Wiley_08072017 Flashcards
(100 cards)
1
Q
This is necessary to obtain a Search Warrant
A
PROBABLE CAUSE
2
Q
ISC Code of Ethics:
A
- Protect society, the commonwealth, and the infrastructure.
- Act honorably, honestly, justly, responsibly, and legally.
- Provide diligent and competent service to principals.
- Advance and protect the profession.
3
Q
Prudent Man Rule is from what guideline?
A
The Federal Sentencing Guidelines formalized the prudent man rule and applied it to information security
4
Q
Christopher would like to send Renee a message using asymmetric encryption. What key should he use to encrypt the message? Renee’s public key is used to encrypt the message.
A
The sender of a message uses the recipient’s public key to encrypt it.
5
Q
This is generated by the difference in power between the hot and ground wires of a power source or operating electrical equipment
A
Common mode noise
6
Q
A Security Label protects against
A
Tampering
7
Q
Warm Sites take ___ hours to recover
A
12
8
Q
Packet Switching has ______ delays.
Circuit Switching has _______ delays.
A
Packet = Variable Delays
Circuit = Fixed Delays
9
Q
Replaced SSL
A
TLS
10
Q
_______ _________ mechanisms are set in place to establish a means of verifying the correctness of detection systems and sensors
A
Secondary verification
11
Q
Audit Report Requirements:
A
purpose
scope
results
12
Q
A ______ is created through the assignment of an IP address and a subnet mask.
A
subnet
13
Q
________ connects disparate networks rather than creating network segments
A
Router
14
Q
Routers only manage traffic between ______
A
subnets
15
Q
_________ is a networking device that can be used to create digital network segments (i.e., VLANs) that can be altered as needed by adjusting the settings internal to the device rather than on end-point devices
A
Switch
16
Q
Spoofing Countermeasures
A
SPOOFING Countermeasures:
Patching
Source/Destination Verification on Routers
IDS
17
Q
CPU _________ are the fastest form of memory..
A
registers
18
Q
______ is a subset of sampling, which is a process of extracting data from a large body of information but with a specified cut-off point or threshold
A
Clipping
19
Q
IDSs can detect attacks from:
A
1) external connection attempts,
2) execution of malicious code,
3) unauthorized access attempts to controlled objects.
20
Q
The document Ethics and the Internet was issued as RFC 1087 by the ____ ____ ____
A
Internet Advisory Board
21
Q
CESAR Cipher is a ________ CIPHER
A
SUBSTITUTION
22
Q
Block Cipher: Operate on __________and apply the encryption algorithm to the __________message block.
A
CHUNKS, ENTIRE
Used by most modern encryption algorithms used BLOCK.
23
Q
Substitution Cipher: Replace with a different ________.
A
Character
24
Q
Stream Ciphers: Operate on ____ bit or character at a time.
A
ONE
25
ONE TIME Ciphers are ______CIPHERS…
STREAM
26
A _______ is a system that hides the true meaning of a message. This uses a variety of
techniques to alter and/or rearrange the characters or words of a message to achieve
confidentiality….
Cipher
27
CIPHER provides ____________
Confidentiality
28
CFB vs CBC: Cipher Feedback Mode (CFB) uses a _________ cipher, compared to CBC's block cipher.
streaming
29
Cipher Feedback (CFB): A mode in which the DES algorithm is used to encrypt the
preceding block of cipher text. This block is then XORed with the _________block of plain text
to produce the next block of cipher text….C F B uses a STREAMING cipher..
Next
Hint CFB is "NEXT"
30
Cipher Block Chaining (CBC): A process in which each block of unencrypted text is
XORed with the block of cipher text immediately preceding it before it is encrypted using
the DES algorithm…
In Cipher Block Chaining (CBC) mode, each block of unencrypted text is XORed with the block of cipher text immediately __________it before it is encrypted using the DES algorithm.
preceding
31
TCP IP Handshake
SYN
SYN/ACK
ACK
32
Provides daily updates on fires
N I F C provides daily updates on fire
33
This attacks the three-way handshake process used by TCP/IP to initiate communication sessions
SYN Flood Attack
34
AGILE Software Development prefers being FLEXIBLE as opposed to following a _____
Plan
35
Auxiliary alarm systems facilitate local, remote, and centralized alarm systems by notifying external sources (police, fire, and medical) of signifying events…
AUXILARY ALARMS will notify ______Sources…
EXTERNAL
36
A _______ is a form of gate that prevents more than one person at a time from gaining entry and often restricts movement in one direction.
turnstile
37
RSA is an example of __________cryptography, which does not require a preexisting relationship to provide a secure mechanism for data exchange. Two individuals can begin communicating securely from the moment they start communicating…
asymmetric
38
RSA does not have a _________ relationship and can start communications quickly…
pre existing
39
3 Common forms of Governance:
1) IT …2) CORPORATE…3) SECURITY..
40
_________ is the periodic examination and review of a network to ensure that it meets security and regulatory compliance..
Auditing
41
_________mode noise is generated by the difference in power between the hot and ground wires of a power source or operating electrical equipment…next topic..
Common
42
REAL EVIDENCE – Tangible. Can be brought in to court. This is usually ________EVIDENCE..
Next topic…
CONCLUSIVE
43
DOCUMENTARY EVIDENCE – Written items to prove a ____. Must be authenticated.
fact
44
BEST EVIDENCE - must be the ______.
ORIGINAL
45
PAROLE EVIDENCE means evidence is _______and NOT verbal.
written
46
Static Packet Filtering Firewall - ..Layer ______, A static packet-filtering firewall filters traffic by examining data from a message header….
3,
47
Static Packet Filtering Firewall - .. Layer 3 (NETWORK). A static packet-filtering firewall filters traffic by examining data from a message _______.
header
48
Application Level Gateway Firewall - ..Layer 7, A K A Proxy..Filters traffic based on Internet Service OR Application..SLOW and considered ____ generation. Operates at Layer 7. ..
2nd
49
Circuit Level Gateway Firewall – Layer ___(Session). SOCKS (Socket Secure). 2nd generation. Manages based on Circuit as opposed to the content. Allows and Denies strictly on SOURCE/DESTINATION address and port. ..
5,
50
Circuit Level Gateway Firewall – Layer 5 (Session). SOCKS (Socket Secure). 2nd generation. Manages based on Circuit as opposed to the _______. Allows and Denies strictly on SOURCE/DESTINATION address and port. ..
content
51
2 Types of MULTIPROCESSING systems
SMP and MMP
52
used to create a UNIQUE CIPHER TEXT every time the same message is encrypted with the same key…
Initialization Vector
53
802.3 is Layer ___
2
54
An initialization vector (IV) is a random bit string (a nonce) that is the same length as the block size that is XORed with the message. IVs are used to create a unique cipher text every time the same message is encrypted with the same key…
IV
55
SAML attacks are often focused on ______authentication…
web-based
56
What are the two VPN modes?
Tunnel and Transport
57
The Code of Federal Regulations (CFR) is an example of __________ law.
administrative
58
Who provides daily updates on wildfires occurring in the United States.
The National Interagency Fire Center
59
Macro viruses use scripting languages such as _____ ______ for Applications..
```
Visual Basic..
MACRO viruses use SCRIPTING..
Macro viruses use V B Script..
MACRO uses scripting..
MACRO uses scripting..
```
60
_________serve as operational guides for both security professionals and users. They are flexible, so they can be customized for each unique system or condition. This document states what should be done (in other words, what security mechanisms should be deployed) instead of prescribing a specific product or control and detailing configuration settings. These outline methodologies, include suggested actions, and are not compulsory…
Guidelines
61
IPX/SPX, AppleTalk, and NetBEUI are examples of __ ___ protocols.
non-IP protocols.
62
_______– Interrupts and Takes Over..
________ – RELAYS..
_________ – TARGETS 2 ROUND ENCRYPTION SUCH AS DOUBLE DES..
HIJACK – Interrupts and Takes Over..
MAN IN THE MIDDLE – RELAYS..
MEET IN THE MIDDLE – TARGETS 2 ROUND ENCRYPTION SUCH AS DOUBLE DES..
63
_________uses a "lock" feature to allow an authorized user to make changes and then "unlock" the data elements only after the changes are complete.
Concurrency
64
_______ model uses multiple iterations of the waterfall model, so it is considered a meta-mode..
This is a form of WATERFALL.
Spiral model uses multiple iterations of the waterfall model, so it is considered a meta-mode..
Spiral Model is a form of WATERFALL.
65
________is the process by which online activities of user accounts and processes are tracked and recorded..
Auditing
66
________is freedom from being observed, monitored, or examined without consent or knowledge..
PRIVACY
67
ECC-RSA ____-bit key is the equivalent of an RSA _____-bit key..
ECC RSA 160 bit = RSA 1024 bit..
ECC RSA 160 bit = RSA 1024 bit..
ECC RSA 160 bit = RSA 1024 bit..
68
____________access control operates on a set of defined rules or restrictions that filter actions and activities performed on the system. System wide restrictions that override object access..
Nondiscretionary
69
INTEGRITY and ________depend on Each Other..
CONFIDENTIALITY
70
________attack, the attacker is racing with the legitimate process to replace the object before it is used..
tries to be beat the legitimate process before it is used..
TOC/TOU
71
_________, removes but does not repair..Removal of a virus, removes but does not repair..
_________,removes virus and repairs damage..
Removal, removes but does not repair..Removal of a virus, removes but does not repair..
Clean removes virus and repairs damage..
72
_________,removes virus and repairs damage..
Clean removes virus and repairs damage..
73
When audit trails legally prove accountability, then you also reap the benefit of _______..
nonrepudiation
74
______ ______ ______ are designed to prevent unauthorized, insecure, or restricted information flow, often between different levels of security..
Information flow models
75
Databases: The event that occurs when two or more rows in the same table appear to have identical primary key elements but contain different data for use at differing Classification levels. This is often used as a defense against some types of inference attacks.
Polyinstantiation
76
Database transactions must be _____—that is, they must be an “all‐or‐nothing” affair..
Atomic
77
DSA: The Digital Signature Algorithm (as specified in FIPS 186-2) supports true digital signatures, providing integrity verification and .
nonrepudiation
78
Biba and Clark Wilson provide ______
Integrity
79
3DES effective key length ___ Bit..
3DES effective key length 168bit..
80
______ ________ attack may be used on encrypted messages..
Frequency Analysis
81
A ____ _____ maintains a row of security attributes for each controlled object. This is also a row of an access control matrix.
capabilities list
82
A _____ ______ is closely associated with the access control matrix..
capabilities list
83
IPSEC needs ______in order to be secure on a dialup
L2TP
84
In a _______security mode system, there is no requirement that all users have appropriate clearances to access all the information processed by the system…
Multilevel
85
_________ model allows the development process to return only to the immediately preceding phase of development at any given time.
Waterfall
86
______ ______ and Job Rotation support peer auditing..
Mandatory vacations
87
2 examples of Peer Auditing
Mandatory vacations and Job Rotation
88
The __________phase usually concludes with the notification of the incident response team.
identification phase
89
This type of system houses hundreds or thousands of CPU’s that have their own operation system.
MMP Massively Parallel Processing
M M P used for large, complex tasks.
90
implement multithreading techniques at the operating system level…Single..Operating System level..S M P used for simple operations..This system is the O S level..
SMP Symmetric multiprocessing systems
S M P sends threads to available processor for simultaneous execution..
91
A _____ ______ is any method that is used to secretly pass data and that is not normally used for communication. Covert Channeling can be difficult to detect. Need to AUDIT and ANALYZE logs.
Covert channel
92
How to mitigate Covert Channel
Audit, Monitor, Analyze
93
Two types of Covert Channels: 1) Covert TIMING Channel – Alters system performance or timing in a _____ manner…2) Covert STORAGE Channel – Writes data to common ______area so another process can read it.
Predictable
Storage
94
When an intruder is detected by an I D S, they are transferred to a ____ ______. The transfer of the intruder into a padded cell is performed automatically, without informing the intruder that the change has occurred. The padded cell is unknown to the intruder before the attack, so it cannot serve as an enticement or entrapment. Padded cells are used to detain intruders, not to detect vulnerabilities….
padded cell
95
One of the most common vulnerabilities and hardest to protect against is the occurrence of ______ and _______ …
occurrence of errors and omissions
96
types of FIREWALLS (4):
Static
Application
Circuit
Stateful..
97
```
Name this Firewall:
Layer 3 (Network) and 4 (Transport), 3rd generation. Looks at source/destination ports, addresses and applications.
```
Stateful Inspection Firewall – A K A DYNAMIC.
98
Two Firewall Modes
Transport Mode: In transport mode, only the IP packet data is encrypted, but the header of the packet is not..
Tunnel Mode: Tunnel mode, HEADER AND PACKET DATA IS ENCYRPTED. The source and destination IP addresses are encrypted and an ESP header is added followed by a new IP header…When IPSec is used in tunnel mode, entire packets, rather than just the payload, are encrypted. This mode is designed for use in gateway-to-gateway TUNNEL IS MORE SECURE.
99
Which Firewall mode only encrypts IP Packet Data and NOT Header
Transport
100
Which of the two FW modes are more secure and why.
Tunnel is more secure because Header and Packet are Encrypted.
