CISSP

Question 1

ISO 27001

Answer 1

ISMS Requirements

Question 2

ISO 27002

Answer 2

Code of practice for ISM

Question 3

ISO 27003

Answer 3

ISMS-Implementation

Question 4

ISO 27004

Answer 4

ISM Measurement and Metrics

Question 5

ISO 27005

Answer 5

IS Risk Management

Question 6

ISO 27006

Answer 6

Audit and Certification of ISMS

Question 7

ISO 42010

Answer 7

System und Softwarearchitektur

Question 8

NIST 800-37

Answer 8

Risk-Framework

Question 9

IPSec

Answer 9

AH, ESP, IKE (Oakley, ISAKMP)

Question 10

Asymmetrische Verfahren

Answer 10

RSA, DSA
ECC, EL-Gamal
DH und Knapsack

Question 11

Stream-Cipher

Answer 11

RC4

Question 12

Number of Keys Symmetric

Answer 12

n(n-1)

/2

Question 13

Number of Keys Asymmetric

Answer 13

2n

Question 14

Key-Length DES

Answer 14

56 Bit

Question 15

DES: ECB-Mode

Answer 15

Electronic Code Book -> 64 Bit Blocks

Blockweise, Muster erkennbar

Question 16

DES: CBC-Mode

Answer 16

Cipher Block Chaining -> 64 Bit Blocks

IV beim ersten Schritt, danach Cypher-Text als XOR

Question 17

DES: CFB-Mode

Answer 17

Cipher Feedback

Stream-Version von CBC, vorherige Fehler werden weitergetragen, Key-Generierung mit Ciphertext

Question 18

DES: OFB-Mode

Answer 18

Output Feedback

Stream-Version von CBC, Fehler werden nicht weitergetragen, Key-Generierung mit Plaintext

Question 19

DES: CTR-Mode

Answer 19

Counter

Wie OFB, bessere Performance

Question 20

Metasploit

Answer 20

Pentesting-Software

Question 21

Nessus

Answer 21

Vulnerability-Scanner

Question 22

NMAP

Answer 22

Netzwerk-Mapper

Question 23

Rainbow-Table

Answer 23

Hashed-Passwords

Question 24

SMURF

Answer 24

ICMP-Echo Request with spoofed Address are sent to the Broadcast-Address of the target Network -> All devices are Pinged

Question 25

Bluesnarfing

Answer 25

Taking data from the device

Question 26

Bluejacking

Answer 26

Sending unsolicited messages

Question 27

Fraggle

Answer 27

UDP-Echo Request with spoofed Address are sent to the Broadcast-Address of the target Network -> All devices are Pinged

Question 28

ICMP-Flood

Answer 28

Flooding the target-network with ICMP-Packets

Question 29

Man-in-the-Middle

Answer 29

Intercepting traffic for taking over the session or reading data

Question 30

Meet-in-the-Middle

Answer 30

Encryption-Attack from Both sides: Encrypting a message and decrypting a Ciphertext

Question 31

DNS-Poisoning

Answer 31

Changing entries in the DNS-Table for re-routing to malicious websites

Question 32

Session-Hijacking (Session token interception)

Answer 32

Übernahme eines Session-Tokens (nur bei unverschlüsselter Übertragung)

Question 33

SYN-Flood

Answer 33

Öffnen von TCP-Verbindungen (SYN)

Question 34

Teardrop

Answer 34

Sending of Malformed Packets

Question 35

UDP-Flood

Answer 35

Flooding the target-network with UDP-Packets

Question 36

Replay

Answer 36

Encrypted Message is intercepted and then sent again in order to open initiate new session.

Question 37

Birthday

Answer 37

Seeking to generate the same hash for a different message

Question 38

Chosen Plaintext

Answer 38

Plaintext of Attackers choice can be encrypted for analysis

Question 39

Chosen Ciphertext

Answer 39

Chosen portions of a ciphertext can be decrypted for analysis

Question 40

Known Plaintext

Answer 40

Encrypted text and Plaintext are available

Question 41

Ciphertext Only

Answer 41

Only Ciphertext is available

Question 42

Defense Replay

Answer 42

Timestamps and Sequence numbers

Question 43

Defense Smurf

Answer 43

Dropping ICMP-Packets

Question 44

Defense Fraggle

Answer 44

Block distributed Broadcast

Question 45

Defense SYN-Flood

Answer 45

Stateful Inspection Firewall

Question 46

Defense Buffer Overflow

Answer 46

Input Validation

Question 47

Real Evidence

Answer 47

Tangible or physical Objects

Question 48

Circumstancial Evidence

Answer 48

Circumstances

Question 49

Direct Evidence

Answer 49

Testimony of Witness

Question 50

Corroborative Evidence

Answer 50

Support for a fact

Question 51

Hearsay Evidence

Answer 51

Second Hand Evidence

Question 52

Secondary Evidence

Answer 52

Copies of Originals

Question 53

Trademark

Answer 53

Name, Logo, Symbol or Image

Question 54

Copyright

Answer 54

Protects the form of expression in artistic, musical, or literary works

Question 55

Trade Secret

Answer 55

Business-Proprietary Information, that is important for the business to compete

Question 56

Patent

Answer 56

Right to use, make or sell a product or method

Question 57

SOX

Answer 57

Sarbanes-Oxley - Financial information of publicly traded Organizations

Question 58

GLBA

Answer 58

Gramm-Leach-Bliley Act - PII-Protection

Question 59

FISMA

Answer 59

Requirement to implement a IS-Program for Federal Agencies

Question 60

Bell-La-Padula

Answer 60

Confidentiality Simple security: no read up *-Property: no write down Strong * Property: if read+write are granted, then only at the same level -> Subjects and Objects classification must be equal

Question 61

Clark-Wilson

Answer 61

Enforces well-formed transactions through the access triple: User->Transformation procedure->Data Item

Question 62

Biba

Answer 62

Integrity Simple integrity: no read down * Integrity: no write up Invocation property: Niedriger kann höher nicht callen

Question 63

Brewer-Nash

Answer 63

Chinese Wall model

Question 64

TCSEC

Answer 64

Orange Book

Question 65

XSS

Answer 65

Cross-Site-Scripting -> Scripts in Input-Forms - non-persistent (bounce) - persistent - DOM

Question 66

COBIT

Answer 66

IS best practices for Organizations (von ISACA)

Question 67

Data Remanence

Answer 67

Residual Data on magnetic discs

Question 68

Degaussing

Answer 68

Deleting Data on magnetic discs with a magnetic field

Question 69

Erasing

Answer 69

Deleting the catalogue link (FAT-Table)

Question 70

Clearing

Answer 70

Overwriting

Question 71

Purging

Answer 71

Overwriting + another method (degaussing, etc.)

Question 72

Sanitization

Answer 72

Purge data completely without destroying the media

Question 73

Security-Mode: Dedicated

Answer 73

All users must have clearance, access permissions and need to know for everything on the system

Question 74

Security-Mode: System high

Answer 74

All users must have clearance, access permissions and need to know for some things on the system

Question 75

Security-Mode:Compartmented

Answer 75

All users must have clearance

Question 76

Multilevel

Answer 76

Nothing

Question 77

Multitasking

Answer 77

Alternating tasks (subprograms) on a single processor

Question 78

Multiprogramming

Answer 78

Alternating programs on a single processor

Question 79

Multiprocessing

Answer 79

Excecutes multiple programs on several processors

Question 80

Multithreading

Answer 80

Executing multiple concurrent tasks within one process