09102017_Wiley_Test3 Flashcards
______is used to sufficiently cleanse remnants of data on a magnetic storage drive so that it can be reused in unsecure environments.
Purging
The _______ model enforces separation of duties to further protect the integrity of data.
Clark-Wilson
In a _______ ______, all protection mechanisms work together to process sensitive data for many types of users while maintaining a stable and secure computing environment
trusted system
telephone network) requires the use of a modem to support digital computer communications over an otherwise analog link
POTS (plain old telephone system) or PSTN (public switched
Which form of physical security control focuses on facility construction and selection, site management, personnel controls, awareness training, and emergency response and procedures?
Administrative
________ access controls are the policies and procedures defined by an organizations security policy to implement and enforce overall access control. These focus on two areas: personnel and business practices (e.g., people and policies). Examples of administrative access controls include policies, procedures, hiring practices, background checks, data classification, security training, vacation history, reviews, work supervision, personnel controls, and testing.
Administrative access controls
_______ access controls are the hardware or software mechanisms used to manage access to resources and systems and provide protection for those resources and systems. Examples of logical or technical access controls include encryption, smart cards, passwords, biometrics, constrained interfaces, access control lists (ACLs), protocols, firewalls, routers, intrusion detection systems, and clipping levels.
Logical/technical
_____access controls Physical access controls are the physical barriers deployed to prevent direct contact with systems or portions of a facility. Examples of physical access controls include guards, fences, motion detectors, locked doors, sealed windows, lights, cable protections, laptop locks, swipe cards, guard dogs, video cameras, mantraps, and alarms.
Physical
The second phase of the IDEAL software development model is the Diagnosing stage.
Diagnosing
IDEAL
Software Development Tool
Initiate- reason for change outlined Diagnose - troubleshoot and analyze Establish - plan of attack based on dx Act - walk the walk Learn - QI
CMM
Initiate Repeatable Defined Manage Optimize
What software development technique includes as a basic principle that it values responding to change over following a plan?
Agile
_____logging provides a nonmodifiable repository for system logs, preventing an attacker from destroying evidence of an attack.
Centralized
Technology ________ is the tendency for various technologies, solutions, utilities, and systems to evolve and merge over time
Technology convergence is the tendency for various technologies, solutions, utilities, and systems to evolve and merge over time
____ evidence must be either uniquely identified by a witness or authenticated through a documented chain of custody
Real
Chain of evidence or chain of custody has ___ ____ ___ ____of the evidence…
WHO, WHAT, WHERE and WHEN
Chain of Custody. Must track and ______
Record all evidence.
Real evidence must by ______ _____ ____
relevant,
materiality,
competent
Parol Evidence
“Escrow”. Agreement put into writing
Who is responsible for authoring the principle that can be summed up as “the enemy knows the system”?
Kerckchoff
______ ________ specify the claims of security from the vendor that are built into a TOE.
Security targets (STs)
Common Criteria purpose?
testing confirmation of system security capabilities. The number indicates what testing has been performed
two key elements of common criteria
Target and Protection Policy
Three Common Criteria guidelines
Part 1) Introduction.
Part 2) Security Functional Requirements.
Part 3) Security Assurance.
CC Evaluation Assurance Levels
0 Fuction 1 Structure 2 Methodically - Tested 3 Methodically -Desinged 4 Semiformal - Design 5 Semiformal - Design, verified 6 Formal
Which process ensures that you close the loop of incident response to improve the effectiveness of your response to future incidents?
Lessons Learned
What type of system is authorized to process data at different classification levels only when all users have authorized access to those classification levels?
System High
System High Mode
Systems running in system-high mode are authorized to process data at different classification levels only if all system users have access to the highest level of classification processed.
The two goals of the identification phase are
identifying incidents
notifying the appropriate personnel
RAID groups
0 - Striping - Uses multiple drives, PERFORMANCE
1 - Mirroring and Duplex - Improve redundancy
5- Parity - 3+ drives - Hybrid of 0 and 1. PERFORMANCE and REDUNDANCY
3 steps of IRP Incident Response Process
Detect and ID
Respond and Report
Recover and Remediate
CERTIFICATION
Conducted Internally -i.e TECHNICAL TEAM
ACCREDITATION
MANAGEMENT acceptance
Difference between CERTIFICATION and ACCREDITATION
CERTIFICATION is FIT FOR USE, TEAM APPROVED
ACCREDITED is MANAGEMENT APPROVED
Waterfall is very ____
Strict and Rigid . Preplan never goes up; like waterfall. STRUCTURE..
AKA Cleanroom
Agile is ____
flexible.
The security role of data ______ is responsible for the tasks of implementing the prescribed protection defined by the security policy and senior management.
custodian
What DES mode is the streaming cipher version of CBC?
Cipher Feedback Mode (CFB) uses a streaming cipher, compared to CBC’s block cipher.
Microsoft’s ActiveX technology supports a number of programming languages, including Visual Basic, C, C++, and Java. On the other hand, only the Java language can be used to write Java applets.
ActiveX supports C, C++, VB
EMI that is generated from difference between power and ground
COMMON MODE
EMI from appliances and magnets and motors
RFI
The _____algorithm implemented the key escrow standard supported by the US government
Skipjack
The master boot record is a single sector of a floppy disk or hard drive. Each sector is normally _____bytes
512
Traverse Noise
Hot and Neutral..
NOTE: Common is Hot and Ground..” COMMON GROUND”
It is very difficult to defend against ___ ____ ____ __due to their sophistication and complexity.
distributed denial-of-service attacks
______ _______attacks are designed to obtain service while avoiding financial costs.
Phone phreaking
The ____of a table refers to the number of rows in the table whereas
cardinality
the _____of a table is the number of columns.
degree
____ ______targets a specific GROUP of people such as a group of employees within a single company. Phishing goes to anyone without any specific target.
Spear phishing
NOTE: Whaling is a form of phishing that targets high-level executives.
______is a form of phishing that targets high-level executives.
Whaling
_____ ciphers operate on one character or bit of a message (or data stream) at a time.
Stream
____ can be used to securely host/store the master encryption key for whole drive encryption
The TPM (trusted platform module) can be used to securely host/store the master encryption key for whole drive encryption
The MD5 algorithm produces ______-bit hashes regardless of the size of the input message.
128
MD5 uses __ bit
128
Companion viruses are self-contained executable files with filenames similar to those of existing system/program files but with a modified extension. Examples include..
.exe
Evidence collection takes place during the ____ AND _____phase of the incident.
response and reporting
The Caesar cipher is a simple ______cipher where each letter of a message is changed.
substitution
_____ _______utilizes a system of digital signatures to ensure that the code originates from a trusted source. It is up to the end user to determine whether the authenticated source should be trusted
Control signing
The _______of a process consist of limits set on the memory addresses and resources it can access. The bounds state or define the area within which a process is confined
bounds. BOUNDS have LIMITS in the OS.
A process within BOUNDS it is running in ISOLATION
A process within BOUNDS it is running in ______
ISOLATION
CONFINEMENT or SANDBOXING
A process may be RESTRICTED to read/write in certain locations in memory.
The _____model allows developers to repeat iterations of another life cycle model (such as the waterfall model) to produce a number of fully tested prototypes
spiral
________ciphers change the values of individual characters in a message.
Substitution
______evidence must be either uniquely identified by a witness or authenticated through a documented chain of custody.
Real
SP 800-12 SP 800-14 SP 800-30 SP 800-34 SP 800-86 SP 800-100 SP 800-115
SP 800-12 An Introduction to Computer Security
SP 800-14 Generally Accepted Principles and Practices for Securing Information Technology Systems
SP 800-30 Risk Management
SP 800-34 Contingency Planning Guide for Information Technology Systems
SP 800-86 Guide to Integrating Forensic Techniques into Incident Response
SP 800-100 Information Security Handbook: A Guide for Managers
SP 800-115 Information Security Testing and Assessment
Which NIST standard covers RISK MANAGEMENT
SP 800-30
Biometrics.
Type 1 =
Type 2 =
Type 1 = False Negative, False Rejection = FRR..Annoying but not detrimental to security
Type 2 = False Positive, False Acceptance = FAR…BAD because an unauthorized user can get in
When FRR and FAR equal it is the CER.
Things a IT Security Manager to should consider during merger and acquisition
On Site Assesment
Document exchange and Review
Process/Policy Review
Two LATTICE based Access Controls model
Biba and Bell Lapadula
When designing physical security for an environment, focus on the functional order in
which controls should be used. The order is as follows:
- Deterrence
- Denial
- Detection
- Delay
Port Blocking happens on a SWITCH which layer 2
Layer 2 Switch will block ports
_______ controls are your first line of defense, and PEOPLE are your last
Physical
Asymmetric Algorithms
RSA, DH, ElGamon
