CISSP Exam Prep

अब Quizwiz के साथ अपने होमवर्क और परीक्षाओं को एस करें!

What are the type of fire extinguishers?

A Common combustible B Liquid C Electrical Fire D Metal Burning

is a process of preparing media for reuse and assuring that data cannot be recovered using traditional recovery tools

Clearing, or overwriting

_________must be either uniquely identified by a witness or authenticated through a documented chain of custody.

Real evidence

which stores bits in small capacitors and slower and cheaper than than SRAM

Dynamic Random Access Memory

What is DRAM?

Dynamic Random Access Memory which stores bits in small capacitors and slower and cheaper than than SRAM

Explain the the need for security-minded acquisitions and what does it mean?

Integrating cyber security risk management with acquisition strategies and practices is a means to ensure a more robust and successful security strategy in organizations of all sizes.

Public Key infrastructure uses LDAP for what?

Integrating digital certificates into transmissions but remember PKI technology is used to manage digital certificates. LDAP is one of the protocols used when clients need to query a certificate authority.

What is a Bastion host?

It is a hardened computer implementation. It is a special computer on a network to sustain an attack. It's characteristics consists of a hosted single application.

What is a gateway?

It is a network device or service that working at the Application layer. It serves as a protocol translation tool. For example, an IP-to-IPX gateway takes inbound communications from TCP/IP and translates them over to IPX/SPX for outbound transmission

What is a Redundant Site?

It is a site owned by the company and mirrors the original production environment

In order to investigate an email related crime, what is the venue be familiar with the internal operations of the email server used to send that email.

Knowledge of internal operations of such servers is not necessary and if needed, assistance can be sought from Network administrators who maintains the server

What are the two conceptual approaches to intrusion detection?

Knowledge-based intrusion detection uses a database of known vulnerabilities to look for current attempts to exploit them on a system and trigger an alarm if an attempt is found. The behaviour-based or statistical analysis-based is another conceptual approach.

Which of these would be easier for an investigator to locate? Internet Email user

LAN email systems are specific to a company and are used by employees only, hence easier to locate

to network performance refers to the delay that packet may experience on their way to reach the destination from the source

Latency

What IDS monitors the general patterns of activity and traffic on the network, and create a database of normal activities within the system.

Neural Network Based IDS

what is the Simple Security Property?

No read up

What is the Simple Security Property?

No read up deals with confidentiality ---a secret subject can not read a top secret subject. This follows under Bell Lapula Model and no write down

A central authority directrs what subjects can have access to certain objects based on the organizational security policy under what type of access control?

Non-Discretionary Access Control

Rule-Based Access Control (RuBAC) access is determined by rules. Such rules would fit within what category of access control ?

Non-Discretionary Access Control

AppleTalk and IPX is what type of protocol?

Non-IP Protocols

some computer designs use two buses what are they?

Northbridge and Southbridge

what are tools that provide real-time analysis of events occurring on systems throughout an organization they include agents install the remote systems that monitor for specific events known as alarm triggers

Security Event Management SEM

What is best described as those that can be performed manually at a tolerable cost for an extended period of time.?

Sensitive functions

What is a Permanent Virtual Circuit?

a connection type uses a logical circuit that always exists and waits for customers to send data?

What is acquisition analysis access appropriation?

The sequence of steps of an attack methodology

remember The meet‐in‐the‐middle attack demonstrated that it took relatively the same amount of computation power to defeat 2DES as it does to defeat standard DES. This led to the adoption of Triple DES (3DES) as a standard for government communication.

To determine the number of keys in a key space, raise 2 to the power of the number of bits in the key space.

what is hyperlink spoofing?

To direct a user to a malicious server

When would you use hardware encyption?

To implement encryption into systems in such a way that it goes as fast as possible. This is to ensure that users do not have to wait too long. For such speedy encryption, his best option is to use

Is based on Life Cycle Assurance Requirements -steps are: Security Testing, Design Specification, Configuration Management, Trusted System Distribution.

Trusted Distribution

IPSec can be run in either tunnel mode or transport mode.

Tunnel mode is most commonly used between gateways, or at an end-station to a gateway, the gateway acting as a proxy for the hosts behind it. Transport mode is used between end-stations or between an end-station and a gateway, if the gateway is being treated as a host

What are some disadvantages of Tunneling?

Tunneling is generally an inefficient means of communicating because all protocols include their own error detection, error handling, acknowledgment, and session management features, and using more than one protocol at a time just compounds the overhead required to communicate a single message.

What is the IP header contains a protocol field for UDP?

UDP=17

What are the LAN transmission methods?

Unicast, Multicast, Broadcast

How would you prevent a replay attack?

Using one time authentication mechanism in sequence session for identification.

What are some of the vulnerabilities of a web server?

Web servers ordinarily listen on TCP port 80 and are thus listening for incoming SYN packets and thus are subsepitible to SYN flood attacks

Can Website be defaced with 'read' access to the server?

Website defacement requires 'write' access on the web server's root directory

How does the Graham Denning Model operate?

addresses how access rights between subjects and objects are defined, developed, and integrated. It defines a set of basic rights in terms of commands that a specific subject can execute on an object.

What is an SQL injection?

allow hackers to bypass normal access controls and gain access to the database supporting a web application

With a Likelihood Assessment what reflects the number of times a business expects to experience a given disaster each year?

annualized rate of occurrence or ARO

The use of the SCRIPT tag is a tell tale sign of a ____________attack.

cross-site scripting (XSS) attack

What is a Neural Network Based IDS?

monitors the general patterns of activity and traffic on the network, and create a database of normal activities within the system.

What is a Mutual assistance agreement?

popular in disaster recovery literature but difficult to implement. They are agreements between two parties to mutually assist one another in the event of disaster.

define overall risk management process

process of identifying factors that could damage or disclose data, evaluating those factors in light of data value and countermeasure cost, and implementing cost-effective solutions for mitigating or reducing risk is known as risk management

What is the Simple Security Policy?

prohibits subjects from reading a higher security level..no read up

What are the The first two phases of the BCP process

project scope and planning and the business impact assessment

To manage the security function, an organization must implement what?

proper and sufficient security governance. The act of performing a risk assessment to drive the security policy is the clearest and most direct example of management of the security function.

The Computer Fraud and Abuse Act does what? protects computers

protects computers used by the government or in interstate commerce from a variety of abuses

SHA-2 supports variable lengths of what?

ranging up to 512 bits

The primary goal of risk management is to?

reduce risk to an acceptable level.

What is Software Prototyping?

refers to building software application prototypes which display the functionality of the product under development but may not actually hold the exact logic of the original software.

What is Tayloring?

refers to modifying the list of security controls within a baseline so that they align with the mission of the organization.

What is Scoping?

refers to reviewing a baseline baseline security controls and determining what standard will be used or employed

What is Scoping?

refers to reviewing baseline security controls and selecting only those controls that apply to the IT system you're trying to protect

Remember: To begin the quantitative assessment, the BCP team should draw up a list of organization assets and then assign an asset value (AV) in monetary terms to each asset.

remember: The second quantitative measure that the BIA team must develop is the maximum tolerable downtime (MTD) , sometimes also known as maximum tolerable outage

if the compromised tickets are used within an allotted time window what is that called?

replay

Both WPA and WPA2 supports?

supports the enterprise authentication known as 802.1x/EAP, a standard port-based network access control that ensures clients cannot communicate with a resource until proper authentication has taken place

test

test

RAID levels 3 and 5 run ____________on hardware

faster

What is the The Open Group Architecture Framework (TOGAF) ?

is a vendor-neutral platform for developing and implementing enterprise architectures. It focuses on effectively managing corporate data through the use of metamodels and service-oriented architecture (SOA). AIt also adjusts to new innovations and capabilities to ensure new changes can easily be integrated into the enterprise platform.

What is an The access control matrix?

is a way of describing the rules for an access control strategy. The matrix lists the users, groups and roles down the left side and the resources and functions across the top. The cells of the matrix can either indicate that access is allowed or indicate the type of access

What is content dependent access control?

it is focused on the internal data in each field

Remember this: A static packet filtering firewall is the simplest and least expensive type of firewalls, offering minimum security provisions to a low-risk computing environment.

A static packet filter firewall examines both the source and destination addresses of the incoming data packet and applies ACL's to them. They operates at either the Network or Transport layer...

What Stores MAC addresses for the purpose of forwarding frames

CAM table

What are especially vulnerable to buffer overflow attacks because they are developed rapidly and are available to external users?

CGI and other web-based programs

Name at least seven security management concepts and principles

CIA Triad, confidentiality, integrity, availability, privacy, identification, authentication, authorization, auditing, accountability, and nonrepudiation

What is a preferred way to suppress an electrical fire in a computer server?

CO2 It must be noted that Halon is now banned in most countries or cities. The reason CO2 is preferred in an information center is the agent is considered a clean agent, as well as non-conductive.

Meeting Stakeholder Needs, Covering the Enterprise End to End, Applying a Single Integrated Framework, Enabling a Holistic Approach, Separating Governance From Management is what

COBIT 5 framework

the HTTP proxy is used as a means to implement what?

content filtering

What you are able to implement a sound risk management policy in terms of quantitative risk analysis?

exposure factor or E F

Exposure factor (EF)

%

What size is an MD5 message digest

128 bits

What is a dedicated line?

A dedicated line is always on it is reserved for specific customer. These are such as T3E1E3 and cable modems for example.

Value or benefit of a safeguard

ALE1 - ALE2 - ACS

How is abstraction used

Abstraction is used to collect similar elements into groups, classes, or roles that are assigned security controls, restrictions, or permissions

who grants access to data based on guidelines provided by the data owners.

Administrators

What is a Hypervisor?

Allows multiple virtual operating systems run on one host.

What should only provide the recovery of critical systems? And if automation cant occur how can processing take place?

Business Continuity Plan for critical systems while manual procedures for processing occurs

COBIT is a ____________governance framework?

COBIT is an IT governance framework not a security governance framewook

What is the control framework to manage IT risk and governance?

Control Objectives for Information and Related Technology

Which of the following statement INCORRECTLY describes network device Bridge? a. Bridge filters traffic based on MAC address b. Bridge forwards broadcast packets c. Bridge assigns a different network address per port d. Bridge reads header information but does not alter i

Correct Answer is: c. Bridge assigns a different network address per port

What are the three goals of the Business Impact Analysis?

Criticality prioritization, downtime estimation, and resource requirements are the three primary goals

Cryptography does NOT help in

Cryptography is a detective control in the fact that it allows the detection of fraudulent insertion, deletion or modification but it usually does not offers any means of detecting disclosure

means that DHCP servers can assign IP addresses to only selected systems which are identified by their MAC addresses?

DHCP snooping

What are aggregate functions?

DIFFERENCE()is not a valid aggregate function. COUNT(), MIN(), and SUM()are aggregate functions specified in SQL.

Who are typically third-party entities that process data for an organization?

Data processors

Which of the following is not appropriate in addressing object reuse?

Deleting files on disk before reusing the object

what stores all files that have been modified since the time of the most recent full backup; they affect only those files that have the archive bit turned on, enabled, or set to 1?

Differential backups

Data owners decide who has access to resources based only on the identity of the person accessing the resource is what kind of access?

Discretionary Access Control

What is due diligence?

Due diligence is the act of investigating and understanding the risks the company faces. A company practices by developing and implementing security policies, procedures, and standards.

This is the amount of damage that the risk poses to the asset, expressed as a percentage of the asset's value?

Exposure Factor

The RAID Advisory Board has defined three classifications of RAID:

Failure Resistant Disk Systems (FRDSs), Failure Tolerant Disk Systems, and Disaster Tolerant Disk Systems.

It is when a valid user is rejected by the system is called what?

False Reject or Type I Error

What are used to enforce referential integrity constraints between tables that participate in a relationship?

Foreign Keys

Name at least six protocol services used to connect to LAN and WAN communication technologies

Frame Relay, SMDS, X.25, ATM, HSSI, SDLC, HDLC, ISDN

What are packet switched services described?

Frame relay and X.25 networks

What are the following network devices is used to connect networks that are using different network protocols?

Gateway...

What are the Common logical data models?

Hierarchical database model Network model Relational model Object-relational database models

What combines both hierarchical and compartmentalized environments so that security levels have subcompartments?

Hybrid environments

What is the "International Common Criteria for Information Technology Security." It was developed as the standard for evaluating information technology products?

ISO 15408

___________is used in operations internal to the processor that must be performed requires no address because the operation is performed on the internal register.

Implied addressing.

How does end to end encryption work?

Information stays encrypted from one end of its journey to another

__________are used to ensure that transactions are properly entered into the system once?

Input Controls

Which virus spreads by multiple methods?

Multipartite

Which is the best recommended water system for a computer room?

Preaction. Preaction combines both the dry and wet pipe systems and allows manual intervention before a full discharge of water on the equipment occurs.

_____________is deployed to stop unwanted or unauthorized activity from occurring

Preventive access control

What is RAID-2

RAID-2 is no longer used

What type of memory is secure and maintains its integrity?

ROM

Why is ROM so reliable when it comes to security?

ROM is burned at the factory and then unchangeable. Thus, ROM is the most secure because it will always maintain its integrity

remember this: Unit testing uses set of test cases that focus on control structure of procedural design. These tests ensures internal operation of the programs according to the specification.

Remember this :concepts of change control and change management. Change introduces loopholes, overlaps, missing objects, and oversights that can lead to new vulnerabilities. The only way to maintain security in the face of change is to systematically manage change

Remember this an attack related to phishing is pre-texting which is the practice of obtaining your personal information under false pretenses.

Remember this hash totals and CRC checks can use to verify message integrity.

Remember this: Capabilities Tables are bound to a subject while and Access Control List (ACL) is bound to an object

Remember this: Assigning the values for the inputs to a purely quantitative risk assessment requires both a lot of time and significant experience on the part of the assessors. The most experienced employees or representatives from each of the departments would be involved in the process.

Remember this: Auditing, or monitoring is means by which subjects are held accountable for their actions

Remember this: Auditing is also the process by which unauthorized or abnormal activities are detected on a system.

Remember this: Accreditation is the official management decision to operate a system. Accreditation is the formal declaration by a senior agency official Designated Accrediting Authority (DAA information system is approved to operate at an acceptable level of risk

Remember this: Continuous authentication is a type of authentication that provides protection against impostors who can see, alter, and insert information passed between the claimant and verifier even after the claimant/verifier authentication is complete

Remember this: Layering of processes implements a structure similar to the ring model used for operating modes

Remember this: Nondiscretionary access control enables the enforcement of systemwide restrictions that override object-specific access control.

Remeber this: Trade secrets are one of the best legal protections for computer software.

Remember this: Using a block list or black list is a valid form of security filtering; it is just not a form of spoofing filtering.

Remember: Evaluation criterias are defined as a benchmark, standard, or yardstick against which accomplishment, conformance, performance, and suitability of an individual, hardware, software, product, or plan, as well as of risk-reward ratio is measured.

Remember: Fences should be Eight feet high and two feet out.

What is notice, choice, onward transfer, security, data integrity, access, and enforcement?

Safe Harbor principles

what was the predecessor to Point to Point protocol?

Serial Line Internet Protocol (SLIP) which offered no authentication

__________is the person who owns the system that processes sensitive data?

System Owners

identifying business priorities is what number task in the Business Impact Assessment?

The First Task

Which of the following is a class C fire? soda acid liquid common combustibles electrical

The correct answer is: electrical.

What is a way of describing the rules for an access control strategy?

The matrix lists is a strategy the users, groups and roles down the left side and the resources and functions across the top. The cells of the matrix can either indicate that access is allowed or indicate the type of access

What attack specifically targets encryption algorithms that use two rounds of encryption, such as Double DES?

The meet in the middle attack

Brute-force attacks are attempts to randomly fi nd the correct cryptographic key. Known plaintext, chosen ciphertext, and chosen plaintext attacks require the attacker to have some extra information in addition to the ciphertext.

The meet-in-the-middle attack exploits protocols that use two rounds of encryption. The man-in-the-middle attack fools both parties into communicating with the attacker instead of directly with each other.

what does the motherboard contain?

The motherboard contains hardware including the CPU, memory slots, firmware, and peripheral slots such as peripheral component interconnect slots

In Mandatory Access Control, sensitivity labels attached to object contain what information?

The object classification and category

What manages complex data such as required for computer-aided design and imaging.

The object-relational and object-oriented models

A CA acts as a front end to a RA, verifying the identity of the entity requesting a certificate True or False?

The opposite is true. "An RA acts as a front end to a CA by receiving end entity requests, authenticating them, and forwarding them to the CA". Pg 532, Official ISC2 Guide to the CISSP CBK, 4th Ed

The largest acceptable size for an ICMP packet is 65,536 bits

The parol evidence rule states that a written contract is assumed to contain all the terms of an agreement and cannot be modified by a verbal agreement.

What is provided by the operating system where it uses a combination of RAM and disk storage to simulate a much larger address space than is actually present?

Virtual storage

Name at least five possible threats that should be evaluated when performing a risk analysis

Viruses; buffer overflows; coding errors; user errors; intruders (physical and logical); natural disasters; equipment failure; misuse of data, resources, or services; loss of data; physical theft; denial of service

What is located right behind your first Internet facing firewall

Your DMZ

What is used to create a robust enterprise architecture, not a security architecture, technical or not. The framework is not security specific.

Zachman Architecture Framework

What is an exposure factor?

amount of damage that the risk poses to the asset

What is normally stored on ________ to allow for "flash" updates when the BIOS needs revision.

an EEPROM chip

_____________identifies the resources that are critical to an organization's ongoing viability and the threats posed to those resources?

business impact assessment

What creates a virtual circuit, or a point-to-point connection between a client and a server, but they don't know all of the details about this specific application that's being proxied on certain criteria that are met or not met to be accepted, or the traffic could be denied, or the traffic could be discarded

circuit-level proxy firewall

Capacitance detectors monitor what?

electrical field surrounding the object being monitored. They are used for spot protection within a few inches of the object, rather than for overall room security monitoring used by wave detectors.

Enkoder Form Enkoder Form is designed to prevent

email harvesting

the four steps of the business continuity planning process?

four distinct phases: project scope and planning, business impact assessment, continuity planning, and approval and implementation.

Behavior-based intrusion detection is what?

intrusion detection techniques assume that an intrusion can be detected by observing a deviation from normal or expected behavior of the system or the users

What is Sanitization?

is any number of processes that prepares media for destruction. It ensures that data cannot be recovered by any means from destroyed or discarded media.

What is third-party governance of security?

is the system of oversight that may be mandated by law, regulation, industry standards, or licensing requirements

Secure Sockets Layer (SSL) uses a Message Authentication Code (MAC) for what purpose

message integrity

What is the agile software development methology?

methodology prioritizes flexible development that emphasizes responding to change over following a plan

Hardware and software maintenance access controls are used to what?

monitor the installation of, and updates to, hardware and software to ensure that the system functions as expected and that a historical record of changes is maintained. Integrity verification programs are more integrity controls than software maintenance controls.

Children's Online Privacy Protection Act of 1998 for websites have certain restrictions, what are they?

must have a privacy notice that clearly states the types of information they collect and used for any information is disclosed to third parties--must also include contact information for the operators of the site.

What is The Computer Security Act?

outlines steps the government must take to protect its own systems from attack.

remember this: an off-site information processing facility should have the same amount of physical access restrictions as the primary processing site.

remember this::off-site information processing facility should not be easily identified to prevent intentional sabotage.

What is a Primary Key?

selected from the set of candidate keys for a table to be used to uniquely identify the records in a table

What is an entity that can exploit a vulnerability?

threat agent

FTPS and SFTP are what?

two ways of transferring files

Annualized rate of occurrence (ARO)

# / year

Annual cost of the safeguard $ / year

$ / year

Risk management - NIST Special Publication 800-30 has the following 8 steps

1. System Characterization 2. Threat Identification 3. Vulnerability Identification 4. Control Analysis 5. Likelihood Determination 6. Impact Analysis 7. Risk Determination 8. Control Recommendations 9. Results Documentation

What is the the number of encryption rounds depends on the key length chosen when it comes to AES when it comes to 128 bit keys?

10 rounds of encryption

In the United States, trademarks are granted for an initial period of__________________________

10 years and can be renewed for unlimited successive 10‐year periods.

What is the maximum length of cable that can be used for a twisted-pair, Category 5 10Base-T cable

100 meters

What is the maximum throughput rate and maximum usable distance for 10Base2 cable

10Base2 cable has a throughput of 10 Mbps and can be run up to distances of 185 meters

Rijndael requires ________ rounds of encryption when used with 192-bit cryptographic keys.

11 rounds

What is the the number of encryption rounds depends on the key length chosen when it comes to AES when it comes to 192-bit keys require

12 rounds of encryption

How many bits is the address space reserved for the source IP address within an IPv6 header?

128 Bits

AES uses key sizes of______________

128 bits or 192 bits and AES 256 uses a key size of 256 bits.

The AES cipher allows the use of three key strengths what are they?

128 bits, 192 bits, and 256 bits.

Twofish is a block cipher. It operates on______

128-bit blocks of data and is capable of using cryptographic keys up to 256 bits in length

What is the the number of encryption rounds depends on the key length chosen when it comes to AES when it comes to 256-bit keys require

14 rounds of encryption

Triple DES has an effective key length of?

168 bits

What is the maximum effective key length of the Triple DES (3DES) encryption algorithm?

168 bits

You are assessing an encryption algorithm that uses an 8-bit key. How many possible key values exist in this approach?

256

What is the maximum key size for Rijndael cipher?

256 bits

Which represents the maximum distance of a single run of Category 5 cable?

328 feet

An ethernet address is composed of how many bits?

48 bits that is hardwired into the NIC

What is a good key size for DES?

56 bits

What is the effective key size of DES?

56 bits

mwhat is the maximum allowed ping packet size?

65,536 bytes

The maximum allowed ping packet size is _________

65,536 bytes.

to engage in the ping of death attack, the attacker must send a packet that exceeds the maximum allowed ping packet size, what is the size?

65,537 bytes

size of the frame that sniffers capture is usually __ bytes. 70 68 60 78

68

ISO 17799 11 areas, renumbered as ISO 27002. Broad-based approach for infosec code of practice is 1. Policy 2. Organization of information security 3. Asset management 4. Human resources security 5. Physical and environmental security 6. Communications and operations management

7. Access control 8. Information systems acquisition, development, and maintenance 9. Information security incident management 10. Business continuity management 11. Compliance

What key size is used by the Clipper Chip

80 bits

NIST has published continuity planning best practices in

800-34

The term personal area network is most closely associated with what wireless technology?

802.15 (aka Bluetooth) creates personal area networks (PANs).

what is a MAC-Based security measure and each device that wants to talk on the network must have a valid certificate.

802.1x

remember this:To protect against replay attacks, the Kerberos authentication protocol uses the concept of an authenticator.

A Kerberos authenticator is embedded in Kerberos protocol exchanges that occur between the authenticating client and authentication server in Windows, the domain controller—DC. It holds additional authentication data, such as the ticket lifetime, and most important, the client's timestamp.

What is a system is the best tool to search through large log files looking for intrusion-related events?

A Security Information and Event Management (SIEM) system

TCP sequence number attack is what?

A TCP sequence number attack exploits the communication session which was established between the target and the trusted host that initiated the session.

this is a hardware-imposed network segmentation created by switches that requires a routing function to support communication between different segments.

A VLAN

How do you distinguish between a bridge and a router?

A bridge simply connects multiple networks, a router examines each packet to determine which network to forward it to.

What is transparency

A characteristic of a service, security control, or access mechanism that ensures it is unseen by users

what is is designed to work well with a narrow range of other systems, generally all from the same manufacturer?

A closed system

What is a compensating control?

A compensating control is just an alternate control or a way of providing a similar protection such using a fence versus a security guard

Covert Storage Channel:

A covert channel that involves writing to a storage location by one process and the direct or indirect reading of the storage location by another process.

_________is the process undertaken by CAs to establish a trust relationship in which they rely upon each other's digital certificates and public keys as if they had issued them themselves.

A cross certification?

What is a segment?

A data object called in the Transport layer

Remote mirroring is the most advanced, complete, and expensive off-site backup solution. With this solution, a live database server is kept off site at some secure remote location.

A data object is called a datagram or a packet in the Network layer. It is called a PDU in layers 5 through 7It is called a segment in the Transport layer and a frame in the Data Link layer.

A persistent collection of interrelated data items can be defined as what

A database can be defined as a persistent collection of interrelated data items.

Remember this: A brute-force attack is an attempt to discover passwords for user accounts by systematically attempting every possible combination of letters, numbers, and symbols

A dictionary attack checks passwords against a database or dictionary. A rainbow table attack checks hashed values of passwords against the values stored in a rainbow table.

How are domains related to decentralized access control

A domain is a realm of trust that shares a common security policy. This is a form of decentralized access control

Remember this: The Computer Ethics Institute created the Ten Commandments of Computer Ethics.

A drawback of classification schemes, especially as implemented via a mandatory access control concept, is that they require significant administration for a large organization.

A momentary loss of power is what form of power issue is called?

A fault is any abnormal situation in an electrical system when electrical current does not flow through the intended parts.

What supports one-to-many relationships, often expressed in a tree structure?

A hierarchical DBMS

Physically securing the tapes from unauthorized access is obviously a security concern and is considered a function of the Security Operations Domain.

A keyed hash also called a MAC message authentication code is used for integrity protection and authenticity. a message authentication code is a generated value used to authenticate a message. The MAC protects both a message's integrity as well as its authenticity, because only someone who knows the secret key could have modified the message.

What is a replay or playback attack?

A malicious user records the traffic between a client and a server and then retransmits them to the server with slight variations of the timestamp and source IP address. It is similar to hijacking

What should be calculated using all of the original file's data?

A message digest

Remember this: Nonrepudiation requires the use of a public key cryptosystem to prevent users from falsely denying that they originated a message

A mode is the method in which the IPSec protocol is applied to the packet. IPSec can be used in tunnel mode or transport mide Typically, the tunnel mode is used for gateway-to-gateway IPSec tunnel protection

What does not "directly " sense motion there is a narrow beam that won't set off the sensor unless the beam is broken?

A photoelectric sensor Photoelectric sensors, along with dry contact switches, are a type of perimeter intrusion detector.

_________is a unique identifier in the table that unambiguously points to an individual tuple or record in the table?

A primary key

What is tunneling, and why is it used

A process that protects the contents of packets by encapsulating them in another protocol. This creates the logical illusion of a communications tunnel through an untrusted intermediary network

What looks at higher layers in terms of the OSI model, so it can read application specific information to decide whether or not the traffic should be allowed through.

A proxy firewall

The Internet Security Glossary (RFC2828) defines an attribute certificate as a digital certificate that binds a set of descriptive data items, other than a public key, either directly to a subject name or to the identifier of another certificate that is a public-key certificate.

A public-key certificate binds a subject name to a public key value, along with information needed to perform certain cryptographic functions. Other attributes of a subject, such as a security clearance, may be certified in a separate kind of digital certificate, called an attribute certificate.

remember this: A threat is an event or activity that has the potential to cause harm to the information systems.

A risk is the probability that a threat will materialize. A vulnerability, or weakness, is a lack of a safeguard, which may be exploited by a threat, causing harm to the information systems.

What is ia domain of trust that shares a single security policy and single management?

A security domain is a domain of trust that shares a single security policy and single management.

What reviews change requests and evaluates them for potential negative impacts. All changes aren't necessarily approved or rejected. The analysis doesn't attempt to identify changes?

A security impact analysis

WHat is responsible for enforcing a security policy. It is a strict implementation of a reference monitor mechanism.

A security kernel

Data classification programs are put in place is to ensure all types of data are protected in the most cost beneficial way possible

A security policy is a document that portrays a senior manager directives it outlines Security roles and responsibilities, data classification, needs and goals, level of risk that a company is willing to accept

What filters traffic by examining data from a message header

A static packet-filtering firewall

What is suitable for hardware implementation?

A stream cipher treats the message as a stream of bits or bytes and performs mathematical functions on them individually

What is the star property?

A subject at a given security level must not write to any object at a lower security level - no write down this is also known as the confinement property

Which of the following is a proximity identification device that does NOT require action by the user and works by responding with an access code to signals transmitted by a reader?

A transponder--A transponder is a proximity identification device that does not require action by the user.

What is a Caesar cipher?

A very simple substitution cipher that can be easily defeated and it does show show repeating letters

Which best defines a virtual machine?

A virtual instance of an operating system A virtual machine can also be called a guest, which runs in a host environment. The host environment—usually an operating system—

What is a stealth virus?

A virus that hides itself from OSes and other protective software, such as antivirus shields is what?

What can be defined as a data structure that enumerates digital certificates that were issued to CAs but have been invalidated by their issuer prior to when they were scheduled to expire? a. Authority revocation list b. Certificate revocation tree c. Untrusted certificate list d. Certificate revocation list

A. Authority revocation list The Internet Security Glossary (RFC2828) defines the Authority Revocation List (ARL) as a data structure that enumerates digital certificates that were issued to CAs but have been invalidated by their issuer prior to when they were scheduled to expire.

Which of the following is NOT a true statement about public key infrastructure (PKI)? a The Registration authority role is to validate and issue of digital certificates to end users b Root certificate authority's certificate is always self signed c The Registration authority (RA) acts as a verifier for Certificate Authority (CA) d The Certificate authority role is to issue digital certificates to end users

A. The Registration authority role is to validate and issue digital certificates to end users A PKI (public key infrastructure) enables users of a basically unsecure public network such as the Internet to securely and privately exchange data and money through the use of a public and a private cryptographic key pair that is obtained and shared through a trusted authority.

NIST released FIPS 197, which mandated the use of ___________for the encryption of all sensitive but unclassified data by the US government.

AES

Of the following which is the strongest symmetric encryption algorithm, 3DES, AES, RSA 3AES

AES

Annualized loss expectancy (ALE) ALE

ALE = SLE * ARO or ALE = AV * EF * ARO

The ALE is calculated using the following formula

ALE = single loss expectancy (SLE) times annualized rate of occurrence (ARO)

Calculating Safeguard Cost/Benefit is:

ALE before safeguard - ALE after implementing the safeguard - annual cost of safeguard ACS = value of the safeguard to the company

what is annualized loss expectancy ALE and how is it calculated?

ALE is an element of quantitative risk analysis that represents the possible yearly cost of all instances of a specifi c realized threat against a specific asset. The formula is ALE = single loss expectancy SLE * annualized rate of occurrence ARO

what are passed with each API call to authenticate the API user?

API keys

Single loss expectancy (SLE) SLE = AV * EF

AV times EF AV X EF

What is used to defi ne what types of data an object can contain, what types of functions can be performed on or by that object, and what capabilities that object has.

Abstraction

What are firewall policy actions?

Accept, Discard

Preventing unwanted software installations are best handled by what form of control?

Access Control

What is is the automated mechanism that can prevent or permit system changes, installations, and updates on a selective basis?

Access Control

what is the difference between an ACL in a capability table?

Access Control Lists are object focus and identify access granted to subjects for any specific object. capability tables are subject focus and identify the object that subjects can access

Remember this: In a smurf attack, the attacker sends a single forged packet bearing a source address corresponding to the victim machine.

Access control is any hardware, software, or organizational administrative policy or procedure that grants or restricts access, monitors and records attempts to access, identifies users attempting to access, and determines whether access is authorized.

Access controls consists of

Access control refers to a wide area of protection of data, system and user access.

When ensuring that subjects can only access objects through the use of an application ... This is referred to as what?

Access triple Under the security model framework, some models enforce separation of duties which divide operations into different parts- ensures subjects access objects to the application. The subject must go to an application to access an object.

If a security mechanism offers availability, then it offers a high level of assurance that authorized subjects can _____ the data, objects, and resources. Control Audit Access Repudiate

Accessibility of objects and resources is the goal of availability. If security is involved, then data, resources are accessible to authorized subjects

The TCP _______scan sends an _______ packet, simulating a packet from the middle of an already established connection.

Acknowledgment

What is the non interference model?

Actions take place at a higher security level do not affect actions at the lower security level

To validate system capability and functionality to return to a normal system state and plan for future outages what needs to occur?

Activation/Notification phase

What interpret DoS and read-only memory ROM BIOS calls, looking for malware like actions?

Active Monitors

What is the default valuation clause property insurance. It is also known as depreciated value. It involves estimating the amount to be subtracted, which reflects the building s age, wear, and tear?

Actual Cash Value (ACV)?

What improves the security of password hashing?

Adding salts to the passwords before hashing them reduces the effectiveness of rainbow table attacks

how cryptographic salts improve the security of password hashing?

Adding salts to the passwords before hashing them reduces the effectiveness of rainbow table attacks

Remember this Secuirity baselines don't apply equally to all organizations. Instead, organizations as they use scoping and tailoring techniques to identify the security controls to implement in their baselines.

Additionally, organizations ensure that they implement security controls mandated by external standards that apply to their organization

What is an aggregation attack?

Aggregation attacks involve the use of specialized database functions to combine information from large number of database records revealing information that is more sensitive than the info a single record would reveal

You work for a software development house. Your main concern is being first to market with new software products. What software development model would be best to use.

Agile

Agile development is a phrase used in software development to describe methodologies for incremental software development.

Agile development is a phrase used in software development to describe methodologies forAgi development is an alternative to traditional project management where emphasis is placed on empowering people to collaborate and make team decisions in addition to continuous planning, continuous testing and continuous integration.

What is a phrase used in software development to describe methodologies for incremental software development emphasis is placed on empowering people to collaborate and make team decisions in addition to continuous planning, continuous testing and continuous integration

Agile software development

What does the Digital Signature Standard allow?

Allows the federal government use Digital Signature Algorithm, RSA, or the Elliptic Curve DSA in conjunction with the SHA-1 hashing function to produce a digital signature

The Kernel mode is what?

Also referred to as system mode, is one of the two distinct modes of operation of the CPU (central processing unit) in Linux. The other is user mode, a non-privileged mode for user programs, that is, for everything other than the kernel.

Remember this: Other services after a disater, in descending priority order are: IS operations, IS support services, market structure, marketing/public relations

Also, after a disaster,customer service & systems support, market regulation/surveillance, listing, application development, accounting services, facilities, human resources, facilities security, legal and Office of the Secretary, national sales

What act amendends criminalize scausing damage to federal systems, federal interest systems, and computers involved in interstate commerce

Amendments to the Computer Fraud and Abuse Act

What are the functions of an intrusion detection system (IDS)?

An IDS automates the inspection of audit logs and real-time system events, detects intrusion attempts, and watches for violations of confidentiality, integrity, and availability

Remember this: Metadata is data that provides information about other data Two types of metadata exist: structural metadata and descriptive metadata. Structural metadata is data about the containers of data. Descriptive metadata uses individual instances of application data

An IS auditor must review the change management process, including patch management procedures, and verify that the process has adequate controls and make suggestions accordingly.

What generates and displays one-time passwords using a challenge-response process to generate the password?

An asynchronous token

What is a man-in-the-middle attack?

An attack in which a malicious user is positioned between the two endpoints of a communication's link

Which of the following offers confidentiality to an e-mail message

An e-mail message's confidentiality is protected when encrypted with the receiver's public key, because he is the only one able to decrypt the message. The sender is not supposed to have the receiver's private key.

WHat is an object-relational database?

An object-relational database (ORD), or object-relational database management system ORDBMS, is a database management system (DBMS) classes and inheritance are directly supported in database schemas and in the query language.

What is generally involved in the processes of risk management

Analyzing an environment for risks, evaluating each risk as to its likelihood and damage, assessing the cost of countermeasures, and creating a cost/benefit report to present to upper management

What is electronic vaulting? a. Information is backed up to tape on a hourly basis and is stored in a on-site vault. b. A transfer of bulk information to a remote central backup facility. c. Information is backed up to tape on a daily basis and is stored in a on-site vault. d. Transferring electronic journals or transaction logs to an off-site storage facility

Answer B A transfer of bulk information to a remote central backup facility. bElectronic vaulting is defined as "a method of transferring bulk information to off-site facilities for backup purposes". Remote Journaling is the same concept as electronic vaulting, but has to do with journals and transaction logs, not the actual files.

Which one of the following determinations might result from a qualitative risk assessment? A. Annualized loss expectancy B. Single loss expectancy C. Categorical prioritization D. Exposure factor

Answer C. Qualitative risk assessment uses nonnumerical factors, such as categorical prioritization. The other choices listed are examples of factors used in quantitative risk assessment.

An amplification network is used to wage a DoS attack in which of the following? A.Smurf attack B.Spamming attack C.Teardrop attack D. Land attack

Answer: A A smurf attack occurs when an amplifying server or network is used to flood a victim with useless data.

An amplification network is used to wage a DoS attack in which of the following? A. Smurf attack B. Spamming attack C. Teardrop attack D. Land attack

Answer: A A smurf attack occurs when an amplifying server or network is used to flood a victim with useless data.

What is used to increase the strength of cryptography by creating a unique cipher text every time the same message is encrypted with the same key? A. Initialization vector B. Vignere cipher C. Steganography D. Stream cipher

Answer: A An initialization vector (IV) is a random bit string (a nonce) that is the same length as the block size that is XORed with the message. IVs are used to create a unique cipher text every time the same message is encrypted with the same key.

A _______________ contains levels with various compartments that are isolated from the rest of the security domain. A. Hybrid environment B. Compartmentalized environment C. Hierarchical environment D. Security environment

Answer: A Hybrid environments combine both hierarchical and compartmentalized environments so that security levels have subcompartments.

In what type of cryptographic attack does the attacker interfere with the connection establishment and then gain access to all subsequent communications? A. Man-in-the-middle attack B. Chosen plain-text attack C. Birthday attack D. Meet-in-the-middle attack

Answer: A In the man-in-the-middle attack, the attacker sits between the two communicating parties and relays messages between them. Both parties think they are communicating directly with each other.

On a much smaller scale, _______________ is deployed to repair or restore capability, functionality, or resources following a violation of security policy. A. Recovery access control B. Corrective access control C. Detective access control D. Compensation access control

Answer: A Recovery access control is deployed to repair or restore resources, functions, and capabilities after a violation of security policies.

Which one of the following cipher types operates on individual characters or bits of a message without knowledge of what came before or after? A. Stream cipher B. Caesar cipher C. Block cipher D. ROT3 cipher

Answer: A Stream ciphers operate on one character or bit of a message (or data stream) at a time.

In an agile software development process, how often should business users be involved in development? A. Daily B. Weekly C. Monthly D. At each release

Answer: A The agile development process requires that business users interact with developers on a daily basis.

What is the primary purpose of most viruses today? A. Infecting word processor documents B. Creating botnets C. Destroying data D. Sending spam

Answer: B Most viruses are designed to add systems to botnets, where they are later used for other nefarious purposes, such as sending spam or participating in distributed denial of service attacks.

What malicious code avoidance technique provides users with the ability to identify code originating from a trusted source? A. Sandboxing B. Control signing C. Whitelisting D. Access permissions

Answer: B Control signing utilizes a system of digital signatures to ensure that the code originates from a trusted source. It is up to the end user to determine whether the authenticated source should be trusted.

What feature of the TCP/IP protocol suite makes it possible for tools like Loki to bypass firewall restrictions by passing otherwise prohibited traffic across the network sentry using ICMP? A. Dynamic IP addressing B. Encapsulation C. VLSM D. Supernetting

Answer: B Encapsulation is the feature of the TCP/IP protocol suite that makes it possible for tools like Loki to bypass firewall restrictions by tunneling prohibited traffic through an alternate protocol, such as ICMP.

Which of the following choices is the most reliable method of destroying data on a CD? A. Degaussing B. Physical destruction C. Deleting D. Overwriting

Answer: B Physical destruction is the most reliable method of destroying data on any media, including a CD. Degaussing won't affect a CD. Deleting rarely deletes the data. Overwriting might destroy the data depending on the method used, but it isn't as reliable as physical destruction.

The Twofish algorithm uses an encryption technique not found in other algorithms that XORs the plain text with a separate subkey before the first round of encryption. What is this called? A. Preencrypting B. Prewhitening C. Precleaning D. Prepending

Answer: B Prewhitening XORs the plain text with a separate subkey before the first round of encryption.

Which source of interference is generated by electrical appliances, light sources, electrical cables and circuits, and so on? A. Cross-talk noise B. Radio frequency interference C. Traverse mode noise D. Common mode noise

Answer: B Radio frequency interference (RFI) is the source of interference that is generated by electrical appliances, light sources, electrical cables and circuits, and so on.

Which essential element of an audit report is not considered to be a basic concept of the audit? A. Purpose of the audit B. Recommendations of the auditor C. Scope of the audit D. Results of the audit

Answer: B Recommendations of the auditor are not considered basic and essential concepts to be included in an audit report. Key elements of an audit report include the purpose, scope, and results of the audit.

In an agile software development process, how often should business users be involved in development? A. Daily B. Weekly C. Monthly D. At each release

Answer: B Spoofing is the replacement of valid source and destination IP and port addresses with false ones. It is often used in DoS attacks but is not considered a DoS attack itself. Flooding, smurf, and ping of death are all DoS attacks.

Which of the following best describes change management? A. Preventing changes to systems B. Ensuring only approved changes are implemented C. Ensuring that changes do not reduce security D. Auditing privilege access

Answer: B The goal of change management is to ensure that any change does not lead to unintended outages or reduce security. Change management doesn't affect personnel safety. A change management plan will commonly include a rollback plan, but that isn't a specific goal of the program. Change management doesn't perform any type of auditing.

What is the primary purpose of change management? A. To prevent unwanted reductions to security B. To allow management to review all changes C. To delay the release of mission-critical patches D. To improve productivity of end users

Answer: B The primary purpose of change management is to allow management to review all changes. However, it is true that the overall goal of change management is to prevent unwanted reductions to security.

In addition to job rotation, what other security mechanism supports peer auditing? A. Separation of duties B. Principle of least privilege C. Mandatory vacations D. Job responsibilities

Answer: C Mandatory vacations support peer auditing by placing another user in a job position for at least a week every year.

The operating system design concept of protection rings was derived from what early operating system? A. Windows B. Unix C. Multics D. Macintosh

Answer: C Multics has left two enduring legacies in the computing world. First, it inspired the creation of a simpler, less-intricate operating system called Unix (a play on the word multics), and second, it introduced the idea of protection rings to operating system design.

What remote access protocol replaced SLIP? A.802.11 B. SSH C. PPP D. TLS

Answer: C PPP is a replacement for SLIP.

What database backup technology uses frequent, perhaps hourly, transfers of information between the primary and alternate sites? A. Remote mirroring B. Electronic vaulting C. Remote journaling D. Fault tolerance

Answer: C Remote journaling technology transfers copies of the database transaction log to the alternate site on a frequent basis.

The normal operations of a business are restored at the conclusion of the _______ phase of incident response. A. Identification B. Analysis C. Closure D. Lessons learned

Answer: C The closure phase includes the restoration of the normal business operations of an organization.

Which one of the following files is least likely to contain a virus? A. COMMAND.COM B. SOLITAIRE.EXE C. SECRET.TXT D. LOVE.VBS

Answer: C The filename extension .txt is normally used to describe text files, which do not contain executable code

When attempting to impose accountability on users, what key issue must be addressed? A. Reliable log storage system B. Proper warning banner notification C. Legal defense/support of authentication D. Use of discretionary access control

Answer: C To effectively hold users accountable, your security must be legally defensible. Primarily, you must be able to prove in a court that your authentication process cannot be easily compromised. Thus, your audit trails of actions can then be tied to a human.

A tunnel mode VPN is used to connect which types of systems? A. Hosts and servers B. Clients and terminals C. Hosts and networks D. Servers and domain controllers

Answer: C Tunnel mode VPNs are used to connect networks to networks or networks to hosts. Transport mode is used to connect hosts to hosts. Host, server, client, terminal, and domain controller are all synonyms.

The backup administrator configures a system to perform full backups on Sundays and differential backups on Mondays through Saturdays. The system fails on Wednesday. What backups must be applied? A. Sunday only B. Sunday, Monday, Tuesday and Wednesday C. Sunday and Wednesday only D. Sunday, Monday and Wednesday only

Answer: C With differential backups, you must first restore the most recent full backup and then apply the most recent differential backup.

In what scenario would you perform bulk transfers of backup data to a secure offsite location? A. Incremental backup B. Differential backup C. Full backup D. Electronic vaulting

Answer: D Electronic vaulting describes the transfer of backup data to a remote backup site in a bulk-transfer fashion.

_______________ is the process by which a subject provides a username, logon ID, personal identification number, and so on. A. Accountability B. Authentication C. Confidentiality D. Identification

Answer: D Identification is the process by which a subject professes an identity and accountability is initiated

Which one of the following alternate processing arrangements is rarely implemented? A. Hot site B. Warm site C. Cold site D. MAA site

Answer: D Mutual assistance agreements are rarely implemented because they are difficult to enforce in the event of a disaster requiring site activation.

Which of the following is a benefit of packet-switching technologies over circuit-switching technologies? A. Fixed known delays B. Connection oriented C. Sensitive to connection loss D. Supports bursty traffic

Answer: D Packet-switching technologies support bursty traffic rather than constant traffic. The others are benefits of circuit switching.

What method is not integral to assuring effective and reliable security staffing? A. Screening B. Bonding C. Training D. Conditioning

Answer: D Screening, bonding, and training are all vital procedures for ensuring effective and reliable security staffing because they verify the integrity and validate the suitability of said staffers

what proposes a framework for international enforcement of intellectual property protections. As of February 2015, the treaty awaited ratification by the European Union member states, the United States, and five other nations

Anti‐Counterfeiting Trade Agreement

What is a countermeasure?

Any hardware or software or procedure that helps to mitigate a potential risk

The two logs maintained in Apache server are 'error' logs and __ logs. network system request access

Apache server maintains error logs and access logs

Non-IP Protocols

AppleTalk and IPX

What determines the identity of the communication partners in the DoD Modeal where Non-Repudiation service would be provided as well and what layer does this reside in?

Application Layer

What are the layers of a software-defined network?

Application layer, Control layer, Infrastructure layer

FTP, TFTP, SNMP, and SMTP are provided at what level of the Open Systems Interconnect OSI Reference Model?

Application. The Layer 7 Application Layer of the Open Systems Interconnect (OSI) Reference Model is a service for applications and Operating Systems data transmission, for example FTP, TFTP, SNMP, and SMTP.

There are four layers that deal with both the physical and the software including drivers components. The four layers include:

Applications 3 Hardware 2 Operating System 1 Kernel 0

Threat modeling is the process of identifying, understanding, and categorizing potential threats, including threats from attack sources.

Asset valuation identifies the value of assets. Vulnerability analysis identifies weaknesses. An advanced persistent threat is a form of attack, often sponsored by a government.

what Communications is the basic language of modems and dial-up remote access systems?

Asynchronous Communication is the basic language of modems and dial-up remote access systems

What is cell switching technology?

Asynchronous Transfer Mode-ATM which is WAN communication technology at 53 byte cells

Defining Data Security Requirements, what steps should an organization take to protect email?

At a minimum, an organization should label and encrypt sensitive email. Using strong encryption methods such as Advanced Encryption Standard with 256-bit cryptography keys AES 256 makes it almost impossible for unauthorized personnel to read the text.

What encompasses a wide variety of different activities, including the recording of event/occurrence data, examination of data, data reduction, the use of event/occurrence alarm triggers, and log file analysis?

Auditing

Which of the following should NOT be a role of the Security Administrator?

Authorizing access rights For proper segregation of duties, the security administrator should not be responsible for authorizing access rights. This is usually the responsibility of user management/data owner.

This allows a PBX to be configured so that incoming calls are distributed to the next available agent or placed on-hold until one become available?

Automatic Call distribution

Which Orange book security rating introduces called "Labeled Security" and each data object must have a classification label and each subject a clearence label. On each access attempt, the classification and clearence are checked to verify that the access is permissable?

B1

Orange book security rating introduces security labels?

B1 is also called "Labeled Security" and each data object must have a classification label and each subject a clearence label. On each access attempt, the classification and clearence are checked to verify that the access is permissable.

What is covert channel analysis required for?

B2 Structured Protection normally includes covert channel, device labels, subject sensitivity labels, trusted path, trusted facility management, configuration management.

Who implements a combination of policies, procedures, and processes such that a potentially disruptive event has as little impact on the business as possible?

BCP planners

Which routing protocol enables routers on different autonomous systems to share routing information?

BGP

What are the business impact analysis steps? 1. Select individuals to interview for data gathering. 2. Create data-gathering techniques (surveys, questionnaires, qualitative and quantitative approaches). 3. Identify the company's critical business functions. 4. Identify the resources these functions depend upon.

BIA Steps 5. Calculate how long these functions can survive without these resources. 6. Identify vulnerabilities and threats to these functions. 7. Calculate the risk for each different business function. 8. Document findings and report them to management.

what are vectors for attackers to bypass security checks, such as authentication? Be wary when someone says something will make computing both easier and more secure.

Backdoors

Differential backup process will?

Backs up data labeled with archive bit 1 and leaves the data labeled as archive bit 1

Which addressing uses a value stored in one of the CPU's registers as the base location from which to begin counting. The CPU then adds the offset supplied with the instruction to the value and retrieves the operand from that computed memory location?

Base+Offset addressing

when using Link encryption, packets have to_______

Be decrypted at each hop

Why was Triple DES adopted as a standard for government communications?

Because the meet in the middle attack showed that it took the same computing power to defeat 2 DES as it would standard DES.

What type of intrusion detection techniques assume that an intrusion can be detected by observing a deviation from normal or expected behavior of the system or the users?

Behavior-based intrusion detection

Which of these is not permitted by the Bell-LaPadula Model? Read from a higher level of security Write to a higher level of security None of these Read at the same security level

Bell-LaPadula Model does not allow subjects to read from a higher level of security (relative to their own security level). Rest of the given options ar

The __________Model which describes rules for the protection of data integrity

Biba Integrity Model

What type of symmetric-key encryption algorithm that transforms a fixed-size block of plaintext unencrypted text data into a ________ of ciphertext encrypted text data of the same length. They are appropriate for software implementations and can operate internally as a stream.

Block ciphers

What use key sizes of 32 bits to 448 bits and is a strong encryption protocol?

Blowfish

What is another alternative to DES and IDEA. that operates on 64-bit blocks of text by allowing the use of variable-length keys ranging from a relatively insecure 32 bits to an extremely strong 448 bits?

Blowfish block cipher

What is BGP?

Border Gateway Protocol (BGP) is a standardized exterior gateway protocol designed to exchange routing and reachability information among autonomous systems (AS) on the Internet.

what keys can uniquely identify records in a table?

Both Primary and Candidate Keys

What supports the enterprise authentication known as 802.1x/EAP, a standard port-based network access control that ensures clients cannot communicate with a resource until proper authentication has taken place?

Both WPA and WPA2

The Clark-Wilson model focuses on data integrity. The Bell-LaPadula model supports data confidentiality.

Both the Biba model and the Clark-Wilson model address the integrity of data. The Clark-Wilson Integrity Model addresses the three integrity goals and defines constrained data items and integrity verification procedures, and confirms transformation procedures.

What is diameter for remote access?

Building on the success of radius in TACAcS + its an enhanced version of of radius. diameter supports a wide range of protocols including traditional IP mobile IP, voice over IP and supports extra commands it's popular were roaming support is needed such as wireless devices and smart phones.

Because scripts contain credentials, they must be stored in a protected area and the transmission of the scripts must be dealt with carefully. Operators might need access to batch files and scripts.

Business Continuity Plans are designed to minimize the damage done by the event, and facilitate rapid restoration of the organization to its full operational capacity. They are for use "after the fact", thus are examples of corrective controls

What is most critical to survival to an organization?

Business Impact Analysis

What measures the potential loss that could be caused by a disaster?

Business Impact Analysis

Who own the processes and ensure the systems provide value to the organization.

Business and mission owners

Who own the processes and ensure the systems provide value to the organization?

Business and mission owners

What does it mean when it says " do not put your eggs in one basket?"

By splitting or dividing your outfit into several divisions, branches, offices, and so on, you create multiple sites and reduce the impact of a major disaster.

Which one of the following files might be modified or created by a companion virus?

COMMAND.EXE

Remeber: The Committee of Sponsoring Organizations of the Treadway Commission (COSO)2 sponsor the National Commission on Fraudulent Financial Reporting, which studied factors that lead to fraudulent financial reporting and produced recommendations for public companies, their auditors, the Securities Exchange Commission, and other regulators.

COSO identifies five areas of internal control necessary to meet the financial reporting and disclosure objectives. These include: (1) control environment, (2) risk assessment, (3) control activities, (4) information and communication, and (5) monitoring.

What is Immediate addressing

CPU does not need to actually retrieve any data from memory. The data is contained in the instruction itself

What is a fast form of memory?

CPU registers are the fastest form of memory.

the notification requirements placed on organizations that experience a data breach occured where?

California's SB 1386 implemented the fi rst statewide requirement to notify individuals of a breach of their personal information.

the notification requirements placed on organizations that experience a data breach are?

California's SB 1386 implemented the first statewide requirement to notifyindividuals of a breach of their personal information. All but three states eventually followed suit with similar laws. federal law only requires the notification of individuals when a HIPAA‐covered entity breaches their protected health information

_____can be any column or a combination of columns that can qualify as unique key in database?

Candidate Key

What is a subset of attributes that can be used to uniquely identify any record in a table.

Candidate Keys

remember this: When an intrusion has been detected and confirmed, if you wish to prosecute the attacker in court, the following actions should be performed in the following order: Capture and record system information and evidence that may be lost, modified, or not captured during the execution of a backup procedure.

Capture and record system information and evidence that may be lost, modified, or not captured during the execution of a backup procedure.

Input for one system comes from the output of another system. Feedback: One system provides input to another system, which reciprocates by reversing those roles One system sends input to another system but also sends input to external entities.

Cascading

What are the Risk Management Framework RMF steps?

Categorize, Select, Implement, Assess, Authorize, Monitor.

the six steps of the risk management framework

Categorize, Select, Implement, Assess, Authorize, and Monitor

six steps of the risk management framework are:

Categorize, Select, Implement, Assess, Authorize, and Monitor C S I A A M

the six steps of the risk management framework are?

Categorize, Select, Implement, Assess, Authorize, and Monitor.

What is the best means to improve the security of a challenge-response based authentication system?

Challenge response-based authentication is prone to session hijacking or man-in-the-middle attacks. Security management should be aware of this and engage in risk assessment and control design when they employ this technology.

In a brute force attack why changing a password frequently will not stop or delay an attack?

Changing the password frequently does not have an effect on the speed or ease with which it can be cracked.

What is the preparation of storage media by overwriting with unclassified data for later reuse or redistribution?

Clearing is a method of sufficiently deleting data on media that will be reused in the same secured environment

When a website provides one version of a page to search engines while serving a different version to users, this is called website ___. cloaking mirroring spoofing hiding

Cloaking is a search engine optimization (SEO) technique in which the content presented to the search engine spider is different from that presented to the user's browser.

remember this: Port knocking is where the client will attempt to connect to a predefined set of ports to identify him as an authorized client. The port knocking sequence is used to identify the client as a legitimate user

Common Criteria 15408 generally outlines assurance and functional requirements through a security evaluation process concept of Protection Profile PP, Target of Evaluation TOE, and Security Target ST for Evaluated Assurance Levels EALs to certify a product or system.

Hierarchical database model Network model Relational model Object-relational database models are what?

Common logical data models

Sampling is a form of data reduction that allows an auditor to quickly determine the important issues or events from an audit trail.

Common mode noise is generated by the difference in power between the hot and ground wires of a power source or operating electrical equipment.

What environments require specific security clearances over compartments or domains instead of objects?

Compartmentalized environments require specific security clearances over compartments or domains instead of objects.

What law extension of the United States Secret Service's jurisdiction over credit card fraud and computer fraud?

Comprehensive Crime Control Act of 1984

What is Every X number of words within a text, is a part of the real message,

Concealment cipher

What is the Clark Wilson model?

Concerned with change control with the assurance that all modifications to objects maintain integrity by well formed transactions and usage of access triple which is subject - interface- object

What uses a "lock" feature to allow an authorized user to make changes and then "unlock" the data elements only after the changes are complete so another user is unable able to access the database to view and/or make changes to the same elements at the same time.

Concurrency

what is a preventive security mechanism that endeavors to make certain that the information stored in the database is always correct or at least has its integrity and availability protected?

Concurrency

What is the best symmetric cryptography, both parties will be using the same key for encryption and decryption?

Confidentiality

______________assures that the information is not disclosed to unauthorized persons or processes?

Confidentiality assures that the information is not disclosed to unauthorized persons or processes.

A message encrypted and digitally signed provides:

Confidentiality, Authentication, Non-repudiation, and Integrity

Which of the following is best provided by symmetric cryptography?

Confidentiality. When using symmetric cryptography, both parties will be using the same key for encryption and decryption. Symmetric cryptography is generally fast and can be hard to break. It offers limited overall security in the fact that it can only provide confidentiality.

In the Bell-LaPadula model, the Star-property is also called?

Confinement Property

What are the the various types of software license agreements?

Contractual license agreements are written agreements between a software vendor and user. Shrink‐wrap agreements are written on software packaging and take effect when a user opens the package. Clickwrap agreements require the user to accept the terms during the software installation process

__________is a security concept infrastructure used to organize the complex security solutions

Control Objectives for Information and Related Technology

What is a security concept infrastructure used to organize the complex security solutions of companies?

Control Objectives for Information and Related Technology COBIT

The main responsibility of the network layer is to insert information into the packet's header so that it can be properly routed. The protocols at the network layer must determine the best path for the packet to take

Controlling access by a subject an active entity such as individual or process to an object a passive entity such as a file involves setting up access rules.

What law guarantees the creators of "original works of authorship" protection against the unauthorized duplication of their work?

Copyright law

When should a post-mortem review meeting be held after an intrusion has been properly taken care of? a. Within the first month after the investigation of the intrusion is completed. b. Within the first week of completing the investigation of the intrusion. c. Within the first week after prosecution of intruders have taken place, whether successful or not. d. Within the first three months after the investigation of the intrusion is completed.

Correct Answer is: A Within the first week of completing the investigation of the intrusion. A post-mortem review meeting should be held with all involved parties within three to five working days of completing the investigation of the intrusion. Otherwise, participants are likely to forget critical information

Failure of a contingency plan is usually: Because of a lack of training. Because of a lack of awareness. A management failure. A technical failure.

Correct Answer is: A management failure. Failure of a contingency plan is usually management failure to exhibit ongoing interest and concern about the BCP/DRP effort, and to provide financial and other resources as needed. Lack of management support will result in a lack awareness and training.

The purposes of RAID (Redundant Array of Inexpensive Disks) are to provide which of the following? a Performance Increase b. Prevent file server hard disks crashes c. Fault Tolerance d. Redundancy and Higher Data Transfer performance

Correct Answer is: A. Redundancy and Higher Data Transfer performance This is a tricky question, as you probably noted the word "purposes" is plural which means there is more than one choice expected. The plural form kind of gives it away as there is only one answer with two choices. If the question would have contained the keywords "primary purpose" then fault tolerance would have been the best choice.

Which of the following statement INCORRECTLY describes circuit switching technique? a. Packet uses many different dynamic paths to get the same destination b. Fixed delays c. Traffic travels in a predictable and constant manner d. Connection oriented virtual links Correct Answer is: Packet uses many different dynamic paths to get the same destination

Correct Answer is: Packet uses many different dynamic paths to get the same destination

when deleting a file is not enough to get rid of it, which of these are recommended? Shredding Whipping Overweighting All of these

Correct answer: All of these Wiping, overwriting, and shredding are all considered excellent safety precautions to ensure that data is truly inaccessible after its intentional removal.

which measure will most likely delay a successful brute force attack

Correct answer: Increasing the size of the password While changing passwords frequently may help ensure the integrity of a password, a brute-force attack rapidly applies a series of combinations to find a match;

Which method will most likely delay a successful brute force attack?

Correct answer: Increasing the size of the password therefore, increasing the size of a password exponentially increases the workload and therefore the time a brute-force attack must use to succeed.

Bluejacking is what?

Correct answer: The sending of a message without the authorized user's consent Bluejacking is where messages are sent from a user or a system without authorized consent. The transmission often involves the use of a receiving blue tooth device.

It has been determined that a specific role in an organization could upset a system of checks and balances. In terms of risk analysis, this kind of danger is determined as what?

Correct answer: Threat When the danger only has the potential to create a negative impact, it is considered a threat. If specific roles in the organization could upset checks and balances

How many parts are there in the common criteria for SLDC?

Correct answer: Three The Software Development Life Cycle (SDLC) includes three parts. Part one is the introduction, part two includes the details of specific functional requirements, and part three details security assurance requirements.

Identify the choice that reflects a control an organization might establish to increase security measures? vacation Job rotations None of these Vacations and job rotations

Correct answer: Vacations and job rotation Vacations and job rotation give organizations an opportunity for employees to work in positions they normally do not in the hopes they uncover an issue which is not in the normal pattern of processes.

What are countermeasures to spoofing attacks

Countermeasures to spoofing attacks include patching the OS and software, enabling source/destination verification on routers, and employing an IDS to detect and block attacks

involves writing to a storage location by one process and the direct or indirect reading of the storage location by another process

Covert Storage Channel:

which one process modulates its system resource for example, CPU cycles, which is interpreted by a second process as some type of communication.

Covert Timing Channel

remember this: A covert channel is an unintended communication path within a system, therefore it is not protected by the system's normal security mechanisms.

Covert channels are a secret way to convey information. Covert channels are addressed from TCSEC level B2.

_______Outlines how the proper design of a physical environment can reduce crime by directly affecting human behavior?

Crime Prevention Through Environmental Design CPTED

When a team conducts a BIA to understand the functions and resources an organization requires for productivity, the team must calculate the maximum to tolerable downtime (MTD). What needs to properly identified for each resource?

Criticality of each resource

Can Honeypots monitor hacker activities and use their results as evidence in court?

Currently honeypot logs cannot be produced as evidence in a court of law

Who helps protect the integrity and security of data by ensuring it is properly stored and protected ensuring the data is backed up in accordance with a backup policy. If administrators have configured auditing on the data_________would also maintain these logs.

Custodians

The concept of best practices as closely associated with what kind of law?

Customary law

A portable data storage device has been determined to have malcious firmware. Which of the following is the BEST course of action to ensure data confidentiality. A. Format the devie B. Re-image the device C. Perform virus scan in the device D. Physically destroy the device

D- physically destroy the device to preserve confidentiality.

Which of the following is a Microsoft technology for communication among software components distributed across networked computers

DCOM Distributed Component Object Model

What uses a hierarchical model to organize data, with root name servers representing the top-level domains and authority distributed hierarchically to child servers.

DNS

Which protocol is secured by using TSIG?

DNS

DNS uses a ______________ model to organize data, with root name servers representing the top-level domains and authority distributed hierarchically to child servers.

DNS uses thehierarchical model to organize data, with root name servers representing the top-level domains and authority distributed hierarchically to child servers.

_______is the alteration of existing data. Many times, this modification happens before the data is entered into an application or as soon as it completes processing. The most common reason is to overstate revenue and assets and understate expenses and liabilities.

Data Diddling

What is a subset of SQL containing the commands used to interact with data?

Data Manipulation Language DML

When a Proxy transfers a copy of each accepted data packet from one network to another what is masked?

Data Origin

Who are typically third-party entities that process data for an organization?

Data Processors

Data diddling is the__________?

Data diddling is the alteration of existing data. Many times, this modification happens before the data is entered into an application or as soon as it completes processing. The most common reason is to overstate revenue and assets and understate expenses and liabilities.

What is a key element in security controls

Data hiding and programming

TLS is a secure protocol implemented in web application traffic to ensure privacy between client and server communications to protect this type of data:

Data in Transit/Motion

What is the difference between Data manipulation language and data definition language?

Data manipulation language is a grouping of computer languages used by computer programs to manipulate data in a database; Data definition language is a computer language used specifically to define data structures.

Who is responsible for defining data classifications and ensuring systems and data are properly marked?

Data owners

Who is responsible for defining data classifications and ensuring systems and data are properly marked?

Data owners

Who has a responsibility to protect the privacy of the data and not use it for any other purpose than directed by the data controller?

Data processors

who are typically third-party entities that process data for an organization?

Data processors

Remember this: Pretty good privacy is a freeware email security application that uses IDEA algorithm for encryption and RSA algorithm for key distribution.

Data remanence is the data that prevails on a computer after an erase operation has been performed

what is the difference between data remanence and residual data?

Data remanence is the data that prevails on a computer after an erase operation has been performed where as Residual Data is data that is unintentionally left behind on computer media.

developers use to restrict users' access to a limited subset of database attributes or records is what?

Database views use SQL statements to limit the amount of information that users can view from a table.

What technique would raise the False Acceptance Rate (FAR) and Lower the False Reject Rate (FRR) in a fingerprint scanning system?

Decrease the amount of minutiae that is verified

In the ________________ stage of the CMM, all development projects take place within the constraints of a standardized management model.

Defined stage

What is the Internet glossary RFC 2828?

Defines an attribute certificate as a digital certificate that binds a set of descriptive data items other than a public key either directly to a subject name or the identifier of another certificate that is a public key certificate.

Explain why the separation of duties and responsibilities is a common security practice?

Definition -------------------------------------------------------------------------------- It prevents any single subject from being able to circumvent or disable security mechanisms

What is Degaussing?

Degaussing is the process of decreasing or eliminating a remnant magnetic field. It is named after the gauss, a unit of magnetism, which in turn was named after Carl Friedrich Gauss. The magnetic field of a degausser, the magnetic data on a tape or hard disk is neutralized, or erased.

network based IDS can detect many attacks and are the first to dectect unlike a Host based IDS would be what kind of attack?

Denial of Service Attack or a DoS

What are the most common threats against communication systems?

Denial of service, eavesdropping, impersonation, replay, and modification

Code of Ethics Canons Protect society, the commonwealth, and the infrastructure Act honorably, honestly, justly, responsibly, and legally Provide diligent and competent service to principals Advance and protect the profession

Developing a BCP/DRP Develop Contingency Planning Policy Statement Conduct the Business Impact Assessment (BIA) Identify Preventative Controls Develop Recovery Strategies Develop an IT Contingency Plan Plan Testing, Training and exercises Plan Maintenance

In NIST SP 800-18 outlines the following responsibilities for the system owner?

Develops a system security plan in coordination with information owners, the system administrator, and functional end users. Maintains the system security plan and ensures that the system is deployed and operated according to the agreed-upon security requirements

RADIUS = Uses UDP 1812 and 1813. AAA system. RADIUS request and response data is carried in 8-bit Attritbute Value Pairs TACACS - centralized access control system that uses UDP port 49 and may use TCP PAP and CHAP = PAP is plaintext, CHAP is better

Diameter = RADIUS' successor with more accountability and a 32-bit AVP field.

Which of the following algorithm enables two systems to generate a symmetric key securely without requiring a previous relationship or prior arrangements?

Diffie-Hellman The Diffie-Hellman key agreement protocol also called exponential key agreement)was developed by Diffie and Hellman in 1976 and published in the ground-breaking paper "New Directions in Cryptography." The protocol allows two users to exchange a secret key over an insecure medium without any prior secrets.

what prohibits the circumvention of copy protection mechanisms placed in digital media and limits the liability of Internet service providers for the activities of their users?

Digital Millennium Copyright Act of 1998

The uses of digital rights management is what ?

Digital rights management (DRM) solutions allow content owners to enforce restrictions on the use of their content by others. DRM solutions commonly protect entertainment content, such as music, movies, and e-books

The main purpose for the use of digital signatures is to assure

Digital signatures provide integrity because the digital signature of a signed message (file, mail, document, etc.) changes every time a single bit of the document changes; thus, a signed document cannot be altered.

What is a spamming attack

Directing floods of messages to a victim's email inbox or other messaging system. Such attacks cause DoS issues by filling up storage space and preventing legitimate messages from being delivered

Who should direct short-term recovery actions immediately following a disaster?

Disaster Recovery Manager. The Disaster Recovery Manager should also be a member of the team who assists the development of the Disaster Recovery Plan. Senior-level management supports the process but not be involved with the initial process.

_____give the subject (user) some ability to define the objects to access. This access control mechanism ensures that the owner or creator of an object controls and defines the access other subjects have to that object

Discretionary controls

What is Microsoft technology for communication among software components distributed across networked computers?

Distributed Component Object Model DCOM is a proprietary Microsoft technology for communication among software components distributed across networked computers.

What are the Divisions of the TCSEC?

Divisions and classes D — Minimal protection C — Discretionary protection B — Mandatory protection A — Verified protection

What differs from traditional multi-site datacenter architecture based primarily on the concept that it is possible to shift active-running workload from one site to another with no interruption in services. While providing the ability to shift active running workload from one site to another?

Dual-Core Datacenter

What is the notion of preserving and protecting assets and interests for a given organization as exercised through a formalized security structure comprising baselines, guidelines, policies, procedures, and rules?

Due care

Remember this :A brouter is a device that attempts to route first, but if that fails, it defaults to bridging.

Due care is the notion of preserving and protecting assets and interests for a given organization as exercised through a formalized security structure comprising baselines, guidelines, policies, procedures, and rules.

Protection mechanisms are continually maintained and operational where risks are constantly being evaluated and reviewed ia an example of what?

Due diligence

Certain types of attacks have been made more potent by which of the following advances to microprocessor technology?

Due to the increase of computer processing power, brute-force and cracking attacks against security mechanisms are possible. These instructions can be used to attempt to crack passwords or encryption keys or instructions to send nefarious packets to victim systems.

When do you define business priorities?

During the first step of the Business Impact Analysis.

What is the the process used to develop a continuity strategy?

During the strategy development phase, the BCP team determines which risks will be mitigated

Describe the process used to develop a continuity strategy

During the strategy development phase, the BCP team determines which risks will be mitigated. The provisions and processes phase procedures that will mitigate the risks are designed. The plan must then be approved by senior management and implemented.

What is a large group of internal clients to share a single or small group of ROUTABLE IP addresses for the purpose of hiding their identities when communicating with external hosts or expanding the internal network address?

Dynamic translation

What are the Target of Evaluation levels TOE

EAL 1 : functionally tested EAL 2 : structurally tested EAL 3 : methodically tested and checked EAL 4 : methodically designed, tested and reviewed EAL 5 : semiformally designed and tested EAL 6 : semiformally verified design and tested EAL 7 : formally verified design and tested.

What is structurally tested

EAL 2

What is methodically tested and checked

EAL 3

Common Criteria has assurance level from EAL 1 to EAL 7 regarding the depth of design and testing. Which of the following assure the Target of Evaluation or is methodically designed, tested and reviewed?

EAL 4

What is methodically designed, tested and reviewed?

EAL 4

What is semiformally designed and tested?

EAL 5

What is semiformally verified design and tested

EAL 6

What is formally verified design and tested.

EAL 7

The Data Encryption Standard operates in four modes: Electronic Codebook mode, Cipher Block Chaining mode, Cipher Feedback mode, and Output Feedback mode.

ECB mode is considered the least secure and is used only for short messages. 3DES uses three iterations of DES with two or three different keys to increase the effective key strength to 112 or 168 bits, respectively

ECC key size is what?

ECC requires shorter keys for equivalent security. Some argue that ECC key length pf 160 bits is the same as an RSA key length of 1024 bits.

What provides penalties for individuals found guilty of the theft of trade secrets. Harsher penalties apply when the individual knows that the information will benefit a foreign government

Economic Espionage Act

What is an extension of the Diffie-Hellman key exchange algorithm that depends on modular arithmetic?

El Gamal

What is used for transmitting digital signatures and key space exchanges, and it has logarithmic functions?

El Gamal

What is an Elliptic curve Diffie-Hellman (ECDH)?

Elliptic curve Diffie-Hellman (ECDH) is an anonymous key agreement protocol that allows two parties, each having an elliptic curve public-private key pair, to establish a shared secret over an insecure channel.[1][2

What is the most serious threat of email

Email is a common delivery mechanism for viruses, worms, Trojan horses, documents with destructive macros, and other malicious code.

What provides confidentiality in IPSEc?

Encapsulating Security Payload ESP

What uses simple encryption to encipher their computer code. Each virus is encrypted with a different key so that even with a key to one virus, another instance of the same virus cannot be scanned.

Encrypted Viruses

What is a firewall feature that allows users on an external network to authenticate themselves to prove that they are authorized to access resources on the internal network

Encrypted authentication

Of the following, what can mitigate the success of a sniffing attack?

Encrypted passwords (and one-time passwords) can reduce the success of a sniffing attack. Rainbow tables are used by attackers to crack hashed passwords. Salting passwords helps reduce the success rate of rainbow attacks.

Information stays encrypted from one end of its journey to another is what type of encryption?

End to End encryption

responsible for protecting information assets on a daily basis through adherence to the security policies that have been communicated is?

End user

What are the issues related to user acceptance of biometric enrollment and throughput rate?

Enrollment times longer than 2 minutes are unacceptable; subjects will typically accept a throughput rate of about 6 seconds or faster

What is an attack phase of a penetration test?

Escalate Privileges

What is a general term is described as the process of independently assessing a system against a standard of comparison?

Evaluation

Which can best describe a Concealment cipher

Every X number of words within a text, is a part of the real message, A concealment cipher is a message within a message

What are some examples of Non-volatile memory?

Examples of non-volatile memory include read-only memory, flash memory, ferroelectric RAM (F-RAM), most types of magnetic computer storage devices (e.g. hard disk drives, floppy disks, and magnetic tape), optical discs, and early computer storage methods such as paper tape and punched cards.

With relevance to volatile information gathering from a router, which of these is considered Direct access? SNMP scan Executing show commands Port scan All of the above

Executing the 'show' commands on the Router, comes under 'Direct Access'

maintains the overall responsibility for protection of the information assets. The business operations are dependent upon information being available, accurate, and protected from individuals without a need to know.

Executive Management/Senior Management -

Which of the following relational database terms would include a central repository of metadata and data relationships? File Database Database management system Data dictionary

Explanation: The correct answer is data dictionary. The data dictionary is a central repository of metadata and data relationships.

Which of the following would be your first step as an investigator during an Email crime investigation? Classify violation Collect Evidence Analyze the header Copy the email

Explanation: The first step is always to classify the violation done during the crime

An Exploitation occurs when?

Exploitation occurs when the attacker sends "guesses" to password information or other login credentials to gain access to a system. Brute force attacks are an example of exploitation. SQL injection is another form.

What is extensible markup language?

Extensible market language goes beyond describing how to display the date up by actually describe the data. I can include tags to describe the data anything desired

Synchronous Dynamic Tokens - refresh every 60 seconds. Use time or counters to synchronize a code with the AS Asynchronous Tokens - not synchronized with central server. Challenge-response. Throughput - biometric system response time

False Reject Rate (FRR): Type 1 Error False Accept Rate (FAR): Type 2 Error Crossover Error Rate (CER): Where the two rates meet

A _____ is any abnormal situation in an electrical system when electrical current does not flow through the intended parts.

Fault

What are multiple organizations that join a group where they agree on a method to share identities between them?

Federated identity management.

What is the most difficult network segment to eavesdrop because the act of doing so is always detectable?

Fiber

The following are typical biometric characteristics that are used to uniquely authenticate an individual's identity:

Fingerprints - Retina scans - Iris scans - Facial scans - Palm scans - Hand geometry - Voice - Handwritten signature dynamics

what are the requirements for successful use of a one-time pad?

For a one-time pad to be successful, the key must be generated randomly without any known pattern. The key must be at least as long as the message to be encrypted. The pads must be protected from physical disclosure, and each pad must be used one one time and then discarded

Which of the following algorithms is used today for encryption in PGP

For encrypting messages, it actually uses AES with up to 256-bit keys, CAST, TripleDES, IDEA and Twofish. RSA is also used in PGP, but only for symmetric key exchange and for digital signatures, but not for encryption

Give an example of an ARO?

For example, a business in Southern California is much more likely to face the risk of an earthquake than to face the risk posed by a volcanic eruption. A business based in Hawaii might have the exact opposite likelihood that each risk would occur.

remember this-database view is the results of Join, Project, and Select.

For the purpose of the exam you must remember the following terms from relational algebra and their SQL equivalent: Tuple = Row, Entry Attribute = Column Relation or Based relation = Table

What is used to enforce relationships between two tables, also known as referential integrity . Referential integrity ensures that if one table contains a_________ key, it corresponds to a still-existing primary key in the other table in the relationship

Foreign Key

How are PVC, SVC, DTE, and DCE used in a Frame Relay network

Frame Relay requires the use of a DTE and a DCE at each connection point. PVC is always available; SVC is established using the best paths currently available

What are types of Cryptographic Attacks?

Frequency Analysis, Brute Force Attacks, Rainbow Tables

What wireless communication technique employs a form of serial communications

Frequency Hopping Spread Spectrum FHSS an early implementation of the spread spectrum concept. However, instead of sending data in a parallel fashion, it transmits data in a series while constantly changing the frequency in use.

Iris scan, fingerprint, voice verification, keystroke dynamics.

From most effective lowest Cross Over Error Rate to The Least Effective highest Cross Over Error Rate

Which backup has the worst recovery point objective?

Full Back up

Remember IP Sec can only tunnel through IP networks that provide integrity and authentication

Furthermore, IP Sec does not provide any digital certificates that are used in a PKI environment that are tied to the identify of individual systems in a providing IP Sec functionality

remember this: With the advent of public key cryptography (PKI), it is now possible to communicate securely with untrusted parties over the Internet without prior arrangement.

Furthermost in PKI, One of the necessities arising from such communication is the ability to accurately verify someone's identity (i.e. whether the person you are communicating with is indeed the person who he/she claims to be)

Crackers today are MOST often motivated by their desire to what?

Gaining Money or Financial Gains.

What are the fundamental requirements of a hash function?

Good hash functions have five requirements. They must allow input of any length, provide fixed-length output, make it relatively easy to compute the hash function for any input, provide one-way functionality, and be collision free.

What is a strategy hackers use to to gather intelligence about vulnerable systems that they may later attempt to compromise?

Hackers often use scanning attacks to gather intelligence about vulnerable systems that they may later attempt to compromise.

Halon is a compound consisting of bromine, fluorine, and carbon why were these terminated?

Halons are used as fire extinguishing agents, both in built-in systems and in handheld portable fire extinguishers. Halon production in the U.S. ended on December 31, 1993, because they contribute to ozone depletion. Bromine being part of Halon is not a safe replacement for Halon

What are the CDs and DVDs Storage protection recommendations?

Handle by edges or by hole in the middle Be careful not to bend the CD or DVD Avoid long term exposure to bright light Store in a hard jewel case, not is soft sleeves

What is FIPS-140?

Hardware and software cryptographic modules-The 140 series of Federal Information Processing Standards (FIPS) are U.S. government computer security standards that specify requirements for cryptography modules. the current version of the standard is FIPS 140-2, issued on 25 May 2001.

WHat is used to monitor the installation of, and updates to, hardware and software to ensure that the system functions as expected and that a historical record of changes is maintained?

Hardware and software maintenance access controls

what monitor the installation of, and updates to, hardware and softwares as expected and that a historical record of changes is maintained. Integrity verification programs are more integrity controls than software maintenance controls?

Hardware and software maintenance access controls

To implement encryption into his systems in such a way that it goes as fast as possible. This is to ensure that users do not have to wait too long. For such speedy encryption, his best option is to use

Hardware based encryption is the fastest encryption

which model map subjects objects in Access rights to access matrix?

Harrison Ruzzo Ullman model

How does privacy fits into the realm of IT security?

Health Insurance Portability and Accountability Act (HIPAA), the Sarbanes-Oxley Act of 2002 (SOX), and the Gramm-Leach-Bliley Act—as well as the EU's Directive 95/46/EC aka the Data Protection Directive and the contractual requirement Payment Card Industry Data Security Standard PCI DSS

What is a data storage technique, which automatically moves data between high-cost and low-cost storage media. and exist because high-speed storage devices, such as hard disk drive arrays, are more expensive per byte stored than slower devices, such as optical discs and magnetic tape

Hierarchical storage management (HSM)?

Remember this ISDN is a circuit-switched network technology.

Host-based Intrusion Detection Systems are deployed at the host level, and have a very limited view of the network, which is their biggest drawback

What access control method that combines central and decentralize approaches individual users may be able to dictate who can access the shared and local files but the IT administration would control access to file servers network printers and network devices?

Hybrid administration

What kind of Encryption technology does SSL utilize

Hybrid both symmetric and asymmetric SSL use public-key cryptography to secure session key, while the session key (secret key) is used to secure the whole session taking place between both parties communicating with each other.

____________combines both hierarchical and compartmentalized environments so that security levels have subcompartments.

Hybrid environments

The request control process provides an organized framework within which users can request modifications, managers can conduct cost/benefit analysis, and developers can prioritize tasks.

Hybrid environments combine both hierarchical and compartmentalized environments so that security levels have subcompartments

What Allows multiple virtual operating systems run on one host? is the software component that manages the virtual components?

Hypervisor

What is the IP header contains a protocol field for ICMP?

ICMP=1

Which encryption algorithm is used in PGP?

IDEA-- a symmetric encryption algorithm used in PGP software and it is a 64-bit block cipher which uses a 128-bit key.

Abnormal or unauthorized activities detectable to an IDS include which of the following?

IDSs watch for violations of confidentiality, integrity, and availability. Attacks recognized by IDSs can come from external connections viruses, malicious code, trusted internal subjects attempting to perform unauthorized activities, and unauthorized access attempts from trusted locations.

What is the IP header contains a protocol field for IGMP?

IGMP=2

Which protocol is commonly used for corporate e-mail accounts?

IMAP

What provides confidentiality and integrity to information transferred over IP networks through network not transport layer encryption and authentication.

IP Sec

_______is often combined with Layer 2 Tunneling Protocol (L2TP) for VPNs.

IP Sec

What is a data-oriented protocol used for communicating data across a packet-switched internetwork?

IP provides an unreliable service i.e., best effort delivery. This means that the network makes no guarantees about the packet.

What are two disadvantages of an IPS?

IPS creates bottle necks & can generate false positives

What are the characteristics of IPSec Tunnel Mode?

IPSEC work at the Network layer of the OSI model. Tunnel mode is most commonly used between gateways, or at an end-station to a gateway, the gateway acting as a proxy for the hosts behind it. Transport mode is used between end-stations or between an end-station and a gateway,if the gateway is being treated as a host.

Name at least 10 network and protocol security mechanisms

IPSec, SKIP, SWIPE, SSL, S/MIME, SET, PEM, PGP, PPP, SLIP, PPTP, L2TP, CHAP, PAP, RADIUS, TACACS, S-RPC

What protocol suite runs at the networking layer that provides confidentiality, integrity protection, data origin authentication and replay protection of each message by encrypting and signing every message

IPsec

What address configuration does not require NAT to extend its address space?

IPv6 has an increased address space in comparison to IPv4, hence does not require NAT

Primary victims of the Smurf attacks are the _ servers.

IRC servers

What are converged protocols?

ISCSI, VoIP, and FCoE are converged protocols.

is a standard for software life cycle processes. It establishes a process for the life cycle of software. It does not specifically cover security but it references other security standards.

ISO 1227

what defines guidelines to support the interpretation and implementation in health informatics of ISO/IEC 27002 and is a companion to that standard

ISO 27799

What is the standard for the establishment, implementation, control, improvement of the information security management system?

ISO/IEC 27001

COBIT Control Objectives for Information and Related Technology: control framework to manage IT risk and governance

ITIL (Information Technology Infrastructure Library) - Framework for providing IT service management Service strategy Service design Service transition Service operation Continual service improvement

______________is the process by which a subject professes an identity and accountability is initiated

Identification

What are the keystones of most access control systems?

Identification and authentication are the keystones of most access control systems

Each participant in an asymmetric cryptosystem is issued two keys: a public key and a private key.

Identification of priorities is the first step of the business impact assessment process.

Name the four key principles upon which access control relies?

Identification, authentication, authorization, accountability

What is federated identity management?

Identity management is a management of user identities in their credentials. Multiple organizations can join a federation a group where they agree on a method to share identities between them.

Which one of these indicates a spoofed email during investigation? Return Path server and Received From server are the same Return Path server and Received From server are different

If received from and return path servers differ, it is an Indication of a spoofed email

What does the CPU does not need to actually retrieve any data from memory. The data is contained in the instruction itself?

Immediate addressing

What types of threats does cryptography, like digital signatures, help fight against?

Impersonation, Eavesdropping, and Tampering

The change control process of configuration or change management has several goals or requirements: they are:

Implement changes in a monitored and orderly manner. Changes are always controlled. A formalized testing process is included to verify that a change produces expected results. All changes can be reversed also known as backout or rollback plans/procedures.

Security is likely to be most expensive when addressed in which phase?

Implementation

What are the goals of change management

Implementation of changes in an orderly manner, formalized testing, ability to reverse changes, ability to inform users of changes, systematical analysis of changes, minimization of negative impact of changes

What DES mode uses the exclusive OR function to combine each block of unencrypted text with the immediately preceding cipher-text block?

In Cipher Block Chaining (CBC) mode, each block of unencrypted text is XORed with the block of cipher text immediately preceding it before it is encrypted using the DES algorithm.

The CPU uses absolute addresses. Applications use logical addresses. Relative addresses are based on a known address and an offset value.

In IPSec, Security Associations is a concept of building security functions into IP - Internet Protocol. A security association is a bundle of algorithms and parameters like keys which is used to encrypt and authenticate a particular flow of data.

The common applications of cryptography to secure networking is

In IPsec transport mode packet contents are encrypted for peer-to-peer communication. In tunnel mode, the entire packet, including header information, is encrypted for gateway-to-gateway communications.

What is a hijack attack?

In a hijack attack, which is an offshoot of a man-in-the-middle attack, a malicious user is positioned between a client and server and then interrupts the session and takes it over.

What type of attack can be used against cryptographic algorithms that do not incorporate temporal protections? A. Chosen plain-text attack B. Meet-in-the-middle attack C. Man-in-the-middle attack D. Replay attack

In a replay attack, the malicious individual intercepts an encrypted message between two parties (often a request for authentication) and then later replays the captured message to open a new session.

to make a request to the server, is the IP of the host who originally made the request would be logged in the server?

In case of a proxy request, the IP of the proxy would be logged, but not of the end user who actually made the request

What is point to point protocol?

In computer networking, Point-to-Point Protocol is a data link protocol used to establish a direct connection between two nodes. It can provide connection authentication, transmission encryption using ECP, RFC 1968 and compression.

__________ is a collection of ports from a set of connected Fibre Channel switches over a network, be partitioned into multiple sharing hardware resources.

In computer networking, a virtual storage area network (VSAN) is a collection of ports from a set of connected Fibre Channel switches, that form a virtual fabric. Ports within a single switch can be partitioned into multiple VSANs, despite sharing hardware resources.

What is polyinstantiation?

In databases, polyinstantiation is database-related SQL structured query language terminology. It allows a relation to contain multiple rows with the same primary key; the multiple instances are distinguished by their security levels. It occurs because of mandatory policy.

which of these is true about 'Persistent attacks' None of the above Hard to detect Cannot cause severe damage Attacker constantly injects a substantial amount of 'bad' packets into the router

In persistent attacks, an attacker 'constantly' injects bad packets into the router

remember this: A stealth virus is a hidden computer virus that attacks operating system processes and averts typical anti-virus or anti-malware scans. Stealth viruses hide in files, partitions and boot sectors and are adept at deliberately avoiding detection.

In software development, static testing is a form of software testing where the actual program or application is not used. Instead this testing method requires programmers to manually read their own code to find any errors.

What type of attack does a malicious individual sits between two communicating parties and intercepts all communications including the setup of the cryptographic session?

In the man-in-the-middle attack

In which business continuity planning task would you actually design procedures and mechanisms to mitigate risks deemed unacceptable by the BCP team?

In the provisions and processes phase, the BCP team actually designs the procedures and mechanisms to mitigate risks that were deemed unacceptable during the strategy development phase.

When the TTL of a packet reaches zero, it sends back a TTL ___ message to the originator. depleted exhausted limit exceeded

In this case a TTL exceeded message is sent back to the originator

What are the two modes available through IPSec, and what do they do

In transport mode, the IP packet data is encrypted, but the header is not. In tunnel mode, the entire IP packet is encrypted, and a new header is added to govern transmission through the tunnel

What is a complexed password consist of?

Increasing the size of the password increasing the size of a password exponentially increases the workload and therefore the time a brute-force attack must use to succeed.

To run at regular intervals would take the MOST time to complete restoration?

Incremental backups only backup changed data changes archive bit to not backup again if not changed.

What attacks involve combining several pieces of nonsensitive information to gain access to information that should be classified at a higher level it--makes use of the human mind's deductive capacity rather than the raw mathematical ability of modern database platforms.

Inference

Inference

Inference attacks involve combining several pieces of nonsensitive information to gain access to information that should be classified at a higher level. However, inference makes use of the human mind's deductive capacity rather than the raw mathematical ability of modern database platforms.

What is access?

Information flow from objects to subjects

Capability Maturity Model

Initial/Performed, Repeatable, Defined, Quantitatively managed, optimized

NIST SP 800-37: four-step certification and accreditation process:

Initiation Phase Security Certification Phase Security Accreditation Phase Continuous Monitoring Phase

What is Cascading?

Input for one system comes from the output of another system. Feedback: One system provides input to another system, which reciprocates by reversing those roles One system sends input to another system but also sends input to external entities.

Electromagnetic Interference (EMI) issues such as crosstalk primarily impact which aspect of security?

Integrity

What is a standby site ready with all the technology and equipment necessary to run the applications positioned there to effectively restart an application without having to perform any bare metal recovery of servers while running non-time sensitive processes?

Internal Hot Sites

___________ is the protocol used to set up a security association (SA) in the IPsec protocol suite?

Internet Key Exchange (IKE or IKEv2)

Which translates source code one command at a time for execution on a computer?

Interpreters translate one command at a time during execution, as opposed to compilers and assemblers where source code for the whole application is transformed to executable code before being executed

What are patterns of analysis and recognition?

Intrusion Detection

From most effective lowest Cross Over Error rate to least effective highest Cross Over Error rate are:

Iris scan, fingerprint, voice verification, keystroke dynamics.

What is service provisioning market language?

Is a newer framework based on XML but specifically designed for exchanging user information for federal identity single sign-on purposes.

What is a Trusted Distribution?

Is based on Life Cycle Assurance Requirements -steps are: Security Testing, Design Specification, Configuration Management, Trusted System Distribution.

What is a virtual password

Is the length and format that is required by specific system to log into or a software application.

IT governance is defined as the processes that ensure the effective and efficient use of IT in enabling an organization to achieve its goals. IT demand governance --what IT should work on is the process by which organizations ensure the effective evaluation, selection, prioritization, and funding of competing IT investments;

It Governance oversee their implementation; and extract (measurable) business benefits. It is a business investment decision-making and oversight process, and it is a business management responsibility. IT supply-side governance is concerned with ensuring that the IT organization operates in an effective, efficient and compliant fashion.

What is Polyinstatiation?

It allows the insertion of multiple records that appear to have the same primary key values into the database at different classification levels.

How would you describe IPsec?

It can be used to establish direct communication between computers or to set up a VPN between networks. IPsec uses two protocols: Authentication Header (AH) and Encapsulating Security Payload (ESP).

What are the pros and cons of a network-based IDS

It can monitor a large network and can be hardened against attack. It may be unable to handle large data flows, requires a central view of traffic, and can't pinpoint compromised resources

What are the pros and cons of a host-based IDS?

It can pinpoint resources compromised by a malicious user. It can't detect network-only attacks or attacks on other systems, has difficulty detecting DoS attacks, and can be detected by intruders

What is a major disadvantage of the El Gamal Crypto System?

It doubles the length of any message it encrypts. Therefore a 2048 bit plain text message would yield a 4096 bit ciphertext message when El Gamal is used for encryption

What is A packet-filtering firewall?

It examines all of the fields in the headers in the packet. For example, it might look at the source IP address field in the IP header, or it might look at the destination port number field in a TCP header to decide whether or not traffic should be allowed to go through.

What is transparency?

It is a characteristic or service that is unseen by users

What is a Trojan?

It is a code that appears to have some useful purpose but also contains code that has a malicious or harmful purpose imbedded in it

What is Hybrid administration?

It is access control method that combines central and decentralize approaches individual users may be able to dictate who can access the shared and local files but the IT administration would control access to file servers network printers and network devices

What is transverse mode noise?

It is generated by the difference in power between the hot and neutral wires power source or operate electrical equipment.

Remediation attempts to identify the cause of the incident and steps that can be taken to prevent a reoccurrence, but this is the last step, not the first.

It is important to protect evidence while trying to contain an incident, but gathering the evidence will occur after containment.

What is security assertion market language?

It is in XML-based language that is commonly used to exchange authentication and authorization information between Federated organizations it is often used to provide SSL capabilities for browser access.

What is a throughput rate when it comes to biometrics?

It is the amount of time the system requires to scan a subject and approve or deny access. The more complex the longer the process. Typical throughput rate is 6 seconds.

What is ISO/IEC 27001?

It is the standard for the establishment, implementation, control, improvement of the information security management system.

What is False Accept or Type II Error?

It is when an invalid user is permitted access.

What is A stateful or dynamic inspection firewall?

It keeps track of the state of a network connection, like a TCP connection. This way, it can distinguish already established authentic connections and allow further transmissions.

What is a A proxy firewall?

It looks at higher layers in terms of the OSI model, so it can read application specific information to decide whether or not the traffic should be allowed through. A packet-filtering firewall cannot look at any data in the packet that is application specific

What is a IDEA cipher algorithm ?

It operates on 64-bit plaintext blocks and uses a 128 bit key.

What is NIST 800-34?

It provides Contingency Planning Guide for Federal Information Systems, provides instructions, recommendations, and considerations for federal information system contingency planning

DREAD risk assessment model

It provides a mnemonic for risk rating security threats using five categories. The categories are: Damage Reproducibility Exploitability Affected users Discoverability

What does hybrid cryptography provide?

It provides message encryption, which the symmetric key or secret key provides. while the asymmetric key is used to encrypt the symmetric key.

Containment should be the first step when an incident has been detected and verified to limit the effect or scope of an incident.

It should be reported based on an organization's policies and governing laws, but this is not the first step.

What is TEMPEST?

It was developed in the 1950s by the US government to address electromagnetic radiation being emitted from electrical equipment data that can be captured via electrical signals in reconstructed which threatens the confidentiality of sensitive data

What is a soft control?

It's another name for Administrative control.

What is remote mirroring ?

It's usually between storage arrays or storage appliances, and can be synchronous or asynchronous. Synchronous remote mirroring is the highest possible level for DR recovery point objective RPO and recovery time objective RTO. The RPO is "zero" lost data, and the RTO is typically seconds to minutes.

The technical aspects of software development vary according to the software development model used. What's the Build and Fix model?

It's when development is conducted without much prior planning.

What is an authentication service that uses a single-factor or multi-factor authentication methods?

Kerberos

what depends on secret keys symmetric ciphers. which is a third party authentication protocol an open source and relies on the user's secret keys. The password is used to encrypt and decrypt the keys.

Kerberos

Kerberos depends on what ?

Kerberos depends on secret keys (symmetric ciphers). Kerberos is a third party authentication protocol. It is considered open source but is copyrighted and owned by MIT. It relies on the user's secret keys. The password is used to encrypt and decrypt the keys.

Dynamic Packet Filtering Firewalls - Fourth Generation n Allows modification of security rules n Mostly used for UDP n Remembers all of the UDP packets that have crossed the network's perimeter, and it decides whether to enable packets to pass through the firewall.

Kernel Proxy - Fifth Generation n Runs in NT Kernel n Uses dynamic and custom TCP/IP-based stacks to inspect the network packets and to enforce security policies.

What is referred to as system mode, is one of the two distinct modes of operation of the CPU (central processing unit) in Linux?

Kernel mode

What can be defined as an instance of two different keys generating the same ciphertext from the same plaintext

Key clustering

What individuals would not normally be included in your organization's incident response team?

Law enforcement officials would not usually serve on your internal incident response team. Rather, you would typically appoint an individual to serve as a liaison with law enforcement.

Ethernet sniffers operate at what layer of the OSI Model?

Layer 2 - Data Link Layer.

IP SEC is often combined with ____________for VPN?

Layer 2 Tunneling Protocol L2TP

What firewall technology is most thorough?

Layer 7 Application Layer because it can block websites

There are some layers in ring model scheme that is not normally implemented into use? What are they?

Layers 1 and 2 contain device drivers but are not normally implemented in practice. Layer 0 always contains the security kernel. Layer 3 contains user applications. Layer 4 does not exist.

What level of assurance for a digital certificate verifies a user's name, address, social security number, and other information against a credit bureau database

Level 2/Class 2

What is the The Skipjack algorithm and its size?

Like many block ciphers, Skipjack operates on 64-bit blocks of text. It uses an 80-bit key and supports the same ,Cryptography and Symmetric Key Algorithms four modes of operation supported by DES

what attack is simply a series of packets sent to the target where the source and destination IP Addresses are the same as the victim

Local Area Network Denial LAND Attack

What is a LAND Attack?

Local Area Network Denial attack is simply a series of packets sent to the target where the source and destination IP Addresses are the same as the victim.

What are measure of impact are calculated during the impact assessment phase?

Loss expectancies

What uses scripting languages such as Visual Basic for Applications?

Macro viruses

What are some countermeasures to eavesdropping

Maintaining physical access security, using encryption, employing one-time authentication methods

In which CMM level is a detailed measure of the software process where a product quality is collected, analyzed, and then used to control the process?

Managed

The object classification and category, sensitivity labels attached to object is what type of access control?

Mandatory Access Control

What is multilevel security refered to as at times?

Mandatory access control

____________ occurs when a person presents him- or herself as another user, typically to gain access to unauthorized information or processes.

Masquerading

What type of virus infects the system's boot sector and load when the system is started.

Master boot record MBR virus

COBIT 5 framework, benefit all enterprises, regardless of size, geography or industry. The following five principles are key:

Meeting Stakeholder Needs, Covering the Enterprise End to End, Applying a Single Integrated Framework, Enabling a Holistic Approach, Separating Governance From Management

What provides redundant connections to systems, allowing multiple segment failures without seriously affecting connectivity.

Mesh topologies

What is a mode of data transmission in which a message is sent as a complete unit and routed via a number of intermediate nodes at which it is stored and then forwarded.

Message Switching

What are the two common data classification schemes?

Military and private sector

__________device that translates data from digital form and then back to digital for communication over analog lines.

Modem

Which of the following is NOT a technical control? Intrusion Detection Systems Identification and authentication methods Password and resource management Monitoring for physical intrusion

Monitoring for physical intrusion --It is considered to be a 'Physical Control' The 3 categories of access control: administrative, technical, and physical. A

Why is monitoring an important part of a security policy?

Monitoring is used to watch for security policy violations and to detect unauthorized or abnormal activities

What is MOM?

Motivations, Opportunities, and Means (MOM). Motivations are the who and why of a crime. Opportunities are the where and when of a crime, and Means pertains to the capabilities a criminal would need to be successful.

What is a rudimentary form of parallel processing in which several programs are run at the same time on a uniprocessor?

Multi programming

_________ is a one-to-many transmission method in which the network carries a message to multiple receivers at the same time.

Multicast

The operating system design concept of protection rings was derived from what early operating system?

Multics has left two enduring legacies in the computing world. First, it inspired the creation of a simpler, less-intricate operating system called Unix (a play on the word multics), and second, it introduced the idea of protection rings to operating system design.

When is it there is no requirement that all users have appropriate clearances to access information processed on a system?

Multilevel security mode system

Using a CPU in Parallel is called what?

Multiprocessing

What is a concept of performing concurrent tasks over a certain period of time by executing them concurrently

Multitasking

is the ability of a program or an operating system process to manage its use by more than one user at a time and to even manage multiple requests by the same user without having to have multiple copies of the programming running in the computer

Multithreading

_________popular in disaster recovery literature but difficult to implement. They are agreements between two parties to mutually assist one another in the event of disaster.

Mutual assistance agreements

Hybrid environments combine both hierarchical and compartmentalized environments so that security levels have subcompartments.

NAT does not allow initiations from external entities. Therefore, allowing external initiations is not a benefit. The benefit is that NAT does not allow them.

NIST has published continuity planning best practices in

NIST 800-34

This publication provides guidelines for applying the Risk Management framework to federal information systems?

NIST 800-37

When modifying the list of security controls within a baseline so that they align with the mission of the organization or customizing a standard for your organization, what source should you use?

NIST 800-53

what uses the following control categories: technical. management, and operational

NIST 800-53

What outlines the following responsibilities for the information owner, which can be interpreted the same as the data owner?

NIST SP 800-18

What outlines the following responsibilities for the system owner:

NIST SP 800-18

What outlines/regulation discusses following responsibilities for the information owner, which can be interpreted the same as the data owner?

NIST SP 800-18

What regulation frequently uses the phrase "rules of behavior," which is effectively the same as an acceptable usage policy (AUP)?

NIST SP 800-18

What regulation outlines the responsibilities and expected behavior of individuals and state the consequences of not complying with the rules or AUP? Called the "Rules of Behavior"

NIST SP 800-18

BCP/DRP Considerations -Regulations

NIST SP 800-34, ISO/IEC 27031

What is the Initiation Phase Security Certification Phase Security Accreditation Phase Continuous Monitoring Phase

NIST SP 800-37: four-step certification and accreditation process:

Security baselines provide a set of security controls that an organization can implement as a secure starting point under what publication?

NIST SP 800-53

What regulation discusses security control baselines as a list of security controls. It stresses that a single set of security controls does not apply to all situations, but any organization can select a set of baseline security controls and tailor it to its needs?

NIST SP 800-53

______block cipher had been chosen as the replacement for DES?

NIST released FIPS 197, which mandated the use of AES/Rijndael for the encryption of all sensitive but unclassified data by the US government.

Personally identifiable information (PII) is any information that can identify an individual. What policy is it under?

National Institute of Standards and Technology (NIST) Special Publication SP 800-122

What is National Institute of Standards and Technology (NIST) Special Publication for PII?

National Institute of Standards and Technology NIST Special Publication SP 800-122

This is a network vulnerability scanning tool that searches systems for known vulnerabilities

Nessus

A central authority determines what subjects can have access to certain objects based on the organizational security policy is called?

Non-Discretionary Access Control --A central authority determines what subjects can have access to certain objects based on the organizational security policy. The key focal point of this question is the 'central authority' that determines access rights

Read-only memory, flash memory, ferroelectric RAM F-RAM, most types of magnetic computer storage devices e.g. hard disk drives, floppy disks, and magnetic tape, optical discs, and early computer storage methods such as paper tape and punched cards are what type of memory?

Non-volatile memory

What is Non-volatile memory?

Non-volatile memory, nonvolatile memory, NVM or non-volatile storage is computer memory that can retrieve stored information even after having been turned off and back on.

What offers the least assurance of communication because they require a link to be established before communication can take place?

Nondedicated leased lines

What enables the enforcement of systemwide restrictions that override object-specific access control?

Nondiscretionary access control

What operates on a set of defined rules or restrictions that filter actions and activities performed on the system?

Nondiscretionary access control enables the enforcement of systemwide restrictions that override object-specific access control.

What are some important aspects to consider when designing email security

Nonrepudiation, access control, message integrity, source authentication, verified delivery, acceptable use policies, privacy, management, and backup and retention policies

Which form of memory is used for long-term retention?

Nonvolatile secondary memory is used for long-term storage. Examples of this memory type include hard drives, optical discs, and magnetic tape.

What protects against dictionary attacks as they often force users to write down the password which creates a new vulnerability having an office full of sticky notes with scribbled passwords is an attractive atmosphere for a potential hacker?

Not using password generators

using the CiS metric, which would fall under application security?

Number of Applications Using the standardized metrics chart represents the Application Security metric is Number of Applications-the compilation and review of the size, scope, and quantity of application is the concept

_________provides the response procedures for occupants of a facility in the event of a situation posing a potential threat to the health and safety of personnel, the environment, or property?

Occupant emergency plan

In an incremental backup, only the files that changed since the last backup will be backed up. In a differential backup, only the files that changed since the last full backup will be backed up. differentials require more space than incremental backups while incremental backups are faster to perform.

On the other hand, restoring data from incremental backups requires more time than differential backups. To restore from incremental backups, the last full backup and all of the incremental backups performed are combined. Restoring from a differential backup requires only the last full backup and the latest differential

___________is an internet protocol used for determining the revocation status of an X.50 Certificate.

Online Certificate Status Protocol

What is a limitation of the Bell-LaPadula model!

Only addresses confidentiality, control of writing one form of integrity ★-property and discretionary access control

What is OWASP Open Web Application Security Project?

Open Web Application Security Project is a nonprofit security project focusing on improving security for online or web-based applications

remember this: Declassification is required once an asset no longer warrants the protection of its currently assigned classification or sensitivity level.

Organizations often implement IT governance methods such as Control Objectives for Information and Related Technology COBIT. These methods help business owners and mission owners balance security control requirements with business or mission needs.

Crime Prevention Through Environmental Design CPTED

Outlines how the proper design of a physical environment can reduce crime by directly affecting human behavior?

Remember : A wiring closet is the infrastructure component often located in the same position across multiple floors in order to provide a convenient means of linking floor‐based networks together.

Output Feedback (OFB) mode prevents early errors from interfering with future encryption/decryption. Cipher Block Chaining and Cipher Feedback modes will carry errors throughout the entire encryption/decryption process. Electronic Codebook (ECB) operation is not suitable for large amounts of data.

______channel is a path within a computer system or network that is designed for the authorized transfer of data?

Overt channel

What element of data categorization management can override all other forms of access control? Classification Physical Access Custodian responsibilities Taking ownership

Ownership gives an entity full capabilities and privileges over the object they own.

is a symmetric encryption algorithm is used in what type software and it is a 64-bit block cipher which uses a 128-bit key?

PGP

What methods could you use to protect data being transferred between two offices from an individual running a network sniffer?

PKI certificates could be used to encrypt files or to secure a connection using HTTPS encapsulation. S/MIME uses PKI certificates to protect email messages in transit. SFTP or SSH file transfer or IPSEC tunnel

PPP operates at the _ layer of the OSI. data link presentation transport physical

PPP and SLIP operate at the data link layer

The Point-to-Point Protocol (PPP) was designed to support multiple network types over the same serial link, just as Ethernet supports multiple network types over the same LAN. .

PPP replaces the earlier Serial Line Internet Protocol SLIP that only supports IP over a serial link. PPTP is a tunneling protocol.

What are the four primary VPN protocols

PPTP, L2F, L2TP, and IPSec (Note: SSL/TLS is a valid VPN protocol as well, but it's not necessarily recognized on the exam as such.

Circuit level proxy does not analyze the application content of the packet in making its decisions, it has lower overhead than an application level proxy. A circuit-level proxy creates a conduit through which a trusted host can communicate with an untrusted one.

Packet Filtering Firewall - First Generation n Screening Router n Operates at Network and Transport level n Examines Source and Destination IP Address n Can deny based on ACLs n Can specify Port

Frame relay and X.25 networks are part of which of the following?

Packet-switched services. Frame relay and X.25 are both examples of packet-switching technologies. In packet-switched networks there are no dedicated connections between endpoints, and data is divided into packets and reassembled on the receiving end.

Commercial competitors or any other entity that is not directly connected or related to the primary organization cannot have that organization's third-party governance mandated or forced on them.

Parallel security designs are insecure because a threat could pass through a single checkpoint that did not address its particular malicious activity.

_________represent the next level in testing and involve actually relocating personnel to the alternate recovery site and implementing site activation procedures

Parallel tests

What can ensure that users create strong passwords of sufficient length and complexity that can track password history and prevent users from reusing passwords?

Password Policy

________always a potential attack if a wireless network is not otherwise using some other form of authentication, typically accessed via 802.1x.

Password guessing

What are some countermeasures to common attack methods

Patching software, reconfiguring security, employing firewalls, updating filters, using IDSs/IPSs, improving security policy, using traffic filters, improving physical access control, using system monitoring/auditing

Any Business Impact Assessment has the following steps

Perform a Vulnerability Assessment Carry out a Criticality Assessment — determining how critically important a particular business function is to the ongoing viability of the organization Determine the Maximum Tolerable Downtime Establish recovery targets Determine resource requirements

Which connection type uses a logical circuit that always exists and waits for customers to send data?

Permanent Virtual Circuit PVC

____________is the transformation technique used in cryptography which changes the relative position of values without replacing them. This is also a form of bit-shuffling

Permutation

OCTAVE = Operationally Critical Threat, Asset, and Vulnerability Evaluation from Carnegie Mellon

Phase 1: Staff knowledge, assets, and threats Phase 2: Identifies vulnerabilities and evaluates safeguards Phase 3: Conducts Risk Analysis and develops risk mitigation strategy

Which layer of OSI model uses repeaters?

Physical Layer

What is is the most prominent aspect of an organizational security policy because it directly and indirectly influences all other forms?

Physical security

Remember this: cabling in buildings must meet certain safety requirements when it comes to producing harmful chemicals that dissipate from a fire. This is called what?

Plenum Space

What is an encapsulation protocol designed to support IP traffic over dial up connections?

Point to Point protocol

What allows the insertion of multiple records that appear to have the same primary key values into the database at different classification levels?

Polyinstatiation

What is a virus code that can change or mutate itself so that the originalis not detected by the antivirus scanner BUT the virus can still carry out it's malicious activity?

Polymorphic Code

_________has the capability of changing its own code, enabling it to have many different variants, making it harder to detect by anti-virus software.

Polymorphic viruses

What is a common target of scanning attacks?

Port 22 is the TCP port usually used by the Secure Shell (SSH) protocol, a common target of scanning attacks.

Remember this: Most computers have universal ports where data can be transferred. When these ports are locked and unlocked, this is done through the practice known as port control.

Port control is accomplished through firewall settings at the router or through local firewall software on the computer.

following are WELL KNOWN PORTS assigned by the IANA?

Ports 0 to 1023

What are REGISTERED PORTS range as defined by IANA

Ports 1024 to 49151

The Biba Model or Biba Integrity Model developed by Kenneth J. Biba in 1977, is a formal state transition system of computer security policy that describes a set of access control rules designed to ensure data integrity. Data and subjects are grouped into ordered levels of integrity. The model is designed so that subjects may not corrupt data in a level ranked higher than the subject, or be corrupted by data from a lower level than the subject. Which of the following is the integrity goal addressed by the Biba Model? a. Prevent interception of message content by unauthorized parties b. Prevent unauthorized data modification by authorized parties c. Maintain internal and external consistency d. Prevent data modification by unauthorized parties

Prevent data modification by unauthorized parties Details: The correct answer is: d. Prevent data modification by unauthorized parties This is the only integrity goal addressed by the Biba Integrity model. Clark-Wilson addresses all three goals of integrity but the Biba model addresses only the first goal of integrity.

Access control methods are:

Preventive - prevent actions and restrict users' access Detective - send alerts during attack Corrective - correct a damaged system Recovery - restore functionality Deterrent - deter uses from performing actions Compensating - compensating for weakness in another control system

Twofish uses two techniques not found in other algorithms what are they?

Prewhitening involves XORing the plain text with a separate subkey before the first round of encryption. Postwhitening uses a similar operation after the 16th round of encryption.

To effectively hold users accountable, your security must be legally defensibly how is this done?

Primarily, you must be able to prove in a court that your authentication process cannot be easily compromised. Thus, your audit trails of actions can then be tied to a human.

What is selected from the set of candidate keys for a table to be used to uniquely identify the records in a table?

Primary Keys

privacy-aware role-based access control what is it?

Privacy-aware role-based access control is a type of RBAC

What cloud infrastructure is provisioned for exclusive use by comprising multiple consumers (e.g., business units). It may be owned, managed, and operated by the organization, a third party, or some combination of them, and it may exist on or off premises.

Private Cloud

If you are a sender what key should you use to encrypt a message digest?

Private key

what is also called memory protection, ensures that each process has its own isolated memory space for the storage of data and the actual executing application code?

Process isolation

The cardinality of a table refers to the number of rows in the table whereas the degree of a table is the number of columns.

Processing screens the collected information to perform a "rough cut" of irrelevant information, reducing the amount of information requiring detailed screening.

Risk analysis is MOST useful when applied during which phase of the system development process?

Project initiation and Planning Thus risk management should be established at the commencement of the project with a risk assessment during project initiation.

The BCP process, as defi ned by (ISC)2 , has four main steps

Project scope and planning Business impact assessment Continuity planning Approval and implementation

the ISO International Standard 15408 "Evaluation Criteria for Information Technology Security", also commonly known as the Common Criteria (CC) applies to what?

Protection profiles and security targets

The protection profile is one of two building blocks of common criteria which include protection profiles and security targets. They provide reliable verification of a product's security capabilities.

Protection profiles are considered the "I want" from customers when designing security requirements.

_________is erasing the data so the media is not vulnerable to data remnant recovery attacks, including those classified as laboratory level

Purging

_________used to sufficiently cleanse remnants of data on a magnetic storage drive so that it can be reused in unsecure environments.

Purging

what is a more intense form of clearing that prepares media for reuse in less secure environments. It provides a level of assurance that the original data is not recoverable using any known methods.

Purging

Who is responsible to review result and deliverables within each phase and at the end of each phase, and confirm compliance with requirements. Their objective is to ensure that the quality of the project by measuring adherence of the project staff to the organization's software development life cycle?

Quality Assurance

What would you use to prioritize traffic on a converged network?

Quality of Service

What are hard values and percentages measured?

Quantitative risk analysis

What are three remote access authentication mechanisms?

RADIUS, DIAMETER, and TACACS

Which is the RAID implementation that creates one big disk by using two disk as one large volume?

RAID 0 RAiD 0 creates one large disk by using several disks which is a process called striping.

remember this:In an IP Header in Byte Offset 8 there are 8 bits yielding 256 possible maximum hops before any packet expires.

RAID 3- RAID or Redundant Array of Individual Disks is a physical disk drive array that provides fault tolerance by spreading data across separate physical disks to both enhance speed and provide protection against individual disk failure.

What RAID focuses on performance rather than data redundancy and no fault tolerance?

RAID Level 0

What RAID provide no fault tolerance of the disk system rather than increasing it. The entire data volume is unusable if one drive in the set fails

RAID Level 0

Which RAID Writes files in stripes across multiple disks without the use of parity information. This technique allows for fast reading and writing to disk because all of the disks can be accessed in parallel?

RAID Level 0

which RAID has the highest cost per megabyte since every piece of data is written at two different locations simultaneously for redundancy purposes?

RAID level 1 mirroring

Which RAID levels run faster on hardware?

RAID levels 3 and 5

it is volatile hardware memory that loses integrity after power is shut off

RAM

following algorithms is a stream cipher?

RC4

is a symmetric encryption algorithm. It is a block cipher of variable block length, encrypts through integer addition, the application of a bitwise Exclusive OR XOR, and variable rotations

RC5

_____is a symmetric algorithm patented by Rivest, Shamir, and Adleman (RSA) Data Security,

RC5 which is a block cipher of variable block sizes 32, 64, or 128 bits that uses key sizes between 0 zero length and 2,040 bits

What RFC contains the Internet Advisory Board's statement on ethics and the Internet? A. RFC 1087 B. RFC 1918 C. RFC 2048 D. RFC 2296

RFC 1087 outlines the IAB's position on proper use of the Internet.

What is the name for a substitution cipher that shifts the alphabet by 13 places?

ROT13 cipher. ROT13 "rotate by 13 places", is a simple letter substitution cipher that replaces a letter with the letter 13 letters after it in the alphabet. ROT13 is an example of the Caesar cipher, developed in ancient Rome.

an asymmetric encryption algorithm is based on the difficulty of factoring large numbers--what is it?

RSA

What is RAM

Random Access Memory, it is volatile hardware memory that loses integrity after power is shut off

Which one of the following terms can be used to describe RAM memory?

Random access memory RAM is accessed in a random, rather than a sequential, fashion

Input or Information Accuracy in Software Development security requires

Range checks, Relationship checks, Reasonableness checks

what is a software development methodology that uses minimal planning in favor of rapid prototyping?

Rapid application development

what usually provides a quicker warning than fixed-temperature sensors because they are more sensitive, but they can also cause more false alarms?

Rate-of-rise temperature sensors

What is ROM?

Read only memory--nonvolatile memory that maintains integrity after the loss of power.

what must be either uniquely identified by a witness or authenticated a documented chain of custody?

Real evidence

What is the difference between recovery and restoration?

Recovery involves bringing businesses operations and processes back to a workable state. restoration involves bringing a business facility and enviornment back to a workable state.

What type of site is owned by the company and are mirrors of the original production environment

Redundant Site

the software testing level tests software after updates, modifications, or any patches?

Regression testing

Data Classification programs are best sponsored by the highest ranking official

Remember : Security awareness training is supported all the way to the top.

Remember isolation between subjects and objects is the Security kernel

Remember following device in Frame Relay WAN technique is a service provider device that does the actual data transmission and switching in the frame relay cloud is the DCE

Remember this: It is possible that an organization may not need a disaster recovery plan. An organization may not have any critical processing areas or system and they would be able to withstand lengthy interruptions.

Remember that DRP is related to systems needed to support your most critical business functions.

Remember this: Preaction systems allow more reaction time in case of a false alarm.

Remember this : A surge is a prolonged rush of high voltage power.

Remember this :Performing Reduction Analysis is a decomposition process, identify five key concepts: :Trust Boundaries Data Flow Paths Input Points, Privileged Operations, Details about Security Stance and Approach

Remember this : Prioritization and Response to threats using the DREAD rating system solution that is based on the answers to five main questions about each threat

Remember this: Biba is known as the Biba Integrity Model. The Bell-LaPadula model focuses on data confidentiality and controlled access to classified information.

Remember this : The information flow model is based on a state machine, and it consists of objects, state transitions, and lattice states. In this context, objects can also represent users. .

Remember this :The phase of the IDEAL model does the organization develop, test, refine, and implement solutions is in the acting phase

Remember this :The BCP implementation phase is where the largest commitment of hardware and software resources. The other phases are more manpower intensive.

Remember this :Accountability is the ultimate goal of a process started by identification.

Remember this :The process of performing qualitative risk analysis involves judgment, intuition, and experience—in other words, opinions.

Remember this :Commercial competitors or any other entity that is not directly connected or related to the primary organization cannot have that organization's third-party governance mandated or forced on them.

Remember this Electronically erasable programmable read-only memory EEPROM chips can be erased by modulating an electric current applied to the chip.

remember this: In addition to the accuracy of the biometric systems, there are other factors that must also be considered. These factors include the enrollment time, the throughput rate, and acceptability.

Remember this Water is appropriate for class A common combustibles fires. Class B fires liquid are best handled by CO2, soda acid or Halon. Class C fires electrical are best handled by CO2 and Halon. Fire class D is used for combustible metals like magnesium.

Remember this : DREAD rating system is Damage potential, Reproducibility, Exploitability, Affected users, Discoverability

Remember this When evaluating a third party for your security integration, consider the following processes:On-Site Assessment, Document Exchange and Review, and Process/Policy Review

remember this: memory cards and smart cards are different because memory cards and smart cards is their capacity to process information. A memory card holds information but cannot process information. A smart card holds information with hardware and software to actually process that information.

Remember this a very active attack. The attacker will make use of a scanner to perform the attack, the scanner sends packets to the target in order to illicit responses that allows the attacker to find information about the operating system, vulnerabilities, misconfiguration and more.

Remember this SAML is a popular SSL language on the Internet X ACM CL has become popular with software defined networking applications

Remember this the secure European system for application in a multivendor environment SESAMe is a ticket based authentication system developed to address weakness in Kerberos.

Remember this--Generally, the purpose of STRIDE and other tools in threat modeling is to consider the range of compromise concerns and to focus on the goal or end results of an attack.

Remember this--Determining and Diagramming Potential Attacks is often accomplished through the creation of a diagram of the elements involved in a transaction along with indications of data flow and privilege boundaries

Rerember this: A database row contains the information that makes up a single database record.

Remember this: A The top-down approach is the aspect of security governance that is based on the idea that senior management is responsible for the success or failure of a security endeavor.

Remeber this: NAT does not allow initiations from external entities. Therefore, allowing external initiations is not a benefit. The benefit is that NAT does not allow them.

Remember this: A custodian is someone who has been assigned to or delegated the day-to-day responsibility of proper storage and protection of objects. A user is any subject who accesses objects on a system to perform some action or accomplish a work task. An owner is the person who has final corporate responsibility for the protection and storage of data.

Remeber this: The primary key is selected from the pool of available candidate keys for each table.

Remember this: Access control is any hardware, software, or organizational administrative policy or procedure that grants or restricts access, monitors and records attempts to access, identifies users attempting to access, and determines whether access is authorized.

Remember this: When a user manages to compromise a colleagues account of similar privileges it is known as horizontal-privilege escalation.

Remember this: Allowing the compromise of that colleagues files and own account permissions. Vertical-Privilege escalation is the act of compromising an account with nativity higher administrative rights. Generally an administrator or manager account.

Remember this: difference between a hacker attacking a network and a legitimate penetration test is Written permission from the network owner whereas a hacker they dont

Remember this: Anomaly-Based firewall looks for traffic that just isn't normal and if it crosses a threshold, action can be taken by the IDS/IPS. Anything different that the normal traffic triggers action.

Remember this: the user mode is is designed to protect users from accidentally damaging the system through the execution of poorly designed code

Remember this: Auxiliary alarm systems facilitate local, remote, and centralized alarm systems by notifying external sources police, fire, medical of signifying events.

Remember this: Confidentiality is the principle that objects are not disclosed to unauthorized subjects. Integrity is the principle that objects retain their thruth and are intentionally modified by only authorized subjects.

Remember this: Availability is the principle that authorized subjects are granted timely and uninterrupted access to objects.

Remember this: The Loki attack uses the ICMP protocol for communications between two systems,

Remember this: ICMP was designed to be used only for sending status and error messages about the network. Because the Loki attack is using ICMP in an unintended manner, this constitutes a covert channel attack.

Remember this: In cryptanalysis, frequency analysis is the study of the frequency of letters or groups of letters in a ciphertext. The method is used as an aid to breaking classical ciphers.

Remember this: In SQL, a view is a virtual table based on the result-set of an SQL statement. A view contains rows and columns, just like a real table. The fields in a view are fields from one or more real tables in the database.

Remember this principle that can be summed up as "the enemy knows the system is Kerckchoffs. -states that a cryptographic system should remain secure even when all details of the system, except the key, are public knowledge.

Remember this: Industrial espionage is usually considered a business attack.

Remember this: To be effective, the approach to security management must be a top-down approach. The responsibility of initiating and defi ning a security policy lies with upper or senior management.

Remember this: Middle management is responsible for fleshing out the security policy into standards, baselines, guidelines, and procedures

Remember this: The agile software development methodology prioritizes flexible development that emphasizes responding to change over following a plan.

Remember this: Multipartite viruses use more than one propagation technique in an attempt to penetrate systems that defend against only one method or the other.

remember this an off site so that it can quickly be made operational is incorrect as the offsite is also subject to the same disaster as of the primary site.

Remember this: Password management falls into Preventive control. Password management is an example of preventive control. Proper passwords prevent unauthorized users from accessing a system.

Remember this :Requiring authentication time-outs bears no direct result on password attack protection. Strong password enforcement, restricted physical access, and two-factor authentication help improve security posture against automated attacks.

Remember this: Sanitation is the process of wiping storage media clean in preparation for disposal or destruction.

Remember this:act includes provisions to protect consumers' personal financial information held by financial institutions is the Gramm-Leach-Bliley Act" or GLB Act

Remember this: Sarbanes-Oxley Act introduced highly significant legislative changes to protect investors by improving the accuracy and reliability of corporate disclosures made pursuant to the securities laws.

Remember this Need to know is more granular

Remember this: Task-based = another nondiscretionary method

Remember this: Triple DES has an effective key length of 168 bits.

Remember this: The 10 system is a code used in radio communications for brevity and clarity.

Remember this: The lattice model is a label-based Mandatory Access Control (MAC) model

Remember this: The Graham-Denning Model is a computer security model that shows how subjects and objects should be securely created and deleted. It also addresses how to assign specific access rights. It is mainly used in access control mechanisms for distributed systems.

Remember this :The of the key elements of the BCP documentation is a list of future events that might warrant reconsideration of the determination that a risk is acceptable.

Remember this: The SHA-2 algorithms support the creation of message digests up to 512 bits long.

Remember this: SESAME is subject to password guessing like Kerberos.

Remember this: The cost of access control must be commensurate with the value of the information that is being protected

Remember this: Security management planning includes defining security roles, developing security policies, performing risk analysis, and requiring security education for employees.

Remember this: The security management team should develop strategic, tactical, and operational plans.

Remember this: Other aspects of security solution concepts and principles are the elements of protection mechanisms: layering, abstraction, data hiding, and encryption as the common characteristics of security controls

Remember this: Those assigned the senior management role are ultimately responsible and liable for any asset loss, and they are the ones who define security policy

Remember this: Threat modeling refers to security process that depicts potential identified threats categorized threats, and the analysis of threats

Remember this: Threat modeling can be performed: First, as a proactive measure during design and development Second, as a reactive measure taken once a product has been deployed.

Remember this: only two parts of a packet which changes between sending host and the receiving host while in transit is Time to Live and MAC Address

Remember this: Time to Live. It's that part of the IP Header that prevents packets from wandering around the internet forever looking for the destination.

Remember this :Processing screens the collected information to perform a "rough cut" of irrelevant information, reducing the amount of information requiring detailed screening.

Remember this: To make the determination of whether the safeguard is financially equitable ALE before countermeasure - ALE after implementing the countermeasure - annual cost of countermeasure = value of the countermeasure to the company.

Remember this: RAID 1+5 is nested RAID involving the mirroring which is RAID 1 of striped drive sets with evenly distributed parity data which is RAID 5

Remember this: VBScript is the only example of an interpreted language listed. C++, Java, and Fortran are compiled languages

Remember this: the need for encryption is hiding the meaning or intent of a communication from unintended recipients

Remember this: When information is collected about your activities online without your consent, it is known as a violation of privacy.

Remember this: A key should always be using the full spectrum of the keyspace and be extremely random

Remember this: When using link encryption, packets have to be decrypted at each hop and encrypted again.

Remember this: the biggest threat to new devices introduced to a network Default Passwords.

Remember this: default passwords on devices and are usually configured as insecure as possible so that they work right out of the box. Great for marketing, terrible for security.

Remember this: Identification is the process by which a subject professes an identity and accountability is initiated

Remember this: identity must occur by a subject to a system to begin the process of authentication, authorization, and accountability

Remember this:the elements of a formalized security policy structure: security policy, standards, baselines, guidelines, and procedures. Such documentation clearly states security requirements and creates due diligence on the part of the responsible parties.

Remember this: key security roles are: senior manager, organizational owner, upper management, security professional, user, data owner, data custodian, and auditor. By creating a security role hierarchy, you limit risk overall.

Remember this: Encryption doesn't insure integrity. Hashing algorithms would be used instead to validate integrity.

Remember this: method of remote access that was retired by Microsoft because it relies on LANMAN hashes, reuse of session keys and the use of an unauthenticated control channel, PPTP is considered broken and therefore unsafe.

Remember this: MAC Addresses are local only to the network you are on. The moment it hits the first router or switch the Source and Destination MAC Addresses change to the next hop in the path

Remember this: most benefits from the process of encryption is Confidentiality.

Remember this: Integrating cyber security risk management with acquisition strategies and practices is a means to ensure a more robust and successful security strategy in all organizations

Remember this: purchases without security considerations inherent risks occur throught the product life span or cycle.

Remember this: security management planning involves: strategic, tactical, and operational

Remember this: strategic plan is a long-term plan that is fairly stable. The tactical plan is a midterm plan developed to provide more details on accomplishing the goals set forth in the strategic plan. Operational plans are short-term

Remember this: implement security awareness training. Before training occurs, awareness of security as a recognized entity must be created for users. Once this is accomplished, training, or teaching employees to perform their work tasks and to comply with the security policy, can begin

Remember this: the concept of abstraction is is used to collect similar elements into groups, classes, or roles that are assigned security controls, restrictions, or permissions as a collective. It adds efficiency to carrying out a security plan.

Remember this: It is the responsibility of the operationalmanagers or security professionals to implement the configurations prescribed in the security management documentation

Remember this: the end users' responsibility is to comply with all security policies of the organization

Remember this: Auditing detects malicious actions by subjects, attempted intrusions, and system failures. Auditing can reconstruct events, provide evidence for prosecution, and produce problem reports and analysis

Remember this: the importance of accountability makes subjects held accountable for their actions. Relies on the capability to prove a subject's identity and track their activities.

Remember this: Cipher feedback mode C F B uses streaming cipher compared to C B C block cipher

Remember this: the maximum allowed Ping packet size is 65, 536 bytes. To engage in any pain of death attack and attack or less send a packet that exceeds this maximum. Therefore the smallest packet that might result in a successful attack would be 65,537 bytes..

Remember this: Examples of which attacks a firewall cannot mitigate Reverse-Engineering HTTP Cookies URL Interpretation attacks User Input validation attacks SQL query poisoning

Remember this: two of the most common detection mechanisms for Intrusion Detection or Intrusion Prevention Systems are Anomaly Detection and Signature Detection

Remember this: differences between the Session and Transport layers of the OSI model is that the Transport layer sets up communication between computer systems, while the Session layer sets up connections between applications.

Remember this: web server threats can a packet filter firewall can mitigate are ICMP Flood attacks.

Remember this: Tokens such as RSA tokens are less susceptible to electronic eavesdropping, replay attacks, and password guessing due to their limited life passcode. They provide a higher level of security than static passwords.

Remember this:. When the discretionary access control method is used to control access to a system and network resources, the owner of the resource has the necessary privileges to assign permissions.

Remember this: System owners interact with data owners to ensure the data is protected while at rest on the system, in transit between systems, and in use by applications operating on the system

Remember this:A data administrator is responsible for granting appropriate access to personnel. They don't necessarily have full administrator rights and privileges, but they do have the ability to assign permissions.

Remember this: S/MIME supports the DES, RC2, and 3DES symmetric encryption algorithms and also uses RSA for public key encryption. It does not provide support for IDEA.

Remember this:Degaussing does not remove data from optical media. Overwriting files isn't a reliable method of removing data remnants.

Remember this::Bell-LaPadula Model suitable for preventing unauthorized access to secret informationIt prevents users and processes from reading above their security level.

Remember this:In a lattice model every resource and every user of a resource is associated with one of an ordered set of classes. The classes were based on military security classless . If you had clearance to secret you couldn't read up to top secret

Remember this: Authentication is the process of verifying or testing that a claimed identity is correct. Authentication requires information from the subject that must exactly correspond to the indicated identity.

Remember this:Once a subject is authenticated, its access must be authorized.

Remember this: An ultimate goal of threat modeling is to prioritize the potential threats against an organization's valuable assets

Remember this:STRIDE stands for Spoofing Tampering—Any action resulting in the unauthorized changes Repudiation—The ability for a user or attacker to deny having performed an action Information disclosure Denial of service Elevation of privilege

Remember this: process of authorization requested activity or object access due to the given rights and privileges assigned to the authenticated identity

Remember this:Security governance is the collection of practices related to supporting, defining, and directing the security efforts of an organization

Remember this: least preferred remote access method from a security and control point of view is Dial-up connectivity not based on centralize control and least preferred from security and control standpoint.

Remember this:When attempting to inventory and categorize threats, it is often helpful to use a guide or reference. Microsoft developed a threat categorization scheme known as STRIDE.

Remember this:The person assigned the data owner role is responsible for classifying information, and a data custodian is responsible for maintaining the secure environment and backing up data.

Remember thisAn auditor is responsible for making sure a secure environment is properly protecting assets.

Remember this: individual documents are essential elements to the design and implementation of security in any environment consists of policies, standards, baselines, guidelines, and procedures

Remember. Lattice-based access controls deal primarily with integrity. Lattice-based access controls primarily deal with confidentiality. Lattice-based access control and the Bell-LaPadula model are connected.

Remember: Data classifications provide strong protection against the loss of confidentiality. Data labels and proper data handling are based on first identifying data classifications. Data degaussing methods apply only to magnetic media.

Remember: An asynchronous token generates and displays one-time passwords using a challenge-response process to generate the password. synchronous token is synchronized with authentication server and generates synchronous one-time passwords.

Remember Risk assessments requires and evaluation of assets and related threats to those assets. You never implement countermeasures. You can suggest but not implement.

Remember: Automated tools in risk analysis have a lot of necessary questions that are pre-programmed and are best to use. They can decrease the time alloted

Remember: Stream ciphers can be designed to be exceptionally fast, much faster than any block cipher. A stream cipher generates what is called a key stream a sequence of bits used as a key.

Remember: Block ciphers do not use public cryptography private and public keys.

Remember: B1 does not address covert channels. B2 requires a system to protect against covert storage channels but does not address covert timing channels. B3 and A1 both address covert storage channels and covert timing channels and must perform a covert channel analysis for both types.

Remember: Data should usually be normalized, thus avoiding data redundancy.

Remember: L2TP Protocol works at data link layer. L2TP and PPTP were both designed for individual client to server connections; they enable only a single point-to-point connection per session.

Remember: Dial-up VPNs use L2TP often. Both L2TP and PPTP operate at the data link layer layer 2 of the OSI model. PPTP uses native PPP authentication and encryption services and L2TP is a combination of PPTP and Layer 2 Forwarding protocol L2F.

Remember this: Corporate governance deals with governance procedures of the whole organization and all its functions. Security governance is a subset of it

Remember: Downstream liability requires that companies ensure their activities or lack of activity do not negatively affect other companies.

Remember: The European Union's data privacy directive does not grant individuals the right to delete data from corporate databases.

Remember: Hot sites are the only site capable of activation within the required six-hour timeframe.

Justifications should be provided when data is denormalized, not when it is normalized, because it introduces risk of data inconsistency. Denormalization is usually introduced for performance purposes.

Remember: In response to an access-request from a client, a RADIUS server returns one of three authentication responses: access-accept, access-reject, or access-challenge

Remember Kerberos uses only symmetric encryption and does not make use of any public key component.

Remember: Key Distribution Center provides services to principals , which can be users , applications or network services.

Remember: Due to the nature of the terms, Decentralized and Distributed are used interchangeably. Distributed Access Control is a single sign-on role-based access control system for web servers and server-based software used in the authentication process.

Remember: Logging is the collection of information used in monitoring. Accounting for this activity is necessary for detecting security issues such as unauthorized access incidents. Logging collects and time-stamps system activity and even records a user ID if it's related to auditing user access.

Remember: Security mechanisms are needed within an operating system because software is not trusted

Remember: Most higher-order security models, such as Bell-LaPadula and Biba, are based on the state machine model as well as the information flow and noninterference models.

Remember: Identification establishes user accountability for the actions on the system.

Remember: Transformational procedures programs operate only on unconstrained data items.

Remember: However, it's important to note that copyright law protects only the expression inherent in computer software—that is, the actual source code. It does not protect the ideas or process behind the software.

Remember: it is important to note that officially registering a copyright is not a prerequisite for copyright enforcement.

Remember : Control Objectives for Information Technology is a framework and a set of business practices

Remember: learning a user ID and password and using them is not backdooring but masquerading

Remember: The BCP team should sit down and determine an ARO for each risk identifi ed in the previous section.

Remember: to find likelihood assessments for some risks prepared by experts at no cost to you the U.S. Geological Survey (USGS) developed the earthquake hazard map. Federal Emergency Management Agency (FEMA) coordinates the development of detailed fl ood maps of local communities throughout the United States

What is a __________technology maintains mirrored images of servers at both the primary and alternate sites.

Remote Mirroring

___________can be accomplished on Kerberos if the compromised tickets are used within an allotted time window?

Replay

A BCP team. The team should include, at a minimum, the following individuals

Representatives from departments responsible for the core services performed by the business key support departments Representatives IT representatives with technical expertise Security representatives Legal representatives senior management reps

What is the final step of the business impact assessment (BIA) process?

Resource prioritization

What step is Resource Prioritization in the business impact assessment?

Resource prioritization is the final step

What algorithm has been selected as the AES algorithm, replacing the DES algorithm?

Rijndael

Ring model consists of

Ring zero which is the kernel Ring one with is the Operating System Ring two which is the device drivers Ring 3 is the User Applications

the process by which risk management is achieved and includes analyzing an environment for risks, evaluating each risk as to its likelihood of occurring and the cost of the resulting damage, assessing the cost of various countermeasures for each risk, and creating a cost/benefit report for safeguards to present to upper management

Risk analysis

What is risk analysis?

Risk analysis is the process by which upper management is provided with details to make decisions about which risks are to be mitigated, which should be transferred, and which should be accepted

What is Risk Avoidance?

Risk avoidance is the practice of coming up with alternatives so that the risk in question is not reali

What is Risk Mitigation?

Risk mitigation is the practice of the elimination of, or the significant decrease in the level of risk presented. Examples of risk mitigation can be seen in everyday life and are readily apparent in the information technology world. Risk Mitigation involves applying appropriate control to reduce risk.

What's RSN?

Robust Security Network

Non Discretionary Access Control (NDAC) can also be referred to as?

Role-Based Access Control

Name at least five networking device types other than firewalls

Routers, switches, hubs, repeaters, bridges, gateways, proxies

What are possible mechanisms for adding security to email

S/MIME, MOSS, PEM, and PGP

what is an Extensible Markup Language (XML) standard that allows a user to log on once for affiliated but separate Web sites and is designed for business-to-business (B2B) and business-to-consumer (B2C) transactions.?

SAML

What is SAML?

SAML (Security Assertion Markup Language) is an Extensible Markup Language (XML) standard that allows a user to log on once for affiliated but separate Web sites. SAML is designed for business-to-business (B2B) and business-to-consumer (B2C) transactions.

Which addressed some of the shortcomings in Kerberos and uses public key cryptography for Secret Key distribution provides additional access control support

SESAME -Secure European System for Applications in a Multi-vendor Environment (SESAME) was developed to address the weaknesses in Kerberos and uses public key cryptography for the distribution of secret keys and provides additional access control support.

what is a hashing algorithm producing a 160-bit hash result from any data. and does not perform encryption.

SHA-1

what produces a 160-bit message digest

SHA-1

The SLE is calculated using the following formula:

SLE = asset value (AV) times exposure factor (EF) or more simply: Single Loss Expectancy = Asset Value times Exposure Factor SLE=AV X EF

what is a single loss expectancy (SLE) and how is it calculated?

SLE is an element of quantitative risk analysis that represents the cost associated with a single realized risk against a specific asset. The formula is SLE = asset value (AV) * exposure factor (EF).

clear text protocols is normally disallowed through a firewall from the internet in it's unprotected form?

SNMP are insecure versions uses a community string in clear text. Having a rule on your firewalls allowing such traffic may permit an attacker to gain a lot of information for your devices or in some case have the ability to reconfigure your devices. So never allow SNMP through a firewall

When a user is attempting to connect to a SNMP service on an internal system that while booted and functioning is not actually running an SNMP server, what information response will their system receive?

SNMP is a UDP-based service. UDP can not send back errors, because it is a simplex protocol. Thus, when UDP errors occur, ICMP Type 3 error will be returned.

SNORT is a(n): Firewall IDS Password Cracking tool Password sniffing tool

SNORT is an open source network IDS

what report focuses on a business's non-financial reporting controls as they relate to security, availability, processing integrity, confidentiality, and privacy of a system.

SOC-2 report

What attacks allow hackers to bypass normal access controls and gain access to the database supporting a web application?

SQL injection

What uses a public-key cryptography to secure session key, while the session key secret key is used to secure the whole session taking place between both parties communicating with each other?

SSL

What describes the relationship between SSL and TLS?

SSL is a proprietary protocol whereas TLS was developed by a standards body, making it an open-community protocol

What are some types of threat modeling?

STRIDE, diagramming, reduction/decomposing, and DREAD

_______is a form of denial-of-service attack in which an attacker sends a succession of SYN requests to a target's system in an attempt to consume enough server resources to make the system unresponsive to legitimate traffic?

SYN Flood Attack

What is notice, choice, onward transfer, security, data integrity, access, and enforcement

Safe Harbor principles

Communications devices must operate at what rate of speed to communicate?

Same speed

What is any number of processes that prepares media for destruction. It ensures that data cannot be recovered by any means from destroyed or discarded media.

Sanitization

_________is a combination of processes that removes data from a system or from media. It ensures that data cannot be recovered by any means?

Sanitization

What refers to reviewing a baseline baseline security controls and determining what standard will be used or employed?

Scoping

What refers to reviewing baseline security controls and selecting only those controls that apply to the IT system you're trying to protect.

Scoping

What refers to reviewing baseline security controls and selecting only those controls that apply to the IT system you're trying to protect?

Scoping

What is a technology that can allow an automated tool to interact with a human interface?

Screen scraping

firewall that communicates directly with a perimeter router and internal network is called ___.

Screened host

Which from the following list is the lowest military data classification for classified data Sensitive Secret Proprietary Private

Secret.......read the question!!!!!!! There is no sensitive in the military...

_____________provides secure replacements for a number of common Internet utilities.

Secure Shell (SSH)

What should be addressed at the design phase?

Security

who is responsible for providing adequate physical and logical security for IS programs, data and equipment?

Security Administrator

Who is responsible for implementing user clearances in computer based information systems at the B3 level of TCSEC?

Security Administrators are responsible - set clearances, set initial passwords, and new user security or changing policies for existing users.

Security Assertion Markup Language S A M L?

Security Assertion Markup Language SAML is an XML standard that allows secure web domains to exchange user authentication and authorization data. Using SAML, an online service provider can contact a separate online identity provider to authenticate users who are trying to access secure

What is a collection of components in the TCB that work together to implement reference monitor functions is called the _________________?

Security Kernel

Physically securing the tapes from unauthorized access is obviously a security concern and is considered a function of the what?

Security Operations Domain.

Security requires two components? What are those two components?

Security requires both a technological component and a procedural human component to result in a well-balanced information security program.

What specifies the claims of security from the vendor that are built into a Target of Evaluation?

Security targets (STs)

An IT auditor is assigned to perform an independent classification of systems. In the event that the IT auditor identifies a system where functions can be performed manually at an acceptable cost to the company for a long period of time, how should the IT auditor classify that system?

Sensitive functions are best described as those that can be performed manually at a tolerable cost for an extended period of time.

What is the main reason is carry out separation of duties?

Separation of duties - main reason is to ensure one person can't carry out a task that can be damaging or risky for a company.

rerember this : Separation of duties--This prevents any one person from having the ability to undermine or subvert vital security mechanisms.

Separation of duties is also a protection against collusion , which is the occurrence of negative activity undertaken by two or more people, often for the purposes of fraud, theft, or espionage.

What in the OSI-model Transport layer protocol in the IPX/SPX protocol stack. It is a reliable, connection-oriented protocol, similar to the TCP protocol of the TCP/IP, but it is datagram rather than stream protocol.

Sequence Packet Exchange

Which of the following is the most important and distinctive concept in relation to layered security? Multiple Series Parallel Filter

Series basically this states that layering is the multiple CONTROLS in a series when it comes to the distinctive concept in relation to layered security...

What law mandates protection of privacy data. Third parties agree to abide by principles as a method of ensuring that they are complying with the EU Data Protection law. The seven principles are notice, choice, onward transfer, security, data integrity, access, and enforcement

Seven Safe Harbor principles

When online transactions processing system OLTP has erroneous errors on invalid transactions that are noticed what actions do you take?

Should be written to a report and reviewed--logs must be reviewed

Information flow model

Similar to Bell La Padula model and control how information may flow between objects based on security classes. Information flows in accordance with security policy

Simple Network Management Protocol (SNMP) is?

Simple Network Management Protocol (SNMP) is an Internet-standard protocol for collecting and organizing information about managed devices on IP networks and for modifying that information to change device behavior. Devices that typically support SNMP include routers, switches, servers, workstations, printers, modem racks and more.

What is a subject may not read information at a higher sensitivity level no read up.

Simple Security Property

A Security Information and Event Management SIEM system is the best tool to search through large log files looking for intrusion-related events.

Simulation tests are similar to the structured walk-throughs. In simulation tests, disaster recovery team members are presented with a scenario and asked to develop an appropriate response.

What is an element of quantitative risk analysis that represents the cost associated with a single realized risk against a specific asset?

Single Loss Expectancy

what can be implemented by using scripts that replay the users multiple log-ins against authentication servers to verify a user's identity and to permit access to system services?

Single Sign On

Which of the following is implemented through scripts or smart agents that replays the users multiple log-ins against authentication servers to verify a user's identity which permit access to system services? a. Kerberos b. Smart cards c. Dynamic Sign-On d. Single Sign-On

Single Sign-On SSO can be implemented by using scripts that replay the users multiple log-ins against authentication servers to verify a user's identity and to permit access to system services. Single Sign on was the best answer in this case because it would include Kerberos.

What is an attempt to deceive an insider into performing questionable actions on behalf of some unauthorized outsider..

Social engineering

what is a combination of flash memory EEPROM and DRAM

Solid State Drive

Remember this When purchases are made without security considerations, the risks inherent in those products remain throughout their deployment lifespan.

Some organizations must craft job descriptions to be in compliance with SOC-2, while others following ISO 27001 require annual reviews of job descriptions

what is a security target?

Specifies the claims of security from the vendor that are built into the Target of Evaluation

What is unique "what each must bring" and joined together when implementing dual control

Split knowledge

The STRIDE Threat Model

Spoofing identity Tampering with data Repudiation Nonrepudiation Information disclosure Denial of service Elevation of privilege

Application Level Firewall - Second Generation n Proxy Server n Copies each packet from one network to the other n Masks the origin of the data n Operates at layer 7 n Reduces Network performance since it has do analyze each packet and decide what to do with it. n Also Called Application Layer Gateway

Stateful Inspection Firewalls - Third Generation n Packets Analyzed at all OSI layers n Queued at the network level n Faster than Application level Gateway

What is the tranquility principle of the Bell La Padula Model?

States that the classification of a subject or object does not changed while being referenced.

What prevents ARP attacks?

Static ARP binding help prevent ARP attacks since the attacker's spoofed ARP replies would no longer cause any changes in the (static) ARP cache.

What's a fast expensive memory that uses small latches called "flip flops" to store bits?

Static Random Access Memory

Which of the following NAT firewall translation modes is required to make internal hosts available for connection from external hosts

Static Translation: With static translation also called port forwarding, a specific internal network resource usually a server has a fixed translation that never changes. Static NAT is required to make internal hosts available for connection from external hosts

What are the five generation types of firewalls?

Static packet filtering, application-level gateway, stateful inspection, dynamic packet filtering, and kernel proxy

A virus that hides itself from OSes and other protective software, such as antivirus shields is what?

Stealth Virus

What alter operating system file access routines so that when an antivirus package scans the system, it is provided with the information it would see on a clean system rather than with infected versions of data?

Stealth viruses

The purpose of the CAM table is to:

Store MAC addresses for the purpose of forwarding frames

Storage of Hard DriveS should:

Store hard drives in anti-static bags, and be sure that person removing them from bag is static free If the original box and padding for the hard drive is available, use it for shipping If the hard drive has been in a cold environment, bring it to room temperature prior to installing and using it

What cipher is a type of symmetric encryption algorithm that operates on continuous streams of plain text and is appropriate for hardware-based encryption.

Stream

What Cipher is appropriate for hardware based encryption?

Stream Cipher

What are The Three Parts of the Relational Model?

Structural: defines the core of the data and the relationships involved described in terms of relations , tuples , attributes and domains . Manipulative: defines how the data in the model will be accessed and manipulated. Constraints: defines limits on the model. T

strong business continuity plan requires the use of a proven methodology. This requires the following:

Structured analysis of the business's organization from a crisis planning point of view The creation of a BCP team with the approval of senior management--An assessment of the resources available to participate in business continuity activities--An analysis of the legal and regulatory landscape that governs an organization's response to a catastrophic event

What Uses the same key for communication in any direction

Symmetric key

Remember this: Asymmetric cryptosystems use public-private key pairs for communication between parties but operate much more slowly than symmetric algorithms.

Symmetric key cryptosystems or secret key cryptosystems) rely on the use of a shared secret key. They are much faster than asymmetric algorithms, but they lack support for scalability, easy key distribution, and nonrepudiation

What is the difference between a Synchronous Dynamic Password Token and a Asynchronous Dynamic Password Token?

Synchronous dynamic are based on time and synchronized with an authentication server . They produce a new password periodically like every 60 sections. Asynchronous Dynamic tokens does not use a clock. Passwords are based on an algorithm with an incrementing counter.

What provides the most granular or distinctive control over resources and users because it enforces clearances, requires need to know, and allows the processing of only single sensitivity levels

System High

what are the processes I communicate between the rings?

System calls which allows processes to communicate with the kernel and provide a window between the rings.

Which of the following cannot be undertaken in conjunction or while computer incident handling is ongoing?

System development activity if an Incident Handling is underway an incident has potentially been identified. At that point all use of the system should stop because the system can no longer be trusted and any changes could contaminate the evidence. This would include all System Development Activity.

Who are authorized to process data at different classification levels only if all system users have access to the highest level of classification processes?

System running in system High mode.

___________is responsible for granting appropriate access to personnel. They don't necessarily have full administrator rights and privileges, but they do have the ability to assign permissions

System/Data Administrator

_________is an application that can serve as a basic firewall by restricting access based on user IDs or system IDs.

TCP wrapper

Any backup strategy must include full backups at some point in the process. If a combination of full and differential backups is used, a maximum of two backups must be restored. If a combination of full and incremental backups is chosen, the number of required restorations may be unlimited.

TCP wrapper is an application that can serve as a basic firewall by restricting access based on user IDs or system IDs.

What is the IP header contains a protocol field for TCP?

TCP=6

What was developed in the 1950s by the US government to address electromagnetic radiation being emitted from electrical equipment data that can be captured via electrical signals in reconstructed which threatens the confidentiality of sensitive data?

TEMPEST

What type of data is a secure protocol implemented in web application traffic to ensure privacy between client and server communications to protect this type of data

TLS --Data in Transit/Motion

What was replaced for SSL?

TLS Transport Layer Security was specifically designed as a replacement for SSL.

Traceroute works by exploiting which specific feature? IP TTL ICMP RTT

TTL--To troubleshoot Windows network connectivity problems, use this introduction to time-to-live (TTL) and trace route.

SQL is a relational database Query language. SQL stands for structured query language. What describes how the tables and views are structured?

Tables

What is designed to focus a timeframes of approximately one year and may include scheduling of tasks, assignment of responsibilities, hiring plans, maintenance plans, and even acquisition plans?

Tactical planning

What refers to modifying the list of security controls within a baseline so that they align with the mission of the organization or customizing a standard for your organization?

Tailoring

what refers to modifying the list of security controls within a baseline so that they align with the mission of the organization?

Tailoring

what are the common criteria terms?

Target of evaluation, security target, protection profile, evaluation assurance level.

What include access controls; intrusion detection; alarms; closed-circuit television (CCTV); monitoring; heating, ventilating, and air conditioning (HVAC); power supplies; and fire detection and suppression?

Technical physical security controls

remember this: Bind variables are placeholders for literal values in a Structured Query Language (SQL) query being sent to the database on a server.

The *- star integrity axiom of the Biba access control model states that an object at one level of integrity is not permitted to modify an object of a higher level of integrity -no write up

What is FIPS-140?

The 140 series of Federal Information Processing Standards (FIPS) are U.S. government computer security standards that specify requirements for cryptography modules.

What are the differences between the The Bell-LaPadula model and the Biba model?

The Bell-LaPadula model focuses on data confidentiality and controlled access to classified information, in contrast to the Biba Integrity Model which describes rules for the protection of data integrity.

what is the biba model?

The Biba Model is a formal state transition system of computer security policy that describes a set of access control rules designed to ensure data integrity. Data and subjects are grouped into ordered levels of integrity.

In the Biba model, what rule prevents a user from reading from lower levels of classification?

The Biba simple property rule/star axiom is "no read down."

The Brewer and Nash model what is it!

The Brewer and Nash model was constructed to provide information security access controls that can change dynamically. This security model, also known as the Chinese wall model, was designed to provide controls that mitigate conflict of interest in commercial organizations.

what model is based on dynamic changes of user privileges and access based on user activity?

The Brewer-Nash model

Remember this Centralized alarm systems remotely monitor sensors spread around a business facility or campus and trigger on some specified event.

The Caesar cipher is a simple substitution cipher where each letter of a message is changed.

Encrypted viruses use a variety of cryptographic keys in conjunction with encryption and decryption routines to hide their code on the hard drive to escape detection

The Clark-Wilson model enforces separation of duties to further protect the integrity of data. This model employs limited interfaces or programs to control and maintain object integrity.

Which model prevents authorized users from making unauthorized modifications to data, thereby protecting its integrity?

The Clark-Wilson model which uses separation of duties

What protects computers used by the government or in interstate commerce from a variety of abuses

The Computer Fraud and Abuse Act

The DES applies what?

The DES applies a division operation that puts characters through 16 rounds of transposition and substitution functions, with a resulting 64-bit block of ciphertext.

What operates on messages in 64-bit blocks?

The DES cipher operates on messages in 64-bit blocks.

What is used to make modifications to a relational database's schema?

The Data Definition Language (DDL)

What is used to make modifications to a relational database's schema?

The Data Definition Language DDL is used to make modifications to a relational database's schema

What is a subset of SQL containing the commands used to interact with data?

The Data Manipulation Language

Which Backup Method only copies files that have changed since a full backup backup was last performed?

The Differential Backup Method

______only copies files that have changed since a full backup backup was last performed?

The Differential Backup Method

Remember this: Secure RPC (Remote Procedure Call) protects remote procedures with an authentication mechanism.

The Diffie-Hellman authentication mechanism authenticates both the host and the user who is making a request for a service. The authentication mechanism uses Data Encryption Standard (DES) encryption. +.

what prohibits the circumvention of copy protection mechanisms placed in digital media and limits the liability of Internet service providers for the activities of their users?

The Digital Millennium Copyright Act

Digital Millennium Copyright Act of 1998

The Digital Millennium Copyright Act prohibits the circumvention of copy protection mechanisms placed in digital media and limits the liability of Internet service providers for the activities of their users.

explain the basic provisions of the Digital Millennium Copyright Act of 1998?

The Digital Millennium Copyright Act prohibits the circumvention of copy protection mechanisms placed in digital media and limits the liability of Internet service providers for the activities of their users.

Digital Millennium Copyright Act of 1998?

The Digital Millennium Copyright Act prohibits the circumvention of copy protection mechanisms placed in digital media and limits the liability of Internet service providers for the activities of their users.

what is a suite of Internet Engineering Task Force (IETF) specifications for securing certain kinds of information provided by the Domain Name System (DNS) as used on Internet Protocol (IP) networks.

The Domain Name System Security Extensions (DNSSEC)

the best recovery strategy if you have an application which cannot allow downtime without impacting the organization?

The Dual Data Center strategy is employed for applications, which cannot accept any downtime without negatively impacting the organization

What are the basic provisions of the Economic Espionage Act of 1996?

The Economic Espionage Act provides penalties for individuals found guilty of the theft of trade secrets. Harsher penalties apply when the individual knows that the information will benefit a foreign government

Economic Espionage Act of 1996.

The Economic Espionage Act provides penalties for individuals found guilty of the theft of trade secrets. Harsher penalties apply when the individual knows that the information will benefit a foreign government.

the Economic Espionage Act of 1996?

The Economic Espionage Act provides penalties for individuals found guilty of the theft of trade secrets. Harsher penalties apply when the individual knows that the information will benefit a foreign government

What was released in 1991 formalized the prudent man rule, which requires senior executives to take personal responsibility for ensuring the due care that ordinary, prudent individuals would exercise in the same situation?

The Federal Sentencing Guidelines

what provided punishment guidelines to help federal judges interpret computer crime laws.The guidelines formalized the prudent man rule , which requires senior executives to take personal responsibility for ensuring the due care that ordinary, prudent individuals would exercise in the same situation?

The Federal Sentencing Guidelines released in 1991

What primarily run when time and tape space permits, and is used for the system archive or baselined tape sets?

The Full Backup Method

_________is primarily run when time and tape space permits, and is used for the system archive or baselined tape sets

The Full Backup Method

What is an integrity model based on predetermining the set or domain—a list of objects that a subject can access?

The Goguen-Meseguer model

What further develops the federal government information security program?

The Government Information Security Reform

What Act of 2000 amended the Paperwork Reduction Act to implement additional information security policies and procedures?

The Government Information Security Reform Act of 2000

Government Information Security Reform Act of 2000 is what?

The Government Information Security Reform Act of 2000 amended the Paperwork Reduction Act to implement additional information security policies and procedures.

The Simple Integrity Property states that a subject cannot Compartmentalized environments require specific security clearances over compartments or domains instead of objects.read an object of a lower integrity level no read down.

The Graham-Denning model is focused on the secure creation and deletion of both subjects and objects.

what provides more granular approach for interaction between subjects and objects?

The Gramm Denning Model

What is HITECH?

The Health Information Technology for Economic and Clinical Health Act of 2009 HITECH amended HIPAA to include new regulations related to data breach notification and the compliance requirements of covered entity business associates.

What is an ICMP Type 3?

The ICMP destination unreachable message is generated by a router to inform the source host that the destination unicast address is unreachable.

What was developed in response to complaints about the insufficient key length of the DES algorithm operates on 64-bit blocks of plain text/ciphertext?

The International Data Encryption Algorithm IDEA

what is an international agreed-upon standard for describing in testing the security of IT products?

The International common criteria

what provides background security support services for IPSec, including managing security associations?

The Internet Security Association and Key Management Protocol ISAKMP

A directive control is a security tool used to guide the security implementation of an organization.

The National Interagency Fire Center provides daily updates on wildfires occurring in the United States.

List the security features offered by the Network layer of the OSI model

The Network layer (layer 3) offers confidentiality, authentication, and integrity

What is a is a vendor-neutral platform for developing and implementing enterprise architectures. It focuses on effectively managing corporate data through the use of metamodels and service-oriented architecture (SOA)

The Open Group Architecture Framework

Standard includes requirements that merchants promptly report incidents affecting the security of credit card information?

The Payment Card Industry Data Security Standard

what is PCI DSS

The Payment Card Industry Data Security Standard includes requirements that merchants promptly report incidents affecting the security of credit card information.

what is Failure Resistant Disk Systems (FRDSs), Failure Tolerant Disk Systems, and Disaster Tolerant Disk Systems?

The RAID Advisory Board defined three classifications of RAID

Remember : The maximum key size on Rijndael is 256 bits

The Rijndael algorithm is a new generation symmetric block cipher that supports key sizes of 128, 192 and 256 bits, with data handled in 128-bit blocks - however, in excess of AES design criteria, the block sizes can mirror those of the keys.

what is an SOC-2 report?

The SOC 2 report focuses on a business's non-financial reporting controls as they relate to security, availability, processing integrity, confidentiality, and privacy of a system

What was approved for use by the US government in Federal Information Processing Standard FIPS 185, the Escrowed Encryption Standard (EES)?

The Skipjack algorithm

What model is based on defining a set of system states, initial states, and state transitions. Through the use of and limitations to only these predetermined secure states, integrity is maintained and interference is prohibited?

The Sutherland model is based on the idea of defining a set of system states, initial states, and state transitions. Through the use of and limitations to only these predetermined secure states, integrity is maintained and interference is prohibited.

The TCB has which of the following?

The TCB is defined in the Orange Book or Trusted Computer System Evaluation Criteria The TCB does includes the combination of all hardware, firmware and software responsible for enforcing the security policy. As the level of trust increases the level of scrutiny required during evaluation increases as well

What scan sends an ______ packet, simulating a packet from the middle of an already established connection?

The TCP ACKNOWLEDGEMENT PACKET

What can be described as the total protection mechanisms inside the computer, including hardware, firmware and software?

The Trusted Computing Base (TCB) is defined as the total combination of protection mechanisms within a computer system. The TCB includes hardware, software, and firmware. These are part of the TCB because the system is sure that these components will enforce the security policy and not violate it.

What was developed by Bruce Schneier, uses prewhitening and postwhitening?

The Twofish algorithm

What algorithm, developed by Bruce Schneier, uses prewhitening and postwhitening?

The Twofish algorithm, developed by Bruce Schneier, uses prewhitening and postwhitening.

What is the Uniform Computer Information Transactions Act on Software Licensing?

The Uniform Computer Information Transactions Act provides a framework for the enforcement of shrink‐wrap and click‐wrap agreements by federal and state governments.

what enterprise architecture provide six frameworks for providing information security asking what how where who when and why through a frame work matrix?

The Zachman framework

What is the best example of managing the Security Function?

The act of performing a risk assessment to drive the security policy is the clearest and most direct example of management of the security function

The ___________software development methodology prioritizes flexible development that emphasizes responding to change over following a plan.

The agile methodology

What phase of a business impact assessment calculates the ARO for a given risk scenario?

The annualized rate of occurrence (ARO) is a measure of how many times a risk might materialize in a typical year. It is a measure of risk likelihood.

Which of the following statements pertaining to key management is INCORRECT? a. The more a key is used, the shorter its lifetime should be. b. Keys should be backed up or escrowed in case of emergencies. c. When not using the full keyspace, the key should be extremely random. d. A key's lifetime should correspond with the sensitivity of the data it is protecting

The answer is C: When not using the full keyspace, the key should be extremely random. "When not using the full keyspace, the key should be extremely random." The truth is totally the opposite. You should always use the full key sprectrum or else you cannot claim to have randomness if you make use of only a subset of the keys.

What is the MOST important aspect relating to employee termination?

The appropriate company staff are notified about the termination.

What is a spoofing attack

The attacker pretends to be someone or something other than whom or what they are. They can spoof identities, IP addresses, email addresses, and phone numbers. They often replace the valid source and/or destination IP address and node numbers with false ones

Remember System Development Lifecycle (SDLC) is Security Accreditation Obtained during Testing and evaluation control

The basic phases of SDLC are: Project initiation and planning Functional requirements definition System design specifications Development and implementation Documentation and common program controls Testing and evaluation control, (certification and accreditation) Transition to production (implementation)

What process consist of limits set on the memory addresses and resources it can access?

The bounds state or define the area within which a process is confined.

How would you determine the cardinality of a database table?

The cardinality of a database table is the number of records (or rows) in that table.

The opposite of the top-down approach is the bottom-up approach. In a bottom-up approach environment, the IT staff makes security decisions directly without input from senior management. The bottom-up approach is rarely used in organizations and is considered problematic in the IT industry.

The change control process of configuration or change management has several goals or requirements: Implement changes in a monitored and orderly manner. Changes are always controlled. A formalized testing process is included to verify that a change produces expected results. All changes can be reversed also known as backout or rollback plans/procedures.

What is a private cloud?

The cloud infrastructure is provisioned for exclusive use by a single organization comprising multiple consumers (e.g., business units). It may be owned, managed, and operated by the organization, a third party, or some combination of them, and it may exist on or off premises.

what hides a message inside of a longer message. For example, every sixth word within a document can be used to spell out a secret message within that document.

The concealment cipher

What is a concealment cipher?

The concealment cipher hides a message inside of a longer message. For example, every sixth word within a document can be used to spell out a secret message within that document.

In the Bell-LaPadula model, the Star-property is also called:

The confinement property

What is a mechanism that allows an entity into an application by bypassing access controls?

The correct answer is trapdoor. Trapdoor also referred to as backdoor or maintenance hook is a mechanism that allows an entity into an application by bypassing access controls.

Which of the following statements pertaining to block ciphers is incorrect? a. Plain text is encrypted with a public key and decrypted with a private key. b. It is more suitable for software than hardware implementations. c. It operates on fixed-size blocks of plaintext. Some Block ciphers can operate internally as a stream d. Some Block ciphers can operate internally as a stream

The correct answer is: A Plain text is encrypted with a public key and decrypted with a private key. Block ciphers do not use public cryptography (private and public keys). Block ciphers is a type of symmetric-key encryption algorithm transforms fixed-size block of plaintext unencrypted text data into a block of ciphertext (encrypted text) data of the same length. They are appropriate for software implementations and can operate internally as a stream.

Which type of Firewall typically operates at the session layer of the OSI model? A. Circuit-Level Gateway Firewall B host-based firewall C. Bastion Host Firewall D. Packet Filtering Firewall

The correct answer is: A. Circuit-Level Gateway Firewall Circuit-Level gateway firewalls operate at the session layer of the OSI model or the TCP layer of the DoD TCP/IP Model. They monitor TCP handshake traffic between hosts to determine whether a request session is legitimate.

Which of the following BEST describes what a SQL Injection is? a. It is an attack used to gain unauthorized access to a database. b. It is a Man-in-the-Middle attack between your SQL Server and Web App Server c. It is an attack involving insecure database encryption d. It is an attack that disconnects the SQL server from its internal network

The correct answer is: A. It is an attack used to gain unauthorized access to a database. it's an attempt to get the web application to pass a rogue SQL query to the database for malicious intent.

Which of the following standard was developed in order to protect against fraud in electronic fund transfers (EFT) by ensuring the packets are coming from its claimed originator and that it has not been altered in transmission?

The correct answer is: A. Message Authentication Code (MAC) protect against fraud in electronic fund transfers (EFT), the Message Authentication Code (MAC), ANSI X9.9, was developed. The MAC is a check value, which is derived from the contents of message itself

What attack would you be seeing if the offset bits in an IP Header overlapped with the value of previously sent packets? A. Teardrop Attack B. LAND Attack C. Null Scan D. XMas Tree Scan

The correct answer is: A. Teardrop Attack The Teardrop attacks involve sending IP Fragments which have overlapping fragment offset numbers so that when the victim's computer tries to reassemble the IP frags into the intended file the target crashes. It doesn't know how to handle the improperly-numbered fragments.

Which of the following is most likely to be useful in detecting intrusions? Access control lists Information security policies Audit trails Security labels

The correct answer is: Audit trails If audit trails have been properly defined and implemented, they will record information that can assist in detecting intrusions.

An incremental backup process a. Backs up the files that been modified since the last full backup. It does not change the archive bit value. b Backs up all the files that have changed since the last full or incremental backup and sets the archive bit to 0. c. Backs up all the data and changes the archive bit to 0. c. Backs up all the data and changes the archive bit to 1

The correct answer is: B Backs up all the files that have changed since the last full or incremental backup and sets the archive bit to 0.

Which of the following terms can be described as the process to conceal data into another file or media in a practice known as security through obscurity? a. NTFS ADS b. Encryption c. Steganography d. ADS - Alternate Data Streams

The correct answer is: C Steganography It is the art and science of encoding hidden messages in such a way that no one, apart from the sender and intended recipient, suspects the existence of the message or could claim there is a message.

What is the MAC-Based technical security measure used to protect access to the physical network infrastructure?A A. PKI B. 802.1X C. Port Security D. EAP

The correct answer is: C. Port Security Port Security or commonly known as switchport security is a method of controlling access to network media. Notably, a mechanism called VMPS - VLAN Membership Policy Server is a way to prevent unknown MAC Addresses from connecting to your network.

What do you call a user interface that limits the functions that can be selected by a user?

The correct answer is: Constrained user interfaces Constrained user interfaces limit the functions that can be selected by a user. Another method for controlling access is by restricting users to specific functions based on their role in the system.

Which of the following statements pertaining to IPSec is incorrect? a. In transport mode, ESP only encrypts the data payload of each packet. b. ESP provides for integrity, authentication and encryption to IP datagrams. c. Integrity and authentication for IP datagrams are provided by AH. d. A security association has to be defined between two IPSec systems in order for bi-directional communication to be established

The correct answer is: D. A security association has to be defined between two IPSec systems in order for bi-directional communication to be established. This is incorrect, there would be a pair of Security Association (SA) needed for bi directional communication and NOT only one SA. The sender and the receiver would both negotiate an SA for inbound and outbound connections.

Which of the following is a form of Hybrid Cryptography where the sender encrypts the bulk of the data using Symmetric Key cryptography and then communicates securely a copy of the session key to the receiver? A. Asymmetric B. Symmetric key encryption C. Digital Envelope D. Digital Signature

The correct answer is: D. Digital Envelope A Digital Envelope is used to send encrypted information using symmetric keys, and the relevant session key along with it. It is a secure method to send electronic document without compromising the data integrity, authentication and non-repudiation, which were obtained with the use of symmetric keys

What would you call a person that uses his skills for defensive purpose? Phreaker Cracker Ethical Hacker Hacker

The correct answer is: Ethical Hacker The term Ethical Hacker refers to a person who is using his skills for defensive purpose.

Which of the following statements pertaining to quantitative risk analysis is FALSE? A. It requires a high volume of information B. It involves complex calculations C. It requires little experience to apply D. Portion of it can be automated

The correct answer is: It requires little experience to apply Assigning the values for the inputs to a purely quantitative risk assessment requires both a lot of time and significant experience on the part of the assessors. The most experienced employees or representatives from each of the departments would be involved in the process. It is NOT an easy task if you wish to come up with accurate values.

Which of the following alternative business recovery strategies would be LEAST reliable in a large database and on-line communications network environment where the critical business continuity period is 7 days ? Hot site Reciprocal agreement Warm site Redundant or Alternate Site

The correct answer is: Reciprocal Agreement Since Reciprocal Agreement cannot be enforced, a reciprocal agreement is the least reliable solution for business recovery. It is always the worst choice as they cannot be trusted and are unreliable.

The IP header contains a protocol field. If this field contains the value of 6, what type of data is contained within the ip datagram? UDP. IGMP. TCP. ICMP.

The correct answer is: TCP. If the protocol field has a value of 6 then it would indicate it was TCP. The protocol field of the IP packet dictates what protocol the IP packet is using. TCP=6, ICMP=1, UDP=17, IGMP=2

What is called an event or activity that has the potential to cause harm to the information systems or networks? Threat Weakness Vulnerability Threat agent

The correct answer is: Threat: An event or activity that has the potential to cause harm to the information systems or networks.

Secure Shell (SSH-2) provides all the following services except: a. port forwarding b. user authentication c. command execution d. secure remote login

The correct answer is: a. User authentication This is one of the tricky negative question. You have to pay close attention to the word EXCEPT within the question. Authentication in this protocol level is host-based not user based The SSH transport layer is a secure, low level transport protocol. It provides strong encryption, cryptographic host authentication, and integrity protection and it does provide port forwarding

Which are the two primary types of scanner used for protecting against Malware? a. Active and passive Scanner b. Malware mask/signatures and Heuristic Scanner c. None of the above d. Behavioral Blockers and immunizer Scanner

The correct answer is: b. Malware mask/signature and Heuristic Scanner

Which of the following protocols would BEST mitigate threats of sniffing attacks on web application traffic? a. SSH - Secure Shell b. SSL or TLS c. 802.1X d. ARP Cache Securit

The correct answer is: b. SSL or TLS While it traverses the network, without some sort of encryption of web application data is vulnerable to sniffing and interception by attackers on the network. If we observe sniffer traffic on an unencrypted network we can clearly see the contents of user interaction with the web server and its applications

In Operations Security trusted paths provide: a. trustworthy integration into integrity functions. b. trustworthy interfaces into priviledged MTBF functions. c. trustworthy interfaces into priviledged user functions. d. trusted access to unsecure paths.

The correct answer is: c. trustworthy interfaces into priviledged user functions "Trusted paths provide trustworthy interfaces into privledged user functions and are intended to provide a way to ensure that any communications over that path cannot be intercepted or corrupted."

Which of the following is the most important consideration in locating an alternate computing facility during the development of a disaster recovery plan? a. It is convenient to airports and hotels. b. It is close enough to serve its users. c. It is close enough to become operational quickly. d. It is unlikely to be affected by the same disaster

The correct answer is: d It is unlikely to be affected by the same disaster. You do not want the alternate or recovery site located in close proximity to the original site because the same event that create the situation in the first place might very well impact that site also.

A cryptanalyst choose a piece of ciphertext and attempt to obtain the corresponding decrypted plaintext. What is the least effective attack of a public-key cryptosystem? a. Ciphertext-only attack b. Plaintext Only Attack c. Adaptive-Chosen-Plaintext attack d. Chosen-Ciphertext attack

The correct answer is: d. Chosen Ciphertext attack A chosen-ciphertext attack is one in which cryptanalyst may choose a piece of ciphertext and attempt to obtain the corresponding decrypted plaintext.

Under the physical access controls which control category would you use to describe a fire extinguisher?

The correct response is corrective. Under the physical access control type a fire extinguisher would be considered a corrective control. The goal of corrective actions are to remedy circumstances and mitigate damage.

The layer that adds a 'trailer' (containing checksum and padding if needed) to the end of a data frame, is the ___ layer. network transport session data link

The data link layer adds a trailer at the end of the frame

Who is the person who has ultimate organizational responsibility for data. The owner is typically the CEO, president, or a department head. Data owners identify the classification of data and ensure that it is labeled properly?

The data owner

who is is the person responsible for classifying, labeling, and protecting data?

The data owner

the common applications of cryptography to secure web activity

The de facto standard for secure web traffic is the use of HTTP over Transport Layer Security TLS or the older Secure Sockets Layer (SSL). many websites are dropping support for SSL due to security concerns

Which are the set of allowable values that an attribute can take?

The domain of a relation is the set of allowable values that an attribute can take.

What algorithm depends on the elliptic curve discrete logarithm problem and provides more security than other algorithms when both are used with keys of the same length?

The elliptic curve algorithm

What is the amount of damage that the risk poses to the asset?

The exposure factor

what step is the prioritize the allocation of business continuity resources to the various identified risks and assessed in the preceding tasks of the BIA?

The final step of the BIA

Explain the steps of the business impact assessment process.

The five steps of the business impact assessment process are identification of priorities, risk identification, likelihood assessment, impact assessment, and resource prioritization.

What are the four layers of the TCP/IP protocols, and how do they relate to the OSI model layers?

The four layers of TCP/IP are Application layers 5-7 of OSI, Transport layer 4 of OSI, Internet layer 3 of OSI, and Link layers 1 and 2 of OSI.

What is a network device that works at the Application layer. However, an Application layer gateway is a very specific type of component. It serves as a protocol translation tool. For example, an IP-to-IPX gateway takes inbound communications from TCP/IP and translates them over to IPX/SPX for outbound transmission?

The gateway

What is the goal of a business continuity program?

The goal of a business continuity program is to ensure that recovery time objectives are shorter than maximum tolerable downtime measures.

What is the primary goal of a Business Continuity Plan?

The goal of the BCP process is to ensure that your RTOs are less than your MTDs, resulting in a situation in which a function should never be unavailable beyond the maximum tolerable downtime

Remember this: secuirty policy is a formal statement of the rules that people who are given access to an organization's technology and information assets must abide. The policy communicates the security goals to all of the users, the administrators, and the managers.

The goals will be largely determined by the following key tradeoffs: services offered versus security provided, ease of use versus security, and cost of security versus risk of loss.

What action usually closes the identification phase of incident response

The identification phase usually concludes with the notification of the incident response team.

What is an ARP attack

The modification of ARP mappings. When ARP mappings are falsified, packets are not sent to their proper destination. ARP mappings can be attacked through spoofing. Spoofing provides false MAC addresses for requested IP addressed systems to redirect traffic to alternate destinations

Stealth viruses alter operating system file access routines so that when an antivirus package scans the system, it is provided with the information it would see on a clean system rather than with infected versions of data.

The modified waterfall process differs from the standard waterfall process by adding validation and verification phases.

What is the difference from the standard waterfall process by adding validation and verification phases?

The modified waterfall process differs from the standard waterfall process by adding validation and verification phases.

In system high mode, all users have appropriate clearances and access permissions for all information processed by the system but need to know only some of the information processed by that system.

The most commonly overlooked aspect of mobile phone eavesdropping is related to people in the vicinity overhearing conversations (at least one side of them). Organizations frequently consider and address issues of wireless networking, storage device encryption, and screen locks.

What controls access and the use of system resources in preemptive multitasking mode?

The operating system--Operating systems that use preemptive multitasking run the show, and one application does not negatively affect another application as easily.

what would be the most effective method of identifying illegal software packages loaded to the network?

The periodic checking of hard drives would be the most effective method of identifying illegal software packages loaded to the network.

to perform the cost/benefit analysis of a safeguard, you must calculate the following three elements:

The pre-countermeasure ALE for an asset-and-threat pairing The post-countermeasure ALE for an asset-and-threat pairing The Annual Cost of the Safeguard

The primary role of the certificate authority (CA) in the communication process is to:

The primary activity of a CA is to issue certificates. The primary role of the CA is to check the identity of the entity owning a certificate and to confirm the integrity of any certificate it issued.

Protection profiles used in the Common Criteria evaluation process contain five elements. the following establishes the type and intensity of the evaluation?

The protection profile contains the set of security requirements, their meaning and reasoning, and the corresponding evaluation assurance level (EAL) rating that the intended product will require

Remote authentication dial-in user service centralizes authentication for remote connections it is used when organization has more than one network access server.

The radius server is used to verify authentication authorization_track accounting. The radius uses user datagram protocol UDP any encrypts only the exchange of the password --it doesn't encrypt the entire session. It is defined in RFC 2865

_________represents the point in time, prior to such an event or incident, to which lost data can be recovered (given the most recent backup copy of the data

The recovery point objective

______is the maximum acceptable level of data loss following an unplanned "event", like a disaster (natural or man-made), act of crime or terrorism, or any other business or technical disruption that could cause such data loss. The RPO represents the point in time, prior to such an event or incident, to which lost data can be recovered,

The recovery point objective (RPO)

This portion of the BCP documentation essentially recaps the decision-making process undertaken during the business impact assessment is what?

The risk assessment portion

remember this There are two types of cyber squatting. The first type is when a person registers a similar domain name as an official source such as a commonly misspelled version of a trademark. The cyber squatter then redirects traffic to his own domain.

The second type a person registers a domain doesn't use it but refuses to sell it to anyone unless it's for a high price.

What correctly describes the relationship between the reference monitor and the security kernel?

The security kernel implements and enforces the reference monitor. The reference monitor is an access control concept implemented and enforced by the security kernel via the hardware, software, and firmware. The security kernel ensures that subjects have the appropriate authorization to access the objects they are requesting.

Understand the seven Safe Harbor principles what are they?

The seven principles are notice, choice, onward transfer, security, data integrity, access, and enforcement.

What are thethe seven Safe Harbor principles?

The seven principles are notice, choice, onward transfer, security, data integrity, access, and enforcement.

remember this: The TOCTTOU acronym expands to "Time Of Check To Time Of Use". It is a type of File Access Race Condition.

The software checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check causingf the software to perform invalid actions when the resource is in an unexpected state.

what is really serious criteria in the assignment of a classification label?

The source or origin of a resource.

what is considered a meta-model?

The spiral model. A spiral model uses multiple iterations of the waterfall model.

The DRP plan covers actions to be taken when a disaster occur but DRP PLANNING which is the keywork in the question would also include steps that happen before you use the plan such as development of the plan, training, drills, logistics, and a lot more

The star property (read "star"-property) - a subject at a given security level must not write to any object at a lower security level no write-down. The star property is also known as the Confinement property

What reflects the criticality of the BCP to the organization's continued viability.

The statement of importance--This document is a letter to the organization's employees stating the reason that the organization devoted significant resources to the BCP development process and requesting the cooperation of all personnel in the BCP implementation phase

Which task of BCP bridges the gap between the business impact assessment and the continuity planning phases?

The strategy development task bridges the gap between business impact assessment and continuity planning by analyzing the prioritized list of risks developed during the BIA and determining which risks will be addressed by the BCP.

The security of a computer application is most effective and economical when?

The system is originally designed to provide the necessary security. It is also much more efficient if security is addressed in each phase of the development cycle rather than an add-on because it gets more complicated to add at the end

Who ensures that the system is labeled accurately and that appropriate security controls are in place to protect the data?

The system owner

Who should measure the effectiveness of Information System security related controls in an organization?

The systems auditor -It is the systems auditor leads the effort ensuring security controls in place verify effectively controls comply with polices, procedures, laws, and applicable regulations. The findings would are sent to senior management.

802.15 is what as it applies to wireless technology?

The term personal area network is most closely associated with wireless technology & creates personal area networks PANs such as personal area networks

The return of company property, disabling network access, an exit interview, and an escort from the property.

The termination procedure

with software testing approaches the test plan should what?

The test plan and results should be retained as part of the system's permanent documentation

what is security information and event time management?

The tools provide real-time analysis of events occurring on systems throughout an organization they include agents install the remote systems that monitor for specific events known as alarm triggers

The tranquility principle of the Bell-LaPadula model?

The tranquility principle of the Bell-LaPadula model states that the classification of a subject or object does not change while it is being referenced.

Name the three types of subjects and their roles in a security environment

The user accesses objects on a system to perform a work task; the owner is liable for protection of data; the data custodian is assigned to classify and protect data

What is a virtual directory?

The virtual directory periodically synchronizes itself with all of the identity stores individual network directories to ensure the most up-to-date information is being used by all applications and identity management components within the enterprise.

________states where critical business records will be stored and the procedures for making and storing backup copies of those records.

The vital records program

what allows the development process to return only to the immediately preceding phase of development at any given time.

The waterfall model

There are 34 control objectives or high level processes in what control objective?

There are 34 control objectives in COBIT 4.x

There are three contemporary forms of cryptography. What are they?

There are three contemporary forms of cryptography.

Block ciphers--how are they used as a symmetric-key encryption algorithm?

They transforms a fixed-size block of plaintext unencrypted text data into a block of ciphertext --encrypted text data of the same length. They are appropriate for software implementations and can operate internally as a stream.

CISSP Exam Prep 2016 Maliciously altering the routing data in the routing tables is called Routing Table ___. defacement spoofing hijacking poisoning

This attack results in wrong entries in the routing tables and is known as 'Routing Table Poisoning'

What markup language allows for the sharing of application security policies to ensure that all applications are following the same security rules?

This can happen through eXtensible Access Control Markup Language (XACML). XACML is a markup language and processing model that is implemented in XML. It declares access control policies and describes how to interpret them.

What is Nessus?

This is a network vulnerability scanning tool that searches systems for known vulnerabilities

What firewall has speed and flexibility, as well as capacity to block some denial-of-service and related attacks, makes them ideal for placement at the outermost boundary with an untrusted network?

This is an important point with packet filtering firewalls

When a biometric system rejects an authorized individual, what type of error is this? it is called a Type I error (false rejection rate).

This is called a Type I error false rejection rate.

Which is RAID-1

This is called mirroring. All the data is written to at least two separate disks. If one fails, the other can be used to retrieve data. RAID-1 requires two physical disks

What type of error is a percentage of invalid subjects that are falsely accepted in a biometric system? is called the False Acceptance Rate FAR or Type II Error.

This is called the False Acceptance Rate (FAR) or Type II Error.

Changing the 'index.html' page of a website on a web server without proper authorization, usually to something malicious, is known as web ___. hijacking cloaking defacement vandalism

This is known as the Website defacement att

When possible, operations controls should be invisible, or transparent, to users.

This keeps users from feeling hampered by security and reduces their knowledge of the overall security scheme, thus further restricting the likelihood that users will violate system security deliberately.

RAID Level 0 creates one large disk by using several disks what is this called?

This process is called striping.

Which of these methods does the 'Accent Keyword Extractor' use for attacking passwords? Dictionary Attack None of the above Brute Force Cracking Password guessing

This program loads an Internet page and extracts keywords and uses them as possible passwords

What is NIST in Special Publication 800-37?

This publication provides guidelines for applying the Risk Management framework to federal information systems

_________are accidental or intentional exploitations of vulnerabilities.

Threat events

In a Public Key Infrastructure, how are public keys published

Through digital certificates.

What can best define the "revocation request grace period?"

Time period between the arrival of a revocation request and the publication of the revocation information.

explain total risk?

Total risk is the amount of risk an organization would face if no safeguards were implemented. To calculate total risk, use this formula: threats * vulnerabilities * asset value = total risk.

The National Information Infrastructure Protection Act extends protections to portions of the national infrastructure other than computing systems, such as railroads, gas pipelines, electric power grids, and telecommunications circuits.

Traffic analysis and trend analysis are forms of monitoring that examine the flow of packets rather than the actual content.

What is Traffic Padding?

Traffic padding is a countermeasure to traffic analysis.

A new employee will require what type of awareness of IT Security in the workplace so they will be able to comply with all standards, guidelines, and procedures mandated by the security policy?

Training

What is a characteristic or service that is unseen by users?

Transparency

Which layer is responsible for data transmission and error detection in the OSI model?

Transport layer

In IP Sec, what is themost common mode of operation and is required for gateway-to-gateway and host-to-gateway communications?

Transport mode is established when the enpoint is a host. If the gateway in a gateway-to-host communication was to use transport mode, it would act as a host system, which is acceptable for direct protocols to that gateway. Otherwise, TUNNEL mode is required for gateway services...

________________is generated by the difference in power between the hot and neutral wires of a power source or operating electrical equipment

Traverse mode noise

is generated by the difference in power between the hot and neutral wires of a power source or operating electrical equipment?

Traverse mode noise

A _ is software that functions partially as a proprietary software that can be used without payment.

Trialware

_________uses 56-bit keys but newer implementations use 112-bit or 168-bit keys. Larger keys provide a higher level of security.?

Triple DES

What encrypts a message three times.

Triple DES This encryption can be accomplished in several ways. The most secure form of triple DES is when the three encryptions are performed with three different keys.

A polyalphabetic cipher is any cipher based on substitution, using multiple substitution alphabets. The Vigenère cipher is probably the best-known example of a polyalphabetic cipher, though it is a simplified special case.

Triple DES with three distinct keys is the most secure form of triple-DES encryption. It can either be DES-EEE3 encrypt-encrypt-encrypt or DES-EDE3 encrypt-decrypt-encrypt.

tools can notify you of the possibility of something suspicious in your computer? None of these tcpdump Wireshark Tripwire

Tripwire directly reveals information about something suspicious occurring. While useful for detecting intrusions after the event, it can also serve many other purposes, such as integrity assurance, change management, and policy compliance.

What is a code that appears to have some useful purpose but also contains code that has a malicious or harmful purpose imbedded in it?

Trogan

What is the theft refers to a situation where someone obtains key pieces of personal information such as a credentials, or Social Security number, and then uses that information to impersonate someone else?

True name identity theft

What is trusted recovery?

Trust to recovery provide for services after failure or crash the system is just as secure as it was before the failure or crash occurred

What is tunneling?

Tunneling is the encapsulation of the protocol deliverable message within a second protocol. The second protocol often performs encryption to protect the message contents.

What are most appropriate on secondary or side exits where a security guard is not available or is unable to maintain constant surveillance?

Turnstiles

cable technology refers to the CAT3 and CAT5 categories?

Twisted Pair cables

to achieve added security over DES 3DES must use how many keys?

Two

The Graham-Denning model is focused on the secure creation and deletion of both subjects and objects.

Ultimately, Graham-Denning is a collection of eight primary protection rules or actions (listed in the question) that define the boundaries of certain secure actions.

RFC 1918 describes the range of unroutable addresses; regarding unroutable addresses.

Unroutable addresses can access the internet using PAT. Unroutable addresses can access the internet using NAT.

What is a disadvantage to SSO?

User gains unrestricted access to all the authorized resources

This is basic mode used by the CPU when executing user applications. In this mode, the CPU allows the execution of only a portion of its full instruction set. This is designed to protect users from accidentally damaging the system through the execution of poorly designed code or the unintentional misuse of that code.

User mode

What is is the basic mode used by users?

User mode is the basic mode used by the CPU when executing user applications. The CPU allows the execution of only a portion of its full instruction set. This is designed to protect users from accidentally damaging the system through the execution of poorly designed code or the unintentional misuse of that code.

The change control process of confi guration or change management also

Users are informed of changes before they occur to prevent loss of productivity The effects of changes are systematically analyzed The negative impact of changes on capabilities, functionality, and performance is minimized and approved by a CAB (change approval board).

In the public key infrastructure, certificate authorities (CAs) generate digital certificates containing the public keys of system users.

Users then distribute these certificates to people with whom they want to communicate. Certificate recipients verify a certificate using the CA's public key

Symmetric key uses how many keys?

Uses the same key for communication in any direction

What refers to those that can be performed manually but only for a brief period of time; this is associated with lower costs of disruption than critical functions?

Vital function

What introduces network-specific vulnerabilities to voice communications?

Voice over IP (VoIP)

what is is computer memory that requires power to maintain the stored information; it retains its contents while powered on but when the power is interrupted the stored data is lost very rapidly or immediately?

Volatile memory, contrary to non-volatile memory, is computer memory that requires power to maintain the stored information; it retains its contents while powered on but when the power is interrupted the stored data is lost very rapidly or immediately. RAM is an example.

______________replaces TKIP (used by the original WPA) with AES cryptography

WPA2

What servers would you typically find in the DMZ?

Web server E-mail server Hyper-V server

What means that it is happening in both directions instead of just the user having to authenticate to the server the server also has to authenticate to the user?

What is Mutual authentication

What is a Polymorphic Code?

What is a virus code that can change or mutate itself so that the originalis not detected by the antivirus scanner BUT the virus can still carry out it's malicious activity?

What is NIST SP 800-18?

What outlines the following responsibilities for the information owner, which can be interpreted the same as the data owner &rules of behavior," which is effectively the same as an acceptable usage policy (AUP)

When will Training occur?

When a new employee arrives so they will be able to comply with all standards, guidelines, and procedures mandated by the security policy?

a router for evidence, which of the following actions should NOT be performed? Running show commands All of these Running configuration commands Accessing router through console

When an attack occurs, 'configuration' commands should not be executed in order not to change anything

what is a Multilevel security mode system?

When there is no requirement that all users have appropriate clearances to access information processed on a system?

What are the problems with password generators?

While password generators protect against dictionary attacks they often force users to write down the password which creates a new vulnerability having an office full of sticky notes with scribbled passwords is an attractive atmosphere for a potential hacker

Purchasing a single certificate for each of your domains and subdomains can be an expensive proposal but you can purchase a type of certificate called?

Wildcard Certificate.

What is Dynamic translation?

With dynamic translation also called Automatic, Hide Mode, or IP Masquerade, a large group of internal clients to share a single or small group of ROUTABLE IP addresses for the purpose of hiding their identities when communicating with external hosts or expanding the internal network address

In this Block Cipher method of encoding, the user simply encodes the message by reordering the plaintext in some way or the user scrambles the message by reordering the plaintext. What is this method called?

With the transposition method of block cipher, the user simply encodes the message by reordering the plaintext in some way are shifted according to a regular system, so that the ciphertext constitutes a permutation of the plaintext. That is, the order of the units is changed

Job descriptions are essential to user and personnel security. job description does a background check have true meaning.

Without a job description, auditing and monitoring cannot determine when a user performs tasks outside of their assigned work. Without a job description, administrators do not know what level of access to assign via DAC.

Remember: Current copyright law provides for a very lengthy period of protection. Works by one or more authors are protected until 70 years after the death of the last surviving author.

Works for hire and anonymous works under copyright law are provided protection for 95 years from the date of first publication or 120 years from the date of creation, whichever is shorter

What is X.500

X. 500 standard, and a type of protocol, as in Lightweight Directory Access Protocol (LDAP), that allows subjects and applications to interact with the directory.

______is an ITU-T standard protocol suite for packet switched wide area network WAN communication?

X.25 X.25 is a packet switching technology which uses carrier switch to provide connectivity for many different networks.

What is a series of computer networking standards covering electronic directory services?

X.500

What is a standard and a type of protocol, as in Lightweight Directory Access Protocol (LDAP), that allows subjects and applications to interact with the directory.

X.500

What is the The Zachman Architecture Framework ?

Zachman Framework is used to create a robust enterprise architecture, not a security architecture, technical or not. The framework is not security specific.

What confirms that an individual possesses certain factual knowledge without revealing the knowledge?

Zero-knowledge

What is the concept of zero-knowledge proof?

Zero-knowledge proof is a communication concept. A specific type of information is exchanged but no real data is transferred, as with digital signatures and digital certifi cates.

what is 802.1x?

a MAC-Based security measure. 802.1X or "dot1x" is certificate-based and each device that wants to talk on the network must have a valid certificate.

RAID 1+0 or RAID 10

a combination of disk mirroring & stripping -no parity-requires a minimum of four disks

Solid State Drive

a combination of flash memory EEPROM and DRAM

What is a likelihood Assessment?

a comprehensive list of the events that can be a threat to an organization.

What is electronic vaulting?

a method of transferring bulk information to off-site facilities for backup purposes

What is Message Switching?

a mode of data transmission in which a message is sent as a complete unit and routed though intermediate nodes at which it is stored and then forwarded.

What is the main concern with Single Sign On?

a password can be compromised and a password would allow an intruder to have access to all systems.

Smart cards are:

a plastic card with a built-in microprocessor, used typically for electronic processes such as financial transactions and personal identification.

What is Concurrency?

a preventive security mechanism that endeavors to make certain that the information stored in the database is always correct or at least has its integrity and availability protected.

what is a column or a combination of columns that uniquely identify a record?

a primary key

What is an electronic document which incorporates a digital signature to bind together a _____________— information such as the name of a person or an organization, their address, and so forth. The certificate can be used to verify that a public key belongs to an individual.

a public key certificate or identity certificate

What is a Service organization control SOC report?

a report that verify\ies the security, privacy, and availability controls, through the SOC-2 or SOC-3 report

The Simple Security Property states that

a subject may not read information at a higher sensitivity level no read up.

What is Data Manipulation Language DML?

a subset of SQL containing the commands used to interact with data

What is Screen scraping

a technology that can allow an automated tool to interact with a human interface

What is a Multipartite Virus?

a virus spreads by multiple methods

___________is used to collect similar elements into groups, classes, or roles that are assigned security controls, restrictions, or permissions

abstraction

what is an abstraction?

abstraction hides the unnecessary details from user abstraction provides a way to manage complexity.

What is a threat event

accidental or intentional exploitations of vulnerabilities.

The sequence of steps of an attack methodology is?

acquisition analysis access appropriation

What methodology prioritizes flexible development that emphasizes responding to change over following a plan?

agile software development methology

What is Automatic Call distribution?

allows a PBX to be configured so that incoming calls are distributed to the next available agent or placed on-hold until one become available

What is an EEPROM chip

allows for "flash" updates when the BIOS needs revision.

What is a lattice based access control?

allows security controls for complexed environments. It is a complex access control model based on the interaction between any combination of objects and subjects

What is the The waterfall model?

allows the development process to return only to the immediately preceding phase of development at any given time.

What is a pseudorandom number generator?

also known as a deterministic random bit generator DRBG algorithm generating a sequence of numbers whose properties approximate the properties of sequences of random numbers. PRNG-generated sequence is not truly random, because it is completely determined by a relatively small set of initial values, called the PRNG's

remember this when intruder is detected by an IDS they are transferred to a padded cell. The transfer of the intruder into a padded cell is performed automatically without informing the intruder that the change has occurred.

also note padded acells are used to detain intruders not to detect vulnerabilities

What is Point to Point protocol?

an encapsulation protocol designed to support IP traffic over dial up connections?

what is a threat agent?

an entity that can exploit a vulnerability

What is a behavior-based intrusion detection system?

an expert system or a pseudo-artificial intelligence system because it can learn and make assumptions about events. In other words, the IDS can act like a human expert by evaluating current events against known events?

To fully evaluate risks and subsequently take the proper precautions, you must?

analyze the following: assets, asset valuation, threats, vulnerability, exposure, risk, realized risk, safeguards, countermeasures, attacks, and breaches

What is is an element of quantitative risk analysis that represents the expected frequency with which a specific threat or risk will occur in other words, become realized within a single year?

annualized rate of occurrence or ARO

packet filtering gateways are appropriate for:

appropriate choice for a low-risk environment

the steps of the business impact assessment process are

are identification of priorities, risk identification, likelihood assessment, impact assessment, and resource prioritization

Remember: The pair of elements is the subject and object, and the subject has an upper bound equal or higher than the upper bound of the object being accessed.

are the keystones of most access control systems.

who are Data processors?

are typically third-party entities that process data for an organization

What are Data processors

are typically third-party entities that process data for an organization

What is a backdoor?

are vectors for attackers to bypass security checks, such as authentication--Be wary when someone says something will make computing both easier and more secure.

Who are the necessary members of the business continuity planning team?

at a minimum, representatives from each of the operational and support departments; Deparpment IT technical experts security personnel with BCP skills, legal representatives familiar with corporate legal, regulatory, and contractual responsibilities; and representatives from senior management.

What are distributed reflective denial of service attacks?

attack efforts between cooperative machines using traffic in an entirely legitimate manner

attribute base access control what is it?

attribute based access control model these policies that include multiple attributes for rules many software defined networking applications use attribute based access control.

IPsec includes an Authentication Header (AH) which provides what?

authentication and integrity

What is AAA

authentication, authorization, and accountability - provides nonrepudiation

What is called the access protection system that limits connections by calling back the number of a previously authorized location? a. Sendback systems b. Callback systems c. Sendback forward systems d. Callback forward systems

b. Callback systems Details: The correct answer is: Call back Systems; Callback systems provide access protection by calling back the number of a previously authorized location, but this control can be compromised by call forwarding.

When continuous availability (24 hrs-a-day processing) is required what provides a good alternative to tape backups?

back up to jukebox

Children's Online Privacy Protection Act of 1998

became the law of the land in the United States. COPPA makes a series of demands on websites that cater to children or knowingly collect information from children

Why is a complete quantitative analysis is not possible?

because of intangible aspects of risk. The process involves asset valuation and threat identification and then determining a threat's potential frequency and the resulting damage; the result is a cost/ benefit analysis of safeguards

Why is difficult to defend against distributed denial service attacks?

because of their sophistication and complexity

What labeled an expert system or a pseudo-artificial intelligence system because it can learn and make assumptions about events. In other words, the IDS can act like a human expert by evaluating current events against known events?

behavior-based intrusion detection system

What is a Sensitive function?

best described as those that can be performed manually at a tolerable cost for an extended period of time

what is is a formal state transition system of computer security policy that describes a set of access control rules designed to ensure data integrity. Data and subjects are grouped into ordered levels of integrity?

biba model

When developing a business continuity plan, be sure to account for ________________

both your headquarters location as well as any branch offices. The plan should account for a disaster that occurs at any location where your organization conducts its business.

What are the steps project scope and planning, business impact assessment, continuity planning, and approval and implementation used for?

business continuity planning

What is project scope and planning, business impact assessment, continuity planning, and approval and implementation. Each task contributes to the overall goal of ensuring that business operations continue uninterrupted in the face of an emergency situation.

business continuity planning

Who are the operational and support departments; technical experts from the IT department; security personnel with BCP skills; legal representatives familiar with corporate legal, regulatory, and contractual responsibilities; and representatives from senior management.

business continuity planning team

operational and support department representatives; Deparpment IT technical experts security personnel, legal representatives familiar with corporate legal, regulatory, and contractual responsibilities;and representatives from senior management are what kind of team

business continuity planning team

What are identification of priorities, risk identification, likelihood assessment, impact assessment, and resource prioritization?

business impact assessment

__________assesses the likelihood that each threat will actually occur and the consequences those occurrences will have on the business

business impact assessment

who are the individuals responsible leading the BCP process determine which departments and individuals have a stake in the business continuity plan used as the foundation for BCP team selection and, after validation by the BCP team, is used as a guide the next stages of BCP development.

business organization analysis

How is metadata is created?

by performing data mining.

What is the difference between the OCSP (Online Certificate Status Protocol) and a Certificate Revocation List (CRL)? a. The OCSP (Online Certificate Status Protocol) is used only by Active Directory and a Certificate Revocation List (CRL) is used by Certificate Authorites b. The OCSP (Online Certificate Status Protocol) is a way to check the attributes of a certificate and a Certificate Revocation List (CRL) is used by Certificate Authorites. c. The OCSP (Online Certificate Status Protocol) provides real-time certificate checks and a Certificate Revocation List (CRL) has a delay in the updates. d. The OCSP (Online Certificate Status Protocol) is a propietary certifcate mechanism developed by Microsoft and a Certificate Revocation List (CRL) is an open standard

c. The correct answer is: The OCSP (Online Certificate Status Protocol) provides real-time certificate checks and a Certificate Revocation List (CRL) has a delay in the updates.

What is a Candidate Key?

can be any column or a combination of columns that can qualify as unique key in database

how are threats evaluated?

can originate from numerous sources, including IT, humans, and nature.Threat assessment should be performed as a team effort to provide the widest range of perspectives. By fully evaluating risks from all angles, you reduce your system's vulnerability.

What specifies the access rights a certain subject possesses pertaining to specific objects?

capability table

What is Asynchronous Transfer Mode-ATM which is WAN communication technology at 53 bytes?

cell switching technology

Remember: for type of authentication: Type 1 - Something you know - Authentication by knowledge - password, pin Type 2 - Something you have - Authentication by possession - token, smart card, magnetic card Type 3 - Something you are - Authentication by characteristic - biometics

check for Input or Information Accuracy in Software Development security are the following Range checks Relationship checks Reasonableness checks Transaction limits check

The expanded use of _________by many organizations requires added attention to conducting reviews of information security controls during the vendor selection process and as part of ongoing vendor governance.

cloud services

What is an abstraction?

collects similar elements into groups, classes, or roles that are assigned to security controls, restrictions, or permissions as a collective, It adds efficiency to carry out a security plan

What is a Hybrid environment?

combines both hierarchical and compartmentalized environments so that security levels have subcompartments

What is a Hybrid environments

combines both hierarchical and compartmentalized environments so that security levels have subcompartments.

how do you prevent in access aggregation attack?

combining defense in depth, need to know in Least privilege principles helps prevent access aggregation attacks.

What is no relationship between one security domain and another. each domain represents a separate isolated compartment to gain access to an object?

compartmentalized enviornment

To be secure, the kernel must meet three basic conditions:

completeness all accesses to information must go through the kernel, isolation the kernel itself must be protected from any type of unauthorized access, and verifiability the kernel must be proven to meet design specifications.

what is the primary communication channel on a computer system the communication between the CPU, memory, and input output devices such as the keyboard mouse display

computer bus

What is Multitasking?

concept of performing concurrent actions over a certain period of time by executing them concurrently

What is a model that encompasses three concepts assets, risk, and vulnerability and their interdependent relationship within a structured, formalized organization?

conceptual security triple

What is the Bell La Padula model

concerned with confidentiality and access control is based on classification of objects and clearance of subjects

What is pivotal when vendor selection process and as part of ongoing vendor governance with cloud services?

conducting reviews of information security controls

Encapsulating Security Payload (ESP) in IPSEC to provides?

confidentiality

The first activity in every recovery plan?

damage assessment, immediately followed by damage mitigation.

Assembly Language is a low level language using symbols to represent complicated binary codes and is considered one step above machine language Assembly, machine and High level are the main categories of languages.

data backup plan is completely different from disaster recovery and they are not synonymous. In order to get the best Data backup and DR state of the art recovery systems should be attached to data backup systems.

What is one of the primary methods of protecting the data confidentiality?

data encryption

Who is responsible for classifying, labeling, and protecting data

data owner

What is a data object or a packet in the Network layer?

datagram

How do you mitigate an access aggregation attack?

defense in depth, need to know, and least privilege principle.

What is Key clustering?

defined as an instance of two different keys generating the same ciphertext from the same plaintext

RFC 2828 is what?

defines a digital signature as a value computed with a cryptographic algorithm and appended to a data object in such a way that any recipient of the data can use the signature to verify the data's origin and integrity.

What is ISO 27799? defines guidelines to support the interpretation and implementation in health informatics of ISO/IEC 27002 and is a companion to that standard.

defines guidelines to support the interpretation and implementation in health informatics of ISO/IEC 27002 and is a companion to that standard.

what table represents the number of columns in a table?

degree

What is a Capacitance sensor?

detect an intruder approaching or touching a metal object including a wire by sensing a change in capacitance between the object (or wire) and the ground (another wire). A change in the dielectric medium or electrical charge results in a change in capacitance.

What is a data loss prevention (DLP) server?

detects the labels, and applies the required protection that will automatically set the labels, In other words, Users apply relevant labels (such as confi dential, private, sensitive, and public) to emails before sending them

What is the formula for safeguard evaluation?

determining the annual cost of a safeguard, you must calculate the ALE for the asset if the safeguard is implemented. Use the formula: ALE before safeguard - ALE after implementing the safeguard - annual cost of safeguard = value of the safeguard to the company, or (ALE1 - ALE2) - ACS

What is Dual-Core Datacenter ?

differs from traditional multi-site datacenter architecture based primarily on the concept that it is possible to shift active-running workload from one site to another with no interruption in services. While providing the ability to shift active running workload from one site to another

What Originated by VISA and MasterCard as an Internet credit card protocol using what?

digital signatures

What is the result of Allowing objects to be used sequentially by multiple users without a refresh of the objects can lead to?

disclosure of residual data

An attack efforts between cooperative machines using traffic in an entirely legitimate manner are what?

distributed reflective denial of service attacks

Network administrator not taking mandatory two week vacation violates:

due diligence (not doing the right thing the right way)

Why is It very difficult to defend against distributed denial-of-service attacks?

due to their sophistication and complexity.

who are the necessary members of the business continuity planning team?

each of the operational and support departments; technical experts from the IT department; security personnel with BCP skills; legal representatives familiar with corporate legal, regulatory, and contractual responsibilities; and representatives from senior management.

What is defined as "a method of transferring bulk information to off-site facilities for backup purposes?

electronic vaulting

What is Password Policy?

ensure that users create strong passwords of sufficient length and complexity that can track password history and prevent users from reusing passwords?

What is the main purpose of off-site hardware testing to ensure the continued compatibility of the contingency facilities?

ensure the continued compatibility of the contingency facilities

Most threats to a company allude toward

errors & omissions

How can a Continuity of Operations plan be described?

establishes senior management and a headquarters after a plan, outlining roles and authorities, orders of succession, and individual role tasks

what is an element of quantitative risk analysis that represents the percentage of loss that an organization would experience if a specific asset were violated by a realized risk?

exposure factor

From a quantitative point of view, what are three specific metrics when looking Impact Assessments?

exposure factor, the single loss expectancy, and the annualized loss expectancy

What are examples of side channel attacks?

fault generation, differential power analysis, electromagnetic analysis, timing, and software attacks

When possible, operations controls should be invisible, or transparent, to users. This keeps users from

feeling hampered by security and reduces their knowledge of the overall security scheme, thus further restricting the likelihood that users will violate system security deliberately.

what is a screened host?

firewall that communicates directly with a perimeter router and internal network

Static RAM chips are built using a number of ___________that retain their charge without requiring constant refreshing.

flip-flop transistors

What is performed the archive bit will be cleared indicating that the files were backup. This allows backup programs to do an incremental or differential backup that only backs up the changes to the filesystem since the last time the bit was cleared?

full backup

What is The Government Information Security Reform?

further develops the federal government information security program

The Government Information Security Reform Act does what?

further develops the federal government information security program

By going through a Business Impact Analysis, the organization will:

gain a common understanding of functions that are critical to its survival.

What is network device or service works at the Application layer knwoing theApplication layer gateway is a very specific type of component. It serves as a protocol translation tool?

gateway

Whjat is an asynchronous token?

generates and displays one-time passwords using a challenge-response process to generate the password

What is RAID 4

good for sequential data but not uses much

What is the role of the administrator?

grants access to data based on guidelines provided by the data owners

a Quantitative risk analysis focuses on?

hard values and percentages

What is a Polymorphic viruses?

has the capability of changing its own code, enabling it to have many different variants, making it harder to detect by anti-virus software

What is dual Control?

has to do with forcing the collusion of at least two or more persons to combine their split knowledge to gain access to an asset

Quantitatively measuring the results of the test of a BCP results in what?

have ways to measure the success of the plan and tests against the stated objectives. results must be quantitatively gauged as opposed to an evaluation based only on observation. Quantitatively measuring the results of the test involves a generic statement measuring all the activities performed during BCP, which gives the best assurance of an effective plan.

The ISC2 Code of Ethics does not include which of the following behaviors for a CISSP: Ethical behavior Legality Control Honesty

he correct answer is: Control. Control is not a behavior characteristic described in the Code of Ethics.

What are the Control Objectives for Information and Related Technology COBIT?

help business owners and mission owners balance security control requirements with business or mission needs

What is a classification labels are assigned in an ordered structure from low security to medium security to high security?

hierarchical environment

What type of attack a malicious user is positioned between a client and server and then interrupts the session and takes it over?

hijack attack

what is a hypervisor mode?

hypervisor mode allows virtual guests to operate in ring zero

steps of the business impact assessment process are

identification of priorities, risk identification, likelihood assessment, impact assessment, and resource prioritization

One of the primary responsibilities of the individuals responsible for business continuity planning is to perform an analysis of the business organization?

identify all departments and individuals who have a stake in the BCP process

What is the The first BIA task facing the BCP team is identifying business priorities?

identifying business priorities

What is the first BIA task facing the BCP team is identifying business priorities?

identifying business priorities

Threat modeling is the process of

identifying, understanding, and categorizing potential threats. The goal is to build a list of the threats, perform analysis, and determine mitigation strategies.

What is a replay when dealing with Kerberos?

if the compromised tickets are used within an allotted time window

What is critical portions of the business impact assessment?

impact assessment

When are Loss expectancies calculated?

impact assessment phase?

The business continuity plan must also contain statements of

importance, priorities, organizational responsibility, and urgency and timing.

what is an open system?

in open system uses open hardware and standards which use components from a variety of vendors.

____________are Technical physical security controls?

include access controls; intrusion detection; alarms; closed-circuit television; monitoring; heating, ventilating, and air conditioning (HVAC); power supplies; and fire detection and suppression.

There are a number of important concepts that underlie solid business continuity planning (BCP) practices, including the following:

including project scope and planning, business impact assessment, continuity planning, and approval and implementation

What is a Master boot record MBR viruses?

infects the system's boot sector and load when the system is started.

_________is generally considered to be more secure to eavesdropping than multidirectional radio transmissions because infrared requires direct line-of-sight paths?

infrared technology

what is an infrastructure as a service?

infrastructure as a service provides an entire virtualize operating system which the customer configures the operating system on up

which are the steps usually followed in the development of documents such as security policy, standards and procedures?

initiation, evaluation, development, approval, publication, implementation, and maintenance

The three requirements of patent law are

invention must be new, useful, and nonobvious.

What is a CSMA/CD?

is LAN media access method. Carrier Sense Multiple Access / Collision Detection, a set of rules determining how network devices respond when two devices attempt to use a data channel simultaneously. Standard Ethernet networks use CSMA/CD to physically monitor traffic on the line at participating stations.

What is an SNMP and what protocol does it use?

is a UDP-based service. UDP can not send back errors, because it is a simplex protocol. When UDP errors occur, the system will switch protocols and use ICMP to send back information over the network. The port is not available, an ICMP Type 3 error will be sent.

What is a substitution cipher?

is a category the Caesar cipher belongs to. Substitution cipher are vulnerable to frequency analysis attacks

What is Sanitization?

is a combination of processes that removes data from a system or from media. It ensures that data cannot be recovered by any means

What us Hierarchical storage management (HSM)?

is a data storage technique, which automatically moves data between high-cost and low-cost storage media. HSM systems exist because high-speed storage devices, such as hard disk drive arrays, are more expensive (per byte stored) than slower devices, such as optical discs and magnetic tape

what is a smurf attack?

is a distributed denial-of-service attack in which large numbers of Internet Control Message Protocol (ICMP) packets with the intended victim's spoofed source IP are broadcast to a computer network using an IP Broadcast address.

What is Static Random Access Memory- SRAM

is a fast expensive memory that uses small latches called "flip flops" to store bits

What is an Encrypted authentication

is a firewall feature that allows users on an external network to authenticate themselves to prove that they are authorized to access resources on the internal network

What is a SYN Flood Attack?

is a form of denial-of-service attack in which an attacker sends a succession of SYN requests to a target's system in an attempt to consume enough server resources to make the system unresponsive to legitimate traffic?

What is A VLAN?

is a hardware-imposed network segmentation created by switches that requires a routing function to support communication between different segments.

WHat is SHA-1?

is a hashing algorithm producing a 160-bit hash result from any data. and does not perform encryption.

What Agile software development?

is a phrase used in software development to describe methodologies for incremental software development--emphasis is placed on empowering people to collaborate and make team decisions in addition to continuous planning, continuous testing and continuous integration

What is a A federated identity?

is a portable identity, and its associated entitlements used across business boundaries. It allows a user to be authenticated across multiple IT systems and enterprises.

What is Clearing, or overwriting?

is a process of preparing media for reuse and assuring that the cleared data cannot be recovered using traditional recovery tools

IPsec runs on what layer in the OSI Model? .

is a protocol suite that runs at the networking layer It provides confidentiality, integrity protection, data origin authentication and replay protection of each message by encrypting and signing every message

What is Multi programming?

is a rudimentary form of parallel processing in which several programs are run at the same time on a uniprocessor

What is Control Objectives for Information and Related Technology

is a security concept infrastructure used to organize the complex security solutions

What is Data Manipulation Language ?

is a subset of SQL containing the commands used to interact with data

What is RC5

is a symmetric encryption algorithm. It is a block cipher of variable block length, encrypts through integer addition, the application of a bitwise Exclusive OR XOR, and variable rotations

What is L2F, or Layer 2 Forwarding,

is a tunneling protocol developed by Cisco Systems, Inc. to establish virtual private network connections over the Internet no encryption or confidentiality by itself; It relies on tunneled protocol providing privacy. L2F wasreplaced by L2TP

What is identity-based access control? is a type of Discretionary Access Control (DAC) that is based on an individual's identity?

is a type of Discretionary Access Control that is based on an individual's identity.

What is a primary key ?

is a unique identifier in the table that unambiguously points to an individual tuple or record in the table

What is X.25?

is an ITU-T standard protocol suite for packet switched wide area network WAN communication

what is a pseudorandom number generator?

is an algorithm for generating a sequence of numbers whose properties approximate the properties of sequences of random numbers. The PRNG-generated sequence is not truly random, because it is completely determined by a relatively small set of initial values, called the PRNG's seed which may include truly random values.

TCP Wrapper?

is an application that can serve as a basic firewall by restricting access based on user IDs or system IDs.

What is an annualized rate of occurrence (ARO)?

is an element of quantitative risk analysis that represents the expected frequency with which a specific threat or risk will occur in other words, become realized within a single year.

exposure factor or E F is what?

is an element of quantitative risk analysis that represents the percentage of loss that an organization would experience if a specifi c asset were violated by a realized risk.

What is the concept of an exposure factor (EF).

is an element of quantitative risk analysis that represents the percentage of loss that an organization would experience if a specific asset were violated by a realized risk. By calculating exposure factors, you are able to implement a sound risk management policy.

What is El Gamal

is an extension of the Diffie-Hellman key exchange algorithm that depends on modular arithmetic

What is The International common criteria?

is an international agreed-upon standard for describing in testing the security of IT products

What is ISO 1227?

is an international standard for software lifecycle processes. It defines all the tasks required for developing and maintaining software. Establishes a process of lifecycle for software, including processes and activities applied during the acquisition and configuration of the services of the system.

What is a query plan or query execution plan is an ordered set of steps used to access data in a SQL relational database management system?

is an ordered set of steps used to access data in a SQL relational database management system. This is a specific case of the relational model concept of access plans.

What is the Blowfish block cipher?

is another alternative to DES and IDEA. that operates on 64-bit blocks of text by allowing the use of variable-length keys ranging from a relatively insecure 32 bits to an extremely strong 448 bits for public use with no license required.

What is the qualitative risk analysis?

is based more on scenarios than calculations. Exact dollar fi gures are not assigned to possible losses; instead, threats are ranked on a scale to evaluate their risks, costs, and effects. Such an analysis assists those responsible in creating proper risk management policies

What is a message digest

is calculated and included in a digital signature to prove that the message has not been altered since the time it was created by the sender

One of the first steps in asset security is_____________

is classifying and labeling assets

when is a watchdog timer?

is designed to recovery system by rebooting after critical processes hang or crash

What is a closed system?

is designed to work well with a narrow range of other systems, generally all from the same manufacturer.

What is Purging?

is erasing the data so the media is not vulnerable to data remnant recovery attacks, including those classified as laboratory level

What is Traverse mode noise?

is generated by the difference in power between the hot and neutral wires of a power source or operating electrical equipment?

What is An application-level proxy?

is one that knows the details about a specific application, like HTTP, which allows a connection to a web site from a web browser.

What does a A trusted system address?

is one that meets its intended security requirements. It involves sufficiency and effectiveness, not necessarily efficiency, in enforcing a security policy. Put succinctly, trusted systems have (1) policy, (2) mechanism, and (3) assurance.

What is the full backup method?

is primarily run when time and tape space permits, and is used for the system archive or baselined tape sets.

What is the security kernel

is responsible for enforcing a security policy. It is a strict implementation of a reference monitor mechanism.

Multicast

is similar to broadcasting, except that multicasting means sending to a specific group, whereas broadcasting implies sending to everybody, whether they want the traffic or not.

What is the Delphi technique?

is simply an anonymous feedback-and-response process used to arrive at a consensus. Such a consensus gives the responsible parties the opportunity to properly evaluate risks and implement solutions

What is a synchronous token?

is synchronized with an authentication server and generates synchronous one-time passwords.

What is the main drawback of RAID 1? and for that matter RAID 10?

is that for the required disk space, the RAID overhead will double the amount of capacity you actually have to purchase. For example, if you needed to store 300GB of data you would have to purchase 600GB of capacity.

the common applications of cryptography to secure email

is the S/MIME protocol. Another popular email security tool is Phil Zimmerman's Pretty Good Privacy (PGP).

Multithreading

is the ability of a program or an operating system process to manage its use by more than one user at a time and to even manage multiple requests by the same user without having to have multiple copies of the programming running in the computer.

What is an Exposure Factor?

is the amount of damage that the risk poses to the asset, expressed as a percentage of the asset's value?

what is encryption?

is the art and science of hiding the meaning or intent of a communication from unintended recipients.

What is the The difference between total risk and residual risk and how is it calculated?

is the controls gap, which is the amount of risk that is reduced by implementing safeguards. To calculate residual risk, use the following formula: total risk - controls gap = residual risk

What is Actual Cash Value (ACV)?

is the default valuation clause property insurance. It is also known as depreciated value. It involves estimating the amount to be subtracted, which reflects the building s age, wear, and tear

WHat is federated identity in information technology?

is the means of linking a person's electronic identity and attributes, stored across multiple distinct identity management systems.

What is due care?

is the notion of preserving and protecting assets and interests for a given organization as exercised through a formalized security structure comprising baselines, guidelines, policies, procedures, and rules

The data owner

is the person who has ultimate organizational responsibility for data. The owner is typically the CEO, president, or a department head. Data owners identify the classification of data and ensure that it is labeled properly

what is a computer bus?

is the primary communication channel on a computer system the communication between the CPU, memory, and input output devices such as the keyboard mouse display etc occur via the bus

What is A cross certification?

is the process undertaken by CAs to establish a trust relationship in which they rely upon each other's digital certificates and public keys as if they had issued them themselves.

WHat is the goal of BCP planners?

is to implement a combination of policies, procedures, and processes such that a potentially disruptive event has as little impact on the business as possible

What is The final step of the Business Impact Analysis?

is to prioritize the allocation of business continuity resources to the various risks that you identified and assessed in the preceding tasks of the BIA.

What is a Foreign Key?

is used to enforce relationships between two tables, also known as referential integrity . Referential integrity ensures that if one table contains a foreign key, it corresponds to a still-existing primary key in the other table in the relationship.

What is The spiral model?

it allows developers to repeat iterations of another life cycle model such as the waterfall model to produce a number of fully tested prototypes.

How does anomaly analysis add to an IDS capability?

it allows it to recognize and react to send increases in traffic volume or activity multiple failed login attempts logons or program activity outside the normal working hours or failure in messages.

what is a hybrid environment?

it combines both hierarchal in compartmentalized concept so that each hierarchal Level will make contain subdivisions that are isolated from the rest of the security domain.

what is the hypervisor?

it controls access between virtual guests and host hardware

What is a circuit-level proxy firewall?

it creates a virtual circuit, or a point-to-point connection between a client and a server, they don't know all of the details about a specific application that's being proxied on certain criteria that are met or not met to be accepted, or the traffic could be denied, or the traffic could be discarded.

What is a datagram?

it is a data object or a packet in the Network layer

what is a darknet?

it is a portion of allocated IP address is within the network that not used.

What is the The Goguen-Meseguer model?

it is an integrity model based on predetermining the set or domain—a list of objects that a subject can access.

Why is it difficult to stop spam?

it is because the source of messages are usually spoofed.

What is an access aggregation attack??

it is collecting multiple pieces of non sensitive information and combining or aggregating them to learn sensitive information. It's like a Reconnaissance attack grabbing IP addresses, open ports, etc.

What is a conceptual security triple?

it is model that encompasses three concepts assets, risk, and vulnerability and their interdependent relationship within a structured, formalized organization.

The SD3+ design is what?

it is secured by default securing appointment in communication there are two goals in mind with this process. To reduce the number of security security-related design and coding defects. And reduce the severity of any remaining defects.

What is task base access control?

it is similar to roll base access control but instead of being assigned to one or roles as each user is assigned an array of tasks.

for a company to have a resource qualify as a trade secret

it must provide the company with some type of competitive value or advantage

what is sandboxing?

it provides a security boundary for applications and prevents the application from interacting with other applications

what's in accidents aggregation attack?

it refers to collection of multiple pieces of nonsensitive information and combining them to learn sensitive information. In other words a person or group may be able to collect multiple facts about a system then using facts launch attack.

The whole idea behind a one-way hash is that?

it should be just that - one-way. In other words, an attacker should not be able to figure out your password from the hashed version of that password in any mathematically feasible way (or within any reasonable length of time).

What is NIST 800-53?

it uses the following control categories: technical. management, and operational

what is a dedicated mode?

it's a mode of operation means that the system contains objects of one classification level onl

interns of common criteria terms what is the security target?

it's the documentation describing the TOE including the security requirements in operational environment.

Once your BCP team completes the four stages of preparing to create a business continuity plan, what is the last step?

it's time to dive into the heart of the work—the business impact assessment (BIA)

what are Primary and Candidate Keys

keys can uniquely identify records in a table

Which access control allows security controls for complexed environments. It is a complex access control model based on the interaction between any combination of objects and subjects

lattice based access control

Encryption occurs at which layer of the OSI Model?

layer 6 presentation

The object-relational and object-oriented models do what?

manage complex data such as required for computer-aided design and imaging.

Computer Security Act (CSA) of 1987?

mandates baseline security requirements for all federal agencies. Gave the National Institute of Standards and Technology (NIST) responsibility for developing standards and guidelines for federal computer systems

What is DHCP snooping

means that DHCP servers can assign IP addresses to only selected systems which are identified by their MAC addresses

What is Mutual authentication?

means that it is happening in both directions instead of just the user having to authenticate to the server the server also has to authenticate to the user

In the provisions and processes phase,of the BCP

mechanisms and procedures that will mitigate the risks are designed.

To fully evaluate risks and subsequently take the proper precautions you must

must analyze the following: assets, asset valuation, threats, vulnerability, exposure, risk, realized risk, safeguards, countermeasures, attacks, and breaches

What are the legal and regulatory requirements that face business continuity planners?

must exercise due diligence that shareholders' interests are protected prior to disasters. Some industries are also subject to federal, state, and local regulations that mandate specific BCP procedures. Businesses have contractual obligations to their clients that must be met, before and after a disaster.

what is Non-volatile memory?

non-volatile storage is computer memory that can retrieve stored information even after having been power cycled turned off and back Examples of non-volatile memory include read-only memory, flash memory, ferroelectric RAM most types of magnetic computer storage devices hard disk drives, floppy disks, and magnetic tape, optical discs

What is Masquerading

occurs when a person presents him- or herself as another user, typically to gain access to unauthorized information or processes.

three main methods used to exchange secret keys securely are:

offline distribution, public key encryption, and the Diffie-Hellman key exchange algorithm

key of the same length as the message where each bit or character from the plaintext is encrypted by a modular addition

one-time pad (OTP) is a type of encryption that is impossible to crack if used correctly. Each bit from the plaintext is encrypted by a modular addition with a bit or character from a secret random key

If the continuity is broken, then business processes have stopped what happens next?

organization is in disaster mode; thus, disaster recovery planning (DRP) takes over.

The Computer Security Act does what?

outlines steps the government must take to protect its own systems from attack

NIST SP 800-18

outlines the responsibilities and expected behavior of individuals and state the consequences of not complying with the rules or AUP? Called the "Rules of Behavior"

What do Business and mission owners own?

own the processes and ensure the systems provide value to the organization

__________ are responsible for ensuring that proper controls are in place to address integrity, confidentiality, and availability of the IT systems and data they own

owners are responsible for ensuring that proper controls are in place to address integrity, confidentiality, and availability of the IT systems and data they own

What is used in the first generation of firewalls and does not keep track of the state of a connection?

packet filtering

What type of firewall examines all of the fields in the headers in the packet. It might look at the source IP address field in the IP header or look at the destination port number field in a TCP header to decide whether or not traffic should be allowed to go through.

packet-filtering firewall

What is source routing?

packets hold the forwarding information so that they can find their way to the destination themselves without bridges and routers dictating their paths

What rule states that when an agreement between parties is put into written form, the written document is assumed to contain all the terms of the agreement and no verbal agreements may modify the written agreement?

parol evidence

what is always a potential attack if awireless network is not otherwise using some other form of authentication typically access via 802.1 X?

password guessing

What is Intrusion Detection?

patterns of analysis and recognition

What is a full backup?

performed the archive bit will be cleared indicating that the files were backup. This allows backup programs to do an incremental or differential backup that only backs up the changes to the filesystem since the last time the bit was cleared

what is the arithmetic logic unit or called ALU?

performs the mathematical calculation it computes it is fed instructions by the control unit which acts as a traffic cop sitting instructions to the ALU

What is a database-related SQL structured query language terminology that allows a relation to contain multiple rows with the same primary key; the multiple instances are distinguished by their security levels. It occurs because of mandatory policy.

polyinstantiation

The Full Backup Method is what?

primarily run when time and tape space permits, and is used for the system archive or baselined tape sets

What is the final step in the BIA

prioritize the allocation of business continuity resources to the various identified risks and assessed in the preceding tasks of the BIA

the four steps of the business continuity planning process are:

project scope and planning, business impact assessment, continuity planning, and approval and implementation.

the four steps of the business continuity planning process is?

project scope and planning, business impact assessment, continuity planning, and approval and implementation. Each task contributes to the overall goal of ensuring that business operations continue uninterrupted in the face of an emergency situation.

BCP process involves the follwing steps_________

project scope and planning, business impact assessment, continuity planning, and approval and implementation

Business continuity planning (BCP) involves four distinct phases they are what?

project scope and planning, business impact assessment, continuity planning, and approval and implementation.

The Computer Fraud and Abuse Act as amended does what?

protects computers used by the government or in interstate commerce from a variety of abuses.

what is Virtual Storage?

provided by the operating system where it uses a combination of RAM and disk storage to simulate a much larger address space than is actually present

The Federal Sentencing Guidelines released in 1991 provided?

provided punishment guidelines to help federal judges interpret computer crime laws.The guidelines formalized the p rudent man rule , which requires senior executives to take personal responsibility for ensuring the due care that ordinary, prudent individuals would exercise in the same situation.

What is an elliptic curve algorithm?

provides more security than other algorithms when both are used with keys of the same length

What is The Internet Security Association and Key Management Protocol ISAKMP?

provides background security support services for IPSec, including managing security associations

What is Mesh Toplogy secure?

provides redundant connections to systems, allowing multiple segment failures without seriously affecting connectivity.

What is system high?

provides the most granular or distinctive control over resources and users because it enforces clearances, requires need to know, and allows the processing of only single sensitivity levels

What is an Occupant emergency plan?

provides the response procedures for occupants of a facility in the event of a situation posing a potential threat to the health and safety of personnel, the environment, or property

what is virtual memory?

provides virtual address mapping between applications and hardware memory.

What is a private cloud?

provisioned for exclusive use by comprising multiple consumers. It may be owned, managed, and operated by the organization, a third party, or some combination of them, and it may exist on or off premises.

what are false vulnerabilities or apparent loopholes intentionally implantnted in a system in attempt to temp hackers

pseudo flaws

What is an algorithm for generating a sequence of numbers whose properties approximate the properties of sequences of random numbers. The PRNG-generated sequence is not truly random, because it is completely determined by a relatively small set of initial values, called the PRNG's seed which may include truly random values.

pseudorandom number generator

public-key certificate binds a _________key value?

public key value

______binds a subject name to a public key value?

public-key certificate binds a subject name to a public key value

what is purging?

purging is used to sufficiently clean Remnants of data on a magnetic storage drive so that it can be reused in unsecure environment

What should be included in the criticality survey?

purpose clearly stated, management approval, what services and systems are critical to keep business organized.

Remember: data for being purged is the responsibility of the data owner not the custodian

qualitative risk analysis approach pinpoints major areas of risk - it gives simple subjective results not objective

What is Scoping

refers to reviewing baseline security controls and selecting only those controls that apply to the IT system you're trying to protect.

What is NIST SP 800-53

regulation discusses security control baselines as a list of security controls. It stresses that a single set of security controls does not apply to all situations, but any organization can select a set of baseline security controls and tailor it to its needs

WHat are the The Federal Sentencing Guidelines ?

released in 1991 formalized the prudent man rule, which requires senior executives to take personal responsibility for ensuring the due care that ordinary, prudent individuals would exercise in the same situation?

Remember: Contingency planning requirements should be considered at every phase of SDLC, but most importantly when a new IT system is being conceived.

remember : In the initiation phase of the SDLC, system requirements are identified and matched to their related operational processes, allowing determination of the system's appropriate recovery priority.

remember this: A vulnerability is a weakness in a system that can be exploited by a threat

remember this MD5 is a one-way hash function producing a 128-bit message digest from the input message, through 4 rounds of transformation. MD5 is specified as an Internet Standard RFC1 12

COBIT. Control Objectives for Information and Related Technology COBIT is a security concept infrastructure used to organize the complex security solutions of companies.

remember this Threat modeling is the security process where potential threats are identified, categorized, and analyzed.

remember this:IPSec operational mode encrypts the entire data packet in Tunnel Mode

remember this, In the UTP category rating, the tighter the wind or the tighter the cables are twisted togethe :the higher the rating and its resistance against interference and crosstalk will be.

remember this: Interpreters translate one command at a time during execution, as opposed to compilers and assemblers where source code for the whole application is transformed to executable code before being executed.

remember this: A translator is a generic term for the others. translates source code one command at a time for execution on a computer?

remember this: a general term is described as the process of independently assessing a system against a standard of comparison, such as evaluation criteria is defined as a benchmark, standard is known as an evaluation criteria

remember this: Criteria are the "standards" against which security evaluation is carried out. They define several degrees of rigour for the testing and the levels of assurance that each confers. They also define the formal requirements needed for a product (or system) to meet each Assurance level.

remember this : with a dedicated mode all subjects must possess the clearance equal or two greater than the label the objects.

remember this: In System high mode of operation the system contains objects of mixed labels also must possess a clearance equal to the systems eyes object.

Remember this: HTTP is not a secure channel, L2TP is encapsulated but not encrypted, SSL/SSH/IPSEc are encrypted and encapsulated

remember this: In tunnel mode, even the IP Header is encrypted. In transport mode, the IP header is intact

remember this: An intranet is an Internet-like logical network that uses a firm's internal, physical network infrastructure.

remember this: Network Architecture refers to the communications products and services, which ensure that the various components of a network such as devices, protocols, and access methods work together.

remember this: packet filtering gateways offer minimum security but at a very low cost, and can be an appropriate choice for a low-risk environment.

remember this: Packet filtering firewalls use routers with packet filtering rules to grant or deny access based on source address, destination address, and port.

Remember this: Avoid combining policies, standards, baselines, guidelines, and procedures in a single document. Each of these structures must exist as a separate entity because each performs a different specialized function

remember this: The goal of a business continuity program is to ensure that recovery time objectives are shorter than maximum tolerable downtime measures.

Remember this: The act of measuring and evaluating security metrics is the practice of assessing the completeness and effectiveness of the security program. This should also include measuring it against common security guidelines and tracking the success of its controls.

remember this: The security role of data custodian is responsible for the tasks of implementing the prescribed protection defined by the security policy and senior management.

remember this:best reason for separating the test and development environments is To control the stability of the test environment.

remember this: The test environment must be controlled and stable in order to ensure that development projects are tested in a realistic environment which, as far as possible, mirrors the live environment.

remember this: The MAC address is 48 bits long, 24 of which identify the vendor, as provided by the IEEE. The other 24 bits are provided by the vendor.

remember this: a detailed examination and testing of the security features of an IT system/ product ensure they meet evaluation criteria is Evaluation

remember this-a disadvantage of a statistical anomaly-based intrusion detection system may falsely detect a non-attack event that had caused a momentary anomaly in the system.

remember this: a factor related to Access Control cover the integrity, confidentiality, and availability components of information system security.

The Internet Security Glossary RFC2828 defines aggregation as a circumstance in which a collection of information items is required to be classified at a higher security level than any of the individual items that comprise it.

remember this: digital envelope for a recipient is a combination of encrypted data and its encryption key in an encrypted form that has been prepared for use of the recipient.

remember this: Some sites choose not to implement Trivial File Transfer Protocol TFTP due to the inherent security risks. TFTP is a UDP-based file transfer program that provides no security.

remember this:It is recommended to use a passphrase. A passphrase is more resistant to attacks. The passphrase is converted into a virtual password by the system. Often time the passphrase will exceed the maximum length supported by the system and it must be trucated into a Virtual Password.

remember this: When a station communicates on the network for the first time, the Reverse Address Resolution Protocol RARP finds the Internet Protocol (IP) address that matches with a known Ethernet address

remember this:the RARP protocol sends out a packet, which includes its MAC address and a request to be informed of the IP address that should be assigned to that MAC address.

The Federal Information Security Management Act (FISMA)

requires that federal agencies implement an information security program that covers the agency's operations. FISMA also requires that government agencies include the activities of contractors in their security management programs.

what is a click wrap agreement?

requires users to click on a button during the installation process to accept the terms of the agreement.

What is the responsibility of the data owner when it comes to protecting data

responsible for classifying, labeling, and protecting data

The termination procedure should include what? witnesses, return of company property, disabling network access, an exit interview, and an escort from the property.

return of company property, disabling network access, an exit interview, and an escort from the property.

Your DMZ is located ?

right behind your first Internet facing firewall

explain the ring model?

ring zero the kernel, ring one other OS components that do not fit in ring zero, device drivers ring two, ring three user applications

__________is the process by which upper management is provided with details to make decisions about which risks are to be mitigated, which should be transferred, and which should be accepted

risk analysis

The process of identifying factors that could damage or disclose data, evaluating those factors in light of data value and countermeasure cost, and implementing cost-effective solutions for mitigating risk is what?

risk management process

implementing cost-effective solutions for mitigating or reducing risk is known as?

risk management.

What is parol evidence?

rule states that when an agreement between parties is put into written form, the written document is assumed to contain all the terms of the agreement and no verbal agreements may modify the written agreement.

What provides a security boundary for applications and prevents the application from interacting with other applications?

sandboxing

A BCP project typically has four components: scope determination, the Business Impact Assessment, the Business Continuity Plan, and implementation

scope determination, the Business Impact Assessment, the Business Continuity Plan, and implementation

Symmetric-key encryption uses (select all that apply):

secret keys, one key for encryption, another for decryption, shared keys

what is a security domain?

security domain is a list of objects that is allowed to access more broadly defined domains are groups of subjects in objects with a similar security requirements.

what is the documentation describing the TOE including the security requirements and operational environment?

security target

remember this :Threat modeling can be performed as a proactive measure during design and development or as a reactive measure once a product has been deployed. Key concepts include assets/attackers/software, STRIDE, diagramming, reduction/decomposing, and DREAD

security-minded acquisitions. Integrating cyber security risk management with acquisition strategies and practices is a means to ensure a more robust and successful security strategy in organizations of all sizes.

What A data object called in the Transport layer

segment

What refers to any information that isn't public or unclassified

sensitive

What are some of the considerations when you are conducting Business Impact Assessment and the Cloud?

service organization control SOC report

What is COSO?

set of internal corporate controls to help reduce fraud developed by the Committee of Sponsoring Organizations of the Tread Way commission

What is a noninvasive attack smart cards are vulnerable to?

side channel attack. Side channel attacks are passive attacks to gather information about smart cards such as an encryption key

Examples of ___________attacks are fault generation, differential power analysis, electromagnetic analysis, timing, and software attacks

side-channel attacks

What is a Cyclic Redundancy Check?

similar to a Hash total to act as a redundancy tool

Kerberos uses what type of authentication method?

single-factor or multi-factor authentication method

What is a distributed denial-of-service attack in which large numbers of Internet Control Message Protocol (ICMP) packets with the intended victim's spoofed source IP are broadcast to a computer network using an IP Broadcast address?

smurf attack

Northbridge and Southbridge what are they?

some computer designs use two buses

What is it called when packets hold the forwarding information so that they can find their way to the destination themselves without bridges and routers dictating their paths?

source routing

What is a The meet in the middle attack?

specifically targets encryption algorithms that use two rounds of encryption, such as Double DES

What is a capability table ?

specifies the access rights a certain subject possesses pertaining to specific objects?

not write information to an object at a lower sensitivity level (no write down). This is also known as the Confinement Property.

star Security Property

What are bounds?

state or define the area within which a process is confined.

An abstraction is what?

states that a detailed understanding of lower system levels is not a necessary requirement for working at higher levels.

What is Differential backups?

store all files that have been modified since the time of the most recent full backup; they affect only those files that have the archive bit turned on, enabled, or set to 1.

cipher feedback mode CFB uses what type of cipher?

streaming cipher

What is the The best way to protect the confi dentiality of data whether it's a rest, in transit or storage?

strong encryption protocols

Blowfish what is it?

symmetric block cipher with variable-length key (32 to 448 bits) designed in 1993 by Bruce Schneier as an unpatented, license-free, royalty-free replacement for DES or IDEA.

Block ciphers is a type of what?

symmetric-key encryption algorithm that transforms a fixed-size block of plaintext unencrypted text data into a block of ciphertext encrypted text-data of the same length. They are appropriate for software implementations and can operate internally as a stream

which contains the rules that govern the interactions between subjects and objects and permissions subjects can grant to one another

take Grant protection model

remember this: access control method prevents information from leaking DOWN to a lower level of security while preventing users from accessing information at a higher level area than their own clearance is the Bell La-Padula Model

testing uses a set of test cases that focus on control structure of the procedural design is Unit testing is the testing of an individual program or module.

You should understand the distinction between business continuity planning and disaster recovery planning.

that BCP comes first, and if the BCP efforts fail, DRP steps in to fi ll the gap.

What are problems with RAID Level 0?

that it actually provide no fault tolerance of the disk system rather than increasing it. The entire data volume is unusable if one drive in the set fails

Describe the process used to develop a continuity strategy

the BCP team determines which risks will be mitigated. In the provisions and processes phase, mechanisms and procedures that will mitigate the risks are designed that is approved by Senior Management

Remember:The Digital Signature Standard uses the SHA-1 and SHA-2 message digest functions along with one of three encryption algorithms:

the Digital Signature Algorithm DSA; the Rivest, Shamir, Adleman RSA algorithm; or the Elliptic Curve DSA ECDSA algorithm

that act provides penalties for individuals found guilty of the theft of trade secrets. Harsher penalties apply when the individual knows that the information will benefit a foreign government

the Economic Espionage Act of 1996

Protection profiles and security targets are elements of what?

the ISO International Standard 15408 "Evaluation Criteria for Information Technology Security", also commonly known as the Common Criteria (CC).

Commercial data is often classified within four criteria to protect information what are they

the age of the information, it's useful life, and any regulatory requirements.

performs the mathematical calculation it computes it is fed instructions by the control unit which acts as a traffic cop sending instructions

the arithmetic logic unit

Once your BCP team completes the four stages of preparing to create a business continuity plan what is the next step?

the business impact assessment (BIA)

What are Security Targets?

the claims of security from the vendor that are built into a Target of Evaluation

if the BCP team consults with fire experts and determines that a building fire would cause 70 percent of the building to be destroyed what is the exposure factor?

the exposure factor of the building to fi re is 70 percent.

A static packet-filtering does what ?

the firewall filters traffic by examining data from a message header.

Once an intrusion into your organization's information system has been detected, what is the first steps you need to take?

the first action that needs to be performed is determining to what extent systems and data may be compromised if they really are, and then take action.

what have five requirements. They must allow input of any length, provide fi xed-length output, make it relatively easy to compute the hash function for any input, provide one-way functionality, and be collision free

the fundamental requirements of a hash function

What is the primary goal of change management? Maintaining Documentation Keeping users informed Allowing rollback of failed changes Preventing Security Compromises

the goal of change management is to ensure that any change does not lead to reduced compromised security.

what controls access between virtual guests and host hardware?

the hypervisor

how to perform the business organization analysis?

the individuals responsible leading the BCP process determine which departments and individuals have a stake in the business continuity plan. This analysis is used as the foundation for BCP team selection and, after validation by the BCP team, is used to guide the next stages of BCP development.

What is a replay attack?

the malicious individual intercepts an encrypted message between two parties often a request for authentication and then later replays the captured message to open a new session.

An ACL specifies a list of users subjects who are allowed access to each object

the matrix is a way of analyzing the access control needed by a population of subjects to a population of objects. This access control can be applied using rules, ACL's, capability tables, etc.

What is calculated and included in a digital signature to prove that the message has not been altered since the time it was created by the sender?

the message digest

What contains hardware including the CPU, memory slots, firmware, and peripheral slots such as peripheral component interconnect slots

the motherboard

What uses a key of the same length as the message where each bit or character from the plaintext is encrypted by a modular addition?

the one-time pad (OTP). Each bit or character from the plaintext is encrypted by a modular addition with a bit or character from a secret random key (or pad) of the same length as the plaintext

Risk analysis is what?

the process by which risk management is achieved and includes analyzing an environment for risks, evaluating each risk as to its likelihood of occurring and the cost of the resulting damage, assessing the cost of various countermeasures for each risk, and creating a cost/benefit report for safeguards to present to upper management.

The mechanisms and procedures that will mitigate the risks are designed occur at what phase of the BCP?

the provisions and processes phase

What us one of the major problems underlying symmetric encryption algorithms?

the secure distribution of the secret keys required to operate the algorithms.

What is Categorize, Select, Implement, Assess, Authorize, and Monitor

the six steps of the risk management framework

following frameworks are Categorize, Select, Implement, Assess, Authorize, and Monitor which are what?

the six steps of the risk management framework

what is regression testing?

the software testing level tests software after updates, modifications, or any patches

What are identification of priorities, risk identification, likelihood assessment, impact assessment, and resource prioritization?

the steps of the business impact assessment process

With Discretionary Access Control there are limitations--what are they?

the subject has authority, within certain limitations, to specify what objects can be accessible.

What is a top-down approach?

the top down approach means that the initiation, support, and direction come from top management; work their way through middle management; and then reach staff members

What is a hierarchical environment?

the various classification labels are assigned in an ordered structure from low security to medium security to high security.

What are the two ways of transferring files,

there are two basic ways: FTPS and SFTP.

what is a compartmentalized enviornment?

there is no relationship between one security domain and another. each domain represents a separate isolated compartment to gain access to an object the subject must have specific clearance for its security domain.

what is a maintenance hook?

they are a type of a backdoor there a shortcut installed by the system designers and programmers to allow developers to bypass normal system checks during development.

what is a zero knowledge team?

they know nothing about the Target site except the publicly available information such as the domain name and company address.

Database administrators take steps to encrypt sensitive data stored on the database server (data at rest) would do what?

they would implement strong authentication and authorization controls to prevent unauthorized entities from accessing the database

What is is the system of oversight that may be mandated by law, regulation, industry standards, or licensing requirements

third-party governance of security

What phase of the business impact assessment identifies the likelihood that each risk will occur?

this assessment is usually expressed in terms of an annualized rate of occurrence (ARO) that reflects the number of times a business expects to experience a given disaster each year.

what is in advanced persistent threat?

this refers to a group of attackers who are working together or highly motivated, skilled and patient --they have advanced knowledge and a wide variety of skills to detect and exploit vulnerabilities.

These can originate from numerous sources, including IT, humans, and nature which should be performed as a team effort to provide the widest range of perspectives to you reduce your system's vulnerability? What is this process called?

threat evaluation

What is an exposure factor, the single loss expectancy, and the annualized loss expectancy

three specific metrics when looking Impact Assessments

What is True name identity theft

to a situation where someone obtains key pieces of personal information such as a credentials, or Social Security number, and then uses that information to impersonate someone else?

The star Security Property states that a subject may not write information

to an object at a lower sensitivity level (no write down). This is also known as the Confinement Property.

What is a Vital function?

to those that can be performed manually but only for a brief period of time; this is associated with lower costs of disruption than critical functions

What is a web vulnerability scanner?

tool to find a Cross-site scripting attack

The ____________of the Bell-LaPadula model states that the classification of a subject or object does not change while it is being referenced.

tranquility principle

What is a modem?

translates data from digital form and then back to digital for communication over analog lines.

To achieve added security over DES, 3DES must use at least______________

two cryptographic keys

Confidentiality assures that the information is not disclosed to___________________

unauthorized persons or processes.

What is Triple DES?

used 56-bit keys but newer implementations use 112-bit or 168-bit keys. Larger keys provide a higher level of security. Microsoft OneNote and System Center Confi guration Manager use 3DES to protect some content and passwords.

What does packet filtering do?

used in the first generation of firewalls and does not keep track of the state of a connecti

What are Foreign Keys

used to enforce referential integrity constraints between tables that participate in a relationship

Cross site scripting can be mitigated and is only effective when what is involved?

user interaction

DNS is what kind of model?

uses a hierarchical model to organize data, with root name servers representing the top-level domains and authority distributed hierarchically to child servers.

What is Base+Offset addressing ?

uses a value stored in one of the CPU's registers as the base location from which to begin counting. The CPU then adds the offset supplied with the instruction to the value and retrieves the operand from that computed memory location

RAID-5 what is it?

uses disk striping with parity-provides balance between performance & availability- requites 3 physical disks

what is a closed system?

uses proprietary hardware or software

What is an Encrypted Virus?

uses simple encryption to encipher their computer code. Each virus is encrypted with a different key so that even with a key to one virus, another instance of the same virus cannot be scanned

What is the criteria for the best programming?

uses the most cohesive modules possible, because different modules need to pass data and communicate, Also, the lower the coupling, the better the software design, because it promotes module independence. The more independent a component is, the less complex the application is and the easier it is to modify and troubleshoot.

How can Single Sign On be implemented?

using scripts that replay the users multiple log-ins against authentication servers to verify a user's identity and to permit access to system services

WHat is a False Reject or Type I Error?

valid user is rejected by the system

what is unique about virus writers and what do they not commonly used in their code?

validation routines

What does an IDSs watch for ?

violations of confidentiality, integrity, and availability. Attacks from external connections , viruses, malicious code, trusted internal subjects performing unauthorized activities, and unauthorized access attempts from trusted locations.

What periodically synchronizes itself with all of the identity stores individual network directories to ensure the most up-to-date information is being used by all applications and identity management components within the enterprise.

virtual directory

what do not commonly include validation routines in their code?

virus writers

where are critical business records will be stored and the procedures for making and storing backup copies of those records?

vital records program

What is Multics- Multiplexed Information and Computing Service?

was an influential early time-sharing operating system. The project was started in 1964 in Cambridge, Massachusetts. The last known natively running Multics installation was shut down on October 30, 2000, at the Canadian Department of National Defence in Halifax, Nova Scotia, Canada

What is the The International Data Encryption Algorithm IDEA?

was developed in response to complaints about the insufficient key length of the DES algorithm. Like DES, IDEA operates on 64-bit blocks of plain text/ciphertext

What would be the tool to find a Cross-site scripting attack?

web vulnerability scanner

what is a pseudo flaw?

what are false vulnerabilities or apparent loopholes intentionally implantnted in a system in attempt to temp hackers

What is purging?

what is a more intense form of clearing that prepares media for reuse in less secure environments. It provides a level of assurance that the original data is not recoverable using any known methods.

What is a smurf attack?

when an attacker spoofs an ICMP broadcast packet and sends to the network. the broadcast is sent to all victims on a network where the victim is located.

What is a Shrink Wrap License agreement?

when the user opens a software package

What is a vital records program?

where are critical business records will be stored and the procedures for making and storing backup copies of those records

The disaster recovery plan kicks in when?

where the business continuity plan leaves off.

Covert Timing Channel

which one process modulates its system resource for example, CPU cycles, which is interpreted by a second process as some type of communication.

What is the Anti‐Counterfeiting Trade Agreement?

which proposes a framework for international enforcement of intellectual property protections. As of February 2015, the treaty awaited ratification by the European Union member states, the United States, and five other nations.

Patents protect the intellectual property rights of inventors. They provide a period of _________

years during which the inventor is granted exclusive rights to use the invention (whether directly or via licensing agreements). At the end of the patent exclusivity period, the invention is in the public domain available for anyone to use.

how do you ensure that logs have accurate time stands and that these timestamps and a consistent throughout the environment?

you can do this through network time protocol NTP which is a server that synchronizes it to a trusted time source such as a public network time protocol server

If physical and infrastructure support is lost, such as after a catastrophe, regular activity (including deploying updates, performing scans, or tightening controls) is not possible what do you do?

you must simply wait until the emergency or condition expires and things return to normal

after identifying valuable assets and potential threats what is the next step?

you perform a vulnerability analysis.

What is it when an entity knows nothing about the Target site except the publicly available information such as the domain name and company address?

zero knowledge team


संबंधित स्टडी सेट्स

Chapter 6: Hyperprolactinemia, Galactorrhea, Pituitary adenoma

View Set

Business Architecture & Consultancy

View Set

What Alcohol Really Does To Your Brain

View Set

Routing Concepts and Configuration Exam

View Set

MED/SURG2: Chapter 35 Ass. of cardiac rhythm

View Set

View all Part 2 我的假期计划 Conversation

View Set