Additional Info Flashcards Preview

CISSP > Additional Info > Flashcards

Flashcards in Additional Info Deck (72):
1

Port 20 and 21

FTP, File Transfer Protocol

2

22

ssh, secure shell

3

23

telnet

4

25

SMTP, Simple Mail Transport Protocol

5

53

DNS

6

69

TFTP, Trivial File Transfer Protocol

7

80

HTTP, HyperText Transfer Protocol

8

110

POP3

9

124

NTP, Network Time Protocol

10

143

IMAP, Internet Message Access Protocol (version 4)

11

161

SNMP, Simple Network Management Protocol

12

3389

RDP, Remote Desktop Protocol

13

RC-4, AES, 3DES are examples of what type of Cryptography? Symmetric or Asymmetric

Symmetric

14

RC-4 is a certain type of Symmetric Cryptography. What type?

Stream

15

What encryption algorithm is the default standard for most applications?

AES

16

The process of hashing a message, encrypting the hash with the senders private key, the receiver decrypting it with the sender's public key and then hashing the message to make sure the hashes match is called what?

A digital signature.

17

Formula to determine the amount of keys needed for Asymmetric crypto

2N

18

Formula to determine the amount of keys needed for Symmetric crypto

(N*(N-1))/2

19

Six common Asymmetric algorithms that might be on the test. (Everything else is Symmetric)

DSA, RSA, ECC (Eliptical Curve) EL Gamal, Diffie Hellman, Knapsack

20

MD-5 Hashing Algorithm length

128 bit

21

SHA-1 Hashing Algorithm length

160 bit

22

SHA-256 Hashing Algorithm length

256 bit

23

A digital signature gives you integrity and authentication which equals non repudiation. What does it not give you?

Privacy of the message is not protected by a digital signature.

24

Digital Certs follow which standard

X.509 v.4 standard

25

Two ways to check and see if a certificate has been revoked

CRL or OCSP (Online Certificate Status Protocol)

26

government standard hash functions developed by the National Institute of Standards and Technology (NIST) and specif ed in an official governmentpublication—the Secure Hash Standard (SHS), also known as Federal Information Processing Standard (FIPS) 180

SHA-1 and SHA-2

27

Name the four variants of SHA-2

SHA-256, SHA-512, SHA-224, SHA-384

28

What part of IPSec provides integrity, authenticity and non repudiation

AH (Authentication Header) through the use of an ICV (Integrity Check Value)

29

What part of IPSec provides Confidentiality

ESP (Encapsulating Security Payload). If you need confidentiality then you must use ESP.

30

IPSec on it's own does not provide security. It only provides encapsulation. What sub protocols of IPSec provide the security?

AH (Authentication Header), ESP (Encapsulating Security Payload) and IKE (Internet Key Exchange)

31

ISO 15408 uses protection profiles and security targets. It is also commonly called what?

Common Criteria

32

In the Block Cipher method called _______, the relationship between the plaintext and key are so complicated that the attacker can't alter the plaintext in an attempt to determine the key used to encrypt the plaintext.

Confusion

33

This occurs when a change in the plain text results in multiple changes spread throughout the ciphertext.

Diffusion

34

MTBF

Mean Time Between Failure

35

MTTR

Mean Time To Recover

36

MTD

Max Tolerable Downtime

37

RPO

Recovery Point Objective - How current should data be

38

Least privilege is about rights and what you can do. Need to know is about data and knowledge.

Least privilege is you don't get to change date and time on a system. Need to know is you don't get to access finance data with finance info.

39

Likelihood that a threat will exploit a vulnerability

Risk

40

This has the potential to harm an asset

Threat

41

A weakness or lack of a safeguard

Vulnerability

42

An instance of a compromise

Exploit

43

In DBMS this refers to transactions being all or nothing.

Atomicity

44

In DBMS this property ensures that any transaction will bring the database from one valid state to another. Any data written to the database must be valid according to all defined rules, including but not limited to constraints, cascades, triggers, and any combination thereof.

Consistency

45

In DBMS this property ensures that the concurrent execution of transactions results in a system state that would be obtained if transactions were executed serially, i.e. one after the other. This is the main goal of concurrency control.

Isolation

46

Name the 3 main Risk Assessment methodologies.

OCTAVE, FRAP and NIST 800-30

47

Risk management Guide for Information Technology Systems

NIST 800-30

48

The four main concepts of the Risk Management Process

Risk Assessment, Risk Analysis, Risk Mitigation and Manage Risk

49

COBIT, COSO, ITIL and ISO 27000 Series are all examples of what?

Security Governance Frameworks

50

COBIT and COSO both focus on goals for security

If we see anything related to IT security goals then they are talking about COBIT or COSO

51

For ITIL need to remember 'IT Service Management'

IT Service Management = ITIL

52

For OCTAVE remember Self directed risk evaluation

Self directed = OCTAVE

53

This security governance framework describes how Establishment Implementation, Control and improvement of the ISMS (information security management system)

ISO 27001

54

This security governance framework provides practical advice for how to implement security controls. It uses 10 domains to address ISMS.

ISO 27002

55

What is the purpose of Knowledge Transfer and/or User Training

To modify employee behavior. That is the ultimate goal. To raise security awareness could also be an option.

56

The safety and welfare of society and the common good, duty to our principles, and to each other, requires that we adhere, and be seen to adhere, to the highest ethical standards of behavior.

ISC2 Code of Ethics Preamble

57

ISC2 Code of Ethics Canons

Protect society, the common good, necessary public trust and confidence, and the infrastructure.
Act honorably, honestly, justly, responsibly, and legally.
Provide diligent and competent service to principles.
Advance and protect the profession.

58

What is the length of a copyright?

the lifetime of the author plus 70 years for individuals. 75 years from the start of copyright for corporations.

59

Patent are for inventors. What are the length of patents?

20 years from cradle to grave (idea starts the 20 year time)

60

What is the main international organization run by the UN that deals with Intellectual property

WIPO (World Intellectual Property Organization)

61

Which Export law restricts exporting cryptographic software?

WASSENAAR Agreement

62

What 3 entities does HIPAA apply to?

Health Insurers, Health Providers and Health care clearing houses (claim processing agencies)

63

This specific law requires financial agencies to better protect customer's PII

GLBA (Gramm-Leach-Bliley)

64

Name the four phases of Business Continuity planning

Project scope and planning
Business impact assessment
continuity planning
Approval and implementation

65

The following activities happen during which phase of the BCP: obtain senior management's support, secure funding and resource allocation and select members of the bcp team

Project scope and planning

66

Name the 5 types of tests that can be performed in BCP.

Checklist test, Structured Walk-Through Test, Simulation Test, Parallel Test, and Full-Interruption Test

67

What phase of the BCP do we indentify and prioritize all business functions based on criticality. During this phase we create quantitative and qualitative values to address the impact on the organization.

Business impact assessment or analysis

68

Recovery Point objective vs Recovery Time Objective

Recovery point refers to data; recover data to a certain point in time. Recovery time refers to recovering hardware or software; how long will it take to rebuild a server.

69

T or F? When a BCP plan is updated original copies are retrieved and destroyed

True

70

IP header protocol field 6

TCP

71

IP header protocol field 1

ICMP

72

IP header protocol field 17

UDP