Abdul Gabriel Flashcards

This is a CISSP flash Cards for all intended CISSP Professionals

1
Q

What is the Formula for calculating Risk in information security Management?

A

Risk = Threats X vulnerability X impact

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

When is a Program said to be Considered a Process?

A

A program is considered a process when it is loaded into a memory and activated by the Operating system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is the difference between Multi-programming and Multitasking?

A

Multi-programming just means more than one application can be loaded into memory at the same time. which is also thesame thing as Multitasking

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is the difference between Privacy and Security?

A

Privacy is managing Risk to Confidentiality of personal identifiable information using physical, technical and administrative Controls.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are the tree factors to consider in Authentication?

A

Something You have, Something you know, and Something you are

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Identification in Authentication Simply Implies Who I am. True or False

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

When is an Authentication said to be Multi-factor?

A

When you combine either something you know and something you are or something you are and something you have.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is the differences between Need to know and Least Privilege?

A

Very similar but slightly different. Least privilege is tied to Right of a subject in a system, it defines what the subject can do when access and authorization is granted. While Need to know is tied to information; Defines what a subject can do with and information when access is granted.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

A violation of Least Privileged Principle may lead to violation of need-to-know principle. True or False

A

True. Violation of LPP can lead to violation of need-to-know principles

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is the major differences between Subject and Object?

A

a subject is an active entity in a system while an object is passive. but an object can be a subject in some cases - Very testable in CISSP exams.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is the difference between Access Control Lists (ACLs) and Capability Tables?
A. Access control lists are related/attached to a subject whereas capability tables are related/attached to an object.
B. Access control lists are related/attached to an object whereas capability tables are related/attached to a subject.
C. Capability tables are used for objects whereas access control lists are used for users.
D. They are basically the same.

A

B. Access control lists are related/attached to an object whereas capability tables are related/attached to a subject.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which of the following offers advantages such as the ability to use stronger passwords,
easier password administration, one set of credential, and faster resource access?
A. Smart cards
B. Single Sign-On (SSO)
C. Symmetric Ciphers
D. Public Key Infrastructure (PKI)

A

The advantages of SSO include having the ability to use stronger passwords, easier administration as far as changing or deleting the passwords, minimize the risks of orphan accounts, and requiring less time to access resources

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is a war-dialing attack?

A

War dialing or wardialing is a technique to automatically scan a list of telephone numbers, usually dialing every number in a local area code to search for modems, computers, bulletin board systems (computer servers) and fax machines. Hackers use the resulting lists for various purposes: hobbyists for exploration, and crackers – malicious hackers who specialize in breaching computer security – for guessing user accounts (by capturing voicemail greetings), or locating modems that might provide an entry-point into computer or other electronic systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which of the following countermeasures would be the most appropriate to prevent possible
intrusion or damage from wardialing attacks?
A. Monitoring and auditing for such activity
B. Require user authentication
C. Making sure only necessary phone numbers are made public
D. Using completely different numbers for voice and data accesses

A

Explanation: Knowlege of modem numbers is a poor access control method as an attacker can discover modem numbers by dialing all numbers in a range. Requiring user authentication before remote access is granted will help in avoiding unauthorized access over a modem line. “Monitoring and auditing for such activity” is incorrect. While monitoring and auditing can assist in detecting a wardialing attack, they do not defend against a successful wardialing attack. “Making sure that only necessary phone numbers are made public” is incorrect. Since a wardialing attack blindly calls all numbers in a range, whether certain numbers in the range are public or not is irrelevant. “Using completely different numbers for voice and data accesses” is incorrect. Using different number ranges for voice and data access might help prevent an attacker from stumbling across the data lines while wardialing the public voice number range but this is not an adequate countermeaure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

When we are dealing with memory activities, we use a time metric of nanoseconds (ns), which is a billionth of a second. So if you look at your RAM chip and it states 70 ns, this means it takes 70 nanoseconds to read and
refresh each memory cell. True/False

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

RAM is an integrated circuit made up of millions of transistors and capacitors. True/False

A

True. The capacitor is where the actual charge is stored, which represents a 1 or 0 to the system. The transistor acts like a gate or a switch. A capacitor that is storing a binary value of 1 has several electrons stored in it, which have a negative charge, whereas a capacitor that is storing a 0 value is empty. When the operating system writes over a 1 bit with a 0 bit, in
reality, it is just emptying out the electrons from that specific capacitor.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

How does DRAM works? and how does it differ from Static RAM?

A

In Dynamic RAM the data being held in the RAM memory cells must be continually and dynamically refreshed so your bits do not magically disappear. This activity of constantly refreshing takes time, which is why DRAM is slower than static RAM.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Why Do we need a DRAM when we have a SRAM?

A

SRAM capacitors cannot keep their charge for long. Therefore, a memory controller has to “recharge” the values in the capacitors, which just means it continually reads and writes the same values to the capacitors. If the memory controller does not “refresh” the value of 1, the capacitor will start losing its electrons and become a
0 or a corrupted value.

19
Q

Synchronous DRAM (SDRAM), Extended data out DRAM (EDO DRAM), Burst EDO DRAM (BEDO DRAM) and Double data rate SDRAM (DDR SDRAM). Which type of RAM listed above provides better, faster and robust RAM capability for a System.

A

DDR SDRAM Carries out read operations on the rising and falling cycles of a clock pulse. So instead of carrying out one operation per clock cycle, it carries out two and thus can deliver twice the throughput of SDRAM. Basically, it doubles the speed of memory activities, when compared to SDRAM, with a smaller number of clock cycles.

20
Q

In Systems Security Architecture, Systems of a higher trust level may need to implement segmentation of the memory used by different processes. This means memory is separated physically instead of just logically. This adds another layer of protection to ensure that a lowerprivileged process does not access and modify a higher-level process’s memory space. This is Often Referred to as ______?

A

Hardware Segmentation

21
Q

Read-only memory (ROM) is a nonvolatile memory type, meaning that when a computer’s power is turned off, the data is still held within the memory chips. When data is written into ROM memory chips, the data cannot be altered. Individual ROM chips are manufactured with the stored program or routines designed into it. The software that is stored within ROM is called _________

A

Firmware

22
Q

PROM vs EPROM which of the following categories fo Read only Memories can be programmed Once?

A

PROM Programmable read-only memory (PROM) is a form of ROM that can be modified after it has been manufactured. PROM can be programmed only one time because the voltage that is used to write bits into the memory cells actually burns out the fuses that connect the individual memory cells.

23
Q

What type of memory used for high-speed writing and reading activities. When the system assumes (through its programmatic logic) that it will need to access
specific information many times throughout its processing activities, it will store the information in location so it is easily and quickly accessible?

A

Cache Memory;

24
Q

Validate this statement wether true or False; Different motherboards have different types of cache. Level 1 (L1) is faster than Level 2 (L2), and L2 is faster than L3. Some processors and device controllers have cache memory built into them. L1 and L2 are usually built
into the processors and the controllers themselves.

A

Absolutely True. L1 cache is faster than L2 and L2 is faster than L3. L1 and L2 are often store in processors and Controllers.

25
Q

What is the purpose of memory Mapping?

A

Memory Mapping Controls Access to memory which is needed to ensure data does not get corrupted and that sensitive information is not available to unauthorized
processes.

26
Q

Which Part of the computer is the most trusted to access system memory using physical addressing?

A

The CPU is one of the most trusted components within a system, and can access memory directly. It uses physical addresses instead of pointers (logical addresses) to memory segments. Applications used Logical addressing to access the memory.

27
Q

What is the differences between absolute and Logical Address

A

The physical memory addresses that the CPU uses are called absolute addresses. The indexed memory addresses that software uses are referred to as logical addresses. Software only uses the indexed memory assigned to them

28
Q

True or False? Every application does not “know” it is sharing memory with other applications. When the program needs a memory segment to work with, it tells the memory manager how much memory it needs. The memory manager allocates this much physical memory, which could have the physical addressing of 34000 to 39000.

A

Absolutely True.

29
Q

_________ takes place when too much data is accepted as input to a specific process. it is an allocated segment of memory. it can be overflowed arbitrarily with too much data, but for it to be of any use to an attacker, the code inserted into it must be of a specific length, followed up by commands the attacker wants.
executed.

A

Buffer Overflow

30
Q

When a programmer writes a piece of software that will accept data, this data and its associated instructions will be stored in the buffers that make up a stack. The buffers need to be the right size to accept the inputted data. True/False

A

True, So if the input is supposed to be one character, the buffer should be 1 byte in size. If a programmer does not ensure that only 1 byte of data is being inserted into the software, then someone can input several characters at once and thus overflow that specific buffer.

31
Q

Explain how buffer over flows occurs with illustrations

A

You can think of a buffer as a small bucket to hold water (data). We have several of these small buckets stacked on top of one another (memory stack), and if too much water is poured into the top bucket, it spills over into the buckets below it (buffer overflow) and overwrites the instructions and data on the memory stack

32
Q

In a System Security architecture, a memory stack has individual buffers to hold instructions and data. True/False

A

True

33
Q

What must an attacker know and do before he/she can have a successful Buffer Overflow attack?

A

The attacker must know the size of the buffer to overwrite and must know the addresses that have been assigned to the stack. Without knowing these addresses, she could not lay down a new return pointer to her malicious code. The attacker must also write this dangerous payload to be small enough so it can be passed as input from one procedure to the next.

34
Q

True/False. Windows’ core is written in the C programming language and has layers and layers
of object-oriented code on top of it. When a procedure needs to call upon the operating system to carry out some type of task, it calls upon a system service via an API call.

A

Absolutely True. The APIs act like a doorway to operating systems functionalities.

35
Q

An operating system must be written to work with specific CPU architectures. These architectures dictate system memory addressing, protection mechanisms, and modes of execution and work with specific
instruction sets. True/Fasle and what does it implies ?

A

Very True.. This means a buffer overflow attack that works on an Intel chip will not necessarily work on an AMD or a SPARC processor. These different processors set up the memory address of the stacks differently, so the attacker may have to craft a different buffer overflow code for different platforms.

36
Q

What is the Best Countermeasures against Buffer Overflow attacks?

A

Vendor System Updates is the best Option.

37
Q

Which is the best protection against buffer-over flow attacks?

A

The best countermeasure is proper programming. This means use bounds checking. If an input value is only supposed to be nine characters, then the application Should only accept nine characters and no more.

38
Q

Windows Vista was the first version of Windows to implement address space layout randomization (ASLR), which was first implemented in OpenBSD. This Control was meant to address what kind of Vulnerability in a system?

A

These was implemented to address the Memory vulnerability associated with Buffer Overflow on Systems.

39
Q

How is Address space Layout Randomization Works?

A

If an attacker wants to maliciously interact with a process, he needs to know what memory address to send his attack inputs to. If the operating system changes these addresses continuously, which is what ASLR accomplishes, the potential success of his attack is greatly reduced. You can’t mess with something if you don’t know where it is.

40
Q

What is the sole purpose of implementing DEP - Data execution Prevention in System Memory Managements.

A

DEP mark certain memory locations as “off limits” with the goal of reducing the “playing field” for hackers and malware.

41
Q

In a properly written system, When the application is done with the memory, it is supposed to tell the operating system to release the memory so it is available to other applications. This is only fair True/false

A

True. But some applications are written poorly and do not indicate to the system that this memory is no longer in use. If this happens enough times, the operating system could become “starved” for memory, which would drastically affect the system’s performance

42
Q

The Process by Which an application is vulnerable to Dos attack because applications are written poorly and do not indicate to the system that this memory is no longer in use. is known as ______________

A

Memory Leaks

43
Q

Two main countermeasures can protect against memory leaks: These include: ____________-and ______________

A

developing better code that releases memory properly, and using a garbage collector, software that runs an algorithm to identify unused committed memory and then tells the operating system to mark that memory as “available.” Different types of garbage collectors work with different operating systems and programming languages.