1,120 terms

CISSP+

CISSP study notes from 2015-2016 plus studies in emergency management and other related disciplines.
STUDY
PLAY

Terms in this set (...)

Message Handling Services
X.400
Directory Services
X.500
How does S-HTTP encrypt?
S-HTTP encrypts Individual messages.
How does HTTPS encrypt?
HTTPS encrypts the entire comm channel using TLS.
At what OSI layer is a Segment found?
Segments are found at the Transport Layer.
At what layer of the OSI model are Packets found?
Packets are found at the Network Layer.
At what layer of the OSI model are Frames found?
Frames are found at the Data Link Layer.
At what layer of the OSI model are Bits found?
Bits are found at Layer 1: the Physical Layer.
At what OSI layers are Data Streams found?
Data Streams are found At the top 3 layers of the OSI model: Session, Presentation and Application.
In IPv6, what kind of address is designated ::1?
::1 is the IPv6 loopback address, equivalent to 127.0.0.1 in IPv4
What kind of IPv6 address begins with the hextet FF01?
FF01 is the first hextet of an IPv6 multicast address.
What does the prefix IPv6 hextet FEC0 designate?
FEC0 is the first hextet of an IPv6 site-local address or SLA, equivalent to IPv4 private addresses. RFC 3879 degrades IPv6 site-local addresses in favor of the locally assigned unique local addresses, or ULA.
What kind of IPv6 address begins with the hextet FE80?
FE80 is the first hextet of an IPv6 link-local address: equivalent to an IPv4 APIPA address.
What does the IPv6 prefix FC00 designate?
FC00 is the first hextet of an IPv6 centrally-assigned unique local address or ULA.
What does the IPv6 prefix FD00 designate?
FD00 is the first hextet of an IPv6 locally-configured unique local address or ULA
What kind of IPv6 addresses begin with 2000, 2001, 2002, 2003, etc.?
IPv6 global unicast address. These are equivalent to unique public IPv4 routable addresses.
Which mode of ESP encrypts only the data payload?
ESP Transport Mode encrypts only the data payload.
Which mode of ESP encrypts the entire packet?
ESP Tunnel Mode encrypts the entire packet.
Which ports are identified as the System/Well-Known Ports?
Ports 0-1023.
Which ports are identified as the Registered/User Ports?
Ports 1024-49151.
Which ports are identified as the Dynamic/Private/Ephemeral Ports?
Ports 49152-65535.
Is T1 Packet, Circuit or Cell Switched?
Circuit Switched
Is Frame Relay Packet, Circuit or Cell Switched?
Packet Switched
Is ATM Packet, Circuit or Cell Switched?
Cell Switched: 53 bytes
How do you create ciphertext in binary?
To create ciphertext in binary, XOR the original plaintext with the generated keystream.
How do you compute XOR on two bits?
if only one of the values is true, then the result is true. Otherwise, false.
What is it called when a biometric system grants access to an unauthorized person?
When a biometric system grants access to an unauthorized person, that is known as a False Positive, or a Type 1 Biometric Error.
What is it called when a biometric system denies access to an authorized person?
When a biometric system denies access to an authorized person, that is known as a False Negative, or a Type 2 Biometric Error.
What is IEE 802.11?
IEEE 802.11 is WiFi.
What is IEEE 802.15?
IEEE 802.15 is Bluetooth.
What is IEEE 802.16?
WiMax - cellphone broadband using microwave towers. It is an acronym standing for "Worldwide Interoperability for Microwave Access".
What is IEEE 802.20?
IEEE 802.20 is mobile broadband on cellphones also known as MBWA (Mobile Broadband Wireless Access).
What electronic devices and WiFi standards run in the 2.4 GHz range?
Bluetooth, microwaves, some older wireless phones as well as wireless standards b, g, and n all run in the 2.4GHz range. Unlike the others in this list, wireless n also has the option of running at 5GHz.
Whch wireless standards use the 5 GHz band?
5 GHz is the frequency band in which wireless a, optionally n, and ac run.
Which wireless standard can run in both the 2.4GHz and 5GHz frequency bands?
Wireless n can run in both the 2.4GHz and the 5GHz frequency bands.
What avoidance technology is built into WiFi standard 802.11a?
Wireless a is the WiFi standard with RADAR (Radio Detection and Ranging) avoidance technology built in to it.
What does MIMO stand for?
MIMO is an acronym which stands for Multiple Input, Multiple Output. It is a technology which employs multiple transmitters and receiver antennae to increase data throughput. MIMO was Introduced with wireless n.
What is Diversity in wireless networking?
Diversity is a method for improving the reliability of a WiFi transmission by using two or more communication channels.
What is Channel Bonding?
Channel bonding is a feature in 802.11n that allows for the use of multiple simultaneous frequencies to increase usable bandwidth.
What is BOND an acronym for?
"Bandwidth on Demand". An aggregation of multiple communications channels or frequencies to increase data throughput.
What signal technology does Bluetooth use?
Bluetooth uses Frequency Hopping Spread Spectrum, or FHSS.
What does the acronym FHSS stand for?
FHSS is Frequency Hopping Spread Spectrum.
What signal technology do 802.11a, 802.11g and 802.11n use?
802.11 a, g and n use Orthogonal Frequency Division Multiplexing or OFDM.
What does the acronym OFDM stand for?
OFDM is Orthogonal Frequency Division Multiplexing
What signal technology does 802.11b use?
802.11b uses Digital Sequence Spread Spectrum or DSSS.
What does the acronym DSSS stand for?
DSSS is Direct Sequence Spread Spectrum.
What is a VLAN?
VLAN is short for Virtual Area Network, in which virtual subnets are segregated using switch ports, eliminating the need for physical moves, adds and changes.
What do 802.11a and 802.11n share and how do they differ?
Both are 802.11a and 802.11n are WiFi standards which can run at 5GHz, and yet they are not interoperable.
What is a switch?
A switch is a network device which creates a separate collision domain on each port, while remaining within a single broadcast domain.
What is Real Evidence?
Real Evidence is Physical evidence, like a hard disk drive.
What is Corroborative Evidence?
Corroborative Evidence supports other evidence, and it may include expert testimony.
What is Direct Evidence?
Direct Evidence includes eyewitness accounts and descriptions.
What is Circumstantial Evidence?
Circumstantial evidence indirectly establishes a fact through inference.
What is Risk Management?
Risk management is determining the cost-effectiveness of mitigating a risk.
What is Risk Assessment?
Risk Assessment is the evaluation of threats to determine vulnerabilities.
What is Vulnerability Assessment?
Vulnerability Assessment is the process of quantifying asset weaknesses.
What is a Brownout?
A Brownout is a long power drop.
What is a Sag?
A Sag is a short power drop.
What is a Blackout?
A Blackout is a long power loss.
What is a Fault?
A Fault is a short power loss.
What is a Spike?
A Spike is a short power surge.
What is RAID 0?
a Striped Set.
What is RAID 1?
Mirrored Set.
What is RAID 10?
Striped Mirror (nested RAID).
What is RAID 3?
Striped Bytes with Parity
What is RAID 4?
Striped Blocks with Parity
What is a PDU?
PDU stands for Protocol Data Unit
What is Bluetooth's Practical Maximum Range?
Bluetooth's maximum practical range is roughly 33 feet.
What is the Speed of E1?
Data on an E1 line travels at 2.048 megabits per second.
What is the Speed of T1?
1.544 megabits per second
What is the Speed of T3?
Data on a T3 line travels at 44.736 megabits per second; normally rounded up to 45.
What is the Speed of E3?
E3 = 34.368 megabits per second
What is the formula for calculating Single Loss Expectancy (SLE)?
SLE= EF x AV
What is the formula for Annualized Loss Expectancy? (ALE)
ALE = SLE x ARO
In risk management, what is the formula for "Residual Risk" (RR)?
Residual Risk = Total Risk x Countermeasures
Which DES mode can propagate encryption errors?
Cipher Block Chaining (CBC).
Which DES mode can leave patterns in ciphertext?
Electronic Code Book is the DES mode which can leave patterns in ciphertext.
What is the Recovery Point Objective?
The Recovery Point Objective amount of time business can endure system unavailability or data loss. Recovery Point Objective is a temporal measure used to determine how often systems should be backed up.
What is the Recovery Time Objective?
The Recovery Time Objective defines how quickly we must be back up and running.
What type of Authentication is Something You Know?
Something You Know is also known as Type 1 Authentication. A Password is a typical example of Type 1 Authentication.
What type of Authentication is Something You Have?
Something You Have is also known at Type 2 Authentication or Transient Authentication. It usually refers to a physical token, such as a Common Access Card (CAC) in the DoD.
What type of Authentication is Something You Are?
Something You Are is also known as Type 3 Authentication. Type 3 Authentication generally refers to biometric authentication methods.
What Kind of Authentication is Something You Do?
This can be referred to as behavioral biometrics. An example of this is typing keystroke rhythm, determined by measuring key dwell (how long you rest on a key) and flight time (the time it takes you to get from one key to the next).
What Kind of Authentication is Somewhere You Are?
An example of this would be authentication through GPS coordinates on a cellphone or other mobile device in your possession.
What is the first step in the Business Continuity Planning (BCP) process?
The first step in BCP planning is to determine scope.
Backing up data remotely over the wire is known as?
Electronic Vaulting.
What is an alternate location for storing backup media known as?
Off-site storage is the name for when backup media is stored at an alternate location.
Who resumes critical business operations at the alternate site?
The Recovery Team resumes critical business operations at the alternate site.
Who returns the primary site to normal business operations?
The Salvage team returns the primary site to normal business operations.
What is keeping data current at an alternate site known as?
Remote journaling is the process of keeping data current at an alternate site. Unlike electronic vaulting, this is a continuous process. Also, remotely journaling will generally store only transaction logs, not data.
What is ITIL?
ITIL stands for Information Technology (IT) Infrastructure Library. It is a set of best practices at the heart of IT service management, and was originally developed in the UK. ITIL has become ISO/IEC standard 20000.
What is ISO 27002?
It is a code of practice that provides GUIDANCE, providing an internationally accepted framework for best practice in Information Security Management (ISM) and systems interoperability. It also provides guidance for a certification-ready ISMS (Information Security Management System).
What is ISO 27001?
It is a vendor-neutral and technology-independent SPECIFICATION for an Information Security Management System (ISMS). Although it mandates the use of ISO 27002 as a source of guidance on controls, it does not preclude choosing controls from other sources as well.
What is the most common legal system in the world?
Civil Law (or tort law)
What legal system do the US and UK base their laws on?
Common Law (or statutory law)
What is Mixed Law?
Mixed Law is a combination of any two types of law (except for Administrative Law) Usually Common Law + Civil Law, but can also combine Religious Law and Customary Law.
What is Common Law?
Common law is legislated, relying on case rulings and precedents. Common law usually has a governmental body as the plaintiff, not a company or an individual. Most criminal proceedings fall under common law. Common law can also be referred to as statutory law (based on statute).
What is Civil Law?
Civil law is does not rely on case rulings and precedents. It is usually between individual plaintiffs and defendants.
What is Customary Law?
Customary law is not legislated, but instead reflects best practices of a community or business sector. Customary law can also include ingrained cultural practices which do not rely on the interpretation of religious doctrines.
What is Religious Law?
Religious law is based on the interpretation of religious doctrines.
What step comes last in the development of a Business Contingency Plan (BCP)?
The IT Contingency Plan
What contingency or emergency planning discipline focuses on the restoration of specific IT services?
The Disaster Recovery Plan (DRP). It is a subset of the Business Continuity Plan (BCP).
What OSI layer do circuit-level proxy firewalls operate at?
Session Layer
What OSI layer do application-level proxy firewalls operate at?
Application Layer
Which two types of firewalls operate at both the Network and the Transport layers?
Packet-filtering and Stateful Packet Inspection (SPI) firewalls.
Rainbow Series Red Book?
Trusted Network Infrastructure (TNI)
What is the Rainbow Series Orange Book?
Trusted Computing Base
At what OSI layer do switches broadcast frames?
Data Link
At what OSI layer do routers operate?
Network
Link Encryption
Encrypts not only the message payload, but also the routing information. Requires decrypting and re-encrypting at each communications node. Performed by communication service providers. Original cleartext is vulnerable to interception if a node is compromised.
End-to-End Encryption
Starts at the origination point, and is not decrypted until arrival at the destination. Routing information remains visible. Vulnerable to traffic analysis.
Block Cipher
Encrypts message one block at a time. Uses both transposition and substitution, making it stronger than stream-based ciphers, but it consumes more processing resources. Larger block sizes increase encryption strength. Usually implemented in software vs. hardware.
Key Length
The size of the key, generally measured in bits or bytes.
Risk Acceptance
When a company chooses to leave an asset unprotected. This occurs only when the risk or consequences are low.
At what layer of the OSI model do DNS and DHCP operate?
DNS and DHCP operate at the Application layer of the OSI model.
In risk management calculations, which factor is expressed as a whole number or percentage instead of as a monetary (dollar) value?
Annualized Rate of Occurrence (ARO)
Risk Avoidance
This is when the use of a technology or service is altogether eliminated rather than dealing with the risks that are incurred by implementation of that technology or service.
Recovery Point Objective (RPO)
The Recovery Point Objective (RPO) indicates the amount of data loss or system unavailability, measured in units of time, that a business can endure. The RPO rating can be used to determine how often a system should be backed up. Often synonymous with Maximum Tolerable Downtime (MTD).
Which is it called when an intrusion detection system (IDS) or intrusion prevention system (IPS) fails to identify malicious traffic that enters the network?
A False Negative. False Negatives should be reduced to the greatest degree possible, even at the cost of increasing false positives.
What is it called when IDS or IPS identifies non-malicious traffic as malicious?
A False Positive. Although False Negatives (allowing malicious code to pass through into the network), pose a greater threat than false positives, tuning must be performed to minimize false positives while eliminating false negative. This could be viewed as "balancing the threat".
What is Database Replication?
Copying data between live mirrors of a single database. Database replication serves not only to create a backup, but also supports high-availability and redundancy (clustering and load balancing).
Database Shadowing
Copies data from a live database to a read only copy. The database shadow is an offline backup, which is only made available in instances when the primary database is 'incapacitated'.
What is an IPv4 address with all bits on?
It is an IPv4 Layer 3 Network limited broadcast address. Limited broadcast addresses are sent to all devices on a broadcast domain; they are not forwarded by routers.
What is an IPv4 address with only the last octet set to 255?
It is an IPv4 Layer 3 Network directed broadcast address. These are sent to all devices on a specific subnet and can be forwarded by routers.
What is Network Interface Card hex address with all bits on (FF)?
A Data Link Layer Ethernet broadcast are sent to all nodes on a switch; they are not forwarded by routers. It is a message to all MAC addresses on the broadcast domain.
What are the four steps of managing access control in an organization?
1) Defining resources;
2) Determining users;
3) Specifying use; and,
4) Enforcing accountability.
What type of controls can a background check provide?
Although a background check is fundamentally an administrative personnel access control, it can also serve as a preventive, a detective, and a deterrent access control.
What is Due Care?
A legal liability concept that defines the minimum level of information protection that an organization must achieve. It also known as "Duty of Care".
What is the Prudent Man Rule?
The Prudent Man rule is the process of measuring business practices against the judgment of any reasonable individual.
What is Due Diligence?
Due diligence is a legal liability concept that requires an organization to continually review its practices to ensure that protection requirements are met. Due diligence is a process that typically follows due care.
What are the OECD Guidelines?
The Organization for Economic Cooperation and Development (OECD) Guidelines were created in 1980 to provide a framework for how information traverses international borders.
What are the eight Principles of the OECD Guidelines?
1) Collection Limitation;
2) Data Quality;
3) Purpose Specification;
4) Use Limitation;
5) Security Safeguards;
6) Openness;
7) Individual Participation; and,
8) Accountability.
What is the OECD Collection Limitation Principle?
Personal data collection must be limited to legal means and requires the individual's permission.
What is the OECD Data Quality Principle?
Requires that the integrity of the personal data be intact and maintained.
What is the OECD Purpose Specification Principle?
Requires the disclosure of and adherence to the purpose for collecting the personal information.
What is the OECD Use Limitation Principle?
Requires that information not be disclosed to other parties without the individual's permission.
What is the OECD Security Safeguards Principle?
Requires the reasonable protection of data against modification by or disclosure to unauthorized individuals.
What is the OECD Openness Principle?
Requires that the information collection policy be available for scrutiny.
What is the OECD Individual Participation Principle?
Requires that an entity allow individuals to inquire about whether that entity is storing the individual's personal information. This principle also enables the individual to challenge and update the content of the personal information.
What is the OECD Accountability Principle?
Requires that an entity adhere to the other seven OECD Principles.
What Ports does FTP use, and for what purposes?
FTP uses TCP Port 20 for data transfer and TCP Port 21 for control commands.
What are the 3 opposing forces to the CIA triad?
Disclosure;
Alteration; and,
Destruction.
What is the advantage of ARP scanning over ICMP scanning?
ARP scanning can discover firewalled devices on a local network. ARP does not cross routers; it stays within local networks.
What is the function of Domain Name System (DNS)?
DNS maps IP addresses to Fully-Qualified Domain Names (FQDNs).
What computer component is most likely to be directly connected to the CPU?
The Northbridge is the computer component that is most likely to be connected directly to the CPU. The Northbridge is a computer bus connected to the system's CPU and RAM.
What is the Southbridge?
The Southbridge is connected to the Northbridge and to all other peripheral and external devices, such as HDD, monitor, keyboard and mouse.
What is Mandatory Access Control (MAC)?
Mandatory Access Control uses permissions that are determined by organizational policy and a user's need to know.
What does an attacker have in a Known Plaintext Attack?
In a Known Plaintext Attack, the attacker has access to both the plaintext and the ciphertext. The attacker uses both of these and attempts to extract the original encryption key.
What does an attacker have in a Ciphertext-Only Attack?
If a Ciphertext-Only Attack, the attacker has access to the ciphertext alone. The attacker will seek to acquire multiple ciphertext messages in order to perform a statistical analysis on the messages to try to identify patterns or trends.
Kerberos is a Single-Sign On (SSO) solution that uses what method to prevent replay attacks?
Kerberos requires devices to be synchronized to the same time to prevent replay attacks, typically to a tolerance of five minutes. NTP (Network Time Protocol) can be used to synchronize the time between a Kerberos server and its clients so that authentication is not rejected.
What element in the CIA triad is not directly provided by cryptography?
Availability.
What Risk Management equation is used when performing Risk Analysis?
ALE = ARO X SLE
What are the European Union (EU) privacy principles that govern the way an organization conducts itself when monitoring employees?
1) Legitimacy;
2) Necessity;
3) Finality;
4) Transparency;
5) Proportionality;
6) Data Accuracy;
7) Security; and,
8) Awareness of the staff.
EU Necessity
The method of monitoring must be absolutely necessary. If a less-intrusive method exists it must be used.
EU Legitimacy
Data collected on employees must be used in a way that is legal or with the employee's consent.
EU Finality
Data collected on employees must be used for a specific, explicit, and legitimate purpose.
EU Transparency
Employer must completely disclose the monitoring process and the reasons for monitoring to employees.
EU Proportionality
Employee monitoring policies must be customized to the level of risk the employer incurs from the employee.
EU Data Accuracy
Private information must be kept accurate and up-to-date.
EU Security
Employer must take reasonable security precautions to protect the confidentiality of the employee's data.
EU Awareness of the Staff
Requires that the staff who handle data be properly trained.
What is Implicit Deny?
A firewall rule that automatically blocks traffic that is not specifically granted access.
What is Explicit Allow?
A firewall rule that permits specific traffic to pass through that firewall.
What is the Bridge Model in Federated Identity Management?
This is another name for the trusted third-party certification model. The trusted third-party model uses a single organization to manage the authentication and verification process for each company that is participating in the model.
What is Federated Identity Management?
The process of providing access to a company's data resources to organizations or parties that are not owned by the company.
What is the Cross-Certification Trust Model in Federated Identity Management?
This model involves creating a trust from each organization to every other organization that is participating in the model. Each participant must verify the trustworthiness of every other participant. PGP and GPG use the cross-certification trust model.
What is true about all firewalls?
All firewalls are multi-homed devices. A multi-homed device is a device that has more than one network connection. The purpose of a firewall is to block undesired network traffic and to allow desired network traffic to pass from one network interface to another.
What occurs in a SYN FLOOD Attack?
TCP packets with a spoofed source address request a connection to the target network. This attack disrupts the three-way TCP handshake by continually sending SYN packets to a host network, but never acknowledging the SYN-ACK packet reply from that target network.
What occurs in a FRAGGLE Attack?
Fraggle attacks send the UDP Echo packets to the broadcast address of a target network using a spoofed IP address.
What occurs in a TEARDROP Attack?
The Length and Fragmentation offset fields of sequential IP packets are modified, causing the target system to crash.
What occurs in SMURF Attack?
ICMP Echo Request packets are sent to the broadcast address of a target network by using a spoofed IP address.
What is a deterrent access control?
A deterrent access control is used to dissuade potential attacks or inappropriate use.
What are the 7 categories of access controls?
1) Directive;
2) Deterrent;
3) Preventive;
4) Compensating;
5) Detective;
6) Corrective; and
7) Recovery
What is a compensating access control?
A secondary access control that typically enforces elements of a primary access control that cannot be enforced by the primary access control itself.
What is a corrective access control?
A corrective access control is used to repair damage caused by malicious events.
What is a recovery access control?
Used to restore a system to a normal state after malicious activity has occurred.
What is a preventive access control?
Used to stop potential attacks by preventing users from performing specific actions or functions on a system.
What are the 8 steps in the change management process?
Request; Impact Assessment; Approval / Disapproval; Build and Test; Notification; Implementation; Validation & Documentation.
What is the Requests step of the Change Management Process?
Involves the written submission of proposed changes to a management committee.
What is the Impact Assessment step of the Change Management Process?
Determining of all the positive and negative effects that will result from accepting the change.
What is the Approval/Disapproval step of the Change Management process?
The point at which the committee formally accepts or rejects the proposed change.
What is the Build and Test step of the Change Management Process?
Developing and testing proposed changes in an offline environment.
What is the Notification Step of the Change Management process?
Users are notified that the change is going to be deployed.
What is the Implementation step of the Change Management process?
Incremental deployment is used so that effects can be monitored.
What is the Validation step of the Change Management process?
Reviews how implementation went.
What is the Documentation step of the Change Management process?
Reports on the results of a system change, including the modifications that were made and any important information discovered.
What is Configuration Management?
The process of developing a standard method of securing or hardening systems within an organization.
What is an International Common Criteria Security Target (ST)?
The documentation for a system or product that is to be tested.
What are the International Common Criteria?
Standards used to test the security of IT products.
What is the goal of the International Common Criteria?
To identify and remove known vulnerabilities from a product; not the discovery of new vulnerabilities.
What are the 4 elements of the International Common Criteria testing process?
1) ToE;
2) ST
3) PP; and
4) EAL.
What is the ToE (Target of Evaluation)?
Refers to the system or product that is to be tested.
What is an ST (Security Target)?
It is the documentation that describes the security requirements for the Target of Evaluation (ToE).
What is PP (Protection Profile) ?
A set of security objects for the type of product to be tested.
What is an EAL (Evaluation Assurance Level)?
A rating level that is assigned to the product after the product has been tested.
What are the 7 Evaluation Assurance Level (EAL) Ratings?
1) Functionally Tested;
2) Structurally Tested;
3) Methodically tested and checked;
4) Methodically designed, tested and reviewed;
5) Semi-formally designed and tested;
6) Semi-formally verified, designed and tested; and,
7) Formally verified, designed and tested.
What is EAL1?
Functionally Tested.
What is EAL2?
Structurally Tested
What is EAL3?
Methodically tested and checked.
What is EAL4?
Methodically Designed, Tested and Reviewed.
What is EAL5?
Semi-Formally Designed and Tested.
What is EAL6?
Semi-Formally Verified, Designed and Tested.
What is EAL7?
Formally Verified, Designed and Tested.
What is Database Shadowing?
With two or more databases that are running simultaneously, updates made to the primary database are replicated to one or more databases which can be located either locally or remotely.
What is Remote Journaling?
Remote Journaling involves sending the database transaction log to a remote location.
What is Electronic Vaulting?
Electronic Vaulting involves transmitting bulk data to an offsite backup storage facility.
What is Encapsulation in Object-Oriented Programming (OOP)?
It ensures that a class defines only the data that it requires.
What is Inheritance in Object-Oriented Programming (OOP)?
It ensures that a subclass receives the characteristics of its parent class.
What is Polyinstantiation in Object-Oriented Programming (OOP)?
Polyinstantiation allows different versions of the same data to exist at different sensitivity levels.
What is an ICMP FLOOD attack?
Large numbers of ICMP "Echo Request" packets are sent to the target network to consume available bandwidth and/or system resources.
What is a TEARDROP Attack?
The Length and Fragmentation offset fields of sequential IP packets are modified, causing the target system to crash.
What is UDP FLOOD Attack?
Large numbers of UDP packets are sent to the target network to consume available bandwidth and/or system resources.
What is a transient?
A momentary electrical line noise disturbance.
What is the Take-Grant model?
A security model that specifies the rights that a subject can transfer to or from another subject or object.
Why is Kerberos not susceptible to eavesdropping?
Because Kerberos credentials are encrypted by using a secret key before being sent over the network.
Why would a user need to re-authenticate to a Kerberos authentication server?
Because Kerberos session keys have a specific lifetime. That lifetime can be configured so that a user need only re-authenticate to a server once per day.
Why should caution be exercised when configuring the lifetime of a Kerberos session key?
A Kerberos session key with too long a lifetime makes the Kerberos realm more vulnerable to replay attacks.
In VPN access, what is the advantage of callback over Caller ID?
Caller ID numbers can be easily spoofed on most systems.
What is the advantage of employing contract security guards over proprietary security guards?
They are generally less expensive.
What is the best gas-based fire suppression system to install in a data center?
FM-200 (a halon replacement) is the best gas-based fire suppression system to install in a data center. It works by using a chemical reaction that lowers the temperature of the fire and removes the fuel from the fire.
What is the focus of a Disaster Recovery Plan (DRP)?
A DRP focuses on the restoration of specific IT services so that a company can recover from a disaster quickly. A Disaster Recovery Plan (DRP) is subset of the Business Continuity Plan (BCP).
What is a Business Impact Analysis (BIA)?
Identifies business systems and processes that are critical for a company to continue to operate.
What is a Business Continuity Plan (BCP)?
A BCP focuses on maintaining business operations no matter what events a business faces, and contains procedures (DRP) that should be performed in the event of a disaster. A BCP also includes the order in which the procedures should be implemented.
What security architecture framework creates a chain of traceability through six different perspectives of security design?
The Sherwood Applied Business Security Architecture (SABSA).
What security architecture framework enables the viewing of an architecture from six different perspectives?
Zachmann is ACM-based framework. Unlike SABSA, Zachmann doesn't create a chain of traceability.
What are the 6 different perspectives of the Zachmann security architecture framework?
Contextual, Conceptual, Logical, Physical, Component & Operational.
What is the security architecture framework that was inspired by frameworks that were developed by the DoD?
The Open Group Architecture Framework (TOGAF) developed by The Open Group in the 1990s was inspired by Department of Defense (DoD) frameworks.
What are the four basic security architecture domains of The Open Group Architecture Framework (TOGAF)?
Business, Application, Data and
Technology.
What does the TOGAF Business Domain contain?
Information about the business strategy and processes.
What does the TOGAF Application Domain contain?
Information about specific business applications that will be deployed and how those applications relate to business processes.
What does the TOGAF Data Domain contain?
Information about the company's data assets and data management.
What does the TOGAF Technical Domain contain?
Information about hardware, software, and network infrastructure.
What is TOGAF's iterative development process known as?
The Architecture Development Method (ADM).
Describe TOGAF's ADM process.
The Architectural Development Model is a cyclic process in which the results of each phase of the process are compared to the requirements and expectations of the design.
What is the advantage of an Iris Scan over other biometric access controls?
Iris scans are the most accurate and non-invasive of the biometric access controls. An iris scan is a fully passive access control: the user being authenticated is not required to touch anything or actively provide information to the authenticating system.
What are the halon replacements for fire suppression?
FM-200; FE-13; Argon & Inergen.
Which halon replacement is safest for humans?
FE-13
What is the purpose of a ticket-granting server in Kerberos?
A TGS sends a session key to an authenticated user in a Kerberos network when that user needs to access a network device.
WS-SecureConversation
Creates security contexts for fast message exchanges.
WS-Security
Provides integrity, encryption and authentication for Simple Object Access Protocol (SOAP) messages.
What is SOAP?
Simple Object Access Protocol is a messaging protocol that allows programs that run on disparate operating systems (such as Windows and Linux) to communicate using Extensible Markup Language (XML).
WS-Trust
Creates security tokens and brokers trust relationships between messaging participants.
WS-Policy
Advertises security, Quality of Service and other policies for web services.
What type of backup archives only the files that have changed since the last backup of any type?
Incremental.
What type of backup archives only files that have changed since the last full backup?
Differential.
What memory protection technique copies a fixed-length block of memory to disk?
Paging.
What memory protection technique copies an entire process to disk?
Swapping.
What is Virtual Memory?
The mapping of hardware memory addresses to applications, using swapping or paging.
What is Object Encapsulation?
A means of process isolation that helps prevent processes on a system from interfering with one another. It requires that a process run as a black box, in which the process sends and receives information but does not share its functions with other processes.
What is Time Multiplexing?
Time Multiplexing enables multiple processes to share system resources by allocating dedicated time slots to each process.
Which asymmetric encryption algorithm is not vulnerable to replay attacks?
RSA.
What are the three private IPv4 address ranges according to RFC 1918?
10
172.16 - 172.32
192.168
What are the three IPv4 classful address ranges?
0-126
(127 is reserved for loopback)
128-191
192-233
Which security architecture models combines elements of both Bell-LaPadula and Biba?
The Lipner security architecture model combines elements of both Bell-LaPadula and Biba. Bell-LaPadula protects data confidentiality, while Biba protects data integrity. Lipner protects both confidentiality and integrity.
How does the Graham-Denning security architecture model work?
Through an access control matrix (ACM) to map subjects and objects to a series of 8 rules.
What are the rules of Graham-Denning?
create or delete an object; create or delete a subject; access: read, grant, delete or transfer.
How does the Harrison-Ruzzo-Ullman security architecture model work?
It extends Graham-Denning by including a rights integrity protection system that prevents a subject or object from being created if that subject or object already exists in the access control matrix (ACM).
What is CoBIT?
An IT management framework created by the Information Systems Audit and Control Association (ISACA) and the IT Governance Institute (ITGI).
What are the four domains of CoBIT?
Planning and organization; Acquisition and implementation; Delivery and support & Monitoring and evaluation.
What are the main tasks of ITIL?
Service strategy, design, transition, operation and continual improvement.
Service Strategy task of ITIL
Describes how new business needs will be deployed and managed.
Service Design task of ITIL
Process of designing the services described in the Service Strategy.
Service Transition task of ITIL
A project management structure to transition from design into operation.
Service Operation task of ITIL
The point at which all services are deployed to users & metrics are being captured.
Continual Service Improvement task of ITIL
Uses metrics from the Service Operations task to determine what improvements need to be made to the system.
To allow hosts from a specific domain to access your intranet when you have a firewall in place with an implicit deny rule, what ACL (access control list) rule should you implement first?
You should implement an "allow" ACL rule for that particular domain first. ACLs typically follow a specific-to-general pattern of matching. The last rule in the ACL is typically the most general rule.
How are ACL rules evaluated by a firewall?
1) If the packet matches a statement that allows the packet, the firewall then allows the traffic to pass through and no further ACL rules are processed.
2) If the packet matches a statement that denies the packet, the firewall drops the packet and no further ACL rules are processed.
3) If the packet does not match any of the ACL statements, the firewall will apply its default rule.
What runs in OS Ring 0?
The OS kernel and memory resident components
What runs in OS Ring 1?
Other OS components.
What runs in OS Ring 2?
Drivers and protocols.
What runs in OS Ring 3?
User-level programs and applications
Which OS Ring has the highest level of privilege?
OS Ring 0.
Which OS Ring has the lowest level of privilege?
OS Ring 3.
Which OS Ring(s) run in supervisory mode?
OS Rings 0-2
Which OS Ring(s) run in user mode?
Only OS Ring 3 runs in user mode
What is the OS kernel?
The part of an OS that always remains resident in memory.
Where do the non-resident OS components reside?
OS Ring 1. These components are called on-demand as needed by the kernel.
Where do I/O drivers and system utilities reside?
OS Ring 2. These access peripheral devices, access special files, and perform data file system operations such as read, write and delete.
Where do applications and user-accessible programs reside?
OS Ring 3. Using mediated-access mode, Ring 3 programs ask a handler or driver in one of the lower numbered rings for file and printer access, for example.
What is P2PE?
Point-to-Point Encryption. It is part of the PCI DSS standard. It encrypts cardholder data as soon as it swiped. That data remains encrypted until it reaches the payment processor.
What type of cipher operates by rearranging groups of characters?
Block transposition cipher.
What type of investigation typically uses decompiling or reverse engineering to detect malicious activity?
Software analysis. It can be part of the digital forensics process.
What type of lighting is most appropriate in foggy conditions?
Sodium vapor lights are most appropriate in foggy conditions. They emit a soft yellow light that reduces glare in fog. The yellow color of sodium vapor light does not disperse through the moisture in the air as readily as white light does.
What is the disadvantage of using fluorescent lighting outdoors?
Fluorescent lighting operates on the principle of a non-reactive gas excited by the application of a current to produce light. It is sensitive to temperature changes, and will dim once sufficient energy is lost due to low temperatures.
When should user accounts be deleted?
Upon termination of employees who are unlikely to return to the company, and the user's account is not tied to data that cannot be easily accessed by another user account, such as encrypted information.
When should a user account be disabled?
When there is a possibility that the user may return, or upon termination of a disgruntled employee who has access to encrypted files.
What Configuration Management task is most likely to involve the monitoring of security configuration changes over time?
Baselining, which is the process of taking a snapshot of the system's security configuration at a given point in time.
When should Baselines be updated?
When controlled security changes (through change management) are implemented on a system.
What is Patch Management?
Patch Management is the management of system or application software updates.
What is Vulnerability Scanning?
The process of examining a system for unpatched, known vulnerabilities and unsecure configurations.
What is Vulnerability Management?
Vulnerability Management is a process of addressing any vulnerabilities or configuration problems that were discovered during vulnerability scanning.
What is Change Management?
The process of understanding, communicating, and documenting changes to a system so that negative effects from change can be avoided, or at least minimized.
What are the steps of the Change Management process?
Identify and propose the change; determine the risk of the change and test it; schedule the change and notify users; implement the change and document the results.
What method of Fire Detection is typically used by Smoke Sensors?
An electrical charge is the method of fire detection that is typically used by smoke sensors. Both ionization and photoelectric smoke sensors create an electrical charge that can be interrupted by the presence of smoke.
How do Ionization Smoke Sensors create the electrical charge they use in fire detection?
By use of a radioactive emission to create the electrical charge that they use in fire detection.
How do Photoelectric Smoke Sensors create the electrical charge they use in fire detection?
They use a light emitting diode (LED) that creates the electrical charge that sends a signal to the sensor. When smoke interrupts the electric charge, the sensor will trigger an alarm.
What can cause Smoke Detectors to generate false positives?
Dust or other airborne contaminants can be misinterpreted by these sensors as smoke.
What methods of Fire Detection are used by Flame Sensors?
Flame Sensors detect fires by detecting infrared and ultraviolet light from fire. Flame Sensors must have a line of sight with the source of fire.
What method of Fire Detection is used by Heat Sensors?
Heat Sensors use temperature for fire detection. they work by measuring the ambient temperature of an area. If that temperature exceeds a predetermined threshold, or if the temperature begins to rise faster than a predetermined rate, then the sensor will trigger an alarm.
Which organization is responsible for the Ten Commandments of Computer Ethics?
The Computer Ethics Institute (CEI). They are modeled after the King James Version (KJV) of the Decalogue.
What are the CEI's Ten Commandments of Computer Ethics?
1) Thou shalt not use a computer to harm other people.
2) Thou shalt not interfere with other people's computer work.
3) Thou shalt not snoop around in other people's computer files.
4) Thou shalt not use a computer to steal.
5) Thou shalt not use a computer to bear false witness.
6) Thou shalt not copy or use proprietary software for which you have not paid.
7) Thou shalt not use other people's computer resources without authorization or proper compensation.
8) Thou shalt not appropriate other people's intellectual output.
9) Thou shalt think about the social consequences of the program you are writing or the system you are designing.
10) Thou shalt always use a computer in ways that ensure consideration and respect for your fellow humans.
Where can the Internet Activities Board (IAB) code of ethics be found?
The IAB code of ethics is found in RFC 1087 which was first published in 1987. It is entitled "Ethics and the Internet."
What are considered to be unethical behaviors according to "Ethics and the Internet" (IAB)?
1) Seeking to gain unauthorized access to the resources of the Internet;
2) Disrupting the intended use of the Internet;
3) Wasting resources (people, capacity or computer) through unethical actions;
4) Destroying the integrity of computer-based information; and,
5) Compromising the privacy of users.
What are the four canons of the (ISC)2 Code of Ethics?
1) Protect society, common good, public trust and confidence, and infrastructure;
2) Be honorable, honest, just, responsible and legal in all actions;
3) Provide diligent and competent service to principals; and,
4) Advance and protect the profession.
What is the First Commandment of Computer Ethics?
Thou shalt not use a computer to harm other people.
What is the Second Commandment of Computer Ethics?
Thou shalt not interfere with other people's computer work.
What is the Third Commandment of Computer Ethics?
Thou shalt not snoop around in other people's computer files.
What is the Fourth Commandment of Computer Ethics?
Thou shalt not use a computer to steal.
What is the Fifth Commandment of Computer Ethics?
Thou shalt not use a computer to bear false witness.
What is the Sixth Commandment of Computer Ethics?
Thou shalt not copy or use proprietary software for which you have not paid.
What is the Seventh Commandment of Computer Ethics?
Thou shalt not use other people's computer resources without authorization or proper compensation.
What is the Eighth Commandment of Computer Ethics?
Thou shalt not appropriate other people's intellectual output.
What is the Ninth Commandment of Computer Ethics?
Thou shalt think about the social consequences of the program you are writing or the system you are designing.
What is the Tenth Commandment of Computer Ethics?
Thou shalt always use a computer in ways that ensure consideration and respect for your fellow humans.
What is the First Unethical Behavior according to "Ethics and the Internet"?
Seeking to gain unauthorized access to the resources of the Internet.
What is the Second Unethical Behavior according to "Ethics and the Internet?"
Disrupting the intended use of the Internet.
What is the Third Unethical Behavior according to "Ethics and the Internet?"
Wasting resources such as people, capacity or computers through unethical actions.
What is the Fourth Unethical Behavior according to "Ethics and the Internet?"
Destroying the integrity of computer-based information.
What is the Fifth Unethical Behavior according to "Ethics and the Internet?"
Compromising the privacy of users.
What is the first ACL rule that is evaluated by a firewall?
If the packet matches a statement that allows the packet, the firewall then allows the traffic to pass through.
What is the second ACL rule that is evaluated by a firewall?
If the packet matches a statement that denies the packet, the firewall drops the packet.
What is the third ACL rule that is evaluated by a firewall?
If the packet does not match any of the specific ACL statements, the firewall will apply its default rule.
What is the difference between the Recovery Time Objective and the Recovery Point Objective?
The RTO is the maximum time that an organization can continue function with critical functions degraded while the RPO is the amount of data loss an organization can accept (measured in time to create or recreate) and still remain functional.
What is the difference between Disaster Recovery and Business Continuity Plans?
A disaster recovery plan revolves around getting critical systems back online so that mission is not negatively affected. A business continuity plan focuses on long-term strategy to keep an organization functioning without interruption after a disaster.
Which types of firewalls make decisions based only on the Network and Transport layer of the OSI model?
Packet filter and stateful firewalls operate at the OSI Network and Transport layers.
In what PDU are Segments encapsulated?
Segments are encapsulated in Packets.
In what PDU are Packets encapsulated?
Packets are encapsulated in Frames.
In what PDU is Application Data encapsulated?
Application Data is encapsulated in a Segment at the Transport Layer.
At what layer are Frames converted to Bits?
Frames are converted to Bits at the Data Link layer. Bits are not de-encapsulated from Frames.
What is another name for DNS cache poisoning?
Pharming
What three attack vectors use spoofed Media Access Control (MAC) addresses?
1) ARP cache poisoning;
2) CAM table flooding; and,
3) Denial of Service.
What is Tripwire?
HIDS
How are EUI-64 addresses constructed?
Split the 48-bit MAC address down the middle, into OUI and EUI; place hex FF and FE between them; convert the first 8 bits of the OUI to binary and flip the seventh bit; then convert the first 8 bits back to hex.
What is the advantage of SLIP over PPP?
Lower overhead. SLIP is a bare-bones protocol, often used by microcontrollers for IP packet encapsulation.
What will occur if a router must send a 2,500-byte packet over an Ethernet interface?
The router will fragment the packet into two packets, unless the Don't Fragment (DF) bit is set.
What is the Maximum Transmission Unit size of an Ethernet packet?
1,500 bytes.
When encrypting the contents of a disk, should symmetric or asymmetric encryption be used?
Symmetric encryption should be used to encrypt the contents of a disk, as the same key is used for encrypt and decrypt.
What is the longest hash that can be created by the Secure Hash Algorithm?
SHA can create up to a 512-bit hash value.
To what type of attack is RSA susceptible?
Chosen ciphertext, because an attacker can use the victim's public key to encrypt plaintext and then decrypt the resulting ciphertext in order to determine exploitable patterns.
To what does the attacker have access in a brute-force attack?
In a brute-force attack, the attacker only has access to the ciphertext.
What purpose does it serve to have employees of a company acknowledge that they have read and understood the company's security policy?
By having employees acknowledge that they have read and understood a company's security policy--whether they actually have or haven't done so--legally protects the company, and allows the company to hold employees responsible if they violate the policy.
What is the Annualized Rate of Occurrence, or ARO?
The ARO is the frequency at which a risk event occurs and is expressed as the number of losses that occur in one year. In the case of a component or piece of equipment that fails once every two years has an ARO of 0.5; every four years would be an ARO of 0.25.
What is the Single Loss Expectancy, or SLE?
The SLE is the total cost of a specific loss.
What is the Annualized Loss Expectancy, or ALE?
ALE is the average yearly cost of a risk. It is determined by multiplying the number of losses that occur in one year by the total cost of a specific loss.
What should an organization do if the cost of a loss due to risk is less than mitigating that risk?
Accept the risk, provided that there are no significant moral or ethical considerations or legal requirements involved.
When would assessors be most likely to perform a quantitative risk assessment vs qualitative?
When the assessors have extensive experience performing risk assessments.
What focuses on the restoration of specific IT services?
A Disaster Recovery Plan.
What is the difference between a Business Continuity Plan and a Disaster Recovery Plan?
BCPs focus on maintaining business operations no matter what events a business faces, while DRPs focus on the restoration of specific IT services. A DRP is a subset of the BCP, which contains procedures that should be performed in the event of a disaster.
What three metrics influence CVSS scoring?
In order, the CVSS metrics are:
1) Base metrics;
2) Temporal metrics; and,
3) Environmental metrics.
Which CVSS score is used by an organization to prioritize their responses to vulnerabilities?
The CVSS Environmental Score is the final score that determines priority of response to vulnerabilities.
What are the difference between Point-to-Point Encryption and End-to-End Encryption?
P2PE encrypts cardholder data as soon as it is swiped. The data is not decrypted until it reaches the payment processor. E2EE although it also encrypts cardholder data once swiped, is de-crypted and re-encrypted at each step along the path to the payment processor. P2PE thus precludes merchants from performing key management.
In which countries are T1 and T3 lines used?
T1 and T3 lines are used in the United States, Canada, Japan and South Korea.
Where are E1 and E3 lines used?
The United Kingdom and Europe.
Which WiFi Standards use Orthogonal Frequency Division Multiplexing?
802.11a, 802.11g and 802.11n all use Orthogonal Frequency Division Multiplexing, or OFDM.
What is another name for the False Reject Rate in biometric controls?
This occurs when a biometric control system fails to validate an authorized user. A False Reject is also known as a Type 1 biometric error.
What is another name for a False Accept--or False Positive--in biometric security?
A False Positive is also known as a Type 2 Biometric Error. A False Positive or False Accept is when a biometric control system identifies an unauthorized user as an authorized user.
What is the purpose of a Key Distribution Center?
It enables SSO services by acting as a trusted third-party authentication server in a Kerberos realm.
What type of biometric access control mechanism is likely to reveal private health information about a user?
A retinal scan is most likely to reveal private health information about a user, such as pregnancy, diabetes or hypertension.
What is the name of X.500 directory object that contains the full path to a specific entry?
The Distinguished Name (DN). Distinguished Names are also used in LDAP and Microsoft Active Directory.
What is the difference between the Relative Distinguished Name and the Distinguished Name?
The Relative Distinguished Name contains an abbreviated to a specific entry in an X.500 directory, and can be as short as a user name. In LDAP, Relative Distinguished Name and Common Name can be the same.
What are three possible meanings of the acronym MAC?
1) Mandatory Access Control--filesystem and object access;
2) Media Access Control-- physical host network address; and,
3) Message Authentication Code--message integrity.
What is most likely to be vulnerable to object reuse?
A shared data object that previously occupied re-allocated memory is most likely to be vulnerable to object reuse, which is the process of reusing data or authentication credentials that have been shared in memory or cached to disk.
What access control principle ensures that information does not flow between groups of users?
Compartmentalization is the access control principle that ensures that information does not flow between groups of users, by isolating these groups from one another, based on information or access required by each group.
What is the access control principle that precludes a user from having access to information that is not required for their official duties, even if that user has rank, clearance level or authorization for greater access?
Need-to-Know is the access control principle that restricts access to sensitive or classified information based not on rank or clearance level, but in order to execute official duties.
Mapping a list of users to a list of permitted resources is what step in the access control process?
Determine Users.
What is the first step of the access control process?
Defining Resources.
What is the second step of the access control process?
Determining Users.
What is the third step of the access control process?
Specifying Use.
What is the fourth step of the access control process?
Enforcing Accountability.
What is the DoD minimum password length?
Eight characters is the DoD minimum password length.
With what frequency does DoD require password changes?
Every 90 days.
What is the minimum age for a DoD password be before it can be changed?
Two days.
What is the DoD password re-use policy?
A password cannot be re-used until it has been changed 24 times.
What is the likely cause of a database search for a specific Social Security Number that returns records for more than a single employee?
The problem is the SSN field or cell is a primary key in the table and some values are duplicated. It also indicates that primary key does not enforce unique values for this field.
What are three possible meanings for the acronym SDLC?
1) Software Development Life Cycle;
2) Synchronous Data Link Control; and
3) System Development Life Cycle.
What is civil law?
Civil law is also known as tort law. It seeks to establish liability and restitution between two parties. The plaintiff in a civil law case is an individual.
What is criminal law?
Criminal law seeks to establish guilt and mete out punishment for violation of government rules. The plaintiff in a criminal law case is a governmental body.
What software testing method involves entering every possible variation of input data into the application?
Combinatorial testing.
What database type typically combines data and functions in a code-accessible framework?
An object-oriented database.
What software security threat is most likely to enable two processes with different security levels to access the same information on a storage medium?
A covert storage channel.
In conducting a security survey for an outdoor concert venue, what is the best way to ensure that every concert attendee walks through a specific venue entrance?
Use a fence as a perimeter defense.
What class of fire suppression can be used on combustible metals in both the US and the UK?
Class D.
175 degrees
Yellow Bulb
135 degrees
Orange Bulb
155 degrees
Red Bulb
200 degrees
Green Bulb
286 degrees
Blue Bulb
What is not a component of a defined threat matrix?
The method of attack prevention.
What type of CCTV camera is best suited for video motion detection?
A fixed position camera.
Swapping
Copies an entire process to disk
Paging
Copies a fixed-length block of memory to disk
Virtual Memory
Can use either paging or swapping.
Hardware Segmentation
Maps processes to specific hardware memory locations.
Motherboard
Contains the CPU, memory slots and peripheral slots.
Compartmented Mode of Operation
Assumes that a subject has the necessary clearance to access an object and enforces need to know by using technical controls.
TCSEC Level B
Lowest TCSEC security division that represents systems protected by MACs.
Mainframe
Relies on centralized security.
What are the components of an Integrity Service?
An integrity service includes antivirus applications, content-filtering applications and intrusion prevention systems. Integrity services are designed to protect data from corruption. In some cases, Integrity Services may even be able to repair corrupted data.
Documentation step of Change Management
Most likely to interface with Configuration Management processes.
Administrative Law and Criminal Law
Not an example of mixed law.
Differential (backup)
Leaves archive bit on - not archived. Longer backup, faster restore.
Incremental (backup)
Turns archive bit off. Faster backup, longer restore.
False Reject Rate
Type 1 Error
False Accept Rate
Type 2 Error
What type of control is a mantrap?
A mantrap is a Physical Preventive control.
What type of control is a firewall?
A firewall is a Technical Preventive control.
What is the size of an Ethernet MTU?
An Ethernet MTU is 1500 bytes.
What is the function of the Don't Fragment (DF) bit?
If the Don't Fragment bit is turned on, oversized packets are dropped.
Where does the IT contingency plan come into play during disaster recovery planning?
The IT contingency plan comes before training, testing and maintenance of disaster recovery plan.
What is RAID Level 3?
RAID 3 is Byte Striping.
What is RAID Level 4?
Block Striping with a Single Parity Disk.
What is RAID Level 5?
RAID 5 is Block Striping with an entire array of Parity Disks
What is RAID Level 1?
RAID Level 1 is Disk Mirroring.
What is RAID Level 0?
Raid Level 0 is Disk Striping.
What is RAID Level 10?
RAID Level 10 is a Striped Mirror. It is a combination of RAID Level 1 and RAID Level 0, also known as "Nested RAID".
What is RAID Level 2?
RAID Level 2 is Bit Striping, which is no longer used.
What is Session Initiation Protocol?
SIP is a VoIP protocol which uses TLS for confidentiality and MD5 for integrity.
SRTP - Secure Real Time Protocol
A streaming audio and video protocol that uses AES for confidentiality and SHA-1 for integrity.
What is Positive Drain?
Positive Drain is when HVAC system condensation does not pool inside.
What is Negative Drain?
Negative Drain is when HVAC system allows or draws water in.
What is Positive Pressure?
Positive pressure is when an HVAC system blocks out untreated air.
What is Negative Pressure?
Negative Pressure is when an HVAC system pulls air in from outside.
Covert Channel
Memory or storage space shared between processes of different security levels. May also be data added to unused TCP fields.
Noninterference Security Architecture
Multilevel security architecture - segregates and isolates data by security level
Wood and Paper - extinguishing agent
UK Class A; US Class A
Liquids - extinguishing agent
UK Class B; US Class B
Gases - extinguishing agent
UK Class C; US Class B
Electrical - extinguishing agent
UK Class E; US Class C
Metals - extinguishing agent
UK Class D; US Class D
Kitchen - extinguishing agent
UK Class F; US Class K
DES Electronic Code Book Mode
Leaves patterns in ciphertext.
What is the primary weakness of DES Cipher Block Chaining Mode?
Initialization vector and chaining can introduce encryption errors.
DES Cipher Feed Back Mode
CFB - Stream Mode initialization vector and chaining or feedback - can introduce errors
DES Output Feed Back Mode
OFB - Stream Mode initialization vector and encryption sub-key - no errors
DES Counter Mode (CTR)
Stream Mode initialization vector and 64-bit counter.
RSA
Uses prime numbers to generate keys. Invulnerable to replay.
Static Testing
Code Review
WS-Secure Conversation
Creates security contexts for message exchanges
WS-Secure Web Services
Provides integrity, encryption and authentication for SOAP messages in XML format.
WS-Trusted Web Services
Creates security tokens and brokers trust relationships.
WS-Policy Web Services
Advertises security, Quality of Service (QoS).
RPO - Recovery Point Objective
Determines backup frequency
RTO - Recovery Time Objective
Same as Maximum Tolerable Downtime, or MTD.
SEAL - Software Encryption Algorithm
160-bit key
DES - Data Encryption Standard
56-bit key
What is the effective key size of Triple DES (3DES)?
112-bits
MD5 - Message Digest 5
128-bit hash based on variable-length plaintext
ISO 27002
Security controls based on industry best practices.
ISO 27002
Formerly ISO 17799 in 2005. Based on British Standard (BS) 7799.
ISO 27001
Security governance; also based on BS 7799.
CoBIT
Created by ISACA and ITGI
Information Technology Infrastructure Library
Created by the UK Central Computer and Telecommunication Agency (CCTA) in the 1980s.
Transient authentication
Type 2 Authentication - Something You Have; like a token or a smartcard
What type of firewall automatically adjusts its filtering rules based on the traffic of existing sessions?
A Dynamic Packet Filtering firewall.
What vulnerability would be best countered by adequate parameter checking?
A Buffer Overflow.
What does a downward facing caret (˅) represent?
A downward facing caret (˅) represents a binary OR operation.
How is a binary OR (˅) operation calculated?
For an OR operation, if both values are 0, the result is zero, if either or both of the values is 1, then the result is 1.
What is not a composition theory related to security models?
Iterative.
What layer of OS ring protection is not normally implemented in practice?
Ring 1.
In order to restrict access into or out of a facility, what physical security control would you use?
A turnstile.
What is the point of a secondary verification system?
A secondary verification system's role is to verify the correctness of a system.
What policy was created by the Department of Commerce to enable companies in the U.S. to share personal information with companies in the EU?
The EU-US Safe Harbor Act was created by the U.S. Department of Commerce to facilitate the sharing of personal information between US and EU companies.
What type of firewall operates at the Session Layer of the OSI model?
Circuit-level proxy firewalls operate at the Session layer of the OSI model.
What security service in the enterprise is likely to include an intrusion detection system and security information management platforms?
An audit and monitoring service.
What compensating control would determine whether employees are surfing inappropriate sites on the web in violation of a company policy?
A review of employee Internet usage logs would detect signs of inappropriate use.
What is most likely to enable two processes with different security levels to access the same information on a storage medium?
A covert storage channel.
What type of user account is unlikely to require privilege monitoring or auditing?
An ordinary user account, where no elevated privileges should exist.
What constitutes the most secure passwords?
The use of uppercase and lowercase letters, numbers, symbols and a greater number of characters than seven.
What Configuration Management task is most likely to involve the monitoring of security configuration changes over time?
Baselining.
What are Segments encapsulated in?
Segments are encapsulated in packets.
Are Bits encapsulated?
No. Frames are converted to Bits at the Data Link Layer. Bits are not de-encapsulated.
What is a perpetrator?
A perpetrator is an individual who commits a crime of any type. A perpetrator can use computers in the commission of a crime, as either a tool, target, or the computer use may be incidental--that is when computers are used to aid in the commission of a crime, but are not the central means used to commit the crime.
Which two DES modes can propagate encryption errors?
CBC and CFB.
To what attack vector is RSA particularly susceptible?
RSA is particularly susceptible to chosen ciphertext attacks: in which the attacker uses the decryption tool to decrypt chosen ciphertext messages in an attempt to discover the key AKA meet-in-the-middle.
What is a Layer 3 limited broadcast address?
All 24 bits are turned on; the address sends to all devices on a broadcast domain only. It is not forwarded by routers.
What class of fire suppression systems can be used to suppress combustible metals in both the U.S. and the U.K?
Class D (metals - US/UK).
What type of CCTV camera should be installed to sweep an entire front lobby, while keeping costs down?
A dome camera. Dome cameras are mounted on a motor that allows them to pan and tilt, but they are less expensive than full-fledged pan-tilt-zoom cameras.
What will generally not be included in a defined threat matrix?
The method of attack prevention is generally excluded from a defined threat matrix. The threat matrix focuses on three questions: (1) What is the asset we want to protect?: (2) What are the risks to that asset?; and, (3) What are the consequences of failing to protect that asset?
What is a false negative on an IDS/IPS?
A false negative occurs when an IDS/IPS fails to correctly identify malicious traffic.
What is a false positive on an IDS/IPS?
A false positive occurs when an IDS/IPS identifies authorized traffic as malicious.
What is a true positive on an IDS/IPS?
A true positive occurs when an IDS/IPS correctly identifies malicious traffic as such.
What is a true negative on an IDS/IPS?
A true negative occurs when an IDS/IPS correctly identifies authorized traffic as such.
What is the most common asymmetric algorithm used in PKI?
RSA is the most common asymmetric algorithm used in PKI.
What are three of the most common symmetric encryption algorithms?
AES, RC5 and 3DES.
What type of password is the hardest to manage?
A one-time password is the hardest to manage. This is unlike a dynamic password, which is a string of characters that changes at regular intervals of time.
What performing risk analysis, what equation is used?
Annual Rate of Occurrence (ARO) multiplied by (x) Single Loss Expectancy (SLE) equals (=) Annual Loss Expectancy (ALE).
What is the lowest degree of trust described by TCSEC?
Division D is the lowest degree of trust described by TCSEC.
What is CPTED?
Crime Prevention Through Environmental Design
What is parameter checking used for?
To prevent the possibility of buffer overflow attacks.
Orange - Fahrenheit
135 degrees
Red - Fahrenheit
155 degrees
Yellow - Fahrenheit
175 degrees
Green - Fahrenheit
200 degrees
Blue - Fahrenheit
286 degrees
Orange - Centigrade
Red - Centigrade
Yellow - Centigrade
Green - Centigrade
Blue - Centigrade
US Class A
Wood or Paper Fires
US Class B
Flammable Liquids
US Class C
Electrical Fires
US Class D
Metal Fires
US Class B
Flammable Gases
US Class K
Kitchen Fires
UK Class A
Wood or Paper Fires
UK Class B
Flammable Liquids
UK Class C
Flammable Gases
UK Class D
Metal Fires
UK Class E
Electrical Fires
UK Class F
Kitchen Fires
What are the values in a Boolean Logic truth table?
1 is true, and 0 is false
What Boolean function returns a true value when only one of the input values is true?
XOR - Exclusive OR - If x equals 1 or y equals 1, then the output is 1. If neither x nor y equals 1, then the output is 0.
AND - If x and y both equal 1, then the output is 1. If either x or y equal 0, then the output is 0.
Returns a true value only when both input values are true.
What Boolean function returns a true value if either or both of the values is true?
OR - If x equals one, or y equals 1 or both x and y each equal 1, then output is 1. If both x and y equal 0, then the output is zero.
Which Boolean Logic function operates only on a single bit?
NOT reverses the value of a single bit. 1 becomes 0 and 0 becomes 1.
Boolean XOR
Boolean AND
Boolean OR
Boolean NOT
What two standard punctuation marks on the keyboard can represent a Boolean NOT operation?
Either a tilde (~) or an exclamation point (!)
In HVAC, what does "pressure" refer to?
Air. It can be positive or negative.
In HVAC, what does "drain" refer to?
Water. It can be positive or negative.
What is hexadecimal?
Base 16. Hex uses characters 0 through F.
What is decimal?
Base 10. Decimal uses characters 0 through 9.
What is binary?
Base 2. Binary uses characters (numbers) 0 and 1 only.
What is a bit?
A bit is a binary digit. 0 represents the off state, while 1 represents the on state.
What is a byte?
A byte is specific collection of bits that represents a single character. A byte is generally comprised of 8-bits
What is the size of a byte in standard ASCII?
7-bits. This only permits encoding of alphanumeric characters and punctuation.
What is the size of a byte in extended ASCII?
8-bits. The extra bit is used for encoding graphic characters.
What is the size of a byte in Baudot?
5-bits. Baudot was used in telegraphic messages (telegrams), and only had capital letters, numbers, and very limited punctuation such as the period, comma and dash.
What is EBCDIC?
Extended Binary Coded Decimal Interchange Code: a proprietary IBM mainframe 8-bit character encoding system.
What are double-byte characters?
In languages which include ideographic characters such as Japanese, 16 bits (or two bytes) have to be used to represent each character because of their number and complexity. These are also referred to as "double-byte character sets", or DBCS.
What is octal?
Base 8. Octal uses characters 0-7. It was once used as shorthand for hex notation, but has fallen into disuse: possibly because it appeared to similar to decimal.
What is 802.20?
LTE - Long Term Evolution
What is a candidate key?
A subset of attributes that can be used to uniquely identify any record in a table. Each table may have one or more candidate keys, which are chosen from column headings.
How does a patch management system prevent outages?
By ensuring that systems remain updated with current patches.
What is the purpose of CVE - Common Vulnerabilities and Exposures?
CVE is a dictionary which provides a standard convention used to identify vulnerabilities.
What are the three classes of security controls in Security Testing and Evaluation (ST&E)?
Management, Operational &
Technical.
What document requires security test and evaluation for certification and accreditation of government systems?
The Federal Information Security Management Act of 2002, also known as FISMA.
What document defines the requirements of security test and evaluation?
NIST SP 800-53A.
At what layer in the TCP/IP or DoD model do routers operate at?
Routers operate at the Internet Layer of the TCP/IP (DoD) model.
What is another name for a column in a database?
Attribute is another name for a column in a database.
What is another name for the number of columns in a database?
Degree is the number of columns in a database.
What is another name for a row in a database?
Tuple is another name for a row in a database.
What is another name for the number of rows in a database?
Cardinality is the number of rows in a database.
What is another name for the intersection of an Attribute and a Tuple in a database?
Cell is the intersection of an Attribute and a Tuple in a database.
What is the ACID model?
Describes the four required characteristics of database transactions: atomicity, consistency, isolation, and durability.
What is another name for table in a database?
A Relation is another name for a table in a database. A Relation in a database consists of Tuples, Attributes and Cells.
What is database atomicity?
Atomicity requires that a database transaction must be an "all or nothing" affair. If any part of the transaction fails, the entire transaction must be rolled back as if it never occurred.
What is database consistency?
Consistency requires that all transactions must begin operating in an environment that is consistent with all of the database's rules.
What is database isolation?
Isolation is a concept which ensures that any behavior in a database will affect only the memory and resources associated with that process.
What is database durability?
Durability is the concept the database transactions must be resilient. Once a transaction is committed to the database, it must be preserved. Databases ensure durability through the use of backup mechanisms, such as transaction logs.
What is database aggregation?
Aggregation is the result of database functions that combine records from one or more tables to product produce useful information.
What are SQL Aggregate Functions?
SQL functions such as COUNT(), MIN(), MAX(), SUM(), and AVG() are aggregate functions that can be run against a database to produce an information set.
What kind of arithmetic is a running key cipher based upon?
A running key cipher is based on modular arithmetic.
What is partial-knowledge testing?
Performing a penetration test using information that is openly available.
What do distance-vector routing protocols use to determine how a far a destination site is?
Distance-vector routing protocols use hop count to determine how far away a destination site is.
What does a "Birthday Attack" exploit?
A "Birthday Attack" exploits cryptographic collisions.
What is a "Zero-Day" exploit?
A "Zero-Day" exploit is malicious code for which there is no fix at the time of the exploit.
What does "Transient Authentication" require?
"Transient Authentication" requires a token, which is something you have.
What agency established the EU-US Safe Harbor Act?
The U.S. Department of Commerce established the EU-US Safe Harbor act.
What authentication mechanism stores secret keys in clear text?
Kerberos stores secret keys in clear text.
What is the purpose of key escrow?
Key escrow enables sensitive data to be accessed if the need arises.
What kind of a attack is Double-DES (2DES) vulnerable to?
Double-DES is vulnerable to Meet-in-the-Middle attacks, because of its weak cryptographic algorithm.
How is the Annual Rate of Occurrence defined?
The Annual Rate of Occurrence is the frequency at which a risk event occurs.
How does DRAM store information?
DRAM uses capacitors.
How does a key distribution center enable single-sign-on services?
A Key Distribution Center enables Single-Sign On services by acting as a trusted third party authentication server.
What is an example of Mixed Law?
Customary Law when combined with Common Law is an example of Mixed Law.
What does an attacker have in a known plaintext attack?
An attacker has both the plaintext and the ciphertext in a known plaintext attack.
What is the difference in encryption types between S-HTTP and HTTPS?
S-HTTP can use both symmetric and asymmetric keys, while HTTPS uses only symmetric keys.
What is a race condition?
A race condition is an example of a state attack. In a race condition, an attack vector occurs between time of check and time of use.
What is a state attack?
A state attack occurs in the middle of a legitimate function.
What types of backups reset the archive bit?
Full backups and incremental backups reset the archive bit.
What type of backup does not reset the archive bit?
Differential.
What is the smallest size single backup?
An incremental backup.
Which backup is faster: incremental or differential?
An incremental backup is faster, because it only backs up files since the last backup of any type. A differential backup backs up all files since the last full backup.
How does a fast backup scheme operate?
A fast backup scheme uses one full backup, and daily incremental backups. Restores with this scheme require the most recent full backup and a number of the daily incremental backups.
What protocol is most commonly associated with botnets?
IRC.
What OSI layer do remote procedure calls occur at?
Remote Procedure Calls occur at the Session layer of the OSI model.
What kind of cipher is DES?
DES is a block cipher.
What kind of attack is linear cryptanalysis?
Linear cryptanalysis is a known plaintext attack. This means that the attacker has the ciphertext along with the matching decrypted plaintext.
Which remote access protocol encrypts both usernames and passwords?
TACACS+ is the remote access protocol which encrypts both usernames and passwords.
What does an attacker have access to in a brute force attack?
In a brute force attack, the attacker only has access to the ciphertext.
What does a defined threat matrix not include?
A defined threat matrix does not include the method of attack prevention.
Is backup a phase of security incident response?
No, backup is not a phase of security incident response. It occurs prior to a security incident. Recovery is a phase of security incident response which utilizes backups to restore lost or corrupted data.
What are the PDU (Protocol Data Unit) names at each layer of the OSI model?
Application = Data Stream
Presentation = Data Stream
Session = Data Stream
Transport = Segment (TCP); Datagram (UDP)
Network = Packet
Datalink = Frame
Physical = Bit
What are the five qualitative, quantitative and descriptive levels of the likelihood of threat exploitation outlined in NIST SP 800-30?
(10) - Almost Certain
(08) - Highly Likely
(05) - Somewhat Likely
(02) - Unlikely
(00) - Highly Unlikely
What are the five Major Components of Quantitative Risk Analysis?
Asset Value
Exposure Factor
Single Lost Expectancy
Annualized Rate of Occurrence
Annualized Loss Expectancy
What are the Categories of Security Controls Constituting Defense-in-Depth?
Physical
Logical/Technical
Administrative
What are the six steps of the NIST Risk Management Framework (RMF)?
Categorize
Select
Implement
Assess
Authorize
Monitor
What are the Quantitative Risk Analysis Formulae?
EF = Exposure Factor (%)
SLE = Single Loss Expectancy ($)
ARO = Annualized Rate of Occurrence (#/%)
ALE = Annualized Loss Expectancy ($)
ACS = Annual Cost of Safeguard ($)
What three elements is risk a convergence of?
Threat, Asset and Vulnerability
What are the elements of risk?
Assets
Threats
Vulnerabilities
Exposure
Hexadecimal Addition Matrix
A=10
B=11
C=12
D=13
E=14
F=15
What are the eight key terms in TARA (Threat Agent Risk Assessment)?
Vulnerability
Threat Agent
Motivation
Objective
Method
Attack
Control
Exposure
How does TARA define vulnerability?
Vulnerability is part of the information security infrastructure that could represent a weakness to attack in the absence of a control.
How does TARA define a threat agent?
A threat agent is a person who originates attacks, either with malice or by accident, taking advantage of vulnerabilities to create loss.
How does TARA define Motivation?
Motivation is the internal (intrinsic) reason a threat agent wants to attack.
How does TARA define Objective?
Objective is what the threat agent hopes to accomplish by the attack.
How does TARA define Method?
Method is the process by which a threat agent attempts to exploit a vulnerability to achieve an objective.
How does TARA define Attack?
Attack is action of a threat agent to exploit a vulnerability.
How does TARA define Control?
Controls are tools, processes, and measures put in place to reduce the risk of a loss due to a vulnerability.
How does TARA define Exposure?
Exposure is vulnerability without a control.
How is risk defined according to the Air Force in AFI 10-701, OPSEC?
The Air Force defines risk as a measure of the potential degree to which protected information is lost through adversary exploitation.
How is risk assessment defined according to the Air Force in AF 10-701, OPSEC?
The Air Force defines risk assessment as determining the probability an adversary will gain knowledge of your critical information as well as identifying the impact if the adversary is successful.
What is the two-step process of risk assessment identified by the Air Force in AF 10-701, OPSEC?
1. Compare vulnerabilities identified with the probability of an adversary being able to exploit it in time to be useful (in order to determine a level of risk);
2. Determine potential countermeasures to reduce vulnerabilities with the highest risk.
What does FAIR stand for?
Factor Analysis of Information Risk. It is a vulnerability assessment model which was originally developed by Risk Management Insight (RMI).
What are the six kinds of loss defined by FAIR?
1. Productivity
2. Response
3. Replacement
4. Fines and Judgements
5. Competitive
6. Reputation
What are the three primary components of value as defined by FAIR?
1. Criticality
2. Cost
3. Sensitivity
What are the four subsets of FAIR's Sensitivity element of Value?
Embarrassment; Competitive Advantage;
Legal/Regulatory and General.
What are the five potential threat agent impacts according to TARA?
1. Access
2. Misuse
3. Disclose
4. Modify
5. Deny Access
What is FRAP?
Facilitated Risk Analysis Process
What are the five key definitions of FRAP?
Risk; Control; Integrity; Confidentiality &
Availability.
What are the steps of the TARA six-step process?
1. Measure
2. Distinguish
3. Derive
4. Identify
5. Determine
6. Align
What are examples of Standards, Policies, Baselines, Procedures and Guidelines?
Standards = specifies HW/SW
Policy = directs what but not how
Baseline = standardized practices
Procedures = specific step(s)
Guidelines = recommendations
What are the five basic requirements of a cryptographic hash function?
1) Input of any length
2) Fixed-length output
3) Easy to compute
4) One-way
5) Collision-free
Name the four basic hashing algorithms.
SHA = Secure Hash Algorithm
MD5 = Message Digest 5
HMAC = Hashed Message Authentication Code
HAVAL = Hash of Variable Length (based on MD5)
What is the governing directive for the Secure Hash Algorithm (SHA)?
FIPS 180 - The Secure Hash Standard (SHS)
What are the four variants of SHA-2?
1) SHA-256
2) SHA-224
3) SHA-512
4) SHA-384
For the SHA-2 variants, what does the number represent?
The number of the SHA denotes the size of the message digest or hash created by that algorithm.
Which two SHA variants use a 1024-bit block size?
SHA-384 and SHA-512 both use a 1024-bit block size.
Which two SHA-2 variants use a 512-bit block size?
SHA-256 and SHA-224.
What size hash values can HAVAL create?
128; 160; 192; 224; 256.
What is the hash value length (or message digest size) of SHA-1?
160-bit
What is the hash value length of MD2, MD4 and MD5?
128-bit
Which has algorithm does not have fixed-sized message digests?
HMAC = Hash Message Authentication Code has variable-length message digests.
Which hashing algorithm does NOT provide non-repudiation?
HMAC, because it relies on a shared secret (symmetric) key.
What are the nine major recognized root certificate authorities (CAs)?
1) Symantec
2) Thawte
3) GeoTrust
4) GlobalSign
5) Comodo
6) GoDaddy
7) DigiCert
8) Network Solutions
9) Entrust
What does the POODLE vulnerability of 2014 exploit?
POODLE (Padding Oracle On Downgraded Legacy Encryption) uses the TLS v1.1 fallback mechanism to SSL 3.0 to exploit weaknesses in the latter. Upgrading to TLS v1.2 eliminates this fallback mechanism, and thus mitigates this vulnerability.
How do SSL/TLS set up secure web sessions?
1) The user's browser retrieves the web server's certificate, and extracts the server's public key from it;
2) The browser creates a random symmetric key, and encrypts it with the server's public key. It then sends this encrypted key to the server.
3) The server receives and decrypts the symmetric key with its private key, and then uses this unencrypted symmetric key as the session key in communication with the user's browser.
What is a TGT?
A Ticket Granting Ticket contains authentication information and key information for accessing resources.
What is a Session Ticket?
Encrypted information that the server examines to validate the client as an authenticated domain member in a Kerberos realm.
What is the Relative Distinguished Name (RDN)?
The Relative Distinguished Name (RDN) is the portion of object's name that is distinct from the object's path.
What are the US fire suppression classes?
A. Wood or Paper Fires
B. Flammable Liquids
B. Flammable Gases
C. Electrical Fires
D. Metal Fires
K. Kitchen Fires
What are the UK fire suppression classes?
A. Wood or Paper Fires
B. Flammable Liquids
C. Flammable Gases
E. Electrical Fires
D. Metal Fires
F. Kitchen Fires
A sprinkler head with an Orange glass tube is triggered at what temperature Fahrenheit?
A sprinkler head with a Red glass tube is triggered at what temperature Fahrenheit?
A sprinkler head with a Yellow glass tube is triggered at what temperature Fahrenheit?
A sprinkler head with a Green glass tube is triggered at what temperature Fahrenheit?
A sprinkler head with a Blue glass tube is triggered at what temperature Fahrenheit?
What is the object-oriented programming concept that enables data to be processed differently based on the data type?
Polymorphism.
What attack type is most likely to be mitigated by Domain Name Security Extensions (DNSSEC)?
Pharming, or DNS cache poisoning attacks.
What is the ACL ruleset to implement on a firewall to block a single domain?
block "domain.com"
allow all, as the rules in an ACL go from most specific to most general.
What occurs during the accreditation phase of a system in the systems development life cycle (SDLC)?
In the SDLC accreditation phase, the system is accepted by the data owner, even if it has not been certified. Certification means that a system has been tested by a certification authority and been determined to meet all security requirements of the data owner. Accreditation means that the data owner has chosen to implement the system even after having been made aware of any remaining vulnerabilities and residual risks.
In which phase of the SDLC (systems development lifestyle) process is a system tested by an independent third party?
The acceptance phase.
What are the 10 phases of the software development life cycle (SDLC)?
Initiation and Planning: Functional Requirements Definition; System Design Specifications; Development and Implementation; Documentation and common program controls; Acceptance; Testing and Evaluation Controls; Certification; Accreditation & Implementation.
In 802.11g, which of these are NOT supported: WEP, AES, TKIP or MIMO?
MIMO is not supported on 802.11g. It was introduced with 802.11n.
What are the steps in the change management process?
1. Requests
2. Impact Assessment
3. Approval/disapproval
4. Build and Test
5. Notification
6. Implementation
7. Validation
8. Documentation
What are examples of mixed law?
1. Common Law and Civil Law
2. Civil Law and Religious Law
3. Civil Law and Customary Law
What is the definition of mixed law?
Mixed law is the combination of two or more major legal systems.
What is not an example of mixed law?
Administrative Law and Criminal Law
What is another name for a signature-based IDS?
A pattern-matching IDS.
Which security protocol creates a 128-bit hash value based on variable-length plaintext?
Message Digest 5 (MD5).
What is a limited Layer 3 broadcast address?
255.255.255.255 is a limited broadcast address which is sent to all devices on a broadcast domain. It is sent when a specific destination address is unknown. A limited broadcast address is constrained to its own broadcast domain.
What is the purpose of a key distribution center?
To enable SSO services by acting as a trusted third-party authentication server.
What is the equation used when performing risk analysis?
ARO x SLE = ALE
What is the Annualized Rate of Occurrence?
The Annualized Rate of Occurrence is the frequency at which a risk even occurs. It is expressed either as a decimal or a percentage.
What is not a means of secure media management?
Media recovery is not a means of secure media management, although shredding or destruction is.
What does Routing Information Protocol use as a metric?
Routing Information Protocol (RIP) uses hop count as a metric.
What kind of a routing protocol is RIP?
RIP is a distance-vector routing protocol. RIP is only aware of directly-connected neighbor routers.
What does Open Shortest Path First use as a metric?
OSPF uses cost as a metric based on the bandwidth of a link.
What kind of routing protocol is OSPF?
OSPF is a link-state routing protocol. It learns the entire network topology for the area.
Which two layers of the OSI model correspond to which single layer of the TCP/IP model?
The Physical and Datalink layers of the OSI model correspond to the Network Access Layer of the TCP/IP model.
How many eight-bit timeslots does E1 transfer data over?
E1 transfers data over 32 DS0s.
How many eight-bit timeslots does T1 transfer data over?
T1 transfers data over 24 DS0s.
How many eight-bit timeslots does T3 transmit data over?
T3 transmits over 672 timeslots, equivalent to 28 T1s.
How many eight-bit timeslots does E3 transmit data over?
E3 transmits over 512 timeslots: equivalent to 24 E1s.
What is the common name for 8-bit timeslots in digital network technology?
DS0 Channel.
What does a DS1 signaling frame consist of?
A DS1 signaling frame consists of 24 DS0 channels along with a single framing bit.
How much data does a DS1 signaling frame contain?
Each DS1 frame contains 193 bits.
Which of the (ISC)2 Code of Ethics canons requires a security professional to abstain from spreading unnecessary fear, uncertainty and doubt (FUD)?
Canon 2 of the (ISC)2 Code of Ethics requires abstention from spreading FUD: "Act honorably, honestly, justly, responsibly, and legally."
What is FUD?
FUD is a term that is used to describe the dissemination of negative, false, and frightening information to influence consumers, politicians, or other individuals to act in a certain way.
Why should a CISSP not spread FUD (fear, uncertainty and doubt)?
Although not illegal, spreading FUD would be dishonest and irresponsible.
If you have configured a remote access server to perform callback, what happens after a user dials in and authenticates?
After the user dials in and authenticates to a remote access server configured to perform callback, the server will hang up and call the user back at a telephone number preconfigured for that user.
What is the advantage of employing contract security guards?
Contract security guards are cheaper than employing proprietary security guards.
What is the focus of the Clark-Wilson security model?
Integrity.
What is the focus of the Bell-LaPadula security model?
Confidentiality.
What is the focus of the Chinese Wall security model?
The focus of the Chinese Wall security model is on the avoidance of conflicts of interest.
What is another name for the Chinese Wall security model?
The Chinese Wall security model is also known as Brewer-Nash.
What is the focus of the Information Flow security model?
The Information Flow security model concerns itself with how information should or should not be passed from subject to subject within a secure environment.
What is the focus of the Biba security model?
Integrity.
What is not directly provided by cryptography?
Availability is not directly provided by cryptography.
What should be used in a heating, ventilation and air conditioning (HVAC) system?
An HVAC system should employ positive drain and positive pressure. Positive drain ensure that condensation does not pool, and positive pressure prevents untreated air from entering a building.
What TCP/IP layer do routers operate at?
Routers operate at the Internet layer of the TCP/IP model.
What are the three scores in CVSS?
In order they are:
1) Base;
2) Temporal;
3) Environmental.
What port does S-HTTP operate on?
TCP Port 80, as it only encrypts the http data.
What should an HVAC system use?
Positive drain and positive pressure.
Why is Kerberos not susceptible to eavesdropping?
Kerberos credentials are encrypted by a secret key before being sent over the network.
What type of cipher operates by rearranging groups of characters?
A block transposition cipher.
What is the difference between substitution and transposition ciphers?
Substitution replaces plaintext with different characters; transposition just rearranges the existing characters.
What is the difference between stream and block ciphers?
Stream ciphers process one character at a time; block ciphers process characters in groups.
Which is more robust: stream or block ciphers?
Block ciphers are stronger, but they also require more processing power than stream ciphers.
What are the phases of incident response?
1) Detection;
2) Containment;
3) Eradication;
4) Recovery;
5) Reporting.
How do stateful firewalls differ from other types?
They only allow traffic into the network if a corresponding request was sent from inside the network. Essentially, the stateful firewall actively invites traffic into the network (invitation only).
What is OAuth?
An open http authentication framework based on RFC 6749 which provides third-party applications delegated access to resources without passing user credentials.
What is the "Ring Model"?
A method of hardware layering that uses system calls to communicate with the CPU via the OS.
What is the focus of the Bell-LaPadula security model?
Data confidentiality
What is the focus of the Biba security model?
Data integrity
What is the purpose of key distribution center?
To enable single-sign on services by functioning as a trusted third-party authentication server.
What vulnerability does a covert storage channel present?
It can enable two processes with different security levels to access the same information on a storage medium.
How do time domain reflectometry systems detect intrusion?
By receiving all or part of an RF signal when an intruder tries to climb a fence. The RF signal is sent through cables running parallel to a fence. When the cable is flexed the RF signal is reflected back to its source. The TDR sensor measures the travel time of the returned RF signal and so is able to calculate the location of the intruder.
What is a zero-day exploit?
Malicious code that takes advantage of a vulnerability that has no fix.
What is a zero-day vulnerability?
A vulnerability for which there is no currently existing fix.
What element of perimeter security is most likely to involve the use of layered defenses?
Delay.
What attack vector cannot be used against RSA?
Replay attacks.
Which ISO standard is based on BS 7999 and is focused on security governance?
27001
Which ISO standard is based on BS 7799 and defines security objectives?
27002 (formerly ISO 17799)
What equation is used to calculate single loss expectancy (SLE)?
AV (Asset Value) x EF (Exposure Factor)
Which two factors do you never add or multiply together in risk analysis?
ARO and ALE.
How do you calculate annualized loss expectancy (ALE)?
Annual rate of Occurrence (ARO) x Single Loss Expectancy (SLE).
What is the purpose of a ticket-granting ticket (TGT)?
A TGT enables an authenticated user to request access to nework services.
What is the purpose of the ticket granting server (TGS)?
The TGS uses the TGT and session key to verify the identity of the user.
What two credentials enable a client to connect to devices in a Kerberos realm?
The TGT along with the session key.
What is the International Common Criteria Security Target (ST)?
The documentation for a system or product to be tested.
What is the International Common Criteria Target of Evaluation (ToE)?
The system or product to be protected.
What is the International Common Criteria Protection Profile (PP)?
The security requirements for the product to be tested.
What does a disaster recovery plan (DRP) focus on?
The restoration of specific IT services.
What is the Business Continuity Plan (BCP)?
Procedures that should be performed in the event of a disaster. It focuses on maintaining business operations.
What is the difference between BCP (continuity) and DRP (recovery)?
BCP focuses on uninterrupted operations in light of a disaster. If the BCP fails (services are interrupted) that's when the DRP kicks in.
What is the purpose of a business impact analysis (BIA)?
To identify systems and processes critical for an organization to continue to operate.
What is used to securely back up data to an offsite location at specific periods in time?
Electronic vaulting, which involves transmitting bulk data to an offsite backup storage facility.
What is the greatest benefit of asymmetric encryption over symmetric encryption?
Unlike symmetric (secret-key) encryption, asymmetric (public-key) encryption does not require that keys be pre-shared.
What is the advantage of symmetric (secret-key) encryption over asymmetric (public-key) encryption?
Symmetric encryption algorithms are stronger per key length than asymmetric algorithms. This makes them computationally faster and less resource intensive for the same degree of security.
What is differs switches from routers?
Switches forward frames at Layer 2 of the OSI model, based on the MAC address of the destination. Routers operate at Layer 3, forwarding packets based on IP addresses.
What do switches do that hubs cannot?
Switches divide hosts into separate collision domains. Hubs are multiport repeaters in which all hosts attached to the hub are in the same collision domain.
How do switches differ from bridges regarding collision and broadcast domains?
Although both switches and bridges can divide attached hosts into separate collision domains, VLANs can only be configured on switches to divide attached hosts into separate broadcast domains.
What is unique about bridges?
They can connect networks operating on different protocols. e.g., translating between ARPA IP and NetWare IPX.
As asymmetric encryption algorithms used for key exchange, what do Diffie-Hellman and El Gamal have in common?
The both use discrete logarithms. Discrete logarithms are used to calculate logarithms for groups of numbers, thereby complicating the calculation and increasing cryptographic security.
What type of account is most powerful?
A built-in administrator account, also known as a root account.
What protocol does FRAGGLE use?
UDP.
What kind of security service employs intrusion detection systems and security information management platforms?
An audit and monitoring service.
What type of security service employs firewalls and border routers?
A boundary control service.
What type of security service employs systems such as Kerberos and TACACS+?
An access control service.
What type of security service employs AV/content-filtering applications and IPS?
An integrity service, which is designed to protect data from corruption.
What object-oriented programming (OOP) phrase best describes an object that is mostly independent from other objects?
High cohesion and low coupling.
What object-oriented programming (OOP) phrase describes an object highly dependent on other objects?
High coupling and low cohesion.
Which system architecture model is focused on information integrity?
Clark-Wilson.
How does a cross-site request forgery exploit (CSRF or XSRF) work?
It involves the redirection of static content within a trusted site by replacing already-existing trusted URIs with URIs from untrusted sites.
How does a cross-site scripting exploit (CSS or XSS) work?
By executing malicious web scripting code within in a trusted context.
What privacy policy was created in 1980 to provide a framework for how information traverses international borders?
The OECD (Organization for Economic Cooperation and Development).
Which EU privacy principle requires that employee monitoring be customized to the amount of risk the employer incurs?
Proportionality.
What is true about the /etc/password file in Linux?
It is readable by all users, not just root.
If you must do a live test of the IT department's DRP during regular work hours, who should you notify?
Warn the affected managers before performing the test.
If a server fails on a Friday afternoon, how many backups will be needed for restore?
Five: the full backup from Saturday, and the incremental backups from Monday, Tuesday Wednesday, and Thursday.
Where in the OS Ring model are you most likely to find device drivers?
OS Ring 2.
Which common enterprise security services are most likely to include IDS and SIM platforms?
An audit and monitoring service.
What is the best way to describe a zero-day exploit?
Malicious code that takes advantage of a vulnerability that has no fix.
What kind of CISSP action could negatively impact the The "advance and protect the profession" canon of the the (ISC)2 Code of ethics?
Developing a relationship with an individual with a reputation for running unauthorized scans against financial website, who claims to know about recent successful attacks at the bank's website, in exchange for general information about security tools and techniques that have become popular within the financial industry.
What equation is used to perform risk analysis?
Annualized Loss Expectancy = Annual Rate of Occurrence x Single Loss Expectancy.
What is the data access control type that is least likely to use explicit rights and permissions?
Role-Based Access Control (RoBAC) is least likely to control access by using explicit rights and permissions, as explicit rights and permissions are those rights and permissions assigned directly to a user account.
What must be included when attempting to determine if is cheaper to lease or purchase an end-user device?
Do not just compare the lease and purchase costs for the same time period to make this determination. You must also add the cost to maintain or replace the printer, which is normally expressed as the Annualized Loss Expectancy.
What is least likely to be a threat to a virtualized environment?
Multiple guest systems with the same security requirements.
At what layer of the OSI model does S-HTTP encrypt packets?
S-HTTP encrypts packets at OSI Layer 7, using DES or RC2. S-HTTP only encrypts the data, not the header, and therefore operates on TCP Port 80.
When are assessors mostly likely to conduct a quantitative risk assessment for a company?
When the assessors have extensive experience performing risk assessments.
What privacy policy was created in 1980 to provide a framework for how information traverses international borders?
The OECD (Organization for Economic Cooperation and Development).
What is the term that indicates the amount of data loss or system unavailability (measured in units of time), that a business can endure?
Recovery Point Objective (RPO) indicates the amount of data loss or system unavailability that a business can endure. RPO rating can also be used to determine frequency of backups.
What WLAN configuration change on an 802.11i network will be most effective in increasing security?
Enabling WPA2, because it provides an authentication mechanism, an encryption mechanism, and an integrity mechanism.
What is the EU Privacy Principle that requires that data collected by an organization that monitors its employees be used for a specific, explicit, and legitimate purpose?
The EU finality principle.
What occurs during the accreditation phase of the systems development life cycle (SDLC)?
During the accreditation phase of the SDLC the system is accepted by the data owner, even if it has not be certified to meet security requirements.
What is certification?
Certification means that a system has been tested and proven to fit the security requirements of the data owner.
What happens if the ARP table maps the same IP address to the MAC of a local host which is already mapped to the gateway computer?
If in the ARP table, a local host has the same IP address mapped to its MAC as the gateway (provided the gateway is a completely separate system), that local host will experience a lack of connectivity to the Internet.
What is the primary function of the system unit?
The system unit contains all the internal components of the computer system. The system unit is generally synonymous with the computer system's case.
In what component are the ALU and CU found?
In the CPU.
What contains the CPU, memory slots and peripheral slots within a system?
The motherboard, or main logic board contains the CPU, memory slots, and peripheral slots within a system. Motherboard are typically attached to the system unit (case) with screws or plastic standoffs.
What ACL rules would allow all domains except for one specified domain to download files from a publicly available FTP servers, assuming the firewall is configured with an implicit deny rule.
The first ACL rule would first deny the specified domain by name, and the second ACL rule would allow all other domains, with an "allow all" statement.
What step in the access control process does mapping a list of users to a list of permitted resources indicate?
This is the "determining users" step of the access control process.
Which security models focus on integrity?
Biba and Clark-Wilson.
Which security model focuses on confidentiality?
Bell-LaPadula
What two devices can be used to create multiple broadcast domains on a single network?
A router or a Layer 3 switch using VLANs.
Which three devices can create separate collision domains on a single network?
Bridges, Layer 2 switches and routers.
What device operates on a single collision domain and a single broadcast domain?
Hubs, also known as multiport repeaters, broadcast the same information out to all hub ports.
What is the software development method that creates release versions of an application for user review?
The prototyping software development method is an iterative method, which means that source code is written, released for review, and then revised based on the reviews.
What software development methods are based on the waterfall method?
Cleanroom, spiral and structured programming.
How does the cleanroom software development method attempt to prevent bugs in code?
By tightly controlling the development process from the beginning. The goal is to write defect-free code from the outset, instead of fixing problems after review.
What is the spiral software development method based upon?
The Deming PDCA cycle.
How does structured programming develop code?
By using a staged development mode similar to the spiral method, with the goal of encouraging discipline and a formal structure to the process.
What is the amount of time that NFPA standard 75 recommends fire-resistance for the construction of information technology facilities?
According to NFPA 75, information technology facilities should be constructed of materials that can withstand at least 60 minutes of fire exposure, by being isolated from the rest of the building by flame-resistant walls, floors and ceilings. Secure area walls should meet the floor slab and ceiling slab (true floor to ceiling).
What are the eight steps in the change management process:
Requests; Impact Assessment; Approval or disapproval; Build and test; Notification; Implementation; Validation and Documentation.
What is configuration management?
Configuration management is the process of developing a standard method of securing (hardening) systems within an organization.
What are three steps in Configuration Management?
Baselining; patch management and vulnerability management.
What metric is used by distance vector routing protocols; such as RIP?
Distance-vector routing protocols such as RIP use the metric of hop count. Routes with fewer hops are preferred to routes with more hops.
What is the RIP distance limitation?
In RIP, any route of more than 15 hops is considered to be unreachable.
What type of access control does anti-virus software fall under?
Antivirus software is considered an implementation of a corrective access control.
What type of access control is a data backup?
A data backup is considered a recovery access control when it used to restore lost or damaged data. It is a preventive access control during the actual backup process.
Define what constitutes the Annualized Rate of Occurrence (ARO).
The Annualized Rate of Occurrence (ARO) is the frequency at which a risk event occurs.
How is the Annualized Lost Expectancy (ALE) defined?
The Annualized Loss Expectancy (ALE) is the average yearly cost of a risk.
What is a Fagan Inspection?
A six-step formal code review process. The steps are planning; overview; preparation; inspection; rework and follow-up.
Where are Fagan Inspections normally used?
In highly restrictive environments where code flaws may have catastrophic impact.
What is Fuzz Testing?
An automated test of software, which supplies intentionally invalid input to the software being tested with the intent of triggering known vulnerabilities in that software.
What are the Optical Channel (OCx) speeds?
OC-1 (51.84 Mbps); OC-3 (155.52 Mbps); OC-9 (466.56 Mbps); OC-12 (622.08 Mbps); OC-19 (933.12 Mbps); OC-24 (1.244 Gbps); OC-36 (1.866 Gbps); OC-48 (2.588 Gbps); OC-96 (4.977 Gbps); OC-192 (9.953 Gbps); OC-768 (40 Gbps); OC-3072 (160 Gbps).
How is a T-1 frame constructed?
24 - 8 bit channel slots
What are the different types of T-carriers and their speeds?
T1; 24 channels; 1.544 Mbps;
T2; 96 channels; 6.312 Mbps;
T3; 672 channels; 44.736 Mbps;
T4; 4032 channels; 274.760 Mbps.
What halon replacement is safest in an electrical environment?
FE-13. It can be safely breathed at concentrations of up to 30 percent. Other halon replacements can only be safely breathed at half of that amount.
What is the primary characteristic of standby lighting?
It floods a given area with light when suspicious activity is detected.
What is a threat vector?
A threat vector is a potential medium that an attacker can use to exploit a vulnerability.
What intellectual property attack does not focus on infringement of trademarks?
Piracy, which focuses on infringement of copyright.
WS-SecureConversation
Creates security contexts for faster message exchanges.
What is the difference between P2PE and E2EE with regards to payment card security?
P2PE prevents merchants from performing key management, whereas E2EE does not.
What hardware platform is most limited in processing power?
An embedded system, which is typically used in smaller devices.
What maturity model stage has the highest reliance on individuals and contains a high potential for errors?
The ITGI repeatable stage. In this stage security procedures for specific tasks have been developed, but no organizational standards exist. Issues remain reactive, and the high involvement of people creates a high potential for error.
At what OSI layer does S-HTTP encrypt packets?
S-HTTP encrypts packets at the Application layer.
What step in the access control process is mapping a list of users to a list of permitted resources?
This is the determining users step of the access control process.
What does a standards document contain?
A standards document defines the technical aspects of a security program, including any hardware oR software that is required.
What does the process of encapsulation do?
It takes information from a higher layer and adds a header to it.
How is a frame created?
At the data link layer a header is added to a packet to create a frame.
How is a segment created?
At the transport layer a header is added to application data in order to create a segment.
How is a packet created?
At the network layer a header is added to a segment to create a packet.
What security architecture model is most likely to avoid covert channel attacks?
The noninterference model. As it is a multilevel security architecture model, it keeps data access attempts separate on a system, preventing data at one security level from interfering with data at another security level. Low clearance input will always produce only low clearance output, even if a high clearance subject is working with high clearance objects on the same system.
What organization created a code of ethics that focuses exclusively on ethical behavior and the Internet?
The Internet Activities Board (IAB). The IAB code of ethics, known formally as "Ethics and the Internet" is RFC 1087, which was first published in 1987.
At what layer of the OSI model does a SYN Flood attack occur?
At the Transport layer, as it uses the TCP protocol.
Which two layers of the OSI model correspond to the Network Access Layer of the TCP/IP model?
The Physical and Data Link layers.
What is the purpose of WS-SecureConversation?
To create security contexts for faster message exchanges.
What does the EU Proportionality Principle require?
That employee monitoring be customized to the amount of risk the employer incurs.
What does database shadowing allow?
Quick recovery of mission-critical databases in the event that the primary site experiences a disruption of service.
Why are the combination of civil and criminal law not considered mixed law?
Because criminal law is not a major legal system; it is a branch of law within the common law system.
What is the other name for civil law?
Tort law.
What are two examples of mixed law?
Customary law and common law, or common law and civil law.
What is a hierarchical security model that defines layers of privilege?
A lattice based model. Within it, subjects are assigned to layers and are allowed to access objects that reside in the same layer. No communication is allowed between layers.
How does a matrix-based security model operate?
Access is allowed or denied based on the direct relationship of a subject to an object. The points at which a row and a column intersect define the relationship of the subject and object.
How does an information flow security model operate?
This model describes how information should or should not be passed from subject to object within the secure environment. Bell-LaPadula (confidentiality) and Biba (integrity) are both information flow security models.
Which log should be consulted to determine when a file was deleted?
System Events Logs.
What do Network Events Logs track?
Whether unauthorized or inappropriate activity is occurring on the network.
What do Application Events Logs track?
To determine whether a particular application has been attacked or compromised.
What do User Activity Logs track?
The actions a particular user has performed on a system.
What devices and protocols operate at the Network Access Layer (1) of the TCP/IP model?
NICs, Hubs, Repeaters, Switches, Bridges, Ethernet, Frame Relay, Token Ring, PPP and Cisco Discovery Protocol. This is basically everything that runs at layers 1 (physical) or 2 of the OSI model.
What devices and protocols run at the Internet (2) layer of the TCP/IP model?
Routers, IPv4, IPV6, RIP and OSPF. Essentially, this is equivalent to the Network layer (3) of the OSI model.
What devices and protocols run at the Host-to-Host (or Transport) layer (3) of the TCP/IP model?
UDP and TCP. This corresponds to the Transport layer (4) of the OSI model.
What devices and protocols run at the Application layer (4) of the TCP/IP model?
HTTP, FTP, TFTP, DHCP, DNS, SMTP, POP3, SSH. This equates to the top three layers of the OSI model (Session, Presentation and Application).
What access control principle creates a system of checks and balances on employees who have privileged access?
Separation of Duties.
What is a Layer 2 Ethernet broadcast address?
FF:FF:FF:FF:FF:FF.
What is a Layer 3 LIMITED broadcast address?
255.255.255.255
What is a Layer 3 DIRECTED broadcast address?
192.168.0.255
If you cannot connect to a device on a LAN that is running and connected to the network and that other devices can connect to; and if the device's ARP mapping exists and is correct, what should you do?
Check the ARP cache.
What is another name for a computer's system unit?
The computer case.
What EU privacy principle requires that data collected by an organization that monitors its employees be used in a way that is compliant with legal requirements (or the employee's consent)?
Legitimacy.
What is the reason for copying the contents of a hard disk drive during a forensics investigation?
To prevent the modification of the data on the original hard disk drive (i.e., to preserve evidence).
Which configuration management task involves the monitoring of security configuration changes over time?
Baselining.
What is the process of understanding, communicating, and documenting changes to a system so that negative effects from change can be avoided?
Change Management.
What is the process that manages system or application software updates?
Patch Management.
What is the process of addressing any vulnerabilities or configuration problems that were discovered during vulnerability scanning?
Vulnerability Management.
What is the process of examining a system for unpatched, known vulnerabilities and unsecure configurations?
Vulnerability Scanning.
What is the OOP concept in which two objects that are based on the same class can process data independently?
Polyinstantiation.
What is the OOP concept that enables data to be processed differently based on the data type?
Polymorphism.
What is another name for linear cryptanalysis?
A known plaintext attack.
What kind of attack uses a rainbow table to compare known hashes to unknown hashes?
Brute-force.
What kind of attack involves guessing a user's password until the correct one is found?
Password-guessing.
What is the amount of data loss or system unavailability, measured in units of time, that a business can endure?
Recovery Point Objective.
What is the maximum amount of time that a business can survive without a particular service?
Recovery Time Objective.
What is the most accurate, noninvasive biometric access control?
Iris Scan (as retinal scans require enrollment).
What is the privacy policy that was created in 1980 to provide a framework for how information traverses international borders?
OECD Guidelines.
What privacy policy was created in 1995 to ensure the free flow of information among members of the EU?
EU Data Protection Directive.
What privacy policy was created in 1998 to allow companies in the United States to share PII with EU member nations?
The EU-U.S. Safe Harbor Act.
What memory protection technique maps processes to specific hardware memory locations?
Hardware Segmentation.
What memory protection technique copies an entire process to disk?
Swapping.
What uses object encapsulation or time multiplexing to logically segregate processes so that one process does not interfere with another?
Process Isolation.
What device is used to create multiple broadcast domains on a network?
Router.
What creates separate collision domains within a single broadcast domain?
Layer 2 Switch or a Bridge.
What is the data access control that uses permissions determined by organizational policy and need-to-know?
MAC (Mandatory Access Control).
Which (ISC)2 canon requires a security professional to abstain from spreading fear, uncertainty and doubt (FUD)?
"Act honorably, justly, responsibly and legally." Spreading FUD is irresponsible and basically equivalent to rumor mongering.
It what type of attack does the attacker have access to the ciphertext alone?
Brute-Force.
What is the sensitive information control that entails a legal requirement?
Records retention.
What type of encryption algorithm is RSA?
Asymmetric.
What are three examples of symmetric algorithms?
AES, RC5, and 3DES.
What is the data normalization process of removing data in a table that is not dependent on the primary key from that table?
Third Normal Form (3NF).
What is the data normalization process of logically dividing data into tables?
First Normal Form (1NF).
What is the data normalization process of moving data that partly depends on primary keys into a different table?
Second Normal Form (2NF)
How many forms of data normalization are there?
Three: 1NF, 2NF and 3NF.
What well-known system architecture security model focuses on integrity?
Clark-Wilson.
What well-known security architecture security model focuses on confidentiality?
Biba.
What well-known security architecture model focuses on the flow of information?
Information Flow. It describes how information should or should not be passed from subject to subject in a secure environment.
What two well-known security architecture models build upon the Information Flow model?
Bell-LaPadula and Biba.
What is the purpose of a Key Distribution Center?
Enabling SSO services by acting as a trusted third-party authentication server.
What is the difference between how a bridge and a switch route a frame?
Bridges send the frame out the port that the destination network segment is connected to. Switches send the frame directly to the destination computer.
What facet of risk management does installing software with known vulnerabilities indicate?
Risk Acceptance.
What facet of risk management does removing software that has been found to contain vulnerabilities indicate?
Risk Avoidance.
What facet of risk management does purchasing warranty coverage indicate?
Risk Transference.
What third-party authentication method supports public-key cryptography?
SESAME
What kind of an access control system is Kerberos?
Single-Sign On (SSO).
What kind of technology is LDAP?
A directory technology used to centrally manage user accounts.
What is the DES mode that is fast, strong and which does not propagate encryption errors?
Counter (CTR) Mode.
What type of alternate site supports disaster recovery in accordance with a DRP?
Hot sites - can be transitioned to in minutes or hours.
What type of security service is most likely to include devices such as IDS and SIM platforms?
An audit and monitoring service.
What type of security service is most likely to include devices such as firewalls and border routers?
Boundary Control Service.
What type of security service is likely to include antivirus, content-filtering and IPS?
An Integrity Service.
What is the largest hash value that can be created by the Secure Hash Algorithm (SHA)?
512-bit.
What layer of the OSI model does UDP operate at?
Transport.
What are the five DES modes listed from best to worst?
Counter (CTR); Output Feedback (OFB); Cipher Feedback (CFB); Cipher Block Chaining (CBC); Electronic Code Book (ECB)
What threat can be prevented by system hardening and user education?
Installation of malware.
What is another name for the False Accept Rate (FAR)?
Type II error.
What is another name for the False Reject Rate (FRR)?
Type I error.
What type of attack vector uses software that requires no installation or user interaction compromise a system?
Mobile code.
What is the name of well-known host intrusion detection system (HIDS)?
Tripwire.
What is the LDAP default port in Active Directory?
389
What is the LDAPS default port in Active Directory?
636
What is a Kerberos Ticket Granting Ticket (TGT)?
A token used to gain access to resources.
What is polymorphism?
When two different objects respond to the exact same message in different ways.
What is polyinstantiation?
An access control mechanism that takes a copy of one object and repopulates it with different data.
What encryption algorithm has the strongest encryption per key bit?
AES - Advanced Encryption Standard, which is a symmetric encryption algorithm.
What is "validation"?
It is the next to last, or seventh, step in the Change Management process.
What is a Layer 3 limited broadcast address?
It is an IP address that is sent to all devices on a broadcast domain.
What is a Layer 3 directed broadcast address?
It is an IP address that is sent to all devices on a specific subnet.
What is a Layer 2 (Ethernet) broadcast address?
It is a MAC address that is sent to sent to all devices on a broadcast domain.
What requirement of using a one-time pad does not entail security of the pad?
That the originator and recipient use the same page. Although this is necessary for effective communication, it is not a security issue.
What are the three conditions which must be met to ensure the security of a one-time pad?
The characters must be random; the pages can never be re-used; and the pads must be kept securely stored when not in use.
What does "baselining" do?
It is a Configuration Management task used to monitor security configuration changes over time.
What is the "work factor" of a cryptosystem?
The amount of time and effort it is estimated to take to "crack the key", based on the strength of the cryptosystem.
What is Temporal Key Integrity Protocol (TKIP)?
An enhancement to WEP security introduced in IEEE 802.11i.
What are the five critical services provided by cryptography to IT?
Confidentiality; Authentication; Nonrepudiation; Integrity and Secure Key Distribution.
What is the limitation of services provided by symmetric cryptography?
It only provides effective Confidentiality: all other cryptographic services should use an asymmetric algorithm.
What is CDM?
Continuous Diagnostics and Mitigation
What is informatics?
The study and practice of creating, storing, finding, manipulating and sharing information. The term is often used as though it is synonymous with "health informatics".
What are the various encryption algorithms endorsed by the NSA Information Assurance Directorate (IAD)?
AES, ECDH, ECDSA, SHA, DIFFIE-HELLMAN, RSA.
What canon of the (ISC)2 code of ethics might a CISSP violate by developing a professional relationship with individuals or organizations who could hurt the profession?
Advance and protect the profession.
What are the steps, in order, to take when creating an encrypted messages with a digital signature using PKI?
The sender creates a hash of the message; the hash is encrypted with the sender's private key; the message is encrypted with the recipient's public key.
To minimize restore time in the event of a hard disk failure, what kind of backup should be used?
Full.
What is the safest fire suppression system to use in an electrical environment?
FE-13. It doesn't damage computer equipment, and can be safely be breathed at concentrations of up to 30 percent.
What integrity method does an 802.11i WLAN use?
CCMP, which was created to correct TKIP vulnerabilities. CCMP includes MIC (Message Integrity Check). This is part of WPA2.
What encryption method does WPA2 use?
AES (256-bit).
What does WPA use for integrity?
TKIP.
What does WPA use for encryption?
RC4.
Which control does not require enrollment for biometric authentication?
Facial scans.
What three 802.11 standards use OFDM?
a, g, and n.
What ARP table entry could case a lack of connectivity to the Internet, even if local hosts on the LAN are reachable?
The IP address of the gateway computer mapped to another host.
Which IT Governance Institute (ITGI) maturity model stages has the highest reliance on individuals, and thus, the greatest potential for errors?
Repeatable.
What Software Engineering Institute's Capability Maturity Model (SEI CMM) stage is equivalent to the ITGI's "Repeatable"?
Managed.
What Software Engineering Institute's Capability Maturity Model (SEI CMM) stage is equivalent to the ITGI's "Managed"?
Quantitatively Managed.
What Software Engineering Institute's Capability Maturity Model (SEI CMM) stage is equivalent to the ITGI's "Optimized"?
Optimizing.
What is a maturity model?
A means of measuring the progress of a system's security from its implementation through its ongoing maintenance and improvement.
How many stages of maturity does the IT Governance Institute (ITGI) Security Governance Maturity Model contain?
Six.
How many stages of maturity does the Software Engineering Institute's (SEI) Capability Maturity Model (CMM) contain?
Five.
In the Software Development Life Cycle (SDLC) in which phase is a system tested by an independent third party?
Acceptance.
What is the distinction between a differential and incremental backups?
Differential - only files since last full backup
Incremental - files since last backup of any type.
Flammable gases - what is the extinguishing agent?
US Class B
UK Class C
Electrical fires - what is the extinguishing agent?
US Class C
UK Class E
Kitchen fires - what is the extinguishing agent?
US Class K
UK Class F
Wood or paper fires - what is the extinguishing agent?
Class A in both the US and the UK.
Flammable liquids - what is the extinguishing agent?
Class B in both the US and the UK.
Flammable metals - what is the extinguishing agent?
Class D in both the US and the UK.
In the event of a hard disk failure, what type of backup minimizes restore time.?
Full.
What canon of the (ISC)2 Code of Ethics is violated by developing professional relationships with individuals who could hurt the profession?
"Advance and protect the profession."
What is the safest fire suppression agent to use in an electrical environment?
FE-13, as humans can breathe it in concentrations up to 30 per cent.
What is the most effective fire suppression agent to use in an electrical environment?
FE-200 may extinguish a fire more quickly than FE-13 but humans can only breathe it in concentrations of 15 per cent.
What is the integrity method used in 802.11a with WPA2?
CCMP - Counter Mode with Cipher Block Chaining Message Authentication Code. CCMP is superior to TKIP: as CCMP creates a Message Integrity Code (MIC) to validate that the message wasn't altered in transit.
What system architecture security model is focused on integrity?
Clark-Wilson.
In Incident Response, does "reporting" come before or after "recovery"?
Reporting comes before recovery. (DET, RES, RPT, RCV, REM).
What is data remanence?
The gleaning of information from computer media by using the remains of data that a previous user deleted.
What object-oriented programming concept enables two objects that are based on the same class to process data independently?
Polyinstantiation (more than one instance).
Which rule, enforced within the Bell-LaPadula security model, specifies that a subject cannot read data from an object from a higher security level?
Simple security rule.
What is a minimum requirement when placing mission-critical systems in wiring closets or server rooms?
Use electronic access control with all entry attempts logged by security systems.
Which of the following audits does the Statement on Auditing Standards (SAS) 70 reports focus upon?
Financial statement.
What part of incident management is responsible for identifying chain of custody requirements?
Mitigation.
For a medium-sized company with an experienced planner and the full support of management, when should an appropriate alterative site be selected?
Nine to twelve months.
How is OWASP defined?
As an organization that maintains a list of the top ten web application security risks.
Data can be protected while it is in transit using either link encryption or end-to-end encryption. Each method functions differently. Which statement is true regarding end-to-end encryption?
It is typically applied by the end user.
What physically separates the network control plane from the data-forwarding plane?
Software Defined Networking (SDN).
What is the process for ensuring that the assets required by an organization are properly controlled and that accurate and reliable information about those assets is available where and when it is needed?
Configuration management.
What is the least important considering when implementing a security plan for an LDAP directory service?
The capacity of the service to support the strongest security products.
Steps have been taken to mitigate risks round during an assessment of custom software installed on one of the organization's server computers. What step must be taken before the risk can be declared as mitigated?
The mitigations must be tested by an independent group.
The UK Data Protection Act of 1998 stipulates requirements for how data is stored, retained and disposed. Therefore, companies operating out of the UK need to ensure they comply. Which statement reflects the requirements set by the Data Protection Act for retaining personal data?
The maximum duration information can be kept is five years after communications have been received.
What is an optional component in a PKI infrastructure?
Having a registration authority (RA).
At what point is an IPS placed in a network to optimally minimize false positives while maximizing true positives?
Between the firewall and the company network.
Which component of Software Defined Networking (SDN) model is used to communicate network requirements to the SDN controller?
The SDN northbound interface.
What option makes software development environments most prone to security weaknesses?
The sharing of resources.
Which component of an organization's security program should management use to mandate that all employess wear photo ID badges, and that they are visible at all times?
Baseline document.
Which listing contains the minimum computer hardware information that should be included as part of the configuration documentation?
Asset location, MAC address, Organization asset code, Serial number.
What statement does not apply to application interface testing?
it determines whether the components of an application are working correctly with the hardware.
Which item is typically used for the implementation of a key control system for security access to areas containing sensitive equipment?
Patented cylinders.
What access control concept is used when operational secrecy is a major concern?
Need to know.
Which type of document defines how to implement a consistent security configuration throughout the organization?
Baselines.
You have been tasked with testing the internal interfaces of an application. Which test should you include in your testing strategy?
Ensure transactions are canceled if the internet connection is lost.
What can be used for synthetic performance monitoring of a web site?
Microsoft System Center Operations Manager.
According to the event management process, which action should be taken immediately after an event occurs?
Report to the communications center.
With what is implementing security within an organization mainly concerned?
Supporting business goals and objectives.
What information is contained in a SAML token?
Digital signature.
What step should be performed first in the disaster recovery process once an event is identified?
Report the event to the help desk.
Describe the change management process.
A process used to protect against the accidental or deliberate introduction of harmful modification to code or systems.
Which classification level of the Orange Book is the first to provide individual accountability by requiring login procedures and audit trails?
C2.
Which type of cryptographic attack relies on the study of affine transformations to deduce the cipher's exact behavior?
Linear cryptanalysis.
You have been tasked with testing a web application by attempting to access a secure page without first logging in. Which type of test do you need to perform?
Negative.
What encrypts packets at the Network Layer?
IPsec.
What encapsulates data, but does not encrypt it?
PPP (Point-to-Point Protocol)
What encrypts data using GRE or MPPE?
PPTP (Point-to-Point Tunneling Protocol)
What supports remote access and site-to-site topologies?
VPN (Virtual Private Network)
What communicates over UDP Port 1701?
L2TP (Layer 2 Tunneling Protocol)
What requires digital certificates and a PKI?
SSL VPN.
What tool should you deploy if you need to use file encryption software?
Kingston Data Traveler 4000
What is the default security principle of a shared resource's ACL?
Implicit deny.
You are using NIST SP 800-137 to establish the assessment frequencies for security controls. Which criteria would contain information about the firewalls deployed in the organization?
Security controls or specific assessment objects that provide critical security functions.
What needs to be taken into consideration when implementing a CDN?
The risk factors have not been fully analyzed.
For an employee who loses a private key that provides access to an encrypted database, what are the first and second steps, in order?
Key revocation followed by key recovery.
Which type of security guard is cheaper? Proprietary (employed directly by company) or Contracted?
Contracted.
What are the five levels in the IT Governance Institute (ITGI) Maturity Model?
Non-existent; initial/ad-hoc; repeatable but intuitive; defined process; managed and measurable; optimized.
What are the five levels in the Capability Maturity Model (CMM)?
Initial; Repeatable; Defined; Managed; Optimizing.
What are the 10 phases of the Systems Development Life Cycle (SDLC)?
Initiation and planning; Functional requirements definition; System design specification; Development and implementation; Documentation and common program controls; Acceptance; testing and evaluation controls; Certification; Accreditation; Implementation.
Under what circumstances would assessors be likely to perform a quantitative (vs a qualitative) risk assessment for a company?
When the assessors have extensive experience performing risk assessments in general.
Of ECC, 3DES, AES and D-H, which encryption algorithm provides the strongest encryption per key bit?
AES, because it is a symmetric vice an asymmetric encryption algorithm. Although 3DES is also symmetric, the AES algorithm is stronger.
Under what circumstances would assessors be likely to perform a quantitative assessment instead of a qualitative assessment of an organization.
When the assessors have extensive experience performing assessments for numerous organizations.
Why do symmetric encryption algorithms provide stronger encryption per key bit than asymmetric algorithms?
Symmetric algorithms require fewer bits than asymmetric encryption algorithms to provide the same level of protection.
What are the most common symmetric encryption algorithms?
AES and the varieties of DES.
What are the most common asymmetric encryption algorithms?
RSA, Diffie-Hellmann and Elliptic Curve Cryptography.
Which two asymmetric encryption algorithms use discrete logarithms?
Diffie-Hellmann and Elliptic Curve Cryptography.
Which asymmetric encryption algorithm uses large prime numbers, or prime number factoring?
Rivest-Shamir-Adelman (RSA).
What are most commonly used network protocols mapped to the ports in the TCP/IP model?
FTP DATA TCP 20; FTP CONTROL TCP 21; SSH TCP/UDP 22; TELNET TCP 23; SMTP TCP/UDP 25; DNS TCP 53; DHCP SERVER UDP 67; DCHP CLIENT UDP 68; TFTP TCP 69; HTTP TCP/UDP 80; KERBEROS TCP/UDP 88; POP3 TCP 110; NTP UDP 123; NETBIOS NAME RESOLUTION UDP 137; NETBIOS DATAGRAM SERVICE UDP 138; NETBIOS SESSIOS SERVICE TCP 139; SNMP UDP 161; SNMP TRAP TCP/UPD 162; LDAP; TCP/UDP 389; HTTPS TCP 443; SSTP TCP 443
What kind of encryption algorithm should be used to exchange security keys between two parties who have not had prior contact?
Asymmetric, such as Diffie-Hellman.
Which security protocols are supported on 802.11g WLAN?
WEP, TKIP and AES.
What security protocol is NOT supported on an 802.11g WLAN?
MIMO. This was not introduced until 802.11n.
What security architecture framework exclusively uses business requirements as a central point of comparison for every phase of development?
The Open Group Architecture Framework (TOGAF).
What operational framework was developed in the 1980s by the UK CCTA to standardize IT management procedures.
ITIL (Information Technology Infrastructure Library).
What rating indicates the amount of data loss or system unavailability, measuring in units of time, that a business can endure?
Recovery Point Objective (RPO).
What rating indicates the maximum amount of time that a business can survive without a particular service?
Recovery Time Objective (RTO).
What is the frequency at which a risk event occurs?
Annualized Rate of Occurrence (ARO), expressed as a percentage or a decimal.
What is the cost of a loss that includes the cost of materials, the technical service hours required and lost productivity that is experienced as a result?
Single Loss Expectancy (SLE), expressed as a dollar amount.
What is the average yearly cost of a risk?
Annualized Loss Expectancy (ALE), calculated by multiplying Annualized Rate of Occurrence by Single Loss Expectancy. This is expressed as a dollar amount.
To ensure that every concert attendee walks through a specific venue entrance, what perimeter defense should be used?
A fence. Fences acts as borders that guide visitors to a specific entry point.
What access control prevents tailgating?
A turnstile.
What access control uses two doors to prevent unauthorized users from entering secured areas, and requires authentication to pass through?
A mantrap.
What is a best practice regarding security policies?
Security policies should be as short as possible. That makes them easier to remember and thus easier to comply with.
In which phase of the Systems Development Life Cycle (SDLC) is the system tested by an independent third party?
The SDLC Acceptance phase.
What system security technique involves a security monitor?
Access control mechanisms.
In order to prevent access to your network-facing resources from specific domains while allowing all others, what ACL access rule should be implemented last?
"Allow All". This works even if the firewall uses an implicit deny rule.
What type of document defines the technical aspects of a security program, including any hardware and software that is required?
A standards document.
What type of document provides a high-level overview of an organization's security posture?
A policy document.
What type of document provides a minimum level of security that a company's employees and systems must meet?
A baseline document.
What type of document is a low-level guide that explains how to accomplish a task?
A procedures document.
What type of document provides helpful bits of advice to employees, but is discretionary?
A guidelines document.
Which types of documents are mandatory?
Policies, procedures, standards and baselines.
How do you calculate risk analysis?
Multiply Annualized Rate of Occurrence (ARO) by Single Loss Expectancy (SLE).
What is another name for calculated risk analysis?
Annualized Loss Expectancy (ALE).
What is "black-box" testing?
Black-box testing is a method in which the tester is provided no information about the application being tested.
What is Pairwise Testing?
Pairwise testing is a form of combinatorial testing that involves testing more than one component at a time, therefore reducing the number of tests that must be conducted in order to test all possible combinations.
What are three common types of black-box testing?
Static testing, combinatorial testing and fuzz testing.
What kind of vulnerability involves the redirection of static content within a trusted site?
Cross-Site Request Forgery (CSRF or XSRF).
What PDU is encapsulated in packets?
Segments are encapsulated in packets.
What is the EU privacy principle requiring that employee monitoring be customized to the amount of risk the employer incurs?
Proportionality.
What part of IPSec is used to provide confidentiality in a VPN tunnel?
Encapsulating Security Payload (ESP).
What does IPSec use Authentication Header (AH) for?
Authentication Header is used by IPSec to provide authentication and integrity for VPN tunnel traffic.
What does IPSec use ISAKMP for?
ISAKMP is used by IPSec to establish and manage security associations.
Which EU privacy principle requires that data collected by an organization that monitors its employees be used for a specific, explicit and legitimate purpose?
Finality.
What is the purpose of a Kerberos Ticket-Granting-Ticket?
A Ticket-Granting-Ticket (TGT) enables an authenticated user to request access to network services.
Why is Kerberos not susceptible to eavesdropping?
Credentials are encrypted by a secret (session) key before being sent over the network.
What are two examples of deterrent access controls?
Policy documents and signs.
What is the correct order of steps for the development of Business Continuity (BCP)?
Develop a BCP policy statement; Conduct a BIA; Identify protective controls; develop recovery strategies; develop an IT contingency plan; Perform DRP training and testing; and Perform BCP/DRP maintenance.
What intellectual property attack does not focus on the infringement of trademarks?
Piracy, which focuses on infringement of copyright.
What does the CISSP canon "Advance and Protect the Profession" require?
This canon requires that a security professional should not negatively affect the security profession by developing professional relationships with unethical individuals or organizations.
Although MAC (media access control) physical addresses are assigned by the software manufacturer, what are some potential issues?
They can spoofed and they can sometimes be changed in software.
What is the size of the current MAC address, and how is it constructed?
MAC addresses are generally 48 bytes in size. The first half is the Organizational Unit Identifier (OUI) which identifies the manufacturer of the device. The second half is the serial number.
What is the purpose of WS-SecureConversation?
To create security contexts for faster message exchanges.
What are the PDUs from the highest to lowest layer?
Segments, Packets, Frames, Bits.
What is the correct order for the phases of an incident response policy.
Detection, response, reporting, recovery and remediation.
What is the difference between employing proprietary vs contract security guards?
Contract security guards are cheaper.
What are two characteristics of the RSA security algorithm?
RSA is an asymmetric encryption algorithm uses prime numbers to generate keys,
What common services is an auditing and monitoring service comprised of?
Intrusion Detection Devices (IDSs) and Security Information Management (SIM) platforms.
What is the international Common Criteria (ICC) Security Target?
The documentation for the system or product that is to be tested.
What sensitive information control involves a legal requirement?
Retention.
What is the difference between 255.255.255.255 and 192.168.0.255?
This first is a Layer 3 LIMITED broadcast address. The latter is a Layer 3 DIRECTED broadcast address.
What does a Layer 2 Ethernet Broadcast address look like?
FF:FF:FF:FF:FF:FF
What happens when the SQL REVOKE command is issued?
The specified user's access rights will be removed, and all users who have been granted access by the specified users will also have their access rights removed.
What do the OSI Physical and Data Link layers correspond to in the TCP/IP model?
The Network Access layer of the TCP/IP protocol.
What is the name of the hierarchical security model that defines layers of privilege?
Lattice-based model. Subjects in a lattice-based model are assigned to layers and are allowed to access objects that reside in the same layer. Lattice-based models do not allow communication between layers.
Which TCP port number are known as registered ports or user ports?
1024-49151
What is a security administrator responsible for?
User account management and reviews of audit data in a client/server architecture.
What is the correct order of Security Test & Evaluation (ST&E) according to FISMA and NIST SP 800-53A?
Management controls focus on risk management and on managing information security; Operational controls focus on processes that are implemented and executed by people. Technical Controls focus on processes that are implemented and executed by hardware and software mechanisms.
What is the equation to calculate Single Loss Expectancy (SLE)?
Asset Value (AV) multiplied by Exposure Factor (EF).
What stage of the Software Engineering Institute's Capability Maturity Model (CMM) is equivalent to the IT Governance Institute (ITGI) Security Governance Model's repeatable stage?
The Capability Maturity Model's managed stage is equivalent to the IT Governance Institute's repeatable stage.
What is a definition of a zero-day vulnerability vs a zero-day exploit?
A zero day vulnerability is malicious code that takes advantage of a vulnerability that has no fix. A zero day exploit is a newly discovered vulnerability that has no fix.
What legal system has the same name as a branch of the common law legal system?
Civil law is legislated, unlike common law, in which case rulings and precedents are emphasized.
What is the focus of civil law, also known as tort law?
Civil/tort law typically involves injury to and individual or a group as a result of negligence, and concentrates on compensating the victim.
What security architecture model would best be deployed to avert covert channel attacks?
The noninterference security model.
What is the most important consideration for a disaster recovery site regarding natural disasters?
Where the site is located. Because natural disasters affect a geographical area, you should consider placing your disaster recovery (DR) site in a location that is unlikely to be affected by the same natural disaster.
What metric is used by distance vector routing protocols such as RIP?
Hop count is used by distance vector routing protocols such as RIP.
Which of the IT Governance Institute maturity model stages has a high reliance on individuals and contains a high potential for errors?
The IT Governance Institute (ITGI)'s REPEATABLE stage.
What process is VALIDATION a step in?
Change management.
What is one of the five rules of evidence?
Be complete. The other four are accurate, complete, convincing and admissible.
What is the compartmented mode of IT operation?
It assumes that a subject has the necessary clearance to access an object and enforces need to know by using technical controls. All subjects are assumed to have the proper level to access objects. Some subjects may not have the authorization or NTK. Technical access controls are used to verify that a subject needs to know the information that is contained in an object that resides in a particular component.
What is the "dedicated mode" of IT operation?
Dedicated mode requires that a subject have a level of clearance that is greater to or equal to the security of an object as a precursor to object access. This model does not assume that a subject has the necessary clearance to access an object. In addition to clearance, a subject must have NTK and formal authorization. Dedicated mode stores objects at a single security level only. A TOP SECRET dedicated mode system would not also be able to store SECRET objects.
What is the system high mode of IT operation?
Subjects must have a clearance which matches the highest object security level in order to access any objects on the system, even if of the objects on the system aren't themselves classified at the highest level of the system. System High mode does not assume that a subject has the necessary clearance to access an object.
What is the multilevel mode of IT operation?
Subjects of varying clearance levels can access objects of different security levels. Multilevel mode uses a reference monitor, which is an access control mechanism that enforces access policies and validates a subject clearance level and determines whether a subject with a specific clearance level can access an object of a different (lower) security level. Multilevel mode does not assume that a subject has the necessary clearance to access an object.
What is a reference monitor?
It is an OS kernel function that determines whether a subject with a specific clearance level can access an object of a different classification level. It is used in access control mechanisms.
What is are two examples of mixed law?
Customary law and Common Law; Common Law and Civil Law.
Why is the combination of Administrative Law and Criminal Law NOT an example of mixed law?
They are both branches of Common Law.
Why is the combination of Civil Law and Criminal Law NOT an example of mixed law?
Criminal law is a branch of Common Law.
Why is the combination of Tort Law and Common Law NOT an example of mixed law?
Tort law is a branch of Common Law.
Which two types of firewalls operate at OSI Layers 3 and 4.
Packet filtering and Stateful.
What OSI Layer do Circuit Level Proxy firewalls operate at
The Session layer. It provides filtering services for many upper level protocols. This type of firewall cannot make filtering decisions at the Presentation or Applications layers, because it cannot read the content of this data.
What is "Live Forensics"?
The investigative process that takes a bit-by-bit image of volatile memory so that its contents are not lost during the investigation. This process attempts to investigate and acquire evidence from volatile memory.
What is an inherited right?
Rights that a user account receives as a result of being assigned as a member of a security group that already has that right.
What is digital forensics?
An investigative process focused on preserving compromised system's crime scene and protecting evidence. It protects evidence residing in volatile memory from being destroyed by a loss of power, until live forensics can preserve it.
What is polyinstantiation?
An object-oriented programming (OOP) concept in which two object that are based on the same class can process data independently.
What's the difference between a right and a privilege?
Rights grant users the ability to perform specific actions on a system. Permissions enable users to read, write to or execute files on a file systems. Permissions are different from rights in that permissions grant levels of access to a particular object on a file system.
When developing a business continuity plan (BCP). what is the next step after developing the Business Continuity Plan policy statement?
Conduct a Business Impact Analysis (BIA).
Why are Information Security Officers unlikely to report to the internal audit department?
As internal auditors are generally tasked with evaluating how the company's employees are handling business processes (including IT security), it would be seen as a conflict of interest.
What data access control is least likely to control access by using explicit rights and permissions?
Role-Based Access Control (RoBAC).
What security standard recommends security controls based on industry best practices?
ISO 27002 (standards); ISO 27001 (governance/ISMS).
What is the purpose of ITIL?
It standardizes IT management processes; providing documentation on IT best practices that improve performance, increase productivity and reduce costs.
What RAID stripes data at the byte level?
RAID 3
What is the purpose of (Control Objects for Information and Related Technology (COBIT)?
COBIT is an IT management framework that was jointly created by the Information Systems Audit and Control Association (ISACA) and the IT Governance Institute (ITGI). It defines four domains containing a number of high-level control objectives. COBIT is typically used by security architects to provide an example of the minimum security requirements of any organization.
What RAID stripes data at the block level, but only uses a single parity disk?
RAID 4
What RAID stripes data at the block level using multiple parity disks?
RAID 5, which stripes parity across an entire disk array, known as distributed parity.
What RAID only mirrors data?
RAID 1
What RAID only stripes data, without parity?
RAID 0
What RAID does bit striping?
RAID 2
What happens in a high-diffusion hash function when a single character is modified in the ciphertext (encrypted text)?
Multiple characters in the plaintext should change as a result.
What is an argument against implementing rotation of duties (job rotation)?
It can be expensive to implement because of the number of employees that must be hired and trained to perform the duties.
What type of firewalls make decisions bases on the OSI Network and Transport layers.
Packet filter firewalls and stateful firewalls.
What is "high coupling and high cohesion"?
An OOP object that greatly depends on other objects.
What is "high cohesion and low coupling"?
An OOP object that is mostly independent from other objects.
RPO (Recovery Point Objective) refers to the point in time in the past to which you will recover. RTO (Recovery Time Objective) refers to the point in time in the future at which you will be up and running again.
In this illustration of a disaster timeline, RPO is the point to which you will have all data up to that point recovered. The gap between the disaster and the RPO will likely be lost as a result of the disaster. RTO is the point in the future at which you will be back up and running full speed ahead. The gap between the disaster and the RTO is the timeframe for which your app will be down and non-functioning.
What are the four steps of the Incident Response Lifecycle (according to NIST SP 800-61)?
1. Preparation;
2. Detection and Analysis;
3. Containment, Eradication and Recovery;
4. Post-Incident Activity.
What are the properties or qualities of baseband?
*Digital
*Frequency division multiplexing not available
*Bi-directional
*Short-distance
*Entire bandwidth
What are the properties or qualities of broadband?
*Analog
*Frequency division multiplexing possible
*Unidirectional
*Long-distance
*Portion of bandwidth - can share with other signals
What is resiliency?
The ability to resist, absorb, recover from, or adapt to adverse occurrence. Implicit in this definition is that this occurs in a relatively short period of time after the adverse event.
What is a "catastrophic incident" according to the National Response Framework (NRF)?
Any natural or manmade incident, including terrorism, that results in extraordinary levels of mass casualties, damage, or disruption severely affecting the population, infrastructure, environment, economy, national morale, and/or government functions.
What is the National Response Framework Incident Command Structure (ICS)?
The Incident Commander, The Command Staff and the General Staff.
How many FEMA regions are there, and where are the regional offices located?
There are ten FEMA regions:
1. Boston (MA)
2. New York (NY)
3. Philadelphia (PA)
4. Atlanta (GA)
5. Chicago (IL)
6. Denton (TX)
7. Kansas City (KS/MO)
8. Denver (CO)
9. Oakland (CA)
10. Seattle (WA)
What is Conformity Assessment?
An approach by which organizations determine and demonstrate that they are exercising diligence with regard to cybersecurity.
What is Multi-Protocol Label Switching (MPLS)?
MPLS is a packet forwarding technique which uses labels in order to make data forwarding decisions.
In communications security (COMSEC) what is a RED signal?
A RED signal is in COMSEC is an unencrypted classified signal.
In communications security (COMSEC) what is a BLACK signal?
A BLACK signal in COMSEC is an encrypted classified signal or an unclassified signal.
What is A&A in the Risk Management Framework?
A&A stands for Assessment and Authorization. It has replaced Certification and Accreditation (C&A) under DIACAP.
OTHER SETS BY THIS CREATOR