CyberSec
The MPDU exchange for distributing pairwise keys is known as the _______.
4-way handshake
_______ bandwidth attacks attempt to take advantage of the disproportionally large resource consumption at a server.
Application-based
_________ audit trails may be used to detect security violations within an application or to detect flaws in the application's interaction with the system.
Application-level
________ can include computer viruses Trojan horse programs- worms- exploit scripts- and toolkits.
Artifacts
________ is a process that ensures a system is developed and operated as intended by the system's security policy.
Assurance
_________ identifies the level of auditing enumerates the types of auditable events and identifies the minimum set of audit-related information provided.
Audit analysis
Management should conduct a ________ to identify those controls that are most appropriate and provide the greatest benefit to the organization given the available resources.
B. cost-benefit analysis
The smallest building block of a wireless LAN is a ______.
BSS
_______ is the process in which a CA issues a certificate for a user's public key and returns that certificate to the user's client system and/or posts that certificate in a repository.
Certification
The _________ Model was developed for commercial applications in which conflicts of interest can arise.
Chinese Wall
_______ is a list that contains the combinations of cryptographic algorithms supported by the client.
CipherSuite
________ is when a new document consolidates information from a range of sources and levels so that some of that information is now classified at a higher level than it was originally.
Classification creep
CERT stands for ___________.
Computer Emergency Response Team
__________ attacks are vulnerabilities involving the inclusion of script code in the HTML content of a Web page displayed by a user's browser.
Cross-site scripting
Kerberos uses the _______ encryption algorithm.
DES
In a _______ attack the attacker creates a series of DNS requests containing the spoofed source address for the target system.
DNS amplification
________ controls focus on the response to a security breach by warning of violations or attempted violations of security policies.
Detection and recovery
The wireless environment lends itself to a ______ attack because it is so easy for the attacker to direct multiple wireless messages at the target.
DoS
_________ are a collection of string values inherited by each process from its parent that can affect the way a running process behaves.
Environment variables
________ need training on the development of risk management goals- means of measurement- and the need to lead by example in the area of security awareness.
Executives
________ is a process where authentication and permission will be passed on from one system to another usually across multiple enterprises reducing the number of authentications needed by the user.
Federation
_________ is a formal process to ensure that critical assets are sufficiently protected in a cost-effective manner.
IT security management
_________ is a program flaw that occurs when program input data can accidentally or deliberately influence the flow of execution of the program.
Injection attack
91. One of the earliest and most widely used services is _________.
Kerberos
________ requires that a user prove his or her identity for each service invoked and optionally requires servers to prove their identity to clients.
Kerberos
The function of the ________ layer is to control access to the transmission medium and to provide an orderly and efficient use of that capacity.
MAC
The ______ is responsible for transferring the message from the MHS to the MS.
MDA
_____ defines a number of content formats which standardize representations for the support of multimedia e-mail.
MIME
The unit of data exchanged between two peer MAC entities using the services of the physical layer is a(n) ____________.
MPDU
At its most fundamental level the Internet mail architecture consists of a user world in the form of _________.
MUA
_______ controls focus on security policies- planning- guidelines and standards that influence the selection of operational and technical controls to reduce the risk of loss and to protect the organization's mission.
Management
______ relates to the capacity of the network links connecting a server to the wider Internet.
Network bandwidth
Blocking assignment of form field values to global variables is one of the defenses available to prevent a __________ attack.
PHP remote code injection
"Improper Access Control (Authorization)" is in the _________ software error category.
Porous Defenses
The final form of the 802.11i standard is referred to as ________.
RSN
_______ is the process whereby a user first makes itself known to a CA prior to that CA issuing a certificate or certificates for that user.
Registration
"Incorrect Calculation of Buffer Size" is in the __________ software error category.
Risky Resource Management
______ software is a centralized logging software package similar to but much more complex than syslog.
SIEM
_______ is a text-based protocol with a syntax similar to that of HTTP.
SIP
_______ is a minimal set of conventions for invoking code using XML over HTTP that enables applications to request services from one another with XML-based requests and receive responses as data formatted with XML.
SOAP
It is possible to specifically defend against the ______ by using a modified version of the TCP connection handling code.
SYN spoofing attack
The ______ attacks the ability of a network server to respond to TCP connection requests by overflowing the tables used to manage such connections.
SYN spoofing attack
In both direct flooding attacks and ______ the use of spoofed source addresses results in response packets being scattered across the Internet and thus detectable.
SYN spoofing attacks
__________ data are data that may be derived from corporate data but that cannot be used to discover the corporation's identity.
Sanitized
________ is explicitly required for all employees.
Security awareness
______ attempts to monopolize all of the available request handling threads on the Web server by sending HTTP requests that never complete.
Slowloris
_______ controls are pervasive- generic- underlying technical IT security capabilities that are interrelated with- and used by- many other controls.
Supportive
___________ scan critical system files- directories- and services to ensure they have not been changed without proper authorization.
System integrity verification tools
_________ audit trails are generally used to monitor and optimize system performance.
System-level
The _______ is a hardware module that is at the heart of a hardware/software approach to trusted computing.
TPM
______ is the identification of data that exceed a particular baseline value.
Thresholding
________ is the process of receiving- initial sorting- and prioritizing of information to facilitate its appropriate handling.
Triage
_________ is assurance that a system deserves to be trusted such that the trust can be guaranteed in some convincing way such as through formal analysis or code review.
Trustworthiness
In order to accelerate the introduction of strong security into WLANs the Wi-Fi Alliance promulgated ________ a set of security mechanisms that eliminates most 802.11 security issues as a Wi-Fi standard.
WPA
_______ is movement of data in a business process.
Workflow automation
_______ certificates are used in most network security applications- including IP security- secure sockets layer- secure electronic transactions- and S/MIME.
X.509
_______ is important as part of the directory service that it supports and is also a basic building block used in other standards.
X.509
_____ is a markup language that uses sets of embedded tags or labels to characterize text elements within a document so as to indicate their appearance- function- meaning- or context.
XML
The most common variant of injecting malicious script content into pages returned to users by the targeted sites is the _________ vulnerability.
XSS reflection
A(n) __________ is any entity that has station functionality and provides access to the distribution system via the wireless medium for associated stations.
access point
Security awareness- training- and education programs can serve as a deterrent to fraud and actions by disgruntled employees by increasing employees' knowledge of their ________ and of potential penalties.
accountability
System conditions requiring immediate attention is a(n) _______ severity.
alert
A wireless access point is a _______.
all of the above
The ________ access mode allows the subject only write access to the object.
append
The ________ is a module that transmits the audit trail records from its local system to the centralized audit trail collector.
audit dispatcher
The ________ is a module on a centralized system that collects audit trail records from other systems and creates a combined audit trail.
audit trail collector
A characteristic of reflection attacks is the lack of _______ traffic.
backscatter
The objective of the ________ control category is to counteract interruptions to business activities and to protect critical business processes from the effects of major failures of information systems or disasters and to ensure their timely resumption.
business continuity management
The ________ is the government agency that monitors the evaluation process.
certifier
The specification of a protocol along with the chosen key length is known as a ___.
cipher suite
A _______ is a collection of requirements that share a common focus or intent.
class
In the case of ________ only the digital signature is encoded using base64.
clear-signed data
A _______ attack is where the input includes code that is then executed by the attacked system.
code injection
A _________ attack occurs when the input is used in the construction of a command that is subsequently executed by the system with the privileges of the Web server.
command injection
A _______ policy states that the company may access monitor intercept block access inspect copy disclose use destroy or recover using computer forensics any data covered by this policy.
company rights
The objective of the ________ control category is to avoid breaches of any law statutory- regulatory- or contractual obligations and of any security requirements.
compliance
The result of S/MIME encrypting the digest using DSS and the sender's private DSS key is the ________.
digital signature
A _______ policy states that violation of this policy may result in immediate termination of employment or other discipline deemed appropriate by the company.
disciplinary action
A system used to interconnect a set of basic service sets and LANs to create an extended service set is a _________.
distribution system
"An individual (or role) may grant to another individual (or role) access to a document based on the owner's discretion constrained by the MAC rules" describes the _________.
ds-property
With _________ the linking to shared library routines is deferred until load time so that if changes are made any program that references the library is unaffected.
dynamically linked shared libraries
The _________ level focuses on developing the ability and vision to perform complex multidisciplinary activities and the skills needed to further the IT security profession and to keep pace with threat and technology changes.
education and experience
Severe messages such as immediate system shutdown is a(n) _____ severity.
emerg
The ________ function consists of encrypted content of any type and encrypted-content encryption keys for one or more recipients.
enveloped data
The _________ is logic embedded into the software of the system that monitors system activity and detects security-related events that it has been configured to detect.
event discriminator
The intent of ________ is to determine whether the program or function correctly handles all abnormal inputs or whether it crashes or otherwise fails to respond appropriately.
fuzzing
The most complex part of TLS is the __________.
handshake protocol
When a DoS attack is detected the first step is to _______.
identify the attack
Incorrect handling of program _______ is one of the most common failings in software security.
input
A contingency plan for systems critical to a large organization would be _________ than that for a small business.
larger, more detailed
The most common technique for using an appropriate synchronization mechanism to serialize the accesses to prevent errors is to acquire a _______ on the shared file ensuring that each process has appropriate access in turn.
lock
The ________ accepts the message submitted by a message user agent and enforces the policies of the hosting domain and the requirements of Internet standards.
mail submission agent
A stead reduction in memory available on the heap to the point where it is completely exhausted is known as a ________.
memory leak
An example of a(n) __________ attack is one in which bogus reconfiguration commands are used to affect routers and switches to degrade network performance.
network injection
Windows allows the system user to enable auditing in _______ different categories.
nine
The _______ consists of two dates: the first and last on which the certificate is valid.
period of validity
A ______ triggers a bug in the system's network handling software causing it to crash and the system can no longer communicate over the network until this software is reloaded.
poison packet
Inserting a new row at a lower level without modifying the existing row at the higher level is known as ________ .
polyinstantiation
A ________ is a secret key shared by the AP and a STA and installed in some fashion outside the scope of IEEE 802.11i.
pre-shared key
90. The _______ field in the outer IP header indicates whether the association is an AH or ESP security association.
protocol identifier
To protect the data either the signature alone or the signature plus the message are mapped into printable ASCII characters using a scheme known as ________ or base64mapping.
radix-64
Modifying the system's TCP/IP network code to selectively drop an entry for an incomplete connection from the TCP connections table when it overflows allowing a new connection attempt to proceed is _______.
random drop
A ________ is a pattern composed of a sequence of characters that describe allowable input variants.
regular expression
A _______ is a generic term used to denote any method for storing certificates and CRLs so that they can be retrieved by end entities.
repository
Defensive programming is sometimes referred to as _________.
secure programming
A _______ is conducted to determine the adequacy of system controls- ensure compliance with established security policy and procedures-detect breaches in security services- and recommend any changes that are indicated for countermeasures.
security audit
The _______ category is a transitional stage between awareness and training.
security basics and literacy
The ________ control the manner by which a subject may access an object.
security classes
Security classes are referred to as __________.
security levels
The implementation process is typically monitored by the organizational ______.
security officer
An integer value unique within the issuing CA that is unambiguously associated with the certificate is the_____.
serial number
Using forged source addresses is known as _________.
source address spoofing
Bots starting from a given HTTP link and then following all links on the provided Website in a recursive way is called _______.
spidering
The basic tool that permits widespread use of S/MIME is ________.
the public-key certificate
TCP uses the _______ to establish a connection.
three-way handshake
ESP supports two modes of use: transport and _________.
tunnel
The _______ access mode allows the subject both read and write access to the object.
write