Need2Know

Question 1

Change Management (steps)

RRATSID

Answer 1

1. request the change
2. review the change
3. approve / reject the change
4. test the change.
5. schedule the change.
6. implement the change.
7. document the change

Question 2

Static Packet Filtering firewall

Answer 2

filters by message header: source, destination and port.

first gen - easily fooled.

layer 3 (network)

Question 3

Levels of Gov / Military security classification

Answer 3

Top Secret
Secret
Confidential
Sensitive but Unclassified
Unclassified

Question 4

Business / Private Sector security classificaiton

Answer 4

Confidential (company data) // Private (eg: medical records)
Sensitive
Public

Question 5

Explain Data Encapsulation –> Protocol Data Unit (PDU)

Answer 5

Transport layer = segments
Network layer = packets
Data Link layer = frames
Physical layer = bits

Encapsulation…..

Segments –> Packets
Packet –> Frames
Frames –> Bits

Question 6

Administrative Controls used to secure personnel

Answer 6

job descriptions
principle of least privilege
separation of duties
job responsibilities,
job rotation
performance reviews
background checks
job training
exit interview

Question 7

Application-level gateway firewall

Answer 7

aka Proxy Firewall

Layer 7 (application)

Question 8

Circuit-level gateway firewall

Answer 8

Works at layer 5 (session)

e.g., SOCKS

manage traffic based on the circuit, not the content of traffic.

Question 9

Stateful inspection firewalls

Answer 9

aka Dynamic Packet Filtering

Network & Transport layers

processes based on source and destination ports, addresses, etc.

Question 10

Deep-packet inspection firewalls

Answer 10

DPI

application layer

filters payload content - complete packet inspection

works in tandem wit application firewall

Question 11

Next gen firewalls

Answer 11

multifunction device (MFD)

IDS, Proxy, QoS, VPN, etc.

Question 12

Baseline

Answer 12

establishes a common foundation upon which all more security measures can be built

Trusted Computer System Evaluation Criteria (TCSEC)
Information Tech Security Evaluation Criteria (ITSEC)
National Institute of Standards and Tech (NIST)

Question 13

Security Marking vs Security Labeling

Answer 13

Security Marking = human-readable security attributes.

Security Labeling = security attributes for internal data structures within IT

Question 14

Change Management

Answer 14

the process of understanding, communicating, and documenting changes to a system so that negative effects from change can be avoided.

Typcial process:

1. request the change
2. review the change
3. approve / reject change
4. test
5. schedule
6. implement
7. document.

Question 15

Baselining

Answer 15

config management that involves monitoring of security changes over time.

Question 16

Risk Transference

Answer 16

buying insurance.

Question 17

What are the two common data classification schemes?

Answer 17

Military

Private Sector

Question 18

Lighter Than Air Industries expects that it would lose $10 million if a tornado struck its aircraft operations facility. It expects that a tornado might strike the facility once every 100 years.

Referring to the scenario, what is the annualized loss expectancy?

Answer 18

The annualized loss expectancy (ALE) is computed by taking the product of the single loss expectancy (SLE), which was $10 million in this scenario, and the annualized rate of occurrence (ARO), which was 0.01 in this example. These figures yield an ALE of $100,000.

Question 19

The absence or weakness of a safeguard or countermeasure?

When a safeguard or a countermeasure is not present or is not sufficient, what remains?

Answer 19

Vulnerability

Question 20

What law protects the right of citizens to privacy by placing restrictions on the authority granted to government agencies to search private residences and facilities?

Answer 20

Fourth Ammendment.

Question 21

You are concerned about the risk that an avalanche poses to your $3 million shipping facility. Based on expert opinion, you determine that there is a 5 percent chance that an avalanche will occur each year. Experts advise you that an avalanche would completely destroy your building and require you to rebuild on the same land. Ninety percent of the $3 million value of the facility is attributed to the building, and 10 percent is attributed to the land itself.

1) What is the single loss expectancy of your shipping facility to avalanches?
2) What is the annualized loss expectancy?

Answer 21

1) The SLE is the product of the AV and the EF. From the scenario, you know that the AV is $3,000,000 and the EF is 90 percent, based on that the same land can be used to rebuild the facility. This yields an SLE of $2,700,000.
2) This problem requires you to compute the ALE, which is the product of the SLE and the ARO. From the scenario, you know that the ARO is 0.05 (or 5 percent). From question 8, you know that the SLE is $2,700,000. This yields an SLE of $135,000.

Question 22

What element of data categorization management can override all other forms of access control?

Answer 22

Taking Ownership

NOT:
Physical Access
Classification
Custodian

Ownership grants an entity full capabilities and privileges over the object they own. The ability to take ownership is often granted to the most powerful accounts in an operating system because it can be used to overstep any access control limitations otherwise implemented.

Question 23

You are concerned about the risk that an avalanche poses to your $3 million shipping facility. Based on expert opinion, you determine that there is a 5 percent chance that an avalanche will occur each year. Experts advise you that an avalanche would completely destroy your building and require you to rebuild on the same land. Ninety percent of the $3 million value of the facility is attributed to the building, and 10 percent is attributed to the land itself. What is the single loss expectancy of your shipping facility to avalanches?

Answer 23

A: $3,000,000
B: $2,700,000
C: $270,000
D: $135,000

Question 24

Government Data Classificaiton

Answer 24

Top Secret
Secret
Confidential
Unclassified

Question 25

Business / Commercial / Private Data Classification

Answer 25

Confidential / Proprietary --------------------> Top Secret Private------------------------------------------------> Secret Sensitive --------------------------------------------> Confidential Public ------------------------------------------------> Unclassified

Question 26

Multitasking Multicore Multiprocessing Multi-programming

Answer 26

Multitasking -- handles two or more tasks simultaneously Multicore -- multiple CPU on one chip Multiprocessing -- a system with more than 1 cpu Multi-programming -- psudosimultaneous processing two tasks on a single CPU --- OBSOLETE

Question 27

Secondary Memory

Answer 27

Secondary memory is a term used to describe magnetic, optical, or flash media.

Question 28

``` Fault Blackout Sag Brownout Surge Inrush Noise ```

Answer 28

Fault --- momentary loss of power Blackout -- total loss of power Sag -- momentary LOW VOLTAGE Brownout -- prolonged low voltage Surge -- prolonged HIGH voltage Inrush -- initial surge of power that happens when hooking a device up to power source Noise --- steady interferring power disturbance

Question 29

Fire Extinguishers ``` Class: A B C D ```

Answer 29

A = Common Combustibles --> water, soda acid B = Liquid ---> CO2, Halon C = Electronics --> Halon D = Metal --> Dry powder

Question 30

Dynamic RAM | Static RAM

Answer 30

Dynamic RAM uses CAPACITORS Static RAM uses FLIP-FLOPS

Question 31

Relational Databases

Answer 31

Attributes / Field Attribute --> Column in table Each customer would have it's own record, or truple (a row in a table) Number of rows in table = cardinality Number of columns = degree

Question 32

Types of Storage

Answer 32

Primary Memory - RAM Secondary Storage - CD/DVD, flash drives Virtual memory - hard drive Virtual storage - uses RAM but goes away Sequential access storage - Volatile storage - goes away at power off (RAM) Nonvolatile storage - NVRAM

Question 33

Aggregation

Answer 33

Aggregation attacks involve the use of specialized database functions to combine information from a large number of database records to reveal information that may be more sensitive than the information in individual records would reveal.

Question 34

What database technique can be used to prevent unauthorized users from determining classified information by noticing the absence of information normally available to them?

Answer 34

A. Inference B. Manipulation C. Polyinstantiation D. Aggregation Polyinstantiation allows the insertion of multiple records that appear to have the same primary key values into a database at different classification levels.

Question 35

SDLC | Change Management

Answer 35

Procedures to manage change existing apps. Request Control --> request mod, cost/benifit analysis, prioritize tasks Change Control --> re-create situation, analyze change, create & test Release Control --> approve final changes Security Admins: Config Identification Config Control Config Status Accounting Config Audit

Question 36

802. 15 802. 11 802. 3

Answer 36

802. 15 = bluetooth (PAN) 802. 11 = wifi 802. 3 = ethernet

Question 37

What database security feature uses a locking mechanism to prevent simultaneous edits of cells?

Answer 37

``` A. Semantic integrity mechanism B. Concurrency C. Polyinstantiation D. Database partitioning This Answer is Correct ``` Concurrency uses a “lock” feature to allow an authorized user to make changes and then “unlock” the data elements only after the changes are complete. This is done so another user is unable able to access the database to view and/or make changes to the same elements at the same time.

Question 38

Which source of interference is generated by electrical appliances, light sources, electrical cables and circuits, and so on?

Answer 38

A. Cross-talk noise B. Radio frequency interference C. Traverse mode noise D. Common mode noise Radio frequency interference (RFI) is the source of interference that is generated by electrical appliances, light sources, electrical cables and circuits, and so on

Question 39

Which recovery site alternative provides shared resources through contractual leasing options?

Answer 39

A. Cloud services B. Mobile site C. Hot site D. Cold site A cloud service company (previously known by the term service bureau) is an organization that provides online time-leased computer services for a fee.

Question 40

Which database principle ensures that transactions execute in an all-or-nothing fashion? A. Atomicity B. Consistency C. Isolation D. Durability ACID

Answer 40

The atomicity of database transactions requires transaction execution in an all-or-nothing fashion. If any part of the transaction fails, the entire transaction is rolled back.

Question 41

In the Biba model, what rule prevents a user from reading from lower levels of classification? A. Star axiom B. Simple property C. No read up D. No write down

Answer 41

The Biba simple property rule is “no read down.” The Biba star axiom is "no write up". " No read up" is the simple rule for Bell LaPadula. "No write down" is the star rule for Bell LaPadula.

Question 42

If a specific step-by-step guide does not exist that prescribes how to accomplish a necessary task, which of the following is used to create such a document? A. Policy B. Standard C. Procedure D. Guideline

Answer 42

A guideline offers recommendations on how standards and baselines are implemented and serves as an operational guide for both security professionals and users. Guidelines are flexible so they can be customized for each unique system or condition and can be used in the creation of new procedures (i.e., step-by-step guides).

Question 43

A momentary loss of power is what form of power issue? A. Brownout B. Spike C. Sag D. Fault

Answer 43

Fault = short loss of power Brownout = LOW VOLTAGE for prolonged period of time Spike = HIGH VOLTAGE short period Sag = short period of LOW VOLTAGE

Question 44

Tom built a database table consisting of the names, telephone numbers, and customer IDs for his business. The table contains information on 30 customers. What is the degree of this table? A. Two B. Three C. Thirty D. Undefined

Answer 44

The cardinality of a table refers to the number of rows in the table while the degree of a table is the number of columns.

Question 45

Change Management Steps

Answer 45

Change management: 1) Request 2) Impact assessment 3) Approval/Disapproval 4) Build and test 5) Notification 6) Implementation 7) Validation

Question 46

Secure Sockets Layer (SSL) uses a Message Authentication Code (MAC) for what purpose?

Answer 46

integrity

Question 47

Which of the following is not a form of spoofed traffic filtering? A. Block inbound packets whose source address is an internal address B. Block outbound packets whose source address is an external address C. Block outbound packets whose source address is an unassigned internal address D. Block inbound packets whose source address is on a block/black list

Answer 47

Using a block list or black list is a valid form of security filtering; it is just not a form of spoofing filtering.

Question 48

Among the following concepts, which element is not essential for an audit report? A. Audit purpose B. Audit scope C. Audit results D. Audit overview

Answer 48

Audit overview is not essential for an audit report ---> the purpose, scope, and results of an audit are the three primary (and necessary) elements.

Question 49

What security flaw conveys information by writing data to a common storage area where another process can read it? A. Covert timing channel B. Buffer overflow C. Covert storage channel D. Maintenance hook

Answer 49

A covert storage channel conveys information by writing data to a common storage area where another process can read it. Storing data in such a way introduces a security flaw that allows unauthorized users to access the data.