Ij Flashcards by Jillian Hhhhh

In the waterfall model which of the following evaluates a given product against the specifications written for the product

Verification

Verification evaluates the products performance to the acclaimed functionalities and production levels. It also compares the specifications of the product to the actual resulting product

How well did you know this?

Not at all

Perfectly

When containing an Incident what is the first step that should always be taken

Secure the area and protect potential evidence

How well did you know this?

Not at all

Perfectly

Based on the following asset information what is the organization single loss expectancy per hour?

Maintaining and updating their database cost $124,000 per year customer base revenue is $500,000 per year. For every hour of data compromise Or unavailability they could lose one percent of their customers

5,000

How well did you know this?

Not at all

Perfectly

Chosen ciphertext attacks are mainly use against what kind of ciphers?

Pubic key

How well did you know this?

Not at all

Perfectly

The risk of the following attack could be mitigated by software develop training

Buffer overflow

How well did you know this?

Not at all

Perfectly

Which of the following relies on UDP

DHCP

How well did you know this?

Not at all

Perfectly

Who is the primary user of an IDE

Software developer

How well did you know this?

Not at all

Perfectly

A company has decided they need to separate the development team from the support team. According to general security principles what job function should be done by the development team

Software design

How well did you know this?

Not at all

Perfectly

What protocol provides the user authentication authorization for remote client access?

802.1x
EAP-TLS
ChAP
RADIUS

RADIUS

How well did you know this?

Not at all

Perfectly

Which distributed computing architecture is used extensively by web applications?
Timesharing
Three tier
Peer to peer
Client server

Three tier

How well did you know this?

Not at all

Perfectly

An individual with secret level security clearance cannot read a document designed as top-secret. Which security model is is an example of?
Discretionary access control, Beba, Bell-lapadula or clark Wilson

Bell la Padula

How well did you know this?

Not at all

Perfectly

What type of memories typically use as cash memory?

Cashing random access memory, read only memory, dynamic random access memory, static random access memory

Static random access memory

How well did you know this?

Not at all

Perfectly

During an evacuation who is responsible for checking that each individual that area has begun evacuation?

Door monitor, business unit manager, safety warden or meeting point leader

Safety warden

How well did you know this?

Not at all

Perfectly

Which of the following is not a responsibility of an information owner?
Approving any disclosure activities, ensuring that the necessary security controls are in place, defining security requirements per classification of back up requirements or ensuring that proper access rights are being used in configuring them properly

Ensuring that proper access rights are being used in configuring them properly

How well did you know this?

Not at all

Perfectly

Which of the following biometric access control measures the blood vessels in an eye?
I rescan, fingerprint, facial recognition or retina pattern

Retina pattern

How well did you know this?

Not at all

Perfectly

Which of the following devices are read in written into a sequential order?

USB stick, solid-state drive, floppy drive or magnetic tape

Magnetic tape

How well did you know this?

Not at all

Perfectly

Which of the following circumstances is computer application security most effective and economical?

When the system is optimized before the additional security, when the system as customers to meet specific security threat, when the system is Design from the beginning to provide the necessary security or when the system is purchase off-the-shelf

When the system is designed from beginning to provide the necessary security

How well did you know this?

Not at all

Perfectly

When planning to perform a vulnerability assessment, a large international companies CIO decided to scan their entire IP address space. How can this affect the value of the scan?

The scan will review more problems that can be resolved in a reasonable time, the scan will have a high chance of failing before it completes, the network network will be unavailable while the scan is running or the scan will admit computers are not running at the time

The skin will reveal more problems than can be resolved in a reasonable time

How well did you know this?

Not at all

Perfectly

What type of host discovery is used to find a live network systems that aren’t running responsive listing services?

Port scanning, Port monitoring, active or passive

Passive

How well did you know this?

Not at all

Perfectly

Which of the following attributes could be used to qualify access control measures?

Administrative defensive detective, administrative preventive detective, associative preventive deterrent, associative preventive detective

Administrative preventive and detective

How well did you know this?

Not at all

Perfectly

What is a driving factor in clearly stated data destruction policies?

Easy availability of archival info,

Pre-trial discovery during litigation,

historical records to advise policy makers,
or statistical analysis of past performance

Pretrial discovery during litigation

How well did you know this?

Not at all

Perfectly

With regard to access control terminology when are built in subjects for an operating system defined?

When an administrator has a business need,

at that time the operating system is designed,

at the time the operating system is compiled

or when a new policy dictates the need for one

At the time the operating system is designed

How well did you know this?

Not at all

Perfectly

Which of the following is example of a directive control?

Background check, encryption, Smart card or locks?

Background check

How well did you know this?

Not at all

Perfectly

What is the number of UDP port that could be open on a system?

131,070, 131,072, 65,535 or 65,536

65,536

How well did you know this?

Not at all

Perfectly

What step of incident response comes immediately after response? Containment, mitigation remediation or reporting

Mitigation

What security issue is related to Legacy SCADA protocols like modbus, DNP3, pro fibrous and RP – 570?

They’re clear text

A computer is assigned a time to transmit by controller to void collisions. Which of the following uses a technique? CSMA\CD, pulling, CSMA backslash CA or ATM?

Polling | Pulling is commonly used in mainframe environments

What type of token generates new unique codes at fix time intervals? Asynchronous dynamic, static, challenge response or synchronous dynamic

Synchronous dynamic

A mouse trap manufacturing company factory was flooded during a tsunami. Another division within the company manufacture rat traps in another plant that was not flooded. It could be used to make mouse traps after a day of retooling. What kind of site is this? Cold, warm, hot or reciprocal

Warm

The computer ethics Institute has published a code of ethics which six to govern behavior of computer users. Which statement accurately reflects one of the 10 Commandments?? Dial shall not use the computer as a witness tool, that should not interfere with other people’s computer work, they’ll shall not use a computer for recreation, or thou shall not waste government computer resources

Thou shall not interfere with other people’s computer work

Against which risk is a perimeter firewall effective? External exploit of a file server with an unpatri access vulnerability, An employee opening attachment in a fishing email Attackers pivoting to a database from a user machine with compromised credentials Infective files downloaded via SSL from a compromise external Web server

External export of a file server with the unpaired remote access vulnerability

What resources consumed by a botnet during a DDOS RAM BANDWIDTH CAM table space Source ports

Bandwidth

Which of the following is a primary protective mechanism for active X? Sandbox, antivirus, integrity checking or digital signature?

Digital signature

What does CER, FAR AND FRR relate to IN A GRAPH? Business impact analysis, biometric authentication, IDS/IPS tuning Or vulnerability assessment

Biometric authentication

Which of the following tools we use to record and send a users password over the network? Keylogger, father, Kerberos or a root kit

Keylogger

What should take place to restore server and it’s data files after a system failure? Take a forensic hard drive image, reformat the server and reinstall the OS, implement system recovery procedures or clone the server from a similar system

Implement system recovery procedures

Which of the following is only likely to be identified through an assessment of core security processes IP addresses of house probably in the network perimeter, the root cause of security failures, identification of zero de compromises or the number of listening services on a network

The root cause of security failures

What activity can often uncover evidence of a data breach? Vulnerability assessment, user acceptance testing, centralize log review, business impact analysis

Centralized log review

While reviewing a file server security log a system administrator notices there are no events log for any type of file access. What type of issue is this? Authentication, authorization, accountability or availability

Accountability

Removing unnecessary applications and services is part of what process? Creating security metrics, The provisioning systems, continuous monitoring, or applying security baselines

Applying security baselines Key component to any baseline security configuration is establishing the minimum necessary services applications needed to perform the required functions this can also be referred to as principle of lease privilege

Which part of a pen test are WHOIS and DNS often use Exploitation, reconnaissance, vulnerability assessment or scanning

Reconnaissance

Which of the following is so she was buffer overflows? Cat, and map, a a a a or gets ()

gets()

What is the meterpreter in the Metasploit framework? payload, a threat, and exploit or vulnerability

A payload

What is a mandatory component of a single sign-on system? A non-discretionary access control, Federated Identity management, multifactoral syndication or centroids credential source

Centralize credential source

What is the difference between an incremental backup and a differential back up? And incremental back up is on site and a differential is remote, a differential backup is on site incrementals remote, an incremental back up creates files for each day and a differential back up file grows each day or differential backup creates files for each day in incremental back up file girls each day

An incremental backup creates files for each day and a differential back up file grows each day

Which of the following should be used to extinguish a fire and operating electrical transformer station? Soda acid, dry powder, CO2 or water

CO2

A $200,000 service firm has a single loss expectancy of 40,000. What is a server firms exposure factor? 20%, 40%, 200% of 500%

20%

Which code review method is a characteristic of extreme programming? Pair programming, fuzz testing, tool assisted or static analysis

Pair programming

What is the defining characteristic of an 802. 11 ad hoc wireless network? Clients connect to an access point, Allows access points to communicate with clients, operates without essential access point are used for sniffing wireless networks

Operates without a central access point An ad hoc wireless network is a peer to peer network specifically designed to operate without is central access point

What does an attacker do with the return pointer when it’s over written? Set it to a program on the drive the Attacker wants to run Sets it to another currently running applications and the machine Set it to an incoming data stream from the network Sets it to the location in the stack are the commands are

Sets it to location in the stack where the commands are

And administrator working on a web server open some malicious link while downloading patches. What kind of attack is this? Trojan horse, server-side, come in injection or client-side

Client-side

Which of the following is used to identify how an ATM sell can reaches destination? Point of point protocol, virtual path identifier, permanent virtual circuit or switch to virtual circuit

Virtual path identifier

Which software development Methodology is not primary code centric? SDLC DEVOPS LIBSAFE CMMI

Devops

What organization manages request for comments (RFCs) National Institute of standards and technology, Internet engineering task force(IETF) , International organization for standardization ISO or Center for Internet security CIS

Internet engineering task force I ETF

Which of the following types of business country plan testing is known as validity testing? Full interpretation, simulation testing, structure walk-through testing or checklist

Structure walk through testing

Which of the following topologies is most widely used today because of scalability and fault tolerance Star biology, bus topology, ring topology or loop topology

Star

What’s the following categories fits these terms: Client/server, three – tier and peer-to-peer Software architecture, Computer architecture, software development Methodology, interprocess communication

Software architecture

What element is part of the base metrics in the common vulnerabilities scoring system? Temporal, access vector environmental or emanations

Access vector

The defense on a computer fraud case United States wishes to offer a third-party personal email records into evidence that could help prove her client had no malicious intent. What is the prosecuting same most likely to do? Object based on the hearsay rule I’ve just based the emails containing PII in the main headers Object base in the exclusionary rule Object based on data retention policies

Object base and the hearsay rule

Which software development methodology uses and enter iterative approach to develop it working model with typically includes frequent interaction between the customer and developer Spiral, address, scram or prototyping

Prototyping

What type of evidence obtained from an outside source and is admissible in court? Hearsay, circumstantial, inculpatory kr corroborating

Hearsay

I do bass administrators alerted to a spike in activity that has caused a space shortages over the last week. Where should the administrator look to turn whether the increase in activities due to valid or abnormal request? The database is Aralog, the operating system‘s application law, the database is transaction log or the app ring system security log

The database transaction log

How can organization share a single document repository were each company retains control over its own authentication credentials Access control matrix, two factor authentication, coveralls key distribution center or Federated identity management

Federated Identity management

Fuzzing a running applications part of what process? | Code review, stress testing, dynamic application security testing or static analysis

Dynamic application Security testing

There are many types of testing methods involve a exercising and maintaining a business continuity plan. Which of the following types of testing is known as consistency testing The literally testing, structured walk-through testing, simulated testing, or checklist testing

Checklist testing

What functionality do open ID and Saml provide? Openid uses centralized Storage for credentials, while SAML uses distributed storage true or false?

False Open ID performs authentication while SMAL and codes authentication related information

What causes the chrome browser to have many process instances when there are multiple tabs Standard libraries Buffer overflow Sandboxing Memory leaks

Sandboxing

Which of following is not one of the private IP address ranges designated by the internet assigned numbers authority 128. 12.0.0:16-128.92.0.0/16 10. 0.0.0/8 192. 168.0.0/16 172. 16.0.0/16-172.31.0.0/16

128.12.0.0/16-128.920.0/16

What is the act of hiding data within another medium? Permutation Substitution Steganography Transposition

Straganography

If a company does not inform employees that they may be monitored and does not have a policy stating how monitoring should take place, what should a company do?

Don’t monitor individual employees in any fashion

What is the goal of synthetic transactions

Ensure an application is performing as intended

What is one way of avoiding excessive damage to equipment while maximizing personal safety and using recommendations of fire protection and insurance industries for data centers

Dry pipe

Which of the following characteristics of secondary memory?

Has slower data retrieval speeds

Which of the following Algorithms is used to secure the exchange of key when implementing public Key cryptography DES AES IDEA DIFFIE-hellman

Diffie hellman

What computer resources make up the TCB?

The kernel and processes designed to meet a formal security policy

What is the first step to be accomplished in a preliminary legal investigation Gather evidence, determine if Crime has occurred, interview witnesses or inspect damage

Determine if a crime had occurred

Even Joy streaming videos from the wild while on her work computer. Sometimes access to videos are cut off for hours or even the rest of the workday period it seems random to eve the day of the week the websites hosting the videos, and how long she can access sight do not follow a pattern. Which control is blocking the website? Context base access control, web application firewall, whole space in certain section or time base access control

Context based access control

Which of the following does every user in organization not need to be aware of regarding their organizations information security policy?

The actions required to recover systems in case of a disaster

What writing protocol is used to communicate between autonomous systems and large networks such as the Internet? ``` ARP RIP DNA ESP BGP ```

BGP

Which of the following terms describes determining an individual is who they claim to be? Authorization, identification, authentication

Authentication

Which of the following land transmission protocols is use on ethernet networks?? CSMA/CD TOLEN PASSING CSMA/ca Polling

Csma/cd

The pen testing team is getting access to orientation by sending a PDF file from a spoon human resources email address. Which the following controls would help medicate this attack? security audits, code review, user training or transport layer security?

User training

What is the security weakness of the password authentication protocol? PAP

Sends passwords in plaintext

When a cookie is marked secure which of the following controls are in place? It may be sent over SSL/TLS, it cannot be accessed by JavaScript, is encrypted with the private key or it is encrypted with a symmetrical key?

It may be sent over SSL/TLS

The most complete picture of the security of network results from which of the following? I Pinterest, vulnerability assessment, firewall rule based audit or security assessment

Security assessment

Once you understand a risk, you can decide not to become evolved in this risk situation. What should the choices below describes this decision Risk avoidance, risk acceptance, risk reduction or risk transfer

Risk avoidance

What mechanism can be used to ensure that it failed database transaction or system for the return the subject to a meaningful point in some process

Checkpoint

The following statement can be best described as what type of security documentation? I’ll end-user systems on the network must be protected at the host level again smell weird unauthorized access Procedure, policy, standard, baseline, guideline

Policy

Which of the following best describes operation security

Taking steps to make sure environment and information access within it stay at a certain level of protection

What is the unit of transmission in an ethernet network called

Frame

Which of the following forms of communication should be used and reporting an incident to management

Out of band

What component of a VoIP system exchanges traffic between a packet switch in circuit-switched network

Media gateway

What solution aims to solve latency issues caused by differences between client in public servers

Content distribution networks Provides faster delivery of content to the user distributed world wide It is a group of servers that are placed all over the globe and increase the delivery of web content

What type of control can automatically initiate corrective control

Detective

Dedicated

Dedicate a motive operation means at the system contains objects of one classification label

Which search engine poses a problem for SCADA system is connected to the Internet

Shodon

What is the Best definition for equal error rate EER

The rate at which the FAR equals a FRR

In tunnels mode IPSEC The outer packet is address to which of the following

The receiving Gateway

Which of the following sulfur controls is an output control

Reconciliation

What type of control as a security policy

Directive

What Mac motive operation place a reference monitor to mediate between subjects and objects

Multi level

Which of the following destroys patterns that connect plane textures associate ciphertext

Diffusion

Compressing IPv6

Leading zeros are all suppressed

Which of the following access control measures is directive

Background check

What type of memory must be refreshed by reading and rereading each but every Few milliseconds

DRAM

Which Class of fire suppress by dry powder

Electrical

Which of the following pen testing activities with the effective invalidating Tempus effectiveness

Radiation monitoring

Which distributed computing Thank you architectures fully decentralized

Peer to peer

The account management process should ensure adherence to a security principal

Least priv

Which of the following Theresas the Internet activities board consider violation of the ethics in the Internet

Compromising the privacy of users

Antivirus Blocked an executable and sent a notice to security event information management system. What type of control does antivirus represent

Preventative

During a preliminary investigation of potential security incident which step should occur in what order

Review the complaint, inspect the damage, exam in logs and work with management and if necessary is this management in notifying law enforcement

With respect to do classification rolls in which of the following is a responsibility the system owner

To assist in identification of the common security controls

Metasploit

Validate if the vulnerability is exploitable

Where would attackers focus our efforts to disable Kerberos

Key distribution center

Which of the following concepts requires having a central authority maintain a copy of everybody’s private keys are there any users encrypted data can be decrypted by the central authority

Escrowed encryption

What should be considered in the purchase of a preventative control

Total cost of ownership

A no NIDS is alerted by a database connection

False negative False negative occurs when the IDS is not set off an alert and the traffic is malicious

What is an application Output control

Reconciliation

What technology allows a single switch to host multiple networks

Vlan

What memory addressing technique always refers to a temporary storage location of the rather than the main memory

Registered direct addressing

Which of the following provides the set of statements used to design a database Sxhema

Data definition language

What layer of the OSI model does 802.1X provide authentication

Data link

Why would someone use frame-relay instead of x.25

Lower overhead

What are the four tasks in the access provisioning life cycle

Account Administration Maintenance Monitoring And revocation

Identity is what

Making a claim to the system as to who you are

Providing user name and password is what

Authentication

After authentication then authorization is next, what does it do

Looks what what access the user has

After authorization is accountability

This deals with who does what in the system

What is AAA

Authentication Authorization Accountability

Auhtorizarion determines what

What access to what group of information a user or group of users has

Accountability is what

Makes the user responsible for their actions

Four

Four categories of authentication are

Something you know (password, phrase) something you have Something you are Someplace you are

True or false using two authentication factors is known as two factor authentication

True

What is CER

Crossover error rate Percentage of false rejection rate compared to false acceptance rate

PoLP is what

Principle of least privilege and it makes sure individuals are granted access necessary to perform their required business functions

True or false, the PoLP applies to users and system configuration, firewall rulesets, and many other items in security

True

What is a key policy for fraud deterrence/detection

Rotation of duties

What is the base level of protection that a reasonable person takes to check a piece of code

Due care

What is the process followed to ensure that an org is exercising their duty of care

Due diligence

What do detective controls do

Makes us aware of a condition that might warrant further inspection or response Any device that has an alarm feature is this

Prevention controls do what

Deprive unauthorized access to resources

What includes organizational policies and procedures

Administrative or directives

Type of controls

``` Preventative Detective Corrective Deterrent Recovery Compensating ```

Administrative controls are

Background checks and policies and procedures

Physical controls are

Locks Security laptops Security magnetic media The protection of cable

Technical controls are

Encryption | Smart cards

Preventative controls do what

Prevent an attack from being successful

Detective controls do what

Assuming an attack has begun, it tried to detect that there is a problem after an attack occurs Timing in critical

Deterrent controls do what

Discourages security violations, such as a beware of dog sign

Compensating controls do what

Provide alternatives to other controls. If there is a weakness in a control, add another layer of security to reduce the risk

Corrective controls do what

Reacts to an attack and takes corrective action

Recovery controls do what

Restores the operating state to normal after an attack or system failure

First step to managing risk is what

Asset evaluation What is the impact of unavailability What is the impact of a data breach What is the impact of the data was altered

Risk =

Threat x vulnerability

What is something that can bring harm to a system

Threat

What is a threat source , aka threat source

It is the cause of a threat

What is the means a threat exercises a vulnerability?

Exploit

What is the source or binary code that eases the ability for an attackers to exploit a vulnerability

Exploit code

What is the action that the attacker wants to carry out as a result of the exploitation. What is part of the post exploitation portion of an attack

Payload

What is the worlds most used pen testing framework

Metasploit

What are the two primary approaches to risk assessment

Quantitative and qualitative

What type of risk assessment is perfected by the business and usually uses numbers

Quantitative

Quantitative formulas

SLE = EF xAV ARO ALE =SLE X ARO TCO ROI

Which risk assessment focuses on what

Uses risk matrix and does not use numbers

What must an effective risk management prioritize

A risk reduction strategy

What are the three fundamental elements of security

Confidentiality integrity and availability

What defines the CIA triad in terms of loss?

Disclosure alteration and denial (DAD)

What is the request for information to be made to initially gather information about the available providers of the item or service being procured.

RFI Request for information

What is the stage of procurement to determine which providers will bid for the project

Request for proposal

Rfq

Request for quote

What is used when a business operates legally as a partnership It addresses ownership, profits/losses and contributions

BPA Business partner agreement

What is used when two org interconnect information systems/networks

MOU/A It defines basic roles, responsibilities and requirements. It also refers to the ISA got details concerning the security requirements

Woah dictates the technical security requirements associated with two orgs connecting information system/networks

ISA

What is used to force service providers to agree to provide and acceptable level of security or else potentially be found in a breach of contract

SLA

What is an internal | Agreement that supports the SLA?

OLA | operating level agreement

What governs how about org that license a large volume of software is allowed to use that software?

ELA enterprise license agreement

COTS

commercial off the shelf

What does SOC stand for

Service organization controls

What is the name for a SOC 1

Service organizations: internal | Control over financial reporting (ICFR)

What is the name for a SOC II

Service organizations:trust services criteria

Name for a SOC III

Service organizations: trust services criteria for general use report

What needs does a SOC I meet

Entities that use service organizations and the CPAs that audit the user entities financial statements and controls on the financial statements

What does a SOC II do

Gives a detailed information action and assurance about the controls at a service org relevant to security, availability and processing integrity of the systems the service org uses to process users data and the confidentiality and privacy of the information processed by these systems

What is a SOC III used for

Giving assurance about the controls at a service organization relevant to security availability, processing integrity confidentiality or privacy

The concept of threat modeling is closely associated with what?

Software or application development

Approach for threat misruling is STRIDE . What does STRIDE. Stand for

``` Spoofing ID TAMPERING With data repudiation Information disclosure DoS Elevation priv ```

What is the goal of threat identification

Appreciate the threat sources, understand their motivation and determine their capabilities

What is the method attackers use to touch or exercise vulnerabilities

Threat vectors or vector

What represents all the ways in which an attacker could attempt to introduce data to exploit a vulnerability

Attack surface

How do you reduce the attack surface of an application

Security configuration management or hardening . This ensures only necessary features are enables on systems

What governs individual conduct as it pertains to laws both federal and state

Criminal law

What refers to an action against a coma y that causes damage or financial losss

Civil law

What protects inventions for 20 years

Patent

What is a recorded thought, a form of expression copyright

Lifi uses what

Uses LED lights bulbs to send data

What includes 4g and 5g

Lifi zig bee and satellite and cellular networking

Tools used to recover shared WEP keys

WEPcrack Airsnort dwepcrack

What uses existing LES bulbs to send data to receivers

LIFI

What are the benefits of LIFI

Speed Down side is it cannot pass through light

What leverages battery powered radios to form a mesh person area network

Zigbee

What network let’s the computers in a network communicate directly with each other without an intermediary

Peer to peer

What are characteristics of the waterfall methodology

The project is divided into sequential stages, each with specific milestones This is knows your be the most direct toward the objectives with the shortest dev time and cost possible

What maturity level of software assurance modem (SAMM) as described as initial understanding and ad hoc provision of security practice?

Level 1 Level 0: implicit starting point representing the activities in the practice being unfulfilled Level 1: same as question Level 2: increase efficiency and or effectiveness of sec. Practice Level 3: comprehensive mastery of the sec practice at scale

Ensuring only min required access is given to developers at any time is an example of what?

Least priv

What approach would be best suited to help identify flaws by examining source code?

Static application security testing

What applies an agile methodology to threat and vulnerability management, incident handling/response and overall security operations?

Security orchestration automation and response (SOAR) SOAR is the automatic handling of security operations-related tasks. Process of executing these tasks, like scanning for vulnerabilities or searching logs

One of the oldest Programming vulnerabilities allows that allows code to be inserted into memory locations potentially allow code execution?

A buffer overflow This is when the programmer fails to perform bounds checking For example The ()gets functions goes not enforce a character length limit when data is input

Which level in the CMMI is defined by the phrase The software process for both management and engineering activities is documented, standardized and integrated into a standard software process for the organization?

Level 3

Which type of testing would be most appropriate to ensure that all expected functionality of the app is present and working properly?

Quality assurance

What development methodologies uses paired programmers who work from a detailed specification, has a high level of customer involvement and uses detailed test procedures?

Extreme programming (XP)

What principle is violated when developers reviews code in production

Separation of duties

What maturity level of software assurance model is described as comprehensive mastery of the security practice scale?

Level 3

What file methodology co twins small teams of developers, senior member of the org who acts like a coach and the product owner?

Scrum

What can be used to develop applications faster and increase programmers analysts productivity

IDE Integrated development environment Musically has a code editors, debugger and build/compiler

What is the best way to reduce risk in software

Code review

Management is concerned about apps having successfully passed through QA and user acceptance testing but later having unforeseen issues when deployed into the prod. What term would be most applicable to address this?

Devops

Which software developmental model has unique discrete sequential phases

Waterfall

What enables rapid deployment of virtual security applicable and devices like virtual firewalls, virtual IPS

Software defined security

What term describes a structured approach to documenting and approving changes to systems

Change control

What level of the CMMI model is defined by detailed measures of the software process in product quality are collected

Level 4

What type of coding far is exploited would allow a normal user account to gain increased or even admin access

Priv escalation This type of attack increases a users or process privilege typically to superuser level. Most of these tax require nonprivileged local access. SETU ID root programs are frequent targets of priv escalation attacks

What is the main factor that drives a spiral model of application development

Risk

What is being implemented if development staff does not manage security functions

Separation of duties Development team should have clearly defined borders between developers, the QA department in the coder applications used on prod environments

One of the primary approach is to ensure that Java applet do not negatively impact the underlying operating system involves running the code with any more isolate environment with limited access

Sandbox

Some numeric values are often stored in fixed length memory locations. What type of a taxi to explode this characteristic to achieve memory corruption

Integer overflow

What should be done in order to be able to correlate the mini logs produced by different systems

Use a reliable and accurate time source Maintaining a centralized Backup copy of all your logs as quickly important to your monitoring. If they are accurate this what is the log correlation. It’s a timestamps her off it will not be helpful

What type of minoring would be best suited for discovering a compromise internal system being used to scan public hosted cloud assets

Egress monitoring It monitors traffic leaving an organization, system for interface like the traffic from internal system that scans public hosted cloud assets. Ingressed monitoring examine the behavior of assets of an organization or system seem whether they are in compliance with standards or not

Measuring the baseline of activity overtime in highlighting expectations is referred to as what

Anomaly detection This type of tool notices unusual trends in traffic patterns. They use expected behavior patterns as their baseline then ignore sells patterns as a process data

And Apache web service is considered to be what type of Kobe service

PaaS Edmonds have control over the service configuration only, and not the general operating system. An admin could we start the web service but not reboot the entire system

What detective technology would be best able to help discover adversary Compromise of a legitimate user account based on deviation from typical behavior

UEBA user and entity behavior analytics provides baseline self profile how users behave. A SIEM may include you EBA data but that cannot be guaranteed

What is the goal of a business impact analysis

It focuses on determining mission critical business processes and the impact associated with disruption of those services. Its purpose is to determine the tolerable level of impact and keep business functions. The primary focus is on the disruption of availability and determination of the effect of an outage over a period of time. The BIA informs the requirements regarding RTO

What is a computer forensics image

A binary copy of the hard drive Binary copy can capture files that have been deleted and hashing algorithms can be used during acquisition and After to be right assurance to the integrity of the image acquired

During incident response, you find a dynamic internal IP address is Implicated as the attacker. What would be a key log needed for incident response in forensics

DHCP logs It provides assets with the IP address is dynamically, so that the IP address of a house can vary. The DHCP logs could enable investigatory to determine which host the adversary used

Marin Is the manager of the quality department and you just his RFID card to access the building and later uses the same car to access his office what type of control is this

Technical

What are two types of identity management systems? LDAP AD DC DN

Ad and ldap Active directory Lightweight directory access protocol

An SSO system is characterized by what

Provides a single user name and password to access entire network

What is the best performing biometric authentication systems have

Low crossover error rate

After a users thumb print has been enrolled for future authentication what does their print get stored as

Hash Parametric images are converted to hashes so there’s a hacker exploits a password they will only obtain representations of the biometrics and not the real images

Nadia As a security administrator tasked with finding users with week passwords. What type of attack but she attempts first as part of the security audit Rainbow tables Birthday Dictionary Brute force

Dictionary

What is it called when an employee moves from department to department and the rights and priv are not removed

Authorization creep

Which SSO system uses secret keys, principals and tickets

Kerberosis Kerberosis uses a key distribution center to grant tickets to users for services to use such as email and file sharing

Kerberosis uses what keys

Symmetric This provides redundancy with the key distribution center to medicate it being a single point of failure. Make certain to use the longest to resist brute force attacks

Diskless comouters with lots of memory and fast CPUs that obtain their operating system and data from a centralized server called what

Thin clients

When implementing security containers on a system it will be divided into too secret, secret, confidential and unclassified. Which type of system is she implementing

MAC mandatory access control

What is not a SSO system

Circumference

Which should be added to make tjeee factor authentication if the person uses a card to swipe into the server room? Pin Retina scan Otp Authenticator

Pin | Retina scan

Which access control model prioritizes availability over Confidential Aliti and integrity so that owners of their files determine the authorizations of their objects

DAC Discretionary access control

Allow MAC address 35:35:43:an:ac:a1 | Deny all

Rule based access control

What are two difference between TACAS and RADIUS

TACAS encrypts all the data . RADIUS encrypts the password only and TACAS transmits data via T P and RADIUS transmits data via UDP

Which is not a physical access control type 8 foot fence Data backup Security awareness training Network segmentation

Security awareness training

Example of admin controls

Non disclosure agreement | Dress code policy

What device would monitor network activities

IDS

When tasked with lowers the threshold of monitoring activities as part of her seeking to discover an external threat, what is one thing that she will notice first

The system perform reduces By lowering the threshold, increases alerts. So false positives increase and logging tables fill up faster. The increased monitoring will eventually find it

When an admin is given priv to Ana he printers and hard drives but not the network, what is this an example of

Least priv

Ok Unix and Linux systems what is the best rewrite to implement to mitigate brute force attacks

Name the root log in name to roto-root3r

What is an example of data hiding

Steganography

What is the act of intentionally positioning data so that it is not viewer or accessible to an unauthorized subject

Data hiding

What is an important part of multilevel secure systems?

Data hiding

What is the science of hiding the meaning of intent of a communication from unintended recipients

Encryption

What is the line of intersection between any two areas, subnets or environment s that have different security requirements or needs

Security boundary

What is it called when there is an established plan, policy and process to Protect the interests of an organization

Due diligence

What is it called when it is practicing the individual activities that maintain the due diligence effort?

Due care

What is the document that defines the scope of security needed by the org and discusses the assets that require protection

Security policies

What defines requirements for the use of hardware, software, technology and security controls

Standards

What is the minimum level of security that every system throughout the org must meet

A baseline

What is the element of the formalized security policy structure

Guideline

Do all users need to know the security standards, baselines, guidelines, and procedures for all security classification levels

No they do not

What is the process where potential threats are identified, categorized and analyzed

Threat modeling

What type of testing is specialized dynamic testing technique that too idea different types of input to software to dress its limits and find previously infected flaws

Fuzzing

CIA

Confidentiality integrity and availability

What is the principle that objects are not disclosed to unauthorized objects?

Confidentiality

What is the principle that objects retain their veracity and are intentionally modified k my by authorized subjects

Integrity

What is the principle that authorized subjects are granted timely and uninterrupted access to objects

Availability

What is AAA

identification, authentication, authorization auditing and accountability

What is the process of verifying or testing that a. Claim identity is valid

Authentication

WhG ensures activity or object based access is possible given the rights and priv assigned to the authenticated identity

Authorization

What is auditing

Programmatic means by which subject are held accountable for their actions while authenticated on a system through the documentation or recording of subject based activities

What repudiation

Ensures that the subject of an activity cannot deny that the event occurred

Abstraction is what

It is used to collect similar elements into groups classes are bowls that are assigned security controls, restrictions are permissions as a collective. It has efficiency to caring out a security plan

What is defense ok depth

Is known as layering, it is simply they use multiple controls in a series. Using a multi layered solution allows for numerous different controls to guard against whatever threats come to pass

What is it called when you are preventing the different been discovered her access by subject

Data Hiding

What is it called when there’s a line of intersection between the two areas, subnets, or environments that have different security requirements or needs

Security boundaries

What is security governance

It is a collection of practices related to supporting defining interesting to secure the efforts of an organization

What is the process of reading the exchange materials And verifying them again standards and expectations. In many situations special related to government or military agencies are contractors failing to provide sufficient documentation to meet requirements of third-party governance can result in loss of or a voiding of authorization to operate

Documentation review

What is security management planning

Ensures proper creation implementation and enforcement of a security policy.

What needs to be in order in order to be able to create an comprehensive security plan you need what

``` Security policy Standards Baselines Guidelines And procedures ```

Security management is based on theee rules of plans

Strategic tatical and operational

Key security roles are

Senior manager, security professional, as an owner, custodian, user and auditor

Confidentiality integrity and availability are typically viewed as the primary goals and objectives of a security infrastructure. Which Of the following is not considered a violation of confidentiality Stealing passwords using a key struggling tool, eavesdropping on wireless network communications, hardware destruction caused by arson or social engineering that tricks to use her and she providing personal information to a false website

Eavesdropping on the wireless network

What is a primary goal and objective a security

The CIA Triad

James recently discovered an attack taking place against his org that prevented employees from accessing critical records. What part of the CIA was violated

Availability

What is security governance

Security governance seeks to compare the security processes and infrastructure used within the organization with knowledge and insight obtained from external sources

You have been tasked with crafting a long-term security plan That is fairly stable. It needs to find the organization securities purpose. It also needs to find security function in a line it to the goals, Michigan, and objectives of the organization. Why are you being asked to create

Strategic plan

What is a risk associated with a. Merger

``` Inappropriate info disclosure Increased worker compliance Data loss Downtime Additional insight into the motivations of inside attackers ```

What is a set recommended best practices for core IT security and operational processes and

ITIL

What security role has the functional responsibility for security including writing the security policy and implementing it

Security professional

When confidential Documents are exposed to an authorized entities, which element of straight is used to reference that violation

D Denial of service

A development team is working on a new project. During the early stages of systems development the team considers the vulnerabilities, threats, and risks of their solution and integrates protections Against Unwanted outcomes. What concept to start modeling is this

Proactive approach

Whenever an organization work for the third party it’s supply chain risk management process it should be applied. One of the common requirements is establishment of minimum security requirements of the third-party. What should these requirements me based on

Existing security policy

What is a risk centric threat modeling approach that aims at selecting or developing countermeasures in relation To the value of the assets to be projected

PASTA | Process for attack simulation and threaten else’s. It is a seven states threat modeling methodology

What term relates to defense in depth

Layering, classifications, zones, realms, compartments, sales, segmentations, lattice structure and protection rings

Ij Flashcards

(303 cards)