CISSP Notes 2

Question 1

Are launched directly from an attacker (the client) to a listening service. The “Conficker” worm of 2008+ spread via a number of methods, including this method on TCP port 445, exploiting a weakness in the RPC service.

Answer 1

SMB Protocol

Question 2

Behavioral biometric method, that’s inexpensive, not intrusive and often transparent to the user.

Answer 2

Keystroke pattern

Question 3

The amount of time the biometric system requires to scan and approve or deny access.

Answer 3

Throughput Rate.

Question 4

A method where user can register their own devices with the organization & associates them with the user account.

Answer 4

Device Fingerprinting.

Question 5

3rd party tool to authenticate users own devices into the organization’s network.

Answer 5

SecurityAuth Identity Provider

Question 6

XML-based language commonly used to exchange (AA) information between federated organizations.

Answer 6

Security Assertion Markup Language (SAML)

Question 7

XML-framework designed for exchanging user information for federated identity SSO purposes that’s based on DSML.

Answer 7

Service Provisioning Markup Language (SPML)

Question 8

Can display LDAP-based directory service information in an XML format.

Answer 8

Directory Service Markup Language (DSML)

Question 9

Menus and shell, DB view and physical interfaces

Answer 9

Constrained User Interface

Question 10

Declarative access control policy language implemented in XML and also a processing model, describes how to interpret security policies.

Answer 10

Extensible Access Control Markup Language (XACML)

Question 11

A protocol specification for exchanging structured information in the implementation of web services and networked environments.

Answer 11

Simple Object Access Protocol (SOAP)

Question 12

A type of IDS that uses if/then statements and expert system to allow for A.I characteristics

Answer 12

Rule-based IDS

Question 13

A type of client/server technology that forces users to log onto a central server just to use the computer and access network resources.

Answer 13

Thin Clients

Question 14

An attack method on smart cards when attackers have introduced computational errors into the card with the goal of uncovering the stored encryption keys.

Answer 14

Fault Generation

Question 15

Attack against smart cards that uses needle-less and ultrasonic vibration to remove the outer protective material on the card’s circuit and tapping into the card’s ROM chips.

Answer 15

Micro-probing Attack

Question 16

The process of identifying, understanding and categorizing a potential threat

Answer 16

Threat Modeling

Question 17

IDaaS functionality that includes logging information and answering questions such as who accesses what and when.

Answer 17

Intelligence

Question 18

IDaaS that includes the ability to provision identities held by service to target application.

Answer 18

Identity Governance and Administration (IGA)

Question 19

In this model the user authenticates once and then has unconditional access to all resources.

Answer 19

Once In-Unlimited Access (OIUA)

Question 20

If real SSO isn’t available, then the company compensate this software with _____ solution.

Answer 20

Script-based SSO

Question 21

A set of IT-U guidelines for the exchange of email of Message Handling System (MHS)

Answer 21

X.400

Question 22

Developed by telecommunication companies as a way to facilitate a standard method for developing electronic directories for use over telecom networks.

Answer 22

X.500 protocol suite

Question 23

Outlawed malcode creators plus punishment

Answer 23

Computer Abuse Amendment Act

Question 24

Guarantees the creators of “original work of authorship” protection against the unauthorized duplication of their works.

Answer 24

Digital Millennium Copyright Act (DMCA)

Question 25

Privacy and security regulations for hospitals, physicians, insurance companies and other organizations that process or store Personal Health Information.

Answer 25

HIPAA

Question 26

Greatly broadens the power of law enforcement organizations among many areas including when monitoring electronic communications.

Answer 26

Patriot Act of 2001

Question 27

A standard for credit card companies to handle the private information of customer credit cards.

Answer 27

PCI-DSS

Question 28

Integrated framework governance model used to help prevent fraud within a corporate environment

Answer 28

COSO

Question 29

Framework of control objectives and allows for IT governance

Answer 29

COBIT

Question 30

The standard for the establishment, implementation, control, and improvement of the information security management system.

Answer 30

ISO 27001

Question 31

Set of best practices for IT service management

Answer 31

ITIL

Question 32

Security and Privacy Control objectives for federal information systems and organizations.

Answer 32

NIST SP 800-53

Question 33

Model and methodology for the development of enterprise architectures developed by the Open Group.

Answer 33

TOGAF

Question 34

Decomposing the application to gain greater understanding of the logic of the product and its interaction with external elements

Answer 34

Reduction Analysis

Question 35

Decomposition five key concepts

Answer 35

1. Trust boundaries
2. Data flow paths
3. Input points
4. Privileged operations
5. Security stance and approach

Question 36

Approach to identify threats

Answer 36

Focused on assets; focused on attacker; focused on software

Question 37

Minimum level of security that every system must meet

Answer 37

Baseline

Question 38

Compulsory requirements for user of hardware, software, technology and security control

Answer 38

Standard

Question 39

Individual responsible for reviewing and verifying that the security policy is properly implemented

Answer 39

Auditor

Question 40

individual responsible for implementing the prescribed protections in security policy

Answer 40

Data Custodian

Question 41

Individual responsible for classifying information

Answer 41

Data Owner

Question 42

Trained and experienced network, system and security engineer who is responsible for following directives by senior management

Answer 42

Security Professional (You)

Question 43

Used to store a sample of biometrics

Answer 43

Reference Profile or Reference Template

Question 44

Commercial classification system

Answer 44

• Confidential
• Private
• Sensitive
• Public
• Top secret

Question 45

Military classification system

Answer 45

• Top secret
• Secret
• Confidential
• Sensitive but unclassified
• Unclassified

Question 46

Storing something in out-of-the-way location

Answer 46

Seclusion

Question 47

Risk Management Framework steps

Answer 47

1. Categorize information
2. Select security control
3. Implement security control
4. Assess security control
5. Authorize information system
6. Monitor security control

Question 48

The collection of executives practicing the support, definition and direction of the security effort of the organization

Answer 48

Security governance

Question 49

The system of oversight that may be mandated by law, regulations, industry standards, contractual agreements or licensing requirement.

Answer 49

Third party governance

Question 50

BCP Main Steps

Answer 50

1. Project Scope and planning
2. BIA
3. Continuity planning
4. Approval and Implementation

Question 51

BCP resource requirements phase

Answer 51

1. BCP development
2. BCP testing, training and maintenance
3. BCP implementation

Question 52

BCP scope and planning requirements

Answer 52

1. Structured analysis of business organization
2. Creation of BCP team with senior management approval
3. Assessment of availability of resources
4. Analysis of legal and regulatory landscape

Question 53

Business organization analysis and critical departments

Answer 53

1. Operation department
2. Critical support departments
3. Senior executives

Question 54

BCP team selection

Answer 54

1. Representative from each core department
2. Representative from each support dept
3. Representative from IT
4. Representative from legal dept
5. Representative from senior management

Question 55

BIA process steps

Answer 55

1. Assets identification
2. Risks identification
3. Likelihood assessment
4. Impact assessment
5. Resource prioritization

Question 56

Continuity planning sub-tasks

Answer 56

1. Strategy development
2. Provisions and processes
3. Plan approval
4. Plan implementation
5. Training and education

Question 57

BCP Statement of Importance

Answer 57

Reflects the criticality of the BCP, commonly takes the form of a letter to the employees stating the reason behind BCP efforts and request cooperation of all personnel in implementation phase.

Question 58

BCP Statement of Priorities

Answer 58

Flows directly from the “identify priorities” phase of BIA and involves listing of the functions considered critical

Question 59

Statement of organizational responsibility

Answer 59

Comes from senior level executives and echoes the sentiment that “business continuity is everybody’s responsibility”.

Question 60

Statement of urgency and timing

Answer 60

Expresses the criticality of implementing BCP and outlines the implementation timetable.

Question 61

Confinement

Answer 61

Allows a process to read from and write to only certain memory locations and resources. This is also known as sandboxing.

Question 62

Mode Transition

Answer 62

When the CPU has to change from processing code in user mode to kernel mode. This is a protection measure but it causes a performance hit.

Question 63

HSM

Answer 63

A crypto-processor used to manage/store digital encryption keys, accelerate cryptograhpic ops, and improve authentication. Often an add-on adapter or peripheral or can be TCP/IP network device.

Question 64

Feedback

Answer 64

One system provides input to another system, which reciprocates by reversing those roles (so that system A first provides input for system B and then system B provides input to System A)

Question 65

Memory Protection

Answer 65

Protection mechanism provided by operations systems that can be implemented as encapsulation, time multiplexing of shared resources, naming distinctions, and virtual memory mapping.

Question 66

TPM

Answer 66

Both a specification for motherboard crypto-processor and general specification name. It is a chip used to store/process crypto keys for hardware and supported HDD crypto systems.

Question 67

DLL

Answer 67

A set of subroutines that are shared by different applications and operating system processes.

Question 68

Bound

Answer 68

The bound of a process consist of limits set on the memory addresses and resources it can access. It states the area within which a process is confined or contained.

Question 69

Unconstrained Data Item (UDI)

Answer 69

Any data item that is not controlled by the security model. Any data that is to be input and hasn’t been validated, or any output.

Question 70

Base register

Answer 70

Beginning of address space assigned to a process. Used to ensure a process does not make a request outside its assigned memory boundaries.

Question 71

Package

Answer 71

An intermediate grouping of security requirement components that can be added or removed from a Target of Evaluation (TOE).

Question 72

Data mining

Answer 72

Searches large amounts of data to determine patterns that would otherwise get “lost in the noise”.

Question 73

Data Execution Prevention (DEP)

Answer 73

Memory protection mechanism used by some operating systems where segments may be marked as non-executable so that they cannot be misused by malicious software.

Question 74

Take-Grant

Answer 74

A technology that employs a directed graph to dictate how rights can be passed from one subject to another or from a subject to an object.

Question 75

Security Perimeter

Answer 75

Imaginary boundary that separates the trusted computing base from the rest of the system.

Question 76

PCI-DSS

Answer 76

Collection of requirements for improving security of electronic payment transactions.

Question 77

Hybrid Microkernel Architecture

Answer 77

Combination of monolithic and microkernel architecture. The microkernel carries out critical operating system functionality, and the remaining functionality is carried out in a client/server model within kernel mode.

Question 78

Interfaces

Answer 78

Implemented within an application to restrict what users can do or see based on their privileges. Users with full privileges have access to all the capabilities of the application.

Question 79

Cascading

Answer 79

Input for one system comes from the output of another system.

Question 80

TCB

Answer 80

A combination of hardware, software, and controls that work together to form a trusted base to enforce your security policy.

Question 81

Data Hiding

Answer 81

Use of segregation in design decisions to protect software components from negatively interacting with each other.

Question 82

Common Criteria

Answer 82

A worldwide standards-setting group of reps from various international standards organizations. It defines standards for industrial and commercial equipment, S/W, protocols, and management, among others.

Question 83

OWASP

Answer 83

Provides a huge number of free resources dedicated to improving an organization’s application security posture.

Question 84

Tokens

Answer 84

Separate object that is associated with a resource and describes its security attributes. It can communicate security information about an object prior to requesting access to the actual object.

Question 85

Instruction Set

Answer 85

Set of operations and commands that can be implemented by a particular CPU

Question 86

Trusted System

Answer 86

Describes a system that is always secure no matter what it is in.

Question 87

Chinese Wall

Answer 87

This model was created to permit access controls to change dynamically based on a user’s previous activity.

Question 88

Process Isolation

Answer 88

One in which all protection mechanisms work together to process sensitive data for many types of users while maintaining a stable and secure computing environment.

Question 89

Micro-architecture

Answer 89

Specific design of a microprocessor, which includes physical components (registers, logic gates, ALU, cache, etc.) that support a specific instruction set.

Question 90

Protection Profile

Answer 90

Specifications for a product that is to be evaluated; the security requirements and protections.

Question 91

Constrained Data Interface (CDI)

Answer 91

Any data item whose integrity is protected by the security model.

Question 92

Reference Model

Answer 92

The part of the trusted computing base that validates access to every resource prior to granting access requests.

Question 93

Multilevel Security

Answer 93

A system is operating in multilevel security when it permits two or more classification levels to be processed at the same time (all that users don’t have the clearance or formal approval to access)

Question 94

Rootkit

Answer 94

Malware that replaces portion of the kernel and/or operating system.

Question 95

Interrupts

Answer 95

Software or hardware signal that indicates that system resources (i.e., CPU) are needed for instruction processing.

Question 96

Graham-Denning Model

Answer 96

Focused on the secure creation and deletion of both subjects and objects. It is a collection of eight primary protection rules or actions that define the boundaries of certain secure actions.

Question 97

Integrity Verification Procedures (IVP)

Answer 97

In Clark Wilson model, IVP is a procedure that scans data items and confirms their integrity.

Question 98

Layered OS Architecture

Answer 98

Architecture that separates system functionality into hierarchical layers.

Question 99

Security Target (ST)

Answer 99

Specify the claims of security from the vendor that is built into the Target Of Evaluation (TOE).

Question 100

DREAD rating system components

Answer 100

1. Damage Potential
2. Reproductibility
3. Exploitability
4. Affected Users
5. Discoverability