CISSP Flash Cards - Generic

1
Q

Bell-LaPadula

A
  • No read up and No Write down
  • To protect Confidentiality
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Biba

A
  • No read down and No write up
  • To protect integrity
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Lipner

A
  • Can use Bell-LaPadula alone to protect confidentiality
  • Or combine Bell-LaPadula and Biba to protect both confidentiality and integrity
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Brewer Nash or The Chinese Wall Security Model

A
  • Designed to mitigate conflict of interest that arise from hiring third parties (ex. consultants)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Graham-Denning model

A
  • Uses an access control matrix (ACM) to map subjects and objects to a series of eight rules
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Graham-Denning model

A
  • Uses an access control matrix (ACM) to map subjects and objects to a series of eight rules. Each row represents a subject and each column represents either an object or another subject. The point where a row and a column meet contains the rights that the subject row has for accessing the column subject or object
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Digital Forensics Steps

A

1- Identification of evidence
2- Acquisition of evidence
3- Analysis of evidence
4- Reporting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Incident Response Phases

A

1- Detection
2- Response
3- Mitigation
4- Reporting
5- Recovery
6- Remediation
7- Lessons Learned

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Enticing

A

occurs when an individual who was already planning to commit a crime is eventually lured into doing so at the urging of law enforcement representatives

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Entrapment

A

Occurs when an individual who otherwise had no intention of committing a crime is lured into doing so at the urging of law enforcement representatives

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Rainbow table

A

can be used to obtain the plaintext of a hashed password. Reversing the hash is accomplished by causing a collision between hash values; a collision occurs when identical inputs are used, which generates an identical hash value. Thus, if an attacker can generate a collision, they might be able to determine the plaintext value of the input

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Passphrase

A

password type that is typically longest and contains the fewest random characters

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Hashing

A

Used to create digital signatures and to verify the integrity of data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Pharming Attacks

A

are DNS cache poisoning attacks that attempt to modify a DNS cache by providing invalid information to a DNS server. DNSSEC is a set of security extensions intended to make DNS more secure by adding special records to a zone that include digital signatures for the other records in the zone and using those signatures to verify responses to queries of the zone

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Teardrop Attacks

A

are Denial of Service (DoS) attacks where an attacker sends several large overlapping IP fragments to the victim system which tries to reassemble these packets, sometimes causing the system to crash

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

ARP

A

used to resolve IP addresses to MAC addresses

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

NIST SP 800-30

A

Used to assess risk

17
Q

ITIL

A

created by the UK Government to improve IT service management processes

18
Q

COBIT

A

ISACA framework that established 34 processes and 214 control objectives to assist in developing an IT security management plan

19
Q

ISO 27000

A

established a framework for developing security management standards

20
Q

NIST SP 800-37

A

Risk Management Framework - is a security compliance framework fir government entities

21
Q

IAB (Internet Activities Board)

A

establishes standards for unethical behavior on the internet

22
Q

Computer Ethics Institute (CEI)

A

created the ten commandments of computer ethcs

23
Q

Copyrights

A

protect art, music, or source code from being used by third party without a license or explicit permission from the owner

24
Q

Trademarks

A

protect branding such as slogan, logo, or other means of creating a distinction between a product among competitors

25
Q

Patnets

A

protect the patent holder’s exclusive right to use, create, or sell an invention for a specific period of time

26
Q

NDAs

A

used to dissuade an individual from revealing trade secrets or other confidential information to third parties

27
Q

Incremental Backup

A
  • only backs up files that have been modified since the last full or incremental backup.
  • it clears the archive attribute at the completion of the backup process
  • Provide the shortest backup creation time of all backup types but the longer restoration process (requires the full backup and each incremental backup created since the last full backup)
28
Q

Deferential Backup

A
  • includes only the files that have the archive attribute turned on, which indicates they have been modified or created since the last backup
  • They do not clear the archive attribute so each successive deferential backup will typically be larger than the previous one
  • Restoring data requires the full backup and the most current differential backup
29
Q

Forced Browsing Attack

A

attack used an attacker is searching for unlinked content on a web server. It’s considered a brute-force attack and be used to access the URL in a browser’s location bar might be able to access the email inbox of the user if appropriate security measures are not in place

30
Q

Double encoding attack

A

used in attempt to bypass a web application’s existing directory traversal security check.

31
Q

Fuzz testing

A

involves entering random malformed data as input to discover how the application responds to garbage data

32
Q

Regression testing

A

performed to ensure that a change has not broken existing functionality or introduced new problems

33
Q

Combinatorial testing

A

a type of black-box testing where the tester is provided no information about the application being tested

34
Q

Pairwise testin

A

a form of combinatorial testing involving testing more than one component at a time

35
Q

AH and ESP (Encapsulating Security Payload)

A

AH (Authentication Header) is typically used in transport ESP mode. ESP provides confidentiality for IPSEC VPN tunnels. AH provides integrity and authentication for IPSEC VPN tunnels. IPSEC operates in transport mode or tunnel mode. In transport mode, ESP encrypts only the packet data leaving the IP headers unencrypted

36
Q

Object reuse

A

is the process if reusing data or authentication credentials that an application or process has shared in memory or cached to disk

37
Q

US Privacy Act

A
  • Created in 1974 to provide citizens with access to private information that is being collected and maintained by the government
38
Q

OECD Guidlines

A

privacy policy created in 1980 to provide a framework for how information traverses international borders

39
Q

EU-US Safe Harbor

A

created in 1998 by the US dept of Commerce for companies in the US to share personal information with EU member nations

40
Q

Piracy

A

Intellectual property attack that focuses on infringement of copyright