08092017_Wiley_Test2 Flashcards
Trademark can be renewed for ____ years
10
Best intellectual property protection ..
Trade Secret
How many rounds of encryption for DES
DES uses 16 rounds
Waterfall allow you to return the last previous ____
State
3DES effective key length
168bit
What uses passwords for a challenge-response mechanism to create a one-time password
Asynchronous One Time Password
Disaster ________involves restoring a business facility and environment to a workable state
restoration
The ________ evidence rule states that when an agreement between parties is put into written form, the written document is assumed to contain all the terms of the agreement and no verbal agreements may modify the written agreement
parol
_____ _____ ____viruses infect the system’s boot sector and load when the system is started
Master boot record (MBR)
__________ espionage is usually considered a business attack
Industrial
The Agile ________ says that you should build projects around motivated individuals and give them the support they need
Manifesto
A custodian is someone who has been assigned to or delegated the _____ to _____responsibility of proper storage and protection of objects.
day-to-day
_________ tests are similar to the structured walk-throughs. In this test, disaster recovery team members are presented with a scenario and asked to develop an appropriate response
Simulation
Systems are usually disconnected from the network during the _______ and _______process
isolation and recovery
RESTORATION phase of incident response includes these steps:
Restoring backup data
Rebuilding compromised systems
Supplementing existing security controls
____________ XORs the plain text with a separate subkey before the first round of encryption. Used in TWOFISH
Prewhitening
The US Geological Survey provides detailed _________ risk data for locations in the United States
earthquake
__________ occurs when a person presents him- or herself as another user, typically to gain access to unauthorized information or processes.
Masquerading. Keyword is UNAUTHORIZED.
THis includes physical access
Loss expectancies are a measure of impact and are calculated during the ______ assessment phase
IMPACT
You are concerned about the risk that a tornado poses to your corporate headquarters in Indiana. The building itself is valued at $10 million. After consulting with the National Weather Service, you determine that there is a 2 percent likelihood that a tornado will strike over the course of a year. You hired a team of architects and engineers who determined that the average tornado would destroy approximately 25 percent of the building. What is the annualized loss expectancy (ALE)?
The ALE is computed by multiplying the SLE ($2,500,000) by the annualized rate of occurrence (2%) to get $50,000.
A ______ access control model is based on job functions such as a sales person or a sales manager, and it groups users into roles. .
role-based
A ______access control model is an identity-based access control model. This is also OWNER based
discretionary
A ________access control model is based on rules within an ACL
rule-based
A ______ access control model uses assigned labels to identify access.
mandatory
The _____ ______process provides an organized framework within which users can request modifications, managers can conduct cost/benefit analysis, and developers can prioritize tasks.
request control
S/MIME supports these symmetric encryption algorithms.
RC2,
RSA,
DES and 3DES
The ________ phase includes the restoration of the normal business operations of an organization
CLOSURE
What are the Incident response steps
Response Mitigation Reporting Recovery Remediation
_________extended infrastructure mode exists when a wireless network is designed to support a large physical environment through the use of a single SSID but numerous access points
Enterprise
Phil Zimmerman’s Pretty Good Privacy (PGP) package relies on the construction of a _____ of ___between system users.
web of trust
Which BCP (business continuity plan) task requires that you create a comprehensive list of business processes?
Criticality prioritization OR Priority Identification task
What organization created the Ten Commandments of Computer Ethics
Computer Ethics Institute
_____-______ access control is focused on the internal data of each field
Content-dependent
A database view is a content-dependent control. A
view retrieves specifi c columns from one or more tables, creating a virtual table.
The following items are critical pieces of information in the chain of evidence?
General description of the evidence
.
Name of the person collecting the evidence
Time and date the evidence was collected
What cryptographic goal does the challenge-response protocol support?
Authentication
What type of access control system is deployed to physically deter unwanted or unauthorized activity and access?
Preventive access control is deployed to stop unwanted or unauthorized activity from occurring.
What database security feature uses a locking mechanism to prevent simultaneous edits of cells?
Concurrency
Christopher would like to send Renee a message using a digital signature. What key should he use to create the digital signature?
Christopher’s private key
Tunneling prevents security control devices from __________ the actual content of the transmitted data.
inspecting
When audit trails legally prove accountability, then you also reap the benefit of ________.
nonrepudiation
Which one of the following is not a required component of a digital certificate?
Serial number
Validity period
X.509 version
Process __________ allows a process to read from and write to only certain memory locations and resources.
confinement
annualized loss expectancy FORMULA
Asset value * exposure factor * annualized rate of occurrence
ALE = AV x EF x ARO
What term describes the processor mode used to run the system tools used by administrators seeking to make configuration changes to a machine?
USER MODE
All user applications, regardless of the security permissions assigned to the user, execute in user mode. Supervisory mode, kernel mode, and privileged mode are all terms that describe the mode used by the processor to execute instructions that originate from the operating system.
Role-based access control restricts access to roles by grouping _________ (such as users).
SUBJECTS
Role-based access control restricts access to roles by grouping subjects (such as users). Groups are assigned privileges but privileges aren’t grouped in roles. Programs aren’t grouped in roles. Objects such as files are often grouped within folders, but objects are not assigned as roles.
What attack involves an interruptive malicious user positioned between a client and server attempting to TAKE OVER?
HIJACK
This attack is the abundance of unsolicited messages arriving to the extent it prevents legitimate activity.
Denial of service
Malicious code or instruction as part of program input
Buffer-overflow
What technique may be used if an individual wants to prove knowledge of a fact to another individual without revealing the fact itself?
Zero-knowledge
__________ proof confirm that an individual possesses certain factual knowledge without revealing the knowledge.
Zero-knowledge
Tunneling is an _______ means of communicating because all protocols include their own error detection, error handling, acknowledgment, and session management features, and using more than one protocol at a time just compounds the overhead required to communicate a single message.
inefficient
In what type of attack does the intruder initiate connections to both a client and a server
Man in the Middle
________ access control is deployed to restore systems to normal after an unwanted or unauthorized activity has occurred
Corrective
The following are features of packet switching?
Bursty traffic focused
Sensitive to data loss
Supports any type of traffic
circuit switching has _______ known delays.
fixed
Packet switching has ______ traffic, ______ to data loss, supports ______ traffic.
Bursty traffic focused
Sensitive to data loss
Supports any type of traffic
circuit switching has _______ known delays.
fixed
What is the CLIENT source port of a secured web communication?
DYNAMIC port
randomly selected port number between 1024–65,535
Which security role is ultimately responsible for due diligence in protecting a company’s data?
Data Owner
_________ are precompiled lists of common passwords and their permutations and serve as the foundation for a dictionary attack on accounts.
Dictionary word lists
What form of password attack utilizes a preassembled lexicon of terms and their permutations?
Dictionary Word List
On what port do DHCP clients request a configuration?
68
Port 68
DHCP
Accountability is the ultimate goal of a process started by ________.
identification
______ is a weakness in cryptography where a plain-text message generates identical cipher-text messages using the same algorithm but different keys
Clustering (aka key clustering)
The ___________ model is based on predetermining the set or domain of objects that a subject can access. The set or domain is a list of those objects that a subject can access. This model is based on automation theory and domain separation. This means subjects are able to perform only predetermined actions against predetermined objects.
Goguen-Meseguer
In _____________ mode, each block of unencrypted text is XORed with the block of cipher text IMMEDIATELY PROCEEDING it before it is encrypted using the DES algorithm.
Cipher Block Chaining (CBC)
______ _______ use an iterative series of precomputed password hashes. These are precomputed password hashes kept as a series of iterative inputs are known as what
Rainbow tables
_______removes the malicious code but does not repair the damage caused by it.
Removal
_________not only removes the code, but it also repairs any damage the code has caused.
Cleaning
Wifi 802.11__ can use the 2.4 GHz and 5 GHz frequencies
802.11n
C++, Java, and Fortran are _______languages
compiled
AES supports what length?
The strongest keys supported by the Advanced Encryption Standard are 256 bits. The valid AES key lengths are 128, 192, and 256 bits.
Which networking technology assumes traffic collisions will occur and thus requires collision detection and avoidance mechanisms?
eTHERNET
What database element is equivalent to a single attribute?
Column
The five elements of AAA services in order are :
The five elements of AAA services in order are identification, authentication, authorization, auditing, accounting.
________ the media is the best choice of the available answers to protect against mishandling media.
Marking (or labeling)
________is the process by which online activities of user accounts and processes are tracked and recorded.
Auditing
The security management task in which critical, significant, and sensitive work tasks are divided among several individual administrators or high-level operators is ________ __ ______.
separation of duties
_________ access control enables the enforcement of systemwide restrictions that override object-specific access control.
Nondiscretionary
_______viruses use filenames that mimic the filenames of legitimate system files.
Companion
Companion Virus is…
viruses that use filenames that mimic the filenames of legitimate system files
the ______and the cost/benefit equation—produce results that are primarily used to prioritize security efforts
ALE
___is an authentication service and is simply a means to prevent unauthorized execution of code on remote systems
S-RPC
__________ ATTACKS are coordinated efforts between cooperative machines using traffic in an entirely legitimate manner
DISTRIBUTED REFLECTIVE DENIAL OF SERVICE
The ________of database transactions requires transaction execution in an all-or-nothing fashion.
atomicity
______access control is deployed to provide various options to existing controls to help enforce and support a security policy
Compensation
The ~ symbol represents the NOT function, which inverts the bits of the affected variable. In this case, the X value is not used.
X: 0 1 1 0 1 0
Y: 0 0 1 1 0 1
~Y: 1 1 0 0 1 0
_______ control is any hardware, software, or organizational administrative policy or procedure that grants or restricts access, monitors and records attempts to access, identifies users attempting to access, and determines whether access is authorized
Access
Cryptographic salt values are added to the passwords in password files before hashing to protect from which two attacks?
rainbow table and dictionary attacks.