CISSP Flashcards
(140 cards)
1
Q
fuzz test
A
black box
2
Q
4GL
A
ColdFusion, Progress 4GL, SQL, PHP and Perl
3
Q
Pentest
A
Plan, Reconnaissance, Scan(enumeration), Vulnerability assess, Exploit, Report
4
Q
Real pentest attack
A
Plan, Reconnaissance, Scan(enumeration), Vul assess, Exploit, delete log/evidence, install backdoors
5
Q
IPv6 Mac
A
EUI/MAC-64
6
Q
if EUI/MAC-48 card used
A
add fffe
7
Q
Relational Model: Rows
A
records or tuples
8
Q
Relational Model: Rows represent
A
instances of the type of entity
9
Q
Relational Model: Columns represent
A
values attributed to the instance
10
Q
monolithic kernel
A
supervisor mode
11
Q
brute force
A
key stretching (add time to password verification)
12
Q
IAAA: authentication
A
password
13
Q
IAAAA: identification
A
user name
14
Q
Computer-aided software engineering (CASE)
A
Tools, workbenches, environments
15
Q
ANN not true
A
use rule based program and a lot of IF/THEN statements
16
Q
Transitive trust
A
A trust that can extend beyond two domains to other trusted domains in the forest.
17
Q
Security Audit Logs (Audit trail) problems
A
- Logs are not reviewed on a regular and timely basis
- Audit logs and audit trails are not stored for a long enough time period
- Logs are not standardized or viewable by correlation toolsets - they are only viewable from the system being audited.
- Log entries and alerts are not prioritized
- Audit records are only reviewed for the bad stuff
18
Q
FRAP (Facilitated Risk Analysis Process)
A
analyses one business unit, application, or system at a time in a roundtable brainstorm with internal employees. Impact analyzed, Threats, and Risks Prioritized.
19
Q
Salt (salting):
A
Random data is used as an additional input to a one-way function that hashes a password or passphrase. The primary function of salts is to defend against dictionary attacks or a pre-compiled rainbow table attack.
20
Q
SDLC project management software development methodologies models
A
Waterfall, Agile, Sashimi(waterfall with feedback), V-Shaped, Iterative, Spiral, Big Bang
21
Q
SDLC
A
Software Development Life Cycle
22
Q
PERT
A
Program Evaluation Review Technique
23
Q
4th amendment
A
not protect anything search warranted
24
Q
multifactor authentication online
A
username, password, and cookie
25
Alert
Triggers warnings if a certain event happens
26
event
something changed, neither negative or positive
27
NIDS
network-based (intrusion detection)
28
BCP: COOP
Continuity of Operations Plan
29
BCP: CCP
Crisis Communications Plan
30
BCP: CIPP
Critical Infrastructure Protection Plan
31
BCP: CIRP
Cyber Incident Response Plan
32
BCP: ISCP
Information System Contingency Plan
33
BCP: OEP
Occupant Emergency Plan
34
BCP: DRP
Disaster Recovery Plan
35
MTTF
Mean Time to Failure
36
MTTR
Mean Time to Repair
37
MTBF
Mean Time Between Failures
38
DHCP flow
Discovery > Offer > Request > Acknowledge
39
divestiture
the organization is being split up
40
SIGABA
3x5 15 rotors
41
Evidence in court
accurate, complete, authentic, convincing, admissible.
42
HIPAA
Privacy, Security, and Breach Notification rule
43
OCTAVE
self-directed risk management
44
COBIT
define risk at the business level
45
COSO
define risk at the operation level
46
FRAP
focused on internal risk analysis
47
IDS: True negative
The user surfs the Web to an allowed site and is silent
48
IDS: False positive
The user surfs the Web to an allowed site and alerts
49
IDS: False negative
the worm is spreading on a network and is silent
50
IDS: True positive
the worm is spreading on a trusted network, and alerts
51
The Jefferson Disk (Bazeries Cylinder)
using a set of wheels or disks, each with the 26 letters, 36 disks total
52
Compiled Languages
Translates the higher-level language into machine code and saves, often as executables. Compiled once and run multiple times.
53
Source code
computer programming language instructions
54
Assembly language
low-level language
55
Compilers
take source code, and compile it into machine code
56
Interpreted languages
(ie. shell) compiled on the fly then run program.
57
Procedural languages
use subroutines, procedures, and functions.
58
Object-oriented languages
use of objects which combine methods and data
59
IPv6 link-local prefix
fe80:
60
Twofish
Feistel. Symmetric, cipher 128-bit blocks, key length 128, 192, 256-bits. Considered secure.
61
Network forensics
Catch-it-as-you-can and Stop, look and listen
62
Network forensics: Catch-it-as-you-can
All packets passing through a certain traffic point are captured and written to storage with analysis being done subsequently in batch mode. This approach requires large amounts of storage
63
Network forensics: Stop, look and listen
Each packet is analyzed in a basic way in memory and only certain information is saved for future analysis. This approach requires a faster processor to keep up with incoming traffic
64
ISC2 code of ethics protect
common good, infrastructure and society
65
Permutation (transposition)
provides confusion by rearranging the characters of the plaintext.
66
Database shadowing
exact real-time copy o
| f the database or files to another location.
67
Kerberos Authentication
user ID
68
DML
Data Manipulation Language (SELECT, INSERT, DELETE, UPDATE)
69
DDL
CREATE, DROP, ALTER, COMMENT.
70
Sashimi model
Waterfall with overlapping phases
71
ISO27799
Directives on how to protect PHI (Personal Health Information).
72
System Certification
certified to meet the security requirements of the data owner
73
Black box software testing
has no details, just the software
74
SQL data integrity
Entity, Referential, and Semantic integrity
75
Referential integrity
When every foreign key in a secondary table matches a primary key in the parent table
76
Semantic integrity
Each attribute value is consistent with the attribute data type
77
Entity integrity
Each tuple (row) has a unique primary value that is not null.
78
Annualized Loss Expectancy (ALE)
This is what it cost per year if we do nothing.
79
Sarbanes-Oxley Act (SOX)
Regulatory compliance mandated standards for financial reporting of publicly traded companies
80
Full backup
backs everything up and clears all archive bits
81
exposure factor (EF)
how many percentages of asset that is lost
82
RFID (Radio Frequency Identification)
ie. smart cards
83
Viruses
```
Macro (document) viruses
Boot Sector viruses
Stealth Viruses
Polymorphic Viruses
Multipart (Multipartite) Viruses
```
84
Dry Powder Extinguishers
sodium chloride, graphite, ternary eutectic chloride use in metal fire
85
metal fires
sodium, magnesium, graphite
86
Kerberos KDC (Key Distribution Center)
consists of AS (Authentication Server) and the TGS (Ticket Granting Server).
87
Installation testing
Assures that the system is installed correctly and working at actual customer's hardware.
88
Structured audits (3rd party)
External auditors
89
Security Assessments
Policies, procedures, and other administrative controls
ie. Change management. Architectural review. Penetration tests. Vulnerability assessments. Security audits
90
Database schema
Describes the attributes and values of the database tables
91
Annual Rate of Occurrence (ARO)
How often will this happen each year?
92
Total Risk
Threat * Vulnerability * Asset Value
93
Brute Force attacks
uses the entire keyspace (every possible key)
| Effective against all key-based ciphers
94
Brute Force attacks against one-time pads
eventually, decrypt it, but it would also generate so many false positives the data would be useless.
95
Disk striping
at least 2 disks
96
Disk striping parity
at least 3 disks
97
Disk mirroring
at least 2 disks
98
dynamic software testing
Actively testing the code while executing it.
99
static software testing
passively test the code, but not run it
100
Disaster Recovery Plan (DRP)
Preparation, Response, Mitigation, Recovery
101
Mitigation
Reduce the impact and likeliness of a disaster.
102
Civil Law (Tort Law)
Individuals, groups, or organizations are the victims, and proof must be ”the Majority of Proof”. Financial fines to “Compensate the Victim(s)”.
103
Digital forensics
accurate, complete, authentic, convincing, admissible
104
Digital forensics tool
write blocker
105
Chain of custody
Who had it when?
What was done?
When did they do it?
106
Digital forensics procedure
Pull the original, put it in a write-protected machine, we make a hash. We only do examinations and analysis on bit-level copies. We confirm they have the same hash as the original before and after an examination.
107
Cybersquatting
Buying an URL you know someone else will need (To sell at a huge profit – not illegal).
108
Bell-LaPadula
```
Confidentiality
Mandatory Access Control
Simple Security Property “No Read UP”
* Security Property: “No Write DOWN”
Strong * Property: “No Read or Write UP and DOWN
```
109
RAID levels
```
RAID 0 – striping.
RAID 1 – mirroring.
RAID 5 – striping with parity.
RAID 6 – striping with double parity.
RAID 10 – combining mirroring and striping
```
110
Due Care
Prudent person rule does what is right in the situation and your job. act on knowledge.
111
digital forensics steps
identify, acquire, analyze, report
112
SOC 2 Type 2 report
management’s description of a service organization’s system and the suitability of the design and operating effectiveness of controls.
113
Salvage team (failback)
Responsible for returning our full infrastructure, staff, and operations to our primary site or a new facility if the old site was destroyed. We get the least critical systems up first, we want to ensure the new sites is ready and stable before moving the critical systems back.
114
US Health Insurance Portability and Accountability Act (HIPAA)
1 Names.
2 All geographical identifiers and smaller than a state.
3 Dates (other than year).
4 Phone numbers.
5 Fax numbers.
6 Email addresses.
7 Social Security numbers.
8 Medical record numbers.
9 Health insurance beneficiary numbers.
10 Account numbers.
11 Certificate/license numbers.
12 Vehicle identifiers and serial numbers, including license plate numbers.
13 Device identifiers and serial numbers.
14 Web Uniform Resource Locators (URLs).
15 Internet Protocol (IP) address numbers.
16 Biometric identifiers, including finger, retinal, and voiceprints.
17 Full face photographic images and any comparable images.
18 Any other unique identifying number, characteristic, or code except the unique code assigned by the investigator to code the data.
115
fire suppression: CO2
Should only be used in unmanned areas
116
Smurf attack
distributed denial-of-service attack in which large numbers of Internet Control Message Protocol (ICMP) packets with the intended victim's spoofed source IP are broadcast to a computer network using an IP broadcast address. ICMP is a layer 3 protocol.
117
Content-based access control
Access is provided based on the attributes or content of an object, then it is known as content-dependent access control. Hiding or showing menus in an application, views in databases, and access to confidential information
118
MOU/MOA (Memorandum of Understanding/Agreement)
Staff signs a legal document acknowledging they are responsible for a certain activity. If the test asks, "A critical staff member didn't show, and they were supposed to be there. What could have fixed that problem?" it would be the MOU/MOA. While slightly different, they are used interchangeably on the test.
119
Recovery
Controls that help us Recover after an attack – DR Environment, Backups, HA Environments.
120
Halon
depletes the ozone layer
121
Enticement (Legal and ethical)
Making committing a crime more enticing, but the person has already broken the law or at least has decided to do so.
122
Redundant site
A complete identical site to our production receives a real-time copy of our data. Power, HVAC, Raised floors, generators
123
Half-duplex
communication sends or receives at one time only (Only one system can transmit at a time).
124
Security audit
A test against a published standard. The purpose is to validate/verify that an organization meets the requirements as stated in the published standard.
125
retention policy
deal with what, how long, where, and similar topics.
126
SSD drives
overwrite only
127
software acceptance testing
software functional for the users who will be using it, it is tested by the users and application managers.
128
Symmetric key
n(n-1)/2
129
Asymmetric key
n*2
130
single, well-controlled, and well defined data-integrity system
increases: Stability, Performance, Re-usability, Maintainability
131
SESAME (Secure European System for Applications in a Multi-vendor Environment)
Uses a PAS (Privilege Attribute Server), which issues PACs (Privilege Attribute Certificates)
132
Kerberos
uses PKI encryption (asymmetric), ticket-granting, has plaintext storage of symmetric keys issue
133
availability
IPS/IDS. Patch Management. Redundancy on Hardware Power (Multiple Power Supplies/UPS’/Generators), Disks (RAID), Traffic paths (Network Design), HVAC, Staff, HA (high availability), and much more. SLA’s – How high uptime to we want (99.9%?) – (ROI).
134
Procedural programming
Top-Down Starts with the big picture, then breaks it down into smaller segments. Procedural programming leans toward Top-Down, you start with one function and add to it.
135
software unit testing
Tests that verify the functionality of a specific section of code
136
Remote journaling
Sends transaction log files to a remote location, not the files themselves. The transactions can be rebuilt from the logs if we lose the original files.
137
governance of our organization: Standards
Mandatory. Describes a specific use of technology (All laptops are W10, 64-bit, 8GB memory, etc.)
138
EUI/MAC-64 Mac
64 bits The first 24 are the manufacturer identifier. The last 40 are unique and identifies the host.
139
CSMA/CA (Carrier Sense Multiple Access Collision Avoidance)
wireless
140
use a fire extinguisher
RACE - Pull, Aim, Squeeze, Sweep
