D488 Cybersecurity Architecture and Engineering - Set 1 - Part 1

Correct Answer: To verify the authenticity of digital signatures

ECDSA is specifically designed for creating and verifying digital signatures, ensuring the integrity and authenticity of messages.

Correct Answer: Diffie-Hellman (DH)

Diffie-Hellman allows two parties to establish a shared secret key without pre-sharing any secret, making it ideal for secure communications.

Correct Answer: The previous ciphertext block influences the encryption of the current plaintext block.

In CBC mode, each plaintext block is XORed with the previous ciphertext block before being encrypted, which provides added security against certain attacks.

Correct Answer: Identical plaintexts result in identical ciphertexts.

ECB mode encrypts identical plaintext blocks into identical ciphertext blocks, making it vulnerable to pattern analysis and other attacks.

Correct Answer: It turns a block cipher into a synchronous stream cipher.

OFB mode generates a keystream independently of the plaintext and ciphertext, allowing for error-free encryption and decryption.

Correct Answer: It uses a counter value to generate ciphertext.

CTR mode increments a counter for each block, encrypts it, and XORs it with the plaintext to produce the ciphertext.

Correct Answer: Poly1305

Poly1305 is designed for fast message authentication, utilizing a one-time key to provide strong integrity checks.

Correct Answer: Encryption of all sensitive data

Encrypting sensitive data ensures that it remains confidential, even if unauthorized access occurs.

Correct Answer: Using hardening measures to remove unnecessary services

Reducing unnecessary services, protocols, and applications decreases the potential entry points for attackers.

Correct Answer: It determines the acceptable level of risk based on potential impacts.

Risk tolerance helps organizations understand how much risk they can accept while developing applications that manage customer accounts.

Correct Answer: Limiting access to the SQL database

By enforcing access controls, organizations can prevent unauthorized access and reduce the likelihood of a data breach.

Correct Answer: WPA2 with AES

WPA2 with AES encryption is required to secure wireless networks and ensure compliance with PCI DSS standards.

Correct Answer: Encryption

Encrypting personal data is a key measure to protect it and ensure compliance with GDPR requirements.

Correct Answer: Access controls

Access controls are crucial for restricting access to sensitive credit information, ensuring compliance with FCRA requirements.

Correct Answer: To prevent unauthorized programs from running

Application allowlisting ensures that only approved software can execute, reducing the risk of malware and other unauthorized applications.

Correct Answer: Warm site

A warm site has some hardware and software ready, enabling faster recovery compared to a cold site.

Correct Answer: Disaster recovery protocol

A disaster recovery protocol provides structured procedures to recover critical systems with minimal downtime.

Correct Answer: Maximum Tolerable Downtime (MTD)

MTD is the duration of time that a business can be non-operational without incurring serious consequences.

Correct Answer: The effects of data protection measures on operations

A PIA assesses how updates or changes to data handling practices impact the organization and its stakeholders.

Correct Answer: SOAR

SOAR (Security Orchestration, Automation, and Response) integrates and automates various security tools to enhance incident response efficiency.