Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

PCS CISSP MM, EC, Thor series > Domain 3B - Security Architecture and Engineering > Flashcards

Domain 3B - Security Architecture and Engineering Flashcards

1
Q

number one overarching primary goal of physical security is?

A

safety of people, people are the most valuable asset of an organization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

what are the 5 pieces to physical security

A
  1. deter
  2. delay
  3. detect
  4. assess
  5. respond
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

deter control explain

A
  1. discourage things like trespassing, property damage, theft and intrusion with signage and other environmental design of a building and the land around it
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

delay control explain

A
  1. delay an attacker from gaining unauthorized access
    example: locks delay and attacker from gaining unauthorized access
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

detective control explain

A
  1. detect if a risk has occurred
    example: CCTV
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

assess controls

A
  1. used to determine the method of attack and the target
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

respond controls

A
  1. take appropriate action to remediate the risk
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

what is the best way to secure a perimeter

A
  1. minimize the number of entrances and exits
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

landscape - what role does this play in physical security

A
  1. part of perimeter control
  2. foliage should be maintained to provide clear sight lines for cameras and that would-be attacker cant just climb up a tree and into the building
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

physical security grading (perimeter) explain

A
  1. part of perimeter control
  2. the ground should slope down and away from the building so if there was a flood you are not part of the flood
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

passive infrared devices - what must happen if ambient air temp changes

A
  1. they must automatically recalibrate themselves
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

lighting does what

A
  1. helps deter crime
  2. important to safety of people
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

2 major types of card reader systems

A
  1. contact
  2. contactless
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

contact card reader

A
  1. employee must swipe their card through the reader for older magnetic readers
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

contactless card reader

A
  1. employee only need to hold their card near the rfid (radio frequency identification system) reader
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

social engineering attack on doors is called what

A
  1. tailgating
  2. piggybacking
    - - an intruder follows and authorized person through the door after they have unlocked it
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

what are preventions for tailgating and piggybacking

A
  1. mantraps
  2. turnstiles
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

explain mantrap

A
  1. it involves 2 doors
  2. you must unlock the fist door, and walk into a small space, close the door behind you, then can you unlock the second door
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

should locks ever be used as a single line of defense

A

no, locks are delay only and should only be part of a layered defense

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

sensors to help monitor if a window has been broken

A
  1. shock - detects a small shock wave when a window breaks
  2. glass break sensors - essentially microphones listening for specific frequencies of sound when glass breaks
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

what is skimming

A

an attacker uses an electronic device to steal card information from valid transaction.
example: install an small electronic device attacked to an ATM machine to record debit card numbers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

what are two devices used to provide a consistent supply of clean power

A
  1. UPS
  2. Generator
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

what is a black out

A

no power for a long period of time

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

what is a brownout

A

prolonged low voltage

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
what is a power fault
short loss of power
26
what is a power surge
prolonged high voltage
27
what is a power spike
temporary high voltage
28
what is a sag and a dip
temporary low voltage
29
4 goals of cryptography and its mnemonic
P.A.I.N 1. Privacy (confidentiality) 2. authenticity 3. integrity 4. non-repudiation
30
class A fire -- 1. what is it 2. what puts it out
1. common fire (ash) 2. water, soda, acid
31
class B fire -- 1. what is it 2. what puts it out
1. Liquid (boil) 2. Gas (halon, C02 etc.) and soda acid
32
class C fire -- 1. what is it 2. what puts it out
1. electrical (conductive) 2. any gas (C02, Halon etc.)
33
class D fire -- 1. what is it 2. what puts it out
1. metal 2. dry powder
34
humidity in data centers 1. if its too dry what do you get 2. if its too humid what do you get
1. static electricity 2. condensation
35
explain positive pressurization when it comes to HVAC units in data centers
nice clean filtered air is blown into the data center slightly above ambient temperature, positively pressurizing the data center
36
why do you want positive pressurization
if there are any cracks in the data center. the clean air is blowing out rather than dirty (outside) air blowing into the data center
37
why do you want positive pressurization
if there are any cracks in the data center or someone opens an door, the clean air (HVAC) is blowing out rather than dirty (outside) air blowing into the data center
38
whenever we implement controls we want what combination if possible
1. preventive 2. detective 3. corrective
39
fire detection - 3 main types are
1. flame detectors 2. smoke detectors 3. heat detectors
40
flame detectors do what
detect the infrared and ultraviolet light created by flames - essentially video cameras
41
smoke detection why use them and what are the two main types and when to use each type
1. one of the best ways to detect fire as early as possible 2. ionization - respond more quickly to flaming or fast fires 3. photoelectric - (called optical detectors) respond quickly to smoldering fires
42
define heat sensors
1. thermal sensors 2. temp sensors, monitoring for rapid rise in temperature
43
1. what is the earliest fire detection
smoke detection (smoke before fire)
44
1. what is the most concerning fire 2. what detection system do we use for it
1. flaming or fast fires 2. ionization detection
45
two major types of fires suppressions systems
1. water based - office spaces , motels etc. 2. gas based - cost justified in data centers
46
4 types of water based suppression systems
1. wet 2. dry 3. pre-action 4. deluge
47
wet pipe system attributes
1. cheapest 2. pressurized water at all time 3. cant be used where it can freeze 4. eventually will have leaks
48
dry pipe system attributes
1. look identical to wet pipe systems 2. pressurized with gas so they can be used where it can freeze 3. water is only realized when triggered 4. closed sprinkler head
49
deluge attributes
1. similar to dry pipe 2. sprinkler heads are open 3. larger sprinkler heads 4. pipes are not pressurized 5. water held back by deluge valve
50
4 types of gas-based fire suppression systems
1. Inergen 2. Argonite 3. FM-200 4. Aero-K - supposedly safe for servers and people
51
why is halon no longer used at a gas-based fires suppression
1. ozone depleting 2. turns to toxic gas at 900F 3. like many gas-based fires suppression, it removes oxygen = bad for human life
52
why is C02 fire suppression preferred in data centers
1. non-corrosive 2. it does not leave residue 3. will not damage equipment 4. doesn't conduct electricity 5 if you do not use too much, its not harmful to humans
53
social engineering - cryptographic attacks is what
going after the weakest link - people
54
birthday attacks - cryptographic attacks
finding collisions in hashing
55
rainbow tables - cryptographic attacks how do you defeat rainbow tables
1. a giant database of most common passwords and their associated hash values 2. salting the password before hashing
56
dictionary attack - cryptographic attacks
1. a form of brute force 2. dictionary attack try the most likely combinations first 3. can be more efficient and faster than brute force
57
radiation emissions - cryptographic attacks
a side channel attack - the electromagnetic waves that are emanated are closely monitored
58
timing attack - cryptographic attacks
1. measure how long certain operations take
59
power attack - cryptographic attacks
1. measure how much power is consumed during certain calculations
60
side channel attack explain - cryptographic attacks
1. any attack where sensitive information is gathered by carefully monitoring a system that is performing some cryptographic tasks
61
implementation attack - cryptographic attacks
1. target weaknesses in how an algorithm, cryptosystem, protocol or application has been implemented. example: WEP (wired equivalency protocol) does a terrible job of implementing rc4 encryption algorithm. IV (initialization vectors) too short, a portion is static among other issues
62
temporary files attack - cryptographic attacks
1. temporary files my not be sufficiently secured. 2. in a temporary file attack the attacker gains access to the sensitive plaintext or encryption keys by accessing encrypted and decrypted temp files
63
replay attack attributes - cryptographic attacks
1. a form to man-in-the-middle 2. attacker eavesdrops and intercepts data being sent 3. they not necessary can decipher the data. they replay it, resend it later on in an attempt to use that information to their advantage example: intercepting a users hashed password being sent to a server to authenticate the user. the attacker could resend that hash of a users password later on to gain unauthorized access
64
man-in-the-middle - cryptographic attacks
1. attacker places themselves in the middle of a conversation, allowing them to eavesdrop on the communication 2. possibly alter communications or decipher them
65
factoring (cryptanalytic) -what algorithm would this be used against?
RSA
66
chosen ciphertext - (cryptanalytic)
1. the attacker has access to the machine or algorithm that is performing the encryption and decryption 2. the attacker is choosing what ciphertext to feed into the algorithm then looking at the resultant plaintext to try and deduce the key
67
chosen plaintext - (cryptanalytic)
1. the attacker has access to the machine or algorithm that is performing the encryption and decryption 2. the attacker is choosing what plaintext to feed into the algorithm then looking at the resultant ciphertext to try and deduce the key
68
known plaintext attack - (cryptanalytic)
1. attacker has access to both ciphertext and plaintext 2. bad - they can now use this information to deduce the key to decrypt all messages or forge new message
69
ciphertext only attack - (cryptanalytic)
1. the cryptanalysis only has the ciphertext to deduce the key 2. very difficult
70
brute force attack attributes - (cryptanalytic)
1. brute force will not be possible on algorithms that use 128 bit or more, especially 256 bit 2. key space doubles every time the key length is increased by 1 bit 3. this becomes and insurmountable problem
71
the primary goal of cryptanalytic attack is
1. deduce the key 2. find the crypto variable (the key) that can be used to decrypt the ciphertext
72
2 major types of cryptanalysis
1. cryptanalytic attacks 2. cryptographic attacks
73
cryptanalysis definition
the process of decoding secrets and gaining access to encrypted messages and even forging new messages
74
what does zero trust security use as the control plane
the user identity as the new perimeter
75
secure design principles take from NIST 800-160 1. secure defaults 2. fail securely
1. default configurations reflect a restrictive and conservative enforcement of security policy. 2. components should fail in a state the denies rather than grants access
76
what has trust but verify pretty much been replaced by
zero trust model
77
explain trust but verify
1. an older secure design principle that is being replaced by zero trust 2. this depended on an initial authentication to gain access to an internal "secured" environment the relied on generic access control methods 3. the "secure perimeter" was on the edge thought process
78
privacy by design principles
1. Proactive not reactive, preventive not remedial 2. Privacy as the default setting 3 Privacy embedded into Design 4. full functionality - positive-sum, not zero-sum 5. End-to-End Security --- Full Lifecycle Protection 6. visibility and Transparency- Keep it Open 7. Respect for User Privacy - Keep it User-Centric
79
privacy by design - what does proactive not reactive, preventive not remedial mean
systems should be designed to prevent privacy risks from occurring in the first place, not just to respond to privacy lapses to that occur
80
privacy by design - what does Privacy as the default setting mean
1. systems should protect the privacy of individuals even if those individuals don't action to raise the level of privacy. 2. the default approach should be to protect privacy unless the user specifically does an action to reduce the level privacy
81
privacy by design - what does Privacy embedded into Design mean
1. privacy should be a primary design consideration, not a bolted on afterthought 2. privacy is a core requirement of the system
82
privacy by design - what does full functionality - positive-sum, not zero-sum mean
1. privacy should not be treated as requiring trade offs to accomplish 2. privacy by design seeks win-win situations, where privacy objectives are achieved alongside other objectives
83
privacy by design - what does End-to-End Security --- Full Lifecycle Protection mean
1. security practices should persist throughout the entire information lifecycle 2. information should be securely collected, retained and disposed of to preserve individual privacy
84
privacy by design - what does visibility and Transparency- Keep it Open mean
1. the component parts of systems preserving privacy by design should be open for inspection by users and providers
85
privacy by design - what does Respect for User Privacy - Keep it User-Centric mean
1. Privacy is about protecting personal information and personal information belongs to individual people empowering data subjects with user-friendly privacy practices
86
best-in-suite over best-in-bread solutions. how does this simplify security in-depth
1. security suites will incorporate layers of intelligence that wok better together to secure your environment 2. this simplicity also helps to avoid configuration mistakes 3. your layers will be integrated better 4. your overall solution is generally going to be smarter 5. it does not mean you will only have one security vender, it means you will likely have fewer security vendors - your foundation might be MS, google, cisco, amazon - its not the vendor, its the concept 6. this will allow the org to move forward incrementally rather than expecting perfection - --- when you try to find the best vendor at every layer, you spend a lot of time shopping, testing and vetting how well the different vendors work together adds work, time and complexity
87
what is IPSEC
* Internet protocol security * its a secure network protocol suite that authenticates and encrypts packets of data to provide secure communication between two computers over an insecure media (like the internet). * highly used in VPNs
88
where is asymmetric encryption widely used
* Transport Layer Security (TLS) * Secure socket Layer (SSL) * Hypertext Transfer Protocol Secure (HTTPS)
89
what are components of public key encryption
* plaintext * cyphertext * encryption algorithm * decryption algorithm * private key * public key
90
what are two ways to create a key pair for PKI
* using a CA (certificate authority) * self sign (certificate not signed by a CA)
91
what is the disadvantage of self signing your cert
* its not a trusted certificate * the other end of the conversation will need to manually trust that cert
92
list some components of PKI
* certificate requestor * certificate signing CA * root CA * certificate revocation list (CRL)
93
what is a collision in hashing
• when the hashing tool gets the same output from two or more different inputs
94
what is done with the root CA to keep it from being compromised
• root CA is kept offline
95
what does PKI stand for
• public key infrastructure
96
what two ways to find that status of a certificate (find if its good or bad)
* certificate revocation list - all CAs right to this list at certain intervals for updates - verify what certs are still good and what certs need to be cut out of their chain of trust * OCSP (online certificate stat protocol) - faster but only shows the status not give details of the ticket as well as why it was revoked.
97
what does IETF stand for what what is it
* internet engineering task for * the body that defines standard operating internet protocols such as tcp/ip
98
who supervises the IETF (internet engineering task force)
• IAB (Internet Architecture Board)
99
what IETF protocol is the standard for PKI digital certs
• X.509
100
what is RIR with IPs and what does it do
* regional internet registry * manages the allocation and registration of internet number resources within the regions of the world * internet number resources include IP address
101
what are the 5 regions of RIP
* AFRINIC (African network information center) -Africa * ARIN (American Registry of internet numbers) - Antarctcia, canada, caribbean and unites stats * APNIC (Asia-Pacific network information center - east asia, oceania, south asia, and southeast asia * LACNIC (Latin America and Caribbean network information center) - most of caribbean and all of latin america * RIPE NCC (Roseaux IP Europeen Network Coordination Centre) -- Europe, central Asia, Russia and west Asia
102
what to know about a HASH
* one way function (not reversible) * typically fixed length * also called message digest * provides encryption using an algorithm with no key
103
what happens during a TLS handshake
A. `Specify which version of TLS B. Decide on which cipher suites they will use C. Authenticate the identity of the server via the server’s public key and the SSL certificate authority’s digital signature D. Generate session keys in order to use symmetric encryption after the handshake is complete
104
explain all you see in this cipher suite TLS\_ECDHE\_RSA\_with\_AES\_128\_GCM\_SHA256
TLS\_ECDHE\_RSA\_with\_AES\_128\_GCM\_SHA256 ECDHE - elliptic curve diffie-hellman ephemeral -- key exchange RSA -- (Rivest–Shamir–Adleman) public key authentication mechanism - verify server is who they say they are by checking public key certificate to verify digital signature AES -- encryption cipher 128 -- key size GCM -- mode of operations SHA256 -- hash
105
worm media is what
anything that is (write once, read many) Rdvd, Rcd, some tape drives, there is some media that has write protection applied ensures the highest level of integrity and data security
106
IDEA encryption
A: International Data Encryption Algorithm B: was intended as a replacement for DES C: 64 bit cipher D: 128 bit key E. was patented so it was not commonly used because of added cost
107
we are using a cloud computing and have chosen to use IaaS. who is responsible for the database A: the security team B: the vendor C: the customer D: the network team
the answer is C:
108
explain IaaS
A: infrastructure as a service B: vendor provides infrastructure up the OS C: customer adds the OS and up
109
MAC when talking about hashing means what
Message Authentication Code
110
what handles all access between objects and subjects in the computer kernel
reference monitor
111
what would we use Distributed control systems (DSC)j for?
computerized control system for a process or plant
112
what can we use digital signatures to provide
A: none repudiation B: integrity
113
NSA wanted to embed the clipper chip on all motherboards. which encryption algorithm did the chip use? A: skipjack B: 3DES C: DSA D: RSA
the answer is A:
114
The clipper chip was created by the NSA for what
A: promoted as an encryption device that secured voice and data messages B: it had a built-in backdoor C: used skipjack - a block cipher
115
which of these symmetric encryption types are no longer considered secured and should not be considered to use A: twofish B: AES C: RC4 D: 3DES K1
the answer is C:
116
what is nonce
an arbitrary number used only once in a cryptographic communication. It is often a random or pseudo-random number issued in an authentication protocol to ensure that old communications cannot be reused in replay attacks
117
name some asymmetric key algorithms
RSA, Diffie-Hellman, El Gamal, Merkle-Hellman (trapdoor) Knapsack, Elliptic Curve
118
name some symmetric key algorithms
Data encryption standard (DES), Triple DES, Advanced Encryption Standard (AES), International Data Encryption Algorithm (IDEA), Rivest Cipher 5, (RC5)
119
how do you create a message digest
by using a way-way hashing function
120
is sha-1 a valid hashing function
Sha-1 is considered obsolete and should be replaced with sha-3
121
3 digest algorithms
MD5, sha-w,sha-256, sha-384, sha-512
122
what does digital signature do
a simple way to verify the authenticity and integrity of a message
123
3 digital signature algorithms according to Federal Information Processing Standard (FIPS)
RSA digital signature DSA (digital signature algorithm) - based on modified EL Gamal ECDSA (elliptic curve digital signature algorithm)
124
define ephemeral port
a communication port of a transport layer protocol(TCP/UDP) of the internet protocol suit (IP suite) that is used only for a short period of time, for the duration of that session only.
125
What feature enables code to be executed without the usual security checks? A. Temporal isolation B. Maintenance hook C. Race conditions D. Process multiplexing
the answer is B. Maintenance hooks get around the system's or application's security and access control checks by allowing whoever knows the key sequence to access the application and most likely its code. Maintenance hooks should be removed from any code before it gets into production.
126
What is an advantage of RSA over DSA? A. It can provide digital signature and encryption functionality. B. It uses fewer resources and encrypts faster because it uses symmetric keys. C. It is a block cipher rather than a stream cipher. D. It employs a one-time encryption pad.
Answer is A: RSA can be used for data encryption, key exchange, and digital signatures. DSA can only be used for digital signatures.
127
what are clark-wilson model attributes
* integrity model * prevents authorized users from making improper modifications (separation of duties) * maintain internal/external consistency (well formed transactions) * access triple * ••• subjects and objects can only access what they are allowed * ••• separation of duties is enforced * ••• auditing of each transaction
128
what is IPSEC, what is it used for and when might it be used
* Internet Protocol Security * it provides authentication and encrypts packets of data to provide secure encrypted communication between two computers over an unsecure media (like the internet) * this is highly used in VPNs
129
3 main components of IPSEC are
* IKE (internet key exchange) * AH (authentication header) * ESP (encapsulation security protocol)
130
what does IKE (internet key exchange) do in IPSEC
• establishes SA (security association) between communicating hosts, negotiating the cryptographic keys and algorithms the will use during the session
131
what does AH (authentication header) do in IPSEC
* adds a header field to the packet that includes cryptographic hash * provides authentication * provides integrity (HMAC - hashed message authentication codes) * does not provide confidentiality * protects against replay attacks
132
what does ESP (encapsulation security protocol) do in IPSEC`
• encrypts the payload • adds a sequence number so the host is sure it isn't getting duplicate information • provides confidentiality • it can provide authentication and integrity
133
explain SA (security association)
•. simplex connections (communication one way) • if using both AH and ESP you need 2 SAs for each communication, so for bidirectional you would need 4 SA connections • each SA has a unique 32 bit SPI (security parameter index)
134
what does ISAKMP stand for and what does it do
• internet security and key management protocol) • manages the SA creation process and key exchange mechanics
135
what are the two modes ISPEC can be used
* Tunnel mode * Transport mode
136
what does tunnel mode in IPSEC do and when to use it
* encrypts and authenticates the entire package (including headers) * used when a system does not natively speak IPSEC
137
does does transport mode do in IPSEC
* only encrypts and authenticates the payload * used when both systems already understand IPSEC
138
what 3 things do digital signatures provide
1. authenticity 2. integrity 3. non-repudiation of both origin and delivery
139
what does DAC stand for
• discretionary access control
140
what does MAC stand for with access controll
• Mandatory access control
141
what does RBAC stand for
• roll based access control
142
what does ABAC stand for
• attribute based access control
143
explain DAC
* discretionary access control * this allows the owner or creators the ability to control access given in any way they feel the need
144
explain MAC with access control
• mandatory access control • think military • labels and categories • you have to request access to every level • classified access does not give you access to everything under classified. you will need to request access to each level under the top level Example: you have top secret access. you still need to request access to nuclear submarine even when it is under top secret
145
explain RBAC
* role based access control * access based on the role of the subject
146
explain ABAC
* attribute based access control * access granted by attributes * location * subject (user) * environment - location and/or time of access
147
explain RUBAC
* rules based access control * example firewall * access granted off if/then statements
148
Bell Lapadula security model - where does is belong on the triad and what access control is it
* confidentiality * Mandatory access control (classified information)
149
bell lapadula - what are the 3 rules
* simple security - no read up * \* (star property) - no write down * strong \* (star) property - no read or write up or down. subjects can only access data at their level
150
what is a digital certificate
• its a file or electronic password that proves the authenticity of a device, server, or user through the use of cryptography and the public key infrastructure (PKI)
151
what are the steps in tls handshake
* ClientHello * ServerHello - certificate - ServerHelloDone * clientkeyexchange - changecipherspec - finished * changecipherspec - finished
152
TCP handshake
* syn * syn ack * ack
153
when does the TLS handshake occur
* whenever a user navigates to a website over https and the browser first begins to query the website * when other communications use https, including API calls and DNS over HTTPS
154
what does TLS handshake follow, what always happens first
• TCP handshake, which creates the connection
155
what does TLS handshake follow, what always happens first
• TCP handshake, which creates the connection for all communications after that
156
firs step in TLS handshake (client hello) what is in that message
* max TLS version this client can support * random number to prevent replay attacks * list of cipher suites options
157
second step of TLS handshake (server response)
* server hello (will contain the follow for the encrypted communication) * chosen TLS version to use * chosen cipher suite to use * random number to prevent replay
158
second half of the second step of the TLS handshake, the server sends a second message that includes?
* certificate with the agreed encryption and a public key * server key exchange (parameters for Diffie\_Hellman key exchange) * •••• digital signature as part of key exchange this includes (summarized version previous messages hashed and signed with the private key of the server to prove who they are) * Server hello done
159
TLS handshake step 3 (client reply) what is sent
* client key exchange * change cipher spec message (i have all i need, i will not start encrypting the message with agreed specs) * finish message (this will contain a summary of all the messages to this point, encrypted)
160
last step of TLS handshake (server final reply) what is in the message
* change cipher spec message * finish message (this contains a summary of all the message to this point, encrypted)
161
once the TLS handshake is completed how long does that TLS session last
* this based off a few things * if you browse to another site obviously you will create a TLS session with that site * there are refresh times, after 30 minutes or so (not a standard time) the handshake will happen again to verify there are new random numbers etc * possibly session resumption (resume sessions based off certain criteria) based configuration of server
162
Graham-Denning security model attributes
• uses objects, subjects and rules • there are 8 rules to specific subject can execute on an object 1. transfer access 2. grant access 3. delete access 4. read object 5. create object 6. destroy object 7. create subject 8. destroy subject
163
harrison Ruzzon Ullman security model (HRU) attributes
• deals with integrity of access rights • an operating system level computer security model • an extension of Graham-Denning • considers subjects to be objects • 6 primitive operations 1. create object 2. create subject 3. destroy subject 4. destroy object 5. enter right into access matrix 6. delete right from access matrix
164
EAP attributes
* eap is a is a framework for authentication instead of an actual protocol * eap was originally desined to work over physical isolated channels, thus assumed a secured pathway * some eap methods use encryption, some do not . * over 40 EAP methods - leap, peap, eap-sim, eap-fast, eap-tls, eap-ttls ETC.
165
do we ever send anyone our asymmetric public key?
absolutely not, we send them our digital certificate

PCS CISSP MM, EC, Thor series (13 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions