Domain 2

Question 1

__ is for industries where we are constantly in litigation, no one can say any info was modified or changed because it is not possible with this technology.

Answer 1

WORM (Write Once Read Many)

Question 2

__ is volatile memory.

Answer 2

RAM (Random Access Memory): real/primary memory, volatile memory e.g. data lost when power is lost
DRAM (dynamic, dumb/slow): cheap which means its slow and you have a lot of it; needs to be constantly refreshed
SRAM (static, speed): expensive which means

Question 3

A __ creates/manages info e.g. salary data managed by HR dept, and is ultimately responsible even if the __ (internal/external entity accessing the data e.g. outsourced payroll company) gets breached.

Answer 3

Data controller, data processor

Question 4

Customizing a standard for an organization, beginning with scoping, and then adding compensating controls and parameters (security configuration settings).

Answer 4

Tailoring

Question 5

Data classification process

Answer 5

1. Identify who’s in charge (Identify administrator/custodian)
2. Criteria for classification (Specify criteria for how information will be classified and labelled)
3. Classify the data with approval by the supervisor (Classify the data by its owner who is subject to review by a supervisor)
4. Document exceptions (Specify and document exceptions to the classification policy)
5. Determine controls (Specify controls that will be applied to each classification level)
6. Determine declassification (Specify the termination procedures for declassifying the information or for transferring custody of the information to another entity)
7. Make people aware of the classification process (Create an enterprise awareness program about the classification controls

Question 6

Degaussing and sector-by-sector overwrite are good for __ media.

Answer 6

Magnetic media e.g. HDD
-degaussing (changing magnetic field on device destroys data)
-sector-by-sector overwrite
-physical destruction
EEPROMs e.g. Flash drives/SSDs
-use ATA Secure Erase (all blocks in physical address space completely erased)
-physical destruction

Question 7

Describe FIPS 199 levels of impact for CIA

Answer 7

limited adverse effect=low impact
serious adverse effect=moderate impact
severe or catastrophic=high impact

Question 8

Describe options for securely erasing drives

Answer 8

Magnetic media e.g. HDD
-degaussing (changing magnetic field on device destroys data)
-sector-by-sector overwrite
-physical destruction
EEPROMs e.g. Flash drives/SSDs
-use ATA Secure Erase (all blocks in physical address space completely erased)
-physical destruction (more expensive but more secure)
-NOT effective on EEPROMs: sector-by-sector overwrites can miss data (since writes randomly), degaussing (since not magnetic)

Question 9

Describe the house analogy in terms of who owns and manages the data

Answer 9

Data owner (CEO, board): designs the house, makes the high-level strategic decisions, ultimately responsible
System owner: designs the HVAC/electrical subsystem in the house; plans design/updates, supports system processes; delegated a portion of the design but ultimately the data owner can still overrule
Business owner: focuses on security priorities to support the mission
Custodian (DBA, engineer): builds the house; very tactical, does all activities that need to be performed on behalf of owner, hardening/locking down, changing network
User: lives in the house; running application to perform function, analyzes info

Question 10

How can an EEPROM device be securely erased?

Answer 10

Magnetic media e.g. HDD
-degaussing (changing magnetic field on device destroys data)
-sector-by-sector overwrite
-physical destruction
EEPROMs e.g. Flash drives/SSDs
-use ATA Secure Erase (all blocks in physical address space completely erased)
-physical destruction

Question 11

Process that involves determining applicable portions of a standard that will be followed.

Answer 11

Scoping

Question 12

The __ describes SBU data where the impact for CIA is:
limited adverse effect=low impact
serious adverse effect=moderate impact
severe or catastrophic=high impact

Answer 12

FIPS (Federal Information Processing Standards Publication) 199
SBU (Sensitive but Unclassified)

Question 13

The __ manages/monitors protocols and specifications of the Internet. They specify requirements via RFCs which must be followed by everyone e.g. TCP/IP protocols.

Answer 13

IETF (Internet Engineering Task Force)

Question 14

The __ says that at least 85% of targeted cyber intrusions could be prevented by top 4 mitigation strategies:

• application whitelisting
• patch applications
• patch OS vulnerabilities
• restrict admin priveleges and applications based on duties

Answer 14

ASD (Australian Signals Directorate)

Question 15

Types of primary memory

Answer 15

RAM (Random Access Memory): real/primary memory, volatile memory e.g. data lost when power is lost
DRAM (dynamic, dumb/slow): cheap which means its slow and you have a lot of it; needs to be constantly refreshed
SRAM (static, speed): expensive which means its faster and you have less of it; SRAM is cache
Good to be familiar with “Computer Architecture (Map of Targets) - Drawing 3C” but basically just need to know and be able to draw out “Memory diagram - Drawing 2A”

Question 16

Types of ROM

Answer 16

ROM (Read only memory): non-volatile
PROM (Programmable): modifiable once e.g. firmware
EPROM (Erasable & Programmable): not the norm
EEPROM (Electrically Erasable): flash memory, can be written e.g. USB flash drives, SSDs, BIOS chips so can be upgraded
PLD (Programmable Logic Devices): integrated circuit that can be modified programmatically, general technology for all EPROM

Question 17

Types of secondary memory

Answer 17

Slower memory e.g. magnetic disks (HDD)

Question 18

Types of sequential memory

Answer 18

Sequentially searching from beginning rather than directly accessing location e.g. tape, advantage is they are very cheap

Question 19

What are valid ways to distribute classified data?

Answer 19

Valid Freedom of Information Act request, Non-Disclosure Agreements, Government contracts, court ordering you to distribute the data
NOT a valid way: age of data (that’s just not possible; this is declassifying data, not distributing)

Question 20

What does ISO stand for?
What does ISO 27001 and 27002 focus on.
Which one replaced ISO 17799?

Answer 20

International Organization for Standardization
ISO 27001: focuses on auditing (verifying that you’re doing what you say you’re doing)
ISO 27002: focuses on best practices, formalized process of setting up ISMS (InfoSec Mgmt System)
27002 is replacement for ISO 17799

Question 21

Which role is responsible for computer hardware and software design plans and updates and also ensures that proper training is in place?

Answer 21

System owners

Question 22

Which role sets the information security priorities to support the mission of the organization?

Answer 22

Business owner

Question 23

Which term describes writing data to an EEPROM?

Answer 23

Flashing

Question 24

The __ documents computer security best practices. Their 800 series publications cover which general areas of security?

Answer 24

United States NIST (National Insitute of Standards & Technology). NIST Special Publications (800 series) include NIST 800-37 Risk Mgmt, NIST 800-53A Recommended Security Controls, NIST 800-34 Contingency Planning, NIST 800-115 Security Testing & Assessment

Question 25

Federal Information Processing (FIPS) Standards Publication 199 describes what type of data?

Answer 25

SBU (Sensitive but Unclassified)