Your organization has system administrators that have management control of server systems that contain highly confidential data which is critical to business continuity. What type of test is most appropriate to reveal your risk?
C. Third Party
D. None of the Above
Wi-Fi Protected Access (WPA), superseding Wired Equivalent Privacy (WEP) in 2003, WPA2 (2004), and WPA3 (2018) are security certification programs developed by the Wi-Fi Alliance to secure wireless networks. Which of the following is correct? (Wentz QOTD)
A. TKIP is used in WEP to enforce confidentiality.
B. WPA3 employs HMAC to enforce nonrepudiation.
C. WPA uses RC4 as the underlying cipher for confidentiality.
D. WPA2 uses a stream cipher in CCM mode (counter with CBC-MAC).
Your company hired a security analyst who got on board today. Which of the following should be conducted first per the identity proofing procedure? (Wentz QOTD)
A. Enroll the biometric template in a model database and provision services
B. Uniquely distinguish the individual among a given population or context
C. Establish the linkage between claimed identity and real-life existence of subject
D. Determine the authenticity, validity, and accuracy of identity information and relate it to a real-life subject
Your company established multiple teams to develop software products. Which of the following is the best role in promoting security awareness and culture across software development teams? (Wentz QOTD)
A. Senior management
B. Data steward
C. Security champion
D. Security administrator
Your company establishes an E-Commerce website that sells toys around the world. All traffic is protected by HTTPS. Which of the following is the most feasible approach for the browser to submit the user’s password to the webserver? (Wentz QOTD)
A. Raw password
B. Hashed password
C. Salted password
D. Digital signature
Committees at the board level are also known as governance committees. Which of the following committees is most commonly established per legal and regulatory requirements? (Wentz QOTD)
A. Audit committee
B. Executive committee
C. Project governance committee
D. Strategic development committee
SEMI Standards Program
The SEMI International Standards Program is one of the key services offered by Semiconductor Equipment and Materials International (SEMI) for the benefit of the worldwide semiconductor, photovoltaic (PV), LED, MEMS and flat panel display (FPD) industries. Standards offer a way to meet the challenges of increasing productivity while enabling business opportunities around the globe. The program, started over 40 years ago in North America, was expanded in 1985 to include programs in Europe and Japan, and now also has technical committees in China, Korea and Taiwan.
SEMI Standards and Smart Manufacturing
While the concept of smart manufacturing is receiving increased attention in recent times, the SEMI Standards Program has for many years been developing the fundamental standards that enable today’s highly adaptive, self-diagnosing, and interoperable fabs. Since the initial publication of the original SEMI Equipment Communication Standard (SECS-I), E4, in the early 1980s, the SEMI Standards Information and Control Committee has continuously responded to the needs of the industry. Major cost reductions and efficiency improvements in factory integration were realized through SECS and GEM (Generic Equipment Model) in the 1990s, as equipment behavior became standardized.
More recently, smaller feature sizes and more restrictive tolerances have intensified the need for greater visibility into the entire manufacturing process. Fab manufacturing information must be collected and evaluated in greater amounts than ever before. The overall health of the equipment, performance, and process monitoring are examples of data collected to improve overall equipment efficiency. Continuous monitoring, on-demand data, data security and a single point of control through a single point of command are all required, with the caveat that equipment performance not be impacted.
Equipment Data Acquisition (EDA)
- EDA Interface A: HTTP/1.1 and SOAP/XML
- EDA Freeze 3: HTTP/2, gRPC™
Fab and Equipment Information Security
- SEMI 6506: Specification for Cybersecurity of Fab Equipment.
- SEMI 6566: Specification for Malware Free Equipment Integration
Your company is considering a proposal that sells or divests a business unit to a conglomerate for financial purposes. Some impacted employees may resign, while other divested employees are concerned with the new work location. As a security professional involved in the transaction, which of the following should your company conduct first? (Wentz QOTD)
A. Exit interview
C. Data sanitization
D. Security assessment