Monthly Archives: February 2022

CISSP PRACTICE QUESTIONS – 20220218

Posted on by
Reply
Effective CISSP Questions

Which of the following provides the highest level of security to protect sessions between a client and server? (Wentz QOTD)
A. TLS 1.3
B. SSL 3.0
C. TLS 3.1
D. HTTPS


Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

Continue reading

Cryptography Video Collection – F5

Posted on by
Reply

F5 DevCentral

  1. How RSA Works [https://youtu.be/rVQpK6NcYIE]
  2. Explaining the Diffie-Hellman Key Exchange [https://youtu.be/pa4osob1XOk]
  3. Elliptic Curve Cryptography Overview [https://youtu.be/dCvB-mhkT0w]
  4. What’s in a Digital Certificate? [https://youtu.be/XmIlynkR8J8]
  5. Perfect Forward Secrecy [https://youtu.be/IkM3R-KDu44]
  6. Explaining TLS 1.3 [https://youtu.be/VzWqnT5dErI]
  7. Is TLS Fast Enough? [https://youtu.be/V1h-UZo2Bng]
  8. Breaking Down the TLS Handshake [https://youtu.be/cuR05y_2Gxc]
  9. Whiteboard Wednesday: SSL Ciphers [https://youtu.be/BJowLVthJkc]
  10. TLS Server Name Indication [https://youtu.be/vzq2RPYiKL0]
  11. Whiteboard Wednesday: SSL Renegotiation [https://youtu.be/H8G2x0d3Bb8]
  12. What is Mutual TLS (mTLS)? [https://youtu.be/RZt9xdVh9Qk]
  13. Mutual TLS (mTLS) Detailed Handshake [https://youtu.be/JcFjp61Vz40]
  14. Crypto Offload Options [https://youtu.be/wErDvSWUbxo]
  15. What is HTTP? [https://youtu.be/LZJNj-HHfII]
  16. HTTP2 [https://youtu.be/eDyLCQxrbr8]
  17. SAML Overview [https://youtu.be/i8wFExDSZv0]
  18. DNS Express [https://youtu.be/pDIvYyHumoM]
  19. DNSSEC Overview [https://youtu.be/MrtsKTC3KDM]
  20. IPS Passthrough [https://youtu.be/ict-At5rEmU]

SSL Everywhere Series

  1. SSL Everywhere (part 1 of 8) [https://youtu.be/bWuC9lD00cY]
  2. SSL Everywhere (part 2 of 8) [https://youtu.be/rT3uYVDuocM]
  3. SSL Everywhere (part 3 of 8) [https://youtu.be/Kb5TlpSJUys]
  4. SSL Everywhere (part 4 of 8) [https://youtu.be/UIFoiUVJv-4]
  5. SSL Everywhere (part 5 of 8) [https://youtu.be/qgljhYQMs6I]
  6. SSL Everywhere (part 6 of 8) [https://youtu.be/2ykG3f4Kg_0]
  7. SSL Everywhere (part 7 of 8) [https://youtu.be/YTEZ4ykf–o]
  8. SSL Everywhere (part 8 of 8) [https://youtu.be/k6rC1TbL7_4]

Videos from Other Sources

  • Elliptic Curve Cryptography Tutorial – Understanding ECC through the Diffie-Hellman Key Exchange [https://youtu.be/gAtBM06xwaw]
  • Secret Key Exchange (Diffie-Hellman) [https://youtu.be/NmM9HA2MQGI]
  • Diffie Hellman – the Mathematics bit [https://youtu.be/Yjrfm_oRO0w]
  • 7 3 Chosen ciphertext attacks 12 min [https://youtu.be/qyS8rIQisJk?list=PLe2uy_oFXJ1cSXd-ru8Q89n5w2Eo0sVMr]

CISSP PRACTICE QUESTIONS – 20220217

Posted on by
Reply
Effective CISSP Questions

Which of the following is least vulnerable to cryptographically relevant quantum computers (CRQC)? (Wentz QOTD)
A. Stream ciphers
B. The RSA Digital Signature Algorithm
C. Key agreement using Diffie-Hellman
D. Key exchange using RSA public-key encryption


Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

Continue reading

ISO/IEC 27002:2022 Controls

Posted on by
Reply
ISO/IEC 27002:2022 Controls by Security Properties and Control Types
ISO/IEC 27002:2022 Controls by Security Properties and Control Types
ISO/IEC 27002:2022 Controls by Cybersecurity Concepts and Security Domains
ISO/IEC 27002:2022 Controls by Cybersecurity Concepts and Security Domains

There are 93 distinct controls introduced in ISO/IEC 27002:2022. They are categorized as:
a) people, if they concern individual people;
b) physical, if they concern physical objects;
c) technological, if they concern technology;
d) otherwise they are categorized as organizational.

ISO 27002 ControlsDownload

Control Taxonomy

Each control is associated with five attributes with corresponding attribute values (preceded by “#” to make them searchable), as follows:

  • Control type: Preventive, Detective, and Corrective.
  • Information security properties: Confidentiality, Integrity and Availability.
  • Cybersecurity concepts: Identify, Protect, Detect, Respond and Recover.
  • Operational capabilities: as the following list shows.
  • Security domains: Governance_and_Ecosystem, Protection, Defence and Resilience

Operational Capabilities

  1. Governance
  2. Asset_management
  3. Information_protection
  4. Human_resource_security
  5. Physical_security
  6. System_and_network_security
  7. Application_security
  8. Secure_configuration
  9. Identity_and_access_management
  10. Threat_and_vulnerability_management
  11. Continuity
  12. Supplier_relationships_security
  13. Legal_and_compliance
  14. Information_security_event_management
  15. Information_security_assurance
#Information_security_assurance as an attribute of operational capabilities
#Information_security_assurance as an attribute of operational capabilities

Typo Corrected

The typo of #Information_security_assurance mentioned in 5.22 is corrected on March 24, 2022.

References

CISSP PRACTICE QUESTIONS – 20220216

Posted on by
Reply
Effective CISSP Questions

The international standard, ISO/IEC 27002:2022, has been officially published on Feb 15th, 2022. Each control in the standard has been associated with five attributes with corresponding attribute values. Which of the following is not a value of the control type attribute? (Wentz QOTD)
A. Preventive
B. Detective
C. Corrective
D. Recovery


Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

Continue reading

CISSP PRACTICE QUESTIONS – 20220215

Posted on by
Reply
Effective CISSP Questions

According to FIPS 200, adequate security emphasizes that security should be “commensurate with the risk and the magnitude of harm resulting from the loss, misuse, or unauthorized access to or modification of information.” Which of the following best justifies implementing security controls and demonstrates the adequate security concept? (Wentz QOTD)
A. Information security policy
B. Security awareness
C. Management commitment
D. Business case


Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

Continue reading

CISSP PRACTICE QUESTIONS – 20220214

Posted on by
Reply
Effective CISSP Questions

According to ISO/IEC 38500, a policy stands for the overall “intentions and direction of an organization as formally expressed by its governing body or executive managers acting with appropriate authority.Which of the following best describes the concept of security management driven by policies? (Wentz QOTD)
A. Risk-based management
B. Defense in depth
C. Strategic alignment
D. Top-down approach


Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

Continue reading

CISSP PRACTICE QUESTIONS – 20220213

Posted on by
2
Effective CISSP Questions

Which of the following is not an audit conducted by external parties? (Wentz QOTD)
A. First-party audit
B. Second-party audit
C. Third-party audit
D. Regulatory audit


Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

Continue reading