prep exam 2
That's a great approach to preparing for your exam! Focusing on your incorrect answers is one of the most effective ways to study.
Here is a set of notes expanding on the topics you missed, incorporating concepts from ISC2 and NIST structure where applicable.
---
## 📝 Cybersecurity Practice Exam Review Notes
### 1. System Hardening & Updates
* Service Pack (SP): The correct answer. An SP is a comprehensive collection of fixes, updates, and/or enhancements delivered as a single, large installable package. It is essentially a bundle of patches and sometimes new features.
* Patch: A quick repair job for a specific piece of programming, designed to resolve a single, immediate issue (functionality, security, or new feature).
* Hotfix/Quick-Fix Engineering Update (QFE): A single, cumulative package intended to address one specific problem in a software product, often released urgently.
* NIST SP 800-40 provides guidance on managing security patch and vulnerability alerts. System hardening involves applying these updates (patches, hotfixes, service packs) regularly as a core defense mechanism to reduce the system's attack surface.
---
### 2. Information Assurance: Integrity
* Goal: The primary function to ensure data integrity is the Message Digest (also called a hash).
* Message Digest: Uses a cryptographic hash function (e.g., MD5, SHA-256) to create a unique, fixed-length string (the "digest" or "hash") of the data.
* If even one bit of the data is changed, the resulting hash will be completely different.
This is used to *verify data consistency** and accuracy throughout its lifecycle, such as verifying a downloaded file hasn't been altered during transit.
* Other Concepts:
* Content Encryption: Primary purpose is confidentiality (preventing unauthorized viewing).
* Backups: Primary purpose is availability and recoverability. They don't actively ensure integrity but allow recovery from an integrity failure (data corruption).
* Labeling (Data Classification): Primary purpose is to define data sensitivity (e.g., Public, Internal Use Only, Confidential) so appropriate controls can be applied.
---
### 3. Computer Networking: Protocols, Ports, and Layers
#### A. Common Ports
* Simple Mail Transfer Protocol (SMTP): Uses port 25 for sending unencrypted email between mail clients and servers, or between servers.
The secure alternative uses port *587** with Transport Layer Security (TLS), as mentioned in the ISC2 Study Guide, Domain 4.
* Other Key Ports:
* **22:** Secure Shell (SSH) - Secure remote login and command execution.
* **69:** Trivial File Transfer Protocol (TFTP) - Simple, unauthenticated file transfer.
* **161:** Simple Network Management Protocol (SNMP) - Network device management and monitoring.
#### B. OSI Model Layers
* TCP (Transmission Control Protocol) and UDP (User Datagram Protocol) operate at the Transport Layer (Layer 4).
* Function of Transport Layer: To ensure data is delivered reliably and efficiently between processes on different devices.
* **TCP:** Connection-oriented (reliable, checks for errors/retransmission).
* **UDP:** Connectionless (fast, best-effort delivery, no reliability checks).
* Other Layers:
* Physical Layer (Layer 1): Transmitting raw bit stream over a physical medium.
* Session Layer (Layer 5): Establishing, managing, and terminating sessions between applications.
* Application Layer (Layer 7): Provides the interface for applications (e.g., HTTP, SMTP).
---
### 4. Information Assurance: Data States
* Data at Rest: Correct answer. Data that is stored on any non-volatile media (hard drives, tapes, cloud storage, or a USB pen drive).
* Security Control Focus: Encryption (e.g., disk encryption) and access controls.
* Data in Motion/Transit: Data being sent over a network (e.g., the internet, a private network).
* Security Control Focus: Encryption (e.g., TLS/SSL, VPNs).
* Data in Use/Processing: Data currently being actively processed or used by a computer system (e.g., in RAM, CPU caches).
* Security Control Focus: Data Loss Prevention (DLP), memory protection.
---
### 5. Computer Networking: Subnetting
* Goal: Allow 30 usable hosts.
* Formula: The number of usable hosts is $2^H - 2$, where $H$ is the number of host bits.
* Calculation for 30 hosts: We need $2^H \ge 32$ total addresses.
* $2^5 = 32$. Therefore, we need 5 host bits ($H=5$).
* Usable hosts: $32 - 2 = 30$.
* CIDR Notation: A full IPv4 address is 32 bits.
* Network bits = $32 - H$
* Network bits = $32 - 5 = 27$.
CIDR Notation: */27** (255.255.255.224).
---
### 6. ISC2 Code of Ethics: Due Care
* Due Care: The correct answer is to Do what is right in each situation you encounter on the job.
* Definition: Often referred to as the "prudent person rule," it means taking reasonable steps to secure and protect the organization's assets. It represents the expected behavior of a security professional.
* Distinction:
* Due Care is the act of protecting assets (e.g., implementing a specific control).
* Due Diligence is the research and continuous effort to maintain the level of care (e.g., researching a vulnerability, acquiring the knowledge to do the job right).
---
### 7. Security Awareness Training: Incident Response Exercises
* Walk-Through Exercise: The correct answer. It's a step-by-step review where team members validate what each person will do, often using actual procedures and checklists to ensure understanding and accuracy.
* Tabletop Exercise: Discussion-based, where a scenario is presented, and team members discuss their roles and intended response steps. Focus is on planning and communication.
* Simulation Exercise: The most complex. It attempts to recreate an actual incident using technology to thoroughly test the response mechanisms and procedures in a near-real environment.
* Checklist Exercise: Simply reviewing a checklist of tasks and procedures to ensure all necessary steps are documented.
---
### 8. Business Continuity and Disaster Recovery
#### A. Business Continuity Plan (BCP) Components
* BCP Focus: Maintaining essential business operations during and immediately after a disruption.
* Typical Components (ISC2 Study Guide, Domain 2): Immediate response procedures, notification call trees, BCP team list, maintenance procedures, and PR plan.
* **NOT a typical BCP component:** A cost prediction of the immediate response procedures. Financial analysis (cost/benefit) is part of the planning/risk management before the disaster, but the BCP document itself focuses on how to respond and resume operations.
#### B. Disaster Recovery Plan (DRP) Involvement
* DRP Focus: Restoring IT infrastructure and operations after a major disaster.
* **Involved Departments:** IT (hands-on recovery), Executive (strategic decision-making, setting priorities), Public Relations (external communication, managing reputation).
* **Least Involved:** Financial (unless the disaster directly impacts financial systems). They are primarily involved in risk analysis (determining loss) before and post-recovery cost accounting.
---
### 9. Data Security: Backup Types
* Differential Backup: The correct answer. It captures all changes made since the last full backup.
* Recovery: Requires only the last full backup and the latest differential backup.
* Time: Takes more time to backup than incremental, but faster to restore.
* Incremental Backup: Captures all changes made since the last backup of any type (full or incremental).
* Recovery: Requires the last full backup and ALL subsequent incremental backups (must be applied in order).
* Time: Fastest to backup, but slowest to restore.
* Full Backup: Copies all data.
---
### 10. Security Controls: Types and Implementations
#### A. Video Recording Storage
* **Most Storage-Efficient:** Motion Detection. It only records when movement is sensed, leading to significantly less recorded data than continuous recording or high-resolution imagery required for recognition technologies.
* **High Storage Use:** Facial recognition, Retina recognition, Gait recognition all require high-resolution, detailed image/video capture and storage for effective analysis.
#### B. Control Implementation
* Administrative Control: The correct answer is Requiring approval before accessing privileged tools.
* *Focus:* Policies, procedures, and rules that govern security (e.g., requiring approvals, mandatory training, Acceptable Use Policies, Segregation of Duties).
* Physical Control: Controls that restrict or monitor access to physical assets (e.g., video cameras, turnstiles, signs, fences, locks).
---
### 11. Agreements and Policies
#### A. Non-Binding Agreements
* Memorandum of Understanding (MOU): The correct answer. A non-binding agreement outlining the intentions, roles, and terms of cooperation. It's a statement of mutual goals.
* Memorandum of Agreement (MOA): Similar to an MOU but often implies a legally binding document, sometimes interchangeable with a contract.
* Service Level Agreement (SLA): A legally binding contract defining the minimum level of service a provider must deliver.
* Non-Disclosure Agreement (NDA): A legally binding contract ensuring the confidentiality of shared information.
#### B. Personal Information Policy
* **Required for PII Collection:** Privacy Policy.
* Focus: Outlines *how* Personally Identifiable Information (PII) is collected, stored, processed, and protected, demonstrating due care in handling customer data (ISC2 Study Guide, Domain 5).
* Protected Health Information (PHI): Any information about health status, provision of healthcare, or payment for healthcare that can be linked to an individual. The focus for a security consultant.
* GDPR: A regulation/law (specifically for the EU), not an internal company policy.
#### C. Record Retention Policy Mistake
* **Common Mistake:** Applying the longest retention periods to the information.
* Reason: Over-retaining data increases storage costs, management complexity, and increases liability in the event of a breach, violating the principle of least privilege for data retention (only keep what is necessary).
* NIST and legal/regulatory bodies emphasize keeping data only for the time required, then securely destroying it.
---
### 12. Risk Management Metrics
* Annualized Loss Expectancy (ALE): The correct answer. It is the expected cost per year of not performing a given risk-mitigating action.
* Formula: $ALE = Single Loss Expectancy (SLE) \times Annualized Rate of Occurrence (ARO)$.
* Single Loss Expectancy (SLE): The business impact/cost of a single occurrence of a risk.
* Formula: $SLE = Asset Value (AV) \times Exposure Factor (EF)$ (percentage of loss).
* Annualized Rate of Occurrence (ARO): The probability (frequency) of a risk event happening in a given year.
---
### 13. Logical Access Controls
* Mandatory Access Control (MAC): The correct answer. Commonly used in the military and government for strict, centralized security policy enforcement.
* Mechanism: Access is based on the classification level of the resource (e.g., Top Secret) and the clearance level of the user. Only a central authority can change these levels.
* Discretionary Access Control (DAC): The most common model. The owner of the resource can grant/revoke access to other users (discretionary control).
* Role-Based Access Control (RBAC): Access is determined by the role the user has in the organization (e.g., "Developer," "Auditor").
---
### 14. Network (Cyber) Threats and Attacks
* **Not Installed by Infection:** Logic Bomb.
* Logic Bomb: Malicious code intentionally inserted into a software system that executes when a specific condition is met (e.g., date/time, employee name removed from payroll). It is typically planted by someone with inside access (e.g., a disgruntled employee), not installed through a typical external infection like phishing.
* **Installed by Infection:** Trojan (malware disguised as legitimate software), Backdoor (allows unauthorized remote access), Keylogger (records keystrokes).
---
### 15. Managed Service Providers (MSPs)
* Managed Service Provider (MSP) Role: They specialize in remotely managing a client's IT infrastructure, security, or end-user systems.
* They utilize expertise, monitor, respond to security incidents, and manage infrastructure.
* **NOT a characteristic of an MSP:** Mediate, execute, and decide top-level decisions.
MSPs provide technical and operational* support and advice, but the client's internal management and executive team retain control over strategic business and top-level decision-making.