Need2Know

Question 1

Change Management (steps)

RRATSID

Answer 1

1. request the change
2. review the change
3. approve / reject the change
4. test the change.
5. schedule the change.
6. implement the change.
7. document the change

Question 2

Static Packet Filtering firewall

Answer 2

filters by message header: source, destination and port.

first gen - easily fooled.

layer 3 (network)

Question 3

Levels of Gov / Military security classification

Answer 3

Top Secret
Secret
Confidential
Sensitive but Unclassified
Unclassified

Question 4

Business / Private Sector security classificaiton

Answer 4

Confidential (company data) // Private (eg: medical records)
Sensitive
Public

Question 5

Explain Data Encapsulation –> Protocol Data Unit (PDU)

Answer 5

Transport layer = segments
Network layer = packets
Data Link layer = frames
Physical layer = bits

Encapsulation…..

Segments –> Packets
Packet –> Frames
Frames –> Bits

Question 6

Administrative Controls used to secure personnel

Answer 6

job descriptions
principle of least privilege
separation of duties
job responsibilities,
job rotation
performance reviews
background checks
job training
exit interview

Question 7

Application-level gateway firewall

Answer 7

aka Proxy Firewall

Layer 7 (application)

Question 8

Circuit-level gateway firewall

Answer 8

Works at layer 5 (session)

e.g., SOCKS

manage traffic based on the circuit, not the content of traffic.

Question 9

Stateful inspection firewalls

Answer 9

aka Dynamic Packet Filtering

Network & Transport layers

processes based on source and destination ports, addresses, etc.

Question 10

Deep-packet inspection firewalls

Answer 10

DPI

application layer

filters payload content - complete packet inspection

works in tandem wit application firewall

Question 11

Next gen firewalls

Answer 11

multifunction device (MFD)

IDS, Proxy, QoS, VPN, etc.

Question 12

Baseline

Answer 12

establishes a common foundation upon which all more security measures can be built

Trusted Computer System Evaluation Criteria (TCSEC)
Information Tech Security Evaluation Criteria (ITSEC)
National Institute of Standards and Tech (NIST)

Question 13

Security Marking vs Security Labeling

Answer 13

Security Marking = human-readable security attributes.

Security Labeling = security attributes for internal data structures within IT

Question 14

Change Management

Answer 14

the process of understanding, communicating, and documenting changes to a system so that negative effects from change can be avoided.

Typcial process:

1. request the change
2. review the change
3. approve / reject change
4. test
5. schedule
6. implement
7. document.

Question 15

Baselining

Answer 15

config management that involves monitoring of security changes over time.

Question 16

Risk Transference

Answer 16

buying insurance.

Question 17

What are the two common data classification schemes?

Answer 17

Military

Private Sector

Question 18

Lighter Than Air Industries expects that it would lose $10 million if a tornado struck its aircraft operations facility. It expects that a tornado might strike the facility once every 100 years.

Referring to the scenario, what is the annualized loss expectancy?

Answer 18

The annualized loss expectancy (ALE) is computed by taking the product of the single loss expectancy (SLE), which was $10 million in this scenario, and the annualized rate of occurrence (ARO), which was 0.01 in this example. These figures yield an ALE of $100,000.

Question 19

The absence or weakness of a safeguard or countermeasure?

When a safeguard or a countermeasure is not present or is not sufficient, what remains?

Answer 19

Vulnerability

Question 20

What law protects the right of citizens to privacy by placing restrictions on the authority granted to government agencies to search private residences and facilities?

Answer 20

Fourth Ammendment.

Question 21

You are concerned about the risk that an avalanche poses to your $3 million shipping facility. Based on expert opinion, you determine that there is a 5 percent chance that an avalanche will occur each year. Experts advise you that an avalanche would completely destroy your building and require you to rebuild on the same land. Ninety percent of the $3 million value of the facility is attributed to the building, and 10 percent is attributed to the land itself.

1) What is the single loss expectancy of your shipping facility to avalanches?
2) What is the annualized loss expectancy?

Answer 21

1) The SLE is the product of the AV and the EF. From the scenario, you know that the AV is $3,000,000 and the EF is 90 percent, based on that the same land can be used to rebuild the facility. This yields an SLE of $2,700,000.
2) This problem requires you to compute the ALE, which is the product of the SLE and the ARO. From the scenario, you know that the ARO is 0.05 (or 5 percent). From question 8, you know that the SLE is $2,700,000. This yields an SLE of $135,000.

Question 22

What element of data categorization management can override all other forms of access control?

Answer 22

Taking Ownership

NOT:
Physical Access
Classification
Custodian

Ownership grants an entity full capabilities and privileges over the object they own. The ability to take ownership is often granted to the most powerful accounts in an operating system because it can be used to overstep any access control limitations otherwise implemented.

Question 23

You are concerned about the risk that an avalanche poses to your $3 million shipping facility. Based on expert opinion, you determine that there is a 5 percent chance that an avalanche will occur each year. Experts advise you that an avalanche would completely destroy your building and require you to rebuild on the same land. Ninety percent of the $3 million value of the facility is attributed to the building, and 10 percent is attributed to the land itself. What is the single loss expectancy of your shipping facility to avalanches?

Answer 23

A: $3,000,000
B: $2,700,000
C: $270,000
D: $135,000

Question 24

Government Data Classificaiton

Answer 24

Top Secret
Secret
Confidential
Unclassified

Question 25

Business / Commercial / Private Data Classification

Answer 25

Confidential / Proprietary ——————–> Top Secret
Private————————————————> Secret
Sensitive ——————————————–> Confidential
Public ————————————————> Unclassified

Question 26

Multitasking

Multicore

Multiprocessing

Multi-programming

Answer 26

Multitasking – handles two or more tasks simultaneously

Multicore – multiple CPU on one chip

Multiprocessing – a system with more than 1 cpu

Multi-programming – psudosimultaneous processing two tasks on a single CPU — OBSOLETE

Question 27

Secondary Memory

Answer 27

Secondary memory is a term used to describe magnetic, optical, or flash media.

Question 28

Fault
Blackout
Sag
Brownout
Surge
Inrush
Noise

Answer 28

Fault — momentary loss of power

Blackout – total loss of power

Sag – momentary LOW VOLTAGE

Brownout – prolonged low voltage

Surge – prolonged HIGH voltage

Inrush – initial surge of power that happens when hooking a device up to power source

Noise — steady interferring power disturbance

Question 29

Fire Extinguishers

Class:
A
B
C
D

Answer 29

A = Common Combustibles –> water, soda acid

B = Liquid —> CO2, Halon

C = Electronics –> Halon

D = Metal –> Dry powder

Question 30

Dynamic RAM

Static RAM

Answer 30

Dynamic RAM uses CAPACITORS

Static RAM uses FLIP-FLOPS

Question 31

Relational Databases

Answer 31

Attributes / Field
Attribute –> Column in table
Each customer would have it’s own record, or truple (a row in a table)

Number of rows in table = cardinality

Number of columns = degree

Question 32

Types of Storage

Answer 32

Primary Memory - RAM

Secondary Storage - CD/DVD, flash drives

Virtual memory - hard drive

Virtual storage - uses RAM but goes away

Sequential access storage -

Volatile storage - goes away at power off (RAM)

Nonvolatile storage - NVRAM

Question 33

Aggregation

Answer 33

Aggregation attacks involve the use of specialized database functions to combine information from a large number of database records to reveal information that may be more sensitive than the information in individual records would reveal.

Question 34

What database technique can be used to prevent unauthorized users from determining classified information by noticing the absence of information normally available to them?

Answer 34

A. Inference
B. Manipulation
C. Polyinstantiation
D. Aggregation

Polyinstantiation allows the insertion of multiple records that appear to have the same primary key values into a database at different classification levels.

Question 35

SDLC

Change Management

Answer 35

Procedures to manage change existing apps.

Request Control –> request mod, cost/benifit analysis, prioritize tasks
Change Control –> re-create situation, analyze change, create & test
Release Control –> approve final changes

Security Admins:

Config Identification
Config Control
Config Status Accounting
Config Audit

Question 36

802. 15
803. 11
804. 3

Answer 36

802. 15 = bluetooth (PAN)
803. 11 = wifi
804. 3 = ethernet

Question 37

What database security feature uses a locking mechanism to prevent simultaneous edits of cells?

Answer 37

A. Semantic integrity mechanism
B. Concurrency
C. Polyinstantiation
D. Database partitioning
This Answer is Correct

Concurrency uses a “lock” feature to allow an authorized user to make changes and then “unlock” the data elements only after the changes are complete. This is done so another user is unable able to access the database to view and/or make changes to the same elements at the same time.

Question 38

Which source of interference is generated by electrical appliances, light sources, electrical cables and circuits, and so on?

Answer 38

A. Cross-talk noise
B. Radio frequency interference
C. Traverse mode noise
D. Common mode noise

Radio frequency interference (RFI) is the source of interference that is generated by electrical appliances, light sources, electrical cables and circuits, and so on

Question 39

Which recovery site alternative provides shared resources through contractual leasing options?

Answer 39

A. Cloud services
B. Mobile site
C. Hot site
D. Cold site

A cloud service company (previously known by the term service bureau) is an organization that provides online time-leased computer services for a fee.

Question 40

Which database principle ensures that transactions execute in an all-or-nothing fashion?

A. Atomicity
B. Consistency
C. Isolation
D. Durability

ACID

Answer 40

The atomicity of database transactions requires transaction execution in an all-or-nothing fashion. If any part of the transaction fails, the entire transaction is rolled back.

Question 41

In the Biba model, what rule prevents a user from reading from lower levels of classification?

A. Star axiom
B. Simple property
C. No read up
D. No write down

Answer 41

The Biba simple property rule is “no read down.”

The Biba star axiom is “no write up”. “

No read up” is the simple rule for Bell LaPadula.

“No write down” is the star rule for Bell LaPadula.

Question 42

If a specific step-by-step guide does not exist that prescribes how to accomplish a necessary task, which of the following is used to create such a document?

A. Policy
B. Standard
C. Procedure
D. Guideline

Answer 42

A guideline offers recommendations on how standards and baselines are implemented and serves as an operational guide for both security professionals and users. Guidelines are flexible so they can be customized for each unique system or condition and can be used in the creation of new procedures (i.e., step-by-step guides).

Question 43

A momentary loss of power is what form of power issue?

A. Brownout
B. Spike
C. Sag
D. Fault

Answer 43

Fault = short loss of power

Brownout = LOW VOLTAGE for prolonged period of time

Spike = HIGH VOLTAGE short period

Sag = short period of LOW VOLTAGE

Question 44

Tom built a database table consisting of the names, telephone numbers, and customer IDs for his business. The table contains information on 30 customers. What is the degree of this table?

A. Two
B. Three
C. Thirty
D. Undefined

Answer 44

The cardinality of a table refers to the number of rows in the table while the degree of a table is the number of columns.

Question 45

Change Management Steps

Answer 45

Change management:

1) Request
2) Impact assessment
3) Approval/Disapproval
4) Build and test
5) Notification
6) Implementation
7) Validation

Question 46

Secure Sockets Layer (SSL) uses a Message Authentication Code (MAC) for what purpose?

Answer 46

integrity

Question 47

Which of the following is not a form of spoofed traffic filtering?

A. Block inbound packets whose source address is an internal address
B. Block outbound packets whose source address is an external address
C. Block outbound packets whose source address is an unassigned internal address
D. Block inbound packets whose source address is on a block/black list

Answer 47

Using a block list or black list is a valid form of security filtering; it is just not a form of spoofing filtering.

Question 48

Among the following concepts, which element is not essential for an audit report?

A. Audit purpose
B. Audit scope
C. Audit results
D. Audit overview

Answer 48

Audit overview is not essential for an audit report —> the purpose, scope, and results of an audit are the three primary (and necessary) elements.

Question 49

What security flaw conveys information by writing data to a common storage area where another process can read it?

A. Covert timing channel
B. Buffer overflow
C. Covert storage channel
D. Maintenance hook

Answer 49

A covert storage channel conveys information by writing data to a common storage area where another process can read it. Storing data in such a way introduces a security flaw that allows unauthorized users to access the data.