Exam Misses Flashcards
(129 cards)
1
Q
Which backup process (Differential, Incremental) sets the Archive Bit to 1?
A
None of them. Some set it to 0:
full backup clears the archive bit, setting it to 0
differential backup doesn’t change the archive bit value
incremental backup clears the archive bit, setting it to 0
2
Q
Transaction that preserves the state of the database is said to be _____
A
Transaction Persistent
3
Q
What is the term for a discrete unit of data that makes up part of a TCP flow?
A
segment
4
Q
What does a transponder do?
A
Uses radio waves to communicate with a person’s access control badge.
(not a user-activated proximity device)
5
Q
Does a security architecture embody procedures?
A
no.
it only embodies conceptual security components
6
Q
What computer component dictates when data is processed by the system’s processor?
A
Control Unit (not registers)
Data is held in registers until it’s turn to access CPU
ALU is part of CPU that does math
7
Q
What is the discrete unit of data at the network layer?
A
packet
8
Q
What is the discrete unit of data at the transport layer for UDP?
A
Datagram
9
Q
How do you calculate residual risk?
A
(Threats x Vulnerability x Asset Value) x Controls Gap
10
Q
Does risk analysis produce countermeasures and their costs?
A
No
Risk Analysis focuses on the problem not the solution.
The result may justify a security budget but it doesn’t concern itself with them, only the measurement of risk
11
Q
Does the Orange Book work with protection ratings, which are well suited for the commercial industry?
A
No.
It’s classification scheme is developed for the DoD
12
Q
During the Acceptance Testing / Implementation phase of the SDLC, is the product used within the intended environment?
A
No.
Product is not used in production until the lifecycle reaches operations/maintenance phase
13
Q
What 3 levels describe where parallel computing can occur?
A
bit, instruction, task
14
Q
Is this the correct order for the change management sequence?
RADTIR
request, approve, document, test, implement, report
A
yes
15
Q
What is California 1386?
A
Personal Information Privacy law (regulatory directive)
16
Q
What are 7 steps of creating a DR Plan?
Develop contingency plan Conduct BIA Identify Preventive controls Create Contingency Strategies Develop IS Contingency Plan Ensure plan testing, training, exercises Ensure Plan Maintenance
A
Contingency Plan
BIA
Preventive
Contingency Strategies
IS Contingency Plan
Plan Testing, Training, Exercises
Maintenance
17
Q
How many domains does COBIT have?
A
4
18
Q
ISO/IEC 27001
A
ISMS Requirements
based on British BS7799 Part 2
19
Q
ISO/IEC 27002
A
Code of practice for ISMS
Provides best practice recommendations, guidelines
Initially based on British BS7799 Part 1
20
Q
ISO/IEC 27004
A
ISMS measurement and metrics framework
Provides guidance on development, use of measures and measurements
21
Q
ISO/IEC 27005
A
ISMS Risk Management
International standard for how risk mgmt should be done in the framework of an ISMS
22
Q
ISO/IEC 27006
A
Certification Requirements
23
Q
ISO/IEC 27799
A
Health Organizations
24
Q
ISO/IEC 27003
A
Implementation
25
What does salvage team do?
starts recovery of the original site
26
Does civil law punish as well as compensate?
yes. punishment is in form of fines
27
Define data at rest
data that isn't being actively used
28
What are the levels of damage to National Security at
confidential
secret
top secret
confidential
secret - loss causes SERIOUS damage
top secret - loss causes GRAVE damage
29
When classifying data, do you consider the user base of the data?
What about the usefulness?
no.
yes.
30
Who is responsible for classifying data in an organization?
senior management
31
What is the purpose of classifying and labeling data?
to ensure it's protected in the most cost-effective manner
not - ensuring data is not accessed without property authority
32
For a data custodian, is "establishing baselines for data purges" in their scope of work?
What about "troubleshooting system problems that affect user productivity?"
no.
Purges are responsibility of data owner
yes
33
When a process has stopped and is waiting for a time allotment from the CPU, or for an event to occur, it is in what state?
Sleep State
| not a wait state
34
How many rounds of permutation and substitution does DES perform?
16
35
Covert Timing Channel Attack
manipulates system resources to access information obtained by other process
36
Define Verification
evaluates product's performance against the claimed functionality.
compares specifications of the product to the actual resulting product
37
Define Validation
Ensures the product satisfies the problem it was designed to solve and that performance and outputs are accurate
38
Base register
| Limit register
base register contains the beginning address for a process
limit register contains the ending address
39
To help deal with computer crime, did several legislative bodies expand the definition of property to include data?
yes
40
Is SQL an interactive and programming language?
yes
41
IS Contingency Plan
developed for the recovery of the system regardless of the site or location.
Can be activated at current location or an alternate site
42
IS Contingency plan vs DR plan
DRP is site-specific with procedures to move operations from a damaged location to a temporary location
ISCP is not site specific
43
What layers does X.25 work at?
Network and data link
A packet switching technology for data-only traffic
44
Equal Error Rate / Crossover Error Rate
EER is the same as the CER
Metric to indicate accuracy of biometric system
when number of Type I errors = number of Type II errors
45
What's the format of a distinguished name?
cn=first name last name,dc=domain,dc=com
46
Can counter mode (CTR) encryption run in parallel?
Was counter mode endorsed by NIST in 2001?
yes
Unlink OFB, CTR can encrypt and decrypt in parallel
yes
47
What is a reference monitor?
The abstract machine that holds all the rules of access for the system.
The security kernel is the active entity that enforces the reference monitor's rules.
They control the access attempts of any and all subjects, for instance a user
48
Can automated tools provide the best results when doing risk analysis?
yes.
they contain most of the necessary questions pre-programmed, ensuring that nothing gets missed.
they contain formulas and different scenario parameters
49
Type I Error and Type II errors are what?
Type I - False rejection rate, when proper user is rejected
Type II - False acceptance rate, when imposter is authenticated
50
What gauge wire do you use for fencing in a mid-level security environment?
9 gauge (with 2x2 inch meshing)
51
Which encryption theory states that an algorithm should be publicly known with only the key being secret?
Kerckhoffs' theory
basically the same idea as open source - if people can view the code, errors will be fixed
52
Which database model is a flexible way of representing objects and their relationships, where it's not restricted to being a hierarchy or lattice? It forms a redundant network-like structure.
The network model
53
Which plan focuses on restoring an organization's Mission Essential Functions (MEF) at an alternate site?
Continuity of Operations focuses on restoration of MEF for up to 30 days at alternate site
54
What does it mean when a system is operating in a "problem state"
It means that application code is executing and the system is in the process of solving that application's problems
55
What does it mean when a system is in a "supervisory state"
That rings 0 and 1 are executing
56
What does a "ready state" refer to?
Time between application executions when other states are invoked, but the application stands ready to resume execution when the other routines are finished
57
Can threads be executed simultaneously?
yes
58
Is the number of rows in a relation called a cardinality?
yes
59
is the number of columns in a relation called a degree?
yes
60
Are these email standards?
MSP
PEM
PGP
yes
Message Security Protocol
Privacy Enhanced Mail
Pretty Good Privacy
61
What is delayed loss risk?
The productivity risk that occurs after equipment is stolen. Refers to the loss of productivity and can outweigh the tangible loss
62
What voltage of static electricity causes data loss on disk drives?
1500 Volts
63
How does high-cohesion, low-coupling represent the best programming?
Best programming uses the most cohesive modules possible
The lower the coupling, the better the design because it promotes module independence
64
Which of the following is a necessary characteristic of evidence for it to be admissible?
real
noteworthy
reliable
important
reliable.
Evidence must be sufficient, reliable and relevant to be admissible.
Evidence must be material, competent, relevant
65
When do you use an Object-Relational Database (ORD) or ORDBMS?
For business logic needs.
it's a relational DB with a software front-end written in object oriented language.
The front end allows the business logic procedures to be used and customized by companies for their unique needs
66
How is virtual storage created? (Virtual memory)
Uses space on HD (secondary storage) to expand the RAM volume
67
Describe the difference between guidelines and policies
Guidelines are recommendations or suggestions.
Policies are written broadly to cover any subjects in a general fashion. Provide the foundation.
68
Define standards
mandatory activities, rules or actions. Give a policy its support and reinforcement
69
Define baseline
a point in time that's used for future changes
70
When developing a BIA, do you take into account losing skilled worker knowledge?
no
71
Is SESAME an authentication protocol that uses a PAS and PAC's?
yes
72
Is Authentication one of the most serious concerns when implementing VOIP?
Yes
SIP doesn't have encrypted call channels and authentication of control signals.
Attackers can sniff out login ID's, passwords, PINs and phone numbers
73
Is downstream liability a major concern with Extranets, VAN's and shared networks?
yes
A company can be legally responsible if they don't practice due care that can put partners at risk
74
Is a NAT gateway considered a firewall architecture?
no
75
Which database model best fits a one-many data requirement?
relational
hierarchical
tree
structured
hierarchical
it combines records and fields that are related in a logical tree structure
76
Does an iterated association use multiple layers of protocols through IP tunneling?
yes
with an iterated association, each tunnel can originate or end at a different IPSEC site along the way. This supports multiple layers of nesting
77
Define Transaction Persistent
A transaction that preserves the state of the database
78
The _____ translates source code one command at a time for execution on a computer
Interpreter
| compilers and assemblers transform source code for the whole application before being executed
79
Why are input/output control mechanisms necessary for operational security?
to verify accuracy of data entered into or generated out of a system
80
The primary goal of operations security is to protect the company's assets from threats. True or false?
True
Also concerned with hardware and software performing predictably and acceptably
81
What does computer forensics refer to:
1. media analysis
2. software analysis
3. hardware analysis
4. network analysis
media analysis
The 3 types of Digital Forensics are
media
software
network
82
What's the golden rule of computer forensics?
make sure evidence is not changed by any of the investigative actions
83
If a programmer is restricted from updating and modifying code, is that an example of separation of duties?
yes
84
Which is not part of the triage escalation process?
1. view event logs
2. make human decisions about whether incident occurred or not
3. utilize IDS
4. track movement of the intrusion
track movement of the intrusion
that is part of the action/reaction phase
85
What is MTTR?
Mean Time to Repair. Time needed to get device fixed and back into production
86
What is a full interruption test?
halts data processing at primary facility, forces migration to alternate site(s).
87
Does operational Assurance include unit and integration testing?
no
Operational Assurance is about the product's architecture, features, functionality that let customer obtain necessary level of protection when using the product.
```
Examples of operational assurances:
access control mechanisms
separating privileged and user code
auditing, monitoring
covert channel analysis
trusted recovery
```
88
Program Status Word (PSW)
holds different condition bits.
One bit indicates whether CPU should be in user mode (problem state) or privileged mode (supervisor mode)
89
What qualitative risk analysis technique uses anonymous opinions of members?
Delphi
90
What word describes the probability of a threat materializing?
risk
Risk is the likelihood of a threat agent taking advantage of a vulnerability.
A risk is the loss potential
91
Temperature for damage to start
175 F
92
Minimum distance for offsite facility
25 miles
93
KDD / Data mining approach that groups data according to shared similarities
Classification
94
KDD / Data mining approach that identifies relationships between data elements and uses rule discovery
Statistical
95
KDD / Data mining approach that identifies data interdependencies and applies probabilities to their relationships
Probabilistic
96
What's special about the Clark-WIlson integrity model?
It focuses on separation of duties
It focuses on well-formed (property formatted) transactions (operations that transform data from one consistent state to another)
Addresses all 3 goals of integrity
auditing is required
separation of duties is enforced
access triple (subjects only access objects through authorized programs)
97
What's special about the Brewer-Nash / Chinese Wall model?
It protects against conflicts of interest
Allows for dynamically changing access controls
A user can write to an object only if they can't read another object from a different data set
98
What's special about the Graham-Denning model?
Has more specific definitions than Bell-LaPadula and Biba
Has 8 rules / protection rights of how functionalities should happen securely
99
What's special about the Harrison-Ruzzo-Ullman model?
It deals with access rights and the integrity of them
It's used to ensure that no unforeseen vulnerability is introduced and that the stated access control goals are achieved
100
What's special about the Non-Interference model?
activities at one level should not be visible or affect things at another level
101
What does the TCB define? / What is it's ultimate purpose?
It defines the level of security assurance for the trust a system provides.
It does not define the level of security
102
What assesses potential loss from a disaster?
BIA
RA
BCP
BA (business assessment)
Business Impact Analysis
103
What's the main drawback of endpoint data leak prevention?
complexity
104
What happens at the session layer?
Controls how applications communicate (not computers)
Allow applications to keep state of the dialog
not all applications use protocols that work at this layer, so it's not always used
A session layer protocol will setup connection to other application logically and control the dialog exchange
105
Which of the following security association techniques uses multiple layers of protocols through IP tunneling?
encapsulation
iterated
transport adjacency
replay
Iterated.
In iterated associations, each tunnel can start or end at a different IPSEC site along the way. This method supports multiple layers of nesting
106
frame
data link layer
107
packet
network layer
108
segment
tcp flow / transport layer
109
datagram
udp only
| transport layer
110
Grave damage to national security
top secret
111
Serious damage to national security
secret
112
verification vs validation
verification evaluates product against its specs.
validation ensures product satisfies the problem it was developed to solve and performance is accurate
113
Electronic Discovery Reference Model (EDRM)
defines which series of 8 steps for e-discovery (producing admissible evidence for court)
```
ID
Preserve
Collect
Process
Review
Analysis
Production
Presentation
```
114
2 major components of SIP
User Agent Client (UAC)
| User Agent Server (UAS)
115
Is putting a flaw in your network in hopes of detecting a penetration and exploitation - entrapment or enticement?
enticement
116
Define certification vs accreditation
certification - evaluation of the security components and their compliance for the purpose of accreditation.
Certification is the testing
Accreditation is the approval from management
117
What's the most complex type of DLP?
network
endpoint
host
hybrid
hybrid, because it combines endpoint and network
118
how frequently should fire extinguishers be inspected?
quarterly
119
how far should fire extinguishers be from electrical equipment?
50 feet
120
What's a capability table?
list of objects that a subject has access to, plus the operations the subject can perform on them
121
What are capability tables bound to?
subjects
122
What are access control lists bound to?
objects
123
Does the security kernel invoke the reference monitor?
yes
124
Can the security kernel be tested and verified?
yes
125
multiprogramming
an OS and CPU execute more than one program at a time
different from multi processing
Processes can commit a resource and the OS has less control over when the process releases the resource than in multiprocessing environments
126
Interleaved execution of 2 or more programs by a CPU is called what?
multiprocessing
multithreading
multitasking
multiprogramming
multiprogramming
127
Describe COBIT and ITIL
Control Objectives for IT
IT Infrastructure Library
COBIT addresses what is to be achieved. ITIL addresses how to achieve it.
COBIT is developed by ISACA and ITGI
It defines goals for controls to properly manage IT and to ensure IT maps to business needs, not just security
ITIL is the standard of best practices for IT Service Management.
ITIL provides goals, general activities needed to reach them and input, output values for each process required to meet them.
128
Describe a Security Steering Committee
Defines acceptable level of risk for company
Reviews risk assessment and audit reports
Approves major changes to security policies, programs
Establishes vision statement to support organizational intent of business.
129
What is the core set of books for ITIL?
Service Strategy
Fundamental approach of ITIL is the creation of Service Strategy, which focuses on overall planning of IT services.
It is a set of guidelines including best practices for strategy, value planning, design, alignment between IT and business, market analysis...
