CISSP
Sounds like a Federal spy agency
What is CIA?
Its your responsibility, it is our responsibility, it is AWS's responsibility.
What is the "shared responsibility model?"
I said BIA! Not CIA! What do I mean?
Business Impact Assessment.
I have a public key and a private key. What type of encryption method am I using? Examples or technologies.
SSL, PKI, PGP
Name one networking command you might use to check access to another host. (Remember, Hunt for Red October...)
Ping. One ping only.
A clear text protocol sends what unencrypted? Give an example.
User ID and Password. TELNET, HTTP, FTP.
An S3 bucket can be used for storage. What other features does an S3 bucket offer?
File system access with Storage GW, Web Site with CDN
RTO and RPO, mean what?
Resumption Time Objective, Resumption Point Objective.
Bob just completed his code assignment and checked it into GitHub. He had done testing with his public and private key. He included the public and private key in the GitHub push to the public repository. Is there a problem?
Yes. Bob should NOT have published his private key. By publishing the private and public keys, hackers can gain access to his code or the information his code is processing.
You want to send Melanie Griffith a text. But you are concerned if it is secure. Are SMS text messages encrypted by default?
No.
What does ALE mean? (Hint- it isn't beer)
Annualized Loss Expectancy
AWS AuroraDB is this kind of database...
What is SQL, relational, like MySQL
What is a risk of using an incremental backup?
One of the incremental backups could fail, corrupting the backup.
Something you know, something you have, something you are. Give an example of something you have.
MFA, Hard token, One time pad
You are really concerned about email security on the movie set of "Rust." You encrypted the email. Now you are setting up email signing. What type of technology/PKI would you use?
X.509 certificate for secure signing of email.
It is a simple substitution cypher used as far back as ancient Roman times.
What is ROT 13.
I want to connect my VPC in my account to your VPC in your account, what could we use?
You can transfer risk. Give an example.
Insurance policy. Contracted disaster recovery site/service.
Give an example of a "one time pad."
A code or symbol on a calendar pad that changes each day. A page in a book that changes each day. Use a code once and throw away.
You need to launch your bombers off the deck of the USS Hornet to bomb Japan. But you see Japanese spy boats! You try to trick them by sending a known word in their cipher. What are you trying to do?
Get them to transmit that word with other words in the cipher so you can detect more encrypted words / characters and break the code
It is a robust network protocol that uses all seven layers and is based on an international standard, before TCP/IP
What is X.25
You want move your ENTIRE Enterprise data center with MASSIVE amounts of storage to AWS and it needs to be done ASAP. What service does AWS offer?
What is a large truck and trailer? What is Snowmobile?
In a disaster recovery situation, you tell your boss you want to bring up the most critical system first. He says you are wrong! Which system is first
Least critical systems first.
If I say "S Boxes" and "P Boxes" what do the "S" and the "P" mean?
S is Substitution and P is permutation.
You are left alone in a the Alaskan wilderness in a cabin that has Internet access via a satellite. A hungry bear is outside and wants to eat you. Alec Baldwin is outside and he wants to shoot you. But it is raining hard-- will the satellite have problems?
Yes. Probably rain fade interference.