Abdul Gabriel Flashcards
This is a CISSP flash Cards for all intended CISSP Professionals
What is the Formula for calculating Risk in information security Management?
Risk = Threats X vulnerability X impact
When is a Program said to be Considered a Process?
A program is considered a process when it is loaded into a memory and activated by the Operating system
What is the difference between Multi-programming and Multitasking?
Multi-programming just means more than one application can be loaded into memory at the same time. which is also thesame thing as Multitasking
What is the difference between Privacy and Security?
Privacy is managing Risk to Confidentiality of personal identifiable information using physical, technical and administrative Controls.
What are the tree factors to consider in Authentication?
Something You have, Something you know, and Something you are
Identification in Authentication Simply Implies Who I am. True or False
True
When is an Authentication said to be Multi-factor?
When you combine either something you know and something you are or something you are and something you have.
What is the differences between Need to know and Least Privilege?
Very similar but slightly different. Least privilege is tied to Right of a subject in a system, it defines what the subject can do when access and authorization is granted. While Need to know is tied to information; Defines what a subject can do with and information when access is granted.
A violation of Least Privileged Principle may lead to violation of need-to-know principle. True or False
True. Violation of LPP can lead to violation of need-to-know principles
What is the major differences between Subject and Object?
a subject is an active entity in a system while an object is passive. but an object can be a subject in some cases - Very testable in CISSP exams.
What is the difference between Access Control Lists (ACLs) and Capability Tables?
A. Access control lists are related/attached to a subject whereas capability tables are related/attached to an object.
B. Access control lists are related/attached to an object whereas capability tables are related/attached to a subject.
C. Capability tables are used for objects whereas access control lists are used for users.
D. They are basically the same.
B. Access control lists are related/attached to an object whereas capability tables are related/attached to a subject.
Which of the following offers advantages such as the ability to use stronger passwords,
easier password administration, one set of credential, and faster resource access?
A. Smart cards
B. Single Sign-On (SSO)
C. Symmetric Ciphers
D. Public Key Infrastructure (PKI)
The advantages of SSO include having the ability to use stronger passwords, easier administration as far as changing or deleting the passwords, minimize the risks of orphan accounts, and requiring less time to access resources
What is a war-dialing attack?
War dialing or wardialing is a technique to automatically scan a list of telephone numbers, usually dialing every number in a local area code to search for modems, computers, bulletin board systems (computer servers) and fax machines. Hackers use the resulting lists for various purposes: hobbyists for exploration, and crackers – malicious hackers who specialize in breaching computer security – for guessing user accounts (by capturing voicemail greetings), or locating modems that might provide an entry-point into computer or other electronic systems.
Which of the following countermeasures would be the most appropriate to prevent possible
intrusion or damage from wardialing attacks?
A. Monitoring and auditing for such activity
B. Require user authentication
C. Making sure only necessary phone numbers are made public
D. Using completely different numbers for voice and data accesses
Explanation: Knowlege of modem numbers is a poor access control method as an attacker can discover modem numbers by dialing all numbers in a range. Requiring user authentication before remote access is granted will help in avoiding unauthorized access over a modem line. “Monitoring and auditing for such activity” is incorrect. While monitoring and auditing can assist in detecting a wardialing attack, they do not defend against a successful wardialing attack. “Making sure that only necessary phone numbers are made public” is incorrect. Since a wardialing attack blindly calls all numbers in a range, whether certain numbers in the range are public or not is irrelevant. “Using completely different numbers for voice and data accesses” is incorrect. Using different number ranges for voice and data access might help prevent an attacker from stumbling across the data lines while wardialing the public voice number range but this is not an adequate countermeaure
When we are dealing with memory activities, we use a time metric of nanoseconds (ns), which is a billionth of a second. So if you look at your RAM chip and it states 70 ns, this means it takes 70 nanoseconds to read and
refresh each memory cell. True/False
True
RAM is an integrated circuit made up of millions of transistors and capacitors. True/False
True. The capacitor is where the actual charge is stored, which represents a 1 or 0 to the system. The transistor acts like a gate or a switch. A capacitor that is storing a binary value of 1 has several electrons stored in it, which have a negative charge, whereas a capacitor that is storing a 0 value is empty. When the operating system writes over a 1 bit with a 0 bit, in
reality, it is just emptying out the electrons from that specific capacitor.
How does DRAM works? and how does it differ from Static RAM?
In Dynamic RAM the data being held in the RAM memory cells must be continually and dynamically refreshed so your bits do not magically disappear. This activity of constantly refreshing takes time, which is why DRAM is slower than static RAM.