Sunflower PDF Flashcards

Question

What are network and protocal security mechanisms

Answer 1

everything we just reviewed

Answer 2

Frame Relay, SMDS, SDH, SONET, X.25, ATM, SDLC, HDLC, ISDN

Answer 3

Frame relay requires the use of a DTE and a DCE at each connection point. PVC is always available; SVC is established using the best paths currently available.

Answer 4

Radius, Diameter, Tacacs, Tacacs+

Answer 5

A process that protects the contents of packets by encapsulating them in another protocol. This creates the logical illusion of a communications tunnel through an untrusted intermediary network.

Answer 6

A virtual private network (VPN) is a communication tunnel that provides point-to-point transmission of both authentication and data traffic over an intermediary network.

Answer 7

PPTP, L2TP, SSH, and IPsec (Note: SSL/TLS is a valid VPN protocol as well, but it’s not necessarily recognized on the exam as such.)

Answer 8

In transport mode, the IP packet data is encrypted, but the header is not. In tunnel mode, the entire IP packet is encrypted, and a new header is added to govern transmission through the tunnel.

Answer 9

Network Address Translation (NAT) allows the private IP addresses defined in RFC 1918 to be used in a private network while still being able to communicate with the Internet.

Answer 10

A characteristic of a service, security control, or access mechanism that ensures it is unseen by users

Answer 11

Nonrepudiation, access control, message integrity, source authentication, verified delivery, acceptable use policies, privacy, management, and backup and retention policies

Answer 12

S/MIME, MOSS, PEM, and PGP

Answer 13

Always err on the side of caution whenever communications are odd or unexpected. Always request proof of identity. Identify what information can be conveyed via voice communications by classifying the information. Never change passwords over the phone.

Answer 14

Denial of service, eavesdropping, impersonation, replay, and modification

Answer 15

Maintaining physical access security, using encryption, employing one-time authentication methods

Answer 16

The modification of ARP mappings. When ARP mappings are falsified, packets are not sent to their proper destination. ARP mappings can be attacked through spoofing. Spoofing provides false MAC addresses for requested IP addressed systems to redirect traffic to alternate destinations.

Answer 17

Prevention of unauthorized intrusion, knowledge that information deemed personal or confidential won’t be shared with unauthorized entities, freedom from being observed without consent

Answer 18

Identification, authentication, authorization, and auditing

Answer 19

Nonrepudiation prevents a subject from claiming not to have sent a message, not to have performed an action, or not to have been the cause of an event. Prevents masquerading

Answer 20

Layering is the use of multiple controls in a series. The use of a multilayered solution allows for numerous controls to be brought to bear against whatever threats occur.

Answer 21

Abstraction is used to collect similar elements into groups, classes, or roles that are assigned security controls, restrictions, or permissions.

Answer 22

Data hiding is preventing data from being known by a subject. Keeping a database from being accessed by unauthorized visitors is a form of data hiding.

Answer 23

A mechanism used to systematically manage change. Typically, it involves extensive logging, auditing, and monitoring of activities related to security controls and security solutions.

Answer 24

Implementation of changes in an orderly manner, formalized testing, ability to reverse changes, ability to inform users of changes, systematical analysis of changes, minimization of negative impact of changes

Answer 25

Data classification is the primary means by which data is protected based on categories of secrecy, sensitivity, or confidentiality.

Answer 26

Usefulness, timeliness, value or cost, maturity or age, lifetime or expiration period, disclosure damage assessment, modification damage assessment, national or business security implications, storage

Answer 27

Top secret, secret, confidential, sensitive, and unclassified

Answer 28

Confidential, private, sensitive, public

Answer 29

Have at least one witness; escort terminated employee off the premises immediately; collect identification, access, or security devices; perform exit interview; disable network account

Answer 30

The data owner is responsible for classifying information for protection within the security solution.

Answer 31

The data custodian is assigned the tasks of implementing the prescribed protection defined by the security policy and upper management.

Answer 32

The auditor is responsible for testing and verifying that the security policy is properly implemented and the derived security solutions are adequate.

Answer 33

Policies, standards, baselines, guidelines, and procedures

Answer 34

Analyzing an environment for risks, evaluating each risk as to its likelihood and damage, assessing the cost of countermeasures, and creating a cost/benefit report to present to upper management

Answer 35

Cost of purchase, development, maintenance, acquisition, and protection; value to owners/users/competitors; equity value; market valuation; liability of asset loss; and usefulness

Answer 36

Quantitative risk analysis assigns real dollar figures to the loss of an asset. Qualitative risk analysis assigns subjective and intangible values to the loss of an asset.

Answer 37

Reduce/mitigate, assign/transfer, accept, or reject/deny

Answer 38

Once countermeasures are implemented, the risk that remains is known as residual risk. Residual risk is the risk that management has chosen to accept rather than mitigate.

Answer 39

The amount of risk an organization would face if no safeguards were implemented. A formula for total risk is threats * vulnerabilities * asset value = total risk.

Answer 40

The difference between total risk and residual risk. The controls gap is the amount of risk that is reduced by implementing safeguards.

Answer 41

Awareness, training, and education

Answer 42

A strategic plan is a long-term plan that is fairly stable. The tactical plan is a midterm plan that provides more details. Operational plans are short term and highly detailed.

Answer 43

One - A primary key is a key which has been chosen to be the principal (or primary) representative attribute for that row of data. The primary key is unique and that attribute is then used throughout the database and is accessed and passed around to other tables as the representative attribute for the data in question. In practice, the primary key attribute is also marked as NOT NULL in most databases, meaning that attribute must always contain a value for the record to be inserted into the table.

Answer 44

Foreign key

Answer 45

Polyinstantiation

Answer 46

Certification and accreditation

Answer 47

Site accreditation

Answer 48

Dedicated security mode

Answer 49

Delete the file, disinfect the file, or quarantine the file.

Answer 50

Polymorphic virus

Answer 51

In the /etc/shadow file, much older systems may still use /etc/passwd.

Answer 52

32BRAIDS | 3DES, 2fish, Blowfish, RC4-6, AES, IDEA, DES, Serpent

Answer 53

DEERQ | Diffe-Hellman, ElGamal, Elliptic curve, RSA, Quantum

Answer 54

SYN, SYN/ACK, ACK

Answer 55

It sends overlapping packet fragments to the victim machine. A teardrop attack is a denial-of-service (DoS) attack that involves sending fragmented packets to a target machine. Since the machine receiving such packets cannot reassemble them due to a bug in TCP/IP fragmentation reassembly, the packets overlap one another, crashing the target network device.

Answer 56

Trap door (or back door) or maintenance hook

Answer 57

1 XOR 1 = 0 1 XOR 0 = 1 0 XOR 0 = 0

Answer 58

One-way function also a hash hashes are also known as the following: message digest, hash value, hash total, CRC, fingerprint, checksum, and digital ID

Answer 59

Obscure the meaning of a message

Answer 60

False - Code Words and help provide the meaning of a message

Answer 61

Simple substitution

Answer 62

A cryptosystem should be secure even if everything about the system, except the key, is public knowledge. -- Auguste Kerckhoffs

Answer 63

56 bits (8bits are used for parity (error correcting)

Answer 64

``` International Data Encryption Algorithm Block cipher and free for public use 128-bit key 64-bit block used in PGP Intended as a replacement for DES ```

Answer 65

Advanced Encryption Standard or Rijndael 128, 192, 256-bit key, 128-bit block first and only publicly accessible cipher approved by the US NSA for top secret information

Answer 66

Key exchange

Answer 67

``` Hashed Message authentication code implements a partial digital signature - it guarantees the integrity of a message during transmission. It does not provide nonrepudiation HMAC-SHA256 ... Variable Hash value length adds Authentication and Integrity ```

Answer 68

DSA - Digital Signature Algorithm RSA - Rivest-Shamir-Adleman ECDSA - Elliptic Curve Digital Signature Algorithm Think Asymmetric Encryption Algorithms

Answer 69

Enrollment

Answer 70

Certificate authorities (CAs)

Answer 71

Privacy Enhanced Mail - An email encryption mechanism that provides authentication, integrity, confidentiality, and nonrepudiation. PEM is a layer 7 protocol

Answer 72

Secure Hypertext Transfer Protocol (S-HTTP) - encrypts only the served page data and submitted data like POST fields, this leaving the initiation of the protocol unchanged. Port 80 since headers are unencypted Hypertext Transfer Protocol Secure (HTTPS) - Provides authentication and integrity using SSL/TLS encryption on port 443.

Answer 73

Secure Electronic Transaction - a communications protocol standard for securing credit card transactions over networks. A set of security protocols and formats that enabled users to employ the existing credit card payment infrastructure on an open network in a secure fashion. Cryptographic methods used: RSA public key cryptography and DES private key cryptography in connection with digital certificates

Answer 74

Authentication Header (AH), Encapsulating Security Payload (ESP), IP Payload Compression protocol (IPComp), and Internet Key Exchange (IKE)

Answer 75

Replay attack

Answer 76

The certificate was compromised, the certificate was erroneously issued, the certificate details changed, the private key was exposed, or there was a change of security association.

Answer 77

Asymmetric

Answer 78

technology allows multiple users to make use of the same process without interfering with each other. The ability of a CPU to provide multiple threads of execution concurrently sharing the resources of a single core. parallel execution

Answer 79

Concurrent execution of multiple tasks (or processes). This is not parrallel execution.

Answer 80

using 2 or more CPUs (not cores)

Answer 81

System mode, privileged mode, supervisory mode, and kernel mode. Ring 0

Answer 82

When the CPU needs information from one of its registers to complete an operation.

Answer 83

Not a memory addressing scheme but a way of referring to data that is supplied to the CPU as part of an instruction

Answer 84

CPU is provided with an actual address of the memory location to access

Answer 85

The memory address supplied to the CPU as part of the instruction doesn't contain the actual value that the CPU is to use as an operand.

Answer 86

uses a value stored in one of the CPU's registers as the base location from which to begin counting. CPU than adds the offset supplied with the instruction to that base address and retrieves the operand from the computer memory location

Answer 87

Read only memory. PC cannot change once written

Answer 88

Programmable read-only memory. Similar to a ROM chip but allows the end user to "burn in the chip's content at a later date." Once burned in no further changes are possible

Answer 89

Erasable Programmable Read-Only Memory - 2 subcategories UVEPROM and EEPROM UVEPROM - Ultraviolet EPROMs can be erased with a light. EEPROM - Electronically EPROM - Uses electric voltages delivered to the pins of the chip to force erasure.

Answer 90

Write Once Read Many

Answer 91

Also known as main memory or primary memory is typically the largest RAM storage resource available to a computer and normally composed of DRAM chips.

Answer 92

Fastest and closest memory to the CPU. Can be referenced as Registers

Answer 93

CPU onboard memory. All data used by the ALU must be loaded in to a register. It is part of the ALU

Answer 94

quality of information, which could cause harm or damage if disclosed

Answer 95

Act of decision where an operator can influence or control disclosure in order to minimize harm or damage

Answer 96

The level to which information is mission critical is its measure of criticality.

Answer 97

Act of hiding or preventing disclosure.

Answer 98

act of keeping something a secret or preventing the disclosure of information

Answer 99

keeping information confidential that is personally identifiable or that might cause harm, embarrassment, or disgrace to someone if revealed.

Answer 100

Storing something in an out-of-the-way location

Answer 101

Act of keeping something separated from others

Answer 102

Sensitivity, Discretion, Criticality, Concealment, Secrecy, Privacy, Seclusion. Isolation

Answer 103

Accuracy, Truthfulness, Authenticity, Validity, Nonrepudiation, Accountability, Responsibility, Completeness, Comprehensiveness

Answer 104

Being correct and precise

Answer 105

Being a true reflection of reality

Answer 106

Being authentic or genuine

Answer 107

Being factually or logically sound

Answer 108

Not being able to deny having performed an action or activity or being able to verify the origin of a communication or event

Answer 109

Being responsible or obligated for actions and results

Answer 110

having all needed and necessary components or parts

Answer 111

Being complete in scope; the full inclusion of all needed elements

Answer 112

Usability, Accessibility, Timeliness

Answer 113

The state of being easy to use or learn or being able to be understood and controlled by a subject

Answer 114

Assurance that the widest range of subjects can interact with a resource regardless of their capabilities or limitations

Answer 115

Being prompt, on time, within a reasonable time frame, or providing low-latency response

Answer 116

Claiming to be an identity when attempting to access a secured area or system

Answer 117

Proving that you are the identity (password, pin, ...)

Answer 118

Defining the permissions (allow/grant or deny) of a resource and object access for a specific identity

Answer 119

Recording of log of the events and activities related to the system and subjects

Answer 120

AKA Accountability Reviewing logs files to check for compliance and violations in order to hold subjects accountable for their actions

Answer 121

Also known as defense in depth. key concepts Abstraction, Data hiding, Encryption

Answer 122

Use for efficiency. Similar elements are put into groups, classes, or roles that are assigned security controls, restrictions, or permission as a collective.

Answer 123

Preventing data from being discovered or accessed. Act of intentionally positioning data so that it is not viewable or accessible to an unauthorized subject.

Answer 124

art and science of hiding the meaning or intent of a communications from unintended recipients

Answer 125

The collection of practices related to supporting defining, and directing the security efforts of an organization. The implementation of a security solution and a management method that are tightly interconnected. Security needs to be managed and governed throughout the organizations, not just in the IT department. NIST 800-53, 800-100

Answer 126

Top-down - Senior management is responsible for initiating and defining policies for the organization. Middle management to flesh out the security policy into standards, baselines, guidelines, and procedures. Operational managers or security professionals must then implement the configurations prescribed in the security management documentation and end users must comply with all the security policies of the organization

Answer 127

Senior management must approve.

Answer 128

Long term 5 years that is stable

Answer 129

midterm - 1 year- provides more details on accomplishing the goals set forth in the strategic plan or can be crafted ad hoc based upon unpredicted events.

Answer 130

Short-term, highly detailed plan based on the strategic and tactical plans. Only useful or valid for a short time.

Answer 131

Needs to address every aspect of an organization this includes the organizational processes of acquisitions, divestitures, and governance committees.

Answer 132

is to ensure that any change does not lead to reduced or compromised security

Answer 133

1) Implement changes in a monitored or orderly manner. 2) Formalized testing process is included to verify that a change produces expected results. 3) All changes can be reversed (backout or rollback) 4) Users are informed of changes before they occur to prevent loss of productivity 5) effects of changes are systematically analyzed to determine whether security or business processes are negatively affected. 6) Negative impact of changes on capabilities, functionality, and performance is minimized 7) Changes are reviewed and approved by a change advisory board (CAB)

Answer 134

Primary means by which data is protected based on its need for secrecy, sensitivity, or confidentiality

Answer 135

required once an asset no longer warrants or needs the protection of its currently assigned classification or sensitivity level.

Answer 136

drastic effects and cause grave damage to national security

Answer 137

significant effects and cause critical damage to national security

Answer 138

noticeable effects and cause serious damage to national security

Answer 139

used for data that is neither sensitive nor classified.

Answer 140

U.S. Can Stop Terrorism U - Unclassified S - Sensitive ...

Answer 141

Extremely sensitive and for internal use only

Answer 142

personal nature and intended for internal use only

Answer 143

Negative impact could occur for the company if disclosed

Answer 144

lowest used for data that does not fit in Sensitive, Private or Confidential

Answer 145

People Should Prevent Communism P - Public S - Sensitive ...

Answer 146

Trained and experienced network, system, and security engineer. functional responsibility for security, including writing the security policy and implementing it. Often filled by a team that is responsible for designing and implementing security solutions based on the approved security policy.

Answer 147

responsible for classifying information. typically a high-level manager

Answer 148

implementing the prescribed protection defined by the security policy and senior management

Answer 149

any person who has access to the secured system

Answer 150

Reviewing and verifying that the security policy is properly implemented and the derived security solution are adequate

Answer 151

COBIT, Open Source Security Testing methodology Manual (OSSTMM), ISO/IEC 27002 (replaced ISO 17799), Information Technology Infrastructure Library (ITIL)

Answer 152

Documented set of best IT security practices crafted by the Information systems Audit and Control Association (ISACA). Principle 1: Meeting stake holder needs P 2: Covering Enterprise End to End P 3: Applying a single, Integrated Frame work P 4: Enabling a Holistic Approach P 5: Separating Governance from Management

Answer 153

Peer reviewed guide for the testing and analysis of a security infrastructure

Answer 154

International and replaced ISO 17799 the basis of implementing organizational security and related management practices

Answer 155

Initially crafted by the British government, set of recommended best practices for core IT security and operational processes and is often used as a starting point for crafting of a customized IT security solution.

Answer 156

Using reasonable care to protect the interests of an organization. The Action

Answer 157

Practicing the activities that maintain the due care effort. Research

Answer 158

showing both due care and due diligence is the only way to disprove negligence in an occurrence of loss.

Answer 159

Focuses on issues relevant to every aspect of an organization.

Answer 160

Required whenever industry or legal standard are applicable to your organization

Answer 161

Discusses behaviors and activities that are acceptable and defines consequences of violations

Answer 162

is designed to provide information or knowledge about a specific subject, such as company goals, mission statements, or how the organization interacts with partners and customers

Answer 163

Must! Define compulsory requirements for the homogeneous use of hardware, software, technology, and security controls. They provide a course of action by which technology and procedures are uniformly implemented throughout an organization.

Answer 164

Minimum level of security that every system throughout the organization must meet. Operationally focused . Goals of the security policy and requirements of the standards and defines them specifically. Used to compare IT systems

Answer 165

offers recommendations on how standards and baselines are implemented and serves as an operational guide for both security professionals and users.

Answer 166

Step by step document describes actions to implement a specific security mechanism, control, or solution.

Answer 167

Implement security at each stage of a product's development.

Answer 168

Secure by Design, Secure by Default, Secure in Deployment and Communication.

Answer 169

Takes place during the early stages of systems development, specifically during initial design and specifications.

Answer 170

takes place after a product has been created and deployed.

Answer 171

Focused on Assets - identify threats to the valuable assets. Focused on Attackers - Identify Potential attackers and identify the threats they represent base on attack goals Focused on Software - Identify Potential threats against the software.

Answer 172

``` Threat categorization scheme developed by Microsoft. Spoofing Tampering Repudiation Information disclosure Denial of Service Elevation of Privilege ```

Answer 173

Process of Attack Simulation and Threat Analysis. Risk centric 7 stage threat modeling methodology. Stage 1: Definition of the Objectives (DO) for the Analysis of Risks Stage 2: Definition of the Technical Scope (DTS) Stage 3: Application Decomposition and Analysis (ADA) 4: Threat Analysis (TA) 5: Weakness and Vulnerability Analysis (WVA) 6: Attack Modeling & Simulation (AMS) 7: Risk Analysis & Management (RAM)

Answer 174

Risk-based threat modeling methodology approach. a method of performing a security audit in a reliable and repeatable procedure.

Answer 175

Visual, Agile, and Simple Threat Threat modeling concept based on Agile project management and Programming principles. Goal is to integrate threat and risk management into an Agile Programming environment on a scalable basis.

Answer 176

Damage potential, Reproducibility, Exploitability, Affected users, Discoverability. Qualitative and flexible rating solution for Prioritizing and Responding to risk

Answer 177

The type and extent of access the position requires on the secured network.

Answer 178

Security concept in which significant and sensitive work tasks are divided among several individual administrators or high-level operators. This acts as a protection against collusion.

Answer 179

Occurrence of negative activity undertaken by two or more people often for the purpose of fraud, theft, or espionage.

Answer 180

Rotating employees among multiple job positions, is simply a means by which an organization improves its overall security

Answer 181

Used to protect the confidential information within an organization from being disclosed by a former employee

Answer 182

Prevent an employee with special knowledge of secrets from one organization from working in a competing organization in order to prevent that second organization from benefiting from the worker's special knowledge of secrets.

Answer 183

Is the process of adding new employees to the identity and access management (IAM) system of an organization

Answer 184

It is the removal of an employee's identity from the IAM system once that person has left the organization

Answer 185

with at least one witness, preferably a higher-level manager and/or a security guard.

Answer 186

1) Inform the person that they are relieved of their job 2) Request the return of all access badges, keys... Property 3) Disable the person's electronic access to all aspects of the organization 4) Remind the person about the NDA obligations 5) Escort the person off the premises

Answer 187

At the start of the exit interview

Answer 188

Policy used to define the levels of performance expectations, compensations, and consequences for entities, persons, or organizations that are external to the primary organization. Common items addressed in SLAs: System up time. Maximum consecutive downtime, Peak load, Average load, Responsibility for diagnostics, Failover time

Answer 189

The act of conforming to or adhering to rules, policies, regulations, standards, or requirements

Answer 190

Payment Card Industry Data Security Standard.

Answer 191

Active prevention of unauthorized access to information that is personally identifiable. Freedom from unauthorized access to information deemed personal or confidential Freedom from being observed, monitored, or examined without consent or knowledge

Answer 192

The collection of practices related to supporting, defining, and directing the security efforts of an organization

Answer 193

the system of oversight that may be mandated by law, regulation, industry standards, contractual obligation, or licensing requirements.

Answer 194

The process of reading the exchange materials and verifying them against standard and expectations and is typically performed before any on-site inspection takes place. If the documentation is incomplete, inaccurate, or otherwise insufficient, the on-site review is postponed until the documentation can be updated and corrected.

Answer 195

reduce risk to an acceptable level

Answer 196

is anything within an environment that should be protected. It is anything used in a business process or task. examples: computer file, network service, system resource, process, program, product, IT infrastructure, database, hardware device furniture, product recipes/formulas, intellectual property, personnel, software, facilities and so on.

Answer 197

Dollar value assigned to an asset based on actual cost and nonmonetary expenses

Answer 198

any Potential occurrence that may cause an undesirable or unwanted outcome for an organization or for a specific asset.

Answer 199

The weakness in an asset or the absence or the weakness of a safeguard or countermeasure.

Answer 200

is being susceptible to asset loss because of a threat; there is the possibility that a vulnerability can or will be exploited by a threat agent or event

Answer 201

possibility or likelihood that a threat will exploit a vulnerability to cause harm to an asset. Risk = Threat * vulnerability

Answer 202

can also be called security control, or countermeasure | Is anything that removes or reduces a vulnerability or protects against one or ore specific threats

Answer 203

is the exploitation of a vulnerability by a threat agent

Answer 204

is the occurrence of a security mechanism being bypassed or thwarted

Answer 205

Assign Asset Value (AV) Calculate Exposure Factor (EF) Calculate Single loss expectancy (SLE) Assess the annualized rate of occurrence (ARO) Derive the annualized loss expectancy (ALE) Perform cost/benefit analysis of countermeasures

Answer 206

Percentage of loss that an organization would experience if a specific asset were violated by a realized risk.

Answer 207

= Asset Value (AV) * Exposure Factor (EF)

Answer 208

is the expected frequency with which a specific threat or risk will occur within a single year

Answer 209

Possible yearly cost of all instances of a specific realized threat against a specific asset. = Single Loss Expectancy (SLE) * Annualized Rate of Occurrence (ARO)

Answer 210

Brainstorming, Delphi technique (anonymous feedback-and-response process used to enable a group to reach an anonymous consensus), Storyboarding, Focus groups, Surveys, Questionnaires, Checklists, One-on-one meetings, Interviews

Answer 211

``` Reduce or mitigate Assign or transfer Accept Deter Avoid Reject or ignore ```

Answer 212

Risk management Framework

Answer 213

a guideline or recipe for how risk is to be assessed, resolved, and monitored

Answer 214

1 Categorize - The information system and the information processed, stored and transmitted by that system 2 Select - an initial set of baseline security controls for the information system based on the security categorization; tailoring the supplementing the security control baseline as needed. 3 Implement - security controls and describe how the controls are employed within the information system and its environment of operation 4 Assess - Security controls using appropriate assessment procedures to determine the extent to which the controls are implemented correctly 5 Authorize - information system operation based on a determination of the risk to organizational operations and assets, individuals, other organizations, and the Nation resulting from the operation of the information system and the decision that this risk is acceptable 6 Monitor - the security controls in the information system on an ongoing, basis including assessing control effectiveness, documenting changes to the system or its environment of operation Can Sara Implement Assurance At MonkeyJoe's

Answer 215

keep the business making money.

Answer 216

1 Project scope and planning 2 Business impact assessment 3 Continuity Planning 4 Approval and Implementation Please bring candy apples

Answer 217

Structured analysis of the Business's Organization from a crisis planning point of view Creation of a BCP team approved by senior management Assessment of resources available to participate in business continuity activities Analysis of the legal and regulatory landscape that governs and organization's response to catastrophic event

Answer 218

Should include all departments and individuals who have a stake in the BCP process Operational departments - core services the business provides to its clients Critical support services - IT, facilities, maintenance personnel, groups responsible for upkeep of the Operational departments Corporate Security teams - physical security Senior executives/key individuals - essential for the ongoing viability of the organization

Answer 219

Quantitative and Qualitative Decision making ``` Identify Priorities Risk Identification Likelihood Assessment Impact Assessment Resource Prioritization ``` Is Risk Likely In Research

Answer 220

Maximum tolerable downtime or Maximum tolerable outage Maximum length of time a business function can be inoperable without causing irreparable harm to the business. A Disasters is declared after the MTD/MTO

Answer 221

Recovery time objective Amount of time you can feasibly recover the function in the event of a disruption. Recovery only begins after the MTD/MTO has passed.

Answer 222

Ensures BCP personnel have a written coninuity document to reference in the emergency. Provides a historical record of the BCP process. Forces the team members to commit their thoughts to paper.

Answer 223

1 Strategy development - Bridges the gap between the buiness impact assessment and the continuity planning phases of BCP development 2 Provisions and Processes - Develops Documents and designs procedureas and mechanisms that will mitigate the risks. 3 People - First priority make sure they are safe.

Answer 224

1 Criminal law 2 Civil 3 administrative

Answer 225

Preserve the peace and keep our society safe. acts such as murder, assault, robbery, and arson. Penalties for violating include community service, monetary penalties (fines) and deprivation of civil liberties (prison)

Answer 226

Bulk of all laws. designed to provide for an orderly society and govern matters that are not crimes but require an impartial arbiter to settle. Penalties usually include severe financial penalties

Answer 227

Executive Branch of our government. FCC, FDA, ...

Answer 228

Computer Fraud and Abuse Act - 1984 - cover all "federal interest" computers. Malicious damage in excess of $1,000 later changed to $5,000 Amendments - 1994 - Outlawed the creation of any type of malicious code that might cause damage to a computer system. - covered any computer used in interstate commerce rather than just federal - Allowed for the imprisonment of offenders, regardless of whether they actually intended to cause dame - Provided legal authority for the victims of computer crime to purse civil action to gain injunctive relief and compensation for damages. Amendment again in 1996, 2001, 2002, and 2008 now covers International.

Answer 229

Amendments to the CFAA - covers systems used in international commerce - Extends similar proctections to portions of the national infrastructure other than computing systesm, (railroads, gas pipelines, electric power grids, and telecommunications cirucitys. - Treats any intentional act that causes damage to national infrastructure as a felony

Answer 230

Federal Information Security Management ACT - 2002- requires that federal agencies implement an information security program that covers the agency operations.

Answer 231

2014 - series of bills into law. - Federal Information Systems Modernization Act which Modified the rules of FISMA by centralizing federal cybersecurity responsibility with the Department of Homeland Security - Cybersecurity Enhancement Act - which charges the NIST with responsibility for coordinating nationwide work on voluntary cybersecurity standards including NIST SP 800-53: Security and Privacy Controls for Federal Information systems and Organizations. NIST SP 800-171, NIST Cybersecurity Framework (CSF) - National Cybersecurity Protection Act - Charged the Department of Home Security with establishing a national cybersecurity and communications integration center.

Answer 232

Works of art until 70 years after death of last person or 75 after a corporation

Answer 233

Digital Millennium Copyright Act - prohibition of attempts to cirumvent copyright protection mechanisms placed on a protected work by the copyright holder. Penalties of $1,000,000 and 10 years in prison for repeat offenders. - Limits liability of Internet service providers when their circuits are used by criminals violating the copyright law.

Answer 234

Small TM symbol to show you intend to protect words or slogans. Official recognition requires registration with United States Patent and Trademark Office (USPTO) and uses the (R) symbol. - granted for 10 years but can be renewed for unlimited successive 10-year periods

Answer 235

20 years from initial application - Must be new - must be useful - must not be obvious

Answer 236

You must implement adeqate controls within your organization to ensure that only authorized personnel with a need to know the secrets have access to them and that they are bound by a NDA.

Answer 237

Protects Trade Secrets - Imprisonment for 15 years and $500,000 fine for Intention of benefiting a foreign government - Imprisonment for 10 years and $250,000 for other circumstances

Answer 238

International Traffic in Arms Regulations - Controls the export of items that are specifically designated as military and defense items. Items covered appear on a list called the United States Munitions List (USML).

Answer 239

Export Administration Regulations - Covers a broader set of items than ITAR and are commercial in nature but has military applications. Items are listed in the Commerce Control List (CCL)

Answer 240

Cannot export high-performance computing systems to counties that are classified as state sponsors of terrorism. Cuba, Iran, North Korea, Sudan, and Syria

Answer 241

Controls the release of encryption products outside the US. | - Submit products for review by the Commerce Department. will take no longer than 30 days.

Answer 242

basis for privacy rights in the US.

Answer 243

Maintain only the records that are necessary for conducting their business and that they destroy those records when they are no longer needed for a legitimate function of government.

Answer 244

Electronic Communications Privacy Act of 1986- A crime to invade the electronic privacy of an individual. Increased Federal Wiretap Act to include unauthorized access of electronically stored data.

Answer 245

Communications assistance for Law Enforcement Act of 1994. Amended the Electronic Communications Privacy Act of 1986 to require all communications carriers to make wiretaps possible for law enforcement with an appropriate court order, regardless of the technology in use.

Answer 246

Health Insurance Portability and Accountability Act of 1996 - Strict security measures for hospitals, physicians, Insurance companies, and other organizations that process or store private medical information about individuals.

Answer 247

Health Information Technology for Economic and Clinical Health Act of 2009. Amended HIPAA which updated many of HIPAA's privacy and security requirements and was implemented through the HIPAA Omnibus Rule in 2013 - Any relationship between a covered entity and a business associate must be governed by a written contract known as a business associate agreement (BAA) and must protect Protected Health Information (PHI) 2019 Amendment - new data breach noticication requirements with the HITECH breach Notification Rule

Answer 248

Children's Online Privacy Protection Act of 1998 - April of 2000 - Parents must give verifiable consent to collection of information about children younger than the age of 13 - websites must have a privacy notice that clearly states the types of information they collect. - Parents must be provided with teh opportunity to review any information collected from their children and permanently delete it.

Answer 249

Gramm-Leach-Bililey Act of 1999 - Banks, insurance companies, and credit providers were severely limited in the services they could provide and share. - Financial institutions must provide written privacy policies to all their customers

Answer 250

Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism. - wiretapping easier - blanket authorization for a person and then monitor all communications to or from that person under the single warrant.

Answer 251

Family Educational Rights and Privacy Act - Parents/students have the right to inspect any educational records maintained by the institution - Right to request correction of records they think are erroneous and the right to include a statement in the records contesting anything that is not corrected - Schools may not release personal information from student records without written consent.

Answer 252

1998 - identity theft a crime against the person whose identity was stolen and provides server criminal penalties for anyone found guilty. 15 year prison and/or $250,000

Answer 253

European Union General Data Protection Regulation 2016 - Data breach notification 72 hours - centralized data protection authorities in each EU member state - individuals will have access to their own data - data portability for transfer of personal information between service providers at the individual's request - right to be forgotten

Answer 254

Personally Identifiable Information Any information that can identify an individual. National Institute of Standards and Technology (NIST) Special Publications (SP) 800-122

Answer 255

Protected health information - HIPAA mandates the protection of PHI - Health information means any information, whether oral or recorded in any form or medium, that 1 - Created or received by a health care provider, health plan, public health authority, employer, life insurer, school or university, or health care clearinghouse 2 - relates to the past, present, or future physical or mental health or condition of any individual, the provision of health care to an individual, or the past, present, future payment for provision of health care to an individual

Answer 256

Trade Secrets | - refers to any data that helps an organization maintain a competitive edge.

Answer 257

Advanced persistent threat 1 - Group operating out of China that stole lots of data from commercial industry

Answer 258

APT 28 and APT 29 U.S. Department of Homeland Security (DHS) and Federal Bureau of Investigation (FBI) analysis report documenting Russian malicious Cyber activity targeting US government entities and politics.

Answer 259

Some nongovernment organizations use labels for classifying data. Class 3 is the highest (Confidential or Proprietary and Class 0 the lowest public. Civilian organizations aren't required to use any specific classification labels.

Answer 260

Converts cleartext into scrambled ciphertext and makes it more difficult to read.

Answer 261

data stored on media such as system hard drives, external USB drives, storage area networks (SANs), and backup tapes

Answer 262

also known as Data in motion any data transmitted over a network

Answer 263

data in memory or temporary storage buffers, while an application is using it. RAM, Cache, Registries ...

Answer 264

Data loss prevention systems. Can use headers, footers, and watermarks (data labels) to identify documents that include sensitive information and apply the appropriate security controls.

Answer 265

NIST SP 800-88r1

Answer 266

Approved disintegrator which shred the SSDs to a size of 2 millimetres or smaller.

Answer 267

Simply performing a delete operation against a file

Answer 268

is a process of preparing media for reuse and ensuring that the cleared data cannot be recovered using traditional recovery tools

Answer 269

more intense form of clearing that prepares media for reuse in less secure environments

Answer 270

creates a strong magnetic field that erases data on some media in a process called degaussing. Degaussing a hard disk will normally destroy the electronics used to access the data.

Answer 271

Final stage in the lifecycle of media and is the most secure method of sanitizing media

Answer 272

involves retaining and maintaining important information as long as it is needed and destroying it when it is no longer needed. Organization's security policy or data policy typically identifies retention timeframes.

Answer 273

uses the same key to encrypt and decrypt data

Answer 274

Advanced Encryption Standard Symmetric 128, 192, 256 bits key size

Answer 275

``` 3DES Replacement for DES Symmetric 56-bit keys (112 or 168 also available) 8-bits for parity (error correction) ```

Answer 276

``` Symmetric First to use salt 32 to 448 bits bcrypt is based on Blowfish Bcrypt adds 128 additional bits as a salt to protect against rainbow table attacks ```

Answer 277

Padding Oracle On Downgraded Legacy Encryption | Discovered by Google and showed SSL is susceptible.

Answer 278

Virtual Private Networks | allow employees to access the organization's internal network from their home or while traveling

Answer 279

Combined with Layer 2 Tunneling Protocol (L2TP) for VPNs. L2TP transmits data in cleartext, but L2TP/IPsec encrypts data and sends it over the internet using Tunnel mode to protect while in transit. includes AH and ESP - When used in transport mode only the packet payload is encrtypted. This mode is designed for peer-to-peer communication. - When used in tunnel mode the entire packet, including the header, is encrypted. This mode is designed for gateway to gateway communication.

Answer 280

Authentication Header - Protocol 51 provides authentication and integrity Transport mode only

Answer 281

Encapsulating Security Payload - Protocol 50 provides confidentiality in Transport mode only that packet data is encrypted in tunnel mode entire IP packet is encrypted.

Answer 282

are secure protocols used to transfer encrypted files over a network.

Answer 283

Transmit data in cleartext so not appropriate for transmitting sensitive data over a network

Answer 284

Person who has ultimate organizational responsibility for data. Chief Executive Officer (CEO), president, or department (DH)

Answer 285

also System Owner | is the person who owns the asset or system that processes sensitive data. typically the same person as the data owner

Answer 286

Can be the same as System owner or can overlap responsibilities

Answer 287

Any system used to process data but can also be A natural or legal person, public authority, agency, or other body, which processes personal data solely on behalf of the data controller

Answer 288

Program to replace Safe Harbor Program and makes sure the US is compliant with the EU GDPR. Administered by the US department of commerce and International Trade Administration (ITA)

Answer 289

process of using pseudonyms to represent other data and can refer to several pieces of information on a single data point

Answer 290

process of removing all relevant data so that it is impossible to identify the original subject or person.

Answer 291

form of anonymization that swaps data in individual data columns so that records no longer represent the actual data.

Answer 292

responsible for granting appropriate access to personnel. They don't necessarily have full administrator rights and privileges, but they do have the ability to assign permissions

Answer 293

helps protect the integrity and security of the data by ensuring that it is properly stored and protected. Responsible for the day-to-day tasks.

Answer 294

any person who accesses data via a computing system to accomplish work tasks

Answer 295

California Online Privacy Protection Act Requires a conspicuously posted privacy policy for any commercial websites or online services that collect personal information of California residents

Answer 296

Security control baselines as a list of security controls A single set of controls does not apply to all situations, but any organization can select a set of baseline controls and tailor it to its needs

Answer 297

reviewing a list of baseline controls and selecting only those controls that apply to the IT system you're trying to protect

Answer 298

Modifying the list of security controls within a baseline so that they align with the mission or the organization

Answer 299

Shift the letter X places to the right. ROT3 (Caesar Cipher) A becomes D, B becomes E

Answer 300

German WWII machine that used a series of 3 to 6 rotors to implement substitution

Answer 301

Japanese WWII similar machine to the Enigma

Answer 302

uses a shared key

Answer 303

uses individual combinations of public and private keys for each users of the system

Answer 304

enforce message integrity through the use of encrypted messages.

Answer 305

represents a message when encryption functions are described

Answer 306

a concept that makes algorithms known and public, allowing anyone to examine and test them. Cryptographic system should be secure even if everything about the system, except the key, is public knowledge. The principle can be summed up as "The enemy knows the system."

Answer 307

Same as Cryptographic keys

Answer 308

The study of methods to defeat codes and ciphers

Answer 309

Cryptography and cryptanalysis are commonly referred to as Cryptology

Answer 310

Federal Information Processing Standard "Security Requirements for Cryptographic Modules," defines the hardware and software requirements for cryptographic modules that the federal government uses.

Answer 311

Logical Operation for "AND"

Answer 312

Logical Operation for "OR"

Answer 313

Logical Operation for "NOT"

Answer 314

Exclusive OR

Answer 315

Remainder - remainder value left over after a division operation is preformed. Represented in equations by mod or %

Answer 316

Random number that acts as a placeholder variable in functions - must be unique each time it is used - example initialization Vectors (IV)

Answer 317

Initialization Vectors - a random bit string that is the same length as the block size and is XORed with the message. - are used to create unique ciphertext every time the same message is encrypted using the same key

Answer 318

The magic door.

Answer 319

M of N Control requires that a minimum number of agents (M) out of the total number of agents (N) work together to perform high-security tasks

Answer 320

The strength of a cryptography system is measuring the effort in terms of cost and/or time.

Answer 321

Hide the true meaning of plain text

Answer 322

use an encryption algorithm to rearrange the letters of a plaintext message, forming the ciphertext message

Answer 323

use the encryption algorithm to replace each character or bit of the paintext message with a different character (Caesar Cipher)

Answer 324

uses a single encryption/decryption chart encrypt the paintext - Substitution Cipher

Answer 325

As so know as Vernam ciphers. C = (P + K) mod 26 They are unbreakable if used properly - Pad must be randomly generated. - Pad must be physically protected against desclosure - Pad may only be used once - Key must be at least as long as the message to be encrypted.

Answer 326

Also known as a book cipher | Key is as long as the message and is often chosen from a common book.

Answer 327

Chunks or blocks of a message and apply the encryption algorithm to an entire message block at the same time

Answer 328

RC4 | operate on one character or bit of a message at a time

Answer 329

Cryptographic algorithms rely on these 2 basic operations to obscure plaintext. - Confusion occurs when the relationship between the plaintext and the key is so complicated that an attacker can't merely continue altering the plaintext and analyzing the resulting ciphertext to determine the key - Diffusion occurs when a change in the plaintext results in multiple changes spread throughout the ciphertext.

Answer 330

- Key Distribution - Does not implement nonrepudiation (at least 2 people know the key) - Algorithm is not scalable n(n-1)/2 - Keys must be regenerated often (each time someone leaves).

Answer 331

Also known as Public Key Algorithms solve the symmetric key issues - It also provides support for Digital Signatures

Answer 332

- Single shared key vs key pair sets - Out-of-band exchange vs In-band exchange - Not scalable vs Scalable - Fast vs slow - Bulk encryption vs Small blocks of data, digital signatures, digital envelopes, digital certificates - Confidentiality vs Confidentiality, integrity, authenticity, nonrepudiation

Answer 333

Data Encryption Standard 1977 - Electronic Code Book (ECB) - Think easy least secure - Cipher Block Chaining Mode (CBC) - each Block of unencrypted text is XORed with the block of ciphertext immediately preceding it before it is encrypted - Cipher Feedback Mode (CFB) streaming cipher version of CBC. CFB operates against data produced in real time - Ouput Feedback Mode (OFB) similar to CFB but instead of XORing an encrypted version fo the previous block of ciphertext DES XORs the plaintext with a seed value - Counter Mode uses a stream cipher similar to that used in CFB and OFB modes - Great for parallel computing - Block size 64 - Key size 56 - 8 bits for parity

Answer 334

3DES replaced DES - Block 64 - key 112 or 168

Answer 335

International Data Encryption Algorithm used in PGP - Block 64 - key size 128

Answer 336

First to use a Salt often used in SSH - Block size 64 - key size 32-448

Answer 337

Private keys - Block 64 - key 80

Answer 338

Advanced Encryption Standard - 128-bit keys require 10 rounds of encryption - 192-bit keys 12 - 256-bit keys 14 Block size of 128

Answer 339

Uses the techniques Prewhitening and Postwhitening - Prewhitening- XORing the plaintext with a separate subkey before the first round of encryption - Postwhitening - uses a similar operation after the 16th round of encryption - Block 128 - key 1-256

Answer 340

One party provides the other party with the secret key by paper or storage media

Answer 341

exchanging secret keys afters using the PKI for initial communications to verify each other's identity. uses LDAP when integrating digital certificates into transmissions

Answer 342

Can be used when PKI is not available.

Answer 343

Fair cryptosystems | Escrowed encryption standard

Answer 344

The secret key is divided into 2 or more pieces, each of which is given to an independent third party.

Answer 345

basis behind Skipjack | a technological means to decrypt ciphertext

Answer 346

Large Prime numbers | Public key algorithm that remains the worldwide standard today

Answer 347

Asymmetric algorithm | super-increasing sets

Answer 348

disadvantage - it doubles the length of any message it encrypts.

Answer 349

also known as ECC 160 bit key size y^2 = x^3 + ax + b

Answer 350

Hash of Variable Length MD5 variant 128, 160, 192, 224, 256 bits value length

Answer 351

Message Digest 2 | 128 value length

Answer 352

Message Digest 4 | 128 value length

Answer 353

Message Digest 5 | 128 value length

Answer 354

Secure Hash Algorithm | 160 value length

Answer 355

Secure Hash Algorithm | 224 value length

Answer 356

Secure Hash Algorithm | 256 value length

Answer 357

Secure Hash Algorithm | 384 value length

Answer 358

Secure Hash Algorithm | 512 value length

Answer 359

Federal Information Processing standard also known as the Digital Signature Standard (DSS) - all federally approved digital signature algorithms must use the SHA-3 hashing function

Answer 360

Enrollment

Answer 361

- The digital signature of the CA is authentic - you trust the CA - certificate is not listed on a CRL - Certificate actually contains the data you are trusting

Answer 362

- The certificate was compromised - The certificate was erroneously issued - The details of the certificate changed - The security association changed

Answer 363

Certificate Revocation Lists - maintained by the various certificte authorities and contain the serial numbers of certificates that have been issued by a CA and have been revoked along with the date and time the revocation went into effect.

Answer 364

Online Certificate Status Protocol This protocol eliminates the latency inherent in the use of certificate revocation lists by providing a means for real-time certificate verification.

Answer 365

Hardware security modules | Provide an effective way to manage encryption keys

Answer 366

Pretty Good Privacy 2 versions - Commercial - RSA for key exchange, IDEA for encryption/decryption, and MD5 for message dgest - OpenPGP - Diffie-Hellman (DH) for key exchange, Carlisle Adams/Stafford Tavares (CAST) 128-bit encryption/decryption algorithm, and SHA-1 for hashing.

Answer 367

Secure/Multipurpose Internet Mail Extensions - RSA encryption - X.509 certificates for digital signatures and for the exchange of symmetric keys used for longer communications sessions. - supports AES and 3DES De facto standard for mail encryption

Answer 368

art of using cyprographic techniques to embed secret messages within another message

Answer 369

Digital Rights Management software that uses encryption to enforce copyright restrictions on digital media. Document DRM restrictions - Reading a file - Modifying the contents of a file - Removing watermarks from a file - Downloading/saving a file - Printing a file - Taking screenshots of file content

Answer 370

Protects data traveling over networks 2 types - Link Encryption - End-to-End encryption

Answer 371

protects entire communications circuits by creating a secure tunnel between two points using either a hardware or software solution that encrypts all traffic entering one end of the tunnel and decrypts all traffic entering the other end.

Answer 372

protects communications between 2 parities and is performed independently of link encryption. TLS is an example.

Answer 373

Internet Security Association and key management Protocol Provides background security support services for IPsec by negotiating, establishing, modifying, and deleting security associations.

Answer 374

WiFi Protected Access Improves on WEP encryption by implementing the Temporal Key Integrity Protocol (TKIP), eliminating the cryptographic weaknesses that undermined WEP. WPA 2 adds AES - It does not provide End-to-End security on the wireless part is encrypted.

Answer 375

provides a flexible framework for authentication and key management in wired and wireless networks.

Answer 376

algebraic manipulation that attempts to reduce the complexity of the algorithm

Answer 377

exploits weaknesses in the implementation of a cryptography system

Answer 378

exploits statistical weaknesses in a cryptosystem such as floating-point errors and inability to produce truly random numbers.

Answer 379

attempts every possible valid combination for a key or password

Answer 380

Frequency Analysis | - used on simple ciphers such as substitution or transposition

Answer 381

Frequency Analysis | - has both the plaintext and encrypted message

Answer 382

attacker has the ability to decrypt chosen portions of the ciphertext message and use the decrypted portion on the message to discover the key

Answer 383

the ability to encrypt plaintext messages of their choosing and can then analyze the ciphertext output of the encryption algorithm

Answer 384

attacker uses a known plaintext message. the pain text is then encrypted using every possible key (k1), and the equivalent ciphertet is decrypted using all possible keys (k2)

Answer 385

a malicious individual sits between 2 communicating parties and intercepts all communications (including the setup of the cryptographic session).

Answer 386

works on cryptographic algorithms that don't incorporate temporal protections. individual intercepts an encrypted message between 2 parties and then later "replays" the captured message to open a new session. Time stamp and expiration period will prevent this type of attack.

Answer 387

allows a process to read from and write to only certain memory locations and resources

Answer 388

limits set on the memory addresses and resources it can access

Answer 389

Sandbox | used to protect the operating environment, the kernel of the operating system, and other independent applications.

Answer 390

uses access rules to limit the access of a subject to an object. Access rules state which objects are valid for each subject

Answer 391

one in which all protection mechanisms work together to process sensitive data for many types of users while maintaining a stable and secure computing environment

Answer 392

as the degree of confidence in satisfaction of security needs

Answer 393

Trusted Computing Base Orange Book/Trusted Computer System Evaluation Criteria (TCSEC) U.S. Department of Defense standard DOD 5200.28

Answer 394

is an imaginary boundary that separates the TCB from the rest of the system

Answer 395

part of the TCB that validates access to every resource prior to granting access request

Answer 396

describes a system that is always secure no matter what state it is in

Answer 397

always boots into a secure state, maintains a secure state across all transitions, and allows subject to access resources only in a secure manner compliant with the security policy

Answer 398

focuses on the flow of information. Are baed on a state machine model. Bell and Biba - Secret cannot see Top Secret Are designed to prevent unauthorized, insecure, or restricted information flow, often between different levels of security (these are often referred to as multilevel models).

Answer 399

based on information flow model. | Actions that take place at higher level do not interfere with low level

Answer 400

4 rules - Take/Grant and Create/Remove

Answer 401

is a table of subjects and objects that indicates the actions or functions that each subject can perform on each object

Answer 402

Only model that provides Confidentiality Simple - no read up * - no write down Discretionary Security Property states that the system uses an access matrix to enforce discretionary access control

Answer 403

Uses a multifaceted approach to enforcing data integrity. known as a triple or an access control triple three-part relationship of subject/program/object or subject/transaction/object

Answer 404

Chinese Wall | permit access controls to change dynamically based on a user's previous activity. Conflicts of interest

Answer 405

subjects are allowed only to perform predetermined actions against predetermined objects

Answer 406

focuses on preventing interference in support of integrity. use to prevent a covert channel

Answer 407

8 Ways - Secure creation and deletion of both subjects and objects. Securely Create/delete an object/subject Securely provide the read/grant/delete/transfer access right

Answer 408

TCSEC - 1980s- whole series of such publications through the mid-1990s Category A - Verified protection. The highest level of security Cat B - Mandatory protection Cat C - Discretionary protection Cat D - Minimal protection.

Answer 409

``` D - Minimal Protection C1 - Discretionary Protection C2 - Controlled Access Protection B1 - Labeled Security B2 - Structured protection B3 - Security Domains A1 - Verified Protection ```

Answer 410

Systems in a networking context

Answer 411

Password Management Guidelines, provides password creation and management guidelines, it's important for those who configure and mange trusted systems

Answer 412

represents a more or less global effort that involves everybody who worked on TCSEC and ITSEC as well as other global players. 7 EAL

Answer 413

EAL1 - Functionally tested EAL2 - Structurally tested EAL3 - methodically tested and checked EAL4 - Methodically designed, tested, and reviewed EAL5 - Semi-formally designed and tested EAL6 - Semi-formally verified, designed, and tested EAL7 - Formally verified, designed, and tested

Answer 414

Often an internal verification of security and the results of the verification are trusted only by your organization

Answer 415

is often performed by a third-party testing service, and the results are trusted by everyone in the world who trusts that specific testing group involved

Answer 416

handling 2 or more task simultaneously

Answer 417

single chip with multiple execution cores that operate simultaneously

Answer 418

Multiprocessors - more than 1 cpu

Answer 419

symmetric multiprocessing - processors share a common operating system, data bus, and memory resources

Answer 420

Massively parallel processing - MPP systems house hundreds or thousands of processors, each of which has its own operating system and memory/bus resources.

Answer 421

involves the pseudosimultaneous execution of 2 tasks on a single processor coordinated by the operating system as a way to increase operational efficiency

Answer 422

permits multiple concurrent tasks to be performed within a single process. this is a single process which is different than multitasking

Answer 423

single-state systems require the use of policy mechanisms to mange information at different levels. TS can only handle TS

Answer 424

are capable of implementing a much higher level of security. Can handle multiple security levels simultaneously - TS, S, C all at once.

Answer 425

Operating states Ready - Process is ready for execution Waiting - Process is waiting on a resource or another process to finish Running - is being processed on the CPU Supervisory - process must perform an action that requires higher privileges Stopped - when a process finishes or must be terminated

Answer 426

Dedicated Mode System High Mode Compartmented mode Multilevel Mode

Answer 427

similar to single-state system - Each user must have a security clearance that permits access to all information processed by the system - Each user must have access approval for all information processed by the system. - Each user must have a valid need to know for all information processed by the system

Answer 428

- Each user must have a valid security clearance that permits access to all information processed by the system - each user must have access approval for all information processed by the system - Each user must have a valid need to know for some information processed by the system but not necessarily all information processed by the system

Answer 429

- Each user must have a valid security clearance that permits access to all information processed by the system - Each user must have access approval for any information they will have access to on the system - Each user must have a valid need to know for all information they will have access to on the system

Answer 430

- Some users do not have a valid security clearance for all information processed by the system. Thus, access is controlled by whether the subject's clearance level dominates the object's sensitivity label. - Each user must have access approval for all information they will have access to on the system. - Each user must have a valid need to know for all information they will have access to on the system

Answer 431

User mode, Privileged Mode

Answer 432

is the basic mode used by the CPU when executing user applications

Answer 433

``` Privileged mode Supervisory mode system mode kernel mode Ring 0 ```

Answer 434

Programmable Read-Only Memory | content's are "burned in" by the end user. Once "burned in" no further changes are possible

Answer 435

Erasable Programmable Read-Only Memory - UVEPROM - uses ultra violet light to erase memory - EEPROM - uses electric voltages delivered to pins of the chip to force erasure Electronically Erasable PROM

Answer 436

Nonvolatile form of EEPROM. EEPROM must be fully erased before writing whereas Flash can be erased and written in blocks or pages.

Answer 437

Static Ram - fastest (Cache and Registers), uses flip-flops. Maintains the contents unaltered as long as power is supplied and imposes no CPU overhead for periodic refresh operations

Answer 438

Dynamic Ram - less expensive than SRAM because capacitors are cheaper than flip-flops. System must keep writing to DRAM or contents will change.

Answer 439

how the cpu access Register memory locations

Answer 440

not a memory addressing scheme but a way of referring to data that is supplied to the CPU as part of an instruction.

Answer 441

CPU is provided with an actual address of the memory location to access

Answer 442

Memory address supplied to the CPU as part of the instruction doesn't contain the actual value that the CPU is to use as an operand. CPU reads the provided address to learn the direct address of where the data resides and then retrieves the actual operand from that address

Answer 443

uses a value stored in one of the CPU's registers as the base location from which to begin counting. Cpu then adds the offset supplied with the instruction to that base address and retrieves the operand from that computed memory location

Answer 444

CDs are random (you can skip around), Tape is Sequential you must read all the contents to get to the part you need.

Answer 445

Microcode | software stored in a ROm chip

Answer 446

- basic input/output system - independent primitive instructions that a computer needs to start up and load the operating system from disk. - Unified extensible firmware interface - more advanced interface between hardware and the operating system

Answer 447

Code objects that are sent from a server to a client to perform actions

Answer 448

code objects sent from a user's system to query and process data stored on a remote system

Answer 449

Anything that is temporarily stored on the client for future reuse.

Answer 450

It ensures that data existing at one level of security is not visible to processes running at different security levels.

Answer 451

- Prevents unauthorized data access. Requirement in a multilevel security mode system - Protects the integrity of processes

Answer 452

Service oriented architecture | constructs new applications or functions out of existing but separate and distinct software services

Answer 453

outlines the security needs of your organization and emphasizes methods or mechanisms to employ to provide security.

Answer 454

Cost, Location, and size are important

Answer 455

Mean time to failure or Mean time to repair

Answer 456

Mean time between failures

Answer 457

Premises wire distribution room and intermediate distribution facilities (IDF)

Answer 458

Demarcation point | entrance point to the building where the cable from the provider connects the internal cable plant.

Answer 459

main wiring closet for the building, often connected to or adjacent to the entrance facility

Answer 460

provides wired connections between the equipment room and the telecommunications rooms, including cross-floor connections.

Answer 461

wiring closet- serves the connection needs of a floor or a section of a large building by providing space for networking equipment and cabling systems.serves as the interconnection point between the backbone distribution system and the horizontal distribution system.

Answer 462

provides the connection between the telecommunication room and work areas, often including cabling, cross-connection blocks, patch panel, and supporting hardware infrastructure.

Answer 463

Located at the core of the building | 1-hour minimum fire rating.

Answer 464

identity token containing integrated circuits (ICs) Processor IC card IC card with an ISO 7816 interface viewed as a complete security solution but should not be considered complete by themselves.

Answer 465

using someone else's security ID to gain entry into a facility.

Answer 466

Following someone through a secured gate or doorway without being identified or authorized personally

Answer 467

simply the implementation of either a Faraday cage or white noise generation or both to protect a specific area in an environment

Answer 468

Sensitive Compartmented Information Facility

Answer 469

60 - 75 degrees (15 to 23 Celsius) humidity between 40 - 60

Answer 470

1 - Incipient Stage - only ionization but no smoke 2 - Smoke Stage - smoke is visible from the point of ignition 3 - flame Stage - can be seen with the naked eye 4 - Heat Stage - fire is considerably further down the timescale to the point where there is an intense heat buildup and everything in the area burns.

Answer 471

A - Water, soda acid (dry powder or liquid chemical) B - CO2, halon, soda acid C - CO2, halon D - Dry powder - Oxygen suppression cannot be used on metal fires because burning metal produces its own Oxygen. Halon replacement and safest HM-200

Answer 472

wet pipe - (closed head system) always full of water dry pipe - contains compressed air. when triggered the air escapes opening a water valve that in turn causes the pipes to fill and discharge water into the environment deluge system - form of dry pipe that uses larger pipes and therefore delivers a significantly larger volume of water. Preaction system - combination dry and wet pipe system. dry until the initial stage of a fire are detected then the pipes fill with water. water is release only after the sprinkler head activation triggers are melted by sufficient heat.

Answer 473

``` FM-200 CEA-410 NAF-S-III FE-13 Argon Inergen Aero-K ```

Answer 474

3 to 4 feet - deter causal trespassers 6 to 7 - deter most intruders, except determined ones 8+ with 3 strands of barbed wire - deter even determined intruders

Answer 475

Primary purpose of lighting is to discourage casual intruders, trespassers, prowlers, or would-be thieves who would rather perform their misdeeds in the dark. Should not illuminate the positions of guards, dogs, patrol posts, or other similar security elements.

Answer 476

If a facility employs restricted areas to control physical security a mechanism to handle visitors is required

Answer 477

can be as simple as a name tag. Badges, identification cards, and security IDs

Answer 478

a device that senses movement or sound in a specific area. infrared - heat-based Wave pattern - low ultrasonic or high microwave frequency signal into a monitored area photoelectric - senses changes in visible light levels. Usually deployed in internal rooms that have no windows and are kept dark. capacitance - senses changes in the electrical or magnetic field surrounding a monitored object.

Answer 479

Alarms that trigger deterrents like engaging additional locks, shut doors,

Answer 480

trigger repellants like sound (audio siren or bell) and turns on lights

Answer 481

Often silent from the intruder/attacker perspective but record data about the incident and notify administrators, security guards, and law enforcement. log files and CCTV tapes

Answer 482

Must broadcast an audible (up to 120 decibel) alarm signal that can be easily heard up to 400 feet away.

Answer 483

Silent locally, but offsite monitoring agents are modified so they can respond to the security breach

Answer 484

can be added to either local or centralized alarm systems. when triggered emergency services are notified to respond to the incident and arrive at the location.

Answer 485

Please do not throw sausage pizza away | Physical - Data (LLC and MAC) - Network - Transport - Session - Presentation - Application

Answer 486

Bits - Frame - Packet - Segment (TCP)/Datagram (UDP) - Protocol data unit - Protocol data unit - Protocol data unit Big - fat - pricks - should/die - Protocol

Answer 487

``` EIA/TIA-232 / EIA/TIA-449 X.21 High-Speed serial Interface (HSSI) Synchronous Optical Networking (SONET) V.24 and V.35 ```

Answer 488

``` Serial Line Internet protocol (SLIP) Point-to-Point Protocol (PPP) Address Resolution Protocol (ARP) Layer 2 Forwarding (L2F) Layer 2 Tunneling Protocol (L2TP) Point-to-Point Tunneling Protocol (PPTP) Integrated Services Digital network (ISDN) ```

Answer 489

Internet control Message Protocol (ICMP) - protocol number 1 Routing Information Protocol (RIP) Open Shortest Path First (OSPF) Border Gateway Protocol (BGP) Internet Group management Protocol (IGMP) Internet Protocol (IP) Internet Protocol Security (IPSec) Internetwork Packet Exchange (IPX) Network Address Translation (NAT) Simple Key Management for Internet Protocols (SKIP)

Answer 490

Routing Information Protocol - Distance # of Hops

Answer 491

Open Shortest Path First - Link state - speed

Answer 492

``` Transmission Control Protocol (TCP) User Datagram Protocol (UDP) Sequenced Packet Exchange (SPX) Secure Sockets Layer (SSL) Transport Lyer Security (TLS) ```

Answer 493

Network File system (NFS) Structured Query Language (SQL) Remote Procedure Call (RPC) Simplex - One-way communication Half-Duplex - Two-way but only one direction can send data at a time Full-Duplex - 2-way which data can be sent in both directions simultaneously

Answer 494

American Standard Code for Information Interchange (ASCII) Extended Binary-Coded Decimal Interchange Mode (EBCDICM) Tagged Image File Format (TIFF) Joint Photographic Experts Group (JPEG) Moving Picture Experts Group (MPEG)

Answer 495

HTTP - FTP - LPD Line Print Daemon - SMTP - Telnet - TFTP - Electronic Data Interchange (EDI) - Post Office Protocol version 3 (POP3) - IMAP - SNMP - NNTP - Secure Remote Procedure Call (S-RPC) - Secure Electronic Transaction (SET)

Answer 496

Link - Internet - Transport - Application | LITA

Answer 497

FUP FIN - Finish URG - Urgent PSH - Push

Answer 498

Class First binary digits Decimal A 0 1-126 B 10 128-191 C 110 192-223 D 1110 224-239 E 1111 240-255

Answer 499

255.0.0.0 = /8 255.255.0.0 = /16 255.255.255.0 = /24 number of address 2^N - 2

Answer 500

File Transfer Protocol (FTP) - TCP 20/21 Telnet - TCP 22 SSH - TCP 22 Simple Mail Transfer Protocol (SMTP) - TCP 25 DNS - TCP 53 Dynamic Host Configuration Protocol (DHCP) - UDP 67 and 68 Trivial File Transfer Protocol (TFTP) - UDP 69 Hypertext Transfer Protocol (HTTP) - TCP 80 Post Office Protocol (POP3) - TCP 110 NTP - TCP 123 Windows File Sharing - TCP 135, 137-139, 445 Internet Message Access Protocol (IMAP) - TCP 143 Simple Network Management Protocol (SNMP) - UDP 161, 162 (for Trap Messages) Secure Sockets Layer (SSL)/TLS - TCP 443 Line Print Daemon (LPD) - TCP 515 Microsoft SQL - TCP 1433/1434 Oracle - TCP 1521 H.323 - TCP 1720 PPTP - TCP 1723 Remote Authentication Dial-In User Service (RADIUS) UDP 1812 Network File system (NFS) - TCP 2049 RDP - TCP 3389 X Window - TCP 6000-6063 HP jetDirect Printing 9100

Answer 501

A and AAAA - Address record - links FQDN to IPv4 (A) and IPv6 (AAAA) PTR - Pointer Record - Links IP address to FQDN reverse lookups CNAME - Canonical Name - Links FQDN alias to another FQND MX - Mail exchange - Links a mail and messaging-related FQDN to an IP address NS - Name server record - Designates the FQDN and IP address of an authorized name server SOA - Start of authority record - Specifies authoritative information about the zone file, such as primary name server, serial number, time-outs, and refresh intervals

Answer 502

.com, .net, .mil, ...

Answer 503

google, yahoo, cnn, msn

Answer 504

Domain Name System security Extensions Security improvement to the existing DNS infrastructure which provides reliable authentication between devices during DNS operations.

Answer 505

The act of falsifying the DNS information used by a client to reach a desired system. attacking the DNS server and placing incorrect information into its zone file which causes the real DNS to send false data back to clients

Answer 506

DNS spoofing or DNS pharming | can listen in on network traffic for any DNS query or specific DNS queries related to a target site.

Answer 507

Domain theft changing the registration of a domain name without the authorization of the valid owner. Stealing the owner's logon credentials, using XSRF, hijacking a session, using MitM, or exploiting a flaw in the domain registrar's system

Answer 508

merging of specialty or proprietary protocols with standard protocols, such as those from the TCP/IP suite

Answer 509

Fiber Channel over Ethernet network data-storage solution (SAN) or network-attached storage (NAS) that allows for high-speed file transfers upward to 128Gbps

Answer 510

Multiprotocol Label Switching high-throughput high-performance network technology that directs data across a network based on short path labels rather than longer network addresses. saves significant time over traditional IP-based routing processes, which can be quite complex. T1/E1, ATM, Frame Relay, SONET, DSL

Answer 511

Internet Small Computer System Interface network storage standard based on IP. can be used to enable location-independent file storage, transmission, and retrieval over LAN, WAN, or public internet connections. Low cost alternative to Fiber Channel

Answer 512

Software-Defined Networking separating the infrastructure layer form the control layer network design that is directly programmable from a central location, is flexible, is vendor neutral, and is open-standards based.

Answer 513

Content distribution network or Content delivery network collection of resource services deployed in numerous data centers across the internet in order to provide low latency, high performance, and high availability of the hosted content

Answer 514

IEEE standard for wireless network communications

Answer 515

Amendment Speed Frequency 802. 11 2 Mbps 2.4 GHz 802. 11a 54 Mbps 5 GHz 802. 11b 11 Mbps 2.4 GHz 802. 11g 54 Mbps 2.4 GHz 802. 11n 200+ Mbps 2.4 & 5 GHz 802. 11ac 1 Gbps 5 GHz

Answer 516

wireless access points when deploying

Answer 517

2 wireless devices when no AP is available (wireless device to device)

Answer 518

extended service set identifier All AP should use the same so clients can roam the area while maintaining network connectivity. extended APs

Answer 519

uses MAC addresses

Answer 520

process of investigating the presence, strength, and reach of wireless AP deployed in an environment

Answer 521

Open system authentication | There is no real authentication required. transmitts everything in clear text.

Answer 522

Shared key authentication | some form of authentication must take place before network communications can occur.

Answer 523

Wired Equivalent Privacy | RC4

Answer 524

Wi-Fi Protected Access | based on LEAP and Temporal Key Integrity Protocol (TKIP)

Answer 525

802.11i | Counter Mode Cipher Block Chaining Message Authentication Code Protocol (CCMP) which is based on AES

Answer 526

enterprise authentication. standard port based network access control that ensures that client cannot communicate with a resource until proper authentication has taken place. EAP - Extensible Authentication Protocol is an authentication framework

Answer 527

Lightweight Extensible Authentication Protocol | Cisco proprietary alternative to TKIP for WPA

Answer 528

Protected Extensible Authentication Protocol | Encapsulates EAP methods within a TLS tunnel that provides authentication and potentially encryption

Answer 529

LEAP PEAP EAP-TTLS EAP-TLS

Answer 530

Counter Mode with Cipher Block Chaining Message Authentication Code Protocol created to replace WEP and TKIP/WPA. Uses AES with 128-bit key. Is the preferred standard security protocol for wireless.

Answer 531

authentication technique that redirects a newly connected wireless web client to a portal access control page Hotel/Restaurants redirect for agreement

Answer 532

retransmission of captured communications in the hope of gaining access to the targeted system. Mitigated by keeping the firmware of teh base station updated as well as operating a wireless-focused network intrusion detection system (NIDS) W-IDS or W-NIDS

Answer 533

initialization vector | A mathematical cryptographic term for a random number

Answer 534

Commonly discovered during a site survey Mitigation - be aware of the correct and valid SSID. monitor the wireless signals for abuses such as newly appearing WAPs

Answer 535

attack in which a hacker operates a flse access point that will automatically cole, or twin, the identity of an access point based on a client device's request to connect.

Answer 536

Network Access Control | concept of controlling access to an environment through strict adherence to and implementation of security policy.

Answer 537

are essential tools in managing and controlling network traffic

Answer 538

a private network

Answer 539

a cross between the internet and an intranet

Answer 540

first-generation firewalls - basic filters traffic by examining data from a message header fooled with spoofed packets filters based on IP addresses, ports and some protocols ICMP (1), ESP (50), AH (51)...

Answer 541

``` Second generation Proxy firewall or second-generation Slow as they must examine each packet Operates at layer 7 filters traffic based on the internet service used to transmit or receive the data. Each application must have its own unique proxy server therefore the firewall comprises numerous individual proxy servers. ```

Answer 542

second generation establish communication sessions between trusted partners. OSI layer 5 (session)

Answer 543

third generation OSI 3 and 4 Dynamic packet filtering firewalls evaluate the state or the context of the network traffic (source and destination addresses, application usage, source of origin, and relationship between current packets and the previous packets of the same session.

Answer 544

DPI - complete packet inspection and information extraction (IX) filtering mechanism that operates typically at the application layer in order to filter the payload contents of a communication rather than only on the header values. Often integrated with application layer firewalls and stateful inspection firewalls.

Answer 545

``` Multifunction device (MFD) composed of several security features in addition to a firewall IDS, IPS, TLS/SSL proxy, web filtering, QoS management, bandwidth throttling, NATing, VPN anchoring, and antivirus ```

Answer 546

computer or appliance that is exposed on the internet and has been hardened by removing all unnecessary elements, such as services, program, protocols, and ports

Answer 547

firewall-protected system logically positioned just inside a private network. All inbound traffic is routed to the screened host and acts a a proxy.

Answer 548

Repeaters, Concentrators, Amplifiers, and Hubs

Answer 549

Bridges, Switches, Brouters (2 and 3)

Answer 550

Routers and Brouters (layers 2 and 3) | RIP, OSPF, BGP

Answer 551

remote access, mutilayer switch used to connect distant networks over WAN links

Answer 552

communication occurs over multiple frequencies at the same time

Answer 553

Frequency Hopping Spread Spectrum transmits data in a series while constantly changing the frequency in use. entire range of available frequencies is employed, but only one frequency is used at a time

Answer 554

Direct Sequence Spread Spectrum employs all the available frequencies simultaneously in parallel. Uses chipping code which allows a receiver to reconstruct data even if parts were distorted because of interference and works similar to RAID-5.

Answer 555

Orthogonal Frequency-Division Multiplexing employs a digital multicarrier modulation scheme that allows for a more tightly compacted transmission. modulated signals are perpendicular (orthogonal) and therefore do not cause interference with each other. Smaller frequency set but greater data throughput.

Answer 556

802.15 - personal area networks (PAN)

Answer 557

allows an attacker to transmit Short Message Service (SMS)-like messages to your device

Answer 558

allows hackers to connect with your Bluetooth devices without your knowledge and extract information from them.

Answer 559

attack that grants hackers remote control over the feature and functions of a Bluetooth device

Answer 560

Radio Frequency Identification - Asset tracking

Answer 561

Near-field communication

Answer 562

Fiber Distributed Data Interface Dual token ring - high-speed token-passing traffic flowing in opposite directions

Answer 563

IEEE Ethernet standard

Answer 564

single sign-on (SSO) Managing Identity and Authentication symmetric-key ``` KDC - key distribution Center Kerberos Authentication Server TGS - ticket-granting service AS - Authentication service TGT - ticket-granting-ticket ticket ```

Answer 565

Secure Remote Procedure Call | Authentication service and is simply a means to prevent unauthorized execution of code on remote systems

Answer 566

``` IPsec Kerberos SSH Signal Protocol S-RPC SSL TLS ```

Answer 567

CHAP PAP EAP

Answer 568

Challenge Handshake Authentication Protocol used over Point-to-Point (PPP) links.uses a challenge-response dialogue that cannot be replayed. periodically reauthenticates the remote system throughout an established communication session to verify a persistent identity of the remote client

Answer 569

Password Authentication Protocol standardized authentication protocol for PPP. transmit username and passwords in cleartext. no form of encryption; simply provides a means to transport the logon credentials from the client to the authentication server.

Answer 570

Extensible Authentication Protocol Framework for authentication instead of an actual protocol. customized authentication security solutions such as supporting smart cards, token, and biometrics.

Answer 571

Private branch exchange - basic phone service

Answer 572

Plain old Telephone system / public switched telephone network - basic phone services

Answer 573

Voice over IP | Caller ID can be falsified resulting in vishing (VoIP phishing) or Spam over Internet Telephony (SPIT)

Answer 574

Secure Real-Time Transport Protocol or Secure RTP | minimize the risk of VoIP DoS through robust encryption and reliable authentication

Answer 575

initial client connection is disconnected, and a person or party would call the client on a predetermined number that would usually be stored in a corporate directory in order to verify the identity of the client.

Answer 576

hackers that abuse phone systems. gain access to voice mailboxes, redirect messages, block access, and redirect inbound and outbound calls.

Answer 577

Direct Inward System Access | help manage external access and external control of a PBX by assigning access codes to users.

Answer 578

used to manipulate line voltages to steal long-distance services

Answer 579

used to simulate tones of coins being deposited into a pay phone

Answer 580

used to simulate 2600 Hz tones to interact directly with telephone network trunk systems

Answer 581

used to control the phone system. is a dual-tone multifrequency (DTMF) generator.

Answer 582

use of various multimedia-supporting communication solution to enhance distance collaboration

Answer 583

Simple Mail Transfer Protocol accepts messages from clients, transport those messages to other servers, and deposit them into a user's server-based inbox (server to server, client to server but not server to client)

Answer 584

Post Office Protocol version 3 / Internet Message Access Protocol Clients retrieve email from their server-based inboxes.

Answer 585

standard for email addressing and message handling

Answer 586

Secure Multipurpose Internet Mail Extensions Most secure Authentication is provided through X.509 digital certificates. Privacy through Public Key Cryptography Standard (PKCS) encryption and 2 types of messages can be formed: signed messages and secured enveloped messages

Answer 587

one of 2 types of messages provided by S/MIME | integrity, sender authentication, and nonrepudiation

Answer 588

integrity, sender authentication, and confidentiality

Answer 589

will attempt to set up an encrypted connection with every other email server in the event that it is supported. otherwise it will downgrade to plaintext

Answer 590

Sender Policy Framework | checking that inbound messages originate from a host quthorized to send messages by the owners of the SMTP origin domain

Answer 591

- use a modem to dial up directly to a remote access sever - Connecting to a network over the internet through a VPN - Connecting to a terminal server system through a thin-client connection - connecting to an office-located personal computer using a remote desktop service - using cloud-based desktop solution

Answer 592

network communications process that protects the contents of protocol packets by encapsulating them in packets of another protocol. Encapsulation is what creates the logical illusion of a communications tunnel over the untrusted intermediary network. Problems with - It is generally inefficient means of communicating because most protocols include their own error detection, error handling, acknowledgment, and session management features, so using more than one protocol at a time compounds the overhead required to communicate a single message.

Answer 593

``` Point-to-Point Tunneling Protocol MS-CHAP Microsoft CHAP CHAP PAP EAP Shiva Password Authentication Protocol (SPAP) ```

Answer 594

Layer 2 Tunneling Protocol | derived by combining elements from both PPTP and L2F (Layer 2 Forwarding Protocol which is a cisco developed VPN)

Answer 595

when software within a guest OS is able to breach the isolation protection provided by the hypervisor in order to violate the container of other guest OSs or to infiltrate a host OS.

Answer 596

Class A 10.0.0.0 - 10.255.255.255 Class B 172.16.0.0 - 17.31.255.255 Class C 192.168.0.0 - 192.168.255.255

Answer 597

Automatic Private IP Addressing | Link-local address assignment RFC 3927

Answer 598

127.x.x.x normally seen as 127.0.0.1 but any of the 127 address are loopbacks

Answer 599

Telephone - all data travels down the same path | Constant traffic, Fixed known delays, Connection oriented, Sensitive to connection loss, used primarily for voice

Answer 600

data can travel different paths | Bursty traffic, Variable delays, connectionless, Sensitive to data loss, Used for any type of traffic

Answer 601

also called Communication path is a logical pathway ot circuit created over a packet-switched network between 2 specific endpoints

Answer 602

Permanent Virtual Circuits - always on

Answer 603

Switch Virtual Circuits - like dial-up because a virtual circuit has to be created using the best paths currently available before it can be used and then disassembled after the transmission is complete

Answer 604

also called leased line or point-to-point link Digital Signal Level 0 (DS-0) - Partial T1 64Kbps to 1.544Mbps DS-1 - T1 - 1.544 Mbps DS-3 - T3 - 44.736 Mbps European digital transmission format 1 - E1 - 2.108 Mbps European digital transmission format 3 - E3 - 34.368 Mbps Cable modem or cable routers - 10+ Mbps

Answer 605

WAN Connection packet-switching technology used in Europe uses PVCs. OLD

Answer 606

packet-switching PVCs unlike X.25 upports multiple PVCs over a single WAN carrier service connection layer 2

Answer 607

Asynchronous transfer mode Cell-switching WAN communication technology, as opposed to a packet-switching technology like fram relay

Answer 608

Switched Multimegabit Data Service | connectionless packet-switching techonlogy. used to connect multiple LANs to form a metropolitan area network

Answer 609

Synchronous Digital Hierarchy and Synchronous Optical Network Fiber-optic high-speed network standards SDH - International Telecommunications Union (ITU) SONET - American National Standards hardware or physical layer standards defining infrastructure and line speed requirements both support mesh and ring topoligies

Answer 610

Synchronous Data Link Control | dedicated leased lines to provide connectivity for mainframes

Answer 611

High-level data link control refined version of SDLC designed specifically for serial synchronous connections. Full-duplex, supports PPP and multipoint connections. Polling and operates a OSI Layer 2 offers flow control and includes error detection and correction

Answer 612

High Speed Serial Interface DTE/DCE interface standard that defines how multiplexors and routers connect to high-speed network carrier services such as ATM or Frame Relay

Answer 613

also call a hash total

Answer 614

exists between a high-security area and low-security one such as between a LAN and the internet, physical environment and logical Important to state in security policy the point at which control ends or begins

Answer 615

Wireshark, NetWitness, T-Sight, Zed Attack Proxy (ZAP) and Cain & Abel

Answer 616

occurs when a user is first given an identity

Answer 617

Subjects are granted access to objects based on proven identities

Answer 618

Users and other subjects can be held accountable for their actions when auditing is implemented

Answer 619

Mobile Device Management | use context-aware authentication to identify device users.

Answer 620

``` Admins - 15 length users - 8 Maximum age - 45 days Complexity History Minimum password age - at least 1 day ```

Answer 621

String of characters similar to a password but that has unique meaning to the users.

Answer 622

series of challenge questions about facts or predefined responses that only the subject should know. birthday, maiden name, first boss, first pet, favorite sport

Answer 623

focus on the pattern of blood vessels in the back of the eye. Most accurate but reveal medical conditions, high blood pressure and pregnancy

Answer 624

focusing on the colored area around the pupil. 2nd most accurate and scans can be done 6 to 12 meters away. can be fooled with a high-quality image of a person's eye. light glasses, contacts all affect this type of scan.

Answer 625

False Rejection Rate - Type I

Answer 626

False Acceptance Rate - Type II

Answer 627

Crossover error rate or equal error rate | the point where the FRR and FAR percentages are equal or cross.

Answer 628

enrollment or biometric factor is sampled and stored in the device's database. Also called reference profile or reference template enrollment time over 2 minutes are unacceptable

Answer 629

amount of time the system requires to scan a subject and approve or deny access

Answer 630

has a high level of privileges, it is configured with a strong, complex password that is changed more often than regular users

Answer 631

convenient for users increases security as users do not have to remember multiple usernames and passwords disadvantage once an account is compromised, an attacker gains unrestricted access to all of the authorized resourcesFP

Answer 632

is the trusted third party that provides authentication services.

Answer 633

hosts the functions of the KDC: TGS and AS

Answer 634

Service that grants tickets

Answer 635

verifies or rejects the authenticity and timeliness of tickets. Often called the KDC

Answer 636

provides proof that a subject has authenticated through a KDC and is authorized to request tickets to access other objects

Answer 637

encrypted message that provides proof that a subject is authorized to access an object

Answer 638

1 user types username (UN) and password (PW) into client 2 client encrypts the UN with AES & transmits to KDC 3 KDC verifies UN against a database of known credentials 4 KDC generates a symmetric key used by the client and kerberos server. It encrypts with a hash of the user's PW. KDC generates an encrypted time-stamped TGT. 5 KDC transmeits the encrypted symmetric key and the encrypted time-stamped TGT to the client 6 client installs the TGT for use until it expires. Client also decrypts the symmetric key using a hash of the user's PW.

Answer 639

used to access objects on the network 1 client sends TGT back to the KDC with a request for access to the resource 2 KDC verifies that the TGT is valid and checks its access control matrix to verify user privileges 3 KDC generates a service ticket and sends it to the client 4 client sends the ticket to the server or service hosting the resource 5 server or service hosting the resource verifies the validity of the ticket with KDC 6 once identity and authorization is verified Kerberos activity is complete

Answer 640

Hypertext Markup Language | commonly used to display static web pages used to describe how data is displayed using tags.

Answer 641

Extensible Markup Language actually describing the data and not how to display data example: exam results passed

Answer 642

Security Assertion Markup Language developed by OASIS designed for exchanging user information for federated identity SSO purposes. based on Directory Service Markup Language (DSML) which can display LDAP-based directory service information in the XML format

Answer 643

Extensible Access Control Markup Language developed by OASIS used to define access control policies within an XML format. Commonly implements policies as an attribute-based access control system can also use role-base access controls. Helps provide assurances to all members in a federation that they are granting the same level of access to different roles.

Answer 644

Open authorization open standard used for access delegation. RFC 6749 given one site permission to access another account.

Answer 645

open standard by OpenID Foundation. provides decentralized authentication, allowing users to log into multiple unrelated websites with one set of credentials maintain by a third-party service referred to as an OpenID provider. example: using google to login into 23 and me

Answer 646

authentication layer using the OAuth 2.0 framework. Like OpenID, it is maintained by OpenID Foundation. similar to OpenID but uses JavaScript Object notation (JSON) Web Token or ID token. Can also provide profile information about the user.

Answer 647

also known as logon scripts establish communication links by providing an automated process to transmit logon credentials at the start of a logon session. Can be used to create a SSO like environment

Answer 648

provide a storage space for users to keep their credentials when SSO isn't available

Answer 649

RADIUS, TACACS+, Diameter

Answer 650

Remote Authentication Dial-in User Service centralizes authentication for remote connections provide Callback UDP encrypts only the exchange of the password (does not encrypt the entire session) additional protocols can be used to encrypt the data seesion. RFC 2865

Answer 651

Terminal Access Controller Access-Control System Cisco advantages over RADIUS - separates authentication, authorization, and accounting into separate processes, which can be hosted on three separate servers if desired. encrypts all the authentication information and not just password. TCP 49 (TACACS & XTACACS UDP 49)

Answer 652

``` enhanced version of RADIUS IP, Mobile IP, and VoIP not backwards compatible to RADIUS TCP 3868 or Stream Control Transmission Protocol (SCTP) port 3868 support IPsec TLS for encryption ```

Answer 653

also known as registration | the process that creates a new identity and establishes the factors the system needs to perform authentication

Answer 654

granted to users to create, read, edit, or delete a file on a file server. Similarly, you can grant a user access rights to a file, so in this context, access rights and permission are synonymous.

Answer 655

ability to take an action on an object. example user might have the right to modify the system time on a computer or the right to restore backed-up data.

Answer 656

combination of rights and permissions. example an administrator for a computer will have full privileges, granting the administrator full rights and permission on the computer. The administrator will be able to perform any action and access any data on the computer.

Answer 657

Object focused - is a table that includes subjects, objects and assigned privileges ACLs are object focused and identify access granted to subjects for any specific object

Answer 658

Subject focused - another way to identify privileges assigned to subjects. example capability table created for the accounting role will include a list of all objects that the accounting role can access and will include the specific privileges assigned to the accounting role for these objects. are subject focused and identify the objects that subjects can access.

Answer 659

or restricted interfaces to restrict what users can do or see based on their privileges.

Answer 660

restrict access to data based on the content within an object. database view is a content-dependent control. A view retrieves specific columns from one or more tables, creating a virtual table.

Answer 661

require specific activity before granting users. example consider the data flow from a transaction selling digital products online. Users and products to a shopping cart and begin the checkout process. the process denies access to the download page if users don't go through the purchase process first.

Answer 662

ensure that subjects are granted access only to what they need to know for their work tasks and job functions.

Answer 663

ensures that subjects are granted only the privileges they need to perform their work tasks and job functions.

Answer 664

ensures that sensitive functions are split into tasks performed by 2 or more employees.

Answer 665

a document that defines the security requirements for an organization

Answer 666

Discretionary Access Control | User/Owner - every object has an owner and the owner can grant or deny access

Answer 667

Role-Based Access Control | use of Roles/groups

Answer 668

or Restrictions/Filters | applies global rules that apply to all subjects

Answer 669

Attribute Based Access Control use of rules that can include multiple attributes. this allows it to be much more flexible than a rule-based access control model that applies the rules to all subjects equal

Answer 670

Mandatory Access Control | use of labels applied to both subjects and objects.

Answer 671

administrators Centrally administer nondiscretionary access controls and can make changes that affect the entire environment

Answer 672

similar to RBAC - each user is assigned an array of tasks.

Answer 673

relates various classification labels in an ordered structure from low security to medium security to high security, such as Confidential, Secret, and Top Secret, respectively. Viso Drawings root - ...

Answer 674

There is no relationship between one security domain and another. each domain represents a sparate isolated compartment

Answer 675

combines both hierarchical and compartmentalized concepts so that each hierarchical level may contain numerous subdivisions that are isolated from the rest of the security domain.

Answer 676

malicious individuals who are intent on waging an attack against a person or system

Answer 677

originally defined as technology enthusiasts with no malicious intent however media now uses the term hacker in place of cracker.

Answer 678

- To reduce the number of security-related design and coding defects - reduce the severity of any remaining defects

Answer 679

Focused on Assets Focused on Attackers Focused on Software

Answer 680

collecting multiple pieces of nonsensitive information and combining them to learn sensitive information

Answer 681

form of phishing targeted to a specific group of users, such as employees within a specific organization

Answer 682

variant of phishing that targets senior or high-level executives such as chief executive officers (CEOs)

Answer 683

analyze the information sent to the readers from Smartcards

Answer 684

- Control Physical Access to System - Control electronic access to files - Create a strong password policy - Hash and salt passwords - use password masking - Deploy multifactor authentication - Use account lockout controls - Use last logon notification - Educate users about security -> best to improve security

Answer 685

Security tests Security assessments Security audits

Answer 686

Verify that a control is functioning properly - Availability of security testing resources - Criticality of the systems and applications protected by the tested controls - Sensitivity of information contained on tested systems and applications - Likelihood of a technical failure of the mechanism implementing the control - Likelihood of a misconfiguration of the control that would jeopardize security - Risk that the system will come under attack - Rate of change of the control configuration - Other changes in the technical environment that may affect the control performance - Difficulty and time required to perform a control test - Impact of the test on normal business operations

Answer 687

comprehensive reviews of the security of a system, application, or other tested environment

Answer 688

Framework for security assessments and privacy controls in Federal information systems and organizations.

Answer 689

similar to Security assessments but must be preformed by independent auditors

Answer 690

are performed by an organization's internal audit staff and are typically intended for internal audiences

Answer 691

``` Performed by an outside auditing firm top 4 - Ernst & Young - Deloitte & Touche - PricewaterhouseCoopers - KPMG ```

Answer 692

conducted by, or on behalf of, another organization. For example, a regulatory body might have the authority to initiate an audit of a regulated firm under contract or law

Answer 693

Statement on Standards for Attestation Engagements document 16

Answer 694

SSAE 16 Type I report description of the controls provided by the audited organization as well as the auditor's opinion based upon the description. cover a single point in time and do not involve actual testing of the controls by the auditor - simply take the service organization at their word that controls are implemented as described.

Answer 695

SSAE 16 Type 2 report minimum 6-month time period and include an opinion from the auditor on the effectiveness of these controls based upon actual testing performed by the auditor. - considered much more reliable than Type I because they include independent testing of controls.

Answer 696

Control Objectives for Information and related Technologies - Business and IT working together - Framework for conducting audits and assessments - Describes the common requirements that organizations should have in place surrounding their information systems.

Answer 697

Security content Automation Protocol - common framework for discussion and also facilitates the automation of interactions between different security systems. components: CVE, CVSS, CCE, CPE, XCCDF, OVAL

Answer 698

Common vulnerabilities and Exposures | naming system for describing security vulnerabilities

Answer 699

Common Vulnerability Scoring system | standardized scoring system for describing the severity of security vulnerabilities

Answer 700

Common Platform Enumeration | naming system for operating systems, applications, and devices.

Answer 701

Extensible Configuration Checklist Description Format | a language for specifying security checklists

Answer 702

Open Vulnerability and Assessment Language | language for describing security testing procedures

Answer 703

Also known as half-open scanning | sends a single packet to each scanned port with the SYN flag set. if system response with SYN/ACK flags set port is open

Answer 704

Opens a full connections to the remote system. used when the user running the scan does not have permissions to run a half-open scan.

Answer 705

Sends a packet with the ACK flag set, indicating that it is part of an open connection. Test the firewall rules and firewall methodology

Answer 706

Sends a packet with the FIN, PSH, and URG flags set.

Answer 707

port is open and an application is actively accepting connections on the port.

Answer 708

port is accessible, meaning firewall is allowing access, but there is no application accepting connections on that port

Answer 709

nmap is unable to determine whether a port is open or closed because a firewall is interfering with the connection attempt.

Answer 710

The number of V's indicate how detailed the report is. -VVV is the most detailed.

Answer 711

special purpose tools that scour web applications for known vulnerabilities When you should scan: - Scan all applications when you begin performing web vulnerability scanning for the first time. will detect issues with legacy applications - Scan any new application before moving in tinto a production environment for first time - Scan any modified application before the code changes move into production - scan all applications on a recurring basis. Limited resources may require scheduling these scans based on the priority of the application.

Answer 712

1 Detection - initial identification of a vulnerability normally takes place as the result of a vulnerability scan 2 Validation - after detection an administrator should confirm the vulnerability to determine that it is not a false positive report 3 Remediation - validated vulnerabilities should then be remediated

Answer 713

- Planning - agreement upon the scope and rules. - Information gathering and discovery - manual/automated tools to collect information about the target environment - Vulnerability scanning - probes for system weaknesses using network, web, and database vulnerability scans - Exploitation - manual/automated exploit tools to attempt to defeat system security - Reporting - summarizes the results of the penetration testing and makes recommendations for improvements to system security Please Ice Very Exposed Rice

Answer 714

``` or peer review foundation of software assessment programs. Developers other than the one who wrote the code review it for defects 1 Planning 2 Overview 3 Preparation 4 Inspection 5 Rework 6 Follow-up ``` Plan Our Pre Inspection Review Follow-up

Answer 715

evaluates the security of software without running it by analyzing either the source code or the complied application.

Answer 716

evaluates the security of software in a running environment and is often the only option for organizations deploying applications written by someone else

Answer 717

specialized dynamic testing technique that provides many different types of input to software to stress its limits and find previously undetected flaws

Answer 718

takes previous input values from actual operation of the software and manipulates (or mutates) it to create fuzzed input

Answer 719

develops data models and creates new fuzzed input based on an understanding of the types of data used by the program.

Answer 720

developers work on different parts of a complex application that must function together to meet business objectives. 3 types - Application Programming Interfaces (APIs) - User Interfaces (UIs) - Physical Interfaces

Answer 721

Application Programming Interfaces offer a standardized way for code modules to interact and may be exposed to the outside world through web services. Developers must test APIs to ensure that they enforce all security requirements.

Answer 722

User Interfaces | GUIs, and command-line. provide end users with the ability to interact with the software

Answer 723

exist in some spplications that manipulate machinery, logic controllers, or other objects in the physical world

Answer 724

or Abuse case testing | evaluate the vulnerability of their software to users intentionally misusing the software.

Answer 725

estimate the degree of testing conducted against the new software formula or equation test coverage = (Number of use cases tested) / (Total number of use cases)

Answer 726

- Branch coverage - every if statement been executed under all if and else conditions - Condition coverage - logical test in the code been executed under all sets of inputs - Function coverage - every function in the code been called and returned results. - Loop coverage - every loop in the code been executed under conditions that cause code execution multiple times, only once, and not at all? - Statement coverage - every line of code been executed during the test

Answer 727

real-world monitoring / Real user monitoring (RUM) | just watching the network with tools.

Answer 728

or Active monitoring (stress testing) | perform artificial transactions against a website to assess performance

Answer 729

Security information and event management Collects data from many sources within the network. It provides real-time monitoring of traffic and analysis and notification of potential attacks. It also provides long-term storage of data, allowing security professionals to analyze the data.

Answer 730

Key Performance and Risk Indicators - number of open vulnerabilities - time to resolve vulnerabilities - vulnerability/defect recurrence - Number of compromised accounts - Number of software flaws detected in preproduction scanning - Repeat audit findings - User attempts to visit known malicious sites

Answer 731

amount of privileges granted to users, typically when first provisioning an account

Answer 732

in context of least privilege, aggregation refers to the amount of privileges that users collect over time

Answer 733

trust relationship between 2 security domains allow subjects in one domain (named primary) to access objects in the other domain (named training).

Answer 734

ensures that no single person has total control over a critical function or system

Answer 735

builds on principle of least privilege and applies it to applications and processes. requires the use of granular rights and permissions

Answer 736

is similar to a separation of duties and responsibilities policy, but it also combines the principle of least privilege

Answer 737

Sarbanes-Oxley Act of 2002 Stocks - public companies that have registered equity or debt securities with the Securities and Exchange Commission (SEC)

Answer 738

or the two-man rule | requires the approval of 2 individuals for critical task

Answer 739

Destruction or Purging

Answer 740

Choose your own device

Answer 741

``` Request the Change Review the change Approve/reject the change Test the change Schedule and implement the change Document the change ```

Answer 742

identify desired changes and request

Answer 743

Experts from several different areas within the organization review. they may approve or reject or may require approval at a formal change review board after extensive testing.

Answer 744

Based on review experts approve or reject. They also record the response in the change management documentation

Answer 745

If approved it should be tested, preferable on a non-production server.

Answer 746

change is schedule so that it can be implemented with the least impact on the system and the customers.

Answer 747

ensure that all interested parties are aware of it and change the configuration management documentation.

Answer 748

1.0 --> 1.1 minor update 1.1 --> 2.0 major update 1.1 --> 1.1.1 patches

Answer 749

identifying vulnerabilities, evaluating them, taking steps to mitigate risks associated with them

Answer 750

any event that has a negative effect on the confidentiality, integrity, or availability of an organization's assets. ITILv3 - "an unplanned interruption to an IT Service or a reduction in the quality of an IT Service" - Any attempted network intrusion - Any attempted denial-of-service attack - Any detection of malicious software - any unauthorized access of data - any violation of security policies

Answer 751

DR MRRRL | Detection - Response - Mitigation - Reporting - Recovery - Remediation - Lessons Learned

Answer 752

also determine if it is a security incident. - IDS - Anti-malware software - audit logs - end users

Answer 753

activate the incident response team (or CIRT - Computer incident response team)

Answer 754

steps that attempt to contain an incident | primary goal of an incident response team is to limit the effect or scope of an incident.

Answer 755

report the incident within the organization and to organizations and individuals outside the organization

Answer 756

after investigators collect all appropriate evidence form a system, the next step is to recover the system, or return it to a fully functioning state.

Answer 757

Personnel look at the incident and attempt to identify what allowed it to occur, and then implement methods to prevent it from happening again

Answer 758

Personnel examine the incident and the response to see if there are any lessons to be learned.

Answer 759

Educating users is extremely important as a countermeasure against botnet infections.

Answer 760

Disrupts the standard 3-way hand-shake used by Transmission Control Protocol (TCP). Attacks sends multiple SYN packets but never complete the connection with an ACK.

Answer 761

floods victim with ICMP echo packets. It is a spoofed broadcast ping request using the IP address of the victim as the source IP address.

Answer 762

similar to smurf but uses UDP over ports 7 and 19. Broadcast a UDP packet using the spoofed IP address of the victim. All systems on the network will then send traffic to the victim, just as with a smurf attack.

Answer 763

floods a victim with ping request. effective when launched by zombies within a botnet.

Answer 764

employs an oversize ping packet. Ping packets are normally 32 or 64 bytes. Ping of Death uses a ping packet over 64KB which is bigger than many system could handle.

Answer 765

attacker fragments traffic in such a way that a system is unable to put data packets back together. When a system tries to put fragments back together they cannot.

Answer 766

attacker sends spoofed SYN packets to a victim using the victim's IP address as both the source and destination IP address. tricks the system into constantly replying to itself and can cause it to freeze, crash, or reboot.

Answer 767

refers to an attack on a system exploiting a vulnerability that is unknown to others.

Answer 768

is any script or program that performs and unwanted, unauthorized, or unknown activity on a computer system

Answer 769

is a criminal act of destruction or disruption committed against an organization by an employee.

Answer 770

malicious act of gathering proprietary, secret, private, sensitive, or confidential information about an organization.

Answer 771

or signature-based, pattern-matching | uses a database of known attacks developed by the IDS vendor

Answer 772

or statistical, anomaly, heuristics starts by creating a baseline of normal activities and events on the system. it then compares day to day activity against the baseline.

Answer 773

Notifications send to admins via email, text, pager, or pop-up windows. alerts can generate a report detailing the activity.

Answer 774

can modify the nevironment using sereral different methods. Modifying ACLs to block traffic and can even disable all communications over specific cable segments. Similar to an IPS

Answer 775

detects TLS/SSL traffic, takes steps to decrypt it and sends the decypted traffic to an IDS/IPS for inspection. The decryptor detects and intercepts a TLS handshake between an internal client and an internet server. It then establishes 2 HTTPS sessions one between the internal client and decryptor the 2 between the TLS decryptor and the internet server.

Answer 776

Similar to an active response IDS system but is placed in line with the traffic so that all traffic must pass through the IPS and the IPS can choose what traffic to forward and what traffic to block. Also known as an IDPS.

Answer 777

Is legal - it the intruder discovers honeypot on their own through no outward efforts of the owner

Answer 778

Is illegal - in connection with a honeypot occurs when the honeypot owner actively solicits visitors to access the site and then charges them with unauthorized intrusion

Answer 779

are false vulnerabilities or apparent loopholes intentionally implanted in a system in an attempt to tempt attackers. Often used on honeypot systems to emulate well-known operating system vulnerabilities.

Answer 780

similar to a honeypot, but it performs intrusion isolation using a different approach, when an IDPS detects an intruder, that intruder is automatically transferred to a padded cell. the cell has the look and feel of an actual network but the attacker is unable to perform any malicious activities or access any confidential data from within the cell. It is a simulated environment that offers fake data to retain an intruder's interest, similar to a honeypot.

Answer 781

inform users and intruders about basic security policy guidelines. include stuff like online activities are audited and monitored, and often provide reminders of restricted activities. important from a legal standpoint because these banners can legally bind users to a permissible set of actions, behaviors, and processes.

Answer 782

most important protection against malicious code is anti-malware with up-to-date signature files and heuristic capabilities.

Answer 783

- Obtaining Permission - Testing Techniques - white box, grey ... - Protect Reports - Ethical hacking

Answer 784

or data extraction process of extracting specific elements from a larger collection of data to construct a meaningful representation or summary of the whole. form of data reduction that allows someone to glean valuable information by looking at only a small sample of data in an audit trail.

Answer 785

uses precise mathematical functions to extract meaningful information from a very large volume of data.

Answer 786

form of nonstatistical sampling. It selects only events that exceed a clipping level, which is a predefined threshold for the event. The system ignores events until they reach this threshold.

Answer 787

the act of recording the keystrokes a user performs on a physical keyboard. Think Banks

Answer 788

assurances that after a failure or crash, the system is just as secure as it was before the failure of crash occurred.

Answer 789

does not fail in a secure state. administrator is required to manually perform the actions necessary to implement a secured or trusted recovery after a failure or system crash.

Answer 790

system is able to perform trusted recovery activities to restore itself against at least one type of failure. Example Hardware RAID.

Answer 791

similar to automated recovery however it includes mechanisms to ensure that specific objects are protected to prevent their loss.

Answer 792

automatically recover specific functions.

Answer 793

variation in latency between different packets

Answer 794

time it takes a packet to travel from source to destination

Answer 795

when a disaster interrupts your business, your disaster recovery plan should kick in nearly automatically and begin providing support for recovery operations

Answer 796

must engineer your disaster recovery plan so that those business units with the highest priority are recovered first.

Answer 797

standby facilities large enough to handle the processing load of an organization and equipped with appropriate electrical and environmental support systems.

Answer 798

backup facility is maintained in constant working order, with a full complement of server, workstations, and communications links ready to assume primary operations responsibilities

Answer 799

They always contain the equipment and data circuits necessary to rapidly establish operations. 12 hours.

Answer 800

company that leases computer time

Answer 801

or Reciprocal agreements, are popular in disaster recovery literature but are rarely implemented in real-world practice. - difficult to enforce - Cooperating organizations should be located in relatively close proximity to each other to facilitate transportation of employees between sites. - Confidentiality concerns often prevent businesses from placing their data in the hands of others.

Answer 802

database backups are moved to a remote site using bulk transfers. if using a vendor for Electronic vaulting insist on a written definition of the service that will be provided, including the storage capacity, bandwidth of the communications link to the electronic vault, and the time necessary to retrieve vaulted data in the event of a disaster.

Answer 803

transfer copies of the database transaction logs containing the transactions that occurred since the previous bulk transfer.

Answer 804

Most expensive and the most advanced database backup solution. Live database server is maintained at the backup site.

Answer 805

- executive Summary Providing a high-level overview of the plan - Department-specific plans - Technical guides for IT personnel responsible for implementing and maintaining critical backup systems - Checklists for individuals on the disaster recovery team - Full copies of the plan for critical disaster recovery team members.

Answer 806

Virtual tape libraries used in Disk 2 Disk (D2D) backup solutions to make disk storage appear as tapes to backup software.

Answer 807

- Grandfather-Father-Son (GFS) - Tower of Hanoi Strategy - Six Cartridge Weekly

Answer 808

unique tool used to protect a company against the failure of a software developer to provide adequate support for its products or against the possibility that the developer will go out of business and no technical support will be available for the product.

Answer 809

should be hired, trained, and prepared to take on the responsibility of address the media in the event of a disaster

Answer 810

Read Street Signs partially For Maintenance - Read-Through Test - Structured Walk-through - Simulation Test - Parallel Test - Full-Interruption Test - Maintenance

Answer 811

- one of the simplest and most critical distribute copies of disaster recovery plans to the members of the team - ensures key personnel are aware of their responsibilities and have that knowledge refreshed. - provides individuals an opportunity to review the plans for obsolete information and update any items that require modification - helps identify situation in which key personnel have left the company and nobody bothered to reassign their disaster recovery responsibilities

Answer 812

or Table-Top exercise | - members gather to role-play a disaster scenario at a conference room table.

Answer 813

members are presented with a scenario and asked to develop an appropriate response. some of the responses are then tested which make interrupt noncritical business activities and the use of some operational personnel

Answer 814

relocating personnel to the alternate recovery site and implementing site activation procedures. Operations at the main facility are not interrupted.

Answer 815

involve actually shutting down operations at the primary site and shifting them to the recovery site. significant risk as they require the operational shutdown of the primary site and transfer to the recovery site followed by the reverse process to restore operations at the primary site.

Answer 816

Living document. must adapt the recovery plan to meet those changed needs.

Answer 817

internal investigations that examine either operational issues or a violation of the organization's policies. Operational investigations have the loosest standards for collection of information

Answer 818

typically conducted by law enforcement personnel, investigate the alleged violation of criminal law. Must be beyond a reasonable doubt standard of evidence

Answer 819

typically do not involve law enforcement but rather involve internal employees and outside consultants working on behalf of a legal team

Answer 820

Government agencies may conduct regulatory investigations when they believe that an individual or corporation has violated administrative law.

Answer 821

or eDiscovery - Information Governance - ensures that information is well organized for future eDiscovery efforts - Identification - Locates the information that may be responsive to a discovery request when the organization believes that litigation is likely - Preservation - ensures that potentially discoverable information is protected against alteration or deletion - Collection j- gathers the responsive information centrally for use in the eDiscovery process - Processing - screens that collected information to perform a "rough cut" of irrelevant information, reducing the amount of information requiring detailed screening. - Review - examines the remaining information to determine what information is responsive to the request and removing any information protected by attorney-client privilege - Analysis - Perform deeper inspection of the content and context of remaining information - Production - places the information into a format that may be shared with others. - Presentation - displays the information to witnesses, the court, and other parties.

Answer 822

Admissible Evidence - must meet all 3 requirements - relevant to determining a fact - material to the case - competent - it must have been obtained legally Type of Evidence - Real Evidence - tangible or object evidence - murder weapon, clothing, or other physical objects - Documentary Evidence - any written items brought into court to prove a fact at hand. must also be authenticated example: a computer log must include a witness (system administrator to testify log was collected as a routine business practice and is indeed the actual log that the system collected. -- Documentary Evidence - best evidence rule states that when a document is used as evidence in a court proceeding, the original document must be introduced. Copies or descriptions of original evidence (known as secondary evidence) will not be accepted as evidence unless certain exceptions to the rule apply -- parole evidence rule - when an agreement between parties is put into written form, the written document is assumed to contain all the terms of the agreement and no verbal agreement may modify the written agreement. - Testimonial Evidence - evidence consisting of the testimony of a witness, either verbal testimony in court or written testimony in a recorded deposition.

Answer 823

- General description of the evidence - Time and date the evidence was collected - Exact location the evidence was collected from - Name of the person collecting the evidence - Relevant circumstances surrounding the collection.

Answer 824

- digital evidence - all the general forensic and procedural principles must be applied - Upon seizing digital evidence, actions taken should not change that evidence. - access original digital evidence - person should be trained for the purpose - seizure, access, storage, or transfer of digital evidence must be fully documented, preserved, and available for review. - individual is responsible for all actions taken with respect to digital evidence while the digital evidence is in their possession - any agency that is responsible for seizing, accessing, storing, or transferring digital evidence is responsible for compliance with these principles.

Answer 825

- IDS/IPS logs - Network flow data captured by a flow monitoring system - Packet captures deliberately collected during an incident - logs from firewalls and other network security devices

Answer 826

- reviews of applications or the activity that takes place within a running application - conduct a review of software code, looking for backdoors, logic bombs, or other security vulnerabilities - review and interpret log files form application or database servers, seeking other signs of malicious activity, such as SQL injection attacks, privilege escalations, or other application attacks

Answer 827

- Personal computers - Smartphones - Tablet computers - Embedded computers in cars, security systems, and other devices.

Answer 828

- Voluntarily Surrender - Subpoena - or court order to surrender evidence and served by law enforcement. - Search warrant

Answer 829

- Military and intelligence attacks - obtain secret and restricted information from law enforcement or military and technological research sources - Business attacks - obtaining an organization's confidential information - Financial attacks - obtain money or services - Terrorist attacks - Fear - Grudge attacks - carried out to damage an organization or a person - Thrill attacks - Script Kitty - for the fun of it

Answer 830

- The safety and welfare of society and the common good, duty to our principals, and to each other requires that we adhere, and be seen to adhere, to the highest ethical standards of behavior - Therefor, strict adherence to this Code is a condition of certification

Answer 831

- Protect Society, the common good, necessary public trust and confidence, and the infrastructure. - Act honorably, honestly, justly, responsibly, and legally - Provide diligent and competent service to principals - Advance and protect the profession

Answer 832

Python, C++, Ruby, R, Java, and Visual Basic

Answer 833

C, Java, and FORTRAN

Answer 834

Python, R, JavaScript, and VBScript

Answer 835

methods from a class (parent or superclass) are inherited by another subclass (child)

Answer 836

forwarding of a request by an object to another object or delegate. An object delegates if it does not have a method to handle the message

Answer 837

is the characteristic of an object that allows it to respond with different behaviors to the same message or method because of changes in external conditions

Answer 838

strength of the relationship between the purposes of the methods within the same class

Answer 839

level of interaction between objects. Lower coupling mean less interaction. Lower coupling provides better software design because objects are more independent. Lower coupling is easier to troubleshoot and update.

Answer 840

formalized processes by which trust is built into the lifecycle of a system

Answer 841

verifies that the values provided by a user match the programmer's expectation before allowing further processing. Should be done server side

Answer 842

Should be done before users are allow to access or modify data

Answer 843

detail for developers and admin. detailed error messages should be disabled on any servers and applications that are publicly accessible

Answer 844

configured to send detailed logging or errors and other security events to a centralized log repository

Answer 845

Open Web Application Security Project Top 10 security threats for web - Input validation failures - Authentication attempts, especially failures - access control failures - Tampering attempts - Use of invalid or expired session tokens - Exceptions raised by the operating system or applications - Use of administrative privbileges - Transport Layer Security (TLS) failures - Cryptographic errors

Answer 846

- Fail-Secure - puts the system into a high level of security (possibly disables it entirely) until an administrator can diagnose the problem and restore the system to normal operations - Fail-open - allows users to bypass failed security controls, erring on the side of permissiveness

Answer 847

simple statement agreed on by all interested stakeholders that states the purpose of the project as well as the general system requirements

Answer 848

specific system functionalities are listed, and developers begin to think about how the parts of the system should interoperate to meet the functional requirements.

Answer 849

data provided to a function

Answer 850

the business logic describing what actions the system should take in response to different inputs

Answer 851

data provided from a function

Answer 852

- Initiating - Business reasons behind the change are outlined, support is built for the initiative, and the appropriate infrastructure is put in place - Diagnosing - engineers analyze the current state of the organization and make general recommendations for change - Establishing - organization takes the general recommendations from the diagnosing phase and develops a specific plan of action that helps achieve those changes - Acting - organization develops solutions and then tests, refines, and implements them - Learning - moving forward and if the organization has achieved the desired goals and, when cecessary, propose new actions to put the organization back on course.

Answer 853

IRDMO - Initial - Repeatable - Defined - Managed - Optimized IDEAL and SW-CMM - II DR ED AM LO

Answer 854

Program Evaluation Review Technique tool used to judge the size of a software product in development and calculate the standard deviation (SD) for risk assessment.

Answer 855

Reduce Risk in environment - Request Control - Change Control - Release control - Configuration Identification - Configuration Control - configuration Status Accounting - Configuration Audit

Answer 856

Development and Operations | Software development, Quality assurance, IT operations

Answer 857

evaluates the security of software without running it by analyzing either the source code or the compiled application.

Answer 858

evaluates the security of software in a runtime environment and is often the only option for organizations deploying applications written by someone else

Answer 859

2-dimensional tables made up of rows and columns Attributes (or fields) or degree - column Record or tuple or cardinality - rows

Answer 860

database transactions - Atomicity - all-or-nothing if any part fails the entire transaction must be rolled back as if it never occurred. - Consistency - all transaction must begin operating in an environment that is consistent with all of the database's rules. - Isolation - transactions operate separately from each other - Durability - once they are committed to the database, they must be preserved.

Answer 861

or edit control is a preventive security mechanism that endeavors to make certain that the information stored in the database is always correct or at least has its integrity and availability protected - failed concurrency has following issues -- Lost updates - when 2 different processes make update to a database unaware of each other's activity -- Dirty Reads - process reads a record form a transaction that did not successfully commit

Answer 862

Open Database Connectivity

Answer 863

injecting theselves into trusted runtime processes of the operating system, such as svchost.exe, winlogin.exe, and explorer.exe

Answer 864

use more than one propagation technique in an attempt to penetrate systems that defend against only method or the other

Answer 865

hide themselves by actually tampering with the operating system to fool antivirus packages into thinking that everything is functioning normally. Think Rootkit

Answer 866

modify their own code as they travel from system to system

Answer 867

use cryptographic techniques to avoid detection

Answer 868

nuisance and wasted resources caused by virus hoaxes. Often delivered by email with a warning that the virus is destructive and no antivirus is able to detect or eradicate it.

Answer 869

2001 Microsoft IIS - randomly selected hundreds of IP addresses and then probed those addresses to see whether they were used by hosts running a vulnerable version of IIS - Defaced HTML pages replacing normal content with the following text Welcome to http://www.worm.com! Hacked By Chinese! - planted a logic bomb that would initiate a DDOS attack against the IP address 198.137.240.91 which belonged to the White House's home page.

Answer 870

- Searching for unprotected administrative shares of system on the local network - Exploiting Zero-day vulnerabilities on the Windows Server service and Windows Print Spooler service - Connecting to systems using a default database password - Spreading by the use of shared infected USB drives

Answer 871

vulnerabilities exist when a developer does not properly validate user input to ensure that it is of an appropriate size Steps to include for user inputs - user can't enter a value longer than the size of any buffer that will hold it. - user can't enter an invalid value for the variable types that will hold it can't enter a value that will cause the program to operate outside its specified parameters.

Answer 872

or TOCTTOU | Time of check time of use

Answer 873

apply security patches release for operating will fortify a network against almost all rootkit attacks as well as a large number of other potential vulnerabilities

Answer 874

Cross-Site Scripting user takes advantage of web site web applications contain some type of reflected input

Answer 875

Cross-site request forgery attacks or CSRF | websites take advantage of user

Answer 876

Use prepared statements - leverage prepared statements to limit the application's ability to execute arbitrary code. Perform input validation Limit Account privileges

Answer 877

Advanced Persistent Threat sophisticated adversaries with advance technical skills and significant financial resources Think Zero-day