Mixed Flashcards
Best way to minimize impact of DDoS
use firewall to identify and deny traffic to addresses
Main reason to measure impact of unplanned interruption
Provides insight into critical business processes
When to use digital signatures instead of Message Auth Code
When must be known that sender is the only one who made changes to doc
Distinctive characteristic of network tunneling process
encapsulation of packets
In what sec. mode is a system operating when 2 or more classification levels are processed and not all users have clearance for all data handled by system
Multi-Level
Primary reason for Code Obfuscation
increases diff. of reverse engineering
Which is a security service not defined in ISO 7498-2 Security Architecture model
Availability
Why are audit trails important
They provide individual accountability
Primary components of effective security program
People, Processes, Technology
Access Control attack used against a remote user’s callback
Call forwarding
Major Weakness of PPTP
Encryption key derived from User’s Password
BCP project scope identification includes
BIA, also most CRUCIAL factor for DRP
With 802.11B wireless, which tech protects users from each other
Firewall on each device/computer
Stack overflow that crashes TCP/IP service daemon can result in serious security breach because
process is executed by a privileged entity
ISO 27001 complements…
17799
17799 is evolution of
7799
Activation of virus attached in email is avoided by
configuring client to not automatically open attachments
Crypto attack that uses execution times and cryptographic device power requirement
Differential
Main reason to use IPsec in tunnel mode is
protect entire IP packet
Design phase in Software Development Life Cycle (SDLC) includes all but:
Developing maintenance and operations manual
Which EAL within Common Criteria provides security assurance “methodically tested and checked” ?
EAL 3
Which attack will a Network-Based IDS detect
Phone Book File attack from a browser using SSL
Term that defines what security properties of a product is evaluated in Common Criteria evaluation is:
Security Target
Regularly scheduled check of network cards in promiscuous mode is a countermeasure for:
Sniffer
Basic foundation of Privacy Management process is
Organizational Governance
Reconnaissance phase of penetration testing employs:
Social engineering
Risk analysis based on historical costs and probability of a thread and is measured in cost to the organization is:
quantitative method
In a computer forensics investigation involving a HD, examiner should keep a log including:
timestamps of files on the media
Which of the following is a weakness of both statystical anomaly detection and pattern matching:
lack of a learning model
In addition to providing audit trail auditors can use, loggin provides:
backout and recovery information
Which approach to IPsec key exchange is protocol of choice of IETF (Internet engineering task force)
ISAKMP
Patch management life cycle begins with:
developing a baseline software inventory management system
Not a fundamental component (question) of Regulatory Security Policy
WHY it is to be done
Important aspect of computer ethics program involves consideration of
Regulatory Requirements
Commonly used technique by covert Channel is
tunneling
Class of threat associated with manual or automated process
operational
Provides a minimum level of security acceptable for an environment
Baseline
Formal Security Policy Model is one that:
is a mathematically precise statement of a security policy
Inner workings of a buffer overflow attack:
Program fails to check buffer size limits before storing data
Expert systems differ from other AI programs because
need to encode domain-dependant knowledge of the everyday practitioner and using it to solves problem
Mitigation strategy that falls in certification framework for application development security
waiver authorization
Financial transaction digitally signed, what method can be used to prevent the transaction from being done again
Include timestamp on the message
Operates at the media layer and is an attempt by an intruder to inject packets in a conversation
Real-Time Transport Protocol (RTP) hijacking
Birthday attack can be used to:
find Hash Collisions
Could be used to encrypt network traffic streaming between two offices
IPsec AH (Authentication Header) tunnel
Valid reason to propose two-factor auth for Remote Access
More vulnerable and requires better authentication
Implementation of a positive security model on a firewall allows:
all defined legitimate traffic and denies everything else
Main advantage of positive security model
New or Unknown attackes are more easily prevented
IPsec provides security to traffic at what point in transmission?
At perimeter if IPsec is enabled on Firewall or Router
SYN attack can be determined by observing
Spoofed source IP address
NOT a characteristic of an IDS
Determines the source of incoming packets
As part of BCP, two characteristics of a business task or function MUST be identified:
Result and requirement
Primary consideration when a shared device is used to store data outside with an outsourced organization:
Minimize risk of data loss due to device failure through volume partitioning
Organizational Security Policy (OSP) is
a High-Level management document to inform all users on the goals and constraints on using a system
Primary benefit of hierarchical storage management system is:
Use of less expensive storage media for infrequently accessed data
Benefits of IPsec include:
Access control, Connectionless integrity and Rejection of replayed packets (NOT Data Destination Authentication)
Principal difference between OpenPGP and S/MIME
Method of key exchange is different between OPGP and SMIME