You’re implementing an L2TP/IPsec VPN solution to support remote employees. Which of the following is not true? (Source: Wentz QOTD)
A. AH may not be available in IPsec
B. AH ensures integrity only, but not confidentiality through encryption
C. Implementation of ESP is a mandatory requirement of IPsec
D. ESP ensures both confidentiality and the same level of integrity as AH does
The diagram demonstrates the ISO assurance system in terms of management systems. The following are common management systems:
Really pleased to know my book, The Effective CISSP: Security and Risk Management, is ranked as the No. 1 of the 15 Best New Security Certifications eBooks To Read In 2020 by BookAuthority.
Source: Yahoo News
I added more information about the confusing C&A process into the post, Jargons: V&V and C&A. The newly added materials are included as follows.
Added on 2020/07/30:
There were various information system certification and accreditation processes across the US federal agencies, such as DITSCAP, DIACAP, NIACAP, NISCAP, and DCID 6/3. Those legacy C&A processes can be confusing because of the diversity and inconsistency across agencies. For example, the obsolete DITSCAP C&A process treated V&V as phases in its C&A process. Thanks to the NIST RMF (SP 800-37 R2), it becomes the latest and unified version of C&A.
The NIST RMF is integrated with the SDLC detailed in NIST SP 800-160 v1, which is aligned with the SDLC introduced in ISO 15288. In other words, terminologies certification and accreditation are not used in the NIST RMF any more. C&A (Certification and Accreditation) is replaced by A&A (Assessment and Authorization) in RMF and V&V (Verification and Validation) in ISO 15288.
Wired Equivalent Privacy (WEP), ratified in 1997, is the first-generation security solution for 802.11 wireless networks. The 64-bit WEP uses the stream cipher RC4 with a 24-bit initialization vector (IV) and a 40-bit secret key. Hackers can use Aircrack-ng to sniff wireless traffic and crack the secret key by exploiting the short IV. Which of the following best describes the attack used to break WEP? (Source: Wentz QOTD)
A. Ciphertext-only
B. Known-plaintext
C. Chosen-plaintext
D. Chosen-ciphertext
Which of the following is the most popular cryptographic hash function used in the blockchain or cryptocurrency? (Source: Wentz QOTD)
A. AES 256
B. SHA-256
C. BITCOIN-160
D. BLAKE2
This post is a digest of “IPsec and Non-repudiation.”
Why IPsec doesn’t support non-repudiation? The following is a quick answer:
Which of the following is least likely to ensure security through the application of cryptographic hash? (Source: Wentz QOTD)
A. Establish HTTP sessions by Digest Access Authentication
B. Persist passwords with pepper
C. Detect error using odd parity
D. Enforce accountability through digital signature
This post is a digest of the Framework for Improving Critical Infrastructure Cybersecurity (also known as NSIT Cybersecurity Framework) Version 1.1 from NIST.