CISSP Exam Prep
What are the type of fire extinguishers?
A Common combustible B Liquid C Electrical Fire D Metal Burning
is a process of preparing media for reuse and assuring that data cannot be recovered using traditional recovery tools
Clearing, or overwriting
_________must be either uniquely identified by a witness or authenticated through a documented chain of custody.
Real evidence
which stores bits in small capacitors and slower and cheaper than than SRAM
Dynamic Random Access Memory
What is DRAM?
Dynamic Random Access Memory which stores bits in small capacitors and slower and cheaper than than SRAM
Explain the the need for security-minded acquisitions and what does it mean?
Integrating cyber security risk management with acquisition strategies and practices is a means to ensure a more robust and successful security strategy in organizations of all sizes.
Public Key infrastructure uses LDAP for what?
Integrating digital certificates into transmissions but remember PKI technology is used to manage digital certificates. LDAP is one of the protocols used when clients need to query a certificate authority.
What is a Bastion host?
It is a hardened computer implementation. It is a special computer on a network to sustain an attack. It's characteristics consists of a hosted single application.
What is a gateway?
It is a network device or service that working at the Application layer. It serves as a protocol translation tool. For example, an IP-to-IPX gateway takes inbound communications from TCP/IP and translates them over to IPX/SPX for outbound transmission
What is a Redundant Site?
It is a site owned by the company and mirrors the original production environment
In order to investigate an email related crime, what is the venue be familiar with the internal operations of the email server used to send that email.
Knowledge of internal operations of such servers is not necessary and if needed, assistance can be sought from Network administrators who maintains the server
What are the two conceptual approaches to intrusion detection?
Knowledge-based intrusion detection uses a database of known vulnerabilities to look for current attempts to exploit them on a system and trigger an alarm if an attempt is found. The behaviour-based or statistical analysis-based is another conceptual approach.
Which of these would be easier for an investigator to locate? Internet Email user
LAN email systems are specific to a company and are used by employees only, hence easier to locate
to network performance refers to the delay that packet may experience on their way to reach the destination from the source
Latency
What IDS monitors the general patterns of activity and traffic on the network, and create a database of normal activities within the system.
Neural Network Based IDS
what is the Simple Security Property?
No read up
What is the Simple Security Property?
No read up deals with confidentiality ---a secret subject can not read a top secret subject. This follows under Bell Lapula Model and no write down
A central authority directrs what subjects can have access to certain objects based on the organizational security policy under what type of access control?
Non-Discretionary Access Control
Rule-Based Access Control (RuBAC) access is determined by rules. Such rules would fit within what category of access control ?
Non-Discretionary Access Control
AppleTalk and IPX is what type of protocol?
Non-IP Protocols
some computer designs use two buses what are they?
Northbridge and Southbridge
what are tools that provide real-time analysis of events occurring on systems throughout an organization they include agents install the remote systems that monitor for specific events known as alarm triggers
Security Event Management SEM
What is best described as those that can be performed manually at a tolerable cost for an extended period of time.?
Sensitive functions
What is a Permanent Virtual Circuit?
a connection type uses a logical circuit that always exists and waits for customers to send data?
What is acquisition analysis access appropriation?
The sequence of steps of an attack methodology
remember The meet‐in‐the‐middle attack demonstrated that it took relatively the same amount of computation power to defeat 2DES as it does to defeat standard DES. This led to the adoption of Triple DES (3DES) as a standard for government communication.
To determine the number of keys in a key space, raise 2 to the power of the number of bits in the key space.
what is hyperlink spoofing?
To direct a user to a malicious server
When would you use hardware encyption?
To implement encryption into systems in such a way that it goes as fast as possible. This is to ensure that users do not have to wait too long. For such speedy encryption, his best option is to use
Is based on Life Cycle Assurance Requirements -steps are: Security Testing, Design Specification, Configuration Management, Trusted System Distribution.
Trusted Distribution
IPSec can be run in either tunnel mode or transport mode.
Tunnel mode is most commonly used between gateways, or at an end-station to a gateway, the gateway acting as a proxy for the hosts behind it. Transport mode is used between end-stations or between an end-station and a gateway, if the gateway is being treated as a host
What are some disadvantages of Tunneling?
Tunneling is generally an inefficient means of communicating because all protocols include their own error detection, error handling, acknowledgment, and session management features, and using more than one protocol at a time just compounds the overhead required to communicate a single message.
What is the IP header contains a protocol field for UDP?
UDP=17
What are the LAN transmission methods?
Unicast, Multicast, Broadcast
How would you prevent a replay attack?
Using one time authentication mechanism in sequence session for identification.
What are some of the vulnerabilities of a web server?
Web servers ordinarily listen on TCP port 80 and are thus listening for incoming SYN packets and thus are subsepitible to SYN flood attacks
Can Website be defaced with 'read' access to the server?
Website defacement requires 'write' access on the web server's root directory
How does the Graham Denning Model operate?
addresses how access rights between subjects and objects are defined, developed, and integrated. It defines a set of basic rights in terms of commands that a specific subject can execute on an object.
What is an SQL injection?
allow hackers to bypass normal access controls and gain access to the database supporting a web application
With a Likelihood Assessment what reflects the number of times a business expects to experience a given disaster each year?
annualized rate of occurrence or ARO
The use of the SCRIPT tag is a tell tale sign of a ____________attack.
cross-site scripting (XSS) attack
What is a Neural Network Based IDS?
monitors the general patterns of activity and traffic on the network, and create a database of normal activities within the system.
What is a Mutual assistance agreement?
popular in disaster recovery literature but difficult to implement. They are agreements between two parties to mutually assist one another in the event of disaster.
define overall risk management process
process of identifying factors that could damage or disclose data, evaluating those factors in light of data value and countermeasure cost, and implementing cost-effective solutions for mitigating or reducing risk is known as risk management
What is the Simple Security Policy?
prohibits subjects from reading a higher security level..no read up
What are the The first two phases of the BCP process
project scope and planning and the business impact assessment
To manage the security function, an organization must implement what?
proper and sufficient security governance. The act of performing a risk assessment to drive the security policy is the clearest and most direct example of management of the security function.
The Computer Fraud and Abuse Act does what? protects computers
protects computers used by the government or in interstate commerce from a variety of abuses
SHA-2 supports variable lengths of what?
ranging up to 512 bits
The primary goal of risk management is to?
reduce risk to an acceptable level.
What is Software Prototyping?
refers to building software application prototypes which display the functionality of the product under development but may not actually hold the exact logic of the original software.
What is Tayloring?
refers to modifying the list of security controls within a baseline so that they align with the mission of the organization.
What is Scoping?
refers to reviewing a baseline baseline security controls and determining what standard will be used or employed
What is Scoping?
refers to reviewing baseline security controls and selecting only those controls that apply to the IT system you're trying to protect
Remember: To begin the quantitative assessment, the BCP team should draw up a list of organization assets and then assign an asset value (AV) in monetary terms to each asset.
remember: The second quantitative measure that the BIA team must develop is the maximum tolerable downtime (MTD) , sometimes also known as maximum tolerable outage
if the compromised tickets are used within an allotted time window what is that called?
replay
Both WPA and WPA2 supports?
supports the enterprise authentication known as 802.1x/EAP, a standard port-based network access control that ensures clients cannot communicate with a resource until proper authentication has taken place
test
test
RAID levels 3 and 5 run ____________on hardware
faster
What is the The Open Group Architecture Framework (TOGAF) ?
is a vendor-neutral platform for developing and implementing enterprise architectures. It focuses on effectively managing corporate data through the use of metamodels and service-oriented architecture (SOA). AIt also adjusts to new innovations and capabilities to ensure new changes can easily be integrated into the enterprise platform.
What is an The access control matrix?
is a way of describing the rules for an access control strategy. The matrix lists the users, groups and roles down the left side and the resources and functions across the top. The cells of the matrix can either indicate that access is allowed or indicate the type of access
What is content dependent access control?
it is focused on the internal data in each field
Remember this: A static packet filtering firewall is the simplest and least expensive type of firewalls, offering minimum security provisions to a low-risk computing environment.
A static packet filter firewall examines both the source and destination addresses of the incoming data packet and applies ACL's to them. They operates at either the Network or Transport layer...
What Stores MAC addresses for the purpose of forwarding frames
CAM table
What are especially vulnerable to buffer overflow attacks because they are developed rapidly and are available to external users?
CGI and other web-based programs
Name at least seven security management concepts and principles
CIA Triad, confidentiality, integrity, availability, privacy, identification, authentication, authorization, auditing, accountability, and nonrepudiation
What is a preferred way to suppress an electrical fire in a computer server?
CO2 It must be noted that Halon is now banned in most countries or cities. The reason CO2 is preferred in an information center is the agent is considered a clean agent, as well as non-conductive.
Meeting Stakeholder Needs, Covering the Enterprise End to End, Applying a Single Integrated Framework, Enabling a Holistic Approach, Separating Governance From Management is what
COBIT 5 framework
the HTTP proxy is used as a means to implement what?
content filtering
What you are able to implement a sound risk management policy in terms of quantitative risk analysis?
exposure factor or E F
Exposure factor (EF)
%
What size is an MD5 message digest
128 bits
What is a dedicated line?
A dedicated line is always on it is reserved for specific customer. These are such as T3E1E3 and cable modems for example.
Value or benefit of a safeguard
ALE1 - ALE2 - ACS
How is abstraction used
Abstraction is used to collect similar elements into groups, classes, or roles that are assigned security controls, restrictions, or permissions
who grants access to data based on guidelines provided by the data owners.
Administrators
What is a Hypervisor?
Allows multiple virtual operating systems run on one host.
What should only provide the recovery of critical systems? And if automation cant occur how can processing take place?
Business Continuity Plan for critical systems while manual procedures for processing occurs
COBIT is a ____________governance framework?
COBIT is an IT governance framework not a security governance framewook
What is the control framework to manage IT risk and governance?
Control Objectives for Information and Related Technology
Which of the following statement INCORRECTLY describes network device Bridge? a. Bridge filters traffic based on MAC address b. Bridge forwards broadcast packets c. Bridge assigns a different network address per port d. Bridge reads header information but does not alter i
Correct Answer is: c. Bridge assigns a different network address per port
What are the three goals of the Business Impact Analysis?
Criticality prioritization, downtime estimation, and resource requirements are the three primary goals
Cryptography does NOT help in
Cryptography is a detective control in the fact that it allows the detection of fraudulent insertion, deletion or modification but it usually does not offers any means of detecting disclosure
means that DHCP servers can assign IP addresses to only selected systems which are identified by their MAC addresses?
DHCP snooping
What are aggregate functions?
DIFFERENCE()is not a valid aggregate function. COUNT(), MIN(), and SUM()are aggregate functions specified in SQL.
Who are typically third-party entities that process data for an organization?
Data processors
Which of the following is not appropriate in addressing object reuse?
Deleting files on disk before reusing the object
what stores all files that have been modified since the time of the most recent full backup; they affect only those files that have the archive bit turned on, enabled, or set to 1?
Differential backups
Data owners decide who has access to resources based only on the identity of the person accessing the resource is what kind of access?
Discretionary Access Control
What is due diligence?
Due diligence is the act of investigating and understanding the risks the company faces. A company practices by developing and implementing security policies, procedures, and standards.
This is the amount of damage that the risk poses to the asset, expressed as a percentage of the asset's value?
Exposure Factor
The RAID Advisory Board has defined three classifications of RAID:
Failure Resistant Disk Systems (FRDSs), Failure Tolerant Disk Systems, and Disaster Tolerant Disk Systems.
It is when a valid user is rejected by the system is called what?
False Reject or Type I Error
What are used to enforce referential integrity constraints between tables that participate in a relationship?
Foreign Keys
Name at least six protocol services used to connect to LAN and WAN communication technologies
Frame Relay, SMDS, X.25, ATM, HSSI, SDLC, HDLC, ISDN
What are packet switched services described?
Frame relay and X.25 networks
What are the following network devices is used to connect networks that are using different network protocols?
Gateway...
What are the Common logical data models?
Hierarchical database model Network model Relational model Object-relational database models
What combines both hierarchical and compartmentalized environments so that security levels have subcompartments?
Hybrid environments
What is the "International Common Criteria for Information Technology Security." It was developed as the standard for evaluating information technology products?
ISO 15408
___________is used in operations internal to the processor that must be performed requires no address because the operation is performed on the internal register.
Implied addressing.
How does end to end encryption work?
Information stays encrypted from one end of its journey to another
__________are used to ensure that transactions are properly entered into the system once?
Input Controls
Which virus spreads by multiple methods?
Multipartite
Which is the best recommended water system for a computer room?
Preaction. Preaction combines both the dry and wet pipe systems and allows manual intervention before a full discharge of water on the equipment occurs.
_____________is deployed to stop unwanted or unauthorized activity from occurring
Preventive access control
What is RAID-2
RAID-2 is no longer used
What type of memory is secure and maintains its integrity?
ROM
Why is ROM so reliable when it comes to security?
ROM is burned at the factory and then unchangeable. Thus, ROM is the most secure because it will always maintain its integrity
remember this: Unit testing uses set of test cases that focus on control structure of procedural design. These tests ensures internal operation of the programs according to the specification.
Remember this :concepts of change control and change management. Change introduces loopholes, overlaps, missing objects, and oversights that can lead to new vulnerabilities. The only way to maintain security in the face of change is to systematically manage change
Remember this an attack related to phishing is pre-texting which is the practice of obtaining your personal information under false pretenses.
Remember this hash totals and CRC checks can use to verify message integrity.
Remember this: Capabilities Tables are bound to a subject while and Access Control List (ACL) is bound to an object
Remember this: Assigning the values for the inputs to a purely quantitative risk assessment requires both a lot of time and significant experience on the part of the assessors. The most experienced employees or representatives from each of the departments would be involved in the process.
Remember this: Auditing, or monitoring is means by which subjects are held accountable for their actions
Remember this: Auditing is also the process by which unauthorized or abnormal activities are detected on a system.
Remember this: Accreditation is the official management decision to operate a system. Accreditation is the formal declaration by a senior agency official Designated Accrediting Authority (DAA information system is approved to operate at an acceptable level of risk
Remember this: Continuous authentication is a type of authentication that provides protection against impostors who can see, alter, and insert information passed between the claimant and verifier even after the claimant/verifier authentication is complete
Remember this: Layering of processes implements a structure similar to the ring model used for operating modes
Remember this: Nondiscretionary access control enables the enforcement of systemwide restrictions that override object-specific access control.
Remeber this: Trade secrets are one of the best legal protections for computer software.
Remember this: Using a block list or black list is a valid form of security filtering; it is just not a form of spoofing filtering.
Remember: Evaluation criterias are defined as a benchmark, standard, or yardstick against which accomplishment, conformance, performance, and suitability of an individual, hardware, software, product, or plan, as well as of risk-reward ratio is measured.
Remember: Fences should be Eight feet high and two feet out.
What is notice, choice, onward transfer, security, data integrity, access, and enforcement?
Safe Harbor principles
what was the predecessor to Point to Point protocol?
Serial Line Internet Protocol (SLIP) which offered no authentication
__________is the person who owns the system that processes sensitive data?
System Owners
identifying business priorities is what number task in the Business Impact Assessment?
The First Task
Which of the following is a class C fire? soda acid liquid common combustibles electrical
The correct answer is: electrical.
What is a way of describing the rules for an access control strategy?
The matrix lists is a strategy the users, groups and roles down the left side and the resources and functions across the top. The cells of the matrix can either indicate that access is allowed or indicate the type of access
What attack specifically targets encryption algorithms that use two rounds of encryption, such as Double DES?
The meet in the middle attack
Brute-force attacks are attempts to randomly fi nd the correct cryptographic key. Known plaintext, chosen ciphertext, and chosen plaintext attacks require the attacker to have some extra information in addition to the ciphertext.
The meet-in-the-middle attack exploits protocols that use two rounds of encryption. The man-in-the-middle attack fools both parties into communicating with the attacker instead of directly with each other.
what does the motherboard contain?
The motherboard contains hardware including the CPU, memory slots, firmware, and peripheral slots such as peripheral component interconnect slots
In Mandatory Access Control, sensitivity labels attached to object contain what information?
The object classification and category
What manages complex data such as required for computer-aided design and imaging.
The object-relational and object-oriented models
A CA acts as a front end to a RA, verifying the identity of the entity requesting a certificate True or False?
The opposite is true. "An RA acts as a front end to a CA by receiving end entity requests, authenticating them, and forwarding them to the CA". Pg 532, Official ISC2 Guide to the CISSP CBK, 4th Ed
The largest acceptable size for an ICMP packet is 65,536 bits
The parol evidence rule states that a written contract is assumed to contain all the terms of an agreement and cannot be modified by a verbal agreement.
What is provided by the operating system where it uses a combination of RAM and disk storage to simulate a much larger address space than is actually present?
Virtual storage
Name at least five possible threats that should be evaluated when performing a risk analysis
Viruses; buffer overflows; coding errors; user errors; intruders (physical and logical); natural disasters; equipment failure; misuse of data, resources, or services; loss of data; physical theft; denial of service
What is located right behind your first Internet facing firewall
Your DMZ
What is used to create a robust enterprise architecture, not a security architecture, technical or not. The framework is not security specific.
Zachman Architecture Framework
What is an exposure factor?
amount of damage that the risk poses to the asset
What is normally stored on ________ to allow for "flash" updates when the BIOS needs revision.
an EEPROM chip
_____________identifies the resources that are critical to an organization's ongoing viability and the threats posed to those resources?
business impact assessment
What creates a virtual circuit, or a point-to-point connection between a client and a server, but they don't know all of the details about this specific application that's being proxied on certain criteria that are met or not met to be accepted, or the traffic could be denied, or the traffic could be discarded
circuit-level proxy firewall
Capacitance detectors monitor what?
electrical field surrounding the object being monitored. They are used for spot protection within a few inches of the object, rather than for overall room security monitoring used by wave detectors.
Enkoder Form Enkoder Form is designed to prevent
email harvesting
the four steps of the business continuity planning process?
four distinct phases: project scope and planning, business impact assessment, continuity planning, and approval and implementation.
Behavior-based intrusion detection is what?
intrusion detection techniques assume that an intrusion can be detected by observing a deviation from normal or expected behavior of the system or the users
What is Sanitization?
is any number of processes that prepares media for destruction. It ensures that data cannot be recovered by any means from destroyed or discarded media.
What is third-party governance of security?
is the system of oversight that may be mandated by law, regulation, industry standards, or licensing requirements
Secure Sockets Layer (SSL) uses a Message Authentication Code (MAC) for what purpose
message integrity
What is the agile software development methology?
methodology prioritizes flexible development that emphasizes responding to change over following a plan
Hardware and software maintenance access controls are used to what?
monitor the installation of, and updates to, hardware and software to ensure that the system functions as expected and that a historical record of changes is maintained. Integrity verification programs are more integrity controls than software maintenance controls.
Children's Online Privacy Protection Act of 1998 for websites have certain restrictions, what are they?
must have a privacy notice that clearly states the types of information they collect and used for any information is disclosed to third parties--must also include contact information for the operators of the site.
What is The Computer Security Act?
outlines steps the government must take to protect its own systems from attack.
remember this: an off-site information processing facility should have the same amount of physical access restrictions as the primary processing site.
remember this::off-site information processing facility should not be easily identified to prevent intentional sabotage.
What is a Primary Key?
selected from the set of candidate keys for a table to be used to uniquely identify the records in a table
What is an entity that can exploit a vulnerability?
threat agent
FTPS and SFTP are what?
two ways of transferring files
Annualized rate of occurrence (ARO)
# / year
Annual cost of the safeguard $ / year
$ / year
Risk management - NIST Special Publication 800-30 has the following 8 steps
1. System Characterization 2. Threat Identification 3. Vulnerability Identification 4. Control Analysis 5. Likelihood Determination 6. Impact Analysis 7. Risk Determination 8. Control Recommendations 9. Results Documentation
What is the the number of encryption rounds depends on the key length chosen when it comes to AES when it comes to 128 bit keys?
10 rounds of encryption
In the United States, trademarks are granted for an initial period of__________________________
10 years and can be renewed for unlimited successive 10‐year periods.
What is the maximum length of cable that can be used for a twisted-pair, Category 5 10Base-T cable
100 meters
What is the maximum throughput rate and maximum usable distance for 10Base2 cable
10Base2 cable has a throughput of 10 Mbps and can be run up to distances of 185 meters
Rijndael requires ________ rounds of encryption when used with 192-bit cryptographic keys.
11 rounds
What is the the number of encryption rounds depends on the key length chosen when it comes to AES when it comes to 192-bit keys require
12 rounds of encryption
How many bits is the address space reserved for the source IP address within an IPv6 header?
128 Bits
AES uses key sizes of______________
128 bits or 192 bits and AES 256 uses a key size of 256 bits.
The AES cipher allows the use of three key strengths what are they?
128 bits, 192 bits, and 256 bits.
Twofish is a block cipher. It operates on______
128-bit blocks of data and is capable of using cryptographic keys up to 256 bits in length
What is the the number of encryption rounds depends on the key length chosen when it comes to AES when it comes to 256-bit keys require
14 rounds of encryption
Triple DES has an effective key length of?
168 bits
What is the maximum effective key length of the Triple DES (3DES) encryption algorithm?
168 bits
You are assessing an encryption algorithm that uses an 8-bit key. How many possible key values exist in this approach?
256
What is the maximum key size for Rijndael cipher?
256 bits
Which represents the maximum distance of a single run of Category 5 cable?
328 feet
An ethernet address is composed of how many bits?
48 bits that is hardwired into the NIC
What is a good key size for DES?
56 bits
What is the effective key size of DES?
56 bits
mwhat is the maximum allowed ping packet size?
65,536 bytes
The maximum allowed ping packet size is _________
65,536 bytes.
to engage in the ping of death attack, the attacker must send a packet that exceeds the maximum allowed ping packet size, what is the size?
65,537 bytes
size of the frame that sniffers capture is usually __ bytes. 70 68 60 78
68
ISO 17799 11 areas, renumbered as ISO 27002. Broad-based approach for infosec code of practice is 1. Policy 2. Organization of information security 3. Asset management 4. Human resources security 5. Physical and environmental security 6. Communications and operations management
7. Access control 8. Information systems acquisition, development, and maintenance 9. Information security incident management 10. Business continuity management 11. Compliance
What key size is used by the Clipper Chip
80 bits
NIST has published continuity planning best practices in
800-34
The term personal area network is most closely associated with what wireless technology?
802.15 (aka Bluetooth) creates personal area networks (PANs).
what is a MAC-Based security measure and each device that wants to talk on the network must have a valid certificate.
802.1x
remember this:To protect against replay attacks, the Kerberos authentication protocol uses the concept of an authenticator.
A Kerberos authenticator is embedded in Kerberos protocol exchanges that occur between the authenticating client and authentication server in Windows, the domain controller—DC. It holds additional authentication data, such as the ticket lifetime, and most important, the client's timestamp.
What is a system is the best tool to search through large log files looking for intrusion-related events?
A Security Information and Event Management (SIEM) system
TCP sequence number attack is what?
A TCP sequence number attack exploits the communication session which was established between the target and the trusted host that initiated the session.
this is a hardware-imposed network segmentation created by switches that requires a routing function to support communication between different segments.
A VLAN
How do you distinguish between a bridge and a router?
A bridge simply connects multiple networks, a router examines each packet to determine which network to forward it to.
What is transparency
A characteristic of a service, security control, or access mechanism that ensures it is unseen by users
what is is designed to work well with a narrow range of other systems, generally all from the same manufacturer?
A closed system
What is a compensating control?
A compensating control is just an alternate control or a way of providing a similar protection such using a fence versus a security guard
Covert Storage Channel:
A covert channel that involves writing to a storage location by one process and the direct or indirect reading of the storage location by another process.
_________is the process undertaken by CAs to establish a trust relationship in which they rely upon each other's digital certificates and public keys as if they had issued them themselves.
A cross certification?
What is a segment?
A data object called in the Transport layer
Remote mirroring is the most advanced, complete, and expensive off-site backup solution. With this solution, a live database server is kept off site at some secure remote location.
A data object is called a datagram or a packet in the Network layer. It is called a PDU in layers 5 through 7It is called a segment in the Transport layer and a frame in the Data Link layer.
A persistent collection of interrelated data items can be defined as what
A database can be defined as a persistent collection of interrelated data items.
Remember this: A brute-force attack is an attempt to discover passwords for user accounts by systematically attempting every possible combination of letters, numbers, and symbols
A dictionary attack checks passwords against a database or dictionary. A rainbow table attack checks hashed values of passwords against the values stored in a rainbow table.
How are domains related to decentralized access control
A domain is a realm of trust that shares a common security policy. This is a form of decentralized access control
Remember this: The Computer Ethics Institute created the Ten Commandments of Computer Ethics.
A drawback of classification schemes, especially as implemented via a mandatory access control concept, is that they require significant administration for a large organization.
A momentary loss of power is what form of power issue is called?
A fault is any abnormal situation in an electrical system when electrical current does not flow through the intended parts.
What supports one-to-many relationships, often expressed in a tree structure?
A hierarchical DBMS
Physically securing the tapes from unauthorized access is obviously a security concern and is considered a function of the Security Operations Domain.
A keyed hash also called a MAC message authentication code is used for integrity protection and authenticity. a message authentication code is a generated value used to authenticate a message. The MAC protects both a message's integrity as well as its authenticity, because only someone who knows the secret key could have modified the message.
What is a replay or playback attack?
A malicious user records the traffic between a client and a server and then retransmits them to the server with slight variations of the timestamp and source IP address. It is similar to hijacking
What should be calculated using all of the original file's data?
A message digest
Remember this: Nonrepudiation requires the use of a public key cryptosystem to prevent users from falsely denying that they originated a message
A mode is the method in which the IPSec protocol is applied to the packet. IPSec can be used in tunnel mode or transport mide Typically, the tunnel mode is used for gateway-to-gateway IPSec tunnel protection
What does not "directly " sense motion there is a narrow beam that won't set off the sensor unless the beam is broken?
A photoelectric sensor Photoelectric sensors, along with dry contact switches, are a type of perimeter intrusion detector.
_________is a unique identifier in the table that unambiguously points to an individual tuple or record in the table?
A primary key
What is tunneling, and why is it used
A process that protects the contents of packets by encapsulating them in another protocol. This creates the logical illusion of a communications tunnel through an untrusted intermediary network
What looks at higher layers in terms of the OSI model, so it can read application specific information to decide whether or not the traffic should be allowed through.
A proxy firewall
The Internet Security Glossary (RFC2828) defines an attribute certificate as a digital certificate that binds a set of descriptive data items, other than a public key, either directly to a subject name or to the identifier of another certificate that is a public-key certificate.
A public-key certificate binds a subject name to a public key value, along with information needed to perform certain cryptographic functions. Other attributes of a subject, such as a security clearance, may be certified in a separate kind of digital certificate, called an attribute certificate.
remember this: A threat is an event or activity that has the potential to cause harm to the information systems.
A risk is the probability that a threat will materialize. A vulnerability, or weakness, is a lack of a safeguard, which may be exploited by a threat, causing harm to the information systems.
What is ia domain of trust that shares a single security policy and single management?
A security domain is a domain of trust that shares a single security policy and single management.
What reviews change requests and evaluates them for potential negative impacts. All changes aren't necessarily approved or rejected. The analysis doesn't attempt to identify changes?
A security impact analysis
WHat is responsible for enforcing a security policy. It is a strict implementation of a reference monitor mechanism.
A security kernel
Data classification programs are put in place is to ensure all types of data are protected in the most cost beneficial way possible
A security policy is a document that portrays a senior manager directives it outlines Security roles and responsibilities, data classification, needs and goals, level of risk that a company is willing to accept
What filters traffic by examining data from a message header
A static packet-filtering firewall
What is suitable for hardware implementation?
A stream cipher treats the message as a stream of bits or bytes and performs mathematical functions on them individually
What is the star property?
A subject at a given security level must not write to any object at a lower security level - no write down this is also known as the confinement property
Which of the following is a proximity identification device that does NOT require action by the user and works by responding with an access code to signals transmitted by a reader?
A transponder--A transponder is a proximity identification device that does not require action by the user.
What is a Caesar cipher?
A very simple substitution cipher that can be easily defeated and it does show show repeating letters
Which best defines a virtual machine?
A virtual instance of an operating system A virtual machine can also be called a guest, which runs in a host environment. The host environment—usually an operating system—
What is a stealth virus?
A virus that hides itself from OSes and other protective software, such as antivirus shields is what?
What can be defined as a data structure that enumerates digital certificates that were issued to CAs but have been invalidated by their issuer prior to when they were scheduled to expire? a. Authority revocation list b. Certificate revocation tree c. Untrusted certificate list d. Certificate revocation list
A. Authority revocation list The Internet Security Glossary (RFC2828) defines the Authority Revocation List (ARL) as a data structure that enumerates digital certificates that were issued to CAs but have been invalidated by their issuer prior to when they were scheduled to expire.
Which of the following is NOT a true statement about public key infrastructure (PKI)? a The Registration authority role is to validate and issue of digital certificates to end users b Root certificate authority's certificate is always self signed c The Registration authority (RA) acts as a verifier for Certificate Authority (CA) d The Certificate authority role is to issue digital certificates to end users
A. The Registration authority role is to validate and issue digital certificates to end users A PKI (public key infrastructure) enables users of a basically unsecure public network such as the Internet to securely and privately exchange data and money through the use of a public and a private cryptographic key pair that is obtained and shared through a trusted authority.
NIST released FIPS 197, which mandated the use of ___________for the encryption of all sensitive but unclassified data by the US government.
AES
Of the following which is the strongest symmetric encryption algorithm, 3DES, AES, RSA 3AES
AES
Annualized loss expectancy (ALE) ALE
ALE = SLE * ARO or ALE = AV * EF * ARO
The ALE is calculated using the following formula
ALE = single loss expectancy (SLE) times annualized rate of occurrence (ARO)
Calculating Safeguard Cost/Benefit is:
ALE before safeguard - ALE after implementing the safeguard - annual cost of safeguard ACS = value of the safeguard to the company
what is annualized loss expectancy ALE and how is it calculated?
ALE is an element of quantitative risk analysis that represents the possible yearly cost of all instances of a specifi c realized threat against a specific asset. The formula is ALE = single loss expectancy SLE * annualized rate of occurrence ARO
what are passed with each API call to authenticate the API user?
API keys
Single loss expectancy (SLE) SLE = AV * EF
AV times EF AV X EF
What is used to defi ne what types of data an object can contain, what types of functions can be performed on or by that object, and what capabilities that object has.
Abstraction
What are firewall policy actions?
Accept, Discard
Preventing unwanted software installations are best handled by what form of control?
Access Control
What is is the automated mechanism that can prevent or permit system changes, installations, and updates on a selective basis?
Access Control
what is the difference between an ACL in a capability table?
Access Control Lists are object focus and identify access granted to subjects for any specific object. capability tables are subject focus and identify the object that subjects can access
Remember this: In a smurf attack, the attacker sends a single forged packet bearing a source address corresponding to the victim machine.
Access control is any hardware, software, or organizational administrative policy or procedure that grants or restricts access, monitors and records attempts to access, identifies users attempting to access, and determines whether access is authorized.
Access controls consists of
Access control refers to a wide area of protection of data, system and user access.
When ensuring that subjects can only access objects through the use of an application ... This is referred to as what?
Access triple Under the security model framework, some models enforce separation of duties which divide operations into different parts- ensures subjects access objects to the application. The subject must go to an application to access an object.
If a security mechanism offers availability, then it offers a high level of assurance that authorized subjects can _____ the data, objects, and resources. Control Audit Access Repudiate
Accessibility of objects and resources is the goal of availability. If security is involved, then data, resources are accessible to authorized subjects
The TCP _______scan sends an _______ packet, simulating a packet from the middle of an already established connection.
Acknowledgment
What is the non interference model?
Actions take place at a higher security level do not affect actions at the lower security level
To validate system capability and functionality to return to a normal system state and plan for future outages what needs to occur?
Activation/Notification phase
What interpret DoS and read-only memory ROM BIOS calls, looking for malware like actions?
Active Monitors
What is the default valuation clause property insurance. It is also known as depreciated value. It involves estimating the amount to be subtracted, which reflects the building s age, wear, and tear?
Actual Cash Value (ACV)?
What improves the security of password hashing?
Adding salts to the passwords before hashing them reduces the effectiveness of rainbow table attacks
how cryptographic salts improve the security of password hashing?
Adding salts to the passwords before hashing them reduces the effectiveness of rainbow table attacks
Remember this Secuirity baselines don't apply equally to all organizations. Instead, organizations as they use scoping and tailoring techniques to identify the security controls to implement in their baselines.
Additionally, organizations ensure that they implement security controls mandated by external standards that apply to their organization
What is an aggregation attack?
Aggregation attacks involve the use of specialized database functions to combine information from large number of database records revealing information that is more sensitive than the info a single record would reveal
You work for a software development house. Your main concern is being first to market with new software products. What software development model would be best to use.
Agile
Agile development is a phrase used in software development to describe methodologies for incremental software development.
Agile development is a phrase used in software development to describe methodologies forAgi development is an alternative to traditional project management where emphasis is placed on empowering people to collaborate and make team decisions in addition to continuous planning, continuous testing and continuous integration.
What is a phrase used in software development to describe methodologies for incremental software development emphasis is placed on empowering people to collaborate and make team decisions in addition to continuous planning, continuous testing and continuous integration
Agile software development
What does the Digital Signature Standard allow?
Allows the federal government use Digital Signature Algorithm, RSA, or the Elliptic Curve DSA in conjunction with the SHA-1 hashing function to produce a digital signature
The Kernel mode is what?
Also referred to as system mode, is one of the two distinct modes of operation of the CPU (central processing unit) in Linux. The other is user mode, a non-privileged mode for user programs, that is, for everything other than the kernel.
Remember this: Other services after a disater, in descending priority order are: IS operations, IS support services, market structure, marketing/public relations
Also, after a disaster,customer service & systems support, market regulation/surveillance, listing, application development, accounting services, facilities, human resources, facilities security, legal and Office of the Secretary, national sales
What act amendends criminalize scausing damage to federal systems, federal interest systems, and computers involved in interstate commerce
Amendments to the Computer Fraud and Abuse Act
What are the functions of an intrusion detection system (IDS)?
An IDS automates the inspection of audit logs and real-time system events, detects intrusion attempts, and watches for violations of confidentiality, integrity, and availability
Remember this: Metadata is data that provides information about other data Two types of metadata exist: structural metadata and descriptive metadata. Structural metadata is data about the containers of data. Descriptive metadata uses individual instances of application data
An IS auditor must review the change management process, including patch management procedures, and verify that the process has adequate controls and make suggestions accordingly.
What generates and displays one-time passwords using a challenge-response process to generate the password?
An asynchronous token
What is a man-in-the-middle attack?
An attack in which a malicious user is positioned between the two endpoints of a communication's link
Which of the following offers confidentiality to an e-mail message
An e-mail message's confidentiality is protected when encrypted with the receiver's public key, because he is the only one able to decrypt the message. The sender is not supposed to have the receiver's private key.
WHat is an object-relational database?
An object-relational database (ORD), or object-relational database management system ORDBMS, is a database management system (DBMS) classes and inheritance are directly supported in database schemas and in the query language.
What is generally involved in the processes of risk management
Analyzing an environment for risks, evaluating each risk as to its likelihood and damage, assessing the cost of countermeasures, and creating a cost/benefit report to present to upper management
What is electronic vaulting? a. Information is backed up to tape on a hourly basis and is stored in a on-site vault. b. A transfer of bulk information to a remote central backup facility. c. Information is backed up to tape on a daily basis and is stored in a on-site vault. d. Transferring electronic journals or transaction logs to an off-site storage facility
Answer B A transfer of bulk information to a remote central backup facility. bElectronic vaulting is defined as "a method of transferring bulk information to off-site facilities for backup purposes". Remote Journaling is the same concept as electronic vaulting, but has to do with journals and transaction logs, not the actual files.
Which one of the following determinations might result from a qualitative risk assessment? A. Annualized loss expectancy B. Single loss expectancy C. Categorical prioritization D. Exposure factor
Answer C. Qualitative risk assessment uses nonnumerical factors, such as categorical prioritization. The other choices listed are examples of factors used in quantitative risk assessment.
An amplification network is used to wage a DoS attack in which of the following? A.Smurf attack B.Spamming attack C.Teardrop attack D. Land attack
Answer: A A smurf attack occurs when an amplifying server or network is used to flood a victim with useless data.
An amplification network is used to wage a DoS attack in which of the following? A. Smurf attack B. Spamming attack C. Teardrop attack D. Land attack
Answer: A A smurf attack occurs when an amplifying server or network is used to flood a victim with useless data.
What is used to increase the strength of cryptography by creating a unique cipher text every time the same message is encrypted with the same key? A. Initialization vector B. Vignere cipher C. Steganography D. Stream cipher
Answer: A An initialization vector (IV) is a random bit string (a nonce) that is the same length as the block size that is XORed with the message. IVs are used to create a unique cipher text every time the same message is encrypted with the same key.
A _______________ contains levels with various compartments that are isolated from the rest of the security domain. A. Hybrid environment B. Compartmentalized environment C. Hierarchical environment D. Security environment
Answer: A Hybrid environments combine both hierarchical and compartmentalized environments so that security levels have subcompartments.
In what type of cryptographic attack does the attacker interfere with the connection establishment and then gain access to all subsequent communications? A. Man-in-the-middle attack B. Chosen plain-text attack C. Birthday attack D. Meet-in-the-middle attack
Answer: A In the man-in-the-middle attack, the attacker sits between the two communicating parties and relays messages between them. Both parties think they are communicating directly with each other.
On a much smaller scale, _______________ is deployed to repair or restore capability, functionality, or resources following a violation of security policy. A. Recovery access control B. Corrective access control C. Detective access control D. Compensation access control
Answer: A Recovery access control is deployed to repair or restore resources, functions, and capabilities after a violation of security policies.
Which one of the following cipher types operates on individual characters or bits of a message without knowledge of what came before or after? A. Stream cipher B. Caesar cipher C. Block cipher D. ROT3 cipher
Answer: A Stream ciphers operate on one character or bit of a message (or data stream) at a time.
In an agile software development process, how often should business users be involved in development? A. Daily B. Weekly C. Monthly D. At each release
Answer: A The agile development process requires that business users interact with developers on a daily basis.
What is the primary purpose of most viruses today? A. Infecting word processor documents B. Creating botnets C. Destroying data D. Sending spam
Answer: B Most viruses are designed to add systems to botnets, where they are later used for other nefarious purposes, such as sending spam or participating in distributed denial of service attacks.
What malicious code avoidance technique provides users with the ability to identify code originating from a trusted source? A. Sandboxing B. Control signing C. Whitelisting D. Access permissions
Answer: B Control signing utilizes a system of digital signatures to ensure that the code originates from a trusted source. It is up to the end user to determine whether the authenticated source should be trusted.
What feature of the TCP/IP protocol suite makes it possible for tools like Loki to bypass firewall restrictions by passing otherwise prohibited traffic across the network sentry using ICMP? A. Dynamic IP addressing B. Encapsulation C. VLSM D. Supernetting
Answer: B Encapsulation is the feature of the TCP/IP protocol suite that makes it possible for tools like Loki to bypass firewall restrictions by tunneling prohibited traffic through an alternate protocol, such as ICMP.
Which of the following choices is the most reliable method of destroying data on a CD? A. Degaussing B. Physical destruction C. Deleting D. Overwriting
Answer: B Physical destruction is the most reliable method of destroying data on any media, including a CD. Degaussing won't affect a CD. Deleting rarely deletes the data. Overwriting might destroy the data depending on the method used, but it isn't as reliable as physical destruction.
The Twofish algorithm uses an encryption technique not found in other algorithms that XORs the plain text with a separate subkey before the first round of encryption. What is this called? A. Preencrypting B. Prewhitening C. Precleaning D. Prepending
Answer: B Prewhitening XORs the plain text with a separate subkey before the first round of encryption.
Which source of interference is generated by electrical appliances, light sources, electrical cables and circuits, and so on? A. Cross-talk noise B. Radio frequency interference C. Traverse mode noise D. Common mode noise
Answer: B Radio frequency interference (RFI) is the source of interference that is generated by electrical appliances, light sources, electrical cables and circuits, and so on.
Which essential element of an audit report is not considered to be a basic concept of the audit? A. Purpose of the audit B. Recommendations of the auditor C. Scope of the audit D. Results of the audit
Answer: B Recommendations of the auditor are not considered basic and essential concepts to be included in an audit report. Key elements of an audit report include the purpose, scope, and results of the audit.
In an agile software development process, how often should business users be involved in development? A. Daily B. Weekly C. Monthly D. At each release
Answer: B Spoofing is the replacement of valid source and destination IP and port addresses with false ones. It is often used in DoS attacks but is not considered a DoS attack itself. Flooding, smurf, and ping of death are all DoS attacks.
Which of the following best describes change management? A. Preventing changes to systems B. Ensuring only approved changes are implemented C. Ensuring that changes do not reduce security D. Auditing privilege access
Answer: B The goal of change management is to ensure that any change does not lead to unintended outages or reduce security. Change management doesn't affect personnel safety. A change management plan will commonly include a rollback plan, but that isn't a specific goal of the program. Change management doesn't perform any type of auditing.
What is the primary purpose of change management? A. To prevent unwanted reductions to security B. To allow management to review all changes C. To delay the release of mission-critical patches D. To improve productivity of end users
Answer: B The primary purpose of change management is to allow management to review all changes. However, it is true that the overall goal of change management is to prevent unwanted reductions to security.
In addition to job rotation, what other security mechanism supports peer auditing? A. Separation of duties B. Principle of least privilege C. Mandatory vacations D. Job responsibilities
Answer: C Mandatory vacations support peer auditing by placing another user in a job position for at least a week every year.
The operating system design concept of protection rings was derived from what early operating system? A. Windows B. Unix C. Multics D. Macintosh
Answer: C Multics has left two enduring legacies in the computing world. First, it inspired the creation of a simpler, less-intricate operating system called Unix (a play on the word multics), and second, it introduced the idea of protection rings to operating system design.
What remote access protocol replaced SLIP? A.802.11 B. SSH C. PPP D. TLS
Answer: C PPP is a replacement for SLIP.
What database backup technology uses frequent, perhaps hourly, transfers of information between the primary and alternate sites? A. Remote mirroring B. Electronic vaulting C. Remote journaling D. Fault tolerance
Answer: C Remote journaling technology transfers copies of the database transaction log to the alternate site on a frequent basis.
The normal operations of a business are restored at the conclusion of the _______ phase of incident response. A. Identification B. Analysis C. Closure D. Lessons learned
Answer: C The closure phase includes the restoration of the normal business operations of an organization.
Which one of the following files is least likely to contain a virus? A. COMMAND.COM B. SOLITAIRE.EXE C. SECRET.TXT D. LOVE.VBS
Answer: C The filename extension .txt is normally used to describe text files, which do not contain executable code
When attempting to impose accountability on users, what key issue must be addressed? A. Reliable log storage system B. Proper warning banner notification C. Legal defense/support of authentication D. Use of discretionary access control
Answer: C To effectively hold users accountable, your security must be legally defensible. Primarily, you must be able to prove in a court that your authentication process cannot be easily compromised. Thus, your audit trails of actions can then be tied to a human.
A tunnel mode VPN is used to connect which types of systems? A. Hosts and servers B. Clients and terminals C. Hosts and networks D. Servers and domain controllers
Answer: C Tunnel mode VPNs are used to connect networks to networks or networks to hosts. Transport mode is used to connect hosts to hosts. Host, server, client, terminal, and domain controller are all synonyms.
The backup administrator configures a system to perform full backups on Sundays and differential backups on Mondays through Saturdays. The system fails on Wednesday. What backups must be applied? A. Sunday only B. Sunday, Monday, Tuesday and Wednesday C. Sunday and Wednesday only D. Sunday, Monday and Wednesday only
Answer: C With differential backups, you must first restore the most recent full backup and then apply the most recent differential backup.
In what scenario would you perform bulk transfers of backup data to a secure offsite location? A. Incremental backup B. Differential backup C. Full backup D. Electronic vaulting
Answer: D Electronic vaulting describes the transfer of backup data to a remote backup site in a bulk-transfer fashion.
_______________ is the process by which a subject provides a username, logon ID, personal identification number, and so on. A. Accountability B. Authentication C. Confidentiality D. Identification
Answer: D Identification is the process by which a subject professes an identity and accountability is initiated
Which one of the following alternate processing arrangements is rarely implemented? A. Hot site B. Warm site C. Cold site D. MAA site
Answer: D Mutual assistance agreements are rarely implemented because they are difficult to enforce in the event of a disaster requiring site activation.
Which of the following is a benefit of packet-switching technologies over circuit-switching technologies? A. Fixed known delays B. Connection oriented C. Sensitive to connection loss D. Supports bursty traffic
Answer: D Packet-switching technologies support bursty traffic rather than constant traffic. The others are benefits of circuit switching.
What method is not integral to assuring effective and reliable security staffing? A. Screening B. Bonding C. Training D. Conditioning
Answer: D Screening, bonding, and training are all vital procedures for ensuring effective and reliable security staffing because they verify the integrity and validate the suitability of said staffers
what proposes a framework for international enforcement of intellectual property protections. As of February 2015, the treaty awaited ratification by the European Union member states, the United States, and five other nations
Anti‐Counterfeiting Trade Agreement
What is a countermeasure?
Any hardware or software or procedure that helps to mitigate a potential risk
The two logs maintained in Apache server are 'error' logs and __ logs. network system request access
Apache server maintains error logs and access logs
Non-IP Protocols
AppleTalk and IPX
What determines the identity of the communication partners in the DoD Modeal where Non-Repudiation service would be provided as well and what layer does this reside in?
Application Layer
What are the layers of a software-defined network?
Application layer, Control layer, Infrastructure layer
FTP, TFTP, SNMP, and SMTP are provided at what level of the Open Systems Interconnect OSI Reference Model?
Application. The Layer 7 Application Layer of the Open Systems Interconnect (OSI) Reference Model is a service for applications and Operating Systems data transmission, for example FTP, TFTP, SNMP, and SMTP.
There are four layers that deal with both the physical and the software including drivers components. The four layers include:
Applications 3 Hardware 2 Operating System 1 Kernel 0
Threat modeling is the process of identifying, understanding, and categorizing potential threats, including threats from attack sources.
Asset valuation identifies the value of assets. Vulnerability analysis identifies weaknesses. An advanced persistent threat is a form of attack, often sponsored by a government.
what Communications is the basic language of modems and dial-up remote access systems?
Asynchronous Communication is the basic language of modems and dial-up remote access systems
What is cell switching technology?
Asynchronous Transfer Mode-ATM which is WAN communication technology at 53 byte cells
Defining Data Security Requirements, what steps should an organization take to protect email?
At a minimum, an organization should label and encrypt sensitive email. Using strong encryption methods such as Advanced Encryption Standard with 256-bit cryptography keys AES 256 makes it almost impossible for unauthorized personnel to read the text.
What encompasses a wide variety of different activities, including the recording of event/occurrence data, examination of data, data reduction, the use of event/occurrence alarm triggers, and log file analysis?
Auditing
Which of the following should NOT be a role of the Security Administrator?
Authorizing access rights For proper segregation of duties, the security administrator should not be responsible for authorizing access rights. This is usually the responsibility of user management/data owner.
This allows a PBX to be configured so that incoming calls are distributed to the next available agent or placed on-hold until one become available?
Automatic Call distribution
Which Orange book security rating introduces called "Labeled Security" and each data object must have a classification label and each subject a clearence label. On each access attempt, the classification and clearence are checked to verify that the access is permissable?
B1
Orange book security rating introduces security labels?
B1 is also called "Labeled Security" and each data object must have a classification label and each subject a clearence label. On each access attempt, the classification and clearence are checked to verify that the access is permissable.
What is covert channel analysis required for?
B2 Structured Protection normally includes covert channel, device labels, subject sensitivity labels, trusted path, trusted facility management, configuration management.
Who implements a combination of policies, procedures, and processes such that a potentially disruptive event has as little impact on the business as possible?
BCP planners
Which routing protocol enables routers on different autonomous systems to share routing information?
BGP
What are the business impact analysis steps? 1. Select individuals to interview for data gathering. 2. Create data-gathering techniques (surveys, questionnaires, qualitative and quantitative approaches). 3. Identify the company's critical business functions. 4. Identify the resources these functions depend upon.
BIA Steps 5. Calculate how long these functions can survive without these resources. 6. Identify vulnerabilities and threats to these functions. 7. Calculate the risk for each different business function. 8. Document findings and report them to management.
what are vectors for attackers to bypass security checks, such as authentication? Be wary when someone says something will make computing both easier and more secure.
Backdoors
Differential backup process will?
Backs up data labeled with archive bit 1 and leaves the data labeled as archive bit 1
Which addressing uses a value stored in one of the CPU's registers as the base location from which to begin counting. The CPU then adds the offset supplied with the instruction to the value and retrieves the operand from that computed memory location?
Base+Offset addressing
when using Link encryption, packets have to_______
Be decrypted at each hop
Why was Triple DES adopted as a standard for government communications?
Because the meet in the middle attack showed that it took the same computing power to defeat 2 DES as it would standard DES.
What type of intrusion detection techniques assume that an intrusion can be detected by observing a deviation from normal or expected behavior of the system or the users?
Behavior-based intrusion detection
Which of these is not permitted by the Bell-LaPadula Model? Read from a higher level of security Write to a higher level of security None of these Read at the same security level
Bell-LaPadula Model does not allow subjects to read from a higher level of security (relative to their own security level). Rest of the given options ar
The __________Model which describes rules for the protection of data integrity
Biba Integrity Model
What type of symmetric-key encryption algorithm that transforms a fixed-size block of plaintext unencrypted text data into a ________ of ciphertext encrypted text data of the same length. They are appropriate for software implementations and can operate internally as a stream.
Block ciphers
What use key sizes of 32 bits to 448 bits and is a strong encryption protocol?
Blowfish
What is another alternative to DES and IDEA. that operates on 64-bit blocks of text by allowing the use of variable-length keys ranging from a relatively insecure 32 bits to an extremely strong 448 bits?
Blowfish block cipher
What is BGP?
Border Gateway Protocol (BGP) is a standardized exterior gateway protocol designed to exchange routing and reachability information among autonomous systems (AS) on the Internet.
what keys can uniquely identify records in a table?
Both Primary and Candidate Keys
What supports the enterprise authentication known as 802.1x/EAP, a standard port-based network access control that ensures clients cannot communicate with a resource until proper authentication has taken place?
Both WPA and WPA2
The Clark-Wilson model focuses on data integrity. The Bell-LaPadula model supports data confidentiality.
Both the Biba model and the Clark-Wilson model address the integrity of data. The Clark-Wilson Integrity Model addresses the three integrity goals and defines constrained data items and integrity verification procedures, and confirms transformation procedures.
What is diameter for remote access?
Building on the success of radius in TACAcS + its an enhanced version of of radius. diameter supports a wide range of protocols including traditional IP mobile IP, voice over IP and supports extra commands it's popular were roaming support is needed such as wireless devices and smart phones.
Because scripts contain credentials, they must be stored in a protected area and the transmission of the scripts must be dealt with carefully. Operators might need access to batch files and scripts.
Business Continuity Plans are designed to minimize the damage done by the event, and facilitate rapid restoration of the organization to its full operational capacity. They are for use "after the fact", thus are examples of corrective controls
What is most critical to survival to an organization?
Business Impact Analysis
What measures the potential loss that could be caused by a disaster?
Business Impact Analysis
Who own the processes and ensure the systems provide value to the organization.
Business and mission owners
Who own the processes and ensure the systems provide value to the organization?
Business and mission owners
What does it mean when it says " do not put your eggs in one basket?"
By splitting or dividing your outfit into several divisions, branches, offices, and so on, you create multiple sites and reduce the impact of a major disaster.
Which one of the following files might be modified or created by a companion virus?
COMMAND.EXE
Remeber: The Committee of Sponsoring Organizations of the Treadway Commission (COSO)2 sponsor the National Commission on Fraudulent Financial Reporting, which studied factors that lead to fraudulent financial reporting and produced recommendations for public companies, their auditors, the Securities Exchange Commission, and other regulators.
COSO identifies five areas of internal control necessary to meet the financial reporting and disclosure objectives. These include: (1) control environment, (2) risk assessment, (3) control activities, (4) information and communication, and (5) monitoring.
What is Immediate addressing
CPU does not need to actually retrieve any data from memory. The data is contained in the instruction itself
What is a fast form of memory?
CPU registers are the fastest form of memory.
the notification requirements placed on organizations that experience a data breach occured where?
California's SB 1386 implemented the fi rst statewide requirement to notify individuals of a breach of their personal information.
the notification requirements placed on organizations that experience a data breach are?
California's SB 1386 implemented the first statewide requirement to notifyindividuals of a breach of their personal information. All but three states eventually followed suit with similar laws. federal law only requires the notification of individuals when a HIPAA‐covered entity breaches their protected health information
_____can be any column or a combination of columns that can qualify as unique key in database?
Candidate Key
What is a subset of attributes that can be used to uniquely identify any record in a table.
Candidate Keys
remember this: When an intrusion has been detected and confirmed, if you wish to prosecute the attacker in court, the following actions should be performed in the following order: Capture and record system information and evidence that may be lost, modified, or not captured during the execution of a backup procedure.
Capture and record system information and evidence that may be lost, modified, or not captured during the execution of a backup procedure.
Input for one system comes from the output of another system. Feedback: One system provides input to another system, which reciprocates by reversing those roles One system sends input to another system but also sends input to external entities.
Cascading
What are the Risk Management Framework RMF steps?
Categorize, Select, Implement, Assess, Authorize, Monitor.
the six steps of the risk management framework
Categorize, Select, Implement, Assess, Authorize, and Monitor
six steps of the risk management framework are:
Categorize, Select, Implement, Assess, Authorize, and Monitor C S I A A M
the six steps of the risk management framework are?
Categorize, Select, Implement, Assess, Authorize, and Monitor.
What is the best means to improve the security of a challenge-response based authentication system?
Challenge response-based authentication is prone to session hijacking or man-in-the-middle attacks. Security management should be aware of this and engage in risk assessment and control design when they employ this technology.
In a brute force attack why changing a password frequently will not stop or delay an attack?
Changing the password frequently does not have an effect on the speed or ease with which it can be cracked.
What is the preparation of storage media by overwriting with unclassified data for later reuse or redistribution?
Clearing is a method of sufficiently deleting data on media that will be reused in the same secured environment
When a website provides one version of a page to search engines while serving a different version to users, this is called website ___. cloaking mirroring spoofing hiding
Cloaking is a search engine optimization (SEO) technique in which the content presented to the search engine spider is different from that presented to the user's browser.
remember this: Port knocking is where the client will attempt to connect to a predefined set of ports to identify him as an authorized client. The port knocking sequence is used to identify the client as a legitimate user
Common Criteria 15408 generally outlines assurance and functional requirements through a security evaluation process concept of Protection Profile PP, Target of Evaluation TOE, and Security Target ST for Evaluated Assurance Levels EALs to certify a product or system.
Hierarchical database model Network model Relational model Object-relational database models are what?
Common logical data models
Sampling is a form of data reduction that allows an auditor to quickly determine the important issues or events from an audit trail.
Common mode noise is generated by the difference in power between the hot and ground wires of a power source or operating electrical equipment.
What environments require specific security clearances over compartments or domains instead of objects?
Compartmentalized environments require specific security clearances over compartments or domains instead of objects.
What law extension of the United States Secret Service's jurisdiction over credit card fraud and computer fraud?
Comprehensive Crime Control Act of 1984
What is Every X number of words within a text, is a part of the real message,
Concealment cipher
What is the Clark Wilson model?
Concerned with change control with the assurance that all modifications to objects maintain integrity by well formed transactions and usage of access triple which is subject - interface- object
What uses a "lock" feature to allow an authorized user to make changes and then "unlock" the data elements only after the changes are complete so another user is unable able to access the database to view and/or make changes to the same elements at the same time.
Concurrency
what is a preventive security mechanism that endeavors to make certain that the information stored in the database is always correct or at least has its integrity and availability protected?
Concurrency
What is the best symmetric cryptography, both parties will be using the same key for encryption and decryption?
Confidentiality
______________assures that the information is not disclosed to unauthorized persons or processes?
Confidentiality assures that the information is not disclosed to unauthorized persons or processes.
A message encrypted and digitally signed provides:
Confidentiality, Authentication, Non-repudiation, and Integrity
Which of the following is best provided by symmetric cryptography?
Confidentiality. When using symmetric cryptography, both parties will be using the same key for encryption and decryption. Symmetric cryptography is generally fast and can be hard to break. It offers limited overall security in the fact that it can only provide confidentiality.
In the Bell-LaPadula model, the Star-property is also called?
Confinement Property
What are the the various types of software license agreements?
Contractual license agreements are written agreements between a software vendor and user. Shrink‐wrap agreements are written on software packaging and take effect when a user opens the package. Clickwrap agreements require the user to accept the terms during the software installation process
__________is a security concept infrastructure used to organize the complex security solutions
Control Objectives for Information and Related Technology
What is a security concept infrastructure used to organize the complex security solutions of companies?
Control Objectives for Information and Related Technology COBIT
The main responsibility of the network layer is to insert information into the packet's header so that it can be properly routed. The protocols at the network layer must determine the best path for the packet to take
Controlling access by a subject an active entity such as individual or process to an object a passive entity such as a file involves setting up access rules.
What law guarantees the creators of "original works of authorship" protection against the unauthorized duplication of their work?
Copyright law
When should a post-mortem review meeting be held after an intrusion has been properly taken care of? a. Within the first month after the investigation of the intrusion is completed. b. Within the first week of completing the investigation of the intrusion. c. Within the first week after prosecution of intruders have taken place, whether successful or not. d. Within the first three months after the investigation of the intrusion is completed.
Correct Answer is: A Within the first week of completing the investigation of the intrusion. A post-mortem review meeting should be held with all involved parties within three to five working days of completing the investigation of the intrusion. Otherwise, participants are likely to forget critical information
Failure of a contingency plan is usually: Because of a lack of training. Because of a lack of awareness. A management failure. A technical failure.
Correct Answer is: A management failure. Failure of a contingency plan is usually management failure to exhibit ongoing interest and concern about the BCP/DRP effort, and to provide financial and other resources as needed. Lack of management support will result in a lack awareness and training.
The purposes of RAID (Redundant Array of Inexpensive Disks) are to provide which of the following? a Performance Increase b. Prevent file server hard disks crashes c. Fault Tolerance d. Redundancy and Higher Data Transfer performance
Correct Answer is: A. Redundancy and Higher Data Transfer performance This is a tricky question, as you probably noted the word "purposes" is plural which means there is more than one choice expected. The plural form kind of gives it away as there is only one answer with two choices. If the question would have contained the keywords "primary purpose" then fault tolerance would have been the best choice.
Which of the following statement INCORRECTLY describes circuit switching technique? a. Packet uses many different dynamic paths to get the same destination b. Fixed delays c. Traffic travels in a predictable and constant manner d. Connection oriented virtual links Correct Answer is: Packet uses many different dynamic paths to get the same destination
Correct Answer is: Packet uses many different dynamic paths to get the same destination
when deleting a file is not enough to get rid of it, which of these are recommended? Shredding Whipping Overweighting All of these
Correct answer: All of these Wiping, overwriting, and shredding are all considered excellent safety precautions to ensure that data is truly inaccessible after its intentional removal.
which measure will most likely delay a successful brute force attack
Correct answer: Increasing the size of the password While changing passwords frequently may help ensure the integrity of a password, a brute-force attack rapidly applies a series of combinations to find a match;
Which method will most likely delay a successful brute force attack?
Correct answer: Increasing the size of the password therefore, increasing the size of a password exponentially increases the workload and therefore the time a brute-force attack must use to succeed.
Bluejacking is what?
Correct answer: The sending of a message without the authorized user's consent Bluejacking is where messages are sent from a user or a system without authorized consent. The transmission often involves the use of a receiving blue tooth device.
It has been determined that a specific role in an organization could upset a system of checks and balances. In terms of risk analysis, this kind of danger is determined as what?
Correct answer: Threat When the danger only has the potential to create a negative impact, it is considered a threat. If specific roles in the organization could upset checks and balances
How many parts are there in the common criteria for SLDC?
Correct answer: Three The Software Development Life Cycle (SDLC) includes three parts. Part one is the introduction, part two includes the details of specific functional requirements, and part three details security assurance requirements.
Identify the choice that reflects a control an organization might establish to increase security measures? vacation Job rotations None of these Vacations and job rotations
Correct answer: Vacations and job rotation Vacations and job rotation give organizations an opportunity for employees to work in positions they normally do not in the hopes they uncover an issue which is not in the normal pattern of processes.
What are countermeasures to spoofing attacks
Countermeasures to spoofing attacks include patching the OS and software, enabling source/destination verification on routers, and employing an IDS to detect and block attacks
involves writing to a storage location by one process and the direct or indirect reading of the storage location by another process
Covert Storage Channel:
which one process modulates its system resource for example, CPU cycles, which is interpreted by a second process as some type of communication.
Covert Timing Channel
remember this: A covert channel is an unintended communication path within a system, therefore it is not protected by the system's normal security mechanisms.
Covert channels are a secret way to convey information. Covert channels are addressed from TCSEC level B2.
_______Outlines how the proper design of a physical environment can reduce crime by directly affecting human behavior?
Crime Prevention Through Environmental Design CPTED
When a team conducts a BIA to understand the functions and resources an organization requires for productivity, the team must calculate the maximum to tolerable downtime (MTD). What needs to properly identified for each resource?
Criticality of each resource
Can Honeypots monitor hacker activities and use their results as evidence in court?
Currently honeypot logs cannot be produced as evidence in a court of law
Who helps protect the integrity and security of data by ensuring it is properly stored and protected ensuring the data is backed up in accordance with a backup policy. If administrators have configured auditing on the data_________would also maintain these logs.
Custodians
The concept of best practices as closely associated with what kind of law?
Customary law
A portable data storage device has been determined to have malcious firmware. Which of the following is the BEST course of action to ensure data confidentiality. A. Format the devie B. Re-image the device C. Perform virus scan in the device D. Physically destroy the device
D- physically destroy the device to preserve confidentiality.
Which of the following is a Microsoft technology for communication among software components distributed across networked computers
DCOM Distributed Component Object Model
What uses a hierarchical model to organize data, with root name servers representing the top-level domains and authority distributed hierarchically to child servers.
DNS
Which protocol is secured by using TSIG?
DNS
DNS uses a ______________ model to organize data, with root name servers representing the top-level domains and authority distributed hierarchically to child servers.
DNS uses thehierarchical model to organize data, with root name servers representing the top-level domains and authority distributed hierarchically to child servers.
_______is the alteration of existing data. Many times, this modification happens before the data is entered into an application or as soon as it completes processing. The most common reason is to overstate revenue and assets and understate expenses and liabilities.
Data Diddling
What is a subset of SQL containing the commands used to interact with data?
Data Manipulation Language DML
When a Proxy transfers a copy of each accepted data packet from one network to another what is masked?
Data Origin
Who are typically third-party entities that process data for an organization?
Data Processors
Data diddling is the__________?
Data diddling is the alteration of existing data. Many times, this modification happens before the data is entered into an application or as soon as it completes processing. The most common reason is to overstate revenue and assets and understate expenses and liabilities.
What is a key element in security controls
Data hiding and programming
TLS is a secure protocol implemented in web application traffic to ensure privacy between client and server communications to protect this type of data:
Data in Transit/Motion
What is the difference between Data manipulation language and data definition language?
Data manipulation language is a grouping of computer languages used by computer programs to manipulate data in a database; Data definition language is a computer language used specifically to define data structures.
Who is responsible for defining data classifications and ensuring systems and data are properly marked?
Data owners
Who is responsible for defining data classifications and ensuring systems and data are properly marked?
Data owners
Who has a responsibility to protect the privacy of the data and not use it for any other purpose than directed by the data controller?
Data processors
who are typically third-party entities that process data for an organization?
Data processors
Remember this: Pretty good privacy is a freeware email security application that uses IDEA algorithm for encryption and RSA algorithm for key distribution.
Data remanence is the data that prevails on a computer after an erase operation has been performed
what is the difference between data remanence and residual data?
Data remanence is the data that prevails on a computer after an erase operation has been performed where as Residual Data is data that is unintentionally left behind on computer media.
developers use to restrict users' access to a limited subset of database attributes or records is what?
Database views use SQL statements to limit the amount of information that users can view from a table.
What technique would raise the False Acceptance Rate (FAR) and Lower the False Reject Rate (FRR) in a fingerprint scanning system?
Decrease the amount of minutiae that is verified
In the ________________ stage of the CMM, all development projects take place within the constraints of a standardized management model.
Defined stage
What is the Internet glossary RFC 2828?
Defines an attribute certificate as a digital certificate that binds a set of descriptive data items other than a public key either directly to a subject name or the identifier of another certificate that is a public key certificate.
Explain why the separation of duties and responsibilities is a common security practice?
Definition -------------------------------------------------------------------------------- It prevents any single subject from being able to circumvent or disable security mechanisms
What is Degaussing?
Degaussing is the process of decreasing or eliminating a remnant magnetic field. It is named after the gauss, a unit of magnetism, which in turn was named after Carl Friedrich Gauss. The magnetic field of a degausser, the magnetic data on a tape or hard disk is neutralized, or erased.
network based IDS can detect many attacks and are the first to dectect unlike a Host based IDS would be what kind of attack?
Denial of Service Attack or a DoS
What are the most common threats against communication systems?
Denial of service, eavesdropping, impersonation, replay, and modification
Code of Ethics Canons Protect society, the commonwealth, and the infrastructure Act honorably, honestly, justly, responsibly, and legally Provide diligent and competent service to principals Advance and protect the profession
Developing a BCP/DRP Develop Contingency Planning Policy Statement Conduct the Business Impact Assessment (BIA) Identify Preventative Controls Develop Recovery Strategies Develop an IT Contingency Plan Plan Testing, Training and exercises Plan Maintenance
In NIST SP 800-18 outlines the following responsibilities for the system owner?
Develops a system security plan in coordination with information owners, the system administrator, and functional end users. Maintains the system security plan and ensures that the system is deployed and operated according to the agreed-upon security requirements
RADIUS = Uses UDP 1812 and 1813. AAA system. RADIUS request and response data is carried in 8-bit Attritbute Value Pairs TACACS - centralized access control system that uses UDP port 49 and may use TCP PAP and CHAP = PAP is plaintext, CHAP is better
Diameter = RADIUS' successor with more accountability and a 32-bit AVP field.
Which of the following algorithm enables two systems to generate a symmetric key securely without requiring a previous relationship or prior arrangements?
Diffie-Hellman The Diffie-Hellman key agreement protocol also called exponential key agreement)was developed by Diffie and Hellman in 1976 and published in the ground-breaking paper "New Directions in Cryptography." The protocol allows two users to exchange a secret key over an insecure medium without any prior secrets.
what prohibits the circumvention of copy protection mechanisms placed in digital media and limits the liability of Internet service providers for the activities of their users?
Digital Millennium Copyright Act of 1998
The uses of digital rights management is what ?
Digital rights management (DRM) solutions allow content owners to enforce restrictions on the use of their content by others. DRM solutions commonly protect entertainment content, such as music, movies, and e-books
The main purpose for the use of digital signatures is to assure
Digital signatures provide integrity because the digital signature of a signed message (file, mail, document, etc.) changes every time a single bit of the document changes; thus, a signed document cannot be altered.
What is a spamming attack
Directing floods of messages to a victim's email inbox or other messaging system. Such attacks cause DoS issues by filling up storage space and preventing legitimate messages from being delivered
Who should direct short-term recovery actions immediately following a disaster?
Disaster Recovery Manager. The Disaster Recovery Manager should also be a member of the team who assists the development of the Disaster Recovery Plan. Senior-level management supports the process but not be involved with the initial process.
_____give the subject (user) some ability to define the objects to access. This access control mechanism ensures that the owner or creator of an object controls and defines the access other subjects have to that object
Discretionary controls
What is Microsoft technology for communication among software components distributed across networked computers?
Distributed Component Object Model DCOM is a proprietary Microsoft technology for communication among software components distributed across networked computers.
What are the Divisions of the TCSEC?
Divisions and classes D — Minimal protection C — Discretionary protection B — Mandatory protection A — Verified protection
What differs from traditional multi-site datacenter architecture based primarily on the concept that it is possible to shift active-running workload from one site to another with no interruption in services. While providing the ability to shift active running workload from one site to another?
Dual-Core Datacenter
What is the notion of preserving and protecting assets and interests for a given organization as exercised through a formalized security structure comprising baselines, guidelines, policies, procedures, and rules?
Due care
Remember this :A brouter is a device that attempts to route first, but if that fails, it defaults to bridging.
Due care is the notion of preserving and protecting assets and interests for a given organization as exercised through a formalized security structure comprising baselines, guidelines, policies, procedures, and rules.
Protection mechanisms are continually maintained and operational where risks are constantly being evaluated and reviewed ia an example of what?
Due diligence
Certain types of attacks have been made more potent by which of the following advances to microprocessor technology?
Due to the increase of computer processing power, brute-force and cracking attacks against security mechanisms are possible. These instructions can be used to attempt to crack passwords or encryption keys or instructions to send nefarious packets to victim systems.
When do you define business priorities?
During the first step of the Business Impact Analysis.
What is the the process used to develop a continuity strategy?
During the strategy development phase, the BCP team determines which risks will be mitigated
Describe the process used to develop a continuity strategy
During the strategy development phase, the BCP team determines which risks will be mitigated. The provisions and processes phase procedures that will mitigate the risks are designed. The plan must then be approved by senior management and implemented.
What is a large group of internal clients to share a single or small group of ROUTABLE IP addresses for the purpose of hiding their identities when communicating with external hosts or expanding the internal network address?
Dynamic translation
What are the Target of Evaluation levels TOE
EAL 1 : functionally tested EAL 2 : structurally tested EAL 3 : methodically tested and checked EAL 4 : methodically designed, tested and reviewed EAL 5 : semiformally designed and tested EAL 6 : semiformally verified design and tested EAL 7 : formally verified design and tested.
What is structurally tested
EAL 2
What is methodically tested and checked
EAL 3
Common Criteria has assurance level from EAL 1 to EAL 7 regarding the depth of design and testing. Which of the following assure the Target of Evaluation or is methodically designed, tested and reviewed?
EAL 4
What is methodically designed, tested and reviewed?
EAL 4
What is semiformally designed and tested?
EAL 5
What is semiformally verified design and tested
EAL 6
What is formally verified design and tested.
EAL 7
The Data Encryption Standard operates in four modes: Electronic Codebook mode, Cipher Block Chaining mode, Cipher Feedback mode, and Output Feedback mode.
ECB mode is considered the least secure and is used only for short messages. 3DES uses three iterations of DES with two or three different keys to increase the effective key strength to 112 or 168 bits, respectively
ECC key size is what?
ECC requires shorter keys for equivalent security. Some argue that ECC key length pf 160 bits is the same as an RSA key length of 1024 bits.
What provides penalties for individuals found guilty of the theft of trade secrets. Harsher penalties apply when the individual knows that the information will benefit a foreign government
Economic Espionage Act
What is an extension of the Diffie-Hellman key exchange algorithm that depends on modular arithmetic?
El Gamal
What is used for transmitting digital signatures and key space exchanges, and it has logarithmic functions?
El Gamal
What is an Elliptic curve Diffie-Hellman (ECDH)?
Elliptic curve Diffie-Hellman (ECDH) is an anonymous key agreement protocol that allows two parties, each having an elliptic curve public-private key pair, to establish a shared secret over an insecure channel.[1][2
What is the most serious threat of email
Email is a common delivery mechanism for viruses, worms, Trojan horses, documents with destructive macros, and other malicious code.
What provides confidentiality in IPSEc?
Encapsulating Security Payload ESP
What uses simple encryption to encipher their computer code. Each virus is encrypted with a different key so that even with a key to one virus, another instance of the same virus cannot be scanned.
Encrypted Viruses
What is a firewall feature that allows users on an external network to authenticate themselves to prove that they are authorized to access resources on the internal network
Encrypted authentication
Of the following, what can mitigate the success of a sniffing attack?
Encrypted passwords (and one-time passwords) can reduce the success of a sniffing attack. Rainbow tables are used by attackers to crack hashed passwords. Salting passwords helps reduce the success rate of rainbow attacks.
Information stays encrypted from one end of its journey to another is what type of encryption?
End to End encryption
responsible for protecting information assets on a daily basis through adherence to the security policies that have been communicated is?
End user
What are the issues related to user acceptance of biometric enrollment and throughput rate?
Enrollment times longer than 2 minutes are unacceptable; subjects will typically accept a throughput rate of about 6 seconds or faster
What is an attack phase of a penetration test?
Escalate Privileges
What is a general term is described as the process of independently assessing a system against a standard of comparison?
Evaluation
Which can best describe a Concealment cipher
Every X number of words within a text, is a part of the real message, A concealment cipher is a message within a message
What are some examples of Non-volatile memory?
Examples of non-volatile memory include read-only memory, flash memory, ferroelectric RAM (F-RAM), most types of magnetic computer storage devices (e.g. hard disk drives, floppy disks, and magnetic tape), optical discs, and early computer storage methods such as paper tape and punched cards.
With relevance to volatile information gathering from a router, which of these is considered Direct access? SNMP scan Executing show commands Port scan All of the above
Executing the 'show' commands on the Router, comes under 'Direct Access'
maintains the overall responsibility for protection of the information assets. The business operations are dependent upon information being available, accurate, and protected from individuals without a need to know.
Executive Management/Senior Management -
Which of the following relational database terms would include a central repository of metadata and data relationships? File Database Database management system Data dictionary
Explanation: The correct answer is data dictionary. The data dictionary is a central repository of metadata and data relationships.
Which of the following would be your first step as an investigator during an Email crime investigation? Classify violation Collect Evidence Analyze the header Copy the email
Explanation: The first step is always to classify the violation done during the crime
An Exploitation occurs when?
Exploitation occurs when the attacker sends "guesses" to password information or other login credentials to gain access to a system. Brute force attacks are an example of exploitation. SQL injection is another form.
What is extensible markup language?
Extensible market language goes beyond describing how to display the date up by actually describe the data. I can include tags to describe the data anything desired
Synchronous Dynamic Tokens - refresh every 60 seconds. Use time or counters to synchronize a code with the AS Asynchronous Tokens - not synchronized with central server. Challenge-response. Throughput - biometric system response time
False Reject Rate (FRR): Type 1 Error False Accept Rate (FAR): Type 2 Error Crossover Error Rate (CER): Where the two rates meet
A _____ is any abnormal situation in an electrical system when electrical current does not flow through the intended parts.
Fault
What are multiple organizations that join a group where they agree on a method to share identities between them?
Federated identity management.
What is the most difficult network segment to eavesdrop because the act of doing so is always detectable?
Fiber
The following are typical biometric characteristics that are used to uniquely authenticate an individual's identity:
Fingerprints - Retina scans - Iris scans - Facial scans - Palm scans - Hand geometry - Voice - Handwritten signature dynamics
what are the requirements for successful use of a one-time pad?
For a one-time pad to be successful, the key must be generated randomly without any known pattern. The key must be at least as long as the message to be encrypted. The pads must be protected from physical disclosure, and each pad must be used one one time and then discarded
Which of the following algorithms is used today for encryption in PGP
For encrypting messages, it actually uses AES with up to 256-bit keys, CAST, TripleDES, IDEA and Twofish. RSA is also used in PGP, but only for symmetric key exchange and for digital signatures, but not for encryption
Give an example of an ARO?
For example, a business in Southern California is much more likely to face the risk of an earthquake than to face the risk posed by a volcanic eruption. A business based in Hawaii might have the exact opposite likelihood that each risk would occur.
remember this-database view is the results of Join, Project, and Select.
For the purpose of the exam you must remember the following terms from relational algebra and their SQL equivalent: Tuple = Row, Entry Attribute = Column Relation or Based relation = Table
What is used to enforce relationships between two tables, also known as referential integrity . Referential integrity ensures that if one table contains a_________ key, it corresponds to a still-existing primary key in the other table in the relationship
Foreign Key
How are PVC, SVC, DTE, and DCE used in a Frame Relay network
Frame Relay requires the use of a DTE and a DCE at each connection point. PVC is always available; SVC is established using the best paths currently available
What are types of Cryptographic Attacks?
Frequency Analysis, Brute Force Attacks, Rainbow Tables
What wireless communication technique employs a form of serial communications
Frequency Hopping Spread Spectrum FHSS an early implementation of the spread spectrum concept. However, instead of sending data in a parallel fashion, it transmits data in a series while constantly changing the frequency in use.
Iris scan, fingerprint, voice verification, keystroke dynamics.
From most effective lowest Cross Over Error Rate to The Least Effective highest Cross Over Error Rate
Which backup has the worst recovery point objective?
Full Back up
Remember IP Sec can only tunnel through IP networks that provide integrity and authentication
Furthermore, IP Sec does not provide any digital certificates that are used in a PKI environment that are tied to the identify of individual systems in a providing IP Sec functionality
remember this: With the advent of public key cryptography (PKI), it is now possible to communicate securely with untrusted parties over the Internet without prior arrangement.
Furthermost in PKI, One of the necessities arising from such communication is the ability to accurately verify someone's identity (i.e. whether the person you are communicating with is indeed the person who he/she claims to be)
Crackers today are MOST often motivated by their desire to what?
Gaining Money or Financial Gains.
What are the fundamental requirements of a hash function?
Good hash functions have five requirements. They must allow input of any length, provide fixed-length output, make it relatively easy to compute the hash function for any input, provide one-way functionality, and be collision free.
What is a strategy hackers use to to gather intelligence about vulnerable systems that they may later attempt to compromise?
Hackers often use scanning attacks to gather intelligence about vulnerable systems that they may later attempt to compromise.
Halon is a compound consisting of bromine, fluorine, and carbon why were these terminated?
Halons are used as fire extinguishing agents, both in built-in systems and in handheld portable fire extinguishers. Halon production in the U.S. ended on December 31, 1993, because they contribute to ozone depletion. Bromine being part of Halon is not a safe replacement for Halon
What are the CDs and DVDs Storage protection recommendations?
Handle by edges or by hole in the middle Be careful not to bend the CD or DVD Avoid long term exposure to bright light Store in a hard jewel case, not is soft sleeves
What is FIPS-140?
Hardware and software cryptographic modules-The 140 series of Federal Information Processing Standards (FIPS) are U.S. government computer security standards that specify requirements for cryptography modules. the current version of the standard is FIPS 140-2, issued on 25 May 2001.
WHat is used to monitor the installation of, and updates to, hardware and software to ensure that the system functions as expected and that a historical record of changes is maintained?
Hardware and software maintenance access controls
what monitor the installation of, and updates to, hardware and softwares as expected and that a historical record of changes is maintained. Integrity verification programs are more integrity controls than software maintenance controls?
Hardware and software maintenance access controls
To implement encryption into his systems in such a way that it goes as fast as possible. This is to ensure that users do not have to wait too long. For such speedy encryption, his best option is to use
Hardware based encryption is the fastest encryption
which model map subjects objects in Access rights to access matrix?
Harrison Ruzzo Ullman model
How does privacy fits into the realm of IT security?
Health Insurance Portability and Accountability Act (HIPAA), the Sarbanes-Oxley Act of 2002 (SOX), and the Gramm-Leach-Bliley Act—as well as the EU's Directive 95/46/EC aka the Data Protection Directive and the contractual requirement Payment Card Industry Data Security Standard PCI DSS
What is a data storage technique, which automatically moves data between high-cost and low-cost storage media. and exist because high-speed storage devices, such as hard disk drive arrays, are more expensive per byte stored than slower devices, such as optical discs and magnetic tape
Hierarchical storage management (HSM)?
Remember this ISDN is a circuit-switched network technology.
Host-based Intrusion Detection Systems are deployed at the host level, and have a very limited view of the network, which is their biggest drawback
What access control method that combines central and decentralize approaches individual users may be able to dictate who can access the shared and local files but the IT administration would control access to file servers network printers and network devices?
Hybrid administration
What kind of Encryption technology does SSL utilize
Hybrid both symmetric and asymmetric SSL use public-key cryptography to secure session key, while the session key (secret key) is used to secure the whole session taking place between both parties communicating with each other.
____________combines both hierarchical and compartmentalized environments so that security levels have subcompartments.
Hybrid environments
The request control process provides an organized framework within which users can request modifications, managers can conduct cost/benefit analysis, and developers can prioritize tasks.
Hybrid environments combine both hierarchical and compartmentalized environments so that security levels have subcompartments
What Allows multiple virtual operating systems run on one host? is the software component that manages the virtual components?
Hypervisor
What is the IP header contains a protocol field for ICMP?
ICMP=1
Which encryption algorithm is used in PGP?
IDEA-- a symmetric encryption algorithm used in PGP software and it is a 64-bit block cipher which uses a 128-bit key.
Abnormal or unauthorized activities detectable to an IDS include which of the following?
IDSs watch for violations of confidentiality, integrity, and availability. Attacks recognized by IDSs can come from external connections viruses, malicious code, trusted internal subjects attempting to perform unauthorized activities, and unauthorized access attempts from trusted locations.
What is the IP header contains a protocol field for IGMP?
IGMP=2
Which protocol is commonly used for corporate e-mail accounts?
IMAP
What provides confidentiality and integrity to information transferred over IP networks through network not transport layer encryption and authentication.
IP Sec
_______is often combined with Layer 2 Tunneling Protocol (L2TP) for VPNs.
IP Sec
What is a data-oriented protocol used for communicating data across a packet-switched internetwork?
IP provides an unreliable service i.e., best effort delivery. This means that the network makes no guarantees about the packet.
What are two disadvantages of an IPS?
IPS creates bottle necks & can generate false positives
What are the characteristics of IPSec Tunnel Mode?
IPSEC work at the Network layer of the OSI model. Tunnel mode is most commonly used between gateways, or at an end-station to a gateway, the gateway acting as a proxy for the hosts behind it. Transport mode is used between end-stations or between an end-station and a gateway,if the gateway is being treated as a host.
Name at least 10 network and protocol security mechanisms
IPSec, SKIP, SWIPE, SSL, S/MIME, SET, PEM, PGP, PPP, SLIP, PPTP, L2TP, CHAP, PAP, RADIUS, TACACS, S-RPC
What protocol suite runs at the networking layer that provides confidentiality, integrity protection, data origin authentication and replay protection of each message by encrypting and signing every message
IPsec
What address configuration does not require NAT to extend its address space?
IPv6 has an increased address space in comparison to IPv4, hence does not require NAT
Primary victims of the Smurf attacks are the _ servers.
IRC servers
What are converged protocols?
ISCSI, VoIP, and FCoE are converged protocols.
is a standard for software life cycle processes. It establishes a process for the life cycle of software. It does not specifically cover security but it references other security standards.
ISO 1227
what defines guidelines to support the interpretation and implementation in health informatics of ISO/IEC 27002 and is a companion to that standard
ISO 27799
What is the standard for the establishment, implementation, control, improvement of the information security management system?
ISO/IEC 27001
COBIT Control Objectives for Information and Related Technology: control framework to manage IT risk and governance
ITIL (Information Technology Infrastructure Library) - Framework for providing IT service management Service strategy Service design Service transition Service operation Continual service improvement
______________is the process by which a subject professes an identity and accountability is initiated
Identification
What are the keystones of most access control systems?
Identification and authentication are the keystones of most access control systems
Each participant in an asymmetric cryptosystem is issued two keys: a public key and a private key.
Identification of priorities is the first step of the business impact assessment process.
Name the four key principles upon which access control relies?
Identification, authentication, authorization, accountability
What is federated identity management?
Identity management is a management of user identities in their credentials. Multiple organizations can join a federation a group where they agree on a method to share identities between them.
Which one of these indicates a spoofed email during investigation? Return Path server and Received From server are the same Return Path server and Received From server are different
If received from and return path servers differ, it is an Indication of a spoofed email
What does the CPU does not need to actually retrieve any data from memory. The data is contained in the instruction itself?
Immediate addressing
What types of threats does cryptography, like digital signatures, help fight against?
Impersonation, Eavesdropping, and Tampering
The change control process of configuration or change management has several goals or requirements: they are:
Implement changes in a monitored and orderly manner. Changes are always controlled. A formalized testing process is included to verify that a change produces expected results. All changes can be reversed also known as backout or rollback plans/procedures.
Security is likely to be most expensive when addressed in which phase?
Implementation
What are the goals of change management
Implementation of changes in an orderly manner, formalized testing, ability to reverse changes, ability to inform users of changes, systematical analysis of changes, minimization of negative impact of changes
What DES mode uses the exclusive OR function to combine each block of unencrypted text with the immediately preceding cipher-text block?
In Cipher Block Chaining (CBC) mode, each block of unencrypted text is XORed with the block of cipher text immediately preceding it before it is encrypted using the DES algorithm.
The CPU uses absolute addresses. Applications use logical addresses. Relative addresses are based on a known address and an offset value.
In IPSec, Security Associations is a concept of building security functions into IP - Internet Protocol. A security association is a bundle of algorithms and parameters like keys which is used to encrypt and authenticate a particular flow of data.
The common applications of cryptography to secure networking is
In IPsec transport mode packet contents are encrypted for peer-to-peer communication. In tunnel mode, the entire packet, including header information, is encrypted for gateway-to-gateway communications.
What is a hijack attack?
In a hijack attack, which is an offshoot of a man-in-the-middle attack, a malicious user is positioned between a client and server and then interrupts the session and takes it over.
What type of attack can be used against cryptographic algorithms that do not incorporate temporal protections? A. Chosen plain-text attack B. Meet-in-the-middle attack C. Man-in-the-middle attack D. Replay attack
In a replay attack, the malicious individual intercepts an encrypted message between two parties (often a request for authentication) and then later replays the captured message to open a new session.
to make a request to the server, is the IP of the host who originally made the request would be logged in the server?
In case of a proxy request, the IP of the proxy would be logged, but not of the end user who actually made the request
What is point to point protocol?
In computer networking, Point-to-Point Protocol is a data link protocol used to establish a direct connection between two nodes. It can provide connection authentication, transmission encryption using ECP, RFC 1968 and compression.
__________ is a collection of ports from a set of connected Fibre Channel switches over a network, be partitioned into multiple sharing hardware resources.
In computer networking, a virtual storage area network (VSAN) is a collection of ports from a set of connected Fibre Channel switches, that form a virtual fabric. Ports within a single switch can be partitioned into multiple VSANs, despite sharing hardware resources.
What is polyinstantiation?
In databases, polyinstantiation is database-related SQL structured query language terminology. It allows a relation to contain multiple rows with the same primary key; the multiple instances are distinguished by their security levels. It occurs because of mandatory policy.
which of these is true about 'Persistent attacks' None of the above Hard to detect Cannot cause severe damage Attacker constantly injects a substantial amount of 'bad' packets into the router
In persistent attacks, an attacker 'constantly' injects bad packets into the router
remember this: A stealth virus is a hidden computer virus that attacks operating system processes and averts typical anti-virus or anti-malware scans. Stealth viruses hide in files, partitions and boot sectors and are adept at deliberately avoiding detection.
In software development, static testing is a form of software testing where the actual program or application is not used. Instead this testing method requires programmers to manually read their own code to find any errors.
What type of attack does a malicious individual sits between two communicating parties and intercepts all communications including the setup of the cryptographic session?
In the man-in-the-middle attack
In which business continuity planning task would you actually design procedures and mechanisms to mitigate risks deemed unacceptable by the BCP team?
In the provisions and processes phase, the BCP team actually designs the procedures and mechanisms to mitigate risks that were deemed unacceptable during the strategy development phase.
When the TTL of a packet reaches zero, it sends back a TTL ___ message to the originator. depleted exhausted limit exceeded
In this case a TTL exceeded message is sent back to the originator
What are the two modes available through IPSec, and what do they do
In transport mode, the IP packet data is encrypted, but the header is not. In tunnel mode, the entire IP packet is encrypted, and a new header is added to govern transmission through the tunnel
What is a complexed password consist of?
Increasing the size of the password increasing the size of a password exponentially increases the workload and therefore the time a brute-force attack must use to succeed.
To run at regular intervals would take the MOST time to complete restoration?
Incremental backups only backup changed data changes archive bit to not backup again if not changed.
What attacks involve combining several pieces of nonsensitive information to gain access to information that should be classified at a higher level it--makes use of the human mind's deductive capacity rather than the raw mathematical ability of modern database platforms.
Inference
Inference
Inference attacks involve combining several pieces of nonsensitive information to gain access to information that should be classified at a higher level. However, inference makes use of the human mind's deductive capacity rather than the raw mathematical ability of modern database platforms.
What is access?
Information flow from objects to subjects
Capability Maturity Model
Initial/Performed, Repeatable, Defined, Quantitatively managed, optimized
NIST SP 800-37: four-step certification and accreditation process:
Initiation Phase Security Certification Phase Security Accreditation Phase Continuous Monitoring Phase
What is Cascading?
Input for one system comes from the output of another system. Feedback: One system provides input to another system, which reciprocates by reversing those roles One system sends input to another system but also sends input to external entities.
Electromagnetic Interference (EMI) issues such as crosstalk primarily impact which aspect of security?
Integrity
What is a standby site ready with all the technology and equipment necessary to run the applications positioned there to effectively restart an application without having to perform any bare metal recovery of servers while running non-time sensitive processes?
Internal Hot Sites
___________ is the protocol used to set up a security association (SA) in the IPsec protocol suite?
Internet Key Exchange (IKE or IKEv2)
Which translates source code one command at a time for execution on a computer?
Interpreters translate one command at a time during execution, as opposed to compilers and assemblers where source code for the whole application is transformed to executable code before being executed
What are patterns of analysis and recognition?
Intrusion Detection
From most effective lowest Cross Over Error rate to least effective highest Cross Over Error rate are:
Iris scan, fingerprint, voice verification, keystroke dynamics.
What is service provisioning market language?
Is a newer framework based on XML but specifically designed for exchanging user information for federal identity single sign-on purposes.
What is a Trusted Distribution?
Is based on Life Cycle Assurance Requirements -steps are: Security Testing, Design Specification, Configuration Management, Trusted System Distribution.
What is a virtual password
Is the length and format that is required by specific system to log into or a software application.
IT governance is defined as the processes that ensure the effective and efficient use of IT in enabling an organization to achieve its goals. IT demand governance --what IT should work on is the process by which organizations ensure the effective evaluation, selection, prioritization, and funding of competing IT investments;
It Governance oversee their implementation; and extract (measurable) business benefits. It is a business investment decision-making and oversight process, and it is a business management responsibility. IT supply-side governance is concerned with ensuring that the IT organization operates in an effective, efficient and compliant fashion.
What is Polyinstatiation?
It allows the insertion of multiple records that appear to have the same primary key values into the database at different classification levels.
How would you describe IPsec?
It can be used to establish direct communication between computers or to set up a VPN between networks. IPsec uses two protocols: Authentication Header (AH) and Encapsulating Security Payload (ESP).
What are the pros and cons of a network-based IDS
It can monitor a large network and can be hardened against attack. It may be unable to handle large data flows, requires a central view of traffic, and can't pinpoint compromised resources
What are the pros and cons of a host-based IDS?
It can pinpoint resources compromised by a malicious user. It can't detect network-only attacks or attacks on other systems, has difficulty detecting DoS attacks, and can be detected by intruders
What is a major disadvantage of the El Gamal Crypto System?
It doubles the length of any message it encrypts. Therefore a 2048 bit plain text message would yield a 4096 bit ciphertext message when El Gamal is used for encryption
What is A packet-filtering firewall?
It examines all of the fields in the headers in the packet. For example, it might look at the source IP address field in the IP header, or it might look at the destination port number field in a TCP header to decide whether or not traffic should be allowed to go through.
What is transparency?
It is a characteristic or service that is unseen by users
What is a Trojan?
It is a code that appears to have some useful purpose but also contains code that has a malicious or harmful purpose imbedded in it
What is Hybrid administration?
It is access control method that combines central and decentralize approaches individual users may be able to dictate who can access the shared and local files but the IT administration would control access to file servers network printers and network devices
What is transverse mode noise?
It is generated by the difference in power between the hot and neutral wires power source or operate electrical equipment.
Remediation attempts to identify the cause of the incident and steps that can be taken to prevent a reoccurrence, but this is the last step, not the first.
It is important to protect evidence while trying to contain an incident, but gathering the evidence will occur after containment.
What is security assertion market language?
It is in XML-based language that is commonly used to exchange authentication and authorization information between Federated organizations it is often used to provide SSL capabilities for browser access.
What is a throughput rate when it comes to biometrics?
It is the amount of time the system requires to scan a subject and approve or deny access. The more complex the longer the process. Typical throughput rate is 6 seconds.
What is ISO/IEC 27001?
It is the standard for the establishment, implementation, control, improvement of the information security management system.
What is False Accept or Type II Error?
It is when an invalid user is permitted access.
What is A stateful or dynamic inspection firewall?
It keeps track of the state of a network connection, like a TCP connection. This way, it can distinguish already established authentic connections and allow further transmissions.
What is a A proxy firewall?
It looks at higher layers in terms of the OSI model, so it can read application specific information to decide whether or not the traffic should be allowed through. A packet-filtering firewall cannot look at any data in the packet that is application specific
What is a IDEA cipher algorithm ?
It operates on 64-bit plaintext blocks and uses a 128 bit key.
What is NIST 800-34?
It provides Contingency Planning Guide for Federal Information Systems, provides instructions, recommendations, and considerations for federal information system contingency planning
DREAD risk assessment model
It provides a mnemonic for risk rating security threats using five categories. The categories are: Damage Reproducibility Exploitability Affected users Discoverability
What does hybrid cryptography provide?
It provides message encryption, which the symmetric key or secret key provides. while the asymmetric key is used to encrypt the symmetric key.
Containment should be the first step when an incident has been detected and verified to limit the effect or scope of an incident.
It should be reported based on an organization's policies and governing laws, but this is not the first step.
What is TEMPEST?
It was developed in the 1950s by the US government to address electromagnetic radiation being emitted from electrical equipment data that can be captured via electrical signals in reconstructed which threatens the confidentiality of sensitive data
What is a soft control?
It's another name for Administrative control.
What is remote mirroring ?
It's usually between storage arrays or storage appliances, and can be synchronous or asynchronous. Synchronous remote mirroring is the highest possible level for DR recovery point objective RPO and recovery time objective RTO. The RPO is "zero" lost data, and the RTO is typically seconds to minutes.
The technical aspects of software development vary according to the software development model used. What's the Build and Fix model?
It's when development is conducted without much prior planning.
What is an authentication service that uses a single-factor or multi-factor authentication methods?
Kerberos
what depends on secret keys symmetric ciphers. which is a third party authentication protocol an open source and relies on the user's secret keys. The password is used to encrypt and decrypt the keys.
Kerberos
Kerberos depends on what ?
Kerberos depends on secret keys (symmetric ciphers). Kerberos is a third party authentication protocol. It is considered open source but is copyrighted and owned by MIT. It relies on the user's secret keys. The password is used to encrypt and decrypt the keys.
Dynamic Packet Filtering Firewalls - Fourth Generation n Allows modification of security rules n Mostly used for UDP n Remembers all of the UDP packets that have crossed the network's perimeter, and it decides whether to enable packets to pass through the firewall.
Kernel Proxy - Fifth Generation n Runs in NT Kernel n Uses dynamic and custom TCP/IP-based stacks to inspect the network packets and to enforce security policies.
What is referred to as system mode, is one of the two distinct modes of operation of the CPU (central processing unit) in Linux?
Kernel mode
What can be defined as an instance of two different keys generating the same ciphertext from the same plaintext
Key clustering
What individuals would not normally be included in your organization's incident response team?
Law enforcement officials would not usually serve on your internal incident response team. Rather, you would typically appoint an individual to serve as a liaison with law enforcement.
Ethernet sniffers operate at what layer of the OSI Model?
Layer 2 - Data Link Layer.
IP SEC is often combined with ____________for VPN?
Layer 2 Tunneling Protocol L2TP
What firewall technology is most thorough?
Layer 7 Application Layer because it can block websites
There are some layers in ring model scheme that is not normally implemented into use? What are they?
Layers 1 and 2 contain device drivers but are not normally implemented in practice. Layer 0 always contains the security kernel. Layer 3 contains user applications. Layer 4 does not exist.
What level of assurance for a digital certificate verifies a user's name, address, social security number, and other information against a credit bureau database
Level 2/Class 2
What is the The Skipjack algorithm and its size?
Like many block ciphers, Skipjack operates on 64-bit blocks of text. It uses an 80-bit key and supports the same ,Cryptography and Symmetric Key Algorithms four modes of operation supported by DES
what attack is simply a series of packets sent to the target where the source and destination IP Addresses are the same as the victim
Local Area Network Denial LAND Attack
What is a LAND Attack?
Local Area Network Denial attack is simply a series of packets sent to the target where the source and destination IP Addresses are the same as the victim.
What are measure of impact are calculated during the impact assessment phase?
Loss expectancies
What uses scripting languages such as Visual Basic for Applications?
Macro viruses
What are some countermeasures to eavesdropping
Maintaining physical access security, using encryption, employing one-time authentication methods
In which CMM level is a detailed measure of the software process where a product quality is collected, analyzed, and then used to control the process?
Managed
The object classification and category, sensitivity labels attached to object is what type of access control?
Mandatory Access Control
What is multilevel security refered to as at times?
Mandatory access control
____________ occurs when a person presents him- or herself as another user, typically to gain access to unauthorized information or processes.
Masquerading
What type of virus infects the system's boot sector and load when the system is started.
Master boot record MBR virus
COBIT 5 framework, benefit all enterprises, regardless of size, geography or industry. The following five principles are key:
Meeting Stakeholder Needs, Covering the Enterprise End to End, Applying a Single Integrated Framework, Enabling a Holistic Approach, Separating Governance From Management
What provides redundant connections to systems, allowing multiple segment failures without seriously affecting connectivity.
Mesh topologies
What is a mode of data transmission in which a message is sent as a complete unit and routed via a number of intermediate nodes at which it is stored and then forwarded.
Message Switching
What are the two common data classification schemes?
Military and private sector
__________device that translates data from digital form and then back to digital for communication over analog lines.
Modem
Which of the following is NOT a technical control? Intrusion Detection Systems Identification and authentication methods Password and resource management Monitoring for physical intrusion
Monitoring for physical intrusion --It is considered to be a 'Physical Control' The 3 categories of access control: administrative, technical, and physical. A
Why is monitoring an important part of a security policy?
Monitoring is used to watch for security policy violations and to detect unauthorized or abnormal activities
What is MOM?
Motivations, Opportunities, and Means (MOM). Motivations are the who and why of a crime. Opportunities are the where and when of a crime, and Means pertains to the capabilities a criminal would need to be successful.
What is a rudimentary form of parallel processing in which several programs are run at the same time on a uniprocessor?
Multi programming
_________ is a one-to-many transmission method in which the network carries a message to multiple receivers at the same time.
Multicast
The operating system design concept of protection rings was derived from what early operating system?
Multics has left two enduring legacies in the computing world. First, it inspired the creation of a simpler, less-intricate operating system called Unix (a play on the word multics), and second, it introduced the idea of protection rings to operating system design.
When is it there is no requirement that all users have appropriate clearances to access information processed on a system?
Multilevel security mode system
Using a CPU in Parallel is called what?
Multiprocessing
What is a concept of performing concurrent tasks over a certain period of time by executing them concurrently
Multitasking
is the ability of a program or an operating system process to manage its use by more than one user at a time and to even manage multiple requests by the same user without having to have multiple copies of the programming running in the computer
Multithreading
_________popular in disaster recovery literature but difficult to implement. They are agreements between two parties to mutually assist one another in the event of disaster.
Mutual assistance agreements
Hybrid environments combine both hierarchical and compartmentalized environments so that security levels have subcompartments.
NAT does not allow initiations from external entities. Therefore, allowing external initiations is not a benefit. The benefit is that NAT does not allow them.
NIST has published continuity planning best practices in
NIST 800-34
This publication provides guidelines for applying the Risk Management framework to federal information systems?
NIST 800-37
When modifying the list of security controls within a baseline so that they align with the mission of the organization or customizing a standard for your organization, what source should you use?
NIST 800-53
what uses the following control categories: technical. management, and operational
NIST 800-53
What outlines the following responsibilities for the information owner, which can be interpreted the same as the data owner?
NIST SP 800-18
What outlines the following responsibilities for the system owner:
NIST SP 800-18
What outlines/regulation discusses following responsibilities for the information owner, which can be interpreted the same as the data owner?
NIST SP 800-18
What regulation frequently uses the phrase "rules of behavior," which is effectively the same as an acceptable usage policy (AUP)?
NIST SP 800-18
What regulation outlines the responsibilities and expected behavior of individuals and state the consequences of not complying with the rules or AUP? Called the "Rules of Behavior"
NIST SP 800-18
BCP/DRP Considerations -Regulations
NIST SP 800-34, ISO/IEC 27031
What is the Initiation Phase Security Certification Phase Security Accreditation Phase Continuous Monitoring Phase
NIST SP 800-37: four-step certification and accreditation process:
Security baselines provide a set of security controls that an organization can implement as a secure starting point under what publication?
NIST SP 800-53
What regulation discusses security control baselines as a list of security controls. It stresses that a single set of security controls does not apply to all situations, but any organization can select a set of baseline security controls and tailor it to its needs?
NIST SP 800-53
______block cipher had been chosen as the replacement for DES?
NIST released FIPS 197, which mandated the use of AES/Rijndael for the encryption of all sensitive but unclassified data by the US government.
Personally identifiable information (PII) is any information that can identify an individual. What policy is it under?
National Institute of Standards and Technology (NIST) Special Publication SP 800-122
What is National Institute of Standards and Technology (NIST) Special Publication for PII?
National Institute of Standards and Technology NIST Special Publication SP 800-122
This is a network vulnerability scanning tool that searches systems for known vulnerabilities
Nessus
A central authority determines what subjects can have access to certain objects based on the organizational security policy is called?
Non-Discretionary Access Control --A central authority determines what subjects can have access to certain objects based on the organizational security policy. The key focal point of this question is the 'central authority' that determines access rights
Read-only memory, flash memory, ferroelectric RAM F-RAM, most types of magnetic computer storage devices e.g. hard disk drives, floppy disks, and magnetic tape, optical discs, and early computer storage methods such as paper tape and punched cards are what type of memory?
Non-volatile memory
What is Non-volatile memory?
Non-volatile memory, nonvolatile memory, NVM or non-volatile storage is computer memory that can retrieve stored information even after having been turned off and back on.
What offers the least assurance of communication because they require a link to be established before communication can take place?
Nondedicated leased lines
What enables the enforcement of systemwide restrictions that override object-specific access control?
Nondiscretionary access control
What operates on a set of defined rules or restrictions that filter actions and activities performed on the system?
Nondiscretionary access control enables the enforcement of systemwide restrictions that override object-specific access control.
What are some important aspects to consider when designing email security
Nonrepudiation, access control, message integrity, source authentication, verified delivery, acceptable use policies, privacy, management, and backup and retention policies
Which form of memory is used for long-term retention?
Nonvolatile secondary memory is used for long-term storage. Examples of this memory type include hard drives, optical discs, and magnetic tape.
What protects against dictionary attacks as they often force users to write down the password which creates a new vulnerability having an office full of sticky notes with scribbled passwords is an attractive atmosphere for a potential hacker?
Not using password generators
using the CiS metric, which would fall under application security?
Number of Applications Using the standardized metrics chart represents the Application Security metric is Number of Applications-the compilation and review of the size, scope, and quantity of application is the concept
_________provides the response procedures for occupants of a facility in the event of a situation posing a potential threat to the health and safety of personnel, the environment, or property?
Occupant emergency plan
In an incremental backup, only the files that changed since the last backup will be backed up. In a differential backup, only the files that changed since the last full backup will be backed up. differentials require more space than incremental backups while incremental backups are faster to perform.
On the other hand, restoring data from incremental backups requires more time than differential backups. To restore from incremental backups, the last full backup and all of the incremental backups performed are combined. Restoring from a differential backup requires only the last full backup and the latest differential
___________is an internet protocol used for determining the revocation status of an X.50 Certificate.
Online Certificate Status Protocol
What is a limitation of the Bell-LaPadula model!
Only addresses confidentiality, control of writing one form of integrity ★-property and discretionary access control
What is OWASP Open Web Application Security Project?
Open Web Application Security Project is a nonprofit security project focusing on improving security for online or web-based applications
remember this: Declassification is required once an asset no longer warrants the protection of its currently assigned classification or sensitivity level.
Organizations often implement IT governance methods such as Control Objectives for Information and Related Technology COBIT. These methods help business owners and mission owners balance security control requirements with business or mission needs.
Crime Prevention Through Environmental Design CPTED
Outlines how the proper design of a physical environment can reduce crime by directly affecting human behavior?
Remember : A wiring closet is the infrastructure component often located in the same position across multiple floors in order to provide a convenient means of linking floor‐based networks together.
Output Feedback (OFB) mode prevents early errors from interfering with future encryption/decryption. Cipher Block Chaining and Cipher Feedback modes will carry errors throughout the entire encryption/decryption process. Electronic Codebook (ECB) operation is not suitable for large amounts of data.
______channel is a path within a computer system or network that is designed for the authorized transfer of data?
Overt channel
What element of data categorization management can override all other forms of access control? Classification Physical Access Custodian responsibilities Taking ownership
Ownership gives an entity full capabilities and privileges over the object they own.
is a symmetric encryption algorithm is used in what type software and it is a 64-bit block cipher which uses a 128-bit key?
PGP
What methods could you use to protect data being transferred between two offices from an individual running a network sniffer?
PKI certificates could be used to encrypt files or to secure a connection using HTTPS encapsulation. S/MIME uses PKI certificates to protect email messages in transit. SFTP or SSH file transfer or IPSEC tunnel
PPP operates at the _ layer of the OSI. data link presentation transport physical
PPP and SLIP operate at the data link layer
The Point-to-Point Protocol (PPP) was designed to support multiple network types over the same serial link, just as Ethernet supports multiple network types over the same LAN. .
PPP replaces the earlier Serial Line Internet Protocol SLIP that only supports IP over a serial link. PPTP is a tunneling protocol.
What are the four primary VPN protocols
PPTP, L2F, L2TP, and IPSec (Note: SSL/TLS is a valid VPN protocol as well, but it's not necessarily recognized on the exam as such.
Circuit level proxy does not analyze the application content of the packet in making its decisions, it has lower overhead than an application level proxy. A circuit-level proxy creates a conduit through which a trusted host can communicate with an untrusted one.
Packet Filtering Firewall - First Generation n Screening Router n Operates at Network and Transport level n Examines Source and Destination IP Address n Can deny based on ACLs n Can specify Port
Frame relay and X.25 networks are part of which of the following?
Packet-switched services. Frame relay and X.25 are both examples of packet-switching technologies. In packet-switched networks there are no dedicated connections between endpoints, and data is divided into packets and reassembled on the receiving end.
Commercial competitors or any other entity that is not directly connected or related to the primary organization cannot have that organization's third-party governance mandated or forced on them.
Parallel security designs are insecure because a threat could pass through a single checkpoint that did not address its particular malicious activity.
_________represent the next level in testing and involve actually relocating personnel to the alternate recovery site and implementing site activation procedures
Parallel tests
What can ensure that users create strong passwords of sufficient length and complexity that can track password history and prevent users from reusing passwords?
Password Policy
________always a potential attack if a wireless network is not otherwise using some other form of authentication, typically accessed via 802.1x.
Password guessing
What are some countermeasures to common attack methods
Patching software, reconfiguring security, employing firewalls, updating filters, using IDSs/IPSs, improving security policy, using traffic filters, improving physical access control, using system monitoring/auditing
Any Business Impact Assessment has the following steps
Perform a Vulnerability Assessment Carry out a Criticality Assessment — determining how critically important a particular business function is to the ongoing viability of the organization Determine the Maximum Tolerable Downtime Establish recovery targets Determine resource requirements
Which connection type uses a logical circuit that always exists and waits for customers to send data?
Permanent Virtual Circuit PVC
____________is the transformation technique used in cryptography which changes the relative position of values without replacing them. This is also a form of bit-shuffling
Permutation
OCTAVE = Operationally Critical Threat, Asset, and Vulnerability Evaluation from Carnegie Mellon
Phase 1: Staff knowledge, assets, and threats Phase 2: Identifies vulnerabilities and evaluates safeguards Phase 3: Conducts Risk Analysis and develops risk mitigation strategy
Which layer of OSI model uses repeaters?
Physical Layer
What is is the most prominent aspect of an organizational security policy because it directly and indirectly influences all other forms?
Physical security
Remember this: cabling in buildings must meet certain safety requirements when it comes to producing harmful chemicals that dissipate from a fire. This is called what?
Plenum Space
What is an encapsulation protocol designed to support IP traffic over dial up connections?
Point to Point protocol
What allows the insertion of multiple records that appear to have the same primary key values into the database at different classification levels?
Polyinstatiation
What is a virus code that can change or mutate itself so that the originalis not detected by the antivirus scanner BUT the virus can still carry out it's malicious activity?
Polymorphic Code
_________has the capability of changing its own code, enabling it to have many different variants, making it harder to detect by anti-virus software.
Polymorphic viruses
What is a common target of scanning attacks?
Port 22 is the TCP port usually used by the Secure Shell (SSH) protocol, a common target of scanning attacks.
Remember this: Most computers have universal ports where data can be transferred. When these ports are locked and unlocked, this is done through the practice known as port control.
Port control is accomplished through firewall settings at the router or through local firewall software on the computer.
following are WELL KNOWN PORTS assigned by the IANA?
Ports 0 to 1023
What are REGISTERED PORTS range as defined by IANA
Ports 1024 to 49151
The Biba Model or Biba Integrity Model developed by Kenneth J. Biba in 1977, is a formal state transition system of computer security policy that describes a set of access control rules designed to ensure data integrity. Data and subjects are grouped into ordered levels of integrity. The model is designed so that subjects may not corrupt data in a level ranked higher than the subject, or be corrupted by data from a lower level than the subject. Which of the following is the integrity goal addressed by the Biba Model? a. Prevent interception of message content by unauthorized parties b. Prevent unauthorized data modification by authorized parties c. Maintain internal and external consistency d. Prevent data modification by unauthorized parties
Prevent data modification by unauthorized parties Details: The correct answer is: d. Prevent data modification by unauthorized parties This is the only integrity goal addressed by the Biba Integrity model. Clark-Wilson addresses all three goals of integrity but the Biba model addresses only the first goal of integrity.
Access control methods are:
Preventive - prevent actions and restrict users' access Detective - send alerts during attack Corrective - correct a damaged system Recovery - restore functionality Deterrent - deter uses from performing actions Compensating - compensating for weakness in another control system
Twofish uses two techniques not found in other algorithms what are they?
Prewhitening involves XORing the plain text with a separate subkey before the first round of encryption. Postwhitening uses a similar operation after the 16th round of encryption.
To effectively hold users accountable, your security must be legally defensibly how is this done?
Primarily, you must be able to prove in a court that your authentication process cannot be easily compromised. Thus, your audit trails of actions can then be tied to a human.
What is selected from the set of candidate keys for a table to be used to uniquely identify the records in a table?
Primary Keys
privacy-aware role-based access control what is it?
Privacy-aware role-based access control is a type of RBAC
What cloud infrastructure is provisioned for exclusive use by comprising multiple consumers (e.g., business units). It may be owned, managed, and operated by the organization, a third party, or some combination of them, and it may exist on or off premises.
Private Cloud
If you are a sender what key should you use to encrypt a message digest?
Private key
what is also called memory protection, ensures that each process has its own isolated memory space for the storage of data and the actual executing application code?
Process isolation
The cardinality of a table refers to the number of rows in the table whereas the degree of a table is the number of columns.
Processing screens the collected information to perform a "rough cut" of irrelevant information, reducing the amount of information requiring detailed screening.
Risk analysis is MOST useful when applied during which phase of the system development process?
Project initiation and Planning Thus risk management should be established at the commencement of the project with a risk assessment during project initiation.
The BCP process, as defi ned by (ISC)2 , has four main steps
Project scope and planning Business impact assessment Continuity planning Approval and implementation
the ISO International Standard 15408 "Evaluation Criteria for Information Technology Security", also commonly known as the Common Criteria (CC) applies to what?
Protection profiles and security targets
The protection profile is one of two building blocks of common criteria which include protection profiles and security targets. They provide reliable verification of a product's security capabilities.
Protection profiles are considered the "I want" from customers when designing security requirements.
_________is erasing the data so the media is not vulnerable to data remnant recovery attacks, including those classified as laboratory level
Purging
_________used to sufficiently cleanse remnants of data on a magnetic storage drive so that it can be reused in unsecure environments.
Purging
what is a more intense form of clearing that prepares media for reuse in less secure environments. It provides a level of assurance that the original data is not recoverable using any known methods.
Purging
Who is responsible to review result and deliverables within each phase and at the end of each phase, and confirm compliance with requirements. Their objective is to ensure that the quality of the project by measuring adherence of the project staff to the organization's software development life cycle?
Quality Assurance
What would you use to prioritize traffic on a converged network?
Quality of Service
What are hard values and percentages measured?
Quantitative risk analysis
What are three remote access authentication mechanisms?
RADIUS, DIAMETER, and TACACS
Which is the RAID implementation that creates one big disk by using two disk as one large volume?
RAID 0 RAiD 0 creates one large disk by using several disks which is a process called striping.
remember this:In an IP Header in Byte Offset 8 there are 8 bits yielding 256 possible maximum hops before any packet expires.
RAID 3- RAID or Redundant Array of Individual Disks is a physical disk drive array that provides fault tolerance by spreading data across separate physical disks to both enhance speed and provide protection against individual disk failure.
What RAID focuses on performance rather than data redundancy and no fault tolerance?
RAID Level 0
What RAID provide no fault tolerance of the disk system rather than increasing it. The entire data volume is unusable if one drive in the set fails
RAID Level 0
Which RAID Writes files in stripes across multiple disks without the use of parity information. This technique allows for fast reading and writing to disk because all of the disks can be accessed in parallel?
RAID Level 0
which RAID has the highest cost per megabyte since every piece of data is written at two different locations simultaneously for redundancy purposes?
RAID level 1 mirroring
Which RAID levels run faster on hardware?
RAID levels 3 and 5
it is volatile hardware memory that loses integrity after power is shut off
RAM
following algorithms is a stream cipher?
RC4
is a symmetric encryption algorithm. It is a block cipher of variable block length, encrypts through integer addition, the application of a bitwise Exclusive OR XOR, and variable rotations
RC5
_____is a symmetric algorithm patented by Rivest, Shamir, and Adleman (RSA) Data Security,
RC5 which is a block cipher of variable block sizes 32, 64, or 128 bits that uses key sizes between 0 zero length and 2,040 bits
What RFC contains the Internet Advisory Board's statement on ethics and the Internet? A. RFC 1087 B. RFC 1918 C. RFC 2048 D. RFC 2296
RFC 1087 outlines the IAB's position on proper use of the Internet.
What is the name for a substitution cipher that shifts the alphabet by 13 places?
ROT13 cipher. ROT13 "rotate by 13 places", is a simple letter substitution cipher that replaces a letter with the letter 13 letters after it in the alphabet. ROT13 is an example of the Caesar cipher, developed in ancient Rome.
an asymmetric encryption algorithm is based on the difficulty of factoring large numbers--what is it?
RSA
What is RAM
Random Access Memory, it is volatile hardware memory that loses integrity after power is shut off
Which one of the following terms can be used to describe RAM memory?
Random access memory RAM is accessed in a random, rather than a sequential, fashion
Input or Information Accuracy in Software Development security requires
Range checks, Relationship checks, Reasonableness checks
what is a software development methodology that uses minimal planning in favor of rapid prototyping?
Rapid application development
what usually provides a quicker warning than fixed-temperature sensors because they are more sensitive, but they can also cause more false alarms?
Rate-of-rise temperature sensors
What is ROM?
Read only memory--nonvolatile memory that maintains integrity after the loss of power.
what must be either uniquely identified by a witness or authenticated a documented chain of custody?
Real evidence
What is the difference between recovery and restoration?
Recovery involves bringing businesses operations and processes back to a workable state. restoration involves bringing a business facility and enviornment back to a workable state.
What type of site is owned by the company and are mirrors of the original production environment
Redundant Site
the software testing level tests software after updates, modifications, or any patches?
Regression testing
Data Classification programs are best sponsored by the highest ranking official
Remember : Security awareness training is supported all the way to the top.
Remember isolation between subjects and objects is the Security kernel
Remember following device in Frame Relay WAN technique is a service provider device that does the actual data transmission and switching in the frame relay cloud is the DCE
Remember this: It is possible that an organization may not need a disaster recovery plan. An organization may not have any critical processing areas or system and they would be able to withstand lengthy interruptions.
Remember that DRP is related to systems needed to support your most critical business functions.
Remember this: Preaction systems allow more reaction time in case of a false alarm.
Remember this : A surge is a prolonged rush of high voltage power.
Remember this :Performing Reduction Analysis is a decomposition process, identify five key concepts: :Trust Boundaries Data Flow Paths Input Points, Privileged Operations, Details about Security Stance and Approach
Remember this : Prioritization and Response to threats using the DREAD rating system solution that is based on the answers to five main questions about each threat
Remember this: Biba is known as the Biba Integrity Model. The Bell-LaPadula model focuses on data confidentiality and controlled access to classified information.
Remember this : The information flow model is based on a state machine, and it consists of objects, state transitions, and lattice states. In this context, objects can also represent users. .
Remember this :The phase of the IDEAL model does the organization develop, test, refine, and implement solutions is in the acting phase
Remember this :The BCP implementation phase is where the largest commitment of hardware and software resources. The other phases are more manpower intensive.
Remember this :Accountability is the ultimate goal of a process started by identification.
Remember this :The process of performing qualitative risk analysis involves judgment, intuition, and experience—in other words, opinions.
Remember this :Commercial competitors or any other entity that is not directly connected or related to the primary organization cannot have that organization's third-party governance mandated or forced on them.
Remember this Electronically erasable programmable read-only memory EEPROM chips can be erased by modulating an electric current applied to the chip.
remember this: In addition to the accuracy of the biometric systems, there are other factors that must also be considered. These factors include the enrollment time, the throughput rate, and acceptability.
Remember this Water is appropriate for class A common combustibles fires. Class B fires liquid are best handled by CO2, soda acid or Halon. Class C fires electrical are best handled by CO2 and Halon. Fire class D is used for combustible metals like magnesium.
Remember this : DREAD rating system is Damage potential, Reproducibility, Exploitability, Affected users, Discoverability
Remember this When evaluating a third party for your security integration, consider the following processes:On-Site Assessment, Document Exchange and Review, and Process/Policy Review
remember this: memory cards and smart cards are different because memory cards and smart cards is their capacity to process information. A memory card holds information but cannot process information. A smart card holds information with hardware and software to actually process that information.
Remember this a very active attack. The attacker will make use of a scanner to perform the attack, the scanner sends packets to the target in order to illicit responses that allows the attacker to find information about the operating system, vulnerabilities, misconfiguration and more.
Remember this SAML is a popular SSL language on the Internet X ACM CL has become popular with software defined networking applications
Remember this the secure European system for application in a multivendor environment SESAMe is a ticket based authentication system developed to address weakness in Kerberos.
Remember this--Generally, the purpose of STRIDE and other tools in threat modeling is to consider the range of compromise concerns and to focus on the goal or end results of an attack.
Remember this--Determining and Diagramming Potential Attacks is often accomplished through the creation of a diagram of the elements involved in a transaction along with indications of data flow and privilege boundaries
Rerember this: A database row contains the information that makes up a single database record.
Remember this: A The top-down approach is the aspect of security governance that is based on the idea that senior management is responsible for the success or failure of a security endeavor.
Remeber this: NAT does not allow initiations from external entities. Therefore, allowing external initiations is not a benefit. The benefit is that NAT does not allow them.
Remember this: A custodian is someone who has been assigned to or delegated the day-to-day responsibility of proper storage and protection of objects. A user is any subject who accesses objects on a system to perform some action or accomplish a work task. An owner is the person who has final corporate responsibility for the protection and storage of data.
Remeber this: The primary key is selected from the pool of available candidate keys for each table.
Remember this: Access control is any hardware, software, or organizational administrative policy or procedure that grants or restricts access, monitors and records attempts to access, identifies users attempting to access, and determines whether access is authorized.
Remember this: When a user manages to compromise a colleagues account of similar privileges it is known as horizontal-privilege escalation.
Remember this: Allowing the compromise of that colleagues files and own account permissions. Vertical-Privilege escalation is the act of compromising an account with nativity higher administrative rights. Generally an administrator or manager account.
Remember this: difference between a hacker attacking a network and a legitimate penetration test is Written permission from the network owner whereas a hacker they dont
Remember this: Anomaly-Based firewall looks for traffic that just isn't normal and if it crosses a threshold, action can be taken by the IDS/IPS. Anything different that the normal traffic triggers action.
Remember this: the user mode is is designed to protect users from accidentally damaging the system through the execution of poorly designed code
Remember this: Auxiliary alarm systems facilitate local, remote, and centralized alarm systems by notifying external sources police, fire, medical of signifying events.
Remember this: Confidentiality is the principle that objects are not disclosed to unauthorized subjects. Integrity is the principle that objects retain their thruth and are intentionally modified by only authorized subjects.
Remember this: Availability is the principle that authorized subjects are granted timely and uninterrupted access to objects.
Remember this: The Loki attack uses the ICMP protocol for communications between two systems,
Remember this: ICMP was designed to be used only for sending status and error messages about the network. Because the Loki attack is using ICMP in an unintended manner, this constitutes a covert channel attack.
Remember this: In cryptanalysis, frequency analysis is the study of the frequency of letters or groups of letters in a ciphertext. The method is used as an aid to breaking classical ciphers.
Remember this: In SQL, a view is a virtual table based on the result-set of an SQL statement. A view contains rows and columns, just like a real table. The fields in a view are fields from one or more real tables in the database.
Remember this principle that can be summed up as "the enemy knows the system is Kerckchoffs. -states that a cryptographic system should remain secure even when all details of the system, except the key, are public knowledge.
Remember this: Industrial espionage is usually considered a business attack.
Remember this: To be effective, the approach to security management must be a top-down approach. The responsibility of initiating and defi ning a security policy lies with upper or senior management.
Remember this: Middle management is responsible for fleshing out the security policy into standards, baselines, guidelines, and procedures
Remember this: The agile software development methodology prioritizes flexible development that emphasizes responding to change over following a plan.
Remember this: Multipartite viruses use more than one propagation technique in an attempt to penetrate systems that defend against only one method or the other.
remember this an off site so that it can quickly be made operational is incorrect as the offsite is also subject to the same disaster as of the primary site.
Remember this: Password management falls into Preventive control. Password management is an example of preventive control. Proper passwords prevent unauthorized users from accessing a system.
Remember this :Requiring authentication time-outs bears no direct result on password attack protection. Strong password enforcement, restricted physical access, and two-factor authentication help improve security posture against automated attacks.
Remember this: Sanitation is the process of wiping storage media clean in preparation for disposal or destruction.
Remember this:act includes provisions to protect consumers' personal financial information held by financial institutions is the Gramm-Leach-Bliley Act" or GLB Act
Remember this: Sarbanes-Oxley Act introduced highly significant legislative changes to protect investors by improving the accuracy and reliability of corporate disclosures made pursuant to the securities laws.
Remember this Need to know is more granular
Remember this: Task-based = another nondiscretionary method
Remember this: Triple DES has an effective key length of 168 bits.
Remember this: The 10 system is a code used in radio communications for brevity and clarity.
Remember this: The lattice model is a label-based Mandatory Access Control (MAC) model
Remember this: The Graham-Denning Model is a computer security model that shows how subjects and objects should be securely created and deleted. It also addresses how to assign specific access rights. It is mainly used in access control mechanisms for distributed systems.
Remember this :The of the key elements of the BCP documentation is a list of future events that might warrant reconsideration of the determination that a risk is acceptable.
Remember this: The SHA-2 algorithms support the creation of message digests up to 512 bits long.
Remember this: SESAME is subject to password guessing like Kerberos.
Remember this: The cost of access control must be commensurate with the value of the information that is being protected
Remember this: Security management planning includes defining security roles, developing security policies, performing risk analysis, and requiring security education for employees.
Remember this: The security management team should develop strategic, tactical, and operational plans.
Remember this: Other aspects of security solution concepts and principles are the elements of protection mechanisms: layering, abstraction, data hiding, and encryption as the common characteristics of security controls
Remember this: Those assigned the senior management role are ultimately responsible and liable for any asset loss, and they are the ones who define security policy
Remember this: Threat modeling refers to security process that depicts potential identified threats categorized threats, and the analysis of threats
Remember this: Threat modeling can be performed: First, as a proactive measure during design and development Second, as a reactive measure taken once a product has been deployed.
Remember this: only two parts of a packet which changes between sending host and the receiving host while in transit is Time to Live and MAC Address
Remember this: Time to Live. It's that part of the IP Header that prevents packets from wandering around the internet forever looking for the destination.
Remember this :Processing screens the collected information to perform a "rough cut" of irrelevant information, reducing the amount of information requiring detailed screening.
Remember this: To make the determination of whether the safeguard is financially equitable ALE before countermeasure - ALE after implementing the countermeasure - annual cost of countermeasure = value of the countermeasure to the company.
Remember this: RAID 1+5 is nested RAID involving the mirroring which is RAID 1 of striped drive sets with evenly distributed parity data which is RAID 5
Remember this: VBScript is the only example of an interpreted language listed. C++, Java, and Fortran are compiled languages
Remember this: the need for encryption is hiding the meaning or intent of a communication from unintended recipients
Remember this: When information is collected about your activities online without your consent, it is known as a violation of privacy.
Remember this: A key should always be using the full spectrum of the keyspace and be extremely random
Remember this: When using link encryption, packets have to be decrypted at each hop and encrypted again.
Remember this: the biggest threat to new devices introduced to a network Default Passwords.
Remember this: default passwords on devices and are usually configured as insecure as possible so that they work right out of the box. Great for marketing, terrible for security.
Remember this: Identification is the process by which a subject professes an identity and accountability is initiated
Remember this: identity must occur by a subject to a system to begin the process of authentication, authorization, and accountability
Remember this:the elements of a formalized security policy structure: security policy, standards, baselines, guidelines, and procedures. Such documentation clearly states security requirements and creates due diligence on the part of the responsible parties.
Remember this: key security roles are: senior manager, organizational owner, upper management, security professional, user, data owner, data custodian, and auditor. By creating a security role hierarchy, you limit risk overall.
Remember this: Encryption doesn't insure integrity. Hashing algorithms would be used instead to validate integrity.
Remember this: method of remote access that was retired by Microsoft because it relies on LANMAN hashes, reuse of session keys and the use of an unauthenticated control channel, PPTP is considered broken and therefore unsafe.
Remember this: MAC Addresses are local only to the network you are on. The moment it hits the first router or switch the Source and Destination MAC Addresses change to the next hop in the path
Remember this: most benefits from the process of encryption is Confidentiality.
Remember this: Integrating cyber security risk management with acquisition strategies and practices is a means to ensure a more robust and successful security strategy in all organizations
Remember this: purchases without security considerations inherent risks occur throught the product life span or cycle.
Remember this: security management planning involves: strategic, tactical, and operational
Remember this: strategic plan is a long-term plan that is fairly stable. The tactical plan is a midterm plan developed to provide more details on accomplishing the goals set forth in the strategic plan. Operational plans are short-term
Remember this: implement security awareness training. Before training occurs, awareness of security as a recognized entity must be created for users. Once this is accomplished, training, or teaching employees to perform their work tasks and to comply with the security policy, can begin
Remember this: the concept of abstraction is is used to collect similar elements into groups, classes, or roles that are assigned security controls, restrictions, or permissions as a collective. It adds efficiency to carrying out a security plan.
Remember this: It is the responsibility of the operationalmanagers or security professionals to implement the configurations prescribed in the security management documentation
Remember this: the end users' responsibility is to comply with all security policies of the organization
Remember this: Auditing detects malicious actions by subjects, attempted intrusions, and system failures. Auditing can reconstruct events, provide evidence for prosecution, and produce problem reports and analysis
Remember this: the importance of accountability makes subjects held accountable for their actions. Relies on the capability to prove a subject's identity and track their activities.
Remember this: Cipher feedback mode C F B uses streaming cipher compared to C B C block cipher
Remember this: the maximum allowed Ping packet size is 65, 536 bytes. To engage in any pain of death attack and attack or less send a packet that exceeds this maximum. Therefore the smallest packet that might result in a successful attack would be 65,537 bytes..
Remember this: Examples of which attacks a firewall cannot mitigate Reverse-Engineering HTTP Cookies URL Interpretation attacks User Input validation attacks SQL query poisoning
Remember this: two of the most common detection mechanisms for Intrusion Detection or Intrusion Prevention Systems are Anomaly Detection and Signature Detection
Remember this: differences between the Session and Transport layers of the OSI model is that the Transport layer sets up communication between computer systems, while the Session layer sets up connections between applications.
Remember this: web server threats can a packet filter firewall can mitigate are ICMP Flood attacks.
Remember this: Tokens such as RSA tokens are less susceptible to electronic eavesdropping, replay attacks, and password guessing due to their limited life passcode. They provide a higher level of security than static passwords.
Remember this:. When the discretionary access control method is used to control access to a system and network resources, the owner of the resource has the necessary privileges to assign permissions.
Remember this: System owners interact with data owners to ensure the data is protected while at rest on the system, in transit between systems, and in use by applications operating on the system
Remember this:A data administrator is responsible for granting appropriate access to personnel. They don't necessarily have full administrator rights and privileges, but they do have the ability to assign permissions.
Remember this: S/MIME supports the DES, RC2, and 3DES symmetric encryption algorithms and also uses RSA for public key encryption. It does not provide support for IDEA.
Remember this:Degaussing does not remove data from optical media. Overwriting files isn't a reliable method of removing data remnants.
Remember this::Bell-LaPadula Model suitable for preventing unauthorized access to secret informationIt prevents users and processes from reading above their security level.
Remember this:In a lattice model every resource and every user of a resource is associated with one of an ordered set of classes. The classes were based on military security classless . If you had clearance to secret you couldn't read up to top secret
Remember this: Authentication is the process of verifying or testing that a claimed identity is correct. Authentication requires information from the subject that must exactly correspond to the indicated identity.
Remember this:Once a subject is authenticated, its access must be authorized.
Remember this: An ultimate goal of threat modeling is to prioritize the potential threats against an organization's valuable assets
Remember this:STRIDE stands for Spoofing Tampering—Any action resulting in the unauthorized changes Repudiation—The ability for a user or attacker to deny having performed an action Information disclosure Denial of service Elevation of privilege
Remember this: process of authorization requested activity or object access due to the given rights and privileges assigned to the authenticated identity
Remember this:Security governance is the collection of practices related to supporting, defining, and directing the security efforts of an organization
Remember this: least preferred remote access method from a security and control point of view is Dial-up connectivity not based on centralize control and least preferred from security and control standpoint.
Remember this:When attempting to inventory and categorize threats, it is often helpful to use a guide or reference. Microsoft developed a threat categorization scheme known as STRIDE.
Remember this:The person assigned the data owner role is responsible for classifying information, and a data custodian is responsible for maintaining the secure environment and backing up data.
Remember thisAn auditor is responsible for making sure a secure environment is properly protecting assets.
Remember this: individual documents are essential elements to the design and implementation of security in any environment consists of policies, standards, baselines, guidelines, and procedures
Remember. Lattice-based access controls deal primarily with integrity. Lattice-based access controls primarily deal with confidentiality. Lattice-based access control and the Bell-LaPadula model are connected.
Remember: Data classifications provide strong protection against the loss of confidentiality. Data labels and proper data handling are based on first identifying data classifications. Data degaussing methods apply only to magnetic media.
Remember: An asynchronous token generates and displays one-time passwords using a challenge-response process to generate the password. synchronous token is synchronized with authentication server and generates synchronous one-time passwords.
Remember Risk assessments requires and evaluation of assets and related threats to those assets. You never implement countermeasures. You can suggest but not implement.
Remember: Automated tools in risk analysis have a lot of necessary questions that are pre-programmed and are best to use. They can decrease the time alloted
Remember: Stream ciphers can be designed to be exceptionally fast, much faster than any block cipher. A stream cipher generates what is called a key stream a sequence of bits used as a key.
Remember: Block ciphers do not use public cryptography private and public keys.
Remember: B1 does not address covert channels. B2 requires a system to protect against covert storage channels but does not address covert timing channels. B3 and A1 both address covert storage channels and covert timing channels and must perform a covert channel analysis for both types.
Remember: Data should usually be normalized, thus avoiding data redundancy.
Remember: L2TP Protocol works at data link layer. L2TP and PPTP were both designed for individual client to server connections; they enable only a single point-to-point connection per session.
Remember: Dial-up VPNs use L2TP often. Both L2TP and PPTP operate at the data link layer layer 2 of the OSI model. PPTP uses native PPP authentication and encryption services and L2TP is a combination of PPTP and Layer 2 Forwarding protocol L2F.
Remember this: Corporate governance deals with governance procedures of the whole organization and all its functions. Security governance is a subset of it
Remember: Downstream liability requires that companies ensure their activities or lack of activity do not negatively affect other companies.
Remember: The European Union's data privacy directive does not grant individuals the right to delete data from corporate databases.
Remember: Hot sites are the only site capable of activation within the required six-hour timeframe.
Justifications should be provided when data is denormalized, not when it is normalized, because it introduces risk of data inconsistency. Denormalization is usually introduced for performance purposes.
Remember: In response to an access-request from a client, a RADIUS server returns one of three authentication responses: access-accept, access-reject, or access-challenge
Remember Kerberos uses only symmetric encryption and does not make use of any public key component.
Remember: Key Distribution Center provides services to principals , which can be users , applications or network services.
Remember: Due to the nature of the terms, Decentralized and Distributed are used interchangeably. Distributed Access Control is a single sign-on role-based access control system for web servers and server-based software used in the authentication process.
Remember: Logging is the collection of information used in monitoring. Accounting for this activity is necessary for detecting security issues such as unauthorized access incidents. Logging collects and time-stamps system activity and even records a user ID if it's related to auditing user access.
Remember: Security mechanisms are needed within an operating system because software is not trusted
Remember: Most higher-order security models, such as Bell-LaPadula and Biba, are based on the state machine model as well as the information flow and noninterference models.
Remember: Identification establishes user accountability for the actions on the system.
Remember: Transformational procedures programs operate only on unconstrained data items.
Remember: However, it's important to note that copyright law protects only the expression inherent in computer software—that is, the actual source code. It does not protect the ideas or process behind the software.
Remember: it is important to note that officially registering a copyright is not a prerequisite for copyright enforcement.
Remember : Control Objectives for Information Technology is a framework and a set of business practices
Remember: learning a user ID and password and using them is not backdooring but masquerading
Remember: The BCP team should sit down and determine an ARO for each risk identifi ed in the previous section.
Remember: to find likelihood assessments for some risks prepared by experts at no cost to you the U.S. Geological Survey (USGS) developed the earthquake hazard map. Federal Emergency Management Agency (FEMA) coordinates the development of detailed fl ood maps of local communities throughout the United States
What is a __________technology maintains mirrored images of servers at both the primary and alternate sites.
Remote Mirroring
___________can be accomplished on Kerberos if the compromised tickets are used within an allotted time window?
Replay
A BCP team. The team should include, at a minimum, the following individuals
Representatives from departments responsible for the core services performed by the business key support departments Representatives IT representatives with technical expertise Security representatives Legal representatives senior management reps
What is the final step of the business impact assessment (BIA) process?
Resource prioritization
What step is Resource Prioritization in the business impact assessment?
Resource prioritization is the final step
What algorithm has been selected as the AES algorithm, replacing the DES algorithm?
Rijndael
Ring model consists of
Ring zero which is the kernel Ring one with is the Operating System Ring two which is the device drivers Ring 3 is the User Applications
the process by which risk management is achieved and includes analyzing an environment for risks, evaluating each risk as to its likelihood of occurring and the cost of the resulting damage, assessing the cost of various countermeasures for each risk, and creating a cost/benefit report for safeguards to present to upper management
Risk analysis
What is risk analysis?
Risk analysis is the process by which upper management is provided with details to make decisions about which risks are to be mitigated, which should be transferred, and which should be accepted
What is Risk Avoidance?
Risk avoidance is the practice of coming up with alternatives so that the risk in question is not reali
What is Risk Mitigation?
Risk mitigation is the practice of the elimination of, or the significant decrease in the level of risk presented. Examples of risk mitigation can be seen in everyday life and are readily apparent in the information technology world. Risk Mitigation involves applying appropriate control to reduce risk.
What's RSN?
Robust Security Network
Non Discretionary Access Control (NDAC) can also be referred to as?
Role-Based Access Control
Name at least five networking device types other than firewalls
Routers, switches, hubs, repeaters, bridges, gateways, proxies
What are possible mechanisms for adding security to email
S/MIME, MOSS, PEM, and PGP
what is an Extensible Markup Language (XML) standard that allows a user to log on once for affiliated but separate Web sites and is designed for business-to-business (B2B) and business-to-consumer (B2C) transactions.?
SAML
What is SAML?
SAML (Security Assertion Markup Language) is an Extensible Markup Language (XML) standard that allows a user to log on once for affiliated but separate Web sites. SAML is designed for business-to-business (B2B) and business-to-consumer (B2C) transactions.
Which addressed some of the shortcomings in Kerberos and uses public key cryptography for Secret Key distribution provides additional access control support
SESAME -Secure European System for Applications in a Multi-vendor Environment (SESAME) was developed to address the weaknesses in Kerberos and uses public key cryptography for the distribution of secret keys and provides additional access control support.
what is a hashing algorithm producing a 160-bit hash result from any data. and does not perform encryption.
SHA-1
what produces a 160-bit message digest
SHA-1
The SLE is calculated using the following formula:
SLE = asset value (AV) times exposure factor (EF) or more simply: Single Loss Expectancy = Asset Value times Exposure Factor SLE=AV X EF
what is a single loss expectancy (SLE) and how is it calculated?
SLE is an element of quantitative risk analysis that represents the cost associated with a single realized risk against a specific asset. The formula is SLE = asset value (AV) * exposure factor (EF).
clear text protocols is normally disallowed through a firewall from the internet in it's unprotected form?
SNMP are insecure versions uses a community string in clear text. Having a rule on your firewalls allowing such traffic may permit an attacker to gain a lot of information for your devices or in some case have the ability to reconfigure your devices. So never allow SNMP through a firewall
When a user is attempting to connect to a SNMP service on an internal system that while booted and functioning is not actually running an SNMP server, what information response will their system receive?
SNMP is a UDP-based service. UDP can not send back errors, because it is a simplex protocol. Thus, when UDP errors occur, ICMP Type 3 error will be returned.
SNORT is a(n): Firewall IDS Password Cracking tool Password sniffing tool
SNORT is an open source network IDS
what report focuses on a business's non-financial reporting controls as they relate to security, availability, processing integrity, confidentiality, and privacy of a system.
SOC-2 report
What attacks allow hackers to bypass normal access controls and gain access to the database supporting a web application?
SQL injection
What uses a public-key cryptography to secure session key, while the session key secret key is used to secure the whole session taking place between both parties communicating with each other?
SSL
What describes the relationship between SSL and TLS?
SSL is a proprietary protocol whereas TLS was developed by a standards body, making it an open-community protocol
What are some types of threat modeling?
STRIDE, diagramming, reduction/decomposing, and DREAD
_______is a form of denial-of-service attack in which an attacker sends a succession of SYN requests to a target's system in an attempt to consume enough server resources to make the system unresponsive to legitimate traffic?
SYN Flood Attack
What is notice, choice, onward transfer, security, data integrity, access, and enforcement
Safe Harbor principles
Communications devices must operate at what rate of speed to communicate?
Same speed
What is any number of processes that prepares media for destruction. It ensures that data cannot be recovered by any means from destroyed or discarded media.
Sanitization
_________is a combination of processes that removes data from a system or from media. It ensures that data cannot be recovered by any means?
Sanitization
What refers to reviewing a baseline baseline security controls and determining what standard will be used or employed?
Scoping
What refers to reviewing baseline security controls and selecting only those controls that apply to the IT system you're trying to protect.
Scoping
What refers to reviewing baseline security controls and selecting only those controls that apply to the IT system you're trying to protect?
Scoping
What is a technology that can allow an automated tool to interact with a human interface?
Screen scraping
firewall that communicates directly with a perimeter router and internal network is called ___.
Screened host
Which from the following list is the lowest military data classification for classified data Sensitive Secret Proprietary Private
Secret.......read the question!!!!!!! There is no sensitive in the military...
_____________provides secure replacements for a number of common Internet utilities.
Secure Shell (SSH)
What should be addressed at the design phase?
Security
who is responsible for providing adequate physical and logical security for IS programs, data and equipment?
Security Administrator
Who is responsible for implementing user clearances in computer based information systems at the B3 level of TCSEC?
Security Administrators are responsible - set clearances, set initial passwords, and new user security or changing policies for existing users.
Security Assertion Markup Language S A M L?
Security Assertion Markup Language SAML is an XML standard that allows secure web domains to exchange user authentication and authorization data. Using SAML, an online service provider can contact a separate online identity provider to authenticate users who are trying to access secure
What is a collection of components in the TCB that work together to implement reference monitor functions is called the _________________?
Security Kernel
Physically securing the tapes from unauthorized access is obviously a security concern and is considered a function of the what?
Security Operations Domain.
Security requires two components? What are those two components?
Security requires both a technological component and a procedural human component to result in a well-balanced information security program.
What specifies the claims of security from the vendor that are built into a Target of Evaluation?
Security targets (STs)
An IT auditor is assigned to perform an independent classification of systems. In the event that the IT auditor identifies a system where functions can be performed manually at an acceptable cost to the company for a long period of time, how should the IT auditor classify that system?
Sensitive functions are best described as those that can be performed manually at a tolerable cost for an extended period of time.
What is the main reason is carry out separation of duties?
Separation of duties - main reason is to ensure one person can't carry out a task that can be damaging or risky for a company.
rerember this : Separation of duties--This prevents any one person from having the ability to undermine or subvert vital security mechanisms.
Separation of duties is also a protection against collusion , which is the occurrence of negative activity undertaken by two or more people, often for the purposes of fraud, theft, or espionage.
What in the OSI-model Transport layer protocol in the IPX/SPX protocol stack. It is a reliable, connection-oriented protocol, similar to the TCP protocol of the TCP/IP, but it is datagram rather than stream protocol.
Sequence Packet Exchange
Which of the following is the most important and distinctive concept in relation to layered security? Multiple Series Parallel Filter
Series basically this states that layering is the multiple CONTROLS in a series when it comes to the distinctive concept in relation to layered security...
What law mandates protection of privacy data. Third parties agree to abide by principles as a method of ensuring that they are complying with the EU Data Protection law. The seven principles are notice, choice, onward transfer, security, data integrity, access, and enforcement
Seven Safe Harbor principles
When online transactions processing system OLTP has erroneous errors on invalid transactions that are noticed what actions do you take?
Should be written to a report and reviewed--logs must be reviewed
Information flow model
Similar to Bell La Padula model and control how information may flow between objects based on security classes. Information flows in accordance with security policy
Simple Network Management Protocol (SNMP) is?
Simple Network Management Protocol (SNMP) is an Internet-standard protocol for collecting and organizing information about managed devices on IP networks and for modifying that information to change device behavior. Devices that typically support SNMP include routers, switches, servers, workstations, printers, modem racks and more.
What is a subject may not read information at a higher sensitivity level no read up.
Simple Security Property
A Security Information and Event Management SIEM system is the best tool to search through large log files looking for intrusion-related events.
Simulation tests are similar to the structured walk-throughs. In simulation tests, disaster recovery team members are presented with a scenario and asked to develop an appropriate response.
What is an element of quantitative risk analysis that represents the cost associated with a single realized risk against a specific asset?
Single Loss Expectancy
what can be implemented by using scripts that replay the users multiple log-ins against authentication servers to verify a user's identity and to permit access to system services?
Single Sign On
Which of the following is implemented through scripts or smart agents that replays the users multiple log-ins against authentication servers to verify a user's identity which permit access to system services? a. Kerberos b. Smart cards c. Dynamic Sign-On d. Single Sign-On
Single Sign-On SSO can be implemented by using scripts that replay the users multiple log-ins against authentication servers to verify a user's identity and to permit access to system services. Single Sign on was the best answer in this case because it would include Kerberos.
What is an attempt to deceive an insider into performing questionable actions on behalf of some unauthorized outsider..
Social engineering
what is a combination of flash memory EEPROM and DRAM
Solid State Drive
Remember this When purchases are made without security considerations, the risks inherent in those products remain throughout their deployment lifespan.
Some organizations must craft job descriptions to be in compliance with SOC-2, while others following ISO 27001 require annual reviews of job descriptions
what is a security target?
Specifies the claims of security from the vendor that are built into the Target of Evaluation
What is unique "what each must bring" and joined together when implementing dual control
Split knowledge
The STRIDE Threat Model
Spoofing identity Tampering with data Repudiation Nonrepudiation Information disclosure Denial of service Elevation of privilege
Application Level Firewall - Second Generation n Proxy Server n Copies each packet from one network to the other n Masks the origin of the data n Operates at layer 7 n Reduces Network performance since it has do analyze each packet and decide what to do with it. n Also Called Application Layer Gateway
Stateful Inspection Firewalls - Third Generation n Packets Analyzed at all OSI layers n Queued at the network level n Faster than Application level Gateway
What is the tranquility principle of the Bell La Padula Model?
States that the classification of a subject or object does not changed while being referenced.
What prevents ARP attacks?
Static ARP binding help prevent ARP attacks since the attacker's spoofed ARP replies would no longer cause any changes in the (static) ARP cache.
What's a fast expensive memory that uses small latches called "flip flops" to store bits?
Static Random Access Memory
Which of the following NAT firewall translation modes is required to make internal hosts available for connection from external hosts
Static Translation: With static translation also called port forwarding, a specific internal network resource usually a server has a fixed translation that never changes. Static NAT is required to make internal hosts available for connection from external hosts
What are the five generation types of firewalls?
Static packet filtering, application-level gateway, stateful inspection, dynamic packet filtering, and kernel proxy
A virus that hides itself from OSes and other protective software, such as antivirus shields is what?
Stealth Virus
What alter operating system file access routines so that when an antivirus package scans the system, it is provided with the information it would see on a clean system rather than with infected versions of data?
Stealth viruses
The purpose of the CAM table is to:
Store MAC addresses for the purpose of forwarding frames
Storage of Hard DriveS should:
Store hard drives in anti-static bags, and be sure that person removing them from bag is static free If the original box and padding for the hard drive is available, use it for shipping If the hard drive has been in a cold environment, bring it to room temperature prior to installing and using it
What cipher is a type of symmetric encryption algorithm that operates on continuous streams of plain text and is appropriate for hardware-based encryption.
Stream
What Cipher is appropriate for hardware based encryption?
Stream Cipher
What are The Three Parts of the Relational Model?
Structural: defines the core of the data and the relationships involved described in terms of relations , tuples , attributes and domains . Manipulative: defines how the data in the model will be accessed and manipulated. Constraints: defines limits on the model. T
strong business continuity plan requires the use of a proven methodology. This requires the following:
Structured analysis of the business's organization from a crisis planning point of view The creation of a BCP team with the approval of senior management--An assessment of the resources available to participate in business continuity activities--An analysis of the legal and regulatory landscape that governs an organization's response to a catastrophic event
What Uses the same key for communication in any direction
Symmetric key
Remember this: Asymmetric cryptosystems use public-private key pairs for communication between parties but operate much more slowly than symmetric algorithms.
Symmetric key cryptosystems or secret key cryptosystems) rely on the use of a shared secret key. They are much faster than asymmetric algorithms, but they lack support for scalability, easy key distribution, and nonrepudiation
What is the difference between a Synchronous Dynamic Password Token and a Asynchronous Dynamic Password Token?
Synchronous dynamic are based on time and synchronized with an authentication server . They produce a new password periodically like every 60 sections. Asynchronous Dynamic tokens does not use a clock. Passwords are based on an algorithm with an incrementing counter.
What provides the most granular or distinctive control over resources and users because it enforces clearances, requires need to know, and allows the processing of only single sensitivity levels
System High
what are the processes I communicate between the rings?
System calls which allows processes to communicate with the kernel and provide a window between the rings.
Which of the following cannot be undertaken in conjunction or while computer incident handling is ongoing?
System development activity if an Incident Handling is underway an incident has potentially been identified. At that point all use of the system should stop because the system can no longer be trusted and any changes could contaminate the evidence. This would include all System Development Activity.
Who are authorized to process data at different classification levels only if all system users have access to the highest level of classification processes?
System running in system High mode.
___________is responsible for granting appropriate access to personnel. They don't necessarily have full administrator rights and privileges, but they do have the ability to assign permissions
System/Data Administrator
_________is an application that can serve as a basic firewall by restricting access based on user IDs or system IDs.
TCP wrapper
Any backup strategy must include full backups at some point in the process. If a combination of full and differential backups is used, a maximum of two backups must be restored. If a combination of full and incremental backups is chosen, the number of required restorations may be unlimited.
TCP wrapper is an application that can serve as a basic firewall by restricting access based on user IDs or system IDs.
What is the IP header contains a protocol field for TCP?
TCP=6
What was developed in the 1950s by the US government to address electromagnetic radiation being emitted from electrical equipment data that can be captured via electrical signals in reconstructed which threatens the confidentiality of sensitive data?
TEMPEST
What type of data is a secure protocol implemented in web application traffic to ensure privacy between client and server communications to protect this type of data
TLS --Data in Transit/Motion
What was replaced for SSL?
TLS Transport Layer Security was specifically designed as a replacement for SSL.
Traceroute works by exploiting which specific feature? IP TTL ICMP RTT
TTL--To troubleshoot Windows network connectivity problems, use this introduction to time-to-live (TTL) and trace route.
SQL is a relational database Query language. SQL stands for structured query language. What describes how the tables and views are structured?
Tables
What is designed to focus a timeframes of approximately one year and may include scheduling of tasks, assignment of responsibilities, hiring plans, maintenance plans, and even acquisition plans?
Tactical planning
What refers to modifying the list of security controls within a baseline so that they align with the mission of the organization or customizing a standard for your organization?
Tailoring
what refers to modifying the list of security controls within a baseline so that they align with the mission of the organization?
Tailoring
what are the common criteria terms?
Target of evaluation, security target, protection profile, evaluation assurance level.
What include access controls; intrusion detection; alarms; closed-circuit television (CCTV); monitoring; heating, ventilating, and air conditioning (HVAC); power supplies; and fire detection and suppression?
Technical physical security controls
remember this: Bind variables are placeholders for literal values in a Structured Query Language (SQL) query being sent to the database on a server.
The *- star integrity axiom of the Biba access control model states that an object at one level of integrity is not permitted to modify an object of a higher level of integrity -no write up
What is FIPS-140?
The 140 series of Federal Information Processing Standards (FIPS) are U.S. government computer security standards that specify requirements for cryptography modules.
What are the differences between the The Bell-LaPadula model and the Biba model?
The Bell-LaPadula model focuses on data confidentiality and controlled access to classified information, in contrast to the Biba Integrity Model which describes rules for the protection of data integrity.
what is the biba model?
The Biba Model is a formal state transition system of computer security policy that describes a set of access control rules designed to ensure data integrity. Data and subjects are grouped into ordered levels of integrity.
In the Biba model, what rule prevents a user from reading from lower levels of classification?
The Biba simple property rule/star axiom is "no read down."
The Brewer and Nash model what is it!
The Brewer and Nash model was constructed to provide information security access controls that can change dynamically. This security model, also known as the Chinese wall model, was designed to provide controls that mitigate conflict of interest in commercial organizations.
what model is based on dynamic changes of user privileges and access based on user activity?
The Brewer-Nash model
Remember this Centralized alarm systems remotely monitor sensors spread around a business facility or campus and trigger on some specified event.
The Caesar cipher is a simple substitution cipher where each letter of a message is changed.
Encrypted viruses use a variety of cryptographic keys in conjunction with encryption and decryption routines to hide their code on the hard drive to escape detection
The Clark-Wilson model enforces separation of duties to further protect the integrity of data. This model employs limited interfaces or programs to control and maintain object integrity.
Which model prevents authorized users from making unauthorized modifications to data, thereby protecting its integrity?
The Clark-Wilson model which uses separation of duties
What protects computers used by the government or in interstate commerce from a variety of abuses
The Computer Fraud and Abuse Act
The DES applies what?
The DES applies a division operation that puts characters through 16 rounds of transposition and substitution functions, with a resulting 64-bit block of ciphertext.
What operates on messages in 64-bit blocks?
The DES cipher operates on messages in 64-bit blocks.
What is used to make modifications to a relational database's schema?
The Data Definition Language (DDL)
What is used to make modifications to a relational database's schema?
The Data Definition Language DDL is used to make modifications to a relational database's schema
What is a subset of SQL containing the commands used to interact with data?
The Data Manipulation Language
Which Backup Method only copies files that have changed since a full backup backup was last performed?
The Differential Backup Method
______only copies files that have changed since a full backup backup was last performed?
The Differential Backup Method
Remember this: Secure RPC (Remote Procedure Call) protects remote procedures with an authentication mechanism.
The Diffie-Hellman authentication mechanism authenticates both the host and the user who is making a request for a service. The authentication mechanism uses Data Encryption Standard (DES) encryption. +.
what prohibits the circumvention of copy protection mechanisms placed in digital media and limits the liability of Internet service providers for the activities of their users?
The Digital Millennium Copyright Act
Digital Millennium Copyright Act of 1998
The Digital Millennium Copyright Act prohibits the circumvention of copy protection mechanisms placed in digital media and limits the liability of Internet service providers for the activities of their users.
explain the basic provisions of the Digital Millennium Copyright Act of 1998?
The Digital Millennium Copyright Act prohibits the circumvention of copy protection mechanisms placed in digital media and limits the liability of Internet service providers for the activities of their users.
Digital Millennium Copyright Act of 1998?
The Digital Millennium Copyright Act prohibits the circumvention of copy protection mechanisms placed in digital media and limits the liability of Internet service providers for the activities of their users.
what is a suite of Internet Engineering Task Force (IETF) specifications for securing certain kinds of information provided by the Domain Name System (DNS) as used on Internet Protocol (IP) networks.
The Domain Name System Security Extensions (DNSSEC)
the best recovery strategy if you have an application which cannot allow downtime without impacting the organization?
The Dual Data Center strategy is employed for applications, which cannot accept any downtime without negatively impacting the organization
What are the basic provisions of the Economic Espionage Act of 1996?
The Economic Espionage Act provides penalties for individuals found guilty of the theft of trade secrets. Harsher penalties apply when the individual knows that the information will benefit a foreign government
Economic Espionage Act of 1996.
The Economic Espionage Act provides penalties for individuals found guilty of the theft of trade secrets. Harsher penalties apply when the individual knows that the information will benefit a foreign government.
the Economic Espionage Act of 1996?
The Economic Espionage Act provides penalties for individuals found guilty of the theft of trade secrets. Harsher penalties apply when the individual knows that the information will benefit a foreign government
What was released in 1991 formalized the prudent man rule, which requires senior executives to take personal responsibility for ensuring the due care that ordinary, prudent individuals would exercise in the same situation?
The Federal Sentencing Guidelines
what provided punishment guidelines to help federal judges interpret computer crime laws.The guidelines formalized the prudent man rule , which requires senior executives to take personal responsibility for ensuring the due care that ordinary, prudent individuals would exercise in the same situation?
The Federal Sentencing Guidelines released in 1991
What primarily run when time and tape space permits, and is used for the system archive or baselined tape sets?
The Full Backup Method
_________is primarily run when time and tape space permits, and is used for the system archive or baselined tape sets
The Full Backup Method
What is an integrity model based on predetermining the set or domain—a list of objects that a subject can access?
The Goguen-Meseguer model
What further develops the federal government information security program?
The Government Information Security Reform
What Act of 2000 amended the Paperwork Reduction Act to implement additional information security policies and procedures?
The Government Information Security Reform Act of 2000
Government Information Security Reform Act of 2000 is what?
The Government Information Security Reform Act of 2000 amended the Paperwork Reduction Act to implement additional information security policies and procedures.
The Simple Integrity Property states that a subject cannot Compartmentalized environments require specific security clearances over compartments or domains instead of objects.read an object of a lower integrity level no read down.
The Graham-Denning model is focused on the secure creation and deletion of both subjects and objects.
what provides more granular approach for interaction between subjects and objects?
The Gramm Denning Model
What is HITECH?
The Health Information Technology for Economic and Clinical Health Act of 2009 HITECH amended HIPAA to include new regulations related to data breach notification and the compliance requirements of covered entity business associates.
What is an ICMP Type 3?
The ICMP destination unreachable message is generated by a router to inform the source host that the destination unicast address is unreachable.
What was developed in response to complaints about the insufficient key length of the DES algorithm operates on 64-bit blocks of plain text/ciphertext?
The International Data Encryption Algorithm IDEA
what is an international agreed-upon standard for describing in testing the security of IT products?
The International common criteria
what provides background security support services for IPSec, including managing security associations?
The Internet Security Association and Key Management Protocol ISAKMP
A directive control is a security tool used to guide the security implementation of an organization.
The National Interagency Fire Center provides daily updates on wildfires occurring in the United States.
List the security features offered by the Network layer of the OSI model
The Network layer (layer 3) offers confidentiality, authentication, and integrity
What is a is a vendor-neutral platform for developing and implementing enterprise architectures. It focuses on effectively managing corporate data through the use of metamodels and service-oriented architecture (SOA)
The Open Group Architecture Framework
Standard includes requirements that merchants promptly report incidents affecting the security of credit card information?
The Payment Card Industry Data Security Standard
what is PCI DSS
The Payment Card Industry Data Security Standard includes requirements that merchants promptly report incidents affecting the security of credit card information.
what is Failure Resistant Disk Systems (FRDSs), Failure Tolerant Disk Systems, and Disaster Tolerant Disk Systems?
The RAID Advisory Board defined three classifications of RAID
Remember : The maximum key size on Rijndael is 256 bits
The Rijndael algorithm is a new generation symmetric block cipher that supports key sizes of 128, 192 and 256 bits, with data handled in 128-bit blocks - however, in excess of AES design criteria, the block sizes can mirror those of the keys.
what is an SOC-2 report?
The SOC 2 report focuses on a business's non-financial reporting controls as they relate to security, availability, processing integrity, confidentiality, and privacy of a system
What was approved for use by the US government in Federal Information Processing Standard FIPS 185, the Escrowed Encryption Standard (EES)?
The Skipjack algorithm
What model is based on defining a set of system states, initial states, and state transitions. Through the use of and limitations to only these predetermined secure states, integrity is maintained and interference is prohibited?
The Sutherland model is based on the idea of defining a set of system states, initial states, and state transitions. Through the use of and limitations to only these predetermined secure states, integrity is maintained and interference is prohibited.
The TCB has which of the following?
The TCB is defined in the Orange Book or Trusted Computer System Evaluation Criteria The TCB does includes the combination of all hardware, firmware and software responsible for enforcing the security policy. As the level of trust increases the level of scrutiny required during evaluation increases as well
What scan sends an ______ packet, simulating a packet from the middle of an already established connection?
The TCP ACKNOWLEDGEMENT PACKET
What can be described as the total protection mechanisms inside the computer, including hardware, firmware and software?
The Trusted Computing Base (TCB) is defined as the total combination of protection mechanisms within a computer system. The TCB includes hardware, software, and firmware. These are part of the TCB because the system is sure that these components will enforce the security policy and not violate it.
What was developed by Bruce Schneier, uses prewhitening and postwhitening?
The Twofish algorithm
What algorithm, developed by Bruce Schneier, uses prewhitening and postwhitening?
The Twofish algorithm, developed by Bruce Schneier, uses prewhitening and postwhitening.
What is the Uniform Computer Information Transactions Act on Software Licensing?
The Uniform Computer Information Transactions Act provides a framework for the enforcement of shrink‐wrap and click‐wrap agreements by federal and state governments.
what enterprise architecture provide six frameworks for providing information security asking what how where who when and why through a frame work matrix?
The Zachman framework
What is the best example of managing the Security Function?
The act of performing a risk assessment to drive the security policy is the clearest and most direct example of management of the security function
The ___________software development methodology prioritizes flexible development that emphasizes responding to change over following a plan.
The agile methodology
What phase of a business impact assessment calculates the ARO for a given risk scenario?
The annualized rate of occurrence (ARO) is a measure of how many times a risk might materialize in a typical year. It is a measure of risk likelihood.
Which of the following statements pertaining to key management is INCORRECT? a. The more a key is used, the shorter its lifetime should be. b. Keys should be backed up or escrowed in case of emergencies. c. When not using the full keyspace, the key should be extremely random. d. A key's lifetime should correspond with the sensitivity of the data it is protecting
The answer is C: When not using the full keyspace, the key should be extremely random. "When not using the full keyspace, the key should be extremely random." The truth is totally the opposite. You should always use the full key sprectrum or else you cannot claim to have randomness if you make use of only a subset of the keys.
What is the MOST important aspect relating to employee termination?
The appropriate company staff are notified about the termination.
What is a spoofing attack
The attacker pretends to be someone or something other than whom or what they are. They can spoof identities, IP addresses, email addresses, and phone numbers. They often replace the valid source and/or destination IP address and node numbers with false ones
Remember System Development Lifecycle (SDLC) is Security Accreditation Obtained during Testing and evaluation control
The basic phases of SDLC are: Project initiation and planning Functional requirements definition System design specifications Development and implementation Documentation and common program controls Testing and evaluation control, (certification and accreditation) Transition to production (implementation)
What process consist of limits set on the memory addresses and resources it can access?
The bounds state or define the area within which a process is confined.
How would you determine the cardinality of a database table?
The cardinality of a database table is the number of records (or rows) in that table.
The opposite of the top-down approach is the bottom-up approach. In a bottom-up approach environment, the IT staff makes security decisions directly without input from senior management. The bottom-up approach is rarely used in organizations and is considered problematic in the IT industry.
The change control process of configuration or change management has several goals or requirements: Implement changes in a monitored and orderly manner. Changes are always controlled. A formalized testing process is included to verify that a change produces expected results. All changes can be reversed also known as backout or rollback plans/procedures.
What is a private cloud?
The cloud infrastructure is provisioned for exclusive use by a single organization comprising multiple consumers (e.g., business units). It may be owned, managed, and operated by the organization, a third party, or some combination of them, and it may exist on or off premises.
what hides a message inside of a longer message. For example, every sixth word within a document can be used to spell out a secret message within that document.
The concealment cipher
What is a concealment cipher?
The concealment cipher hides a message inside of a longer message. For example, every sixth word within a document can be used to spell out a secret message within that document.
In the Bell-LaPadula model, the Star-property is also called:
The confinement property
What is a mechanism that allows an entity into an application by bypassing access controls?
The correct answer is trapdoor. Trapdoor also referred to as backdoor or maintenance hook is a mechanism that allows an entity into an application by bypassing access controls.
Which of the following statements pertaining to block ciphers is incorrect? a. Plain text is encrypted with a public key and decrypted with a private key. b. It is more suitable for software than hardware implementations. c. It operates on fixed-size blocks of plaintext. Some Block ciphers can operate internally as a stream d. Some Block ciphers can operate internally as a stream
The correct answer is: A Plain text is encrypted with a public key and decrypted with a private key. Block ciphers do not use public cryptography (private and public keys). Block ciphers is a type of symmetric-key encryption algorithm transforms fixed-size block of plaintext unencrypted text data into a block of ciphertext (encrypted text) data of the same length. They are appropriate for software implementations and can operate internally as a stream.
Which type of Firewall typically operates at the session layer of the OSI model? A. Circuit-Level Gateway Firewall B host-based firewall C. Bastion Host Firewall D. Packet Filtering Firewall
The correct answer is: A. Circuit-Level Gateway Firewall Circuit-Level gateway firewalls operate at the session layer of the OSI model or the TCP layer of the DoD TCP/IP Model. They monitor TCP handshake traffic between hosts to determine whether a request session is legitimate.
Which of the following BEST describes what a SQL Injection is? a. It is an attack used to gain unauthorized access to a database. b. It is a Man-in-the-Middle attack between your SQL Server and Web App Server c. It is an attack involving insecure database encryption d. It is an attack that disconnects the SQL server from its internal network
The correct answer is: A. It is an attack used to gain unauthorized access to a database. it's an attempt to get the web application to pass a rogue SQL query to the database for malicious intent.
Which of the following standard was developed in order to protect against fraud in electronic fund transfers (EFT) by ensuring the packets are coming from its claimed originator and that it has not been altered in transmission?
The correct answer is: A. Message Authentication Code (MAC) protect against fraud in electronic fund transfers (EFT), the Message Authentication Code (MAC), ANSI X9.9, was developed. The MAC is a check value, which is derived from the contents of message itself
What attack would you be seeing if the offset bits in an IP Header overlapped with the value of previously sent packets? A. Teardrop Attack B. LAND Attack C. Null Scan D. XMas Tree Scan
The correct answer is: A. Teardrop Attack The Teardrop attacks involve sending IP Fragments which have overlapping fragment offset numbers so that when the victim's computer tries to reassemble the IP frags into the intended file the target crashes. It doesn't know how to handle the improperly-numbered fragments.
Which of the following is most likely to be useful in detecting intrusions? Access control lists Information security policies Audit trails Security labels
The correct answer is: Audit trails If audit trails have been properly defined and implemented, they will record information that can assist in detecting intrusions.
An incremental backup process a. Backs up the files that been modified since the last full backup. It does not change the archive bit value. b Backs up all the files that have changed since the last full or incremental backup and sets the archive bit to 0. c. Backs up all the data and changes the archive bit to 0. c. Backs up all the data and changes the archive bit to 1
The correct answer is: B Backs up all the files that have changed since the last full or incremental backup and sets the archive bit to 0.
Which of the following terms can be described as the process to conceal data into another file or media in a practice known as security through obscurity? a. NTFS ADS b. Encryption c. Steganography d. ADS - Alternate Data Streams
The correct answer is: C Steganography It is the art and science of encoding hidden messages in such a way that no one, apart from the sender and intended recipient, suspects the existence of the message or could claim there is a message.
What is the MAC-Based technical security measure used to protect access to the physical network infrastructure?A A. PKI B. 802.1X C. Port Security D. EAP
The correct answer is: C. Port Security Port Security or commonly known as switchport security is a method of controlling access to network media. Notably, a mechanism called VMPS - VLAN Membership Policy Server is a way to prevent unknown MAC Addresses from connecting to your network.
What do you call a user interface that limits the functions that can be selected by a user?
The correct answer is: Constrained user interfaces Constrained user interfaces limit the functions that can be selected by a user. Another method for controlling access is by restricting users to specific functions based on their role in the system.
Which of the following statements pertaining to IPSec is incorrect? a. In transport mode, ESP only encrypts the data payload of each packet. b. ESP provides for integrity, authentication and encryption to IP datagrams. c. Integrity and authentication for IP datagrams are provided by AH. d. A security association has to be defined between two IPSec systems in order for bi-directional communication to be established
The correct answer is: D. A security association has to be defined between two IPSec systems in order for bi-directional communication to be established. This is incorrect, there would be a pair of Security Association (SA) needed for bi directional communication and NOT only one SA. The sender and the receiver would both negotiate an SA for inbound and outbound connections.
Which of the following is a form of Hybrid Cryptography where the sender encrypts the bulk of the data using Symmetric Key cryptography and then communicates securely a copy of the session key to the receiver? A. Asymmetric B. Symmetric key encryption C. Digital Envelope D. Digital Signature
The correct answer is: D. Digital Envelope A Digital Envelope is used to send encrypted information using symmetric keys, and the relevant session key along with it. It is a secure method to send electronic document without compromising the data integrity, authentication and non-repudiation, which were obtained with the use of symmetric keys
What would you call a person that uses his skills for defensive purpose? Phreaker Cracker Ethical Hacker Hacker
The correct answer is: Ethical Hacker The term Ethical Hacker refers to a person who is using his skills for defensive purpose.
Which of the following statements pertaining to quantitative risk analysis is FALSE? A. It requires a high volume of information B. It involves complex calculations C. It requires little experience to apply D. Portion of it can be automated
The correct answer is: It requires little experience to apply Assigning the values for the inputs to a purely quantitative risk assessment requires both a lot of time and significant experience on the part of the assessors. The most experienced employees or representatives from each of the departments would be involved in the process. It is NOT an easy task if you wish to come up with accurate values.
Which of the following alternative business recovery strategies would be LEAST reliable in a large database and on-line communications network environment where the critical business continuity period is 7 days ? Hot site Reciprocal agreement Warm site Redundant or Alternate Site
The correct answer is: Reciprocal Agreement Since Reciprocal Agreement cannot be enforced, a reciprocal agreement is the least reliable solution for business recovery. It is always the worst choice as they cannot be trusted and are unreliable.
The IP header contains a protocol field. If this field contains the value of 6, what type of data is contained within the ip datagram? UDP. IGMP. TCP. ICMP.
The correct answer is: TCP. If the protocol field has a value of 6 then it would indicate it was TCP. The protocol field of the IP packet dictates what protocol the IP packet is using. TCP=6, ICMP=1, UDP=17, IGMP=2
What is called an event or activity that has the potential to cause harm to the information systems or networks? Threat Weakness Vulnerability Threat agent
The correct answer is: Threat: An event or activity that has the potential to cause harm to the information systems or networks.
Secure Shell (SSH-2) provides all the following services except: a. port forwarding b. user authentication c. command execution d. secure remote login
The correct answer is: a. User authentication This is one of the tricky negative question. You have to pay close attention to the word EXCEPT within the question. Authentication in this protocol level is host-based not user based The SSH transport layer is a secure, low level transport protocol. It provides strong encryption, cryptographic host authentication, and integrity protection and it does provide port forwarding
Which are the two primary types of scanner used for protecting against Malware? a. Active and passive Scanner b. Malware mask/signatures and Heuristic Scanner c. None of the above d. Behavioral Blockers and immunizer Scanner
The correct answer is: b. Malware mask/signature and Heuristic Scanner
Which of the following protocols would BEST mitigate threats of sniffing attacks on web application traffic? a. SSH - Secure Shell b. SSL or TLS c. 802.1X d. ARP Cache Securit
The correct answer is: b. SSL or TLS While it traverses the network, without some sort of encryption of web application data is vulnerable to sniffing and interception by attackers on the network. If we observe sniffer traffic on an unencrypted network we can clearly see the contents of user interaction with the web server and its applications
In Operations Security trusted paths provide: a. trustworthy integration into integrity functions. b. trustworthy interfaces into priviledged MTBF functions. c. trustworthy interfaces into priviledged user functions. d. trusted access to unsecure paths.
The correct answer is: c. trustworthy interfaces into priviledged user functions "Trusted paths provide trustworthy interfaces into privledged user functions and are intended to provide a way to ensure that any communications over that path cannot be intercepted or corrupted."
Which of the following is the most important consideration in locating an alternate computing facility during the development of a disaster recovery plan? a. It is convenient to airports and hotels. b. It is close enough to serve its users. c. It is close enough to become operational quickly. d. It is unlikely to be affected by the same disaster
The correct answer is: d It is unlikely to be affected by the same disaster. You do not want the alternate or recovery site located in close proximity to the original site because the same event that create the situation in the first place might very well impact that site also.
A cryptanalyst choose a piece of ciphertext and attempt to obtain the corresponding decrypted plaintext. What is the least effective attack of a public-key cryptosystem? a. Ciphertext-only attack b. Plaintext Only Attack c. Adaptive-Chosen-Plaintext attack d. Chosen-Ciphertext attack
The correct answer is: d. Chosen Ciphertext attack A chosen-ciphertext attack is one in which cryptanalyst may choose a piece of ciphertext and attempt to obtain the corresponding decrypted plaintext.
Under the physical access controls which control category would you use to describe a fire extinguisher?
The correct response is corrective. Under the physical access control type a fire extinguisher would be considered a corrective control. The goal of corrective actions are to remedy circumstances and mitigate damage.
The layer that adds a 'trailer' (containing checksum and padding if needed) to the end of a data frame, is the ___ layer. network transport session data link
The data link layer adds a trailer at the end of the frame
Who is the person who has ultimate organizational responsibility for data. The owner is typically the CEO, president, or a department head. Data owners identify the classification of data and ensure that it is labeled properly?
The data owner
who is is the person responsible for classifying, labeling, and protecting data?
The data owner
the common applications of cryptography to secure web activity
The de facto standard for secure web traffic is the use of HTTP over Transport Layer Security TLS or the older Secure Sockets Layer (SSL). many websites are dropping support for SSL due to security concerns
Which are the set of allowable values that an attribute can take?
The domain of a relation is the set of allowable values that an attribute can take.
What algorithm depends on the elliptic curve discrete logarithm problem and provides more security than other algorithms when both are used with keys of the same length?
The elliptic curve algorithm
What is the amount of damage that the risk poses to the asset?
The exposure factor
what step is the prioritize the allocation of business continuity resources to the various identified risks and assessed in the preceding tasks of the BIA?
The final step of the BIA
Explain the steps of the business impact assessment process.
The five steps of the business impact assessment process are identification of priorities, risk identification, likelihood assessment, impact assessment, and resource prioritization.
What are the four layers of the TCP/IP protocols, and how do they relate to the OSI model layers?
The four layers of TCP/IP are Application layers 5-7 of OSI, Transport layer 4 of OSI, Internet layer 3 of OSI, and Link layers 1 and 2 of OSI.
What is a network device that works at the Application layer. However, an Application layer gateway is a very specific type of component. It serves as a protocol translation tool. For example, an IP-to-IPX gateway takes inbound communications from TCP/IP and translates them over to IPX/SPX for outbound transmission?
The gateway
What is the goal of a business continuity program?
The goal of a business continuity program is to ensure that recovery time objectives are shorter than maximum tolerable downtime measures.
What is the primary goal of a Business Continuity Plan?
The goal of the BCP process is to ensure that your RTOs are less than your MTDs, resulting in a situation in which a function should never be unavailable beyond the maximum tolerable downtime
Remember this: secuirty policy is a formal statement of the rules that people who are given access to an organization's technology and information assets must abide. The policy communicates the security goals to all of the users, the administrators, and the managers.
The goals will be largely determined by the following key tradeoffs: services offered versus security provided, ease of use versus security, and cost of security versus risk of loss.
What action usually closes the identification phase of incident response
The identification phase usually concludes with the notification of the incident response team.
What is an ARP attack
The modification of ARP mappings. When ARP mappings are falsified, packets are not sent to their proper destination. ARP mappings can be attacked through spoofing. Spoofing provides false MAC addresses for requested IP addressed systems to redirect traffic to alternate destinations
Stealth viruses alter operating system file access routines so that when an antivirus package scans the system, it is provided with the information it would see on a clean system rather than with infected versions of data.
The modified waterfall process differs from the standard waterfall process by adding validation and verification phases.
What is the difference from the standard waterfall process by adding validation and verification phases?
The modified waterfall process differs from the standard waterfall process by adding validation and verification phases.
In system high mode, all users have appropriate clearances and access permissions for all information processed by the system but need to know only some of the information processed by that system.
The most commonly overlooked aspect of mobile phone eavesdropping is related to people in the vicinity overhearing conversations (at least one side of them). Organizations frequently consider and address issues of wireless networking, storage device encryption, and screen locks.
What controls access and the use of system resources in preemptive multitasking mode?
The operating system--Operating systems that use preemptive multitasking run the show, and one application does not negatively affect another application as easily.
what would be the most effective method of identifying illegal software packages loaded to the network?
The periodic checking of hard drives would be the most effective method of identifying illegal software packages loaded to the network.
to perform the cost/benefit analysis of a safeguard, you must calculate the following three elements:
The pre-countermeasure ALE for an asset-and-threat pairing The post-countermeasure ALE for an asset-and-threat pairing The Annual Cost of the Safeguard
The primary role of the certificate authority (CA) in the communication process is to:
The primary activity of a CA is to issue certificates. The primary role of the CA is to check the identity of the entity owning a certificate and to confirm the integrity of any certificate it issued.
Protection profiles used in the Common Criteria evaluation process contain five elements. the following establishes the type and intensity of the evaluation?
The protection profile contains the set of security requirements, their meaning and reasoning, and the corresponding evaluation assurance level (EAL) rating that the intended product will require
Remote authentication dial-in user service centralizes authentication for remote connections it is used when organization has more than one network access server.
The radius server is used to verify authentication authorization_track accounting. The radius uses user datagram protocol UDP any encrypts only the exchange of the password --it doesn't encrypt the entire session. It is defined in RFC 2865
_________represents the point in time, prior to such an event or incident, to which lost data can be recovered (given the most recent backup copy of the data
The recovery point objective
______is the maximum acceptable level of data loss following an unplanned "event", like a disaster (natural or man-made), act of crime or terrorism, or any other business or technical disruption that could cause such data loss. The RPO represents the point in time, prior to such an event or incident, to which lost data can be recovered,
The recovery point objective (RPO)
This portion of the BCP documentation essentially recaps the decision-making process undertaken during the business impact assessment is what?
The risk assessment portion
remember this There are two types of cyber squatting. The first type is when a person registers a similar domain name as an official source such as a commonly misspelled version of a trademark. The cyber squatter then redirects traffic to his own domain.
The second type a person registers a domain doesn't use it but refuses to sell it to anyone unless it's for a high price.
What correctly describes the relationship between the reference monitor and the security kernel?
The security kernel implements and enforces the reference monitor. The reference monitor is an access control concept implemented and enforced by the security kernel via the hardware, software, and firmware. The security kernel ensures that subjects have the appropriate authorization to access the objects they are requesting.
Understand the seven Safe Harbor principles what are they?
The seven principles are notice, choice, onward transfer, security, data integrity, access, and enforcement.
What are thethe seven Safe Harbor principles?
The seven principles are notice, choice, onward transfer, security, data integrity, access, and enforcement.
remember this: The TOCTTOU acronym expands to "Time Of Check To Time Of Use". It is a type of File Access Race Condition.
The software checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check causingf the software to perform invalid actions when the resource is in an unexpected state.
what is really serious criteria in the assignment of a classification label?
The source or origin of a resource.
what is considered a meta-model?
The spiral model. A spiral model uses multiple iterations of the waterfall model.
The DRP plan covers actions to be taken when a disaster occur but DRP PLANNING which is the keywork in the question would also include steps that happen before you use the plan such as development of the plan, training, drills, logistics, and a lot more
The star property (read "star"-property) - a subject at a given security level must not write to any object at a lower security level no write-down. The star property is also known as the Confinement property
What reflects the criticality of the BCP to the organization's continued viability.
The statement of importance--This document is a letter to the organization's employees stating the reason that the organization devoted significant resources to the BCP development process and requesting the cooperation of all personnel in the BCP implementation phase
Which task of BCP bridges the gap between the business impact assessment and the continuity planning phases?
The strategy development task bridges the gap between business impact assessment and continuity planning by analyzing the prioritized list of risks developed during the BIA and determining which risks will be addressed by the BCP.
The security of a computer application is most effective and economical when?
The system is originally designed to provide the necessary security. It is also much more efficient if security is addressed in each phase of the development cycle rather than an add-on because it gets more complicated to add at the end
Who ensures that the system is labeled accurately and that appropriate security controls are in place to protect the data?
The system owner
Who should measure the effectiveness of Information System security related controls in an organization?
The systems auditor -It is the systems auditor leads the effort ensuring security controls in place verify effectively controls comply with polices, procedures, laws, and applicable regulations. The findings would are sent to senior management.
802.15 is what as it applies to wireless technology?
The term personal area network is most closely associated with wireless technology & creates personal area networks PANs such as personal area networks
The return of company property, disabling network access, an exit interview, and an escort from the property.
The termination procedure
with software testing approaches the test plan should what?
The test plan and results should be retained as part of the system's permanent documentation
what is security information and event time management?
The tools provide real-time analysis of events occurring on systems throughout an organization they include agents install the remote systems that monitor for specific events known as alarm triggers
The tranquility principle of the Bell-LaPadula model?
The tranquility principle of the Bell-LaPadula model states that the classification of a subject or object does not change while it is being referenced.
Name the three types of subjects and their roles in a security environment
The user accesses objects on a system to perform a work task; the owner is liable for protection of data; the data custodian is assigned to classify and protect data
What is a virtual directory?
The virtual directory periodically synchronizes itself with all of the identity stores individual network directories to ensure the most up-to-date information is being used by all applications and identity management components within the enterprise.
________states where critical business records will be stored and the procedures for making and storing backup copies of those records.
The vital records program
what allows the development process to return only to the immediately preceding phase of development at any given time.
The waterfall model
There are 34 control objectives or high level processes in what control objective?
There are 34 control objectives in COBIT 4.x
There are three contemporary forms of cryptography. What are they?
There are three contemporary forms of cryptography.
Block ciphers--how are they used as a symmetric-key encryption algorithm?
They transforms a fixed-size block of plaintext unencrypted text data into a block of ciphertext --encrypted text data of the same length. They are appropriate for software implementations and can operate internally as a stream.
CISSP Exam Prep 2016 Maliciously altering the routing data in the routing tables is called Routing Table ___. defacement spoofing hijacking poisoning
This attack results in wrong entries in the routing tables and is known as 'Routing Table Poisoning'
What markup language allows for the sharing of application security policies to ensure that all applications are following the same security rules?
This can happen through eXtensible Access Control Markup Language (XACML). XACML is a markup language and processing model that is implemented in XML. It declares access control policies and describes how to interpret them.
What is Nessus?
This is a network vulnerability scanning tool that searches systems for known vulnerabilities
What firewall has speed and flexibility, as well as capacity to block some denial-of-service and related attacks, makes them ideal for placement at the outermost boundary with an untrusted network?
This is an important point with packet filtering firewalls
When a biometric system rejects an authorized individual, what type of error is this? it is called a Type I error (false rejection rate).
This is called a Type I error false rejection rate.
Which is RAID-1
This is called mirroring. All the data is written to at least two separate disks. If one fails, the other can be used to retrieve data. RAID-1 requires two physical disks
What type of error is a percentage of invalid subjects that are falsely accepted in a biometric system? is called the False Acceptance Rate FAR or Type II Error.
This is called the False Acceptance Rate (FAR) or Type II Error.
Changing the 'index.html' page of a website on a web server without proper authorization, usually to something malicious, is known as web ___. hijacking cloaking defacement vandalism
This is known as the Website defacement att
When possible, operations controls should be invisible, or transparent, to users.
This keeps users from feeling hampered by security and reduces their knowledge of the overall security scheme, thus further restricting the likelihood that users will violate system security deliberately.
RAID Level 0 creates one large disk by using several disks what is this called?
This process is called striping.
Which of these methods does the 'Accent Keyword Extractor' use for attacking passwords? Dictionary Attack None of the above Brute Force Cracking Password guessing
This program loads an Internet page and extracts keywords and uses them as possible passwords
What is NIST in Special Publication 800-37?
This publication provides guidelines for applying the Risk Management framework to federal information systems
_________are accidental or intentional exploitations of vulnerabilities.
Threat events
In a Public Key Infrastructure, how are public keys published
Through digital certificates.
What can best define the "revocation request grace period?"
Time period between the arrival of a revocation request and the publication of the revocation information.
explain total risk?
Total risk is the amount of risk an organization would face if no safeguards were implemented. To calculate total risk, use this formula: threats * vulnerabilities * asset value = total risk.
The National Information Infrastructure Protection Act extends protections to portions of the national infrastructure other than computing systems, such as railroads, gas pipelines, electric power grids, and telecommunications circuits.
Traffic analysis and trend analysis are forms of monitoring that examine the flow of packets rather than the actual content.
What is Traffic Padding?
Traffic padding is a countermeasure to traffic analysis.
A new employee will require what type of awareness of IT Security in the workplace so they will be able to comply with all standards, guidelines, and procedures mandated by the security policy?
Training
What is a characteristic or service that is unseen by users?
Transparency
Which layer is responsible for data transmission and error detection in the OSI model?
Transport layer
In IP Sec, what is themost common mode of operation and is required for gateway-to-gateway and host-to-gateway communications?
Transport mode is established when the enpoint is a host. If the gateway in a gateway-to-host communication was to use transport mode, it would act as a host system, which is acceptable for direct protocols to that gateway. Otherwise, TUNNEL mode is required for gateway services...
________________is generated by the difference in power between the hot and neutral wires of a power source or operating electrical equipment
Traverse mode noise
is generated by the difference in power between the hot and neutral wires of a power source or operating electrical equipment?
Traverse mode noise
A _ is software that functions partially as a proprietary software that can be used without payment.
Trialware
_________uses 56-bit keys but newer implementations use 112-bit or 168-bit keys. Larger keys provide a higher level of security.?
Triple DES
What encrypts a message three times.
Triple DES This encryption can be accomplished in several ways. The most secure form of triple DES is when the three encryptions are performed with three different keys.
A polyalphabetic cipher is any cipher based on substitution, using multiple substitution alphabets. The Vigenère cipher is probably the best-known example of a polyalphabetic cipher, though it is a simplified special case.
Triple DES with three distinct keys is the most secure form of triple-DES encryption. It can either be DES-EEE3 encrypt-encrypt-encrypt or DES-EDE3 encrypt-decrypt-encrypt.
tools can notify you of the possibility of something suspicious in your computer? None of these tcpdump Wireshark Tripwire
Tripwire directly reveals information about something suspicious occurring. While useful for detecting intrusions after the event, it can also serve many other purposes, such as integrity assurance, change management, and policy compliance.
What is a code that appears to have some useful purpose but also contains code that has a malicious or harmful purpose imbedded in it?
Trogan
What is the theft refers to a situation where someone obtains key pieces of personal information such as a credentials, or Social Security number, and then uses that information to impersonate someone else?
True name identity theft
What is trusted recovery?
Trust to recovery provide for services after failure or crash the system is just as secure as it was before the failure or crash occurred
What is tunneling?
Tunneling is the encapsulation of the protocol deliverable message within a second protocol. The second protocol often performs encryption to protect the message contents.
What are most appropriate on secondary or side exits where a security guard is not available or is unable to maintain constant surveillance?
Turnstiles
cable technology refers to the CAT3 and CAT5 categories?
Twisted Pair cables
to achieve added security over DES 3DES must use how many keys?
Two
The Graham-Denning model is focused on the secure creation and deletion of both subjects and objects.
Ultimately, Graham-Denning is a collection of eight primary protection rules or actions (listed in the question) that define the boundaries of certain secure actions.
RFC 1918 describes the range of unroutable addresses; regarding unroutable addresses.
Unroutable addresses can access the internet using PAT. Unroutable addresses can access the internet using NAT.
What is a disadvantage to SSO?
User gains unrestricted access to all the authorized resources
This is basic mode used by the CPU when executing user applications. In this mode, the CPU allows the execution of only a portion of its full instruction set. This is designed to protect users from accidentally damaging the system through the execution of poorly designed code or the unintentional misuse of that code.
User mode
What is is the basic mode used by users?
User mode is the basic mode used by the CPU when executing user applications. The CPU allows the execution of only a portion of its full instruction set. This is designed to protect users from accidentally damaging the system through the execution of poorly designed code or the unintentional misuse of that code.
The change control process of confi guration or change management also
Users are informed of changes before they occur to prevent loss of productivity The effects of changes are systematically analyzed The negative impact of changes on capabilities, functionality, and performance is minimized and approved by a CAB (change approval board).
In the public key infrastructure, certificate authorities (CAs) generate digital certificates containing the public keys of system users.
Users then distribute these certificates to people with whom they want to communicate. Certificate recipients verify a certificate using the CA's public key
Symmetric key uses how many keys?
Uses the same key for communication in any direction
What refers to those that can be performed manually but only for a brief period of time; this is associated with lower costs of disruption than critical functions?
Vital function
What introduces network-specific vulnerabilities to voice communications?
Voice over IP (VoIP)
what is is computer memory that requires power to maintain the stored information; it retains its contents while powered on but when the power is interrupted the stored data is lost very rapidly or immediately?
Volatile memory, contrary to non-volatile memory, is computer memory that requires power to maintain the stored information; it retains its contents while powered on but when the power is interrupted the stored data is lost very rapidly or immediately. RAM is an example.
______________replaces TKIP (used by the original WPA) with AES cryptography
WPA2
What servers would you typically find in the DMZ?
Web server E-mail server Hyper-V server
What means that it is happening in both directions instead of just the user having to authenticate to the server the server also has to authenticate to the user?
What is Mutual authentication
What is a Polymorphic Code?
What is a virus code that can change or mutate itself so that the originalis not detected by the antivirus scanner BUT the virus can still carry out it's malicious activity?
What is NIST SP 800-18?
What outlines the following responsibilities for the information owner, which can be interpreted the same as the data owner &rules of behavior," which is effectively the same as an acceptable usage policy (AUP)
When will Training occur?
When a new employee arrives so they will be able to comply with all standards, guidelines, and procedures mandated by the security policy?
a router for evidence, which of the following actions should NOT be performed? Running show commands All of these Running configuration commands Accessing router through console
When an attack occurs, 'configuration' commands should not be executed in order not to change anything
what is a Multilevel security mode system?
When there is no requirement that all users have appropriate clearances to access information processed on a system?
What are the problems with password generators?
While password generators protect against dictionary attacks they often force users to write down the password which creates a new vulnerability having an office full of sticky notes with scribbled passwords is an attractive atmosphere for a potential hacker
Purchasing a single certificate for each of your domains and subdomains can be an expensive proposal but you can purchase a type of certificate called?
Wildcard Certificate.
What is Dynamic translation?
With dynamic translation also called Automatic, Hide Mode, or IP Masquerade, a large group of internal clients to share a single or small group of ROUTABLE IP addresses for the purpose of hiding their identities when communicating with external hosts or expanding the internal network address
In this Block Cipher method of encoding, the user simply encodes the message by reordering the plaintext in some way or the user scrambles the message by reordering the plaintext. What is this method called?
With the transposition method of block cipher, the user simply encodes the message by reordering the plaintext in some way are shifted according to a regular system, so that the ciphertext constitutes a permutation of the plaintext. That is, the order of the units is changed
Job descriptions are essential to user and personnel security. job description does a background check have true meaning.
Without a job description, auditing and monitoring cannot determine when a user performs tasks outside of their assigned work. Without a job description, administrators do not know what level of access to assign via DAC.
Remember: Current copyright law provides for a very lengthy period of protection. Works by one or more authors are protected until 70 years after the death of the last surviving author.
Works for hire and anonymous works under copyright law are provided protection for 95 years from the date of first publication or 120 years from the date of creation, whichever is shorter
What is X.500
X. 500 standard, and a type of protocol, as in Lightweight Directory Access Protocol (LDAP), that allows subjects and applications to interact with the directory.
______is an ITU-T standard protocol suite for packet switched wide area network WAN communication?
X.25 X.25 is a packet switching technology which uses carrier switch to provide connectivity for many different networks.
What is a series of computer networking standards covering electronic directory services?
X.500
What is a standard and a type of protocol, as in Lightweight Directory Access Protocol (LDAP), that allows subjects and applications to interact with the directory.
X.500
What is the The Zachman Architecture Framework ?
Zachman Framework is used to create a robust enterprise architecture, not a security architecture, technical or not. The framework is not security specific.
What confirms that an individual possesses certain factual knowledge without revealing the knowledge?
Zero-knowledge
What is the concept of zero-knowledge proof?
Zero-knowledge proof is a communication concept. A specific type of information is exchanged but no real data is transferred, as with digital signatures and digital certifi cates.
what is 802.1x?
a MAC-Based security measure. 802.1X or "dot1x" is certificate-based and each device that wants to talk on the network must have a valid certificate.
RAID 1+0 or RAID 10
a combination of disk mirroring & stripping -no parity-requires a minimum of four disks
Solid State Drive
a combination of flash memory EEPROM and DRAM
What is a likelihood Assessment?
a comprehensive list of the events that can be a threat to an organization.
What is electronic vaulting?
a method of transferring bulk information to off-site facilities for backup purposes
What is Message Switching?
a mode of data transmission in which a message is sent as a complete unit and routed though intermediate nodes at which it is stored and then forwarded.
What is the main concern with Single Sign On?
a password can be compromised and a password would allow an intruder to have access to all systems.
Smart cards are:
a plastic card with a built-in microprocessor, used typically for electronic processes such as financial transactions and personal identification.
What is Concurrency?
a preventive security mechanism that endeavors to make certain that the information stored in the database is always correct or at least has its integrity and availability protected.
what is a column or a combination of columns that uniquely identify a record?
a primary key
What is an electronic document which incorporates a digital signature to bind together a _____________— information such as the name of a person or an organization, their address, and so forth. The certificate can be used to verify that a public key belongs to an individual.
a public key certificate or identity certificate
What is a Service organization control SOC report?
a report that verify\ies the security, privacy, and availability controls, through the SOC-2 or SOC-3 report
The Simple Security Property states that
a subject may not read information at a higher sensitivity level no read up.
What is Data Manipulation Language DML?
a subset of SQL containing the commands used to interact with data
What is Screen scraping
a technology that can allow an automated tool to interact with a human interface
What is a Multipartite Virus?
a virus spreads by multiple methods
___________is used to collect similar elements into groups, classes, or roles that are assigned security controls, restrictions, or permissions
abstraction
what is an abstraction?
abstraction hides the unnecessary details from user abstraction provides a way to manage complexity.
What is a threat event
accidental or intentional exploitations of vulnerabilities.
The sequence of steps of an attack methodology is?
acquisition analysis access appropriation
What methodology prioritizes flexible development that emphasizes responding to change over following a plan?
agile software development methology
What is Automatic Call distribution?
allows a PBX to be configured so that incoming calls are distributed to the next available agent or placed on-hold until one become available
What is an EEPROM chip
allows for "flash" updates when the BIOS needs revision.
What is a lattice based access control?
allows security controls for complexed environments. It is a complex access control model based on the interaction between any combination of objects and subjects
What is the The waterfall model?
allows the development process to return only to the immediately preceding phase of development at any given time.
What is a pseudorandom number generator?
also known as a deterministic random bit generator DRBG algorithm generating a sequence of numbers whose properties approximate the properties of sequences of random numbers. PRNG-generated sequence is not truly random, because it is completely determined by a relatively small set of initial values, called the PRNG's
remember this when intruder is detected by an IDS they are transferred to a padded cell. The transfer of the intruder into a padded cell is performed automatically without informing the intruder that the change has occurred.
also note padded acells are used to detain intruders not to detect vulnerabilities
What is Point to Point protocol?
an encapsulation protocol designed to support IP traffic over dial up connections?
what is a threat agent?
an entity that can exploit a vulnerability
What is a behavior-based intrusion detection system?
an expert system or a pseudo-artificial intelligence system because it can learn and make assumptions about events. In other words, the IDS can act like a human expert by evaluating current events against known events?
To fully evaluate risks and subsequently take the proper precautions, you must?
analyze the following: assets, asset valuation, threats, vulnerability, exposure, risk, realized risk, safeguards, countermeasures, attacks, and breaches
What is is an element of quantitative risk analysis that represents the expected frequency with which a specific threat or risk will occur in other words, become realized within a single year?
annualized rate of occurrence or ARO
packet filtering gateways are appropriate for:
appropriate choice for a low-risk environment
the steps of the business impact assessment process are
are identification of priorities, risk identification, likelihood assessment, impact assessment, and resource prioritization
Remember: The pair of elements is the subject and object, and the subject has an upper bound equal or higher than the upper bound of the object being accessed.
are the keystones of most access control systems.
who are Data processors?
are typically third-party entities that process data for an organization
What are Data processors
are typically third-party entities that process data for an organization
What is a backdoor?
are vectors for attackers to bypass security checks, such as authentication--Be wary when someone says something will make computing both easier and more secure.
Who are the necessary members of the business continuity planning team?
at a minimum, representatives from each of the operational and support departments; Deparpment IT technical experts security personnel with BCP skills, legal representatives familiar with corporate legal, regulatory, and contractual responsibilities; and representatives from senior management.
What are distributed reflective denial of service attacks?
attack efforts between cooperative machines using traffic in an entirely legitimate manner
attribute base access control what is it?
attribute based access control model these policies that include multiple attributes for rules many software defined networking applications use attribute based access control.
IPsec includes an Authentication Header (AH) which provides what?
authentication and integrity
What is AAA
authentication, authorization, and accountability - provides nonrepudiation
What is called the access protection system that limits connections by calling back the number of a previously authorized location? a. Sendback systems b. Callback systems c. Sendback forward systems d. Callback forward systems
b. Callback systems Details: The correct answer is: Call back Systems; Callback systems provide access protection by calling back the number of a previously authorized location, but this control can be compromised by call forwarding.
When continuous availability (24 hrs-a-day processing) is required what provides a good alternative to tape backups?
back up to jukebox
Children's Online Privacy Protection Act of 1998
became the law of the land in the United States. COPPA makes a series of demands on websites that cater to children or knowingly collect information from children
Why is a complete quantitative analysis is not possible?
because of intangible aspects of risk. The process involves asset valuation and threat identification and then determining a threat's potential frequency and the resulting damage; the result is a cost/ benefit analysis of safeguards
Why is difficult to defend against distributed denial service attacks?
because of their sophistication and complexity
What labeled an expert system or a pseudo-artificial intelligence system because it can learn and make assumptions about events. In other words, the IDS can act like a human expert by evaluating current events against known events?
behavior-based intrusion detection system
What is a Sensitive function?
best described as those that can be performed manually at a tolerable cost for an extended period of time
what is is a formal state transition system of computer security policy that describes a set of access control rules designed to ensure data integrity. Data and subjects are grouped into ordered levels of integrity?
biba model
When developing a business continuity plan, be sure to account for ________________
both your headquarters location as well as any branch offices. The plan should account for a disaster that occurs at any location where your organization conducts its business.
What are the steps project scope and planning, business impact assessment, continuity planning, and approval and implementation used for?
business continuity planning
What is project scope and planning, business impact assessment, continuity planning, and approval and implementation. Each task contributes to the overall goal of ensuring that business operations continue uninterrupted in the face of an emergency situation.
business continuity planning
Who are the operational and support departments; technical experts from the IT department; security personnel with BCP skills; legal representatives familiar with corporate legal, regulatory, and contractual responsibilities; and representatives from senior management.
business continuity planning team
operational and support department representatives; Deparpment IT technical experts security personnel, legal representatives familiar with corporate legal, regulatory, and contractual responsibilities;and representatives from senior management are what kind of team
business continuity planning team
What are identification of priorities, risk identification, likelihood assessment, impact assessment, and resource prioritization?
business impact assessment
__________assesses the likelihood that each threat will actually occur and the consequences those occurrences will have on the business
business impact assessment
who are the individuals responsible leading the BCP process determine which departments and individuals have a stake in the business continuity plan used as the foundation for BCP team selection and, after validation by the BCP team, is used as a guide the next stages of BCP development.
business organization analysis
How is metadata is created?
by performing data mining.
What is the difference between the OCSP (Online Certificate Status Protocol) and a Certificate Revocation List (CRL)? a. The OCSP (Online Certificate Status Protocol) is used only by Active Directory and a Certificate Revocation List (CRL) is used by Certificate Authorites b. The OCSP (Online Certificate Status Protocol) is a way to check the attributes of a certificate and a Certificate Revocation List (CRL) is used by Certificate Authorites. c. The OCSP (Online Certificate Status Protocol) provides real-time certificate checks and a Certificate Revocation List (CRL) has a delay in the updates. d. The OCSP (Online Certificate Status Protocol) is a propietary certifcate mechanism developed by Microsoft and a Certificate Revocation List (CRL) is an open standard
c. The correct answer is: The OCSP (Online Certificate Status Protocol) provides real-time certificate checks and a Certificate Revocation List (CRL) has a delay in the updates.
What is a Candidate Key?
can be any column or a combination of columns that can qualify as unique key in database
how are threats evaluated?
can originate from numerous sources, including IT, humans, and nature.Threat assessment should be performed as a team effort to provide the widest range of perspectives. By fully evaluating risks from all angles, you reduce your system's vulnerability.
What specifies the access rights a certain subject possesses pertaining to specific objects?
capability table
What is Asynchronous Transfer Mode-ATM which is WAN communication technology at 53 bytes?
cell switching technology
Remember: for type of authentication: Type 1 - Something you know - Authentication by knowledge - password, pin Type 2 - Something you have - Authentication by possession - token, smart card, magnetic card Type 3 - Something you are - Authentication by characteristic - biometics
check for Input or Information Accuracy in Software Development security are the following Range checks Relationship checks Reasonableness checks Transaction limits check
The expanded use of _________by many organizations requires added attention to conducting reviews of information security controls during the vendor selection process and as part of ongoing vendor governance.
cloud services
What is an abstraction?
collects similar elements into groups, classes, or roles that are assigned to security controls, restrictions, or permissions as a collective, It adds efficiency to carry out a security plan
What is a Hybrid environment?
combines both hierarchical and compartmentalized environments so that security levels have subcompartments
What is a Hybrid environments
combines both hierarchical and compartmentalized environments so that security levels have subcompartments.
how do you prevent in access aggregation attack?
combining defense in depth, need to know in Least privilege principles helps prevent access aggregation attacks.
What is no relationship between one security domain and another. each domain represents a separate isolated compartment to gain access to an object?
compartmentalized enviornment
To be secure, the kernel must meet three basic conditions:
completeness all accesses to information must go through the kernel, isolation the kernel itself must be protected from any type of unauthorized access, and verifiability the kernel must be proven to meet design specifications.
what is the primary communication channel on a computer system the communication between the CPU, memory, and input output devices such as the keyboard mouse display
computer bus
What is Multitasking?
concept of performing concurrent actions over a certain period of time by executing them concurrently
What is a model that encompasses three concepts assets, risk, and vulnerability and their interdependent relationship within a structured, formalized organization?
conceptual security triple
What is the Bell La Padula model
concerned with confidentiality and access control is based on classification of objects and clearance of subjects
What is pivotal when vendor selection process and as part of ongoing vendor governance with cloud services?
conducting reviews of information security controls
Encapsulating Security Payload (ESP) in IPSEC to provides?
confidentiality
The first activity in every recovery plan?
damage assessment, immediately followed by damage mitigation.
Assembly Language is a low level language using symbols to represent complicated binary codes and is considered one step above machine language Assembly, machine and High level are the main categories of languages.
data backup plan is completely different from disaster recovery and they are not synonymous. In order to get the best Data backup and DR state of the art recovery systems should be attached to data backup systems.
What is one of the primary methods of protecting the data confidentiality?
data encryption
Who is responsible for classifying, labeling, and protecting data
data owner
What is a data object or a packet in the Network layer?
datagram
How do you mitigate an access aggregation attack?
defense in depth, need to know, and least privilege principle.
What is Key clustering?
defined as an instance of two different keys generating the same ciphertext from the same plaintext
RFC 2828 is what?
defines a digital signature as a value computed with a cryptographic algorithm and appended to a data object in such a way that any recipient of the data can use the signature to verify the data's origin and integrity.
What is ISO 27799? defines guidelines to support the interpretation and implementation in health informatics of ISO/IEC 27002 and is a companion to that standard.
defines guidelines to support the interpretation and implementation in health informatics of ISO/IEC 27002 and is a companion to that standard.
what table represents the number of columns in a table?
degree
What is a Capacitance sensor?
detect an intruder approaching or touching a metal object including a wire by sensing a change in capacitance between the object (or wire) and the ground (another wire). A change in the dielectric medium or electrical charge results in a change in capacitance.
What is a data loss prevention (DLP) server?
detects the labels, and applies the required protection that will automatically set the labels, In other words, Users apply relevant labels (such as confi dential, private, sensitive, and public) to emails before sending them
What is the formula for safeguard evaluation?
determining the annual cost of a safeguard, you must calculate the ALE for the asset if the safeguard is implemented. Use the formula: ALE before safeguard - ALE after implementing the safeguard - annual cost of safeguard = value of the safeguard to the company, or (ALE1 - ALE2) - ACS
What is Dual-Core Datacenter ?
differs from traditional multi-site datacenter architecture based primarily on the concept that it is possible to shift active-running workload from one site to another with no interruption in services. While providing the ability to shift active running workload from one site to another
What Originated by VISA and MasterCard as an Internet credit card protocol using what?
digital signatures
What is the result of Allowing objects to be used sequentially by multiple users without a refresh of the objects can lead to?
disclosure of residual data
An attack efforts between cooperative machines using traffic in an entirely legitimate manner are what?
distributed reflective denial of service attacks
Network administrator not taking mandatory two week vacation violates:
due diligence (not doing the right thing the right way)
Why is It very difficult to defend against distributed denial-of-service attacks?
due to their sophistication and complexity.
who are the necessary members of the business continuity planning team?
each of the operational and support departments; technical experts from the IT department; security personnel with BCP skills; legal representatives familiar with corporate legal, regulatory, and contractual responsibilities; and representatives from senior management.
What is defined as "a method of transferring bulk information to off-site facilities for backup purposes?
electronic vaulting
What is Password Policy?
ensure that users create strong passwords of sufficient length and complexity that can track password history and prevent users from reusing passwords?
What is the main purpose of off-site hardware testing to ensure the continued compatibility of the contingency facilities?
ensure the continued compatibility of the contingency facilities
Most threats to a company allude toward
errors & omissions
How can a Continuity of Operations plan be described?
establishes senior management and a headquarters after a plan, outlining roles and authorities, orders of succession, and individual role tasks
what is an element of quantitative risk analysis that represents the percentage of loss that an organization would experience if a specific asset were violated by a realized risk?
exposure factor
From a quantitative point of view, what are three specific metrics when looking Impact Assessments?
exposure factor, the single loss expectancy, and the annualized loss expectancy
What are examples of side channel attacks?
fault generation, differential power analysis, electromagnetic analysis, timing, and software attacks
When possible, operations controls should be invisible, or transparent, to users. This keeps users from
feeling hampered by security and reduces their knowledge of the overall security scheme, thus further restricting the likelihood that users will violate system security deliberately.
what is a screened host?
firewall that communicates directly with a perimeter router and internal network
Static RAM chips are built using a number of ___________that retain their charge without requiring constant refreshing.
flip-flop transistors
What is performed the archive bit will be cleared indicating that the files were backup. This allows backup programs to do an incremental or differential backup that only backs up the changes to the filesystem since the last time the bit was cleared?
full backup
What is The Government Information Security Reform?
further develops the federal government information security program
The Government Information Security Reform Act does what?
further develops the federal government information security program
By going through a Business Impact Analysis, the organization will:
gain a common understanding of functions that are critical to its survival.
What is network device or service works at the Application layer knwoing theApplication layer gateway is a very specific type of component. It serves as a protocol translation tool?
gateway
Whjat is an asynchronous token?
generates and displays one-time passwords using a challenge-response process to generate the password
What is RAID 4
good for sequential data but not uses much
What is the role of the administrator?
grants access to data based on guidelines provided by the data owners
a Quantitative risk analysis focuses on?
hard values and percentages
What is a Polymorphic viruses?
has the capability of changing its own code, enabling it to have many different variants, making it harder to detect by anti-virus software
What is dual Control?
has to do with forcing the collusion of at least two or more persons to combine their split knowledge to gain access to an asset
Quantitatively measuring the results of the test of a BCP results in what?
have ways to measure the success of the plan and tests against the stated objectives. results must be quantitatively gauged as opposed to an evaluation based only on observation. Quantitatively measuring the results of the test involves a generic statement measuring all the activities performed during BCP, which gives the best assurance of an effective plan.
The ISC2 Code of Ethics does not include which of the following behaviors for a CISSP: Ethical behavior Legality Control Honesty
he correct answer is: Control. Control is not a behavior characteristic described in the Code of Ethics.
What are the Control Objectives for Information and Related Technology COBIT?
help business owners and mission owners balance security control requirements with business or mission needs
What is a classification labels are assigned in an ordered structure from low security to medium security to high security?
hierarchical environment
What type of attack a malicious user is positioned between a client and server and then interrupts the session and takes it over?
hijack attack
what is a hypervisor mode?
hypervisor mode allows virtual guests to operate in ring zero
steps of the business impact assessment process are
identification of priorities, risk identification, likelihood assessment, impact assessment, and resource prioritization
One of the primary responsibilities of the individuals responsible for business continuity planning is to perform an analysis of the business organization?
identify all departments and individuals who have a stake in the BCP process
What is the The first BIA task facing the BCP team is identifying business priorities?
identifying business priorities
What is the first BIA task facing the BCP team is identifying business priorities?
identifying business priorities
Threat modeling is the process of
identifying, understanding, and categorizing potential threats. The goal is to build a list of the threats, perform analysis, and determine mitigation strategies.
What is a replay when dealing with Kerberos?
if the compromised tickets are used within an allotted time window
What is critical portions of the business impact assessment?
impact assessment
When are Loss expectancies calculated?
impact assessment phase?
The business continuity plan must also contain statements of
importance, priorities, organizational responsibility, and urgency and timing.
what is an open system?
in open system uses open hardware and standards which use components from a variety of vendors.
____________are Technical physical security controls?
include access controls; intrusion detection; alarms; closed-circuit television; monitoring; heating, ventilating, and air conditioning (HVAC); power supplies; and fire detection and suppression.
There are a number of important concepts that underlie solid business continuity planning (BCP) practices, including the following:
including project scope and planning, business impact assessment, continuity planning, and approval and implementation
What is a Master boot record MBR viruses?
infects the system's boot sector and load when the system is started.
_________is generally considered to be more secure to eavesdropping than multidirectional radio transmissions because infrared requires direct line-of-sight paths?
infrared technology
what is an infrastructure as a service?
infrastructure as a service provides an entire virtualize operating system which the customer configures the operating system on up
which are the steps usually followed in the development of documents such as security policy, standards and procedures?
initiation, evaluation, development, approval, publication, implementation, and maintenance
The three requirements of patent law are
invention must be new, useful, and nonobvious.
What is a CSMA/CD?
is LAN media access method. Carrier Sense Multiple Access / Collision Detection, a set of rules determining how network devices respond when two devices attempt to use a data channel simultaneously. Standard Ethernet networks use CSMA/CD to physically monitor traffic on the line at participating stations.
What is an SNMP and what protocol does it use?
is a UDP-based service. UDP can not send back errors, because it is a simplex protocol. When UDP errors occur, the system will switch protocols and use ICMP to send back information over the network. The port is not available, an ICMP Type 3 error will be sent.
What is a substitution cipher?
is a category the Caesar cipher belongs to. Substitution cipher are vulnerable to frequency analysis attacks
What is Sanitization?
is a combination of processes that removes data from a system or from media. It ensures that data cannot be recovered by any means
What us Hierarchical storage management (HSM)?
is a data storage technique, which automatically moves data between high-cost and low-cost storage media. HSM systems exist because high-speed storage devices, such as hard disk drive arrays, are more expensive (per byte stored) than slower devices, such as optical discs and magnetic tape
what is a smurf attack?
is a distributed denial-of-service attack in which large numbers of Internet Control Message Protocol (ICMP) packets with the intended victim's spoofed source IP are broadcast to a computer network using an IP Broadcast address.
What is Static Random Access Memory- SRAM
is a fast expensive memory that uses small latches called "flip flops" to store bits
What is an Encrypted authentication
is a firewall feature that allows users on an external network to authenticate themselves to prove that they are authorized to access resources on the internal network
What is a SYN Flood Attack?
is a form of denial-of-service attack in which an attacker sends a succession of SYN requests to a target's system in an attempt to consume enough server resources to make the system unresponsive to legitimate traffic?
What is A VLAN?
is a hardware-imposed network segmentation created by switches that requires a routing function to support communication between different segments.
WHat is SHA-1?
is a hashing algorithm producing a 160-bit hash result from any data. and does not perform encryption.
What Agile software development?
is a phrase used in software development to describe methodologies for incremental software development--emphasis is placed on empowering people to collaborate and make team decisions in addition to continuous planning, continuous testing and continuous integration
What is a A federated identity?
is a portable identity, and its associated entitlements used across business boundaries. It allows a user to be authenticated across multiple IT systems and enterprises.
What is Clearing, or overwriting?
is a process of preparing media for reuse and assuring that the cleared data cannot be recovered using traditional recovery tools
IPsec runs on what layer in the OSI Model? .
is a protocol suite that runs at the networking layer It provides confidentiality, integrity protection, data origin authentication and replay protection of each message by encrypting and signing every message
What is Multi programming?
is a rudimentary form of parallel processing in which several programs are run at the same time on a uniprocessor
What is Control Objectives for Information and Related Technology
is a security concept infrastructure used to organize the complex security solutions
What is Data Manipulation Language ?
is a subset of SQL containing the commands used to interact with data
What is RC5
is a symmetric encryption algorithm. It is a block cipher of variable block length, encrypts through integer addition, the application of a bitwise Exclusive OR XOR, and variable rotations
What is L2F, or Layer 2 Forwarding,
is a tunneling protocol developed by Cisco Systems, Inc. to establish virtual private network connections over the Internet no encryption or confidentiality by itself; It relies on tunneled protocol providing privacy. L2F wasreplaced by L2TP
What is identity-based access control? is a type of Discretionary Access Control (DAC) that is based on an individual's identity?
is a type of Discretionary Access Control that is based on an individual's identity.
What is a primary key ?
is a unique identifier in the table that unambiguously points to an individual tuple or record in the table
What is X.25?
is an ITU-T standard protocol suite for packet switched wide area network WAN communication
what is a pseudorandom number generator?
is an algorithm for generating a sequence of numbers whose properties approximate the properties of sequences of random numbers. The PRNG-generated sequence is not truly random, because it is completely determined by a relatively small set of initial values, called the PRNG's seed which may include truly random values.
TCP Wrapper?
is an application that can serve as a basic firewall by restricting access based on user IDs or system IDs.
What is an annualized rate of occurrence (ARO)?
is an element of quantitative risk analysis that represents the expected frequency with which a specific threat or risk will occur in other words, become realized within a single year.
exposure factor or E F is what?
is an element of quantitative risk analysis that represents the percentage of loss that an organization would experience if a specifi c asset were violated by a realized risk.
What is the concept of an exposure factor (EF).
is an element of quantitative risk analysis that represents the percentage of loss that an organization would experience if a specific asset were violated by a realized risk. By calculating exposure factors, you are able to implement a sound risk management policy.
What is El Gamal
is an extension of the Diffie-Hellman key exchange algorithm that depends on modular arithmetic
What is The International common criteria?
is an international agreed-upon standard for describing in testing the security of IT products
What is ISO 1227?
is an international standard for software lifecycle processes. It defines all the tasks required for developing and maintaining software. Establishes a process of lifecycle for software, including processes and activities applied during the acquisition and configuration of the services of the system.
What is a query plan or query execution plan is an ordered set of steps used to access data in a SQL relational database management system?
is an ordered set of steps used to access data in a SQL relational database management system. This is a specific case of the relational model concept of access plans.
What is the Blowfish block cipher?
is another alternative to DES and IDEA. that operates on 64-bit blocks of text by allowing the use of variable-length keys ranging from a relatively insecure 32 bits to an extremely strong 448 bits for public use with no license required.
What is the qualitative risk analysis?
is based more on scenarios than calculations. Exact dollar fi gures are not assigned to possible losses; instead, threats are ranked on a scale to evaluate their risks, costs, and effects. Such an analysis assists those responsible in creating proper risk management policies
What is a message digest
is calculated and included in a digital signature to prove that the message has not been altered since the time it was created by the sender
One of the first steps in asset security is_____________
is classifying and labeling assets
when is a watchdog timer?
is designed to recovery system by rebooting after critical processes hang or crash
What is a closed system?
is designed to work well with a narrow range of other systems, generally all from the same manufacturer.
What is Purging?
is erasing the data so the media is not vulnerable to data remnant recovery attacks, including those classified as laboratory level
What is Traverse mode noise?
is generated by the difference in power between the hot and neutral wires of a power source or operating electrical equipment?
What is An application-level proxy?
is one that knows the details about a specific application, like HTTP, which allows a connection to a web site from a web browser.
What does a A trusted system address?
is one that meets its intended security requirements. It involves sufficiency and effectiveness, not necessarily efficiency, in enforcing a security policy. Put succinctly, trusted systems have (1) policy, (2) mechanism, and (3) assurance.
What is the full backup method?
is primarily run when time and tape space permits, and is used for the system archive or baselined tape sets.
What is the security kernel
is responsible for enforcing a security policy. It is a strict implementation of a reference monitor mechanism.
Multicast
is similar to broadcasting, except that multicasting means sending to a specific group, whereas broadcasting implies sending to everybody, whether they want the traffic or not.
What is the Delphi technique?
is simply an anonymous feedback-and-response process used to arrive at a consensus. Such a consensus gives the responsible parties the opportunity to properly evaluate risks and implement solutions
What is a synchronous token?
is synchronized with an authentication server and generates synchronous one-time passwords.
What is the main drawback of RAID 1? and for that matter RAID 10?
is that for the required disk space, the RAID overhead will double the amount of capacity you actually have to purchase. For example, if you needed to store 300GB of data you would have to purchase 600GB of capacity.
the common applications of cryptography to secure email
is the S/MIME protocol. Another popular email security tool is Phil Zimmerman's Pretty Good Privacy (PGP).
Multithreading
is the ability of a program or an operating system process to manage its use by more than one user at a time and to even manage multiple requests by the same user without having to have multiple copies of the programming running in the computer.
What is an Exposure Factor?
is the amount of damage that the risk poses to the asset, expressed as a percentage of the asset's value?
what is encryption?
is the art and science of hiding the meaning or intent of a communication from unintended recipients.
What is the The difference between total risk and residual risk and how is it calculated?
is the controls gap, which is the amount of risk that is reduced by implementing safeguards. To calculate residual risk, use the following formula: total risk - controls gap = residual risk
What is Actual Cash Value (ACV)?
is the default valuation clause property insurance. It is also known as depreciated value. It involves estimating the amount to be subtracted, which reflects the building s age, wear, and tear
WHat is federated identity in information technology?
is the means of linking a person's electronic identity and attributes, stored across multiple distinct identity management systems.
What is due care?
is the notion of preserving and protecting assets and interests for a given organization as exercised through a formalized security structure comprising baselines, guidelines, policies, procedures, and rules
The data owner
is the person who has ultimate organizational responsibility for data. The owner is typically the CEO, president, or a department head. Data owners identify the classification of data and ensure that it is labeled properly
what is a computer bus?
is the primary communication channel on a computer system the communication between the CPU, memory, and input output devices such as the keyboard mouse display etc occur via the bus
What is A cross certification?
is the process undertaken by CAs to establish a trust relationship in which they rely upon each other's digital certificates and public keys as if they had issued them themselves.
WHat is the goal of BCP planners?
is to implement a combination of policies, procedures, and processes such that a potentially disruptive event has as little impact on the business as possible
What is The final step of the Business Impact Analysis?
is to prioritize the allocation of business continuity resources to the various risks that you identified and assessed in the preceding tasks of the BIA.
What is a Foreign Key?
is used to enforce relationships between two tables, also known as referential integrity . Referential integrity ensures that if one table contains a foreign key, it corresponds to a still-existing primary key in the other table in the relationship.
What is The spiral model?
it allows developers to repeat iterations of another life cycle model such as the waterfall model to produce a number of fully tested prototypes.
How does anomaly analysis add to an IDS capability?
it allows it to recognize and react to send increases in traffic volume or activity multiple failed login attempts logons or program activity outside the normal working hours or failure in messages.
what is a hybrid environment?
it combines both hierarchal in compartmentalized concept so that each hierarchal Level will make contain subdivisions that are isolated from the rest of the security domain.
what is the hypervisor?
it controls access between virtual guests and host hardware
What is a circuit-level proxy firewall?
it creates a virtual circuit, or a point-to-point connection between a client and a server, they don't know all of the details about a specific application that's being proxied on certain criteria that are met or not met to be accepted, or the traffic could be denied, or the traffic could be discarded.
What is a datagram?
it is a data object or a packet in the Network layer
what is a darknet?
it is a portion of allocated IP address is within the network that not used.
What is the The Goguen-Meseguer model?
it is an integrity model based on predetermining the set or domain—a list of objects that a subject can access.
Why is it difficult to stop spam?
it is because the source of messages are usually spoofed.
What is an access aggregation attack??
it is collecting multiple pieces of non sensitive information and combining or aggregating them to learn sensitive information. It's like a Reconnaissance attack grabbing IP addresses, open ports, etc.
What is a conceptual security triple?
it is model that encompasses three concepts assets, risk, and vulnerability and their interdependent relationship within a structured, formalized organization.
The SD3+ design is what?
it is secured by default securing appointment in communication there are two goals in mind with this process. To reduce the number of security security-related design and coding defects. And reduce the severity of any remaining defects.
What is task base access control?
it is similar to roll base access control but instead of being assigned to one or roles as each user is assigned an array of tasks.
for a company to have a resource qualify as a trade secret
it must provide the company with some type of competitive value or advantage
what is sandboxing?
it provides a security boundary for applications and prevents the application from interacting with other applications
what's in accidents aggregation attack?
it refers to collection of multiple pieces of nonsensitive information and combining them to learn sensitive information. In other words a person or group may be able to collect multiple facts about a system then using facts launch attack.
The whole idea behind a one-way hash is that?
it should be just that - one-way. In other words, an attacker should not be able to figure out your password from the hashed version of that password in any mathematically feasible way (or within any reasonable length of time).
What is NIST 800-53?
it uses the following control categories: technical. management, and operational
what is a dedicated mode?
it's a mode of operation means that the system contains objects of one classification level onl
interns of common criteria terms what is the security target?
it's the documentation describing the TOE including the security requirements in operational environment.
Once your BCP team completes the four stages of preparing to create a business continuity plan, what is the last step?
it's time to dive into the heart of the work—the business impact assessment (BIA)
what are Primary and Candidate Keys
keys can uniquely identify records in a table
Which access control allows security controls for complexed environments. It is a complex access control model based on the interaction between any combination of objects and subjects
lattice based access control
Encryption occurs at which layer of the OSI Model?
layer 6 presentation
The object-relational and object-oriented models do what?
manage complex data such as required for computer-aided design and imaging.
Computer Security Act (CSA) of 1987?
mandates baseline security requirements for all federal agencies. Gave the National Institute of Standards and Technology (NIST) responsibility for developing standards and guidelines for federal computer systems
What is DHCP snooping
means that DHCP servers can assign IP addresses to only selected systems which are identified by their MAC addresses
What is Mutual authentication?
means that it is happening in both directions instead of just the user having to authenticate to the server the server also has to authenticate to the user
In the provisions and processes phase,of the BCP
mechanisms and procedures that will mitigate the risks are designed.
To fully evaluate risks and subsequently take the proper precautions you must
must analyze the following: assets, asset valuation, threats, vulnerability, exposure, risk, realized risk, safeguards, countermeasures, attacks, and breaches
What are the legal and regulatory requirements that face business continuity planners?
must exercise due diligence that shareholders' interests are protected prior to disasters. Some industries are also subject to federal, state, and local regulations that mandate specific BCP procedures. Businesses have contractual obligations to their clients that must be met, before and after a disaster.
what is Non-volatile memory?
non-volatile storage is computer memory that can retrieve stored information even after having been power cycled turned off and back Examples of non-volatile memory include read-only memory, flash memory, ferroelectric RAM most types of magnetic computer storage devices hard disk drives, floppy disks, and magnetic tape, optical discs
What is Masquerading
occurs when a person presents him- or herself as another user, typically to gain access to unauthorized information or processes.
three main methods used to exchange secret keys securely are:
offline distribution, public key encryption, and the Diffie-Hellman key exchange algorithm
key of the same length as the message where each bit or character from the plaintext is encrypted by a modular addition
one-time pad (OTP) is a type of encryption that is impossible to crack if used correctly. Each bit from the plaintext is encrypted by a modular addition with a bit or character from a secret random key
If the continuity is broken, then business processes have stopped what happens next?
organization is in disaster mode; thus, disaster recovery planning (DRP) takes over.
The Computer Security Act does what?
outlines steps the government must take to protect its own systems from attack
NIST SP 800-18
outlines the responsibilities and expected behavior of individuals and state the consequences of not complying with the rules or AUP? Called the "Rules of Behavior"
What do Business and mission owners own?
own the processes and ensure the systems provide value to the organization
__________ are responsible for ensuring that proper controls are in place to address integrity, confidentiality, and availability of the IT systems and data they own
owners are responsible for ensuring that proper controls are in place to address integrity, confidentiality, and availability of the IT systems and data they own
What is used in the first generation of firewalls and does not keep track of the state of a connection?
packet filtering
What type of firewall examines all of the fields in the headers in the packet. It might look at the source IP address field in the IP header or look at the destination port number field in a TCP header to decide whether or not traffic should be allowed to go through.
packet-filtering firewall
What is source routing?
packets hold the forwarding information so that they can find their way to the destination themselves without bridges and routers dictating their paths
What rule states that when an agreement between parties is put into written form, the written document is assumed to contain all the terms of the agreement and no verbal agreements may modify the written agreement?
parol evidence
what is always a potential attack if awireless network is not otherwise using some other form of authentication typically access via 802.1 X?
password guessing
What is Intrusion Detection?
patterns of analysis and recognition
What is a full backup?
performed the archive bit will be cleared indicating that the files were backup. This allows backup programs to do an incremental or differential backup that only backs up the changes to the filesystem since the last time the bit was cleared
what is the arithmetic logic unit or called ALU?
performs the mathematical calculation it computes it is fed instructions by the control unit which acts as a traffic cop sitting instructions to the ALU
What is a database-related SQL structured query language terminology that allows a relation to contain multiple rows with the same primary key; the multiple instances are distinguished by their security levels. It occurs because of mandatory policy.
polyinstantiation
The Full Backup Method is what?
primarily run when time and tape space permits, and is used for the system archive or baselined tape sets
What is the final step in the BIA
prioritize the allocation of business continuity resources to the various identified risks and assessed in the preceding tasks of the BIA
the four steps of the business continuity planning process are:
project scope and planning, business impact assessment, continuity planning, and approval and implementation.
the four steps of the business continuity planning process is?
project scope and planning, business impact assessment, continuity planning, and approval and implementation. Each task contributes to the overall goal of ensuring that business operations continue uninterrupted in the face of an emergency situation.
BCP process involves the follwing steps_________
project scope and planning, business impact assessment, continuity planning, and approval and implementation
Business continuity planning (BCP) involves four distinct phases they are what?
project scope and planning, business impact assessment, continuity planning, and approval and implementation.
The Computer Fraud and Abuse Act as amended does what?
protects computers used by the government or in interstate commerce from a variety of abuses.
what is Virtual Storage?
provided by the operating system where it uses a combination of RAM and disk storage to simulate a much larger address space than is actually present
The Federal Sentencing Guidelines released in 1991 provided?
provided punishment guidelines to help federal judges interpret computer crime laws.The guidelines formalized the p rudent man rule , which requires senior executives to take personal responsibility for ensuring the due care that ordinary, prudent individuals would exercise in the same situation.
What is an elliptic curve algorithm?
provides more security than other algorithms when both are used with keys of the same length
What is The Internet Security Association and Key Management Protocol ISAKMP?
provides background security support services for IPSec, including managing security associations
What is Mesh Toplogy secure?
provides redundant connections to systems, allowing multiple segment failures without seriously affecting connectivity.
What is system high?
provides the most granular or distinctive control over resources and users because it enforces clearances, requires need to know, and allows the processing of only single sensitivity levels
What is an Occupant emergency plan?
provides the response procedures for occupants of a facility in the event of a situation posing a potential threat to the health and safety of personnel, the environment, or property
what is virtual memory?
provides virtual address mapping between applications and hardware memory.
What is a private cloud?
provisioned for exclusive use by comprising multiple consumers. It may be owned, managed, and operated by the organization, a third party, or some combination of them, and it may exist on or off premises.
what are false vulnerabilities or apparent loopholes intentionally implantnted in a system in attempt to temp hackers
pseudo flaws
What is an algorithm for generating a sequence of numbers whose properties approximate the properties of sequences of random numbers. The PRNG-generated sequence is not truly random, because it is completely determined by a relatively small set of initial values, called the PRNG's seed which may include truly random values.
pseudorandom number generator
public-key certificate binds a _________key value?
public key value
______binds a subject name to a public key value?
public-key certificate binds a subject name to a public key value
what is purging?
purging is used to sufficiently clean Remnants of data on a magnetic storage drive so that it can be reused in unsecure environment
What should be included in the criticality survey?
purpose clearly stated, management approval, what services and systems are critical to keep business organized.
Remember: data for being purged is the responsibility of the data owner not the custodian
qualitative risk analysis approach pinpoints major areas of risk - it gives simple subjective results not objective
What is Scoping
refers to reviewing baseline security controls and selecting only those controls that apply to the IT system you're trying to protect.
What is NIST SP 800-53
regulation discusses security control baselines as a list of security controls. It stresses that a single set of security controls does not apply to all situations, but any organization can select a set of baseline security controls and tailor it to its needs
WHat are the The Federal Sentencing Guidelines ?
released in 1991 formalized the prudent man rule, which requires senior executives to take personal responsibility for ensuring the due care that ordinary, prudent individuals would exercise in the same situation?
Remember: Contingency planning requirements should be considered at every phase of SDLC, but most importantly when a new IT system is being conceived.
remember : In the initiation phase of the SDLC, system requirements are identified and matched to their related operational processes, allowing determination of the system's appropriate recovery priority.
remember this: A vulnerability is a weakness in a system that can be exploited by a threat
remember this MD5 is a one-way hash function producing a 128-bit message digest from the input message, through 4 rounds of transformation. MD5 is specified as an Internet Standard RFC1 12
COBIT. Control Objectives for Information and Related Technology COBIT is a security concept infrastructure used to organize the complex security solutions of companies.
remember this Threat modeling is the security process where potential threats are identified, categorized, and analyzed.
remember this:IPSec operational mode encrypts the entire data packet in Tunnel Mode
remember this, In the UTP category rating, the tighter the wind or the tighter the cables are twisted togethe :the higher the rating and its resistance against interference and crosstalk will be.
remember this: Interpreters translate one command at a time during execution, as opposed to compilers and assemblers where source code for the whole application is transformed to executable code before being executed.
remember this: A translator is a generic term for the others. translates source code one command at a time for execution on a computer?
remember this: a general term is described as the process of independently assessing a system against a standard of comparison, such as evaluation criteria is defined as a benchmark, standard is known as an evaluation criteria
remember this: Criteria are the "standards" against which security evaluation is carried out. They define several degrees of rigour for the testing and the levels of assurance that each confers. They also define the formal requirements needed for a product (or system) to meet each Assurance level.
remember this : with a dedicated mode all subjects must possess the clearance equal or two greater than the label the objects.
remember this: In System high mode of operation the system contains objects of mixed labels also must possess a clearance equal to the systems eyes object.
Remember this: HTTP is not a secure channel, L2TP is encapsulated but not encrypted, SSL/SSH/IPSEc are encrypted and encapsulated
remember this: In tunnel mode, even the IP Header is encrypted. In transport mode, the IP header is intact
remember this: An intranet is an Internet-like logical network that uses a firm's internal, physical network infrastructure.
remember this: Network Architecture refers to the communications products and services, which ensure that the various components of a network such as devices, protocols, and access methods work together.
remember this: packet filtering gateways offer minimum security but at a very low cost, and can be an appropriate choice for a low-risk environment.
remember this: Packet filtering firewalls use routers with packet filtering rules to grant or deny access based on source address, destination address, and port.
Remember this: Avoid combining policies, standards, baselines, guidelines, and procedures in a single document. Each of these structures must exist as a separate entity because each performs a different specialized function
remember this: The goal of a business continuity program is to ensure that recovery time objectives are shorter than maximum tolerable downtime measures.
Remember this: The act of measuring and evaluating security metrics is the practice of assessing the completeness and effectiveness of the security program. This should also include measuring it against common security guidelines and tracking the success of its controls.
remember this: The security role of data custodian is responsible for the tasks of implementing the prescribed protection defined by the security policy and senior management.
remember this:best reason for separating the test and development environments is To control the stability of the test environment.
remember this: The test environment must be controlled and stable in order to ensure that development projects are tested in a realistic environment which, as far as possible, mirrors the live environment.
remember this: The MAC address is 48 bits long, 24 of which identify the vendor, as provided by the IEEE. The other 24 bits are provided by the vendor.
remember this: a detailed examination and testing of the security features of an IT system/ product ensure they meet evaluation criteria is Evaluation
remember this-a disadvantage of a statistical anomaly-based intrusion detection system may falsely detect a non-attack event that had caused a momentary anomaly in the system.
remember this: a factor related to Access Control cover the integrity, confidentiality, and availability components of information system security.
The Internet Security Glossary RFC2828 defines aggregation as a circumstance in which a collection of information items is required to be classified at a higher security level than any of the individual items that comprise it.
remember this: digital envelope for a recipient is a combination of encrypted data and its encryption key in an encrypted form that has been prepared for use of the recipient.
remember this: Some sites choose not to implement Trivial File Transfer Protocol TFTP due to the inherent security risks. TFTP is a UDP-based file transfer program that provides no security.
remember this:It is recommended to use a passphrase. A passphrase is more resistant to attacks. The passphrase is converted into a virtual password by the system. Often time the passphrase will exceed the maximum length supported by the system and it must be trucated into a Virtual Password.
remember this: When a station communicates on the network for the first time, the Reverse Address Resolution Protocol RARP finds the Internet Protocol (IP) address that matches with a known Ethernet address
remember this:the RARP protocol sends out a packet, which includes its MAC address and a request to be informed of the IP address that should be assigned to that MAC address.
The Federal Information Security Management Act (FISMA)
requires that federal agencies implement an information security program that covers the agency's operations. FISMA also requires that government agencies include the activities of contractors in their security management programs.
what is a click wrap agreement?
requires users to click on a button during the installation process to accept the terms of the agreement.
What is the responsibility of the data owner when it comes to protecting data
responsible for classifying, labeling, and protecting data
The termination procedure should include what? witnesses, return of company property, disabling network access, an exit interview, and an escort from the property.
return of company property, disabling network access, an exit interview, and an escort from the property.
Your DMZ is located ?
right behind your first Internet facing firewall
explain the ring model?
ring zero the kernel, ring one other OS components that do not fit in ring zero, device drivers ring two, ring three user applications
__________is the process by which upper management is provided with details to make decisions about which risks are to be mitigated, which should be transferred, and which should be accepted
risk analysis
The process of identifying factors that could damage or disclose data, evaluating those factors in light of data value and countermeasure cost, and implementing cost-effective solutions for mitigating risk is what?
risk management process
implementing cost-effective solutions for mitigating or reducing risk is known as?
risk management.
What is parol evidence?
rule states that when an agreement between parties is put into written form, the written document is assumed to contain all the terms of the agreement and no verbal agreements may modify the written agreement.
What provides a security boundary for applications and prevents the application from interacting with other applications?
sandboxing
A BCP project typically has four components: scope determination, the Business Impact Assessment, the Business Continuity Plan, and implementation
scope determination, the Business Impact Assessment, the Business Continuity Plan, and implementation
Symmetric-key encryption uses (select all that apply):
secret keys, one key for encryption, another for decryption, shared keys
what is a security domain?
security domain is a list of objects that is allowed to access more broadly defined domains are groups of subjects in objects with a similar security requirements.
what is the documentation describing the TOE including the security requirements and operational environment?
security target
remember this :Threat modeling can be performed as a proactive measure during design and development or as a reactive measure once a product has been deployed. Key concepts include assets/attackers/software, STRIDE, diagramming, reduction/decomposing, and DREAD
security-minded acquisitions. Integrating cyber security risk management with acquisition strategies and practices is a means to ensure a more robust and successful security strategy in organizations of all sizes.
What A data object called in the Transport layer
segment
What refers to any information that isn't public or unclassified
sensitive
What are some of the considerations when you are conducting Business Impact Assessment and the Cloud?
service organization control SOC report
What is COSO?
set of internal corporate controls to help reduce fraud developed by the Committee of Sponsoring Organizations of the Tread Way commission
What is a noninvasive attack smart cards are vulnerable to?
side channel attack. Side channel attacks are passive attacks to gather information about smart cards such as an encryption key
Examples of ___________attacks are fault generation, differential power analysis, electromagnetic analysis, timing, and software attacks
side-channel attacks
What is a Cyclic Redundancy Check?
similar to a Hash total to act as a redundancy tool
Kerberos uses what type of authentication method?
single-factor or multi-factor authentication method
What is a distributed denial-of-service attack in which large numbers of Internet Control Message Protocol (ICMP) packets with the intended victim's spoofed source IP are broadcast to a computer network using an IP Broadcast address?
smurf attack
Northbridge and Southbridge what are they?
some computer designs use two buses
What is it called when packets hold the forwarding information so that they can find their way to the destination themselves without bridges and routers dictating their paths?
source routing
What is a The meet in the middle attack?
specifically targets encryption algorithms that use two rounds of encryption, such as Double DES
What is a capability table ?
specifies the access rights a certain subject possesses pertaining to specific objects?
not write information to an object at a lower sensitivity level (no write down). This is also known as the Confinement Property.
star Security Property
What are bounds?
state or define the area within which a process is confined.
An abstraction is what?
states that a detailed understanding of lower system levels is not a necessary requirement for working at higher levels.
What is Differential backups?
store all files that have been modified since the time of the most recent full backup; they affect only those files that have the archive bit turned on, enabled, or set to 1.
cipher feedback mode CFB uses what type of cipher?
streaming cipher
What is the The best way to protect the confi dentiality of data whether it's a rest, in transit or storage?
strong encryption protocols
Blowfish what is it?
symmetric block cipher with variable-length key (32 to 448 bits) designed in 1993 by Bruce Schneier as an unpatented, license-free, royalty-free replacement for DES or IDEA.
Block ciphers is a type of what?
symmetric-key encryption algorithm that transforms a fixed-size block of plaintext unencrypted text data into a block of ciphertext encrypted text-data of the same length. They are appropriate for software implementations and can operate internally as a stream
which contains the rules that govern the interactions between subjects and objects and permissions subjects can grant to one another
take Grant protection model
remember this: access control method prevents information from leaking DOWN to a lower level of security while preventing users from accessing information at a higher level area than their own clearance is the Bell La-Padula Model
testing uses a set of test cases that focus on control structure of the procedural design is Unit testing is the testing of an individual program or module.
You should understand the distinction between business continuity planning and disaster recovery planning.
that BCP comes first, and if the BCP efforts fail, DRP steps in to fi ll the gap.
What are problems with RAID Level 0?
that it actually provide no fault tolerance of the disk system rather than increasing it. The entire data volume is unusable if one drive in the set fails
Describe the process used to develop a continuity strategy
the BCP team determines which risks will be mitigated. In the provisions and processes phase, mechanisms and procedures that will mitigate the risks are designed that is approved by Senior Management
Remember:The Digital Signature Standard uses the SHA-1 and SHA-2 message digest functions along with one of three encryption algorithms:
the Digital Signature Algorithm DSA; the Rivest, Shamir, Adleman RSA algorithm; or the Elliptic Curve DSA ECDSA algorithm
that act provides penalties for individuals found guilty of the theft of trade secrets. Harsher penalties apply when the individual knows that the information will benefit a foreign government
the Economic Espionage Act of 1996
Protection profiles and security targets are elements of what?
the ISO International Standard 15408 "Evaluation Criteria for Information Technology Security", also commonly known as the Common Criteria (CC).
Commercial data is often classified within four criteria to protect information what are they
the age of the information, it's useful life, and any regulatory requirements.
performs the mathematical calculation it computes it is fed instructions by the control unit which acts as a traffic cop sending instructions
the arithmetic logic unit
Once your BCP team completes the four stages of preparing to create a business continuity plan what is the next step?
the business impact assessment (BIA)
What are Security Targets?
the claims of security from the vendor that are built into a Target of Evaluation
if the BCP team consults with fire experts and determines that a building fire would cause 70 percent of the building to be destroyed what is the exposure factor?
the exposure factor of the building to fi re is 70 percent.
A static packet-filtering does what ?
the firewall filters traffic by examining data from a message header.
Once an intrusion into your organization's information system has been detected, what is the first steps you need to take?
the first action that needs to be performed is determining to what extent systems and data may be compromised if they really are, and then take action.
what have five requirements. They must allow input of any length, provide fi xed-length output, make it relatively easy to compute the hash function for any input, provide one-way functionality, and be collision free
the fundamental requirements of a hash function
What is the primary goal of change management? Maintaining Documentation Keeping users informed Allowing rollback of failed changes Preventing Security Compromises
the goal of change management is to ensure that any change does not lead to reduced compromised security.
what controls access between virtual guests and host hardware?
the hypervisor
how to perform the business organization analysis?
the individuals responsible leading the BCP process determine which departments and individuals have a stake in the business continuity plan. This analysis is used as the foundation for BCP team selection and, after validation by the BCP team, is used to guide the next stages of BCP development.
What is a replay attack?
the malicious individual intercepts an encrypted message between two parties often a request for authentication and then later replays the captured message to open a new session.
An ACL specifies a list of users subjects who are allowed access to each object
the matrix is a way of analyzing the access control needed by a population of subjects to a population of objects. This access control can be applied using rules, ACL's, capability tables, etc.
What is calculated and included in a digital signature to prove that the message has not been altered since the time it was created by the sender?
the message digest
What contains hardware including the CPU, memory slots, firmware, and peripheral slots such as peripheral component interconnect slots
the motherboard
What uses a key of the same length as the message where each bit or character from the plaintext is encrypted by a modular addition?
the one-time pad (OTP). Each bit or character from the plaintext is encrypted by a modular addition with a bit or character from a secret random key (or pad) of the same length as the plaintext
Risk analysis is what?
the process by which risk management is achieved and includes analyzing an environment for risks, evaluating each risk as to its likelihood of occurring and the cost of the resulting damage, assessing the cost of various countermeasures for each risk, and creating a cost/benefit report for safeguards to present to upper management.
The mechanisms and procedures that will mitigate the risks are designed occur at what phase of the BCP?
the provisions and processes phase
What us one of the major problems underlying symmetric encryption algorithms?
the secure distribution of the secret keys required to operate the algorithms.
What is Categorize, Select, Implement, Assess, Authorize, and Monitor
the six steps of the risk management framework
following frameworks are Categorize, Select, Implement, Assess, Authorize, and Monitor which are what?
the six steps of the risk management framework
what is regression testing?
the software testing level tests software after updates, modifications, or any patches
What are identification of priorities, risk identification, likelihood assessment, impact assessment, and resource prioritization?
the steps of the business impact assessment process
With Discretionary Access Control there are limitations--what are they?
the subject has authority, within certain limitations, to specify what objects can be accessible.
What is a top-down approach?
the top down approach means that the initiation, support, and direction come from top management; work their way through middle management; and then reach staff members
What is a hierarchical environment?
the various classification labels are assigned in an ordered structure from low security to medium security to high security.
What are the two ways of transferring files,
there are two basic ways: FTPS and SFTP.
what is a compartmentalized enviornment?
there is no relationship between one security domain and another. each domain represents a separate isolated compartment to gain access to an object the subject must have specific clearance for its security domain.
what is a maintenance hook?
they are a type of a backdoor there a shortcut installed by the system designers and programmers to allow developers to bypass normal system checks during development.
what is a zero knowledge team?
they know nothing about the Target site except the publicly available information such as the domain name and company address.
Database administrators take steps to encrypt sensitive data stored on the database server (data at rest) would do what?
they would implement strong authentication and authorization controls to prevent unauthorized entities from accessing the database
What is is the system of oversight that may be mandated by law, regulation, industry standards, or licensing requirements
third-party governance of security
What phase of the business impact assessment identifies the likelihood that each risk will occur?
this assessment is usually expressed in terms of an annualized rate of occurrence (ARO) that reflects the number of times a business expects to experience a given disaster each year.
what is in advanced persistent threat?
this refers to a group of attackers who are working together or highly motivated, skilled and patient --they have advanced knowledge and a wide variety of skills to detect and exploit vulnerabilities.
These can originate from numerous sources, including IT, humans, and nature which should be performed as a team effort to provide the widest range of perspectives to you reduce your system's vulnerability? What is this process called?
threat evaluation
What is an exposure factor, the single loss expectancy, and the annualized loss expectancy
three specific metrics when looking Impact Assessments
What is True name identity theft
to a situation where someone obtains key pieces of personal information such as a credentials, or Social Security number, and then uses that information to impersonate someone else?
The star Security Property states that a subject may not write information
to an object at a lower sensitivity level (no write down). This is also known as the Confinement Property.
What is a Vital function?
to those that can be performed manually but only for a brief period of time; this is associated with lower costs of disruption than critical functions
What is a web vulnerability scanner?
tool to find a Cross-site scripting attack
The ____________of the Bell-LaPadula model states that the classification of a subject or object does not change while it is being referenced.
tranquility principle
What is a modem?
translates data from digital form and then back to digital for communication over analog lines.
To achieve added security over DES, 3DES must use at least______________
two cryptographic keys
Confidentiality assures that the information is not disclosed to___________________
unauthorized persons or processes.
What is Triple DES?
used 56-bit keys but newer implementations use 112-bit or 168-bit keys. Larger keys provide a higher level of security. Microsoft OneNote and System Center Confi guration Manager use 3DES to protect some content and passwords.
What does packet filtering do?
used in the first generation of firewalls and does not keep track of the state of a connecti
What are Foreign Keys
used to enforce referential integrity constraints between tables that participate in a relationship
Cross site scripting can be mitigated and is only effective when what is involved?
user interaction
DNS is what kind of model?
uses a hierarchical model to organize data, with root name servers representing the top-level domains and authority distributed hierarchically to child servers.
What is Base+Offset addressing ?
uses a value stored in one of the CPU's registers as the base location from which to begin counting. The CPU then adds the offset supplied with the instruction to the value and retrieves the operand from that computed memory location
RAID-5 what is it?
uses disk striping with parity-provides balance between performance & availability- requites 3 physical disks
what is a closed system?
uses proprietary hardware or software
What is an Encrypted Virus?
uses simple encryption to encipher their computer code. Each virus is encrypted with a different key so that even with a key to one virus, another instance of the same virus cannot be scanned
What is the criteria for the best programming?
uses the most cohesive modules possible, because different modules need to pass data and communicate, Also, the lower the coupling, the better the software design, because it promotes module independence. The more independent a component is, the less complex the application is and the easier it is to modify and troubleshoot.
How can Single Sign On be implemented?
using scripts that replay the users multiple log-ins against authentication servers to verify a user's identity and to permit access to system services
WHat is a False Reject or Type I Error?
valid user is rejected by the system
what is unique about virus writers and what do they not commonly used in their code?
validation routines
What does an IDSs watch for ?
violations of confidentiality, integrity, and availability. Attacks from external connections , viruses, malicious code, trusted internal subjects performing unauthorized activities, and unauthorized access attempts from trusted locations.
What periodically synchronizes itself with all of the identity stores individual network directories to ensure the most up-to-date information is being used by all applications and identity management components within the enterprise.
virtual directory
what do not commonly include validation routines in their code?
virus writers
where are critical business records will be stored and the procedures for making and storing backup copies of those records?
vital records program
What is Multics- Multiplexed Information and Computing Service?
was an influential early time-sharing operating system. The project was started in 1964 in Cambridge, Massachusetts. The last known natively running Multics installation was shut down on October 30, 2000, at the Canadian Department of National Defence in Halifax, Nova Scotia, Canada
What is the The International Data Encryption Algorithm IDEA?
was developed in response to complaints about the insufficient key length of the DES algorithm. Like DES, IDEA operates on 64-bit blocks of plain text/ciphertext
What would be the tool to find a Cross-site scripting attack?
web vulnerability scanner
what is a pseudo flaw?
what are false vulnerabilities or apparent loopholes intentionally implantnted in a system in attempt to temp hackers
What is purging?
what is a more intense form of clearing that prepares media for reuse in less secure environments. It provides a level of assurance that the original data is not recoverable using any known methods.
What is a smurf attack?
when an attacker spoofs an ICMP broadcast packet and sends to the network. the broadcast is sent to all victims on a network where the victim is located.
What is a Shrink Wrap License agreement?
when the user opens a software package
What is a vital records program?
where are critical business records will be stored and the procedures for making and storing backup copies of those records
The disaster recovery plan kicks in when?
where the business continuity plan leaves off.
Covert Timing Channel
which one process modulates its system resource for example, CPU cycles, which is interpreted by a second process as some type of communication.
What is the Anti‐Counterfeiting Trade Agreement?
which proposes a framework for international enforcement of intellectual property protections. As of February 2015, the treaty awaited ratification by the European Union member states, the United States, and five other nations.
Patents protect the intellectual property rights of inventors. They provide a period of _________
years during which the inventor is granted exclusive rights to use the invention (whether directly or via licensing agreements). At the end of the patent exclusivity period, the invention is in the public domain available for anyone to use.
how do you ensure that logs have accurate time stands and that these timestamps and a consistent throughout the environment?
you can do this through network time protocol NTP which is a server that synchronizes it to a trusted time source such as a public network time protocol server
If physical and infrastructure support is lost, such as after a catastrophe, regular activity (including deploying updates, performing scans, or tightening controls) is not possible what do you do?
you must simply wait until the emergency or condition expires and things return to normal
after identifying valuable assets and potential threats what is the next step?
you perform a vulnerability analysis.
What is it when an entity knows nothing about the Target site except the publicly available information such as the domain name and company address?
zero knowledge team