CCT 127: Practice CISSP Questions – Secure Communication Protocols (D4.1.3)

Embark on an exciting foray into the ever-evolving world of cybersecurity with me, Sean Gerber, as I chart a new course into independent consultancy. The waters are rough, with the UK's critical infrastructure facing an unprecedented OT threat landscape, exacerbated by global geopolitical unrest. Uncover how seemingly secure supply chains and legacy OT systems can become a playground for cyber adversaries, and why protecting energy and utilities has never been more vital. Gain insight into the Purdue model's crucial role in network segregation, and realize how these strategies are essential defenses against the sophisticated threats of today.

Transitioning to the educational side of cyber defense, this episode serves as a beacon for CISSP aspirants. We tackle domain 4.1.3 head-on with a CISSP question session that challenges and hones your understanding of essential security protocols like IPsec and Kerberos. I also unveil the extensive arsenal of resources available at cispsybertraining.com, providing everything from free videos to a meticulously crafted blueprint for acing the CISSP exam. Whether you're a seasoned pro or just starting, this podcast is your ally in the quest for certification and mastery in the digital security realm.

Gain access to 30 FREE CISSP Exam Questions each and every month by going to FreeCISSPQuestions.com and sign-up to join the team for Free. 

TRANSCRIPT

Speaker 1: 0:00 

Welcome to the CISSP Cyber Training Podcast, where we provide you the training and tools you need to pass the CISSP exam the first time. Hi, my name is Sean Gerber and I'm your host for this action-packed, informative podcast. Join me each week as I provide the information you need to pass the CISSP exam and grow your cybersecurity knowledge. All right, let's get started.

Speaker 2: 0:26 

Good morning. It's Sean Gerber with CISSP Cyber Training. Hope you all are having a blessed day today. Today is an amazing day. Yes, this is like day three or four in my overall new experience of working for myself. So, yes, it is interesting, it is challenging, it's fun, it's also a bit scary, but it's all good, we are. I'm excited about that. Working on my house now I'm an independent consultant for cybersecurity and it's going to be fun. It will be interesting.

Speaker 2: 0:53 

So one thing we want to talk about today we're going to be getting into domain 4.1.3, the security questions for that, because today is guess what yes domain question Thursday, and so we're going to go over some of the questions that are associated with this specific domain as it relates to what we had in the podcast on Monday. But before we do, I wanted to go through just a little tidbit of news that I saw today. This is around the OT operational technology threat landscape, and this is as it relates to the critical infrastructure in the UK, united Kingdom. The article talks about how it is probably one of the most attacked countries on the planet as it relates to OT, and a lot of that is due to a couple of different reasons, but obviously the thing that's going on with Ukraine, and because the British have been so staunch supporter of the Ukrainians during this fight, they are probably one of the most targeted folks in there. One of the things that has come up as it relates to the UK. Their National Cybersecurity Center, the NCSC, had reported that most of the companies up there had been hit with some level of malware and it's been tying back to their OT supply chain. So most of these OT supply chains are folks that are supporting the energy and utilities aspects of their country and so therefore, you can tell the attackers are going after the supply chain in and of itself. So I see that as probably some of your weakest links and we've talked about this on the podcast numerous times where the supply chains. If I was a person that was attacking a target, the softest part of that target would be your supply chains, because in many cases they may not be as totally prepared for the attack as the critical infrastructure locations are right at this point. So one of the things that they mentioned in the article around some of the top targets within the UK were British Petroleum, royal Dutch Shell, chevron, national Grid, dax Group and Energy One. Now the interesting part on all this is when the Australian company Energy One was hit with a cyber attack last year, it impacted all the systems, many of the systems in the UK, and so that is an interesting pact where if they hit one system that is tied around the global nature, the global community, it can impact, obviously, other groups within the overall ecosystem in the world. So these guys are not stupid, they're very smart and they're actually using threat intelligence to help define where are their targets and they're going to go after. So it's kind of interesting to see how that plays out.

Speaker 2: 3:28 

Now the article kind of gets into. Why is OT such a significant impact? A lot of it is due to the fact that much of the systems that are being run on OT environments are legacy and have been around for some time, and they have a hard time. I've learned this myself working in this space, that you don't have the ability necessarily to update and manage these systems quickly. You're stuck in the position where you have to. You have old legacy systems that have been around since, in some cases, the 70s, that you have to update with new and current firmware and without having the ability to do that because, for example, if you try to update these systems out of cycle, it can bring the systems down, which then can impact your overall company. If the manufacturing facility has to come down, you have to figure out and windows and so forth, so it can be very challenging and problematic. So therefore, a lot of times these systems are not actually patched, or they're not patched in a routine basis, or there maybe there's no patches even available for them. So it does require a lot of expert expertise to make sure that you are protecting them correctly. And one of the things that has come up in the past is been about the Purdue model and that really comes into how do you segregate your OT environment from your IT or your basically your business network. And that would be one of the recommendations that you would do, especially with these older builders antiquated, more antiquated systems. So again, bottom line is they talk about in this article just the fact that OT is a big factor. It's going to be a continued big factor within the globe and the you can just anticipate that there will be opportunities, if you're in cybersecurity, to work in the OT space. If you haven't already done so, all right.

Speaker 2: 5:07 

So let's get into the CISSP questions for this week. Question one what is the primary purpose of IPsec? A to provide a routing protocol. B to ensure secure web browsing. C to secure IP communications by authenticating and encrypting the packet stream. D to manage the IP address. Okay, so what is the primary purpose of IPsec Is to secure IP communications by authenticating and encrypting the packet stream. Question two which component of Kerberos is responsible for issuing ticket granting tickets, tgts? Again, which component of Kerberos is responsible for issuing ticket granting tickets? A authentication service, b the service service or the service server? C the client or D the ticketing granting service. So which component of Kerberos is responsible for issuing ticket granting tickets, tgts? And the answer is A authentication service. The authentication service is a component of Kerberos that authenticates a user and issues the TGT.

Speaker 2: 6:12 

Question three SSH is known for which of the following features A providing wireless security. B encrypting remote login sessions. C compressing video data or D routing network traffic. So SSH is known for which of the following features? And it would be B encrypting the remote login sessions. Ssh is primarily used for encrypting the remote login sessions to ensure secure command execution and file transfers. We've done this, you do this numerous times. You just don't, probably don't even realize it sometimes, but it's a great way for you doing, especially file transfers. I've did this with my teaching my students. You help them as they redo remote logins to their system for their editing their Python scripts. So to IoT devices.

Speaker 2: 6:59 

A question four the signal protocol is renowned. Renowned for its use of what? Okay, the signal protocol is renowned for its use of what? A forward security or secrecy, b quantum cryptography, c systematic symmetric key distribution or D blockchain technology. Okay, signal protocol is renowned for what's use of? A forward security Again, it uses forward security. So, basically, that pass communications cannot be compromised, even if the encryption keys are stolen in the future. Right, and that's one of the things people are worried about with quantum is that the keys or the actual certificates could be compromised and cracked in the future.

Speaker 2: 7:42 

Question five which protocol is commonly paired with L2TP to provide encryption? Which protocol is commonly paired with L2TP to provide encryption? A TLS, b, ssh, c SRTP or D IPsec? Again, which protocol is commonly paired with L2TP for encryption? And it is D? Ipsec? Okay, l2tp does not provide encryption by itself and it's commonly paired with IPsec to provide, especially, a secure VPN connection. Question six SRTP is used to secure which type of communication A email, B file transfers. C real-time communications like VoIP or D web browsing. Again, srtp is used to secure which type of communication? And the answer is C real-time communications, such as VoIP. Srtp is specifically designed to provide encryption, message authentication and integrity for real-time communications such as VoIP.

Speaker 2: 8:46 

Question seven ZRTP. You get SRTP named ZRTP. These are all these things you have to remember. Zrtp is unique because it is what A as a public key infrastructure or PKI. B it generates ephemeral keys for each session. C is based on symmetric key cryptography. Or D it requires pre-shared keys. So question seven ZRTP is unique because B it generates ephemeral I can't say that it's a big $10 word and it's five o'clock in the morning, sorry Ephemeral keys for each session. So again, each session will help protect against the man in the middle of tax without having to rely on specific PKI or certificate-based encryption. Question eight DTLS is designed for the use of which type of protocol? A TCP, b ICMP, c ARP or D UDP. Arp is A-R-P, so, if you didn't know, all right. So which DTLS is designed for which type of protocol? And the answer is D UDP. Right, so it's based on TLS, but it's adapted for its use with the UDP, which is a user data-gram protocol where you have fast data transfers in short response times.

Speaker 2: 10:01 

Another thing around UDP. It's used a lot in video because of the fact that it has just barrage packets and therefore it can lose some packets. Dtls is based on TLS but is used specifically for the UDP protocol. Question nine which of the following statements about signal protocols is true A it employs a concept of trust on first use, or TOEFLU. B it's a centralized server to store encryption keys. C it's a primary use to secure email communications, or D it relies on server side fan out for message delivery. Okay, so which of the following statements is true or is true about the signal protocol? And it is A it employs a concept of trust on first use or TOEFLU for key verification. Okay, it's basically this way. Is it introduces the trust before they're communicating? It actually communicates between parties, so it's trust on first use.

Speaker 2: 10:55 

Question 10, what does S in this mime? I'm sounding this out for you guys. What does S and S mime stand for? Oh my gosh, this is early morning, all right. A secure. B simple, c standard or D symmetric Okay, what does S in the S mime stand for? Okay, so, as we're dealing with security, one of the things if you didn't know, you could just guess. But guess would be secure right. So it's a secure, multi-purpose internet mail extensions. That's what's mime stands for smime, and it's designed for secure email communications. So, again, s stands for secure in secure mime.

Speaker 2: 11:36 

Question 11, open VPN utilizes which technology to provide flexible and secure VPN solutions? So again, what? Open VPN utilizes which technology to provide flexible and secure VPN solutions? A active directory, b proprietary software, c hardware tokens or D open source code or open source software? Yeah, it's a mouthful. Open source is the answer. It is D. Open VPN is an open source VPN protocol which means its open source product is freely available for people to use and modify as they see fit.

Speaker 2: 12:13 

Question 12, which protocol would you use to secure voice call over the internet? Okay, you have. Again, we're talking VoIP over the internet. A L2TP, b, srtp, c SSH or D ZRTP? Again, you're talking with the TPs, right? We talked about VoIP earlier. Which one is it? L2tp, srtp, ssh or ZRTP? And the answer is D. Zrtp is designed for securing voice over IP VoIP calls. End with end to end encryption. That's the ultimate point of ZRTP.

Speaker 2: 12:49 

Question 13, tls primarily secures which layer of the OSI model? Okay, so the OSI burrito that we talked about, we're gonna be talking about. Which one is that which TLS primarily secures which layer of that OSI model A the application layer Layer. B the network layer. C the transport layer, or D the data link layer. Okay, so if you're thinking about TLS, what does TLS deal with? Tls deals with transportation, so what would be that guess? The guess would be the transport layer C, correct? Tls operates at the transport layer of the OSI model and therefore it will provide secure communications between applications over the internet.

Speaker 2: 13:30 

Question 14, which feature of the signal protocol ensures that no third party can read the messages? Can? We don't want anybody reading the messages, so what would that be? So what part of the signal protocol ensures no third party can read the messages? A end to end encryption, b tokenization. C data masking or D roll-based access controls. Okay, so we're talking signal protocol which featured in that would allow you to have encryption, and that would be end to end encryption. Right, that would be the. A. The signal protocol uses this end to end encryption, right With it with that way, and it uses that in proprietary means. That way, you can only read and decrypt the messages as appropriate, right? That's one of the big things that's been coming out. I know what do you call it. Apple got hit with something recently in their messages where they said that their encryption could be hacked. I think it's gonna be an ongoing aspect because most people use some sort of signal app or they use Apple's iMessages to communicate A lot of communication over text messages versus actually sending them through email Email's still widely used by no means or by all means, but it's a lot of communications are occurring over text.

Speaker 2: 14:45 

Question 15, the last Mel and the final one what is the main advantage of using DTLS over TLS for streaming media? Again, what is the main advantage of using DTLS over TLS for streaming media? A DTLS supports multicast. B DTLS has better error correction. C DTLS is faster because it operates over UDP. And D DTLS uses less bandwidth. Okay, so the main advantage of DTLS over TLS for streaming media is C DTLS is faster because it operates over UDP. Why? Because UDP utilizes that basically spraying of data and data packets versus having the actual TCP handshake. So again, that's the key piece around. Dtls is faster for over TLS for streaming media because of that specific reason. Okay, that's all I've got for you today. I hope you guys have a wonderfully blessed day and again we'll see you next week.

Speaker 2: 15:44 

Head on over to cispsybertrainingcom. You can get access to all my great stuff at cispsybertrainingcom. It's available to you there free of charge. All this stuff is a lot of it's there. My blueprint is available for you. The blueprint is amazing. The blueprint is what makes this thing work. It will help you pass the CISSP exam, no question about it, if you follow the blueprint. But all of these videos are there on my website, as well as the audios are available to you as well. The ultimate goal is to help you pass the CISSP, and I'm here to do that, and I hope you do that in a fast and efficient way. All right, have a wonderful day, guys, and we will catch you on the flip side, see ya.

QUESTIONS

QUESTIONS:

1. What is the primary purpose of IPSEC?

• A) To provide a routing protocol
• B) To ensure secure web browsing
• C) To secure IP communications by authenticating and encrypting each IP packet
• D) To manage IP addresses
• Correct Answer: C
• Explanation: IPSEC is designed to secure communications over an IP network by providing authentication, integrity, and confidentiality of IP packets.

2. Which component of Kerberos is responsible for issuing ticket-granting tickets (TGTs)?

• A) Service Server
• B) Client
• C) Authentication Service (AS)
• D) Ticket Granting Service (TGS)
• Correct Answer: C
• Explanation: The Authentication Service (AS) is the component in Kerberos that authenticates a user and issues a TGT.

3. SSH is known for which of the following features?

• A) Providing wireless security
• B) Encrypting remote login sessions
• C) Compressing video data
• D) Routing network traffic
• Correct Answer: B
• Explanation: SSH is primarily used for encrypting remote login sessions to ensure secure command execution and file transfers over insecure networks.

4. The Signal Protocol is renowned for its use of:

• A) Forward Secrecy
• B) Quantum Cryptography
• C) Symmetric Key Distribution
• D) Blockchain Technology
• Correct Answer: A
• Explanation: The Signal Protocol uses forward secrecy to ensure that past communications cannot be compromised even if the encryption keys are stolen in the future.

5. Which protocol is commonly paired with L2TP to provide encryption?

• A) TLS
• B) IPSEC
• C) SSH
• D) SRTP
• Correct Answer: B
• Explanation: L2TP does not provide encryption by itself and is commonly paired with IPSEC to provide a secure VPN connection.

6. SRTP is used to secure which type of communication?

• A) Email
• B) File transfers
• C) Real-time communications like VoIP
• D) Web browsing
• Correct Answer: C
• Explanation: SRTP is specifically designed to provide encryption, message authentication, and integrity for real-time communications such as VoIP.

7. ZRTP is unique because it:

• A) Uses a Public Key Infrastructure (PKI)
• B) Generates ephemeral keys for each session
• C) Is based on symmetric key cryptography
• D) Requires pre-shared keys
• Correct Answer: B
• Explanation: ZRTP generates ephemeral keys for each session, which helps protect against man-in-the-middle attacks without relying on a PKI.

8. DTLS is designed for use with which type of protocol?

• A) TCP
• B) UDP
• C) ICMP
• D) ARP
• Correct Answer: B
• Explanation: DTLS is based on TLS but is adapted for use with datagram protocols like UDP, which is used where fast data transfer and short response times are crucial.

9. Which of the following statements about the Signal Protocol is true?

• A) It uses a centralized server to store encryption keys.
• B) It employs the concept of ‘Trust on First Use’ (TOFU) for key verification.
• C) It is primarily used for securing email communications.
• D) It relies on server-side fan-out for message delivery.

Correct Answer: B Explanation: The Signal Protocol employs the concept of ‘Trust on First Use’ (TOFU), also known as ‘trust on first use’, as a way of introducing trust between communicating parties. 

10. What does the ‘S’ in S/MIME stand for?

• A) Secure
• B) Simple
• C) Standard
• D) Symmetric
• Correct Answer: A
• Explanation: S/MIME stands for Secure/Multipurpose Internet Mail Extensions, which is used for secure email communication.

11. OpenVPN utilizes which technology to provide flexible and secure VPN solutions?

• A) Active Directory
• B) Open Source
• C) Proprietary Software
• D) Hardware Tokens
• Correct Answer: B
• Explanation: OpenVPN is an open-source VPN protocol, which means its source code is freely available for review and modification.

12. Which protocol would you use to secure a voice call over the internet?

• A) L2TP
• B) SRTP
• C) SSH
• D) ZRTP
• Correct Answer: D
• Explanation: ZRTP is specifically designed for securing voice over IP (VoIP) calls with end-to-end encryption.

13. TLS primarily secures which layer of the OSI model?

• A) Application Layer
• B) Transport Layer
• C) Network Layer
• D) Data Link Layer
• Correct Answer: B
• Explanation: TLS operates at the transport layer of the OSI model to provide secure communication between applications over the internet.

14. Which feature of the Signal Protocol ensures that no third party can read the messages?

• A) End-to-End Encryption
• B) Tokenization
• C) Data Masking
• D) Role-Based Access Control
• Correct Answer: A
• Explanation: The Signal Protocol uses end-to-end encryption, which means only the communicating users can decrypt and read the messages.

15. What is the main advantage of using DTLS over TLS for streaming media?

• A) DTLS supports multicast
• B) DTLS has better error correction
• C) DTLS is faster because it operates over UDP
• D) DTLS uses less bandwidth
• Correct Answer: C
• Explanation: DTLS is preferred for streaming media because it operates over UDP, which is faster and more suitable for time-sensitive transmissions than TCP, which is used by TLS.