CCCure #1
RAID Level 0
"Writes files in stripes across multiple disks without the use of parity information. This technique allows for fast reading and writing to disk. However, without parity information, it is not possible to recover from a hard drive failure."
What would be the Annualized Rate of Occurrence (ARO) of the threat "user input error", in the case where a company employs "100" data entry clerks and "every one of them" makes "one" input error each "month"?
1200
Which International Organization for Standardization standard is commonly referred to as the Common Criteria?
15408
How many rounds of substitution are used by DES?
16
The standard server port for HTTP is which of the following?
80
Which of the following answers would BEST defend against Layer 2 - ARP Poisoning attacks?
802.1X
Router
A _________ is a layer 3 (Network) device within the OSI layers.
Statistical Anomaly-Based ID
A behavioral-based system. Behavioral-based products do not use predefined signatures, but rather are put in a learning mode to build a profile of an environment's "normal" activities. This profile is built by continually sampling the environment's activities.
Shoulder surfing
A form of a passive attack involving stealing passwords, personal identification numbers or other confidential information.
Virtual storage
A service provided by the operating system where it uses a combination of RAM and disk storage to simulate a much larger address space than is actually present.
Which of the following answers BEST describes why the WEP encryption process was so flawed?
A short, static IV that is sent in cleartext
Bastion Host
A special purpose computer on a network specifically designed and configured to withstand attack. The computer hosts a single application, for example a proxy server, and all other services are removed or limited to reduce the threat to the computer. It is hardened in this manner primarily due to its location and purpose, which is either on the outside of the firewall or in the DMZ and usually involves access from untrusted networks or computers.
Multiprotocol Label Switching (MPLS)
A standard-approved technology for speeding up network traffic flow and making things easier to manage.
Business Impact Analysis
A team collects data through interviews and documentary sources; documents business functions, activities, and transactions; develops a hierarchy of business functions; and finally applies a classification scheme to indicate each individual function's criticality level.
Phreaking
A term usually used when finding software vulnerabilities, rather it refers to hacking telecommunications systems like phones networks.
An absence or weakness of safeguard that could be exploited?
A vulnerability
Holds users accountable for their actions.
Accountability
Corrective Controls
Actions that seek to alter the security posture of an environment to correct any deficiencies and return the environment to a secure state.
Unauthorized or improper monitoring
Active monitoring must be properly authorized and conducted in a standard manner; users must be notified that they may be subject to monitoring.
Directive controls
Administrative instruments such as policies, procedures, guidelines, and agreements. An acceptable use policy is an example.
Areas of the enterprise are business continuity plans required?
All areas of the enterprise.
Wet pipe systems
Always contain water in the pipes and are usually discharged by temperature control-level sensors. One disadvantage of _______________ is that the water in the pipes may freeze in colder climates. Also, if there is a nozzle or pipe break, it can cause extensive water damage. These types of systems are also called closed head systems.
An application layer firewall is also called a
An Application Gateway
X.25
An ITU-T standard protocol suite for packet switched wide area network (WAN) communication.
Exposure
An ___________ is an instance of being exposed to losses from a threat agent.
Query plan (or Query execution plan)
An ordered set of steps used to access data in a SQL relational database management system.
Recovery Controls
Any changes to the access control environment, whether in the face of a security incident or to offer temporary compensating controls, need to be accurately reinstated and returned to normal operations.
Wiretaps or phone taps
Anyone conducting this must obtain a prior court order
A digital circuit that performs integer arithmetic and logical operations.
Arithmetic logic unit (ALU)
What ensures that the control mechanisms correctly implement the security policy for the entire life cycle of an information system?
Assurance procedures
Must guarantee __________ in each and every situation, including power failures, errors, and crashes.
Atomicity
Active attack
Attempts to alter system resources to affect their operation
Passive attack
Attempts to learn or make use of the information from the system but does not affect system resources.
The _______ examines the information systems and determines whether they are designed, configured, implemented, operated, and managed in a way ensuring that the organizational objectives are being achieved.
Auditor
Proves an identity
Authentication
The primary service provided by Kerberos is which of the following?
Authentication
Radius, TACACS and DIAMETER are classified as
Authentication, authorization, and accounting (AAA) servers.
Describes the action you can perform on a system once you have been identified and authenticated.
Authorization
A buffer overflow occurs when a program tries to store more data in a storage space than it can hold. The data which cannot be stored in the space spills over into adjacent memory space and if it contains some code that is executed it can result in a compromise. Which of the following answers best describes the cause of this condition?
Bad quality assurance checks in software development
What do you call a special purpose computer on a network specifically designed and configured to withstand attack. The computer hosts a single application, for example a proxy server, and all other services are removed or limited to reduce the threat to the computer, all patches and updates have been applied. It is hardened in this manner primarily due to its location and purpose, which is either on the outside of the firewall or in the DMZ and usually involves access from untrusted networks or computers?
Bastion Host
A long power interruption.
Blackout
In a known plaintext attack, the cryptanalyst has knowledge of which of the following?
Both the plaintext and the associated ciphertext of several messages.
A prolonged power supply that is below normal voltage.
Brownout
Prolonged power supply that is below normal voltage.
Brownout
Which of the following provides enterprise management with a prioritized list of time-critical business processes, and estimates a recovery time objective for each of the time critical processes and the components of the enterprise that support those processes?
Business Impact Analysis
IPSec
Can be run in either tunnel mode or transport mode. Each of these modes has its own particular uses and care should be taken to ensure that the correct one is selected for the solution.
A detective control
Can be used to investigate what happen after the fact.
Which of the following protection devices is used for spot protection within a few inches of the object, rather than for overall room security monitoring?
Capacitance detectors
Data custodians
Care for an information asset on behalf of the data owner.
Is the hardware within a computer that carries out the instructions of a computer program by performing the basic arithmetical, logical, and input/output operations of the system
Central processing unit (CPU)
Vulnerability
Characterizes the absence or weakness of a safeguard that could be exploited.
Preaction
Combines both the dry and wet pipe systems, by first releasing the water into the pipes when heat is detected (dry pipe), then releasing the water flow when the link in the nozzle melts (wet pipe). This allows manual intervention before a full discharge of water on the equipment occurs. This is currently the most recommended water system for a computer room.
"The publication of the ______________ as the ISO/IEC 15408 standard provided the first truly international product evaluation criteria.
Common Criteria
PPP (Point-to-Point Protocol)
Communication between two computers using a serial interface, typically a personal computer connected by phone line to a server.
Which of the following control provides an alternative way of regaining control if a control fails?
Compensating
Controlling access to information systems and associated networks is necessary for the preservation of their _________________
Confidentiality, integrity, and availability
Which of the following terms BEST describes how we establish a system state of mandatory settings and security configuration settings which must be in place on a system prior to being permitted on the enterprise network?
Configuration Baseline
Teardrop attack
Consists of modifying the length and fragmentation offset fields in sequential IP packets so the target system becomes confused and crashes after it receives contradictory instructions on how the fragments are offset on these packets.
What is the appropriate role of the security analyst in the application system development or acquisition project?
Control evaluator & consultant
A _________ is the software tool used to remove the need to insert a serial number or activation key.
Crack
A block encryption algorithm using 56-bit keys and 64-bit blocks that are divided in half and each character is encrypted one at a time. The characters are put through 16 rounds of transposition and substitution functions.
DES
Related to web security for users, which of the following is the most serious risk when the threat of a rogue DHCP servers is present on your network?
DHCP Leases which contain rogue DNS server entries
If an unauthorized ___________ were present on your network and permitted to operate and give out invalid lease options one of the most dangerous options would be your DNS Server.
DHCP Server
_______ is a physical or logical subnetwork that contains and exposes an organization's external services to a larger, untrusted network, usually the Internet. The purpose of a _______ is to add an additional layer of security to an organization's Local Area Network (LAN); an external attacker only has access to equipment in the _______, rather than the whole of the network.
DMZ
Which of the following device in Frame Relay WAN technique is generally customer owned device that provides a connectivity between company's own network and the frame relays network?
DTE
Who can best decide what are the adequate technical security controls in a computer-based application system in regards to the protection of the data being used, the criticality of the data, and it's sensitivity level ?
Data or Information Owner
One goal of Cryptography is Integrity. Which answer BEST reflects the benefit of data Integrity?
Data remains unaltered
Which of the following defines the software that maintains and provides access to the database?
Database Management System (DBMS)
Threat
Defined as a potential danger to information or systems.
The trusted computing base (TCB)
Defined in the Orange Book (TCSEC or Trusted Computer System Evaluation Criteria). Includes the combination of all hardware, firmware and software responsible for enforcing the security policy. Higher rating will require that details of their testing procedures and documentation be reviewed with more granularity.
Senior Management
Demonstrate commitment to the project and approves the necessary resources to complete the project. This commitment from senior management helps ensure involvement by those needed to complete the project.
An Intrusion Detection System (IDS) is what type of control?
Detective
Wave pattern motion
Detectors generate a frequency __________ and send an alarm if the pattern is disturbed as it is reflected back to its receiver.
Information systems auditors
Determine whether systems are in compliance with the security policies, procedures, standards, baselines, designs, architectures, management direction and other requirements" and "provide top company management with an independent view of the controls that have been designed and their effectiveness."
IT auditors
Determine whether users, owners, custodians, systems, and networks are in compliance with the security policies, procedures, standards, baselines, designs, architectures, management direction, and other requirements placed on systems.
Information systems security professionals
Develop the security policies and supporting baselines, etc.
Dry systems
Do not have water in them. The valve will not release until the electric valve is stimulated by excess heat.
Timestamping, Certificate revocation, Repository
Elements included in a Public Key Infrastructure (PKI)?
Integrated Service Digital Network (ISDN)
Enables data,voice and other types of traffic to travel over a medium in a digital manner previously used only for analog voice transmission.
Entrapment
Encourages someone to commit a crime that the individual may have had no intention of committing.
Security Officer
Ensures that system controls and supporting processes provides an effective level of protection, based on the data classification set in accordance with corporate security policies and procedures
Statistical-Anomaly-Based systems
Establish a baseline of normal traffic patterns over time and detect any deviations from that baseline. Some also use heuristics to evaluate the intended behavior of network traffic to determine if it intended to be malicious or not. Most modern systems combine two or more of these techniques together to provide a more accurate analysis before it decides whether it sees an attack or not.
Protocol Anomaly-Based systems
Examine network traffic to determine if what it sees conforms to the defined standard for that protocol, for example, as it is defined in a Request for Comment or RFC.
Signature- or Pattern-Matching systems
Examine the available information (logs or network traffic) to determine if it matches a known attack.
The protocol that is used to facilitate file transfer between two machines.
FTP
A momentary power outage is a
Fault
Momentary power out.
Fault
Which of the following is the MOST secure authentication mechanism used to authenticate a user?
Fingerprint Scan (Something you are)
Mirrored Sites
Fully redundant facilities with automated real-time information.
IDS
Functions as both a detective and a deterrent control. It is acting as a deterrent if the attacker know that such capability exists and it is acting as a detective control after a crime or intrusion has been committed.
Which answer is BEST described as an automated or manual software testing technique where random data is fed into programs or protocols to see if they will crash or fail into a vulnerable state causing a security vulnerability or revealing useful information for hackers?
Fuzzing
Which of the following suppresses combustion by disrupting a chemical reaction, by doing so it kills the fire?
Halon
Wet systems
Have a constant supply of water in them at all times; these sprinklers once activated will not shut off until the water source is shut off.
Data owners
Have overall responsibility for information assets and assign the appropriate classification for the asset as well as ensure that the asset is protected with the proper controls.
What is a security policy?
High level statements on management's expectations that must be met in regards to security.
Secondary storage
Holds data not currently being used by the CPU and is used when data must be stored for an extended period of time using high-capacity, nonvolatile storage.
Work at the Network layer of the OSI model.
IPSEC
Fundamentally an IP tunnel with encryption and authentication. Established for gateway service. Have two sets of IP headers
IPSec Tunnel mode
The requirements of ___________ are an integral part of the European Union's environmental management scheme EMAS.
ISO 14000
Is part of a growing family of ISO/IEC Information Security Management Systems (ISMS) standards,
ISO/IEC 27000
Is a claim
Identity
retrofitting
If you are __________ that means you are adding multilevel security to an existing database management system.
The goal is to discover the key used to encrypt the messages so that other messages can be deciphered and read.
In a known plaintext attack
DMZ
In a network, the hosts most vulnerable to attack are those that provide services to users outside of the LAN, such as e-mail, web and DNS servers. Due to the increased potential of these hosts being compromised, they are placed into their own subnetwork in order to protect the rest of the network if an intruder was to succeed. Hosts in the _______ should not be able to establish communication directly with any other host in the internal network, though communication with other hosts in the ______ and to the external network is allowed. This allows hosts in the _______ to provide services to both the internal and external network while still protecting the internal network.
Halon
In the past, ________ was the choice for gas suppression systems; however, ________ leaves residue, depletes the ozone layer, and can injure nearby personnel.
Pre-action systems
Incorporate a detection system, which can eliminate concerns of water damage due to false activations. Water is held back until detectors in the area are activated.
Responsible for providing reports to the senior management on the effectiveness of the security controls?
Information systems auditors
___________ is generally considered to be more secure to eavesdropping than multidirectional radio transmissions because _________ requires direct line-of-sight paths.
Infrared
Inside attack
Initiated by an entity inside the security perimeter, an entity that is authorized to access system resources but uses them in a way not approved by those who granted the authorization.
Outside attack
Initiated from outside the perimeter, by an unauthorized or illegitimate user of the system.
An attack initiated by an employee that is authorized to access system resources but uses them in a way not approved by those who granted the authorization is known as a(n):
Inside attack
Is how data should remain unaltered where it is created, used and when it is transmitted between parties.
Integrity
Related to information security, the guarantee that the message sent is the message received with the assurance that the message was not intentionally or unintentionally altered is an example of which of the following?
Integrity
Preventive Controls
Intended to avoid an incident from occurring.
Deterrent Controls
Intended to discourage a potential attacker.
A component of IPSec
Internet Key Exchange
What would you call a network security control deployed in line to detect, alert, and take action when a possible intrusion is detected?
Intrusion Prevention System (IPS)
Zero-Day Attack
Is a computer threat that tries to exploit computer application vulnerabilities that are unknown to others or the software developer. ___________ exploits (actual software that uses a security hole to carry out an attack) are used or shared by attackers before the developer of the target software knows about the vulnerability.
Exploit
Is a piece of software, a chunk of data, or sequence of commands that takes advantage of a bug, glitch or vulnerability in order to cause unintended or unanticipated behavior to occur on computer software, hardware, or something electronic (usually computerized). This frequently includes such things as gaining control of a computer system or allowing privilege escalation or a denial-of-service attack.
Intrusion Prevention System (IPS)
Is a preventive and proactive mechanism whereas an IDS is detective and after the fact technology.
Kerberos
Is a third party authentication protocol. It was designed and developed in the mid 1980's by MIT. It is considered open source but is copyrighted and owned by MIT.
Key Management
Is better in asymmetric key encryption as compare to symmetric key encryption. In fact, there is no key management built within Symmetric Crypto systems.
Configuration baseline
Is essentially a starting place for the computer's operating system. It is where ALL systems must begin before being allowed on the trusted network
Degree
Is the "number" of columns in a relation.
Secure Sockets Layer (SSL)
Is the predecessor to Transport Layer Security, It was developed by Netscape, and It is used for transmitting private documents over the Internet.
Avoidance
Is when we eliminate risk or just avoid it altogether.
Input Validation
Is where proper coding techniques are applied to software to avoid the conditions where users can input unconstrained input causing dangerous conditions for the system. (Like buffer overflow attacks)
Which of the following ACID property in DBMS ensures that the concurrent execution of transactions results in a system state that would be obtained if transactions were executed serially, i.e. one after the other?
Isolation
Which of the following is true about Kerberos?
It depends upon symmetric ciphers.
Screened-subnet firewalls
It employs two packet-filtering routers and a bastion host
Reliable
It must be reasonably proven that what is presented as evidence is what was originally collected and that the evidence itself is _________. This is accomplished, in part, through proper evidence handling and the chain of custody.
Relevant
It must tend to prove or disprove facts that are ________ and material to the case
Kerberos(1)
It relies on the user's secret keys. The password is used to encrypt and decrypt the keys.
A credential-based authentication system.
Kerberos
Which of the following is an advantage of asymmetric crypto system over symmetric key crypto system?
Key Management
Illegal search and seizure
Law enforcement personnel must obtain a prior court order; however, non-law enforcement personnel, such as a supervisor or system administrator, may be able to conduct this under some circumstances.
Enticement
Lures someone toward certain evidence (a honey pot, if you will) after that individual has already committed a crime. __________ is not necessarily illegal but does raise certain ethical arguments and may not be admissible in court.
Critical piece to disaster recovery and continuity planning
Management Support
Another example of Computer Incident Response Team (CIRT) activities is:
Management of the network logs, including collection, retention, review, and analysis of data.
Media Viability Control
Marking, handling and storage.
Durability
Means that once a transaction has been committed, it will remain so, even in the event of power loss, crashes, or errors. In a relational database, for instance, once a group of SQL statements execute, the results need to be stored permanently (even if the database crashes immediately thereafter).
Mitigation
Means you accept it AND work around the risk to benefit from it.
Retrofitting
Means you are adding to an existing database management system (DBMS). You could go back and redesign the entire DBMS but the cost of that could be expensive and there is no telling what the effect will be on existing applications,
Are identical to the primary site in all technical respects.
Mirrored Sites
Capacitance detectors
Monitor an electrical field surrounding the object being monitored.
Signed by multiple countries to no longer use Halon because it is Ozone depleting.
Montreal Protocol
Communication products and services that ensure network components (devices, protocols, access methods) work together is referred to as:
Network Architecture
An important part of database design that ensures that attributes in a table depend only on the primary key?
Normalization
Smurf attack
Occurs when an person sends a spoofed (IP spoofing) PING (ICMP ECHO) packet to the broadcast address of a large network (the bounce site)
What was the major security risk with SNMPv1 with regards to attackers using a network sniffers on your network?
Only supports clear text community strings.
Deluge systems
Operate in the same function as the pre-action system except all sprinkler heads are in the open position. Water may be a sound solution for large physical areas such as warehouses, but it is entirely inappropriate for computer equipment. A water spray can irreparably damage hardware more quickly than encroaching smoke or heat. Gas suppression systems operate to starve the fire of oxygen.
Which of the following best describes the Secure Electronic Transaction (SET) protocol?
Originated by VISA and MasterCard as an Internet credit card protocol using digital signatures.
An important point with __________________ is their speed and flexibility, as well as capacity to block some denial-of-service and related attacks, makes them ideal for placement at the outermost boundary with an untrusted network.
Packet filtering firewall
Similar to Secure Shell (SSH-2), Secure Sockets Layer (SSL) uses symmetric encryption for encrypting the bulk of the data being sent over the session and it uses asymmetric or public key cryptography for
Peer Authentication
What is the role of IKE within the IPsec protocol?
Peer authentication and key exchange
Imagine you are looking at a packet capture of traffic from a client requesting access to the SSH daemon on a server. You find the initial SYN packets from the client have seemingly random target ports and finally TCP/22 at which point the client is granted access to the SSH Daemon by the firewall. What are you seeing?
Port Knocking
Which of the following fire extinguishing systems incorporating a detection system is currently the most recommended water system for a computer room?
Preaction
Preventative control
Preclude events or actions that might compromise a system or cause a policy violation.
Technical controls such as encryption and access control can be built into the operating system, be software applications, or can be supplemental hardware/software units. Such controls, also known as logical controls, represent which pairing?
Preventive/Technical Pairing
Behavioral-based IDS
Products do not use predefined signatures, but rather are put in a learning mode to build a profile of an environment's "normal" activities. This profile is built by continually sampling the environment's activities.
Isolation
Property ensures that the concurrent execution of transactions results in a system state that would be obtained if transactions were executed serially, i.e. one after the other.
Controls
Provide accountability for individuals accessing information.
Compensating
Provide an alternative measure of control.
In regard to the query function of relational database operations, which of the following represent implementation procedures that correspond to each of the low-level operations in the query?
Query plan
Which of the following items is NOT a benefit of cold sites?
Quick Recovery
Primary storage
Refers to the combination of RAM, cache and the processor registers
To be admissible in court, computer evidence must be which of the following?
Relevant
Atomicity
Requires that each transaction is "all or nothing": if one part of the transaction fails, the entire transaction fails, and the database state is left unchanged.
Senior management
Responsible for security of the organization and the protection of its assets.
If a firewall has several ports open, there is a higher likelihood that an intruder will use one to access the network in an unauthorized method.
Risk
Which of the following answers is the process of identifying and reducing something to a level that is acceptable and then implementing controls to maintain that level?
Risk Management
________ connect two or more logical subnets, which do not necessarily map one-to-one to the physical interfaces of the ________.
Router
Operates at the application layer.
SET
Protocol for sending e-mail messages between servers.
SMTP
Only supports clear text authentication using a community string as a password. When sniffer software became common this became a real security threat because attackers or malicious users could capture SNMP community strings as they traversed the network.
SNMPv1
Operates at the Transport layer.
SSL
Which of the following protocols would BEST mitigate threats of sniffing attacks on web application traffic?
SSL or TLS
Which answer correctly depicts the proper TCP Flag sequence for a normal TCP Session?
SYN, SYN/ACK, ACK
What can be defined as a momentary low voltage?
Sag
A momentary low voltage.
Sag or Dip
The most secure firewall implementation?
Screened-subnet
Which of the following is the most costly countermeasure to reducing physical security risks?
Security Guards
Who is responsible for ensuring that system controls and supporting processes provides an effective level of protection, based on the data classification set in accordance with corporate security policies and procedures?
Security Officer
During any system development or acquisition, the ________ should evaluate security controls and advise (or consult) on the strengths and weaknesses with those responsible for making the final decisions on the project.
Security staff
Mobile Sites
Self-contained, transportable shells custom-fitted with specific telecommunications and system equipment necessary to meet system requirements.
Who should DECIDE how a company should approach security and what security measures should be implemented?
Senior management
Port knocking
Servers can use the process called __________ where the service listens only to clients who successfully send a series of packets to a required series of ports to meet the proper sequence.
Data Circuit Terminal Equipment (DCE)
Service provider device that does the actual data transmission and switching in the frame relay cloud.
Which of the following is an example of a passive attack?
Shoulder surfing
Provides for the collection of network information by polling the devices on the network from a management station?
Simple Network Management Protocol (SNMP)
Audio detectors
Simply monitor a room for any abnormal sound wave generation and trigger an alarm.
What type of attack involves IP spoofing, ICMP ECHO and a bounce site?
Smurf
HIDS: Host Based Intrusion Detection System
Software cluster that consists of an auditor for the file system, log file analyzers, an operating system monitor, and a monitor for software changes.
The modification of software to remove or disable features which are considered undesirable by the person cracking the software, usually related to protection methods: copy protection, trial/demo version, serial number, hardware key, date checks, CD check or software annoyances like nag screens and adware.
Software cracking
NIDS: Network Based Intrusion Detection System
Software is used mostly for analyzing network activities.
The three classic ways of authenticating yourself to the computer security software are: something you know, something you have, and something
Something you are
Momentary high voltage.
Spike
Too much voltage for a short period of time.
Spike
Attackers uses a technique called ______ to exploit the trust between systems by pretending to be someone else IP address, or MAC address, or another trusted systems. They can use this technique to send a malformed packet containing a bug to the target system in order to mask the real source of the attack.
Spoofing
The International Standards Organization / Open Systems Interconnection (ISO/OSI) Layers
Standard model for network communications. Enables dissimilar networks to communicate. Defines 7 protocol layers (a.k.a. protocol stack)
An IDS that acquires data and defines a "normal" usage profile for the network or host?
Statistical Anomaly-Based
Which of the following terms can be described as the process to conceal data into another file or media in a practice known as security through obscurity?
Steganography
BIA
Steps: 1. Select individuals to interview for data gathering. 2. Create data-gathering techniques (surveys, questionnaires, qualitative and quantitative approaches). 3. Identify the company's critical business functions. 4. Identify the resources these functions depend upon. 5. Calculate how long these functions can survive without these resources. 6. Identify vulnerabilities and threats to these functions. 7. Calculate the risk for each different business function. 8. Document findings and report them to management.
Too much voltage for a long period of time.
Surge
Which field in a TCP header is used to reassemble a file back into proper order to be presented to the receiver?
TCP Sequence Number
FTP - File Transfer protocol uses which combination of transport protocol and TCP Port number(s) to move files from system to system?
TCP/20+21
A UDP-based file transfer program.
TFTP
Steven, who is one of the experts on your security testing team has been tasked to validate physical security of CCCure. Steven did some research about his target company and he decided that the best way to compromise physical security to get access to the building would be to follow someone who has legitimate access to the building (abusing of their credential) to get access to the target area. What would you call such an attack?
Tailgating
Coercion
Testimony or confessions that are not legally permissible
What is the BEST answer pertaining to the difference between the Session and Transport layers of the OSI model?
The Transport layer sets up communication between computer systems, while the Session layer sets up connections between applications
TPM
The ________ is essentially a securely designed microcontroller with added modules to perform cryptographic functions. These modules allow for accelerated and storage processing of cryptographic keys, hash values, and pseudonumber sequences.
Auditor
The _________ provide independent assurance to the management on the appropriateness of the security controls. The _________ provide top company management with an independent view of the controls and their effectiveness.
Which of the following is one of the main reasons that computer probes and attacks and the level of damage being caused has been steadily increasing over the years?
The availability of hacking tools and their ease of use is one of the key factors contributing to an increase in the number of attacks and the lethality of those attacks as well.
Relation
The basis of a relational database and is represented by a two-dimensional table.
Normalization
The elimination of redundant data. Therefore, the objective of ______________ in relational databases is to minimize the quantum of information by eliminating redundant data in tables, quickly processing users' requests and maintaining data integrity
In the days before CIDR (Classless Internet Domain Routing), networks were commonly organized by classes. Which of the following would have been true of a Class C network?
The first two bits of the IP address would be set to one, and the third bit set to zero.
Attributes
The individual columns of the table.
Data Owner
The individual or officer who is ultimately responsible for the protection of the information and can therefore decide what are the adequate security controls according to the data sensitivity and data criticality.
Risk
The likelihood of a threat agent taking advantage of a vulnerability and the corresponding business impact.
Trusted front-end
The most cost effective way with the least effect on existing applications while adding a layer of security on top is through a ______________.
AIDS: Application BASED Instruction Detection System
The most popular non-commercial ________ tools are honeypots.
In a database management system (DBMS), what is the "cardinality?"
The number of rows in a relation.
Business Impact Analysis identify?
The outage time that can be tolerated by the enterprise as a result of a disaster. Areas that would suffer the greatest financial or operational loss in the event of a disaster. Systems critical to the survival of the enterprise.
Transfer
The practice of passing on the risk in question to another entity, such as an insurance company.
Domain
The set of allowable values that an attribute can take.
Dry pipe systems
The water is not actually held in the pipes. The water is contained in a "holding tank" until it is released. The pipes hold pressurized air, which is reduced when a fire or smoke alarm is activated, allowing the water valve to be opened by the water pressure. Water is not allowed into the pipes that feed the sprinklers until an actual fire is detected. First, a heat or smoke sensor is activated; then, the water fills the pipes leading to the sprinkler heads, the fire alarm sounds, the electric power supply is disconnected, and finally water is allowed to flow from the sprinklers. These pipes are best used in colder climates because the pipes will not freeze.
Acceptance
This means that the risk is identified and understand and evaluated to be acceptable in order to conduct business operations.
Someone or something will identify a specific vulnerability and use it against the company or individual.
Threat
When referring to audit trails, what is the primary reason we practice effective time synchronization across all our devices on a network?
To ensure log files have accurate timestamps
When considering risk mitigation, which alternative to handling risk involves not undertaking the risk yourself?
Transference
What would you call a microchip installed on the motherboard of modern computers and is dedicated to carrying out security functions that involve the storage and processing of symmetric and asymmetric keys, hashes, and digital certificates.
Trusted Platform Module (TPM)
Which of the following is commonly used for retrofitting multilevel security to a database management system?
Trusted front-end.
Ethical hackers
Use tools that have the potential of affecting servers or services.
IP spoofing attack
Used to convince a system that it is communication with a known entity that gives an intruder access. It involves modifying the source address of a packet for a trusted source's address.
Recovery control
Used to return the system to a secure state after the occurrence of a security incident. Backups and redundant components are examples.
Asynchronous Transfer Mode (ATM)
Uses Cell switching method.
Data Terminal Equipment (DTE)
Usually a customer owned device that provides connectivity between company's own network and the frame relay's network.
The main issue with RAID Level 1 is that the one-for-one ratio is
Very expensive, resulting in the highest cost per megabyte of data capacity.
Which of the following choices describe a condition when RAM and Secondary storage are used together?
Virtual storage
Is synonymous with a weakness, it could be bad quality of software, a weakness within your physical security, or a weakness in your policies and procedures. An attacker will take advantage of a weakness and usually use an exploit to gain access to your systems without proper authorization or privilege.
Vulnerability
Which wireless encryption method uses the same key for both Encryption and Authentication?
WEP - Wired Equivalent Privacy
Detective Controls
Warn when something has happened, and are the earliest point in the post-incident timeline.
SYN attack
When an person floods a system with connection requests but does not respond when the target system replies to those requests.
Which of the following is most appropriate to notify an internal user that session monitoring is being conducted?
Written agreement
Which answer BEST describes a computer software attack that takes advantage of a previously unpublished vulnerability?
Zero-Day Attack
Occur during the vulnerability window that exists in the time between when a vulnerability is first exploited and when software developers start to develop a counter to that threat.
Zero-day attacks
TCP Sequence Numbers
___________ are, in part, used to reassemble packets back into original order for presentation to the recipient
Consistency
___________ property ensures that any transaction will bring the database from one valid state to another. Any data written to the database must be valid according to all defined rules, including but not limited to constraints, cascades, triggers, and any combination thereof.
Screened Host
is simply a host on a network behind a screening router