Chapter 1 - Security Governance Through Principles and Policies Flashcards

Question

What is important when addressing Multiparty Risk

Answer 1

When several entities or organizations are involved in a project use SLAs to address risks.

Answer 2

risk = Threat * Vulnerability or risk = probability of harm * severity of harm

Answer 3

1) Asset Vauation (AV) 2) Exposure Factor (EF) 3) Single Loss Expectancy (SLE) 4) Annualize Rate of Occurence (ARO) 5) Annualized Loss Expectancy (ALE) 6) Cost Benefit Analysis of countermeasures

Answer 4

% of loss that an organization would experience if a specific asset is violated by a realized risk

Answer 5

Potential loss associated with a single relaized threat against a specific asset SLE = AV * EF SLE is expressed in $$

Answer 6

Expected frequency a specific threat or risk will occur per year

Answer 7

ALE = SLE * ARO ALE = AV * EF * ARO

Answer 8

Mitigation or Reduction Assignment or Transfer Deterrence Avoidance Acceptance Reject or Ignore

Answer 9

Total Risk = threats * vulnerabilities * asset value

Answer 10

Controls Gap = Total Risk - Residual Risk Controls Gap is the amount of risk that is reduced by implementing safeguards

Answer 11

Annual Cost to Safeguard

Answer 12

The STRIDE threat model is a developer-focused model to identify and classify threats under 6 types of attacks Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Priviledges To identify threats and vulnerabilities And develop countermeasures

Answer 13

[ALE Pre-Safeguard - ALE Post-Safeguard] - Annual Cost of Safeguard ACS = Value of the safeguard to the company Negative is Bad, Positive is Good

Answer 14

Preventive Deterrent Detective Compensating Corrective Recovery DIrective

Answer 15

Deployed to thwart or stop unwanted or unathorized activity

Answer 16

Discourage security policy violations

Answer 17

Deployed to discover or detect unwanted or unauthorized activity

Answer 18

deployed to provide various options to other existing controls to aid in enforcement and support of security policies

Answer 19

Modifies the environment to return systems to normal after an unwanted or unauthorized activity has occurred

Answer 20

Extension to corrective controls but have more advanced or complex activities. Looks to repair or restore resources, functions, and capabilities after a security policy violation.

Answer 21

Deployed to direct, confine, or control actions of subjects to force or encourage compliance with security policies.

Answer 22

Amendment to The first major piece of US cybercribe -specific legislation. 1986 To address hacking with penalties

Answer 23

Provided punishment guidelines to help federal judges interpret computer crime laws

Answer 24

Required a formal Infosec operations for federal government

Answer 25

Covers literary, musical, and dramatic works. DMCA prohibits the circuvention of copy protection mechanisms placed in digital media and limits the liability of the internet service providers for the activities of their users.

Answer 26

Formal evaluation of a security infrastructure individual mechanisms against a baseline or reliability expectation.

Answer 27

Risk Maturity Model - Assess keyindicators and activities or a mature, sustainable, and repeatable risk management process

Answer 28

Risk Management Framework. NIST RMF in SP 800-37 establishes mandatory security requirements for federal agencies.

Answer 29

Prepare Categorize Select Implement Assess Authorize Monitor

Answer 30

Type of spear phishing targeted at high value individuals

Answer 31

SPam over instant messaging.

Answer 32

Phishing over telephony or voice comm systems

Answer 33

email with falsified source address. DMARC is used to filter spoofed messages

Answer 34

Form of social engineering designed to convince targets to perform an action that will cause problems or reduce IT security

Answer 35

Business Continuity Planning - Four main steps 1) Project Scope and Planning, 2) Business impact analysis, 3) Continuity Planning, 4) Approval and implementation

Answer 36

MTD - Max tolerable downtime RTO RPO ARO - Annualized Rate of Occurence

Answer 37

Focuses on the whole business

Answer 38

Focuses on technical aspects of recovery

Answer 39

Serve to protect society against computer crimes.

Answer 40

Provide for an orderly sociatey and governs matters that are not crimes but require an impartial arbiter to settle dispute.

Answer 41

Executive brand of the US government that requires agencies with a wide ranging set of responsibilites to ensure the government functions effectively

Answer 42

First major piece of cybercrime specific legislation. Covers computer crimes that cross state boundaries to avoid infringing on state rights. CFAA was amended in 1994.

Answer 43

Another amendement to CFAA designed to further extend to computer systems used in international commerce.

Answer 44

Passed in 2002. Requires federal agencies to implement an information security program to cover agency's operations. Includes contractor activities. NIST - National Institute of Standards and Technology is responsible for developing the implementation guidelines. 1) Periodic assessment of risk 2) Establish policies and procedures based on the risk assessments 3) Subordinate plans for adequate info security for networks, facilites, info systems, etc 4) Security awareness training 5) Periodic testing and evaluation 6) Process for planning, implementing, evaluating, and documenting remedial actions 7) Procedures for detecting, reporting, and responding to security incidents 8) Plans and procedures to ensure continuity of opertions for information systems

Answer 45

By President Barack Obama 2 key bills: 1) Federal Info Systems Modernization Act (confusingly FISMA) - Centralized federal cybersecurity under Homeland Security. Excludes defense related and national intelligence related cybersecurity issues. 2) Cybersecurity Enhancement Act - charges NIST with responsibility for coordinating nationwide work on voluntary cybersecurity standards. (i.e. NIST SP 800-53, SP 800-171, Cybersecurity Framework) 3) National Cybersecurity Protection Act - charged the Dept of Homeland Security with establishing a national cybersecurity and communication integrations center. Interface between federat agencies with civilian orgs to share cyber information.

Answer 46

Guarantees creators of original work of authorship - protect against duplication Literary, Musical, Drama, Patomimes, Pictorical, Movies, sound, architectural works For computers it is the source code Protection period - works by one or more authors are protected 70 years after the last surviving author. Works for hire and anonymous works are provided protection for 95 years from the date of first publication or 120 years from the date of creation, which ever is shorter.

Answer 47

1998. Limited the liability of internet service providers when their circuits were used by criminals to violate copyright laws.

Answer 48

Protects words, slogas, and logos used to identify a company, products and services

Answer 49

Protect intellectual property rights of inventors. 20 year period from the time of the invention (date of initial application)

Answer 50

Not published or made public. Kept a secret and control measure must be put in place.

Answer 51

Contractual Shrink Wrap Click Through Cloud Services (click through to the extreme)

Answer 52

Controls exports of items that are specifically designated as military and defense items including technical inforation.

Answer 53

Covers export regulations of a broader set of items that are designated for commercial use but have military application.

Answer 54

Regulates export of encryption products

Answer 55

Limits the ability of federal government agencies to disclose private citizen information without prior written consent. Mandates agencies to maintain only records necessary for conducting business. Destroy records no longer needed. Provides formal procedure for individuals to gain access to their data and request incorrect records to be amended. Only applies to government agencies

Answer 56

Makes it a crime to invade electronic privacy of an individual. Expands on the Federal Wiretap Act. Protects against the monitoring of email and voice mail communic

Answer 57

Amend ECPA to allow wiretaps for law enforcement with an appropriate court order regardless of technology use.

Answer 58

Extends definition of property to include proprietary economic information

Answer 59

Established strict security measures to protect patient medical records in terms on how it is processed and stored. It also clearly defines the rights of individuals who are the subject of medical records and requires organizations that maintain such records to disclose these rights in writing.

Answer 60

Amendment to HIPAA. Changed how the law applies to business associates, which are orgs that handle the protected PHI data from HIPAA covered entities. Covered entities and BAs must be governed by a written contract know as the BAA agreement. BAs are subject to HIPAA rules. HITECH also introduced data breach notification requirements. Breaches must notify individuals as well as the secretary of heal and human services and the media - breaches must affect more than 500 individuals.

Answer 61

COPPA demands websites that cater to children to have 1) Privacy notice that states the type of information collected and what its used for 2) Parents must have the opportunity to review any info collected and have the ability to delete 3) Parents must give verifiable consent to collect info for 13 and younger

Answer 62

Allowed commercial banks, investment banks, securities firms, and insurance companies were allowed to consolidate. Set limitations on the type of info that can be exchanged among subsidiaries and required the provision of privacy policies to all customers.

Answer 63

Providing Appropriate Tools Required to Intercept and Obstruct Terrorism.. Broadened powers of law enforcement when monitoring electronic communications. Chnaged how government worked with ISPs. Can obtain user activity data via subpoena.

Answer 64

Key Provisions -Lawfulness, Fairness and transparency -Purpose Limitation -Data Minimization -Accuracy -Storage Limitation - "right to be forgotten" -Security -Accountability

Answer 65

Any information that is not public or unclassified. PII, PHI, Proprietary

Answer 66

Top Secret, Secret, Confidential, Unclassified

Answer 67

No set standard. Typical, Confidential/Proprietary, Private, Sensitive, Public

Answer 68

Data at rest, in Transit, in use

Answer 69

A physical security control and means that systems and cables from the classified network never physically touch those from unclassified.

Answer 70

Data Loss Prevention 1) Network Based - scans all outgoing data. Placed on edge of network. 2) End Point - scans files stored on a system as well as files sent to other systems.

Answer 71

Is the data that remains on media after the data was supposedly erased. Degaussers can be used to erase data on magnetic media only For SSD must be destroyed

Answer 72

Only removes the directory or catalog link to the data. The actual data remains on the drive and over time slowly re written.

Answer 73

Or overwriting. Unclassified data is written over all addressable locations on the media. Example single character or bit pattern is writtne over the entire media. May still be possible to retrieve data using sophisticated lab or forensic techniques

Answer 74

More intense clearing process. Multiple clearing passess. Combines with degausing. Not trusted by the US government.

Answer 75

USe of strong magnetic field to erase media. Does not work with optical CDs, DVDs or SSDs

Answer 76

Destruction of the encryption key. For cloud this may be the only method or secure deletion.

Answer 77

Data protection method to provide copy right protection for copyrighted works.

Answer 78

Typically a small file that includes a terms of use and decryption key to grant access

Answer 79

Requires systems to be connected to the internet. Periodically connects to authentication server.

Answer 80

Combined with persistence it can track abuse such as concurrent use of product across different geos.

Answer 81

Subscription basis products limited to 30 days

Answer 82

Monitors all activities from on-prem to cloud traffic. Ensures policies such as encryption at rest on cloud is enforced. Or detecting Shadow IT.. Logs all activities. Includes authentication and authorization controls to cloud resources.

Answer 83

Process of using pseudonyms to represent other data. Its an alias. Useful for GDPR

Answer 84

Use of a token, random string of characters, to replace other data. Typically for Credit Card transactions.

Answer 85

Used when personal data is not needed. Process of removing all relevant data so that it is theoretically impossible to identify original subject or person. Randomized masking - swaps data in individual columns so records no longer represent actual data. Can not be reversed

Answer 86

Person who has ultimate org responsibility for data, CEO, Department Head. Data Classification Security Controls Rules for appropriate use Establish security requirements for system owners Access and priviledges and access rights Identification and assessment of common security controls where info resides

Answer 87

Individual who owns the asset or system that process sensitive data. Develops and maintains security plan Training personnel Assist in identification, implementation, and assessment of common security controls.

Answer 88

Responsible for ensuring systems provide value to the organization Use of governance methods like COBIT to help business owners and mission owners balance security control requirements with business and mission needs.

Answer 89

Data processor per GDPR is natural or legal person, public authority, agency or other body which processes personal data on behalf of the Controller Data Controller - Controls / collects the processing of data

Answer 90

Data owners often delegate day to day tasks to data custodians. Custodians protect integrity and security of data. Store, protected, backed up, audited/logs. Typically IT.

Answer 91

Many orgs views any individual with elevated privileges to be administrators

Answer 92

Use of Imaging to establish systems baselines and then use of auditing processes to ensure no changes are made NIST SP800-53 identifies baseline security controls

Answer 93

Tailoring modifies list of security controls baselines to align with organization mission. Scoping is part of the tailoring process that reviews the baseline list of controls and selecting only those that apply to the IT systems trying to protect.

Answer 94

Confidentiality, Integrity, Authentication, and Non Repudiation Data at Rest, in Motion and in Use

Answer 95

Symmetric and Asymmetric

Answer 96

Ensures data was not altered in transit. Created upon transmission of a message.

Answer 97

Provides assurance to the recipient of a message that it originated by the sender and not someone else masquerading. It also prevents sender from claiming they did not send. Only achievable using Asymmetric or Public Key cryptosystems

Answer 98

The thought of allowing Algorithms to be public and known. The secret is kept in the keys themselves. Allows for more scrutiny on the algorithms and flush out exposures sooner for change and improvements.

Answer 99

Message prior to being encrypted. "P"

Answer 100

Message after encryption. "C"

Answer 101

All cryptographic algorithms rely on Keys. These are nothing more than a number. Large#

Answer 102

Range of values that are valid for use as a key for a specific algorithm.

Answer 103

The art of creating and implementing secret codes and ciphers

Answer 104

Study of methods to defeat codes and ciphers

Answer 105

combined Cryptography and Cryptoanalysis

Answer 106

Checks whether both values are true

Answer 107

Check whether at least one of the values is true

Answer 108

Reverses the value of the input

Answer 109

Returns true value only when one of the values is True

Answer 110

The remainder value left after a division operation

Answer 111

Mathematical operation that easily produces output values for each possible combination of inputs but makes it it impossible to retrieve the input values.

Answer 112

Method used to add randomness to encryption process. A nonce is a random number that acts as a placeholder for mathematical functions.

Answer 113

Appears in cyptography in cases where one individual wants to demonstrate knowledge of a fact (i.e. password or key) without actually disclosing the secret to the other individual.

Answer 114

Information or privilege required to perform an operation is divided among multiple users. Separation of duties and two-person control . Best example is KEY ESCROW - key is stored with third party for safekeeping. Environments where only one escrow recovery agent exists there is opportunity for fraud. M of N Control requires a min number of agents to work together,

Answer 115

The amount of time and effort required to perform a complete brute force attack against and encryption system

Answer 116

Not the same. Codes are crypto systems of symbols that represent word or phrases, are sometimes secret, but are not always meant to provide confidentiality. Ciphers are always meant to hid the true meaning of the message -work at the bits and blocks.

Answer 117

Use of encryption algorithm to rearrange the letters of a plaintext message forming ciphertext message.

Answer 118

Use of encryption algorithm to replace each character or bit with a different character

Answer 119

Powerful type of substitution cipher. Function. Ciphertext C = (PlainText P + EncrypKey K) Mode 26. key Must - Randomly generated, Physically Protected, Used only Once, must be as long at the message to be encrypted.

Answer 120

Also known as a book cipher. Key is often as long at the message itself and chosen from a common book newspaper or magazine.

Answer 121

Operate at the "chunk" or blocks level and apply the encryption to an entire message block at the same time. Transposition ciphers are examples.

Answer 122

operate on one character or bit at a time. Caesar cipher and one time pad are examples.

Answer 123

These are the two basic operations crypto algorithms use to obscure plain text messages.

Answer 124

pro - performance cons - Key distribution, does not implement non-repudiation, algorithm is not scalable, keys must be regenerated often.

Answer 125

1) Addition of new users requires generation of only one public private key pair 2) Easy removal of users via a key revocation mechanism 3) Key generation is only needed when private key is compromised 4) Provides integrity, authentication and non repudiation 5) Simple key distribution 6) No preexisting communication link needs to exist Major weakness is slow performance

Answer 126

Where Asymmetric cryptography is used to share symmetric private keys to enable a secure and performant communication.

Answer 127

Public key cryptosystems can provide digital signature capabilities when used in conjunction with message digest. Message digest (also known as hash values or fingerprints) are summaries of a messsages content produced by a hashing algorithm. Message digest are designed to protect the INTEGRITY of a piece of data. Detects changes or alterations.

Answer 128

Type of Crypto mode of operation. Simplest mode in that it simply encrypts the block using a chosen secret. Easy to break bc if eavesdrpped can easily build code book and decrypt. Impractical and used only for short small amount os data exchanges.

Answer 129

Type of Crypto mode of operation Each block of unencrypted text is XORed with the block of cyphertext immediately preceeding it before it is encrypted. Errors are easy to propagae.

Answer 130

Streaming cipher version of CBC. Operates agains data produced in real time.

Answer 131

Same as CFB mode but instead of XORing and encrypted version of the previous block of the ciphertext, OFB XORs the plaintext with a seed value.

Answer 132

Similar to CFB and OFB as a stream cipher, but uses a simple counter that increments for each operatrion. Errors do not propagate.

Answer 133

Takes CTR and adds authenticity giving assurances to the integrity of the data received.

Answer 134

Similar to GCM it offer both authenticity and confidentiality. Combines CTR for confidentiality with Cipher Block Chaning Message Code algorithm for authenticity. Used only with block ciphers that have 128 bit block length and requires a nonce that must change for each transmission.

Answer 135

US gov published in 1977 No longer secure 64 Bit cipher Five modes - ECB, CBC, CFB, OFB, and CTR KEY Used is 56 bits long

Answer 136

Stronger adapted version of DES but also no longer considered adequate.

Answer 137

Developed in response to the insufficient key length of the DES algorithm. Operates on 64 bit blocks of plain text. However it begins operation with a 128 Bit key. Operates in DES, ECB, CBC, CFB, OFB, and CTR.

Answer 138

Another block cipher operates on 64 Bit blocks of text. Allows use of variable length keys rainging from 32 bits to 448 bits. With more security eats away at performance.

Answer 139

Approved for use in US gov in FIPS 185, Escrowed Encryption Standard (EES). Operates on 64 Bits blocks of text. Uses 80 bit key and supports the four DES modes of operation. It supports the escrow of encryption keys Skipjack and the CLipper chip were not embraced by the crypto community due to mistrust of the escrow procedures from the US gov.

Answer 140

Ron Rivest of Rivenst-SHamir-Adleman Data Security Symmtric Cipher

Answer 141

Stream cipher developed in 1987 Single round of encryption Use variable key lengths - 40 to 2048 bits

Answer 142

Variable block sizes (32, 63 or 128 bits) Key sizes between 0 to 2040

Answer 143

Next version of RC5 Uses 128 bit block size Allows use of 128, 192 or 256 symmetric keys

Answer 144

Oct 2000 NIST announced Rijndael block cipher was chosed to replace DES. Allows use of 128, 192, and 256 Key sizes. Only allows 128 bit block processings.

Answer 145

Algorithms are another family of symmetric block cipers. Two forms CAST -128 and CAST-256.

Answer 146

Offline distribution Public Key Encryption Diffie-Hellman

Answer 147

A protection measure that requires that a minimum number of agents (M) out of the total number of agents (N) work together to perform high-security tasks.

Answer 148

A process by which a cryptographic key is split into multiple key components, individually sharing no knowledge of the original key, which can be subsequently input into, or output from, a cryptographic module by separate entities and combined to recreate the original cryptographic key.

Answer 149

An initialization vector (IV) is an arbitrary number that can be used with a secret key for data encryption to foil cyber attacks. This number, also called a nonce (number used once), is employed only one time in any session to prevent unauthorized decryption of the message by a suspicious or malicious actor.

Answer 150

type of substitution cipher used for data encryption in which the original plaintext structure is somewhat concealed in the ciphertext by using several different monoalphabetic substitution ciphers rather than just one; the code key specifies which particular substitution is to be employed for encrypting each plaintext symbol.

Answer 151

is the practice of concealing information within another message or physical object to avoid detection. Steganography can be used to hide virtually any type of digital content, including text, image, video, or audio content. That hidden data is then extracted at its destination. Content concealed through steganography is sometimes encrypted before being hidden within another file format. If it isn’t encrypted, then it may be processed in some way to make it harder to detect.

Answer 152

Most famous public key cryptosystem. RSA public key algorithm remain a worldwide standard today. 1977 Ronald Rivest, Adi Shamir and Leonard Adleman

Answer 153

Another asymmetric algorithm which takes the principles of DIffie Hellman key exchange (for Symmetric Key Exchanges) can be extended to support an entire public key cryptosystem. Open to public domain Downside is that it doubles the size of the message it encrypts.

Answer 154

ECC, an alternative technique to RSA, is a powerful cryptography approach. It generates security between key pairs for public key encryption by using the mathematics of elliptic curves. Formulaic problem is more difficult and harder to break than RSA, Diffie-Hellman or ElGamal. Key length is important but due to the nature of ECC, crypto key of 256 ECC is equivalent to a 3072bit RSA key.

Answer 155

Allows two individuals to generate a shared secret key over an insecure communication channel. This is an example of public key cryptography. Key exchange protocol, NOT an encryption protocol. Used to establish a symmetric encryption communication channel. "Hybrid Cryptography" Used in TLS

Answer 156

Real of digital signatures. Proof that a message originated from a specific user. They take a potentially long message generate a unique output value derived from the content of the message. This is referred as a "message digest" SHA MD5 RIPEMD

Answer 157

!) The input can be of any length 2) The output has a fixed length 3) Easy to compute for any input 4) One way function (hard to determine input with the output) 5) Collision resistant

Answer 158

SHA 1 - 160 bit message digest. Deprecated 2017 SHA 256 - 256 message digest, 512 block size SHA 224 - 224 message digest using 512 block size. Truncated version of 256 SHA 512 - 512 message digest 1024 block size SHA 384 is the truncated version of 512 SHA 2 Generally considered secure

Answer 159

Message Digest developed by Ronald Rivest same as RSA.128 bit 512 blocks. No longer viable due to attacks

Answer 160

Used in Bitcoin 128 bit digest. Not secure Latest secure version is RIPEMD-160 - 160 bit hash

Answer 161

Ensures messages truly came from sender and no modifications in transit. Ensures crypto goals of integrity, authentication and non repudiation

Answer 162

Hashed message authentication code - implements a partial digital signature, it guarantees the integrity of the message during transmission ,but does not provide non-repudiation. Relies on a shared key.

Answer 163

NIST specifies which digital signature algorithms are acceptable for federal use. Today must use SHA-3 DSS also specifies acceptable encryption algorithms - DSA - Digital Signature Algorithm RSA, ECDSA - Elliptic Curve DSA.

Answer 164

Proving to the CA your identity

Answer 165

Provide your public key to the CA, who in turn provides you with a X.509 certificate signed with the CA Private Key

Answer 166

Domain Validation - CA validates certificate subject has control of domain name Extended Validation - higher level of assurance that subject is a legitimate business

Answer 167

Check digital signature of the CA is authentic You trust the CA Certificate is no on a CRL (Certificate Revocation List) Cert actually contains the data you are trusting

Answer 168

Instructs browsers to attach a cert to a subject for an extended period of time.

Answer 169

Compromised Erroneously issued Details of cert changed Security association changed ( no longer work or employed by org)

Answer 170

Certificate Revocation List - Latency due to the need to download and sync Online Certificate Status Protocol (OCSP) - Real time checks via an OCSP server. Burden this server, high activity. Certificate Stapling is an extension to OCSP to relieve workload. Allows certificates to be "stapled" for a period of time typically 24 hrs where it can be reused.

Answer 171

Provides and effective way to manage encryption keys. Store and manage keys. SImple as a Yubikey or datacenter services offered through IaaS services.

Answer 172

Takes the best of both worlds of Synmetric and Assymtric keys and combines Ephemeral Key is a temporary key exchanged once asymmetric crypto connection is established and exchange of a Symmtric key. Ease of deployement + performance.

Answer 173

Secure email system - 1991. Combines CA hierarch with Web of Trust concept. You must become trusted by one or more PGP users to begin using the system..

Answer 174

Secure/Multipurpose Internet Mail Extentions - Emerged as the defacto standard for encrypted emails.

Answer 175

AES Rijindael Blowfish DES 3DES Rivest Cipher 4 RC5 RC6 Skipjack CAST 128 CAST 256 Twofish IDEA

Answer 176

RSA Merkle Hellman Knapsack ElGamal Elliptic Curve Diffie-Hellman Key Exchange

Answer 177

SHA MD5 RIPEMD

Answer 178

It is important to understand that beyond looking at the TLS version and ensuring it is one of those supported, one needs to also look at the cipher suite it support. Cipher suites are combinations of encryption algorithms used together

Answer 179

1) Key Exchange Algorithm ( RSA, Diffie Hellman) 2) Authentication Algorithm 3) Bulk Encryption Algorithm 4) Hash Algorithm

Answer 180

Provides a mechanism for anonymous routing traffic across the internet using encryption and relay nodes. Leverages "perfect forward secrecy" where layers of encryption prevent nodes in the relay chain from reading anything bu what they need to manage traffic.

Answer 181

The art of using cryptographic techniques to embed secret messages within another message.

Answer 182

Link Encryption lower in the OSI layer End to End Encryption higher in the OSI layer. Header, Trailer, address and routing data is not encrypted like Link Encrypt.

Answer 183

Architecture framework for secure communications over IP. Network traffic. Set by Internet Engineering Task Force (IETF) Two components 1) authentication header - message integrity and non repudiation, 2) encapsulating security payload - confidentiality and integrity of packet contents.

Answer 184

Transport Mode - only packet payload is encrypted. End to End encryption Tunnel Mode - - entire packetincluding header is encrypted. Link encryption

Answer 185

Technology allows ability to perform computtion on data while it is encrypted.

Answer 186

Attacks logic of the algorithms

Answer 187

Exploits weaknesses in the implementation of the crypto system. Exploits software code.

Answer 188

attacks the hardware or OS for statistical weaknesses such as floating point errors or inability to produce truly random numbers.

Answer 189

Attempts every possible valid combination for keys or passwords. The time required to discover a password/key is proportional to the length of it. There are way to shorten this via 1) Ranbow tables, 2) Specialized scalable computing hardware.

Answer 190

Compromise by causing external fault for example by using high voltage electricity, high/low temps, or other factors to cause malfunction.

Answer 191

Monitor system activity "footprints" to attack the information being actively encrypted.

Answer 192

Example of a side channel attack which measures how long crypto operations take to complete to undermine security

Answer 193

Combats brute force attacks. A cryptographic salt is a random value that is added to the end of a PW before the OS hashes the pw and stored.

Answer 194

Looks at the encrypted cyphertext message and counts the number of times a letter appears and determines the types of ciphers being used for example a transposition or substitution cipher.

Answer 195

Attacker has a copy of the encrypted message and the plain text. This allows to break weaker codes.

Answer 196

Attacker obtains cypher texts and corresponding plain texts of their own choosing to determine key

Answer 197

Attacker has the ability to decrypt chosen portions of the ciphertext and use the decrypted portions to discover the key

Answer 198

Attacks algorithms that use two rounds of encryption. Reason why 2DES was quickly deemed nonviable. Attacker uses a known plain text and searches for every possible encryption (K1) and decryption keys (K2) to find a match.

Answer 199

Attacker sit in the middle of two communicating parties and intercepts all communication. This attackers sets up secure sessions with both the sender and recipient.

Answer 200

During a birthday attack, the attacker tries to find two different input messages that produce the same hash value, called a collision. By finding a collision, the attacker can deceive a system into believing that two other notes are identical. For instance, they can forge a digital signature or crack a password hash.

Answer 201

Attacks systems that dont incorporate temporal protections , ie. timestamps and expiration periods, challenge response mechanims and encrypting authentication session. Attacker intercepts an encrypted message and later replays it to open a new session.

Answer 202

PBKDF2 bcrypt scrypt For Key stretching

Answer 203

When subject A request Object B and in turn Subject B requests from Object C. In essense A receives data from C.. Serious security concern.

Answer 204

Fail Soft - Is to allow a system to continue to operate after a component failure Must assess between Physical and Digital World In the physical world if Human protection is prioritized - Fail Safe If asset is the priority then - Fail Secure In the physical world Fail Open is synonimous to Fail Safe and Fail Closed is synonimous to Fail Secure In the Digital world the protection revolves around Availability and Confidentialigy/Integrity. Fail Open prioritizes Availability over C/I. Fail Closed prioritizes the reverse.

Answer 205

Dont Repeat yourself - eliminate redundant code Computing Minimalism - code that uses lease amount of hw/sw resources Rule of Least Power - use of least powerful programming language Worse is Better - Quality does not mean increase in capabilities and function You are not gonna need it - Dont add capabilities until is actually necessary

Answer 206

No longer a security perimeter Never Trust Always Verify

Answer 207

Dividing an internal network into numerous subzones. Communications between zones are filtered and may require authentication, require session encryption and subject to allow list and block list controls.

Answer 208

Have developers integrate privacy protections early in design. Proactive and not reactive Preventive not remedeial Privacy as a default Privacy embedded in design Full Functionality End to End security Visbility and transparency Respect for user privacy

Answer 209

Traditional approach of trusting subjects and devices in a company's security perimeter automatically. No longer sufficient.

Answer 210

Confinement is making sure that an active process can only acces specific resources (such as memory) Bounds is the limitation of authorization assigned to a process to limit the resources the process can interact with and the types of interactions Isolation is the means by which confinement is implemented through the use of bounds.

Answer 211

Tokens - separate object with attributes Capabilities List - maintains row of security attributes - look ups Labels - permanent part of the object - attached - can not be altered.

Answer 212

Ways to formalize security policies in code. Provides set of rules that a computer can follow to implement fundamental security concepts, processes, and procedures of a security policy. Provides sw designers a mesurement for their implementations.

Answer 213

Combination of HW, SW and controls to meet enforce security policy. Must be as small as possible. Each TCB must adhere and enforce policy Security Perimeter - is the boundary Must establish Trusted Paths of communication in to out of perimeter Trusted Shell - for communication command line operations Reference Monitor - Validates access to every resource prior to granting access Security Kernel - collection of components in the TCB that work together to implement reference monitor functions

Answer 214

Describes a system that is always secure no matter what state it is in. State transistions IF each posible state and transitions meet security policies The system is called a secure state machine

Answer 215

Based on the state machine model , controls information flow and ensures all authorized flows and prevents unauthorized flows. Used to establish relationship between two version or states

Answer 216

Concerned with how the actions of a subject at a higher security level affect the system state or the actions of a subject at a lower security level. Subject A/ High should not affect or interfere with actions of Subject B/Low.

Answer 217

Dictates how rights can be passed from one subject to another - Employs a directed graph. Used to figure out when rights in the system can change and where leakage (unintended distribution of permissions) can occur. 4 Rules for Rights 1) Take Rule - Take rights 2) Grant Rule - Grant rights 3) Create Rule - Create rights 4) Remove Rule - Remove rights

Answer 218

Used by systems to quickly determine whether a requested action by a subject for an object is authorized.

Answer 219

From DoD - 1970 Multilevel security policy - Littice based Prevents leaking or transfer of classified info to less secure clearance levels Solely focused on Confidentiality 3 Principles 1) Simple Security Property - Subject may not read information at higher sensitivity level - No REad Up 2) *Star Security Property - Subject may not write information to a lower sensitivy level - No Write Down - "Confinement Property" 3) Discretionary Security Property - System uses an access matrix to enforce discretionary access control First two states which the system can transition. All states end secure.

Answer 220

Focuses on Integrity Prevents modification of objects by unauthorized subjects, prevent unauthorized modification of objects by authorized subjects, and protect internal and external object consistency. Principles: 1). Simple Integrity Property - States subject cannot read an object at a lower integrity level - No Read Down 2) * Star Integrity Property - States subject cannot modify object at higher integrity level - No Write Up

Answer 221

Not a State machine, Not Latticed model Enforces Data Integrity It uses a three part subject/program/object relationship called - Access Control Triplet 2 Principles: 1) Well formed Transactions - Programs 2) Separation of Duties Subject can only access object through a program, interface or access portal. No direct access to objects.

Answer 222

To address conflict of interest Permits access controls to change dynamically based on user previous activity. "chinese wall", "ethical wall" , "cone of silence"

Answer 223

Integrity Model Foundation for NonInterference concepts and model. Based on predetermining the set or domain of objects that a subject can access. Subjects in one domain can not interfere those of other.

Answer 224

Integrity Model Model is based on the idea of defining a set of system states, initial states, and state transitions. Through these predetermined states integrity is maintained and interference prohibited.

Answer 225

Focused on the secure creation and deletion of both subjects and objects Securely create an object Securely create a subject Securely delete an object Securely create a subject Securely provide the read access right Securely provide the grant access right Securely provide the delete access right Securely provide the transfer access right

Answer 226

Fo uses on assignment of object access rights to subjects as well as the resilience of those assigned rights. Extension of the Graham Denning Model HRU access rights can be represented in a matrix

Answer 227

Buyers consider systems that have been subject to formal evaluation Common Criteria offers a subjective product evaluation model, key objectives 1) add buyer confidence in security of product 2) elimination of duplicate evaluations 3) make evaluations cost effective and efficient 4) adherence to high and consistent standards 5) promote evaluation 6) functional evaluation and assurances of the target evaluation TOE - target of evaluation PP - Protection profile - specifies the requirements and protections to be evaluated ST - Security Targets - vendor claims "I will provide" EAL - Evaluation assurance levels 1-7

Answer 228

Authorization to Operate Common Control Authorization - Security control is inherited from another provider Authorization to Use - Issued when a 3rd party provider (i.e. cloud service) provides IT/IS servers that are deemed to have a risk acceptable level. Denial of Authorization

Answer 229

To handle tow or more tasks simultaneously.

Answer 230

Means a CPU now a chip contains two/four/dozen or more independent cores that can operate simultaneously or independently.

Answer 231

A multiprocessor system harness the power of more than one processor to complete the execution of a multithreaded application.

Answer 232

This is at a process level. Permits multiple concurrent tasks to be performed within a single process. Unlike multitasking where multiple tasks consist of multiple processes. Multithreading is used in applications where frequest context switching between multiple active processes causes excessive overhead. Switching between threads is more efficient.

Answer 233

Similar to multitasking Is a way to batch or serialize multiple processes so that when one process stops to wait on a peripheral, its state is saved and the next process in line begins to process.

Answer 234

organize code and components in the OS into circles of priviledge. Ring 0 - Kernel Ring 1 Other OS components Ring 2 Drivers protocols Ring 3 User level programs and applications 0-2 priviledge mode 3 - User mode Ensures right access to data by the right component in the runtime environment

Answer 235

Or Operating states are the various forms of execution which a process may run. Ready State - Process is ready to resume or begin processing Running State - Or problem state executes on the CPU and continues until finishes, its time slice expires or it is blocked. if stopped goes back to ready or if paused goes to Waiting Waiting State - Waiting for I/O to be serviced before continuing. Supervisory State - When process must perform an action that requires priviledges greater than the problem state's set of priviledges. Stopped State - Process finishes or must be terminated

Answer 236

Read Only Memory. Several types 1) PROM - Programable 2) ERPOM - Erasable. Ultraviolet EPROM can be erased with a light. 3) EEPROM - Electronically Erasable - Use electric voltages to force erasure 4) Flash Memory - Non volatile form of storage media that can be electronically erased and rewritten.

Answer 237

Random Access Memory Real Memory - Main or primary memory Cache RAM - takes data from slower device to temporary store for faster access. Data is lost with loss of electrical power Two types of RAM - Dynamic and Static Dynamic leverages a charge to maintain bits 1 or 0. Bc the charge fades, the cpu needs to refresh to maintain data Static RAM maintains the data with a logical device called "flip flop". Does not incur CPU, performs faster, but is more expensive.

Answer 238

On board memory in CPU for the ALU ( arithmetic logical unit) to perform calculations or processes instructions.

Answer 239

Means to refer to various locations in memory 1) Register Addressing 2) Immediate Addressing - A way of referring to data that is supplied to the CPU as part of an instruction. 3) Direct Addressing - cpu is provided actual memory location to address. Must be on the same memory page. 4) Indirect Addressing - cpu is provided a memory address that contains another where the data resides. 5) Base+Offset - uses a value stored in one of the CPU registers as the base from which to begin counting to compute the desired memory location.

Answer 240

Used to refer to magnetic, optical or flash based media or other storage devices that contains data not immediately accessble to the CPU. Data must first be read into real memory. Virtual memory is a type of secondary memory.

Answer 241

Primary Memory = Primary Storage Secondary Memory = Secondary Storage

Answer 242

Measure of how likely to lose data when power is turned off or cycled.

Answer 243

Most secondary storage is random Tape is an example of sequential where you have to read through all data prior to the desired location.

Answer 244

where adversaries intercept electronic or radio frequencies - i.e. monitors, network cables, modems, mobile TEMPEST countermeasures originally a government research aimed at protecting equipment from electro magnetic pulse during nuclear explosions, expanded to study this area of vulnerability.

Answer 245

Faraday Cage - external metal skin, wire mesh that surrounds room, buliding, etc White Noise - broadcase of false traffic Control Zone - Implementation of both Faraday and White noise to protect an area.

Answer 246

Also known as Microcode Software stored in ROM

Answer 247

Embedded in motherboards EEPROM or flash chip. Contain the OS independent privimitive instructions that a computer needs to start up and load the OS from disk.

Answer 248

Supports all same functions as BIOS + more, such as support for larger hard drives, faster boot times, enhanced security etc.

Answer 249

Process of updating the UEFI, BIOS, or firmware. Hacker attacks on this is Phlashing

Answer 250

Check on a signed preapproved digital certificate.

Answer 251

Optional feature of UEFI that takes a hash calculation to ensure no components where compromised.

Answer 252

Single computer contains multiple processors created equally and controlled by a single OS

Answer 253

Processors operating independently with own OS and/or task instruction set, dedicated data bus and memory resources

Answer 254

Collection of AMP linked together to work on a single primary task.

Answer 255

A Programmable Logic Controller (PLC) is used to control a single device in a standalone manner A Distributed Control System is used to interconnect several PLCs, but within a limited physical range in order to gain centralized control management and oversight through networking SCADA (supervisory control and data acquisition) expanded to large scale physical areas to interconnect multiple DCSs and PLCs.

Answer 256

Edge performs processing on the distributed edge close to where data originates. Fog computing performs centralized processing of data collected by distributed sensors.

Answer 257

Offer computational means to control something in the physical world. Examples - prosthetics to provide human augmentation or assistance, collision avoidance, air traffic control, robot surgery etc.

Answer 258

This architecture constructs applications or functions out of existing but separate and distinct sw services. New apps or functions need to be vetted.

Answer 259

Derivative of SOA. Is one element, feature, capability, business logic or function on a web. Each must have clearly defined and secure APIs for cross I/Os

Answer 260

AWS CloudFormation, Terraform, or Puppet.

Answer 261

SW deployed that it is fooled to believe it is interacting with a full host OS. Instead any interactions with a supposedly OS is intercepted by isolation manager and recorded into a file. This fools the app to believe it is interacting with the OS. This is sandboxing. Transform app to be portable. Evolved to containerization concept.

Answer 262

Hosting of desktop/workstations OS virtual machines on central servers that are remotely accessed. Reduce security risk.

Answer 263

Occurs when software within a guest OS is able to breach the isolation protection provided by the hypervisor and violates the container of other guest OS or infiltrate the host OS.

Answer 264

Based on the concept of eliminating the duplication of OS elements in a virtual machine.

Answer 265

In PaaS the entire execution environment or platform is spun up to host an application and it is always running, consuming resources and racking up costs. With Serverless Architecture or FaaS, the functions run only when called and then terminate when operations complete.

Answer 266

Control over mobile devices and the access to content hosted on company systems as well as teh control of access to company data stored on mobile devices

Answer 267

Device management that limits which applications can be installed on a device.

Answer 268

Action of breaking the digital rights management (DRM) security on the bootloader or a mobile device in order to be able to operate the device with root or full system privileges.

Answer 269

Hardware security modules (HSMs) are hardened, tamper-resistant hardware devices that secure cryptographic processes by generating, protecting, and managing keys used for encrypting and decrypting data and creating digital signatures and certificates.

Answer 270

Inform and guide the design, development, implementation, testing and maintenance of a particular system.

Answer 271

Is a systematic effort to identify relationships between mission critical applications, processes, and operations and all necessary supporting elements.

Answer 272

when various technologies merge over time. This can be a single point of failure.

Answer 273

CPTED. Core principle is that the design of the physical enviornment can be managed, manipulated and crafted with intention in order to create behavioral effects or changes in people present in those areas that reduce crime as well as fear of crime. Strategies 1) Natural access control 2) Natural surveillance 3) Natural territorial reinforcement

Answer 274

Deter Deny Detect Delay Determine Decide

Answer 275

Elements include: 1) Entrance facility - where cable from provider connects to the internal cable plant 2) Equipment Room - main wiring closet for the building 3) Backbone distribution system - provides wired connections between the equipment room and telecommunications room, including cross floor connections 4) Wiring Closet - serves connection needs for a floor or section of a large building. Also known as IDF intermediate distrubtion fram, telecommuncations room, and intermediate distribution facilities. 5) Horizontal distribution system - provides connection between telecommunications room and work areas

Answer 276

Pertains to cameras and video surveillance. Evaluation of the way someone walks as a form of biometric authentication.

Answer 277

Sensitive Compartmented Information Facility. Used by government and military. Provide a secure environment for highly sensitive data storage and computation.

Answer 278

Uninterrupted Power Supply Double Conversion - takes power out of the wall outlet, store in battery, pulling power out to feed whatever devices connected. Ensures common, streamlined quality feed. Line Interactive - Non in line. If the grid fails will automatically switch to the battery. Has surge protectory, battery charger/inverter and voltage regulator.

Answer 279

Fault - momentary loss of power Blackout - complete loss of power Sag - momentary low voltage Brownout - prolonged low voltage Spike - Momentary high voltage Surge - Prolonged high voltage Inrush - surge of power usually associated with power source connect Ground - electrical circuit for alternate pathway to flow to earth.

Answer 280

Is the interference of power through some form of disturvance, interruption or fluctuation, EMI is electromagnetic interference. Two types - Common mode noise and Traverse mode. RFI or radio frequency interference

Answer 281

Technique to arrange server rakes in lines separated by ailes.

Answer 282

GUides and assists with sustaining personnel safety in the wake of a ddisaster.

Answer 283

Layer 7 - Application Layer 6 - Presentation Layer 5 - Session Layer 4 - Transport Layer 3 - Network Layer 2 - Data Link Layer 1 - Physical

Answer 284

Communcation between OSI layers occur through encap and deencap Headers and footers Peer layer communcations

Answer 285

Responsible for interfacing user application, network services or the OS with the protocol stack.

Answer 286

Formats data. Also responsible for encryption and compression

Answer 287

Responsible for establishing, maintaining and terminating communication sessions between two computers Simplex Half Duplex Full Duplex

Answer 288

Manages the integrity of a connection and controllling the session. TCP/ UDP/ TLS protocols operate in this layer

Answer 289

Reponsible for logical addressing and performin routing. Routers are the primary network hardware in this layer. Distance vector vs link state

Answer 290

Formats packets to frames for transmission Deals on actual physical addresses - MAC, NIC Ethernet Protocols includ the Address Resolution Protocol ARP Switches and bridges are the hardware devices in this layer

Answer 291

Converts frams into bits for transmission of the physical connection

Answer 292

Four layers instead of 7 in OSI Application Transport Network Interface Link

Answer 293

Examines contents of network traffic. Also called sniffer, netowkr evaluator, network analyzer, traffic onitor, or packet capturing utility.. Places NIC in promiscuous mode. Sets rules for capture and display filters.

Answer 294

Telnet, TCP Port 23 - SUpports remote connectivity for executing commands and running applications. No transfer of file support FIle Transfer Protocol FTP - TCP Ports 20 and 21 Trivial FIle Transfer Protocol TFTP UDP Port 69 Simple Mail Transfer Protocol SMTP - TCP Port 25 Post Office Protocol POP3 TCP Port 110 Internet Message Access Protocol IMAP4 TCP Port 143 Dynamic Host Configuration Protocol DHCP - UDP Ports 67server and 68 for client Hypertext transfer protocol HTTP TCP Port 80 HTTPS TCP Port 443 Line Printer Daemon LPC TCP Port 515 X Window TCP Port 6000-6063 NFS TCP Port 2049 SImple Network Management Protocol - SNMP UDP Port 161

Answer 295

Two primary protocols of TCP/IP is TCP (full duplex) and UDP (simplex) Done using ports Port numbers are 16 digit binary numbers totalling 2^16 or 65,536 Firlst 1024 are well known ports used by servers From 1024 to 49151 are registered software ports used by networking software products From 49153 to 65535 are random, dynamic or ephemeral ports used by clients. 3 way hand shack - client send SYNC, Server SYNC/ACK, and client ACK

Answer 296

TCP for data delivery. Guarantees data delivery. Retrys UDP used when delivery of data is not essential. Best effort. No error detection or corrections, no sequencies, no flow control. Used for real time streaming - audio, video.

Answer 297

Computer name is a "temporary" Human Friendly covention assigned to an IP address

Answer 298

Temporary logical address assigned over or onto the MAC Address

Answer 299

Permanent physical address

Answer 300

Resolves human friendly domain name with IP address DNS operates over TCP and UDP over port 53

Answer 301

Top Level Domain TLD - is the .com Registered Domain - is the google Subdomain or hostname is the www FQDN can exceed 253 characters. Any sincle section cant exceed 63.

Answer 302

Creates an encypted session with a DNS server of TLS protected HTTP and uses that session as a form of VPN to protect then DNS query and response

Answer 303

Adds a DNS proxy between the client and the DNS resolvers so the identity of the requesting client is isolated from the DNS resolvers. Provides anonimity and privacy to the DNS queries.

Answer 304

DNS Poisoning Rogue DNS Server DNS Cache Poisoning DNS Pharming Altering the Host File Corrupt the IP Configuration DNS Query Spoofing Use Proxy Falsification

Answer 305

Limit zone transfers from internal to external DNS servers Require internal clients to resolve all domain naes through the internal DNS Limit the external DNS servers from which internal DNS servers pull zone transfers Deploy a network intrusion detection system NIDS Harden DNS and clients systems Use DNSSEC to secure infrastructure Use DoH or ODoH on all clients

Answer 306

Malicious act of changing registration of a domain name without the authorization of the owner

Answer 307

takes advantage of user mistypes of the domain or IP and redirects traffic

Answer 308

takes advantage on similarities in character sets to register phony international domain names that to the naked eye look legitimate

Answer 309

Practice of displaying a link or adverstisement that looks like a well known product, service or site

Answer 310

Means to redirect a user's click or selection on a web to an alternate malicious site

Answer 311

IPv4 uses 32 bits vs IPv6 uses 128 New with IPv6 : scoped addresses, autoconfiguration, and QoS Concerns of Transition 1) More addresses that attackers can use 2) IPv6 requires that all security filtering and monitoring products be fully upgraded to IPv6 3) Loss or lack of NAT - reduces privacy due to the lack of masking of the actual IP address from private to public realms

Answer 312

Dual stack, tunneling, or NAT-PT. Network address translation Protocol translation.

Answer 313

IPSEC Kerberos SSH Signal Protocol Secure Remote Procedure Calls Transport Layer Security. TLS

Answer 314

Benefits: 1) A wide range of protocols can be used at higher layers 2) Encryption can be in various layers 3) Flexibiity and resiliency in coplex network structures Drawbacks: 1) Covert channels are allowed 2) Filters can be bypassed 3) Legally segmented network boundaries can be overstepped

Answer 315

Concept of controlling access to an environment through strict adherence to and enforcement of security policy. Automates detection and response. Reacts realtime. Monitors systems to be current on patches and updates and compliant with latest security confirutations. Keep unauthorized devices out of the network

Answer 316

Provides clients on a private network with internet access while protecting their identities.