CISSP - Domain 6 - Security Assessment and Testing
Synthetic vs Passive Monitoring
- Synthetic monitoring (also known as proactive monitoring) is done using simulated or recorded traffic to proactively identify problems. Behavioral scripts (or paths) are created to simulate an action or path that a customer or end-user would take on a site. - Passive Monitoring (also known as reactive monitoring) is done only after the issue have occurred. Both of these monitoring can be used for performance trending and predictive analysis.
TCP Connect Scan
- TCP connect scan is the default TCP scan type when SYN scan is not an option because SYN requires elevated privileges. This is also the case when a user is scanning IPv6 networks. Instead of writing raw packets as most other scan types do, Nmap asks the underlying operating system to establish a connection with the target machine and port by issuing the connect system call. This is the same high-level system call that web browsers, P2P clients, and most other network-enabled applications use to establish a connection.
Preventing password cracking attack on WiFi
- Use WPA2 Enterprise uses IEEE 802.1X based RADIUS authentication, which offers enterprise-grade authentication and locks the account after few attempts. - WPA2 Personal uses pre-shared keys (PSK) and is designed for home use. - WPA2 Encryption Keys would not stop the attack the way WPA2 Enterprise would do.
Worms
------- are unlike viruses in that they can self-replicate, while viruses require user interaction. True ------ require no intervention and are hard to create. ----- do not attach to a host file, but are self-contained and propagate across networks automatically. Stuxnet and Morris are the example of this malicious code.
C. DOS C. IP spoofing is a common practice when DoS tools are used to help the attacker mask his identity.
1. IP spoofing is commonly used for which of the following types of attacks? A. Salami B. Keystroke logging C. DoS D. Data diddling
1. Impersonation 2. Spoofing 3. Virus Hoax 4. Dumpster diving
1. Pretending to be someone or something else 2. Taking someone else's IP address, domain name, MAC address etc. 3. Not a real virus but pretends to one to elicit a specific response. 4. Digging through the trash to look for items of value such as passwords, manuals, account names etc.
1) Spear Phishing, 2) Whaling, 3) Smishing
1. This is type of phishing email that is sent only to people that use a particular service. 2. It is a term used to denote the phishing attempt to capture an important user, such as an executive or even a CEO. 3. SMS messaging service used over mobile phone devices; that's known as ?
1. Polymorphic Virus 2. Multipartite Virus
1. This kind of virus can make copies of themselves and change their signature every time they replicate and infect a new file. This technique makes it much harder for the antivirus program to detect the virus. 2. This virus can be in more than one area of the system at once. It can infect boot sectors and program files at the same time. The idea is that this would give the virus added survivability if one part is killed by antivirus software.
c. Acceptance testing - is designed to ensure the software meets the customer's operational requirements. Integration testing examines multiple software components as they are combined into a working system. Unit testing is a low-level test of software components, such as functions, procedures, or objects.
1. What can be used to ensure that software meets the customer's operational requirements? a. Integration testing b. Installation testing c. Acceptance testing d. Unit testing
B. Their goal is to do no harm. Ethical hackers use the same methods as crackers and black-hat hackers, but they report the problems they find instead of taking advantage of them. Ethical hacking has other names, such as penetration testing, intrusion testing, and red-teaming.
10. Ethical hackers are different from hackers in which of the following ways? A. They have permission to destroy a network. B. Their goal is to do no harm. C. They cannot be held liable for any damage. D. They cannot be prosecuted or jailed.
D. It is used to find vulnerabilities. Satan - was the first vulnerability assessment program and was designed to find vulnerabilities in a network.
12. Which of the following best describes SATAN? A. It is used for password cracking. B. It is used for reviewing audit logs. C. It is used to exploit systems. D. It is used to find vulnerabilities.
B. Make a bit level copy
13. The computer forensic investigator should do what during duplication? A. Make a direct copy B. Make a bit level copy C. Make a logical copy D. Format the target drive to clear any contents before copying
B. Graybox testing looks to determine what type of activities can be performed. Answer A is incorrect because whitebox testing is where everything is known about the network, answer C is incorrect because blackbox testing is where nothing is known about the network.
14. What type of penetration test examines what insiders can access? A. Whitebox B. Graybox C. Blackbox D. Bluebox
15. B. Phreakers are individuals that are known for their attacks on PBX and telecommunications equipment. Bluebox testing is used by phreaker.
15. These individuals are known for their attacks on PBX and telecommunication systems. A. Script kiddies B. Phreakers C. Crackers D. Hackers
a. Combinatorial software testing - Combinatorial software testing is a black-box testing method that seeks to identify and test all unique combinations of software inputs. Static testing examines the code passively; the code is not running. This form of testing includes walkthroughs, syntax checking, and code reviews. Dynamic testing examines code while executing it.
2. What term describes a black-box testing method that seeks to identify and test all unique combinations of software inputs? a. Combinatorial software testing b. Dynamic testing c. Misuse case testing d. Static testing
C. Session hijacking targets the TCP connection between a client and a server. If the attacker learns the initial sequence, he might be able to hijack a connection.
2. Which of the following best describes session hijacking? A. Session hijacking works by first subverting the DNS process. If this is successful, an attacker can use an already established TCP connection. B. Session hijacking subverts the UDP protocol. It allows an attacker to use an already established connection. C. Session hijacking targets the TCP connection between a client and a server. If the attacker learns the initial sequence, he might be able to hijack a connection. D. Session hijacking works by first subverting the DNS process. If this is successful, an attacker can use an already established UDP connection.
B. Start a training and awareness program.
3. Several of your company's employees have been hit with email scams over the last several weeks. One of these attacks successfully tricked an employee into revealing his username and password. Management has asked you to look for possible solutions to these attacks. Which of the following represents the best answer? A. Implement a new, more robust password policy that requires complex passwords. B. Start a training and awareness program. C. Increase the organization's email-filtering ability. D. Develop a policy that restricts email to official use only.
D. Act honorably, honestly, justly, responsibly, and legally.
4. In part, the ISC2 Code of Ethics states which of the following? A. Thou shalt not use a computer to harm other people. B. Compromising the privacy of users is unethical. C. All information should be free. D. Act honorably, honestly, justly, responsibly, and legally.
B. Fuzzing is a black-box testing method that does not require access to source code.
4. You would like to have the security firm test the new web application, but have decided not to share the underlying source code. What type of test could be used to help determine the security of the custom web application? a. Secure compiler warnings b. Fuzzing c. Static testing d. White-box testing
A. Insiders represent the biggest threat to the organization because they possess two of the three things needed to attempt malicious activity: means and opportunity.
5. Which of the following groups presents the largest threat to your organization? A. Insiders B. Corporate spies C. Government spies D. Script kiddies
B. There is always some trace evidence. Locard's Exchange Principle states that whenever two objects come into contact, a transfer of material will occur.
6. Locard's Exchange Principle states which of the following? A. The chain of custody should never be broken. B. There is always some trace evidence. C. Three things are required for a crime: means, motive, and opportunity. D. Checksums should be used to authenticate evidence.
D. The International Organization on Computer Evidence (IOCE) was appointed to draw up international principles for the procedures relating to digital evidence.
7. Which of the following international organizations was established to standardize the handling of forensic evidence? A. The International Organization on Forensic Analysis B. The EU Policy Council of Criminal Evidence C. The United Nations Organization on Computer Evidence D. The International Organization on Computer Evidence
D. Justifiable
8. For evidence to be used in court, it must not be which of the following? A. Relevant B. Properly preserved C. Identifiable D. Justifiable
802.1x Authentication Methods
802.1x Authentication Methods - Password-Based Authentication - Token-Based Authentication - Certificate-Based Authentication
B. Is not admissible in court Hearsay is generally not admissible in court because it is considered secondhand information.
9. Which of the following best defines hearsay evidence? A. Can be used in civil cases B. Is not admissible in court C. Is considered third-hand information D. Can be used to verify what has been presented through best evidence
CVE. Common Vulnerabilities and Exposures (CVE).
A dictionary of publicly known security vulnerabilities and exposures.
Bluetooth technology Active Scanning of Bluetooth - It can determine both the strength of PIN and what security mode the device is operating on. Passive Scanning of Bluetooth - It only can detect active connection and typically requires multiple visits to have a chance of identifying all devices.
A type of wireless technology that uses radio waves to transmit data over short distances (approximately 3-300 feet depending on power); often used to connect peripherals such as printers and keyboards to computers or headsets to cell phones.
A. Synthetic Monitoring, B. Passive Monitoring
A. This is the type of monitoring is used to emulate or record transactions for performance assessment or response time, functionality reviews etc. B. This type of monitoring uses a span port or other methods to copy traffic and monitors it in real time.
A. Synthetic Monitoring and B. Passive Monitoring
A. This type of monitoring uses simulated or recorded traffic and can be used to proactively identify problems. B. The other type of monitoring only works after issues have occurred because it requires actual traffic.
A. CVE Database B. OVAL C. XCCDF
A. What does provides consistent reference for identifying security vulnerabilities as part of SCAP? B. What is used to describe the security condition of a system? C. What is used to create security checklist in a standardized fashion?
Active vs Passive Wireless Scanning
Active scan, the client radio transmits a probe request and listens for a probe response from an AP. Active scanning is useful for testing IDS and IPS systems. Passive scan, the client radio listens on each channel for beacons sent periodically by an AP. It can help identify the Rogue devices by capturing MAC address and Vendor ID's that do not match deployed devices. Passive scanning cannot be detected by detection systems. Problems with Active Scanning - You may send unwarranted signal to rogue or nearby organizations. However causing alarm to your own organization IPS/IDS is expected result of it.
Secondary Evidence
Although it not as reliable or as strong as best evidence, This evidence can still be used in court. A copy of evidence and an oral description of its contents are examples of this evidence.
Threat Categorization
An important part of application threat modeling is ______. It helps to assess attacker goals that influence the controls that should be put in place.
802.1x Components
Client / Supplicant - In order for client to participate in the 802.1x authentication, it must have a piece of software called a supplicant installed in the network stack. Switch /Access Point/Controller - The switch or wireless controller plays an important role in the 802.1x transaction by acting as a 'broker' in the exchange. RADIUS Server. - The RADIUS server acts as the "security guard" of the network; as users connect to the network, the RADIUS authenticates their identity and authorizes them for network use. Identity Store - The Identity Store refers to the entity in which usernames and passwords are stored.
Every Function Called for Every Statement Execution Every Branch explores Every Condition validated.
Code Coverage requires -
Code Audit
Code audit - A software code audit is a comprehensive analysis of source code in a programming project with the intent of discovering bugs, security breaches or violations of programming conventions.
Code Coverage Testing
Code coverage is a software testing metric that determines the number of lines of code that is successfully validated under a test procedure, which in turn, helps in analyzing how comprehensively a software is verified. Estimates the degree of testing conducted against the new software Test coverage = # of use cases tested / total # of use cases 5 Coverage Criteria Function Coverage -- The functions in the source code that are called and executed at least once. Statement Coverage -- The number of statements that have been successfully validated in the source code. Path Coverage -- The flows containing a sequence of controls and conditions that have worked well at least once. Branch or Decision Coverage -- The decision control structures (loops, for example) that have executed fine. Condition Coverage -- The Boolean expressions that are validated and that executes both TRUE and FALSE as per the test runs.
Packers, Crypters and Wrappers Packers - compress the hostile code to obfuscate the activity o the malware. Crypto's - Encrypt the hostile code using its own encryption algorithm. Wrapper - combines two or more executable into a single packaged program, essentially to hide the hostile code.
Common technique to obfuscate malicious code that make the hostile code undetectable by anti-virus programs are -
Trojan. - The Trojan may be configured to do many things, such as log keystrokes, add the user's system to a botnet, or even give the attacker full access to the victim's computer. Even instant messaging (IM) and Internet Relay Chat (IRC) can be used to spread Trojans. These applications were not designed with security controls in mind. The effects of Trojans can range from benign to the extreme. Some users who become infected may not know they are infected, whereas others may experience complete system failure. More often than not, the victim may just notice that something is not right.
Consider the home user who sees nothing wrong with downloading a movie illegally from the Internet. After it has been downloaded, however, the user realizes the movie will not play. The user receives a message about a missing driver or codec and is prompted to go to a site that has a movie player with the right codec installed. The user does as instructed and downloads the movie player and, sure enough, everything works. Seems like a movie without any cost. Well, not quite, because at the time the user installed the movie player, he also installed a remote access ________
Endpoint Security
Disk Encryption, application whitelisting, and blocking USB Drive is example of what security technique?
A. A TCP connect scan. - When tester doesn't have raw packet creation privileges, such as when they have not elevated their privileges on a compromised host, a TCP connect scan can be used. TCP SYN scans require elevated privies on most Linux hosts.
During a penetration test, Danielle needs to identify systems, but she hasn't gained sufficient access on the system she is using to generate raw packets. What type of scan should she run to verify the most open services? A. A TCP connect scan B. A TCP SYN scan C. A UDP scan D. An ICMP scan
B. Running WPA2 in Enterprise mode. uses RADIUS authentication for users rather than a pre-shared key. This means a password attack is more likely to fail as password attempt for a given user may result in account lock out. Note WPA2 will not stop a password attack.
During a wireless network penetration test, Susan runs aircrack-ng against the network using a password file. What might cause her to fail in her password-cracking efforts? A. Use of WPA2 encryption B. Running WPA2 in Enterprise mode C. Use of WEP encryption D. Running WPA2 in PSK mode
WPA2 Authentication Protocols
EAP-TLS - is a certificate-based protocol that is is widely considered one of the most secure EAP standards because it eliminates the risk of over-the-air credential theft. EAP-TTLS/PAP - is a credential-based protocol that was created for an easier setup because it only requires the server to be authenticated, while user authentication is optional. TTLS creates a "tunnel" between the client and the server and gives you multiple choices for authentication. PEAP-MSCHAPv2 - is a credential-based protocol that was designed by Microsoft for Active Directory environments. Although it's one of the most popular methods for WPA2-Enterprise authentication, it does not require the configuration of server-certificate validation, leaving devices vulnerable to Over-the-Air credential theft.
Conclusive evidence does not require any other corroboration and cannot be contradicted by any other evidence.
Evidence does not require any other corroboration and cannot be contradicted by any other evidence.
Opinion evidence is based on what the witness thinks, feels, or infers regarding the facts.
Evidence is based on what the witness thinks, feels, or infers regarding the facts.
Circumstantial Evidence
Evidence provides inference of information from other intermediate relevant facts.
Corroborative evidence supports another piece of evidence.
Evidence supports another piece of evidence.
Most common Network Ports to remember
FTP - 20, 21 - Port 20 performs the task of forwarding and transferring of data. - Port 21 performs the task of signaling for FTP. It listens to all of the commands and provides a flow control for data. It is quite essential for maintaining the flow of data. SSH - 22 Telnet - 23 SMTP - 25 or 2525 DNS - 53 DHCP - 67 by the Server DHCP - 68 by Client POP3 - 110 NetBIOS Name service - 137 NetBIOS Datagram - 138 NetBios Session - 139 IMAP - 143 Active Directory - 445. (File Replication Service) LDAP - 389 used by UDP for normal queries. MSSQL - 1433 RDP - 3389
1. Planning 2. Overview 3. Prepration 4. Inspection 5. Rework 6. Followup
Fagan's Inspection Steps
This is a port access protocol that protects networks via authentication. It is widely used in wireless authentication like WPA and WPA2 alongside RADIUS. When 802.1x is used, it opens virtual port for authentication and based on authorization, it allows or denies the request. It has 3 basic entities of 802.1x. 1. Supplicant - Software running on WiFi workstation 2. Authenticator - Wireless Access Point 3. Authentication Server - Server contains authentication database usually RADIUS server. Extensible Authentication Protocol (EAP) passes the authentication information between the supplicant and the AS.
Features of 802.1x
Discover, Offer, Request, and Acknowledge are the steps DHCP DORA. Quick to remember
Four steps of DHCP IPv4
zzuf, Peach Fuzzer,
Fuzz - zzuf is a transparent application input fuzzer. Its purpose is to find bugs in applications by corrupting their user-contributed data. Other similar tools are - such as Peach Fuzzer, etc.
Fuzz Testing
Fuzz testing (fuzzing) is a quality assurance technique used to discover coding errors and security loopholes in software, operating systems or networks. It involves inputting massive amounts of random data, called fuzz, to the test subject in an attempt to make it crash.
Common Vulnerability Scoring System (CVSS)
It includes metrics and calculation tools for exploitability, impact, how mature exploit code is, and how vulnerabilities can be remediated, as well as a means to score vulnerabilities against users unique requirements.
sqlmap
It is an open source penetration testing tool that automates the process of detecting the exploitable SQL injection flaws and taking over of database servers.
Best Evidence
It is the evidence that is considered the most reliable form of evidence. Original documents are an example of this evidence.
Pretexting
It is variations of social engineering technique where more personal information about an individual is obtained under false pretending as him. One might call your cell phone provider and ask for a reprint of a bill. They also might call back and say they lost their checkbook, or even contact your credit card provider.
Multi tasking In the modern operating systems, we are able to play MP3 music, edit documents in Microsoft Word, surf the Google Chrome all simultaneously, this is accomplished by means of multi tasking.
It refers to execution of multiple tasks (say processes, programs, threads etc.) at a time.
B. Common Platform Enumeration (CPE) component of SCAP provides a consistent way to refer to operating systems and other system components.
Ken is having difficulty correlating information from different security teams in his organization. Specifically, he would like to find a way to describe operating systems in a consistent fashion. What SCAP component can assist him? A. CVE B. CPE C. CWE D. OVAL
Generational vs Mutational Fuzzer
Mutation (Dumb Fuzzers): Here, it's all about mutating the existing input values (blindly). That's why it is known as "dumb" fuzzers, as in lacking understanding of the format/structure of the data. One example can be just replacing/appending a random section of data. Generation (Intelligent Fuzzer): Here an understanding of the Data Model/file format / protocol is very important. It's about "generating" the inputs from the scratch based on the specification & format.
B - Mechanism because it is an example of a mechanism like a hardware, software, or firmware bases console or system. Specifications are document-based artifacts like policies or designs. Activity - refers actions that support an information system that involves people. Individual - One or more people applying specifications, mechanism, or activities.
NIST Special Publication 800-53A describes four major types of assessment objects that can be used to identify items being assessed. If the assessment covers IPS devices, which type of assessment objects is being assessed? A - A specification B - A mechanism C - An activity D - An individual
Hybrid Encryption
On what type of encryption are the SSL, TLS, IPSec, S/MIME and PGP algorithm are based?
Open, Closed, Filtered Ports
Open Port - The Port that is accessible and application is accepting the requests. Closed Port - The port that is accessible but no application is accepting requests. Filtered Port - Port is not accessible.
OVAL. vs XCCDF
Open Vulnerability Assessment Language (OVAL) is used to describe security condition of the system. The Extensible Configuration Checklist Description Format (XCCDF) is used to create security checklists in a standardized fashion.
Email encryption systems
PEM and MSP are example of what?
Blackbox testing
Penetration Testing occurs when the test team has no details of the organization's network. As an example, last year my company did a ___________ test for an organization and was provided only the IP address range.
Double Blind Test.
Penetration Testing this only based on Publicly available information and also no security staff is notified of the test.
Blind Test
Penetration Testing which is only based on publicly available information.
Greybox Testing
Penetration testing is used to examine what is possible with insider access.
Relevant Legally obtained and legally permissible Reliable Identifiable Properly preserved and documented
Permissible evidence in court
- Nikto is a free software command-line vulnerability scanner that scans webservers for dangerous files/CGIs, outdated server software and other problems. It performs generic and server type specific checks. It also captures and prints any cookies received. - Burp Suite, Nessus & Wapiti are also Web Vulnerability Scanner
Popular Vulnerability Scanners
Distance Vector. - A distance-vector routing protocol in data networks determines the best route for data packets based on distance. Distance-vector routing protocols measure the distance by the number of routers a packet has to pass, one router counts as one hop.
RIP is probably the most common example of what type of routing protocol?
Race Condition
Results when several threads try to access and modify the same data concurrently. These are those conditions when timing causes issues. These condition cannot be found in the vulnerability report.
4th Generation Language
SQL is an example of what generation language?
Static vs Dynamic testing
Static testing is done in verification stage. Dynamic testing is done in validation stage. In static testing code is being examined without being executed whereas In dynamic testing, code is being executed and tested without necessarily being examined.
- API's - UI's - Physical Interfaces Note - network interfaces are not part of software testing process.
Steps of Software Testing
Misuse Case Testing or Abuse Case Testing
Testing that is focussed on functions that system should not allow. In other words, behaviors that are not what the organization desires or that are counter to the proper function of a system or application.
Logic Bomb
The ------- is malicious programming code is placed in the application's code so that it will execute under given circumstances, such as the lapse of a certain amount of time or the completion of a specific event. This can be used to launch salami attacks. This financial crime works by taking small amounts of money from accounts over an extended period.
ITSEC (Information Technology Security Evaluation Criteria)
The ITSEC is the European Union's TCSEC-comparable infosec specification. E00: Inadequate assurance E01: Discretionary Security E02: Controlled Access E03: Security Labels E04: Structured Security E05: Security Domains E06: Verified Security
Popular Penetration Testing Tools
The Metasploit Framework is a modular penetration testing platform that enables you to write, test, and execute exploit code. The Metasploit Framework contains a suite of tools that you can use to test security vulnerabilities, enumerate networks, execute attacks, and evade detection. Other tools are: - Netsparker - WireShark
PTES
The PTES (Penetration Testing Methodologies and Standards) recommends a structured approach to a penetration test. On one side, the PTES guides you through the phases of penetration testing, beginning with communication, information gathering, and threat modeling phases - Planning: Getting Management Approval and Authorization - Information Gathering & Discovery: Discovery can be both static and active discovery. Port scanning is done during the discovery phase and nmap is most popular tool for this. - Vulnerability Scanning Phase: Vulnerability scanning comes next and Nessus and Nikto are popular tools for this purpose. - Exploitation Phase: John the password cracker can be used to recover passwords during exploitation phase. - Reporting Phase: Provides details of exposure if the risk materialize. Assessment and Exploitation Report should not be limited in length but should be as long as they need to be to accomplish the goals.
Tokens, Capability Lists and Security Labels
The Reference Monitor can designed to use which three items?
Acceptance, Avoidance, Transference and Mitigation
The Risk Management Technique AATM refers to what four activities?
SCAP
The Security Content Automation Protocol (SCAP) is a method for using specific standards to enable automated vulnerability management, measurement, and policy compliance evaluation of systems deployed in an organization, including e.g., FISMA (Federal Information Security Management Act, 2002) compliance. - CVE database provides consistent reference for identifying security vulnerabilities.
STRIDE
The threats are Spoofing, Tampering, Repudiation, Information disclosure (privacy breach or data leak), Denial of service, Elevation of privilege. The STRIDE was initially created as part of the process of threat modeling. STRIDE is a model of threats, used to help reason and find threats to a system.
Rootkits. - Once installed, a rootkit can be used to hide evidence of an attacker's presence and give them backdoor access to the system.
These are a collection of tools that allow an attacker to take control of a system. This can be divided into several different types. These include application, kernel module, hardware, firmware, and bootloader.
Hearsay evidence
This evidence is generally not admissible in court because it is considered secondhand information. Some computer-generated records and other business records fall under this category.
OpenVAS
This is Open Source vulnerability scanner that provides remote scanning/network based scanning capability.
Mutating Tests. (or mutation analysis or program mutation)
This testing is used to design new software tests and evaluate the quality of existing software tests. It involves modifying a program in small ways. Each mutated version is called a mutant. In other words, mutation testing modifies a program in small ways and then tests that mutant to determine it if behaves as it should or it if fails. It ensures Quality of Testing and part of White Box Testing.
Nikto, Burp Suite and Wapiti
This tools is useful for vulnerability scanning of Web Servers.
Mutation Testing
This type testing modifies a program in small ways and then tests that to determine if it behaves as it should or if it fails.
Macro virus
This viruses exploit scripting services installed on your computer. This viruses infect applications like Word or Excel by attaching themselves to the application's initialization sequence or automated tasks within the application. These tasks run without user intervention, and when the application is started, the virus's instructions execute before control is given to the application. Then the virus replicates itself, infecting additional parts of the computer.
API, UI, Physical. Interfaces that should be tested include client interfaces, server interfaces, remote interfaces, GUIs, APIs, external and internal interfaces, and physical interfaces.
Typical interfaces of software testing process
Multi Programming In a modern computing system, there are usually several concurrent application processes which want to execute. Now it is the responsibility of the Operating System to manage all the processes effectively and efficiently. One of the most important aspects of an Operating System is to multi program. In a computer system, there are multiple processes waiting to be executed, i.e. they are waiting when the CPU will be allocated to them and they begin their execution.
What CPU type can interleave two or more programs for execution at any one time?
FAIR - Factor Analysis of Information Risk
What approach to risk management develops baselines of probabilities for the frequency and magnitude of loss events, and is considered an add-on to existing risk framework?
Whitebox testing, Blackbox testing, and Graybox testing.
What are the different types of penetration testing?
1. Planning & preparation 2. Identification & Evaluation 3. Containment and Mitigation 4. Eradication and Recovery 5. Investigation and Closure 6. Lesson Learnt
What are the key steps of "Incident Response Process"?
A Clipping Level
What do you call a threshold that is set to identify an acceptable number of normal mistakes a user might commit?
Ten Commandments of Computer Ethics
What document does the following statement come from? ":Thou shalt not use a computer to harm other people."
MOU
What document specifies terms and conditions for outsourcing partner organizations that must share data and information resources?
Xmas because it is said to "Light Up like Christmas Tree".
What is the term used when TCP scan validates all or most of the possible TCP Flags like URG, FIN, PSH etc?
T1 - 1.54 MBPS T2 - 6.4 MBPS T3 - 44 MBPS T4 - 274 MBPS
What is the total composite rate of T1 line?
Manual Code Review - where human review code line by line it the best option when it is important to understand the context and business logic. Other code reviews like Dynamic, Fuzzing or static review can find vulnerabilities and bugs but not the business logic.
What kind of code review would you need, if you want to ensure that the reviewers take the business logic behind her organization's applications into account?
Real User Monitoring (RUM) is a passive monitoring technique that records user interaction with an application or system to verify that the application responds properly to actual use cases.
What passive monitoring technique records all user interaction with an application or website to ensure quality and performance?
Risk Register
What risk management tool is used to fulfill regulatory compliance?
Orthogonal Frequency Division Multiplexing (OFDM)
What scheme splits the signal info smaller signals, sending different pieces of the data to the receiver on different frequencies simultaneously?
Grade 3
What security grades are residential locks?
SYN, SYN-ACK, ACK
What steps are used in the TCP three-step startup?
RTO
What term describes the maximum elapsed time to recover the data?
Vulnerability Scanner -
What tool that scans a system for available services and then connects to them to collect banner information to determine what version of the service is running?
Trace Evidence
Whenever two objects come into contact, a transfer of material will occur. This is known as the Locard's Exchange Principle and is almost universally accepted by all forensic analysts. No matter how hard someone tries, some evidence always remains. Although criminals can make recovery harder by deleting files and caches, some trace evidence always remains.
TCSEC (Orange Book) Phases. Trusted Computer System Evaluation Criteria
Which Evaluation System Criteria is listed below? D - Minimal protection C - Discretionary protection - C1 - Discretionary Security Protection - C2 - Controlled Access Protection B - Mandatory protection - B1 - Labeled Security Protection - B2 - Structured Protection - B3 - Security Domains A - Verified protection - A1 - Verified Design
IRIS Scan
Which biometric system examines the crypts, furrows, ridges, striations, ligaments, and collarette?
1- SOC2 Type 1 2- SOC2 Type 2
Which one is SSAE18 Audit type that provides 1. Point in time management description of controls. 2. Provides Operating effectiveness over a period of time.
Nmap, Nessus, and Nikito
Which penetration tools have Identification capability of OS Fingerprinting?
RUM. - Real User Monitoring
it is a passive monitoring technique that records user interaction with an application or system to ensure Quality, Performance and proper application behavior.