Cissp 2024 Flashcards
Notes
What is a Class in relation to OOP (Object Oriented Programming)?
Object Oriented Programming (OOP) relies on the relationship between classes and objects. Objects inherit information from their assigned class. This allows programmers to be more efficient with their code. OOP code scales better and is easier to modify.
What is a library?
A library is a collection of prewritten code, modules, functions and resources that programmers can use to accelerate and simplify the development of software applications.
What is multi-threading?
Multi-threading is a software concept where multiple threads, or lightweight processes run concurrently within a single program. It enhances performance by allowing tasks to be executed independently, improving efficiency in parallel processing.
What is a software routine?
A software routine is a set of instructions or code designed to perform a specific task or function within a larger program aiding modularity and code reusability.
What is access aggregation?
Access aggregation happens when someone combines multiple pieces of information at a lower classification level and infers information at a higher classification level. This is part of the <b>reconnaissance</b> step in the <b>cyber kill chain</b>.
What is footprinting?
Footprinting is gaining information to be able to state what systems exist and what their Operating System (OS) patch level is.
What is access creep?
Access creep happens when users just keep gaining more access to systems and data the longer they work at a company. When a user leaves a project or department their old access rights should be removed if no longer required.
What is a reciprocal agreement?
A reciprocal agreement or <b>Mutual Assistance Agreement</b> is an agreement or <b>memorandum of understanding</b> where two companies pledge the availability of their organisation’s data center during a disaster. This allows company A to utilize company B’s data center and vice versa. They are rarely used in the real world and are often in disaster recovery literature. They have been used by companies such as newspaper companies, although the companies very carefully constructed contracts ensure success.
What is a service bureau?
A service bureau also known as a <b>vendor hot site</b> is a type of company that is possible to subscribe to as a service. When a company has a disaster, they only need to show up to the service bureau with their people and their data.
The Padding Oracle On Downgraded Legacy Encryption (POODLE) attack is possible against what protocol?
Secure Sockets Layer (SSL) standard v3.0 was found vulnerable in 2014 to an attack known as the Padding Oracle On Downgraded Legacy Encryption (POODLE). POODLE demonstrated a significant flaw in the SSL 3.0 fallback mechanism. SSL is considered insecure and should be replaced by the latest version of TLS if it is in use and it can be replaced. If it cannot be replaced, other security mechanisms should be added.
Is HTPPS susceptible to a POODLE attack?
Even though HTTPS is a protocol, the underlying protocol that it uses to encrypt is either TLS or SSL.
Is RDP susceptible to a Padding Oracle On Downgraded Legacy Encryption (POODLE) attack?
Remote Desktop Protocol (RDP) is incorrect because it is not vulnerable to the POODLE attack.
