09102017_Wiley_Test3 Flashcards

1
Q

______is used to sufficiently cleanse remnants of data on a magnetic storage drive so that it can be reused in unsecure environments.

A

Purging

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

The _______ model enforces separation of duties to further protect the integrity of data.

A

Clark-Wilson

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

In a _______ ______, all protection mechanisms work together to process sensitive data for many types of users while maintaining a stable and secure computing environment

A

trusted system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

telephone network) requires the use of a modem to support digital computer communications over an otherwise analog link

A

POTS (plain old telephone system) or PSTN (public switched

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which form of physical security control focuses on facility construction and selection, site management, personnel controls, awareness training, and emergency response and procedures?

A

Administrative

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

________ access controls are the policies and procedures defined by an organizations security policy to implement and enforce overall access control. These focus on two areas: personnel and business practices (e.g., people and policies). Examples of administrative access controls include policies, procedures, hiring practices, background checks, data classification, security training, vacation history, reviews, work supervision, personnel controls, and testing.

A

Administrative access controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

_______ access controls are the hardware or software mechanisms used to manage access to resources and systems and provide protection for those resources and systems. Examples of logical or technical access controls include encryption, smart cards, passwords, biometrics, constrained interfaces, access control lists (ACLs), protocols, firewalls, routers, intrusion detection systems, and clipping levels.

A

Logical/technical

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

_____access controls Physical access controls are the physical barriers deployed to prevent direct contact with systems or portions of a facility. Examples of physical access controls include guards, fences, motion detectors, locked doors, sealed windows, lights, cable protections, laptop locks, swipe cards, guard dogs, video cameras, mantraps, and alarms.

A

Physical

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

The second phase of the IDEAL software development model is the Diagnosing stage.

A

Diagnosing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

IDEAL

A

Software Development Tool

Initiate- reason for change outlined
Diagnose - troubleshoot and analyze
Establish - plan of attack based on dx
Act  - walk the walk
Learn - QI
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

CMM

A
Initiate 
Repeatable
Defined
Manage
Optimize
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What software development technique includes as a basic principle that it values responding to change over following a plan?

A

Agile

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

_____logging provides a nonmodifiable repository for system logs, preventing an attacker from destroying evidence of an attack.

A

Centralized

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Technology ________ is the tendency for various technologies, solutions, utilities, and systems to evolve and merge over time

A

Technology convergence is the tendency for various technologies, solutions, utilities, and systems to evolve and merge over time

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

____ evidence must be either uniquely identified by a witness or authenticated through a documented chain of custody

A

Real

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Chain of evidence or chain of custody has ___ ____ ___ ____of the evidence…

A

WHO, WHAT, WHERE and WHEN

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Chain of Custody. Must track and ______

A

Record all evidence.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Real evidence must by ______ _____ ____

A

relevant,
materiality,
competent

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Parol Evidence

A

“Escrow”. Agreement put into writing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Who is responsible for authoring the principle that can be summed up as “the enemy knows the system”?

A

Kerckchoff

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

______ ________ specify the claims of security from the vendor that are built into a TOE.

A

Security targets (STs)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Common Criteria purpose?

A

testing confirmation of system security capabilities. The number indicates what testing has been performed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

two key elements of common criteria

A

Target and Protection Policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Three Common Criteria guidelines

A

Part 1) Introduction.
Part 2) Security Functional Requirements.
Part 3) Security Assurance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

CC Evaluation Assurance Levels

A
0 Fuction
1 Structure
2 Methodically - Tested
3 Methodically -Desinged
4 Semiformal - Design
5 Semiformal - Design, verified
6 Formal
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Which process ensures that you close the loop of incident response to improve the effectiveness of your response to future incidents?

A

Lessons Learned

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

What type of system is authorized to process data at different classification levels only when all users have authorized access to those classification levels?

A

System High

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

System High Mode

A

Systems running in system-high mode are authorized to process data at different classification levels only if all system users have access to the highest level of classification processed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

The two goals of the identification phase are

A

identifying incidents

notifying the appropriate personnel

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

RAID groups

A

0 - Striping - Uses multiple drives, PERFORMANCE

1 - Mirroring and Duplex - Improve redundancy

5- Parity - 3+ drives - Hybrid of 0 and 1. PERFORMANCE and REDUNDANCY

31
Q

3 steps of IRP Incident Response Process

A

Detect and ID
Respond and Report
Recover and Remediate

32
Q

CERTIFICATION

A

Conducted Internally -i.e TECHNICAL TEAM

33
Q

ACCREDITATION

A

MANAGEMENT acceptance

34
Q

Difference between CERTIFICATION and ACCREDITATION

A

CERTIFICATION is FIT FOR USE, TEAM APPROVED

ACCREDITED is MANAGEMENT APPROVED

35
Q

Waterfall is very ____

A

Strict and Rigid . Preplan never goes up; like waterfall. STRUCTURE..

AKA Cleanroom

36
Q

Agile is ____

A

flexible.

37
Q

The security role of data ______ is responsible for the tasks of implementing the prescribed protection defined by the security policy and senior management.

A

custodian

38
Q

What DES mode is the streaming cipher version of CBC?

A

Cipher Feedback Mode (CFB) uses a streaming cipher, compared to CBC’s block cipher.

39
Q

Microsoft’s ActiveX technology supports a number of programming languages, including Visual Basic, C, C++, and Java. On the other hand, only the Java language can be used to write Java applets.

A

ActiveX supports C, C++, VB

40
Q

EMI that is generated from difference between power and ground

A

COMMON MODE

41
Q

EMI from appliances and magnets and motors

A

RFI

42
Q

The _____algorithm implemented the key escrow standard supported by the US government

A

Skipjack

43
Q

The master boot record is a single sector of a floppy disk or hard drive. Each sector is normally _____bytes

A

512

44
Q

Traverse Noise

A

Hot and Neutral..

NOTE: Common is Hot and Ground..” COMMON GROUND”

45
Q

It is very difficult to defend against ___ ____ ____ __due to their sophistication and complexity.

A

distributed denial-of-service attacks

46
Q

______ _______attacks are designed to obtain service while avoiding financial costs.

A

Phone phreaking

47
Q

The ____of a table refers to the number of rows in the table whereas

A

cardinality

48
Q

the _____of a table is the number of columns.

A

degree

49
Q

____ ______targets a specific GROUP of people such as a group of employees within a single company. Phishing goes to anyone without any specific target.

A

Spear phishing

NOTE: Whaling is a form of phishing that targets high-level executives.

50
Q

______is a form of phishing that targets high-level executives.

A

Whaling

51
Q

_____ ciphers operate on one character or bit of a message (or data stream) at a time.

A

Stream

52
Q

____ can be used to securely host/store the master encryption key for whole drive encryption

A

The TPM (trusted platform module) can be used to securely host/store the master encryption key for whole drive encryption

53
Q

The MD5 algorithm produces ______-bit hashes regardless of the size of the input message.

A

128

54
Q

MD5 uses __ bit

A

128

55
Q

Companion viruses are self-contained executable files with filenames similar to those of existing system/program files but with a modified extension. Examples include..

A

.exe

56
Q

Evidence collection takes place during the ____ AND _____phase of the incident.

A

response and reporting

57
Q

The Caesar cipher is a simple ______cipher where each letter of a message is changed.

A

substitution

58
Q

_____ _______utilizes a system of digital signatures to ensure that the code originates from a trusted source. It is up to the end user to determine whether the authenticated source should be trusted

A

Control signing

59
Q

The _______of a process consist of limits set on the memory addresses and resources it can access. The bounds state or define the area within which a process is confined

A

bounds. BOUNDS have LIMITS in the OS.

A process within BOUNDS it is running in ISOLATION

60
Q

A process within BOUNDS it is running in ______

A

ISOLATION

61
Q

CONFINEMENT or SANDBOXING

A

A process may be RESTRICTED to read/write in certain locations in memory.

62
Q

The _____model allows developers to repeat iterations of another life cycle model (such as the waterfall model) to produce a number of fully tested prototypes

A

spiral

63
Q

________ciphers change the values of individual characters in a message.

A

Substitution

64
Q

______evidence must be either uniquely identified by a witness or authenticated through a documented chain of custody.

A

Real

65
Q
SP 800-12 
SP 800-14   
SP 800-30  
SP 800-34  
SP 800-86  
SP 800-100  
SP 800-115
A

SP 800-12 An Introduction to Computer Security

SP 800-14 Generally Accepted Principles and Practices for Securing Information Technology Systems

SP 800-30 Risk Management

SP 800-34 Contingency Planning Guide for Information Technology Systems

SP 800-86 Guide to Integrating Forensic Techniques into Incident Response

SP 800-100 Information Security Handbook: A Guide for Managers

SP 800-115 Information Security Testing and Assessment

66
Q

Which NIST standard covers RISK MANAGEMENT

A

SP 800-30

67
Q

Biometrics.
Type 1 =
Type 2 =

A

Type 1 = False Negative, False Rejection = FRR..Annoying but not detrimental to security

Type 2 = False Positive, False Acceptance = FAR…BAD because an unauthorized user can get in

When FRR and FAR equal it is the CER.

68
Q

Things a IT Security Manager to should consider during merger and acquisition

A

On Site Assesment

Document exchange and Review

Process/Policy Review

69
Q

Two LATTICE based Access Controls model

A

Biba and Bell Lapadula

70
Q

When designing physical security for an environment, focus on the functional order in
which controls should be used. The order is as follows:

A
  1. Deterrence
  2. Denial
  3. Detection
  4. Delay
71
Q

Port Blocking happens on a SWITCH which layer 2

A

Layer 2 Switch will block ports

72
Q

_______ controls are your first line of defense, and PEOPLE are your last

A

Physical

73
Q

Asymmetric Algorithms

A

RSA, DH, ElGamon