Final Revision

Question 1

Biometrics: CER/ERR =?

Answer 1

Crossover Error Rate, also = ERR
Equal Error Rate, also = CER

Where FRR = FAR

The lower the CER/ERR the more accurate the system.

Question 2

Biometrics: Type 1 error

Answer 2

false rejection rate (FRR)

Question 3

Biometrics: Type 2 error

Answer 3

false acceptance rate (FAR)

Question 4

What does Kerberos address?

Answer 4

SSO for Confidentiality and integrity and availability

Question 5

What form of cryptology is kerberos based on?

Answer 5

Symmetric Key cryptology

Question 6

How does Kerberos exchange passwords?

Answer 6

Hashes

Question 7

Kerberos:

KDC =
AS = 
TGS =
TGT =
TP =

Answer 7

KDC = Key Distribution Center
AS = Authentication Server
TGS =Ticket Granting Service
TGT =Ticket Granting Ticket
TP = Trust Principle (Resource)

Question 8

IPSEC:

Transport mode =
Tunnel Mode =

Answer 8

End to End encryption= Transport = Only payload encrypted

Link Encryption = Tunnel = All headers encrypted and payload

Question 9

SSL/TLS

Use =
Purpose =
Cryptographic components =

Answer 9

Use = securing web protocols

Purpose = Confidentiality, Authentication, Integrity

Cryptographic components = Encryption, HMAC

Question 10

HTTPS

Use =
Purpose =
Cryptographic components =

Answer 10

Use = ssl/tls on top of http

Purpose = Confidentiality, Authentication, Integrity

Cryptographic components = Encryption, HMAC

Question 11

FTPS

Use =
Purpose =
Cryptographic components =

Answer 11

Use = ssl/tls on FTP

Purpose = Confidentiality,

Cryptographic components = Encryption,

Question 12

SSH

Use =
Purpose =
Cryptographic components =

Answer 12

Use = secure channel

Purpose = Confidentiality, Integrity

Cryptographic components = Encryption, HMAC

Question 13

SFTP

Use =
Purpose =
Cryptographic components =

Answer 13

Use = HHS on FTP

Purpose = Confidentiality,

Cryptographic components = Encryption,

Question 14

S/MIME

Use =
Purpose =
Cryptographic components =

Answer 14

Use = secure email

Purpose = Confidentiality, Integrity, Non repudiation

Cryptographic components = Encryption, HMAC

Question 15

IPSEC Components, name their functions.

AH = 
ESP = 
IKE = 
SA = 
SPI =

Answer 15

AH = Authentication Header (Function: Integrity, Origin authentication, replay attack protection (HMAC)

ESP = Encapsulating Security Payload (Function: Integrity Origin authentication, replay attack protection,
confidentiality (HMAC & Symmetric Encrption)

IKE = Internet Key Exchange (Function: Device Authentication and Establishing Security Association)

SA = Security Association (Function: negotiation that includes the algorithms that will be used (Hashing and encryyption), key length, key information.

SPI = Security Parameter Index (Function: Security association Identifier)

Question 16

Cipher attacks: order of usefulness?

chosen cipher text
known plain text
chosen plain text
cipher text only

Answer 16

1 - cipher text only
2 - known plain text
3 - chosen plain text
4 - chosen cipher text

Question 17

Cryptography

name 3 algorithms

Answer 17

Diffie-Helman-Merke
RSA (Rivest, Shamir-alderman)
ECC (Elyptic Curve Cryptography) *current standard

Question 18

digital signatures require 2 algorithms:

Answer 18

Hashing Algorithm (e.g. SHA-x)
digital signature function (RSA, DSA (digital signature algorithm)

Question 19

digital signature provide:?

Answer 19

non-repudiation and integrity.

Question 20

SESAME, what is it?

Answer 20

Secure European Systems for Applications in a multi-vendor environment

public key cryptography, like kerberos. but used for applications not operating systems.

Question 21

federated identity:

Answer 21

an arrangement among enterprises for authentication

Question 22

federated identity

1 - SAML
2 - OAuth 2.0
3 - OpenID ,
4 - OpenID Connect

Answer 22

1 - SAML (Security Assertion Markup Language)
2 - OAuth 2.0 (Authorisation, think facebook game asking for access)
3 - OpenID ,
4 - OpenID Connect( provides authentication for OAuth 2.0, replacement for SAML)

Question 23

SAML =
IdP =
SP =
Principle =

Answer 23

SAML = Security Assertion Markup Language
IdP =  Identity Provider
SP = Service Provider
Principle = User

Question 24

Network Attack:

SMURF

Answer 24

ICMP spoofs packet header to appear attack originated on the victim and send to a broadcast, all machines respond to the victim DOS

Question 25

Network Attack: | Teardrop

Answer 25

uses fragmented packets to confuse the system and crash

Question 26

Network Attack: | Fraggle

Answer 26

similar to SMURF but uses UDP

Question 27

Network Attack:Land Attack

Answer 27

sends a TCP syn attack and spoofs the source as its self so the system loops round and engages with itself.

Question 28

Common Criteria: TOE: PP: ST: SFRs: * EAL0 – * EAL1 – * EAL2 – * EAL3 – * EAL4 – * EAL5 – * EAL6 – * EAL7 –

Answer 28

TOE: Target of evaluation PP: Protection Profile ST: Security Target SFRs: Security Functional Requirement * EAL0 –Inadequate assurance * EAL1 –Functionally tested * EAL2 –Structurally tested * EAL3 –Methodically tested and checked * EAL4 –Methodically designed, tested and reviewed * EAL5 –Semi formally designed and tested * EAL6 –Semi formally verified design and tested * EAL7 –Formally verified design and tested

Question 29

Humidity %?

Answer 29

> 40 and < 60 (static v corrosion)

Question 30

Fire Extinguishers: A B C D

Answer 30

A Common (Water, Soda ACID) B - Liquids -(Gas/CO2, SODA Acid) C - Electrical ( GAS CO2) D - Metals (Dry Powder)

Question 31

types of sprinklers Wet pipe = Dry pipe = Deluge = Pre Action =

Answer 31

Wet pipe = always contains water Dry pipe = water waiting in tank Deluge = releases large amounts of water/foam Pre Action = water in tanks, fills pipes when heat detected, thermal nozzle melts

Question 32

Common ports: 20/21

Answer 32

FTP

Question 33

Common ports: 22

Answer 33

SSH

Question 34

Common ports: | 23

Answer 34

telnet

Question 35

Common ports: | 25

Answer 35

SMTP

Question 36

Common ports: | 69

Answer 36

TFTP

Question 37

Common ports: | 110

Answer 37

POP2

Question 38

Common ports: | 123

Answer 38

NTP

Question 39

Common ports: | 143

Answer 39

IMAP

Question 40

Common ports: | 67/68

Answer 40

DHCP

Question 41

Common ports: | 515

Answer 41

LPD

Question 42

software testing 2x strategies

Answer 42

1 - negative testing (ensures application can gracefully handle invalid input) (populating required fields etc) 2 - positive testing (dtermines if applications works as expected)

Question 43

software testing 2x use case scenarios

Answer 43

1 - use case (description of interaction between system and its environment 2 - misuse case - (from perspective of a hostile actor)

Question 44

software testing (structural coverage) 7x Types of structural coverage:

Answer 44

``` 1 - Statement 2 - Decision (Branch) 3 - Condition 4 - multi-condition 5 - loop 6 - path 7 - data flow ```

Question 45

software testing (structural coverage) Statement

Answer 45

sufficient test cases for each program statement to be executed once

Question 46

software testing (structural coverage) Decision (Branch)

Answer 46

sufficient tests cases for each program decision is run an each possible outcome occurs once (minimum level of coverage)

Question 47

software testing (structural coverage) Condition

Answer 47

sufficient test cases for each condition in a program decision to take on all outcomes at least once.

Question 48

software testing (structural coverage) multi-condition

Answer 48

SUFFICIENT TEST CASES TO EXCERCISE ALL POSSIBLE COMBINATIONS OF CONDITIONS

Question 49

software testing (structural coverage) loop

Answer 49

all loops for 0, 1, 2 and many iterations covering initialization, typical ruining and termination boundaries

Question 50

software testing (structural coverage) path

Answer 50

each feasible path

Question 51

software testing (structural coverage) data flow

Answer 51

each data flow

Question 52

Software Testing (modes) 6x modes

Answer 52

``` 1 - Unit 2 - Integration 3 - Validation 4 - Vulnerability 5 - Acceptance 6 - Regression ```

Question 53

Security Assessment and Testing ROE

Answer 53

= Rules of engagement (document), defines the parameters and expected testing team.

Question 54

Security Assessment and Testing | 5 x approaches

Answer 54

``` 1 - External Untrusted 2 - External trusted 3 - Internal Untrusted 4 - Internal trusted 5 - Tenant to Tenant ```

Question 55

Security Assessment and Testing | 1 - External Untrusted

Answer 55

internet based non-authenticated 3rd party attempting to gain unauthorised access

Question 56

Security Assessment and Testing | 2 - External trusted

Answer 56

internet based authenticated (given some credentials) 3rd party attempting to gain unauthorised access

Question 57

Security Assessment and Testing | 3 - Internal Untrusted

Answer 57

inside network, non-authenticated 3rd party attempting to gain unauthorised access

Question 58

Security Assessment and Testing | 4 - Internal trusted

Answer 58

inside network, authenticated( given some credentials) 3rd party attempting to gain unauthorised access

Question 59

Security Assessment and Testing | 5 - Tenant to Tenant

Answer 59

external attack originating from a tenant instance in multi-tenant environment.

Question 60

Security Assessment and Testing | 2 types of testing

Answer 60

1 - overt | 2 - covert

Question 61

Security Assessment and Testing | 4x levels of testing team knowledge

Answer 61

1 - Zero 2 - Partial 3 - Full 4 - Hybrid

Question 62

Security Assessment and Testing 3 versions of SSAE16-SOC reports: SOC1 = SOC2= SOC3=

Answer 62

SOC1 = financial statements SOC2= based on Trust Service Principles, reports on security: availability, processing integrity, confidentiality and privacy. SOC3= same as SOC2 but does not detail testing performed, designed for public distribution

Question 63

Security Assessment and Testing 2 types of SSAE16-SOC reports: Type 1 = Type 2 =

Answer 63

Type 1 = point in time report showing the controls in place, cant evaluate the operating effectiveness Type 2 = reports on design and implementation over a period of time (generally 6 or 12 months)

Question 64

NIST SP-800-137

Answer 64

information security continuos monitoring annual FISMA reporting (federal agencies)

Question 65

electronic discovery includes 9 phases =

Answer 65

``` information governance identification collection processing review analysis production presentation ```

Question 66

Code Review: | what is the most formal code review process?

Answer 66

Fagan inspections only found in highly restrictive environments where flaws may be catestrophic

Question 67

6x Fagan Code Review steps

Answer 67

``` 1 - planning 2 - overview 3 - preparation 4 - inspection 5 - rework (rework goes back to planning stage) 6 - follow up ```

Question 68

Types Code testing:

Answer 68

``` Static Testing Dynamic Testing Fuzz Testing Mutation (dumb) Fuzzing (zzuf tool) Generational (intelligent) fuzzing ```

Question 69

Code Review: | Static Testing

Answer 69

evaluates security of software without running it. usually uises automated tools to detect common flaws.

Question 70

Code Review: | Dynamic Testing

Answer 70

tests during run time (only option when apps written by 3rd party) includes testing such as looking for SQL injection etc.

Question 71

Code Review: | Fuzz Testing

Answer 71

provides many different types of input to stress its limits. specially crafted to trigger known exploits or randomly for new exploits. tester monitors performance to watch for crashes or buffer overflows etc.

Question 72

Code Review | Mutation (dumb) Fuzzing (zzuf tool)

Answer 72

takes previous input values from actual operation of software and manipulates it.

Question 73

Code Review | Generational (intelligent) fuzzing

Answer 73

develops data models and creates new fuzzed input based on understanding of the data types used.

Question 74

how many bytes long is a TCP header

Answer 74

20-60

Question 75

5x stages of the Software Capability Maturity Model (SW-CMM)

Answer 75

``` 1 = Initial - little or no defined software process 2 = Repeatable - basic life cycle managment process 3 = defined - well defined and followed 4 = managed - quantitive measures are utilized to gain detailed insight 5 = Optimized - continuous improvement occurs, sophisticated software dev processes in place ```

Question 76

5 stages of IDEAL model

Answer 76

``` 1 =Initiating 2 = Diagnosing 3 = Establishing 4 = Acting 5 = Learning ```

Question 77

Nuemonic for IDEAL and SW CMM

Answer 77

II DR ED AM LO (left ideal, right SWCMM IDEAL also works on its own from top to bottom