERS-Piggybacking occurs when an unauthorized person convinces an authorized person to allow them access into the facility.
  2. Diversion Theft - ANSWERS-Diversion Theft is a tactic used by criminals to distract or divert attention away from a target in order to carry out a theft or other criminal activity.
  3. Threat Vector - ANSWERS-A threat vector is the method or avenue by which a threat actor gains access to a target system or network in order to execute an attack.
  4. Attack Vector - ANSWERS-An attack vector is the specific technical method or process used by a threat actor to exploit a vulnerability or execute an attack once they have gained access via a threat vector.
  5. Boot Sector Virus - ANSWERS-A type of virus that infects the master boot record (MBR) of a hard drive, loaded into memory upon booting to take control of the computer before the operating system is loaded.
  6. Macro Virus - ANSWERS-A virus written in the same macro language used for software applications, typically embedded in documents and executed when the document is opened.
  7. Program Virus - ANSWERS-A virus that infects executable programs or applications, executing virus code when infected programs run.
  8. Multipartite Virus - ANSWERS-A sophisticated virus that can infect multiple parts of a system, making it challenging to remove.
  9. Encrypted Virus - ANSWERS-A virus that uses encryption to hide its code from antivirus software, decrypting itself when executed to perform malicious activities.
  10. Polymorphic Virus - ANSWERS-Complex file infectors that can create modified versions of itself to avoid detection yet retain the same basic routines after every infection.
  11. Metamorphic Virus - ANSWERS-A highly sophisticated virus that can change its own code by translating, editing, and rewriting it.
  12. Armored Protection - ANSWERS-Techniques used by malware to shield itself from detection and analysis by security researchers and antivirus software.
  13. Malware - ANSWERS-Any software intentionally designed to cause damage, disrupt operations, steal data, or harm the functionality, security, or privacy of computer systems, networks, or devices.
  14. Worm - ANSWERS-A type of standalone malware that replicates itself to spread to other computers without needing to attach to an existing program or file.
  1. Trojan - ANSWERS-A type of malware that disguises itself as legitimate software to deceive users into installing it for executing malicious activities.
  2. RAT - ANSWERS-A Remote Access Trojan that allows an attacker to gain unauthorized remote access and control over a compromised computer.
  3. Botnet - ANSWERS-A network of compromised computers controlled by an attacker to carry out malicious activities.
  4. Command and Control (C&C or C2) node - ANSWERS-A server or infrastructure used by attackers to maintain communication and control over compromised systems within a botnet.
  5. Rootkit - ANSWERS-A program or a collection of malicious software tools that give a threat actor remote access to and control over a computer or other system.
  6. DLL - ANSWERS-Dynamic Link Library is a file in Microsoft Windows containing code and data for use by multiple programs simultaneously to promote code reuse and modularization.
  7. DLL Injection - ANSWERS-A technique used to insert a malicious Dynamic Link Library (DLL) into the address space of another process to execute arbitrary code within the context of a legitimate application.
  8. Kernel Mode - ANSWERS-Also known as Supervisor Mode or Ring 0, refers to a privileged mode of execution where the operating system's kernel has unrestricted access to the hardware and system resources.
  9. Logic Bomb - ANSWERS-A type of malicious code or software program intentionally inserted into a system to execute a harmful action when certain conditions are met.
  10. Keylogger - ANSWERS-A type of malicious software or hardware device designed to record and monitor every keystroke made by a user on a computer or mobile device.
  11. Impossible Travel - ANSWERS-An activity where a user's account shows login attempts from geographically impossible locations within a short period of time.
  12. Fileless Malware - ANSWERS-A type of malicious code that operates in a computer's memory, usually in RAM, instead of on the hard drive and utilities such as powershell, Windows Management Instrumentation (WMI).
  13. All the classification levels from highest to lowest for the government - ANSWERS-1. Top Secret
    1. Secret
    1. Confidential
    1. Sensitive but Unclassified
    1. Unclassified
  1. Symmetric Encryption - ANSWERS-Uses a single key for both encryption and decryption of data. The same key must be securely shared and kept secret between the communicating parties. This method is efficient and faster than asymmetric encryption
  2. Asymmetric Encryption - ANSWERS-Uses a pair of keys: a public key and a private key. The public key is used to encrypt the data, while the private key is used to decrypt it. The public key can be shared openly, but the private key must be kept secure.
  3. Block Cipher - ANSWERS-An encryption algorithm that divides plaintext into fixed-size blocks, typically 64 or 128 bits, and then encrypts each block individually. The same key is used to encrypt and decrypt each block
  4. Stream Cipher - ANSWERS-An encryption algorithm that encrypts plaintext one bit or byte at a time using a keystream. Unlike block ciphers, which process fixed-size blocks of data, stream ciphers encrypt data continuously, which can provide faster encryption for real-time communications.
  5. Digital Signature - ANSWERS-A cryptographic mechanism used to verify the authenticity and integrity of digital messages or documents. It provides assurance that the message or document was created by a known sender (authentication) and has not been altered since it was signed (integrity).
  6. DH (Diffie-Hellman) - ANSWERS-Diffie Hellman - Asymmetric algorithm commonly used for key exchange inside of VPN tunnels
  7. Hashing Algorithms - ANSWERS-MD5 (Message Digest Algorithm 5),
  8. SHA-1 (Secure Hash Algorithm 1),
  9. SHA-256 (Secure Hash Algorithm 256),
  10. SHA-3 (Secure Hash Algorithm 3),
  11. RIPEMD (RACE Integrity Primitives Evaluation Message Digest)
  12. Pth - ANSWERS-Pass the hash (pth) is a hacking technique used to authenticate to a remote server or service by using the hashed credentials (password hash) instead of the plaintext password. This method bypasses the need to crack or obtain the actual password and can be used to gain unauthorized access to systems.
  13. Birthday Attack - ANSWERS-A type of cryptographic attack that exploits the mathematical probability of collisions in hash functions. It is named after the 'birthday paradox.'
  14. Key Stretching - ANSWERS-A technique used in cryptography to enhance the security of passwords or cryptographic keys by increasing the time and computational effort required to derive the original plaintext from its hashed form. This process makes brute- force attacks and other password cracking techniques more difficult and time-consuming.
  15. Salting - ANSWERS-A technique used in cryptography to strengthen the security of hashed passwords or other data by adding a random value (known as a salt) to the input

before hashing. This random value ensures that even if two users have the same password, their hashed values will differ

  1. Nonce - ANSWERS-Number used once is a cryptographic term referring to a random or semi-random number that is generated for a specific purpose, typically to ensure the freshness and uniqueness of data in cryptographic communications or protocols. Nonces are used to prevent replay attacks and to add randomness to cryptographic operations.
  2. Methods to Prevent Hash Related Attacks - ANSWERS-Key Stretching, Salting, Nonce
  3. Hash Attack Methods - ANSWERS-Pass the Hash attack, Birthday Attack
  4. Digital Signature Algorithms - ANSWERS-DSS (Digital Signature Standard),
  5. RSA (Rivest-Shamir-Adleman),
  6. DSA (Digital Signature Algorithm)
  7. Public Key Infrastructure (PKI) - ANSWERS-A framework of policies, procedures, and technologies used to manage digital certificates and public-key encryption. It provides a secure and reliable way to verify the authenticity of digital entities (such as users, devices, or servers) on a network.
  8. Certificate Authority (CA) - ANSWERS-A trusted entity responsible for issuing digital certificates that authenticate the identity of individuals, organizations, servers, or devices in a public key infrastructure (PKI).
  9. Wildcard Certificates - ANSWERS-Secure a domain and all its subdomains using a single certificate. Example, a wildcard certificate issued for *.example.com would secure www.example.com, mail.example.com, etc.
  10. SAN Certificates - ANSWERS-Multi-domain certificates secure multiple domain names within a single certificate. They are convenient for organizations managing multiple domains or subdomains.
  11. Registration Authority (RA) - ANSWERS-Acts as an intermediary between users (or entities) and a Certificate Authority (CA) in a PKI environment.
  12. CRL - ANSWERS-Certificate Revocation List - a list of digital certificates that have been revoked before their scheduled expiration dates.
  13. OCSP - ANSWERS-Online Certificate Status Protocol (OCSP) is an Internet protocol used to obtain the current status of a digital certificate in real-time.
  14. PKP - ANSWERS-Public Key Pinning (PKP) is a security feature that helps prevent attackers from impersonating a server using fraudulent certificates issued by compromised or rogue certificate authorities. It works by associating a specific cryptographic public key with a particular web server
  1. Qualitative Risk Analysis - ANSWERS-A method of assessing risk based on potential impact and likelihood without assigning a numerical value.
  2. Quantitative Risk Analysis - ANSWERS-Method of evaluating risk using numerical measurements.
  3. EF - ANSWERS-Exposure Factor: Proportion of an asset lost in an event measured as a percentage.
  4. SLE - ANSWERS-Single Loss Expectancy: Monetary value expected to be lost in a single event. Formula: $Asset Value * Exposure Factor% = SLE.
  5. ARO - ANSWERS-Annualized Rate of Occurrence: Estimated frequency of a threat occurring over a year.
  6. ALE - ANSWERS-Annualized Loss Expectancy: Expected annual loss from a risk. Formula: SLE * ARO = ALE.
  7. Name the 3 types of Risk Appetites - ANSWERS-1. Expansionary
    1. Conservative
    1. Neutral
  8. Residual Risk - ANSWERS-Level of risk that remains after all risk mitigation efforts have been implemented.
  9. Risk Reporting - ANSWERS-Communicating information about risk management activities.
  10. SLA - ANSWERS-Service Level Agreement: Standard of service a client can expect from a provider.
  11. MOA - ANSWERS-Memorandum of Agreement: Formal document outlining specific responsibilities and roles of involved parties.
  12. MOU - ANSWERS-Memorandum of Understanding: Outlines a mutual agreement on project goals, often the first step toward collaboration.
  13. MSA - ANSWERS-Master Service Agreement: Blanket agreement covering general terms of engagement between parties across multiple transactions.
  14. SOW - ANSWERS-Statement of Work: Specifies the details of the work to be done.
  15. BPA - ANSWERS-Business Partnership Agreement: Agreement made when two entities pool resources for mutual effort.
  16. AUP - ANSWERS-Acceptable Use Policy: Outlines rules and guidelines for appropriate use of an organization's information systems, network, and resources.
  1. SDLC - ANSWERS-Software Development Life Cycle: Structured process for developing software applications ensuring quality, meeting user requirements, and delivered within time and cost estimates.
  2. Centralized Governance Structure - ANSWERS-Decision-making authority and control concentrated at top management levels.
  3. Decentralized Governance Structure - ANSWERS-Decision-making authority distributed among various levels and departments within the organization.
  4. DAC - ANSWERS-Discretionary Access Control: Allows the owner of a resource to determine access.
  5. MAC - ANSWERS-Mandatory Access Control: Regulates access based on organization- set policies without user alteration.
  6. RBAC - ANSWERS-Role-Based Access Control: Assigns permissions based on user roles within an organization.
  7. Zero Trust - ANSWERS-Assumes threats can exist inside and outside the network, requiring authentication for all entities.
  8. Data Plane - ANSWERS-Responsible for forwarding and processing traffic in a network.
  9. Control Plane - ANSWERS-Manages data plane actions, defines policies and rules like routing tables and session tables.
  10. Adaptive Identity - ANSWERS-Authentication method adjusting based on factors like location, behavior, and context.
  11. Threat Scope Reduction - ANSWERS-Decreasing the number of possible entry points into a network.
  12. Security Zones - ANSWERS-Network segments isolated based on required security levels.
  13. Policy Enforcement Point - ANSWERS-Network component enforcing security policies by allowing or blocking traffic based on predefined rules.
  14. Policy Decision Point - ANSWERS-A network component that makes authorization decisions based on predefined policies. It interprets rules and decides whether access requests should be allowed or denied.
  15. Policy Administrator - ANSWERS-A role responsible for developing, implementing, and maintaining cybersecurity policies, standards, guidelines, and procedures within an organization.
  1. CA - ANSWERS-Certificate Authority - a trusted entity that issues, signs, and revokes digital certificates that validate the identity of online assets, such as websites, email addresses, and companies.
  2. CSR - ANSWERS-A CSR (Certificate Signing Request) is a specially formatted encrypted message sent from a digital certificate applicant to a certificate authority (CA). The CSR validates the information the CA requires to issue a certificate.
  3. OSINT - ANSWERS-Open-Source Intelligence (OSINT) is a method of gathering and analyzing publicly available information to help inform decisions
  4. Define SIEM - ANSWERS-Security information and event management, SIEM for short, is a solution that helps organizations detect, analyze, and respond to security threats before they harm business operations.
  5. Race condition - ANSWERS-A software bug that occurs when multiple tasks or processes are happening at the same time and the order of operations determines the correctness of the outcome
  6. Replay attack - ANSWERS-A network attack where an attacker intercepts and retransmits data that was previously exchanged between two parties
  7. Out-of-band key exchange - ANSWERS-A way to exchange a private key between two or more parties outside of the internet and current communication channels.
  8. Created By Jeff Chaplin for SY0- 701
  9. Https://www.linkedin.com/in/jeffrey-chaplin-830211205/
  10. Please distribute freely!
  11. (please leave my credit <3) - ANSWERS-Created By Jeff Chaplin for SY0- 701
  12. Https://www.linkedin.com/in/jeffrey-chaplin-830211205/
  13. Please distribute freely!
  14. (please leave my credit <3)