09102017_Wiley_Test3

Question 1

______is used to sufficiently cleanse remnants of data on a magnetic storage drive so that it can be reused in unsecure environments.

Answer 1

Purging

Question 2

The _______ model enforces separation of duties to further protect the integrity of data.

Answer 2

Clark-Wilson

Question 3

In a _______ ______, all protection mechanisms work together to process sensitive data for many types of users while maintaining a stable and secure computing environment

Answer 3

trusted system

Question 4

telephone network) requires the use of a modem to support digital computer communications over an otherwise analog link

Answer 4

POTS (plain old telephone system) or PSTN (public switched

Question 5

Which form of physical security control focuses on facility construction and selection, site management, personnel controls, awareness training, and emergency response and procedures?

Answer 5

Administrative

Question 6

________ access controls are the policies and procedures defined by an organizations security policy to implement and enforce overall access control. These focus on two areas: personnel and business practices (e.g., people and policies). Examples of administrative access controls include policies, procedures, hiring practices, background checks, data classification, security training, vacation history, reviews, work supervision, personnel controls, and testing.

Answer 6

Administrative access controls

Question 7

_______ access controls are the hardware or software mechanisms used to manage access to resources and systems and provide protection for those resources and systems. Examples of logical or technical access controls include encryption, smart cards, passwords, biometrics, constrained interfaces, access control lists (ACLs), protocols, firewalls, routers, intrusion detection systems, and clipping levels.

Answer 7

Logical/technical

Question 8

_____access controls Physical access controls are the physical barriers deployed to prevent direct contact with systems or portions of a facility. Examples of physical access controls include guards, fences, motion detectors, locked doors, sealed windows, lights, cable protections, laptop locks, swipe cards, guard dogs, video cameras, mantraps, and alarms.

Answer 8

Physical

Question 9

The second phase of the IDEAL software development model is the Diagnosing stage.

Answer 9

Diagnosing

Question 10

IDEAL

Answer 10

Software Development Tool

Initiate- reason for change outlined
Diagnose - troubleshoot and analyze
Establish - plan of attack based on dx
Act  - walk the walk
Learn - QI

Question 11

CMM

Answer 11

Initiate 
Repeatable
Defined
Manage
Optimize

Question 12

What software development technique includes as a basic principle that it values responding to change over following a plan?

Answer 12

Agile

Question 13

_____logging provides a nonmodifiable repository for system logs, preventing an attacker from destroying evidence of an attack.

Answer 13

Centralized

Question 14

Technology ________ is the tendency for various technologies, solutions, utilities, and systems to evolve and merge over time

Answer 14

Technology convergence is the tendency for various technologies, solutions, utilities, and systems to evolve and merge over time

Question 15

____ evidence must be either uniquely identified by a witness or authenticated through a documented chain of custody

Answer 15

Real

Question 16

Chain of evidence or chain of custody has ___ ____ ___ ____of the evidence…

Answer 16

WHO, WHAT, WHERE and WHEN

Question 17

Chain of Custody. Must track and ______

Answer 17

Record all evidence.

Question 18

Real evidence must by ______ _____ ____

Answer 18

relevant,
materiality,
competent

Question 19

Parol Evidence

Answer 19

“Escrow”. Agreement put into writing

Question 20

Who is responsible for authoring the principle that can be summed up as “the enemy knows the system”?

Answer 20

Kerckchoff

Question 21

______ ________ specify the claims of security from the vendor that are built into a TOE.

Answer 21

Security targets (STs)

Question 22

Common Criteria purpose?

Answer 22

testing confirmation of system security capabilities. The number indicates what testing has been performed

Question 23

two key elements of common criteria

Answer 23

Target and Protection Policy

Question 24

Three Common Criteria guidelines

Answer 24

Part 1) Introduction.
Part 2) Security Functional Requirements.
Part 3) Security Assurance.

Question 25

CC Evaluation Assurance Levels

Answer 25

``` 0 Fuction 1 Structure 2 Methodically - Tested 3 Methodically -Desinged 4 Semiformal - Design 5 Semiformal - Design, verified 6 Formal ```

Question 26

Which process ensures that you close the loop of incident response to improve the effectiveness of your response to future incidents?

Answer 26

Lessons Learned

Question 27

What type of system is authorized to process data at different classification levels only when all users have authorized access to those classification levels?

Answer 27

System High

Question 28

System High Mode

Answer 28

Systems running in system-high mode are authorized to process data at different classification levels only if all system users have access to the highest level of classification processed.

Question 29

The two goals of the identification phase are

Answer 29

identifying incidents notifying the appropriate personnel

Question 30

RAID groups

Answer 30

0 - Striping - Uses multiple drives, PERFORMANCE 1 - Mirroring and Duplex - Improve redundancy 5- Parity - 3+ drives - Hybrid of 0 and 1. PERFORMANCE and REDUNDANCY

Question 31

3 steps of IRP Incident Response Process

Answer 31

Detect and ID Respond and Report Recover and Remediate

Question 32

CERTIFICATION

Answer 32

Conducted Internally -i.e TECHNICAL TEAM

Question 33

ACCREDITATION

Answer 33

MANAGEMENT acceptance

Question 34

Difference between CERTIFICATION and ACCREDITATION

Answer 34

CERTIFICATION is FIT FOR USE, TEAM APPROVED ACCREDITED is MANAGEMENT APPROVED

Question 35

Waterfall is very ____

Answer 35

Strict and Rigid . Preplan never goes up; like waterfall. STRUCTURE.. AKA Cleanroom

Question 36

Agile is ____

Answer 36

flexible.

Question 37

The security role of data ______ is responsible for the tasks of implementing the prescribed protection defined by the security policy and senior management.

Answer 37

custodian

Question 38

What DES mode is the streaming cipher version of CBC?

Answer 38

Cipher Feedback Mode (CFB) uses a streaming cipher, compared to CBC's block cipher.

Question 39

Microsoft's ActiveX technology supports a number of programming languages, including Visual Basic, C, C++, and Java. On the other hand, only the Java language can be used to write Java applets.

Answer 39

ActiveX supports C, C++, VB

Question 40

EMI that is generated from difference between power and ground

Answer 40

COMMON MODE

Question 41

EMI from appliances and magnets and motors

Answer 41

RFI

Question 42

The _____algorithm implemented the key escrow standard supported by the US government

Answer 42

Skipjack

Question 43

The master boot record is a single sector of a floppy disk or hard drive. Each sector is normally _____bytes

Answer 43

512

Question 44

Traverse Noise

Answer 44

Hot and Neutral.. NOTE: Common is Hot and Ground.." COMMON GROUND"

Question 45

It is very difficult to defend against ___ ____ ____ __due to their sophistication and complexity.

Answer 45

distributed denial-of-service attacks

Question 46

______ _______attacks are designed to obtain service while avoiding financial costs.

Answer 46

Phone phreaking

Question 47

The ____of a table refers to the number of rows in the table whereas

Answer 47

cardinality

Question 48

the _____of a table is the number of columns.

Answer 48

degree

Question 49

____ ______targets a specific GROUP of people such as a group of employees within a single company. Phishing goes to anyone without any specific target.

Answer 49

Spear phishing NOTE: Whaling is a form of phishing that targets high-level executives.

Question 50

______is a form of phishing that targets high-level executives.

Answer 50

Whaling

Question 51

_____ ciphers operate on one character or bit of a message (or data stream) at a time.

Answer 51

Stream

Question 52

____ can be used to securely host/store the master encryption key for whole drive encryption

Answer 52

The TPM (trusted platform module) can be used to securely host/store the master encryption key for whole drive encryption

Question 53

The MD5 algorithm produces ______-bit hashes regardless of the size of the input message.

Answer 53

128

Question 54

MD5 uses __ bit

Answer 54

128

Question 55

Companion viruses are self-contained executable files with filenames similar to those of existing system/program files but with a modified extension. Examples include..

Answer 55

.exe

Question 56

Evidence collection takes place during the ____ AND _____phase of the incident.

Answer 56

response and reporting

Question 57

The Caesar cipher is a simple ______cipher where each letter of a message is changed.

Answer 57

substitution

Question 58

_____ _______utilizes a system of digital signatures to ensure that the code originates from a trusted source. It is up to the end user to determine whether the authenticated source should be trusted

Answer 58

Control signing

Question 59

The _______of a process consist of limits set on the memory addresses and resources it can access. The bounds state or define the area within which a process is confined

Answer 59

bounds. BOUNDS have LIMITS in the OS. A process within BOUNDS it is running in ISOLATION

Question 60

A process within BOUNDS it is running in ______

Answer 60

ISOLATION

Question 61

CONFINEMENT or SANDBOXING

Answer 61

A process may be RESTRICTED to read/write in certain locations in memory.

Question 62

The _____model allows developers to repeat iterations of another life cycle model (such as the waterfall model) to produce a number of fully tested prototypes

Answer 62

spiral

Question 63

________ciphers change the values of individual characters in a message.

Answer 63

Substitution

Question 64

______evidence must be either uniquely identified by a witness or authenticated through a documented chain of custody.

Answer 64

Real

Question 65

``` SP 800-12 SP 800-14 SP 800-30 SP 800-34 SP 800-86 SP 800-100 SP 800-115 ```

Answer 65

SP 800-12 An Introduction to Computer Security SP 800-14 Generally Accepted Principles and Practices for Securing Information Technology Systems SP 800-30 Risk Management SP 800-34 Contingency Planning Guide for Information Technology Systems SP 800-86 Guide to Integrating Forensic Techniques into Incident Response SP 800-100 Information Security Handbook: A Guide for Managers SP 800-115 Information Security Testing and Assessment

Question 66

Which NIST standard covers RISK MANAGEMENT

Answer 66

SP 800-30

Question 67

Biometrics. Type 1 = Type 2 =

Answer 67

Type 1 = False Negative, False Rejection = FRR..Annoying but not detrimental to security Type 2 = False Positive, False Acceptance = FAR...BAD because an unauthorized user can get in When FRR and FAR equal it is the CER.

Question 68

Things a IT Security Manager to should consider during merger and acquisition

Answer 68

On Site Assesment Document exchange and Review Process/Policy Review

Question 69

Two LATTICE based Access Controls model

Answer 69

Biba and Bell Lapadula

Question 70

When designing physical security for an environment, focus on the functional order in which controls should be used. The order is as follows:

Answer 70

1. Deterrence 2. Denial 3. Detection 4. Delay

Question 71

Port Blocking happens on a SWITCH which layer 2

Answer 71

Layer 2 Switch will block ports

Question 72

_______ controls are your first line of defense, and PEOPLE are your last

Answer 72

Physical

Question 73

Asymmetric Algorithms

Answer 73

RSA, DH, ElGamon