Complete CC ISC Materials

Knowledge-based authentication relies onsomething the user knows, such as passwords, PINs, or answers to security questions. It is the most common but also the weakest form of authentication due to susceptibility to guessing, phishing, and brute-force attacks. For this reason, it is often combined with other factors in multi-factor authentication (MFA).

White-box testing involves examining an application’s internal structure, including source code, logic paths, and configurations, to identify vulnerabilities and security weaknesses. Testers have full knowledge of the system and can analyze how data flows and how controls are implemented.

This testing approach is effective for identifying issues such as insecure coding practices, logic flaws, and hard-coded credentials. Black-box testing does not involve source code access, functional testing validates behavior, and user acceptance testing focuses on business requirements.

White-box testing is commonly used in secure code reviews, static application security testing (SAST), and DevSecOps pipelines. Security standards strongly recommend white-box techniques for early vulnerability detection.

Most VPNs (e.g., IPSec) operate atLayer 3 (Network layer), encapsulating IP packets to create secure tunnels.

When a device does not meet security baseline requirements, it poses a risk to the environment. Best practice is todisable or quarantine the deviceto prevent potential compromise or lateral movement. Network Access Control (NAC) solutions commonly automate this process.

Isolation ensures the device cannot interact with production systems until it is patched, configured correctly, and verified as compliant. This approach aligns with NIST and Zero Trust principles, emphasizing continuous compliance and containment.