650 Final
Relative humidity should be maintained between ________ to avoid the threats from both low and high humidity. 20% and 80% 40% and 60% 50% and 50% 30% and 70%
40% and 60%
Which of the following is an important consideration when an app uses AES for encryption? -an adequate hashing length must be set -AES is no longer secure and should not be used -the correct block mode (CBC) should be used to avoid potential weaknesses -AES keys should be stored in permanent memory
? AES keys should be stored in permanent memory
Who operates the Common Criteria Evaluation and Validation Scheme in the U.S.? Consumer Protection Agency NIST and the NSA The Common Criteria Portal EAL 7
? Common Criteria Portal
Which of the following best defines Trusted computing base (TCB)? -A system that employs sufficient hardware and software assurance measures to allow its use for simultaneous processing of a range of sensitive or classified information -The security features provided by a product -A baseline configuration that can be deployed in an organization. -A portion of a system that enforces a particular policy, is resistant to tampering and circumvention and small enough to be analyzed systematically
??A portion of a system that enforces a particular policy, is resistant to tampering and circumvention and small enough to be analyzed systematically
A Reference Monitor enforces which of the following security design principles Least astonishment Complete mediation Fail securely All of the above
??Complete mediation
In a DBMS using Multilevel Security, what would be the primary reason for allowing polyinstantiation? to provide secure backup to allow multiple roles to read data to prevent inference to allow multiple roles to write data
??to prevent inference
What is the purpose of Trusted System Certification Service? -to provide a method for printing digital certificates -to provide government and consumers a resource to identify secure products -to provide a local user or a remote system an assurance that unaltered configuration is in use -to encrypt data in such a way that the data can be decrypted only by a certain machine
??to provide a local user or a remote system an assurance that unaltered configuration is in use
Which of the following security models is focused primarily on data integrity in commercial applications? Biba Integrity Model Clark-Wilson Integrity Model Bell-LaPadula Model Model 3
?Clark-Wilson Integrity Model
Which of the following was created by the DoD 1970's and prevents the leaking/transfer of classified info to less secure clearance levels? Model 3 Access matrix M Biba Integrity Model Bell-LaPadula Model
Bell-LaPadula
The ______ is an optional key that may be present on any PIV card, does not require PIN entry, and whose purpose is to authenticate the card and therefore its possessor. VIS BIO CHUID CAK
CAK
Which security model is designed to avoid conflicts of interest by prohibiting one person, such as a consultant, from accessing multiple conflict of interest (Col) categories? Chinese Wall Model multilevel security (MLS) Clark-Wilson Integrity Model Level function f
Chinese Wall Model
What is polyinstantiation? -It allows a single user or program to assume multiple roles -It allows a relation to contain multiple rows with the same primary key; -It allows several programs to access the same relational dataase -It is another term for perturbance
It allows a relation to contain multiple rows with the same primary key
__________ has two operating modes, one tailored for single-source communication, and another tailored for multi-source broadcast communication. Edge Keystone OpenSource MiniSec
MiniSec
Messages in the BSD syslog format consist of three parts: PRI, Header, and ___.
Msg
________ is an open-source software project that aims to produce an open-source cloud operating system.
OpenStack
__________ aggregates log and event data from virtual and real networks, applications, and systems. This information is then correlated and analyzed to provide real-time reporting and alerting on information/events that may require intervention or other type of response.
SIEM
In which of the following processes does TC hardware check that valid software has been brought in by verifying a digital signature associated with the software? authenticated boot service certification service Encryption service TPM service
TPM service
______ is detection of events within a given set of parameters, such as within a given time period or outside a given time period.
Windowing
Data items to capture for a security audit trail include: events related to the security mechanisms on the system operating system access remote access all of the above
all of the above
The buffer is located __________ . in the heap on the stack in the data section of the process all the above
all of the above
Which of the following authentication requirements does OWASP recommend for sensitive apps? -A second factor of authentication exists at the remote endpoint and the 2FA requirement is consistently enforced -Step-up authentication is required to enable actions that deal with sensitive data or transactions -The app informs the user of the recent activities with their account when they log in -All of the above
all of the above
Which of the following does OWASP recommend in regards to testing login activity? -The application provides a push notification the moment a user account is used on another device -The application provides an overview of the last session after login -The application has a self-service portal in which the user can see an audit-log and manage the different devices -All of the above
all of the above
Which of the following is provided by a Trusted Platform Module? authenticated boot certification encryption All of the above
all of the above
Which of the following is provided by the Common Criteria for Information Technology Security Evaluation? sets of IT requirements of known validity that can be used to establish the security requirements of prospective products and systems details how a specific product can be evaluated against known requirements details a process for responding to changes, and possibly reevaluating the product all of the above
all of the above
Which of the following should be included when testing to identify insecure and/or deprecated cryptographic algorithms in a mobile app? cryptographic algorithms are up to date and in-line with industry standards key lengths are in-line with industry standards cryptographic parameters are well defined within reasonable range all of the above
all of the above
______ is the process of retaining copies of data over extended periods of time, being months or years, in order to meet legal and operational requirements to access past data.
archive
The _______ authentication has an attendant supervise the use of the PIV card and the submission of the PIN and the sample biometric by the cardholder.
attended biometric
The ______ repository contains the auditing code to be inserted into an application.
audit
The ________ is a module on a centralized system that collects audit trail records from other systems and creates a combined audit trail. audit dispatcher audit analyzer audit trail collector audit provider
audit trail collector
The ______ process makes copies of data at regular intervals for recovery of lost or corrupted data over short time periods. logging backup hardening archive
backup
Unix and Linux systems grant access permissions for each resource using the ______ command.
chmod
A __________ is an entity that manages the use, performance and delivery of cloud services, and negotiates relationships between CSPs and cloud consumers. cloud carrier cloud auditor cloud provider cloud broker
cloud broker
MiniSec is designed to meet the following requirements: data authentication, __________, replay protection, freshness, low energy overhead and resilient to lost messages.
confidentiality
Once the system is appropriately built, secured, and deployed, the process of maintaining security is ________. -complete -no longer a concern -continuous -sporadic
continuous
This type of analysis attempts to identify any potential means for bypassing security policy and ways to reduce or eliminate such possibilities. assurance analysis covert channel analysis policy bypass analysis system integrity analysis
covert channel analysis
_________ identifies the level of auditing, enumerates the types of auditable events, and identifies the minimum set of audit-related information provided. Event selection Data generation Automatic response Audit analysis
data generation
The range of logging data acquired should be determined _______. -during security testing -as a final step -after monitoring average data flow volume -during the system planning stage
during the system planning stage
Noise along a power supply line, motors, fans, heavy equipment, microwave relay antennas, and other computers are all sources of _________.
electromagnetic interference
Severe messages, such as immediate system shutdown, is a(n) _____ severity. alert emerg crit warning
emerg
Cryptographic file systems are another use of _______. encryption testing virtualizing acceleration
encryption
Which of the following runs program code to execute the TPM commands received from the I/O port? Cryptographic co-processor HMAC engine Execution engine SHA-1 engine
execution engine
A CSC can provide one or more of the cloud services to meet IT and business requirements of a CSP. True False
false
All UNIX implementations will have the same variants of the syslog facility. True False
false
Data representing behavior that does not trigger an alarm cannot serve as input to intrusion detection analysis. True False
false
Most large software systems do not have security weaknesses. True False
false
Passwords installed by default are secure and do not need to be changed. True False
false
The "smart" in a smart device is provided by a deeply embedded actuator. True False
false
The default configuration for many operating systems usually maximizes security. True False
false
The term platform as a service has generally meant a package of security services offered by a service provider that offloads much of the security responsibility from an enterprise to the security service provider. True False
false
Gaps, or __________ , are flagged in the MMU as illegal addresses, and any attempt to access them results in the process being aborted.
guard pages
________ includes data processing and storage equipment, transmission and networking facilities, and offline storage media. Supporting facilities Physical facilities Information system hardware Infrastructure facilities
information system hardware
NIST SP 800-145 defines three service models: software as a service, platform as a service, and __________ as a service.
infrastructure
Username and password authentication is considered adequate for apps that don't deal with sensitive information is the preferred authentication method for all apps is only necessary for apps that deal with highly sensitive information is not considered adequate for any app
is considered adequate for apps that don't deal with sensitive information
The rule that a subject can only write into an object of greater or equal security level is known as "No Write Down" "No Read Write" "Level function f" "No Way"
no write down
Power utility problems can be grouped into three categories: undervoltage, overvoltage, and ________.
noise
The first step in deploying new systems is _________. security testing installing patches planning secure critical content
planning
The _________ cloud deployment model is the most secure option. private hybrid public community
private
Examples of services delivered through the __________ include database on demand, e-mail on demand, and storage on demand. hybrid cloud public cloud private cloud community cloud
private cloud
Asymmetric encryption is also known as public-key encryption secret-key encryption private-key encryption Pretty Good Encryption
public key encryption
The most essential element of recovery from physical security breaches is ____.
redundancy
Configuration information in Windows systems is centralized in the _______, which forms a database of keys and values.
registry
A buffer overflow in MicroSoft Windows 2000/XP Local Security Authority Subsystem Service was exploited by the _________ . Aleph One Sasser worm Slammer worm none of the above
sasser worm
The aim of the specific system installation planning process is to maximize _______ while minimizing costs.
security
Traditionally the function of __________ was to transfer control to a user command-line interpreter, which gave access to any program available on the system with the privileges of the attacked program. shellcode C coding assembly language all the above
shellcode
In 2003 the _________ exploited a buffer overflow in Microsoft SQL Server 2000. Slammer worm Morris Internet Worm Sasser worm Code Red worm
slammer worm
The most vulnerable part of an IoT is the __________ . fog/edge network core network data center/cloud smart objects/embedded systems
smart objects/embedded systems
A stack buffer overflow is also referred to as ___________ . stack framing stack smashing stack shocking stack running
stack smashing
_________ audit trails are generally used to monitor and optimize system performance. User-level Physical-level System-level All of the above
system-level
Physical security threats are organized into three categories: environmental threats, human-caused threats, and _________ threats.
technical
______ threats encompass threats related to electrical power and electromagnetic emission.
technical
When testing stateful session management, which of the following is not recommended as a best practice for apps? -session IDs are randomly generated on the server side -the IDs can't be guessed easily (use proper length and entropy) -the mobile app saves session IDs in permanent storage -session IDs are always exchanged over secure connections
the mobile app saves session IDs in permanent storage
How do mobile apps use Key Derivation Functions (KDF)? -they use KDFs to generate random passwords -they use KDFs to encrypt messages sent to the server -they are used to derive secret keys from a secret value (such as a password) -KDFs are not recommended for mobile apps
they are used to derive secret keys from a secret value (such as a password)
_____ is the identification of data that exceed a particular baseline value. Anomaly detection Real-time analysis Thresholding All of the above
thresholding
A stack overflow can result in some form of a denial-of-service attack on a system. True False
true
According to ISO 27002, the person(s) carrying out the audit should be independent of the activities audited. True False
true
Human-caused threats are less predictable than other types of physical threats. True False
true
If a computer's temperature gets too cold the system can undergo thermal shock when it is turned on. True False
true
It is possible for a system to be compromised during the installation process. True False
true
NIST recommends selecting cloud providers that support strong encryption, have appropriate redundancy mechanisms in place, employ authentication mechanisms, and offer subscribers sufficient visibility about mechanisms used to protect subscribers from other subscribers and the provider. True False
true
Physical security must prevent misuse of the physical infrastructure that leads to the misuse or damage of the protected information. True False
true
Protection of the audit trail involves both integrity and confidentiality. True False
true
Security assessments are third-part audits of cloud services. True False
true
T/F Performing regular backups of data on a system is a critical control that assists with maintaining the integrity of the system and user data.
true
The security administrator must define the set of events that are subject to audit. True False
true
There is an increasingly prominent trend in many organizations to move a substantial portion or even all IT operations to enterprise cloud computing. True False
true
An _______ condition occurs when the IS equipment receives less voltage than is required for normal operation.
undervoltage
Human-caused threats can be grouped into the following categories: unauthorized physical access, theft, _________ and misuse.
vandalism
_______ includes destruction of equipment and data. Misuse Vandalism Theft Unauthorized physical access
vandalism
__________ applications is a control that limits the programs that can execute on the system to just those in an explicit list. Virtualizing White listing Logging Patching
white listing
RFC 2196 (Site Security Handbook) lists three alternatives for storing audit records: read/write file on a host, write-once/read-many device, and ______.
write only device
