Lesson 19: Comprehensive Review & Exam Prep
We've reached the course's final lesson. This lesson doesn't teach any new concept — it builds two things toward the exam: how American-style multiple-choice questions are built and where they try to mislead you (four recurring distractor patterns), and five cross-lesson connections that require pul
In brief: the exam is 25 American-style questions, closed-book, no formula sheet. The hardest questions don't test a single definition but a connection between two lessons — like why TLS uses hybrid encryption, or why a departed employee's account is a risk. Wrong answers usually aren't just random mistakes — they're targeted: swapping two similar concepts, reversing cause and effect, changing one word that flips a true claim to a false one, or using words like 'always'/'never' that are almost always wrong.
- Exam Format: Logistics & Key Reminders
- The exam follows an American-style multiple-choice format — 25 questions, each with exactly one correct answer. It's closed-book, and no formula sheet is needed — all that's required is understanding the concepts and the reasoning behind them, not memorizing a formula.
- Distractor Pattern 1: Concept-Swapping
- A distractor takes two similar-but-different concepts (e.g. ARP Poisoning vs. MAC Flooding, or RBAC vs. ABAC) and swaps or blends their definitions. The defense: identify exactly what each concept targets or solves, not just its name.
- Distractor Pattern 2: Causality-Reversal
- A distractor reverses the direction of cause and effect — e.g. claiming 'there were no security tools' when the tools actually existed but the process around them failed (as in the Target case). The defense: ask 'is this really the cause, or does it just sound plausible?'
- Distractor Pattern 3: Subtle Wording
- A single word changes between a correct and incorrect answer — for example 'always' instead of 'usually,' or 'completely prevents' instead of 'significantly reduces.' A small wording difference turns a fully correct claim into a wrong one. The defense: read every answer word by word, not just catching the general idea.
- Distractor Pattern 4: Over-Inclusive Absolutist Language
- Answers containing words like 'always,' 'never,' 'under no circumstances' tend to be wrong, because they ignore exceptions — there's almost always a scenario where the rule doesn't apply. The defense: an absolutely-worded answer demands a double-check.
- Connection: Why TLS Uses Hybrid Encryption
- As covered with TLS, asymmetric encryption is 1,000-10,000x slower than symmetric, so it's confined to the 'handshake' stage only — the protocol then switches to fast symmetric encryption for the heavy data itself. Same speed problem met before, just applied here to TLS.
- Connection: The Operational Lesson from the Target Breach
- Target had a firewall, IDS, IPS, DLP, and network segmentation — but a critical alert from the FireEye system went unhandled by the team. The lesson: the quality of implementing and operating controls matters more than merely owning advanced tools.
- Connection: The Danger of Zombie Accounts
- In the de-provisioning process, accounts of employees who left the organization but remain active ('zombie accounts') are a serious security hole — which is why a 'kill switch' for immediate disconnection from every system on departure is required.
- Connection: ARP Poisoning vs. MAC Flooding
- The essential difference, per what we already covered: ARP Poisoning sends forged ARP replies to make a computer believe the attacker's MAC address belongs to the router. MAC Flooding doesn't deceive any computer — it floods the switch's own CAM table with thousands of forged addresses until it enters Fail-Open mode and broadcasts everything to everyone, like a hub.
- Connection: ABAC's Advantage in Context-Based Decisions
- ABAC is the most comprehensive of the access-control models — it weighs the user, the resource, and the environment (time, location) all at once, granting the most granular and dynamic permission of any model. This is exactly its advantage over RBAC (based only on a fixed role) in distributed organizations.