CISSP - Dealt with
[x] is a compression tool used by IPsec to compress data prior to ESP encrypting it in order to attempt to keep up with wire speed transmission.
(IPComp) IP Payload Compression is a compression tool used by IPsec to compress data prior to ESP encrypting it in order to attempt to keep up with wire speed transmission.
Change Management 6 components
1 Request the change 2 Review the change 3 Approve/reject the change 4 Test the change 5 Schedule and implement the change 6 Document the change RRATSD
A [x] covers how much of the code has been tested. Most frequently requires that every function has been called, that each statement has been executed, that all branches have been fully explored, and that each condition has been evaluated for all possibilities.
A code coverage report covers how much of the code has been tested. Code coverage testing most frequently requires that every function has been called, that each statement has been executed, that all branches have been fully explored, and that each condition has been evaluated for all possibilities.
NIST 800-61 describes what?
A framework that manages incident responses
Type II hypervisor
A hosted hypervisor. In this configuration, a standard regular OS is present on the hardware, and the hypervisor is then installed as another software application.
Type I hypervisor
A native or bare-metal hypervisor. In this configuration, there is no host OS; instead, the hypervisor installs directly onto the hardware where the host OS would normally reside.
A [x] is any potential occurrence that may cause an undesirable or unwanted outcome for an organization or for a specific asset.
A threat is any potential occurrence that may cause an undesirable or unwanted outcome for an organization or for a specific asset.
A [x] is the weakness in an asset, or the absence or the weakness of a safeguard or countermeasure.
A vulnerability is the weakness in an asset, or the absence or the weakness of a safeguard or countermeasure.
The value of a safeguard to a company (cost/benefit equation for safeguards) is calculated:
ALE before safeguard - ALE after implementing the safeguard - annual cost of safeguard - ALE1 - ALE2 - ACS
A property insurance can include an [1] clause, resulting in that damaged property will be compensated based on the fair market value of the items on the date of loss, less all accumulated depreciation since the time of their purchase.
Actual cash value (ACV)
Description of the Brewer-Nash access control model
Allows access controls to change dynamically based upon a user's actions. It is often used in environments to implement a "Chinese wall" between data belonging to different clients.
An [x] is being susceptible to asset loss because of a threat; there is the possibility that a vulnerability can or will be exploited. This concept can be defined as presence of a vulnerability when a related threat exist.
An exposure is being susceptible to asset loss becuase of a threat; there is the possibility that a vulnerability can or will be exploited. This concept can be defined as presence of a vulnerability when a related threat exist.
[x] is an open-source hardware and software organization that creates single-board 8-bit microcontrollers for building digital devices. Has limited RAM, a single USB port, and I/O pins for controlling additional electronics (such as servo motors or LED lights) and does not include an OS. Instead, the hardware can execute C++ programs specifically written to its limited instruction set.. A much simpler device than what a Raspberry Pi is.
Arduino
[x] - Database transactions must be [x] - that is, they must be an "all-or-nothing" affair. If any part of the transaction fails, the entire transaction must be rolled back as if it never occurred.
Atomicity - Database transactions must be atomic - that is, they must be an "all-or-nothing" affair. If any part of the transaction fails, the entire transaction must be rolled back as if it never occurred.
The assessment and assignment of an ATO is performed by an [x] . An authorized entity who can evaluate an IT/IS system, its operations and its risk and potentially issue an ATO.
Authorizing Official (AO)
[x] - The system can perform trusted recovery activities to restore itself against at least one type of failure. For example, a hardware RAID provides recovery against the failure of a hard drive but not against the failure of the entire server. Some types of failures will require manual recovery.
Automated Recovery
[x] - This is like automated recovery in that a system can restore itself against at least one type of failure. However, it includes mechanisms to ensure that specific objects are protected to prevent their loss. A method of automated recovery that protects against undue loss would include steps to restore data or other objects. It may include additional protection mechanisms to restore corrupted files, rebuild data from transaction logs, and verify the integrity of key system and security components.
Automated Recovery without Undue Loss
[x] addressing uses a value stored in one of the CPUs registers or pointers as the base location from which to begin counting. The CPU then adds the offset supplied with the instruction to that base address and retrieves the operand from that computed memory location.
Base+Offset Addressing
NIST 800-53A describes what?
Best practices for conducting security & privacy assessments
[x] an attempt to find collisions in hash functions
Birthday attack
Bluetooth Attacks [3]
Bluejacking (annoyance) - engages or annoys other bluetooth users by taking advantage of loophole in the messaging options Bluesnarfing (data theft/alteration) - older devices vulnerability Bluebugging - Grants remote control to a microphone etc.
802.15 = ?
Bluetooth, 2,4GHz
[x] coverage verifies that every if statement was executed under all if and else conditions.
Branch coverage verifies that every if statement was executed under all if and else conditions.
often focused on convincing members of accountant or financial departments to transfer funds or pay invoices based on instructions seeming to originate from a boss, manager, or executive. also known as CEO fraud or CEO spoofing.
Business email compromise (BEC)
What are the differences between the two frameworks CSF and RMF?
CSF is designed for critical infrastructure and commercial organizations, whereas the RMF establishes mandatory requirements for federal agencies.
[x] - extension to the Online Certificate Status Protocol that reduces the burden on an OCSP server from handling one request per user over the course of a day, which could be millions of requests, to handling one request per certificate per day
Certificate Stapling - extension to the Online Certificate Status Protocol that reduces the burden on an OCSP server from handling one request per user over the course of a day, which could be millions of requests, to handling one request per certificate per day
Used to establish communication session between trusted partners. They operate at the Session layer (layer 5) of the OSI model - SOCKS is an example of such a firewall
Circuit-Level Firewalls
[x] coverage verifies that every logical test in the code was executed under all sets of inputs.
Condition coverage verifies that every logical test in the code was executed under all sets of inputs.
Overproviding availability can result in a loss of?
Confidentiality and integrity
[x] - All transactions must begin operating in an environment that aligns with all of the databases rules (for example, all records have a unique primary key). When the transaction is complete, the database must again align with the rules, regardless of whether those rules were violated during the processing of the transaction itself. No other transaction should ever be able to use any incoherent data that might be generated during the execution of another transaction.
Consistency
Information lifecycle six phases
Create > Classify > Store > Usage > Archive > Destroy
Data lifecycle six phases
Create > Store > Use > Share > Archive > Destroy
Aggregate attacks 4 key countermeasures
Defence-in-depth Need-to-know Least privilege principles Database partitioning
Sometimes called concentric circle security - narrow but very deep opposed to parallel configurations which are wide but shallow
Defense in depth (layering) - several mutually independent security applications, processes, or services that operate toward a single common goal Serial configurations
A pointer references a memory location, the act of reading that location is known as
Dereferencing.
The final stage in the lifecycle of media and is the most secure method of sanitizing media
Destruction
NIST 800-61 consists of which components?
Detection Response Mitigation Reporting Recovery Remediation Lessons Learned DRMRRRL
[x] - Database transactions must be sound. That is, once they are committed to the database, they must be preserved. Databases ensure this through the use of backup mechanisms, such as transaction logs.
Durability
uses electric voltages delivered to the pins of the chip to force erasure. (a more flexible alternative to UVEPROM)
Electronically Erasable PROM(EEPROM)
Performing a delete operation against a file, files, or media
Erasing
Exposure Factor (EF)
Estimates percentage of an asset if a damage materializes
Derivative concept from EEPROM. Non-volatile, can be electronically erased and rewritten.
Flash Memory
[x] - Systems that support this recovery type are able to automatically recover specific functions. This state ensures that the system can successfully complete the recovery for the functions, or that the system will be able to roll back the changes to return to a secure state.
Function Recovery
[x] is the designation of a specific geographical area that is then used to automatically implement features or trigger settings on mobile devices.
Geofencing is the designation of a specific geographical area that is then used to automatically implement features or trigger settings on mobile devices.
Hardware destruction is a violation of [x] and possibly [x].
Hardware destruction is a violation of availability and possibly integrity.
Uses a scheme where the memory address supplied to the CPU as part of the instruction doesn't contain the actual value that the CPU is to use as an operand. Instead, the memory address contains another memory address.
Indirect addressing
This principle requires that transactions operate separately from each other. If a database receives two SQL transactions that modify the same data, one transaction must be completed in its entirety before the other transaction is allowed to modify the same data. This prevents one transaction from working with invalid data generated as an intermediate step by another transaction.
Isolation
It is generally accepted as a de facto standard that lighting used for perimeter protection should illuminate critical areas with at least [1] of power (which is approximately [2] lumens, or [3] lux). Standards seem to indicate that light poles should be placed the same distance apart as the diameter of the illuminated area created by illumination elements. Thus, if a lighted area is 40 feet in diameter, poles should be [4] feet apart.
It is generally accepted as a de facto standard that lighting used for perimeter protection should illuminate critical areas with at least 2 foot-candles of power (which is approximately 2 lumens, or 20 lux). Standards seem to indicate that light poles should be placed the same distance apart as the diameter of the illuminated area created by illumination elements. Thus, if a lighted area is 40 feet in diameter, poles should be 40 feet apart.
[x] - a weakness in cryptography where a plain-text message generates identical cipertext messages using the same algorithm but using different keys
Key clustering - a weakness in cryptography where a plain-text message generates identical cipertext messages using the same algorithm but using different keys
[x] - If a system fails, it does not fail in a secure state. Instead, an administrator is required to perform the actions necessary to implement a secured or trusted recovery after a failure or system crash.
Manual Recovery
The Common Criteria include a section on trusted recovery that is relevant to system resilience and fault tolerance. Specifically, it defines five types of trusted recovery:
Manual Recovery Automated Recovery Automated Recovery without Undue Loss Function Recovery
Computer crime classifications [7]:
Military and intelligence attacks Business attacks Financial attacks Terrorist attacks Grudge attacks Thrill attacks Hacktivist attacks
(DAD - Disclosure, alteration and destruction)
Opposite of CIA
Programmable chip similar to ROM (but content isn't burned in at factory as with ROM). Once data is written to a PROM chip, no further changes are possible. PROM chips have several sub-types
PROM
NIST 800-37 - The RMF has one initial phase and six cyclical phases:
Prepare - to execute the RMF Categorize - information systems Select - Security controls Implement - Security controls Assess - The security controls Authorize - The system Monitor - Security controls Mnemonic - People can see i am always monitored
The method of removing inc from paper
Pulping
Radio waves have a frequency between [1] and [2]. To manage the simultaneous use of the limited radio frequencies, several spectrum-use techniques were developed using spread spectrum.Spread spectrum means that communication occurs over multiple frequencies. Thus, a message is broken into pieces, and each piece is sent at the same time but using a different frequency. Effectively this is a parallel communication rather than a serial communication.
Radio waves have a frequency between 3 Hz and 300 GHz. To manage the simultaneous use of the limited radio frequencies, several spectrum-use techniques were developed using spread spectrum.Spread spectrum means that communication occurs over multiple frequencies. Thus, a message is broken into pieces, and each piece is sent at the same time but using a different frequency. Effectively this is a parallel communication rather than a serial communication.
[x] devices can be read at any points - [x] devices require scanning through all the data physically stored before the desired location
Random access storage devices can be read at any points Sequential access storage devices require scanning through all the data physically stored before the desired location
Memory Type: Read-only. Contents burned in at factory
Read-only Memory (ROM)
Relational database transactions have four required characteristics: [x], [xx], [xxx] and [xxxx]. Together, these attributes are known as the [xxxxx] model
Relational database transactions have four required characteristics: atomicity, consistency, isolation, and durability. Together, these attributes are known as the ACID model
[x] an attempt to reuse authentication requests
Replay attack
Overprotecting integrity can result in a?
Restriction of availability
Overprotection of confidentiality can result in a?
Restriction of availability
[x] is the possibility or likelihood that a threat will exploit a vulnerability to cause harm to an asset and the severity of damage that could result. This concept can be defined as calculation of the probability of occurrence and the level of damage that could be caused if an exposure is realized.
Risk is the possibility or likelihood that a threat will exploit a vulnerability to cause harm to an asset and the severity of damage that could result. This concept can be defined as a calculation of the probability of occurrence and the level of damage that could be caused if an exposure is realized.
Rooms intended primarily to house computers should generally be kept between [x] and [x] degrees Celsius.
Rooms intended primarily to house computers should generally be kept between 15 and 32 degrees Celsius.
Task of tracking and controlling changes in the software, part of the larger cross-discipline field of configuration management
SCM - Software Configuration Management
[x] - Covers only internal controls over financial reporting
SOC 1 - Covers only internal controls over financial reporting
SOC [x] - Covers security, privacy and availability - Trust services criteria, includes two types of reports
SOC 2 - Covers security, privacy and availability - Trust services criteria, includes two types of reports
SOC [x] - Covers security, privacy and availability - General Trust services criteria report, no need for details of the processing and controls from the customer.
SOC 3 - Covers security, privacy and availability - General Trust services criteria report, no need for details of the processing and controls from the customer.
The software Engineering Institute (SEI) at Carnegie Mellon University introduced the [x]
SW-CMM - also known as the Software Capability Maturity Model (abbreviated as SW-CMM, CMM or SCMM)
(previously known as a demilitarized zone). Extranet, similar to the screened host in concept, except a subnet is placed between two routers or firewalls and the bastion host(s) is located within that subnet or by using a multihomed solution with three separate subnets.
Screened Subnet
Graham-Denning Model eight rules
Securely create an object Securely delete an object Securely create a subject Securely delete a subject Securely provide the read access right Securely provide the grant access right Securely provide the delete access right Securely provide the transfer access right
SEM abbreviation stands for:
Security event management
There are four levels of security policy development: [4]
Security procedures - Detailed step-by-step Security guidelines - Offer recommendations Security baselines - Define "minimum levels" Acceptable use policy - Assign roles and responsibilities SSSA, PGBA
Difference between data hiding and security through obscurity
Security through obscurity does not actually implement any form of protection whereas data hiding is an act of intentionally positioning data so that it's not viewable or accessible
[x] is an XML (Extensible Markup Language)-based language designed to allow platforms to generate and respond to provisioning requests.
Service Provisioning Markup Language, or SPML
Soc 1 and 2 Type [x] Reports - Controls to achieve objectives included in the description as of a specified date
Soc 1 and 2 Type 1 Reports - Controls to achieve objectives included in the description as of a specified date
Soc 1 and 2 Type [x] Reports - objectives throughout a specified period - more reliable
Soc 1 and 2 Type 2 Reports - objectives throughout a specified period - more reliable
NIST 800-53A consists of what four components?
Specifications documents associated with the system being audited Activities actions carried out by people within an information system Mechanisms controls used within an information system to meet the specifications Individuals people who implement specifications, mechanism and activities
Firewall technique that operates at layer 3 and filters traffic by examining data from a message header
Static Packet-Filtering Firewalls
Memory Type: [x] uses flip-flops, maintains its contens unaltered as long as power is supplied and imposes no CPU overhead for periodic refreshes - [x] uses capacitors that holds a charges of 1 bits that requires refreshes
Static RAM uses flip-flops, maintains its contens unaltered as long as power is supplied and imposes no CPU overhead for periodic refreshes - Dynamic RAM uses capacitors that holds a charges of 1 bits that requires refreshes
[x] is a combination of hardware, software and controls that work together to form a "trusted base" to enforce your security policy. Is a subset of the complete information system. Is the only portion that can be trusted to adhere to and enforce your security policy
TCB (trusted computing base)
Semantic integrity ensures [4]:.
That user actions don't violate any structural rules. That all stored data types are within valid domain ranges. That only logical values exist. That the system complies with all uniqueness constraints.
The CSF is established by NIST and based on a framework core that consist of five functions:
The CSF (Cybersecurity Framework) is based on a framework core that consist of five functions: Identity Protect Detect Respond Recover IPDRR -
[x] is designed to make scripts interoperable with security policy definitions.
The Script Check Engine (SCE) is designed to make scripts interoperable with security policy definitions.
The most common binary format is the [1] format. [1] certificates are normally stored in files with the [2], .[3] or [4] extension.
The most common binary format is the Distinguished Encoding Rules (DER) format.DER certificates are normally stored in files with the .der, .crt or .cer extension.
The three categories of fire detection systems include [x] sensing, [x] sensing and [x] sensing
The three categories of fire detection systems include smoke sensing, flame sensing and heat sensing
Concept formula for residual risk:
Total risk - controls gap = residual risk
Trademark - Approved symbol uses the [x] symbol and unapproved symbol uses [x]
Trademark - Approved symbol uses the R symbol and unapproved symbol uses TM
May be used to hide the traffic pattern, which means to insert dummy traffic into the network and present to the intruder a different traffic pattern. The apparent traffic pattern, which is observed by intruder, is referred to as a cover mode that hides the real operation mode of the system.
Traffic padding
[x] example: the . character is replaced by %252E, and the / character is replaced by %252F.
URL encoding example: the . character is replaced by %252E, and the / character is replaced by %252F.
chips that have a small window that, when illuminated with a special ultraviolet light, erases contents.
Ultraviolet EPROM(UVEPROM)
[x] occurs when software within a guest OS is able to breach the isolation-protection provided by the hypervisor in order to violate the container of other guest OSs or to infiltrate a host OS.
VM Escaping occurs when software within a guest OS is able to breach the isolation-protection provided by the hypervisor in order to violate the container of other guest OSs or to infiltrate a host OS.
[x] occurs when an organization deploys numerous virtual machines without a policy for developing and deploying VMs leading to uncontrolled VM creations. A [x] is a virtual variation of [xx] and could allow for virtual shadow IT.
VM sprawl occurs when an organization deploys numerous virtual machines without a policy for developing and deploying VMs leading to uncontrolled VM creations. A VM sprawl is a virtual variation of server sprawl and could allow for virtual shadow IT.
Violations of confidentiality include [x], [x] and [x]
Violations of confidentiality include stealing passwords, eavesdropping and social engineering
[1] recognition differentiates between one voice and another for identification or authentication, whereas [2] uses software such as dictation to extract and differentiate between words with any person's voice.
Voice pattern recognition differentiates between one voice and another for identification or authentication, whereas speech recognition uses software such as dictation to extract and differentiate between words with any person's voice.
[x] extend beyond just technical scans like vulnerability management and vulnerability scanners and can include reviews and audits to detect vulnerabilities.
Vulnerability assessments
Inference 5 key countermeasures
defence-in-depth need-to-know least privilege principles intentional blurring of data database partitioning
Conceptual formula of a risk
risk = threat * vulnerability or risk = probability of harm * severity of harm
? = total risk
threats * vulnerabilities * asset value