Practice test Flashcards
1
Q
The Brewer-Nash model
A
Chinese wall-Conflicts of interest pertain to accessing company-sensitive information from different companies that are in direct competition with one another
2
Q
The Digital Signature Standard approves three encryption algorithms for use in digital signatures
A
the Digital Signature Algorithm (DSA); the Rivest, Shamir, Adleman (RSA) algorithm; and the Elliptic Curve DSA (ECDSA) algorithm.
3
Q
In the subject/object model of access control, the user or process making the request for a resource is the …..of that request. In this example, Harry is requesting resource access and is, therefore, the subject.
A
subject
4
Q
The use of a sandbox is an example of ……
A
confinement
5
Q
What concept describes the degree of confidence that an organization has that its controls satisfy security requirements
A
Assurance
6
Q
The Simple Integrity Property
A
states that an individual may not read a file classified at a lower security level than the individual’s security clearance.
7
Q
The Trusted Platform Module (TPM)
A
is a hardware security technique that stores an encryption key on a chip on the motherboard and prevents someone from accessing an encrypted drive by installing it in another computer.
8
Q
A preaction fire suppression system activates in two steps.
A
The pipes fill with water once the early signs of a fire are detected. The system does not dispense water until heat sensors on the sprinkler heads trigger the second phase.
9
Q
The *-Security Property
A
The *-Security Property states that an individual may not write to a file at a lower classification level than that of the individual. This is also known as the confinement property
10
Q
The Diffie-Hellman algorithm allows
A
allows for the secure exchange of symmetric encryption keys over a public network.
11
Q
Protection Profiles (PPs) specify the ……… and protections that must be in place for a product to be accepted under the ….
A
security requirements &Common Criteria.
12
Q
……. says that a cryptographic system should be secure even if everything about the system, except the key, is public knowledge.
A
Kerckhoff’s principle
13
Q
The *-Integrity Property
A
states that a subject cannot modify an object at a higher integrity level than that possessed by the subject.
14
Q
Covert channel
A
A method used to pass information over a path not normally used for communication.
15
Q
Time of use:
A
The time at which a subject can access an object.
16
Q
Parameter checking
A
A method that can help prevent buffer overflow attacks.
17
Q
Race condition
A
The exploitation of difference between time of check and time of use.
18
Q
The Ready state is used when
A
a process is prepared to execute but the CPU is not available
19
Q
The Running state
A
is used when a process is executing on the CPU
20
Q
The Waiting state
A
is used when a process is blocked waiting for an external event.
21
Q
The Stopped state is
A
s used when a process terminates
22
Q
EAL1 evaluation assurance level under the Common Criteria
A
EAL1 assurance applies when the system in question has been functionally tested. It is the lowest level of assurance under the Common Criteria.
23
Q
Multistate systems
A
are certified to handle data from different security classifications simultaneously by implementing protection mechanisms that segregate data appropriately.
24
Q
The verification process is similar to the certification process in that it validates security controls
A
Verification may go a step further by involving a third-party testing service and compiling results that may be trusted by many different organizations. Accreditation is the act of management formally accepting an evaluating system, not evaluating the system itself.
25
Process ... ensures that any behavior will affect only the memory and resources associated with a process.
isolation
26
Class A fire extinguishers
are useful only against common combustible materials
27
Class B extinguishers are
are for liquid fires.
28
Class C extinguishers
are for electrical fires
29
Class D fire extinguishers
are for combustible metals.
30
The TEMPEST program
reates technology that is not susceptible to Van Eck phreaking attacks because it reduces or suppresses natural electromagnetic emanations.
31
Trusted Computing Base
is a small subset of the system contained within the kernel that carries out critical system activities.
32
What physical security control broadcasts false emanations constantly to mask the presence of true electromagnetic emanations from computing equipment
White noise
33
Multithreading
permits multiple tasks to execute concurrently within a single process. These tasks are known as threads and may be alternated between without switching processes.
34
Heartbeat sensors
send periodic status messages from the alarm system to the monitoring center. The monitoring center triggers an alarm if it does not receive a status message for a prolonged period of time, indicating that communications were disrupted.
35
Soda acid and other dry powder extinguishers work to remove the....
fuel supply
36
While halon and carbon dioxide remove the ... supply from a fire.
oxygen
37
The of a ....of the limits set on the memory addresses and resources that the process may access.
bounds
38
..... motion detectors monitor the electromagnetic field in a monitored area, sensing disturbances that correspond to motion.
Capacitance
39
The ...... is responsible for coordinating access to physical hardware and enforcing isolation between different virtual machines running on the same physical platform
hypervisor
40
The ...model of composition theory occurs when one system provides input for a second system and then the second system provides input for the first system. This is a specialized case of the cascading model, so the feedback model is the most appropriate answer.
feedback
41
Data center humidity should be maintained between ...and .... Values below this range increase the risk of static electricity, while values above this range may generate moisture that damages equipment.
40% and 60%
42
......uses a black box approach to hide the implementation details of an object from the users of that object.
Abstraction
43
Capability tables list the ......assigned to subjects and identify the objects that ...... can access
privileges subjects
44
Access control lists....
are object-focused rather than subject-focused.
45
OAuth
is used to log into third-party websites using existing credentials
46
During the Kerberos authentication process, the steps take place in the following order
```
E. User provides authentication credentials
C. Client/TGS key generated
B. TGT generated
A. Client/server ticket generated
D. User accesses service
```
47
A .......is a transitive trust between parts of a domain tree or forest that shortens the trust path
shortcut trust
48
a .......is a transitive trust between two forest root domains,
forest trust
49
an ... is a nontransitive trust between AD domains in separate forests.
external trust
50
Kerberos, Active Directory Federation Services (ADFS), and Central Authentication Services (CAS) are all ....implementations
SSO
51
When the owner of a file makes the decisions about who has rights or access privileges to it, they are using .......access control
discretionary
52
....controls would grant access based on a subject’s role
Role-based access
53
..... access controls apply a fixed set of rules to an environment to manage access. .... access controls include rule-, role-, and lattice-based access controls.
Nondiscretionary
54
Mandatory access control systems are based on a ......
lattice-based model.
55
..... is an AAA protocol used to provide authentication and authorization; it’s often used for modems, wireless networks, and network devices
RADIUS
56
.... is the Extensible Authentication Protocol, an authentication framework often used for wireless networks.
EAP
57
........access controls match permissions to resources like a storage volume. Resource-based access controls are becoming increasingly common in cloud-based infrastructure as a service environments
Resource-based
58
By default, RADIUS uses ...... and only encrypts passwords. RADIUS supports TCP and TLS, but this is not a default setting
UDP
59
.... occurs when users retain from roles they held previously rights they do not need to accomplish their current job
Privilege creep
60
...... occur when two or more processes need to access the same resource in the right order.
Race conditions
61
..... is a CPU architecture feature that allows the use of otherwise unused cycles,
out-of-order execution
62
The stored sample of a biometric factor is called a .......
reference profile or a reference template
63
......., is an XML-based language designed to allow platforms to generate and respond to provisioning requests
Service Provisioning Markup Language, or SPM
64
... is used to make authorization and authentication data
SAML
65
..... is used to describe access controls.
XACML
66
.... is a messaging protocol and could be used for any XML messaging but is not a markup language itself
SOAP, or Simple Object Access Protocol,
67
..... series of standards covers directory services.
The X.500
68
By default, in what format does OpenLDAP store the value of the user Password attribute
In the clear
69
....errors occur when a valid subject is not authenticated
Type 1
70
... errors occur in biometric systems when an invalid subject is incorrectly authenticated as a valid user
Type 2
71
....is the process of determining what a user is allowed to do
Authorization
72
When you input a username and password, you are ..... yourself by providing a unique identifier and a verification that you are the person who should have that identifier (the password)
authenticating
73
...... is the eXtensible Access Control Markup Language, not a type of attack
XACML
74
......... authentication relies on facts or data that the user already knows that can be used to create questions they can answer on an as-needed basis (for example, a previous address, or a school they attended).
Dynamic knowledge-based
75
......... relies on an alternate channel like a phone call or text message
Out-of-band identity proofing
76
.....authentication factors are biometric, or “something you are,” rather than knowledge based.
Type 3
77
.... are procedures and the policies from which they derive. They are based on regulations, requirements, and the organization’s own policies.
Administrative access controls
78
.... access controls return an environment to its original status after an issue
Corrective
79
.... are technical access controls that rely on hardware or software to protect systems and data.
Logical controls
80
...controls are used in addition to or as an alternative to other controls
Compensating
81
...... is a table that lists objects, subjects, and their privileges.
An access control matrix
82
..... focus on objects and which subjects can access them
Access control lists
83
...list subjects and what objects they can access.
Capability tables
84
..... supports TLS over TCP. ....does not have a supported TLS mode over
RADIUS
85
Verifying information that an individual should know about themselves using third-party factual information (a ....) is sometimes known as dynamic knowledge-based authentication
Type 1 authentication factor
86
Type 2 authentication factor
something u have
87
... is a federated identity solution designed to allow web-based SSO
Shibboleth
88
.....is a federated identity solution designed to allow web-based SSO
Shibboleth
89
.... is an open-source project designed to provide users with control over the release of their identity information.
Higgins
90
..... typically require a challenge to be entered on the token to allow it to calculate a response, which the server compares to the response it expects.
Asynchronous tokens
91
....., such as Google Authenticator, use a time-based algorithm that generates a constantly changing series of codes
Synchronous soft tokens
92
.... for LDAP provides support for a range of authentication types, including secure methods
The Simple Authentication and Security Layer (SASL)
93
.... controls help cover for issues with primary controls or improve them
Compensation
94
..... which is used to return operations to normal function after a failure.
recovery control,
95
.... testing modifies a program in small ways and then tests that mutant to determine if it behaves as it should or if it fails. This technique is used to design and test software tests through mutation
Mutation
96
... code analysis and regression testing are both means of testing code, whereas code auditing is an analysis of source code rather than a means of designing and testing software tests.
Static
97
....are document-based artifacts like policies or designs,
Specifications
98
...are actions that support an information system that involves people,
activities
99
an .......is one or more people applying specifications, mechanisms, or activities.
individual
100
A .... or ... box penetration test provides all of the information an attacker needs,
crystal
101
A .... or ... box penetration test provides all of the information an attacker needs,
crystal
102
WPA2 enterprise uses ...... authentication for users rather than a preshared key.
RADIUS
103
.... is used to ensure that software modules properly meet interface specifications and thus will properly exchange data.
Interface testing
104
.... tests software in a running environment
Dynamic testing
105
.....fuzzing relies on models for application input and conducts fuzzing attacks based on that information
Generational
106
... based fuzzers are sometimes called “dumb” fuzzers because they simply mutate or modify existing data samples to create new test samples.
Mutation
107
.... logs are used in troubleshooting specific software packages as they perform their functions
trace
108
...., also often called network flows, are captured to provide insight into network traffic for security, troubleshooting, and performance management.
Flows
109
....ogging provides information about events on the routers
Audit
110
A .......is often used to provide insight into how well testing covered the set of use cases that an application is being tested for.
test coverage analysis
111
Testing how a system could be ....., focuses on behaviors that are not what the organization desires or that are counter to the proper function of a system or application
misused, or misuse testing
112
..... is used to verify whether a desired functionality works.
Use case testing
113
....is used to determine how code handles variables that change over time
Dynamic testing
114
...... uses emulated or recorded transactions to monitor for performance changes in response time, functionality, or other performance monitors
Synthetic monitoring
115
...... uses a span port or other method to copy traffic and monitor it in real time.
Passive monitoring
116
....... is a passive monitoring technique that records user interaction with an application or system to ensure performance and proper application behavior.
Real user monitoring (RUM)
117
.... can help identify rogue devices by capturing MAC address vendor
Passive scanning
118
.... which is a type of functional or unit testing, tests to ensure that changes have not introduced new issues
Regression testing,
119
... testing checks to see whether a change has had the effect it was supposed to,
Nonregression
120
...focuses on simple problems with impact on critical functionality
smoke testing
121
......a vulnerability is a commonly used key performance indicator for security teams
Time to remediate
122
..... measures how long a packet can exist in hops,
Time to live
123
..... is a measure used to determine how important a service or system is to an organization
business criticality
124
...... are used to measure how effective code testing is
coverage rates
125
...... are used to measure how effective code testing is
coverage rates
126
...... are all important to test when performing software testing
Application programming interfaces (APIs), user interfaces (UIs), and physical interfaces
127
....is used to describe the security condition of a system
The Open Vulnerability and Assessment Language (OVAL)
128
........is used to create security checklists in a standardized fashion.
The Extensible Configuration Checklist Description Format (XCCDF)
129
......is titled “Assessing Security and Privacy Controls in Federal Information Systems and Organizations: Building Effective Assessment Plans,” and covers methods for assessing and measuring controls.
NIST SP 800-53A
130
..... is an introduction to computer security
NIST 800-12
131
... covers contingency planning,
800-34
132
....is the “Guide to Integrating Forensic Techniques into Incident Response.
800-86
133
.... is a detailed code review that steps through planning, overview, preparation, inspection, rework, and follow-up phases.
Fagan testing
134
..... involves testing system or application components to ensure that they work properly together.
Interface testing
135
......... component of SCAP provides a consistent way to refer to operating systems and other system components
The Common Platform Enumeration (CPE)
136
.......helps describe the root causes of software flaws
The Common Weaknesses Enumeration (CWE) component
137
..... standardizes steps of the vulnerability assessment process.
The Open Vulnerability and Assessment Language (OVAL)
138
Windows defines five types of events: ..., which indicate a significant problem; ... which may indicate future problems;.., which describes successful operation; ..., which record successful security accesses; and ....audits, which record failed security access attempts.
errors,warnings, information,success audits,failure
139
...coverage tests verify that every line of code was executed during the test.
Statement
140
... verifies that every if statement was executed under all if and else if conditions
Branch coverage
141
....coverage verifies that every logical test in the code was executed under all sets of inputs.
Condition
142
...coverage verifies that every function in the code was called and returns results.
Function
143
... is the process of reviewing code without running it.
Static analysis
144
...... use language beyond typical use case diagrams, including threatens and mitigates
Misuse case diagrams
145
....are the documents associated with the system being audited. .... generally include policies, procedures, requirements, and designs.
Specifications
146
.... is a description of the level of interaction between objects
Coupling
147
....is the strength of the relationship between the purposes of methods within the same class.
Cohesion
148
...... attacks exploit the trust that sites have in a user’s browser by attempting to force the submission of authenticated requests to third-party sites.
Cross-site request forgery (XSRF or CSRF)
149
.... summarize large amounts of data and provide only summary information as a result. When carefully crafted... may unintentionally reveal sensitive information.
Aggregate functions
150
.... summarize large amounts of data and provide only summary information as a result. When carefully crafted... may unintentionally reveal sensitive information.
Aggregate functions
151
.... ensures that records exist in a secondary table when they are referenced with a foreign key from another table. Foreign keys are the mechanism used to enforce ....
Referential integrity
152
.... ensures that records exist in a secondary table when they are referenced with a foreign key from another table. Foreign keys are the mechanism used to enforce ....
Referential integrity
153
....l ensures that changes to software versions are made in accordance with the change and .....
Configuration contro
154
... is a security issue that arises when a collection of facts has a higher classification than the classification of any of those facts standing alone
Aggregation
155
An ....problem occurs when an attacker can pull together pieces of less sensitive information and use them to derive information of greater sensitivity
inference
156
....configuration may be appropriate in this case. In this configuration, the firewall would continue to pass traffic without inspection while it is restarting. This would minimize downtime, and the traffic would still be protected by the other security controls described in the scenario
A fail open
157
... that user-supplied input does not violate security conditions and is the most effective defense against cross-site scripting attacks.
Input validation verifies
158
... is a form of input validation, but it is used to ensure that numeric input falls within an acceptable range and is not applicable against cross-site scripting attacks
Bounds checking
159
... requires that once a transaction is committed to the database it must be preserved
Durability
160
.... ensures that if any part of a database transaction fails, the entire transaction must be rolled back as if it never occurred.
Atomicity
161
... ensures that all transactions are consistent with the logical rules of the database, such as having a primary key.
Consistency
162
....reviews are often done via email or using a central code review system, allowing developers to review code asynchronously.
Pass around
163
is a formal review process that would involve both the developer and a team to review the code using a formal process.
Fagan inspection
164
....occur when one transaction writes a value to the database that overwrites a value needed by transactions that have earlier precedence, causing those transactions to read an incorrect value.
Lost updates
165
...occur when one transaction reads a value from a database that was written by another transaction that did not commit
Dirty reads
166
....charts use nodes to represent milestones or deliverables and then show the estimated time to move between milestones
PERT
167
..... use a different format with a row for each task and lines showing the expected duration of the task.
Gantt charts
168
...... structures are an earlier deliverable that divides project work into achievable tasks. Wireframe diagrams are used in web design.
Work breakdown
169
........ is performed after developers make changes to an application. It reruns a number of test cases and compares the results to baseline results. Orthogonal array testing is a method for generating test cases based on statistical analysis
Regression testing
170
... uses records of past software bugs to inform the analysis
Pattern testing
171
....develops a matrix of all possible inputs and outputs to inform the test plan.
Matrix testing
172
....testing is a method for generating test cases based on statistical analysis
Orthogonal array
173
.....attacks may take advantage of the use of reflected input in a web application where input provided by one user is displayed to another user.
Cross-site scripting (XSS)
174
....nti-malware software has a higher likelihood of detecting a zero-day exploit than signature-based methods. Heuristic-based software does not require frequent signature updates because it does not rely upon monitoring systems for the presence of known malware. The trade-off with this approach is that it has a higher false positive rate than signature detection methods.
Heuristic-based a
175
..... store is an example of a NoSQL database that does not follow a relational or hierarchical model like traditional databases. A graph database is another example of a NoSQL database, but it uses nodes and edges to store data rather than keys and values.
A key-value
176
... approach prevents any activity from taking place during a system security failure and is the most conservative approach to failure management.
The fail closed
177
.... allows the storage of multiple different pieces of information in a database at different classification levels to prevent attackers from inferring anything about the absence of information
Polyinstantiation
178
....viruses use multiple propagation mechanisms to spread between systems. This improves their likelihood of successfully infecting a system because it provides alternative infection mechanisms that may be successful against systems that are not vulnerable to the primary infection mechanism.
Multipartite
179
A .....is a false vulnerability in a system that may attract an attacker
pseudoflaw
180
A ..... is a segment of unused network address space that should have no network activity and, therefore, may be easily used to monitor for illicit activity
darknet
181
......separates the control plane from the data plane.
Software-defined networking
182
..... contain an entry for every network communication session that took place on a network and can be compared to a list of known malicious hosts.
netflow
183
is used to ensure that one person does not obtain two privileges that would create a potential conflict
segregation of duties
184
...... is a term used to describe the unintentional accumulation of privileges over time, also known as privilege creep
Aggregation
185
... performs four functions. One of those, write blocking, intercepts write commands sent to the device and prevents them from modifying data on the device. The other three functions include returning data requested by a read operation, returning access-significant information from the device, and reporting errors from the device back to the forensic host.
A forensic disk controller
186
The ....on will then copy all files modified since the last full backup.
differential backup
187
..... framework focuses on IT service management.
The IT Infrastructure Library (ITIL)
188
....provides a common core of project management expertise
The Project Management Body of Knowledge (PMBOK)
189
.... focuses on IT architecture issues.
The Open Group Architecture Framework (TOGAF)
190
An attack committed against an organization by an insider, such as an employee, is known as ...
sabotage.
191
... identifies the maximum amount of data, measured in time, that may be lost during a recovery effort
The recovery point objective (RPO)
192
.... environment, the vendor is responsible for hardware- and network-related responsibilities. These include configuring network firewalls, maintaining the hypervisor, and managing physical equipment. The customer retains responsibility for patching operating systems on its virtual machine instances.
In an infrastructure as a service
193
.... environment, the vendor is responsible for hardware- and network-related responsibilities. These include configuring network firewalls, maintaining the hypervisor, and managing physical equipment. The customer retains responsibility for patching operating systems on its virtual machine instances.
In an infrastructure as a service
194
.... is the set of systems that could cause a collision if they transmitted at the same time.
A collision domain
195
..... protocols use metrics including the direction and distance in hops to remote networks to make decisions. ....routing protocol considers the shortest distance to a remote network
Distance-vector,A link-state
196
.... is a distributed denial-of-service attack (DDoS) that spoofs a victim’s IP address to systems using an IP broadcast, resulting in traffic from all of those systems to the target.
Smurf attack
197
.... is a distributed denial-of-service attack (DDoS) that spoofs a victim’s IP address to systems using an IP broadcast, resulting in traffic from all of those systems to the target.
Smurf attack
198
...... can operate at speeds over 200 Mbps, and it can operate on both the 2.4 and 5 GHz frequency range. .. ..operates at 54 Mbps using the 2.4 GHz frequency range, and ... is capable of 1 Gbps using the 5 GHz range. 802.11a and b are both outdated and are unlikely to be encountered in modern network installations.
802.11n,802.11g,802.11ac
199
...... can operate at speeds over 200 Mbps, and it can operate on both the 2.4 and 5 GHz frequency range. .. ..operates at 54 Mbps using the 2.4 GHz frequency range, and ... is capable of 1 Gbps using the 5 GHz range. 802.11a and b are both outdated and are unlikely to be encountered in modern network installations.
802.11n,802.11g,802.11ac
200
802.1x provides ...... authentication and can be used with technologies like EAP, the Extensible Authentication Protocol. 802.11a is a wireless standard, 802.3 is the standard for Ethernet, and 802.15.1 was the original Bluetooth IEEE standard.
port-based,
201
SPIT stands for Spam over Internet Telephony and targets ....
VoIP systems.
202
SPIT stands for Spam over Internet Telephony and targets ....
VoIP systems.
