Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CISSP > 6. Security Assessment And Training > Flashcards

6. Security Assessment And Training Flashcards

1
Q

Define Vulnerability Testing.

A

Identifying weaknesses in physical, administrative and logical systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Define penetration testing

A

Ethics hacking to validate discovered weaknesses.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Define black box testing

A

Zero knowledge of network at start of penetration testing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Define grey box testing

A

Partial knowledge at start of penetration testing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Define white box testing

A

Full knowledge of network at start of penetration testing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are the steps of Attack Methodology?

A
  1. Reconnaissance
  2. Foot printing - mapping network (Nmap)
  3. Fingerprinting - identifying host info.
  4. Vulnerability assessment - identifying weaknesses in system configuration.
  5. Attack - penetration and privilege escalation.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are the 3 basic requirements of penetration testing?

A
  1. Meet with senior management to determine the goal.
  2. Document rules of engagement.
  3. Get sign off from senior management.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is the purpose of penetration testing?

A

To determine subjects ability to withstand an attack and determine effectiveness of current security measures.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are the 3 types of penetration testing?

A
  1. Physical - get into physical area/remove materials or place marker in.
  2. Administrative - get sensitive information from users.
  3. Logical security - attacks on systems, networks or communications.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which IDS can read encrypted data?

A

HIDS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Define NDS

A

Network based Intrusion Detection System.
Focuses on the whole network and the machines on it. Acts as a traffic collector.
Disadvantages: data must be decrypted. Switches cause issues because of port spans.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Define HIDS

A

Host based IDS.

Disadvantages: only protects one machine, can be disabled, scalability is costly, uses local resources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Define the two types of Analysis Engines?

A
  1. Pattern matching - signature based on data from attacker to victim.
  2. Profile Matching - looks for change in “normal” behavior. System builds profile from watching work for a few weeks and then goes into action.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What are issues with each type of analysis engine?

A
  1. Pattern matching - must pay for signature subscription, does not stop 0 day attacks.
  2. Profile matching - lots of false- positives, often ignored due to frequency of false positives. Requires someone very skilled to use it.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is the damager of honey pots?

A

Enticement vs entrapment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

CISSP (8 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions