CISSP Notes 3 Flashcards
Packers
Provide runtime compression of executables. The original .exe is compressed, and a small executable decompresser is prepended to the .exe. Upon execution the decompresser unpacks the compressed executable machine code and runs it.
compartmented security mode
A system is operating in ________ when all users have clearance to access all the information processed by the system in a system high-security configuration, but might not have the need-to-know and formal access approval.
Sutherland Model
A model that is based on the idea of defining a set of system states, initial states, and state transitions. Through the user of only these predetermined secure states, integrity is maintained and interference is prohibited.
Hardware Segmentation
Physically mapping software to individual memory segments.
System-High Security Model
A system is operating _____ when all users have a security clearance to access the information but not necessarily a need-to-know for all the information processed on the system.
Garbage Collector
Tool that marks unused memory segments as usable to ensure that an operating system does not run out of memory.
Trusted Paths
For the TCB to communicate with the rest of the system, it must create secure channels, also called _____
System State
A snapshot of a system at a specific moment in time.
Absolute Address
Hardware addresses used by CPU.
Sandbox
Designed to prevent an attacker who is able to compromise a java applet from accessing system files, such as the password file.
Accreditation
Is the formal declaration by the designated approving authority that an IT system is approved to operate in a particular security mode using a prescribed set of safeguards at an acceptable level of risk
Transformation Procedures (TP)
______ are the only procedures that are allowed to modify a constrained data item (CDI)
ActiveX
Are the functional equivalents of Java applets. They use digital certificates instead of a sandbox to provide security. They are tied more closely to the operating system, allowing functionality such as installing patches via Windows Update.
ITSEC
European standard used to assess the effectiveness of the security controls built into a system.
Read-Only Memory (ROM)
Nonvolatile memory that is used on motherboards for BIOS functionality and various device controllers to allow for operating system-to-device communication. Sometimes used for off-loading graphic rendering or cryptographic functionality.
System security capabilities
The _____ of information systems include memory protection, virtualization, Trusted Platform Module, interfaces and fault tolerance.
Cache
Fast and expensive memory type that is used by a CPU to increase read and write operations.
Clark-Wilson Model
A security model that uses multifaceted approach to enforcing data integrity. Instead of defining a formal state machine, this model defines each data item and allows modifications through only small set of programs.
Security Kernel
The collection of components in the TCB that work together to implement reference monitor functions.
Logical Addressing
Indirect addressing used by processes within an operating system. The memory manager carries out logical-to-absolute address mapping.
Emanation
_____ is energy that escapes an electronic system, which may be remotely monitored under certain circumstances.
Goguen-Meseguer Model
The ____ model is based on predetermining the set or domain - a list of objects that a subject can access. This model is based on automation theory and domain separation.
Assurance evaluation criteria
The comprehensive evaluation of the technical and nontechnical security features of an IT system and other safeguards.
TCSEC
U.S. DoD standard used to assess the effectiveness of the security controls built into a system. Replaced by the Common Criteria.
Stack
Memory construct that is made up of individually addressable buffers. Process-to-process communication takes place through the use of them.
Process Isolation
Is used to prevent an active process from interacting within an area of memory that was not specifically assigned or allocated to it.
Virtual Memory
Combination of main memory (RAM) and secondary memory within an operating system.
Covert channel
________ is a way for an entity to receive information in an unauthorized manner. It’s also an information flow that is not controlled by a security mechanism.
Maintenance Hooks
They are instructions within software that only the developer knows about and can invoke, and which give the developer easy access to the code.
Fault Tolerance
The ability of a system to suffer a fault but continue to operate. This is achieved by adding redundant components such as additional disks within a RAID.
Time of Check/Time of Use
A type of attack which takes advantage of the dependency on the timing of events that take place in a multitasking operating system.
Limit Register
Ending of address space assigned to a process. Used to ensure a process does not make a request outside its assigned memory boundaries.
Lattice Model
A structure consisting of a finite partially ordered set together with least upper and greatest lower bound operators on the set.
Race Condition
______ happens when two different processes need to carry out their tasks on one resource.
Pipelining
______ combines multiple steps into one combined process, allowing simultaneous fetch, decode, execute, and write steps for different instructions.
Watchdog timers
_______ is designed to recover a system by rebooting after critical processes hang or crash. It reboots the system when it reaches zero; critical operating system processes continually reset the timer, so it never reaches zero as long as they are running.
Dedicated Mode
A system is operating in a ______ if all users have a clearance for, and a formal need-to-know about, all data processed within the system.
API
Software interface that enables process-to-process interaction. Common way to provide access to standard routines to a set of software programs.
Hardware separation
Is a form of CPU hardware layering that separates and protects domains (such as kernel mode and user mode) from each other.
Microkernel Architecture
Reduced amount of code running in kernel mode carrying out critical operating system functionality. Only the absolutely necessary code runs in kernel mode, and the remaining operating system code runs in user mode.
RAM
Memory sticks that are plugged into a computer’s motherboard and work as volatile memory space for an operating system.
Security Policy
Strategic tool used to dictate how sensitive information and resources are to be managed and protected.
Hypervisor
Central program used to manage virtual machines (guests) within a simulated environment (host).
P2P
Alternative to the classic client/server computer model. Any system may act as a client, a server, or both, depending on data needs.
Thin clients
Normally run on a system with a full operating system, but use a Web browser as a universal client, providing access to robust applications which are downloaded from the server and run in the client’s browser.
IoT
______ refers to small internet connected devices, such as baby monitors, thermostats, case registers, appliances, light bulbs, smart meters, fitness monitors, cars, etc.
ASLR
Memory protection mechanism used by some operating systems. The addresses used by components of a process are randomized so that it is harder for an attacker to exploit specific memory vulnerabilities.
Applets
_____ are small pieces of mobile code that are embedded in other software such as web browsers.
Java
_______ is an object-oriented language used not only to write applets, but also as a general purpose programming language. Java bytecode is platform-independent.
Diskless workstations
______ contains CPU, memory, and firmware, but no hard drive. It includes PCs, routers, embedded devices, and others. The kernel and operating system are typically loaded via the network.
Are launched directly from an attacker (the client) to a listening service. The Conficker worm of 2008+ spread via a number of methods, including this method on TCP port 445 - exploiting a weakness in the RPC service.
Server-side attack
Systematic whittling at assets in accounts or other records with financial value, where very small amounts are deducted from balances regularly and routinely.
Salami attack
An attacker gains access to a system and makes small random or incremental changes to data during storage, processing, I/O, instead of obviously altering the file.
Data Diddling
Malicious variations of official BIOS or firmware is installed that allows remote controlled access or other malicious actions.
Phlashing attack
Holds different condition bits. One of the bits states whether the CPU should be working in user mode or Kernel mode.
Program Status Word (PSW)
Single-purpose digital computer deployed for the management and automation of various industrial electro-mechanical operations
Programmable Logic Controller (PLC)
Static file on TCP/IP supporting systems that contains hard-coded references for domain names and their associated IP addresses.
HOSTS file
Often contains historical information not normally stored in productions DBs because of storage limitation and data security concerns
Data Warehouses
Software that runs an algorithm to identify unused committed memory and then tells the OS to mark the memory as available.
Garbage Collectors
Designed to do limited sets of specific functions, and it may consist of the same components of typical computer systems; or it could be a micro-controller (integrated chip with on-board memory and peripheral ports)
Embedded Systems
Minimal human interfaces, can be stand-alone; other similarly systems-integrated or traditional IT system integrated; mechanical buttons and knobs or simple LCD screen interfaces
SCADA
A technology that allows the electronic emanations that every monitor produces (Van Eck radiations) to be read from a distance.
TEMPEST
The science of raw data examination with the focus of extracting useful information out of the bill information set.
Data Analytic
Refer to devices that offer a computational means to control something in the physical world.
Cyber-physical systems
The user of an object (or OS component) doesn’t necessarily need to know the details of how the object works
Abstraction
A form of parallel distributed processing that loosely groups a significant number of processing nodes to work toward a specific processing goal
Grid Computing
Typically found in industrial process plans where the need to gather data and implement control over a large-scale environment from a single location is essential.
Distributed Control Systems
A set of functions that applications can call upon to carry out different types of procedures
Dynamic-Link Libraries
Holds information such as the program counter, stack pointer and PSW
Special Registers
Used to hold variables and temp results as the ALU works through its execution process
General Registers
Can cause the client to download contents and store it in the cache that was not the intended element of a requested webpage
Split-Response Attack
A technique to look for duplication of efforts, manual steps which can be automated, and other streamlined techniques to reduce time and effort in business processes
Process Enhancement
Document a new employee should sign upon employment which outlines rules, restrictions, acceptable use policies, job description, violations, consequences and length of employment.
Employment agreement
A document which needs to be signed by an employee in order to protect the organization’s confidential information or business practices.
Nondisclosure agreement
A document which needs to be signed by an employee in order to protect trade secrets or knowledge which distinguishes the company from the competition. It may even prevent the employee from working for a competitive company for a certain period of time.
Noncompete agreement
This process is essential to making sure a terminated employee is handled in a private, respectful, and careful manner as to make sure precautions are taken.
Employment Termination Process
Document containing vendor, consultant, or contractor controls used to define the expected performance, compensation, scope, and consequences of a missed agreement.
Service Level Agreement
The act of following the necessary laws, rules, policies, requirements, standards, or regulations.
Compliance
The freedom from being observed, leaked, monitored or experience unauthorized access to your data.
Privacy
Private information which can be traced back to the original person
Personally Identifiable Information
A system in which governance can be mandated by a third party law, regulation, standard, license, obligation or requirement.
Third-party governance
The process of reading through and verifying standards and requirements between exchanged documentation.
Documentation review
This loss can occur when failing to meet the required documentation requirements of third-party governance; specifically in the military or government.
Authorization to Operate
The process of examining the environment for risk and scoring the likelihood of it happening
Risk analysis
The direct target of a threat
Asset
The dollar value attached to an asset
Asset Valuation
Can be caused by the absence of a safeguard
Vulnerability
The percentage that a threat will be realized
Exposure factor
The calculation of a risk
Threat x vulnerability
The step taken to protect an asset
Safeguard or counter-measure
When a safeguard or counter-measure has failed and an exploit has been successful by the threat agent
Breach
Network topology that uses a single unilateral cable
Ring Topology
Network topology in which all points connect to one another
Mesh Topology
Fourth layer of the OSI Model
Transport
Fourth layer of the TCP/IP Model
Application
The #1 most important concept in all of the CISSP
Human life comes first
The place where security should begin in any SDLC
First phase/stage
The battleground where information and communication technology is used and utilized as a competitive factor over an enemy
Information warfare
Calculations made with numbers, graphs, historical numbers and research
Quantitative Analysis
Calculations based on feelings and instinct
Qualitative Analysis
SSL belongs in this layer of the OSI Model
TransportLayer
TCP belongs in this layer of the OSI Model
TransportLayer
Protocol data unit at the transport layer
Segments
Protocol data unit at the network layer
packets
Protocol data unit at the data link layer
frames
SMTP, HTTP, DNS belong in this layer of the OSI Model
ApplicationLayer
This layer of the OSI Model is not concerned with the data, but the format of the data
Presentation Layer
This layer of the OSI Model is responsible for establishing the connection between applications
Session Layer
Communication that takes place unidirectionally, in one direction
Simplex
This layer of the OSI Model is responsible for establishing the connections between endpoints, between the actual physical computers, not the applications
Transport Layer
Mode in which two applications can communicate with each other and send messages at the same time
Full-duplex
MAC addresses belong in which layer of the OSI Model?
Data Link Layer
Voltage, bits, UTP, NIC cards are all on which layer of the OSI Model?
Physical Layer
Connection-oriented protocol
TCP
Enables private IP addresses to be routed through the Internet
Network Address Translation
Allows fiber channel protocol encapsulation over Ethernet networks
Fiber Channel Over Ethernet
Layer 2 protocol which allows private IP addresses over a dedicated link, acting like a VPN
MPLS (Multiprotocol Label Switching)
Transmission in which the entire communication channel is utilized
Baseband
Transmission in which communications channels can be divided up into different types of subchannels for different types of data
Broadband
Has a copper core surrounded by a layer of shielding and grounded. It is further protected by an outer jacket. It is somewhat resistant to EMI.
Coaxial cable
Protocol that does not guarantee delivery
UDP
Components of a TCP handshake
SYN, SYN/ACK, ACK
192.168.1.12 is what type of IP address?
Private (RFC 1918)
10.0.0.2 is what type of IP address?
Private (RFC 1918)
127.0.0.1 is what type of IP address?
Loopback
Will you have to calculate subnets for the CISSP exam?
No.
Allows bigger networks to become smaller, more segmented and manageable networks.
Subnetting/CIDR
Does not require network address translation as it has its own configuration administration.
IPv6
Cabling with high transmission speeds, not susceptible to EMI, and can go for extended distances.
Fiber-optic cable
Contains large glass cores, can carry more data than single mode in fiber optic cables.
Multimode
This kind of cabling interference can be caused by other wires, microwaves, motors, computers, or other types of electronics.
Noise
The weakening and eventual loss of a signal.
Attenuation
802.3
Ethernet
When you hear conversations on your electronic device from another electronic device
Crosstalk
The most common network topology
Star Topology
CSMA/CA
Carrier sense multiple access with collision avoidance
Computers which all receive a Layer 2 broadcast frame are all in this type of domain.
Broadcast.
FDDI
Fiber Distributed Data Interface
Protocol which assigns IP addresses.
DHCP
Protocol used by ping
ICMP
Protocol for Internet mail servers which can send and receive email
Post Office Protocol
Protocol that does not download messages from an email server and erase them
IMAP
192.168.255.22 is an example of a Class _____ network
C
172.16.0.66 is an example of a Class _____ network
B
10.255.255.255 is an example of a Class ____ network
A
If someone said they were having IP connectivity issues, which layer of the OSI Model would you look at first?
Network Layer
Type of firewall that has the ability to look at the entire packet, not just the source and destination address and associated ports
Application-Level Proxy Firewalls
These types of firewalls remember the state of a connection, and has become the de facto standard. It was first created by Checkpoint.
Stateful
IDS is a technical _____________ control
Detective
A firewall with two interfaces is said to be __________
dual-homed
A type of proxy that does not have the ability to perform deep packet inspection, and operates at the session layer
Circuit-level proxy
Firewalls that can examine the relationship between previous and current network packets are known as _______ filtering firewalls
Stateful
Firewalls that can only examine the source, destination, and port are known as _______ filtering firewalls
packet
Firewalls which have two interfaces
Dual-homed firewalls
A server or a firewall designed to receive inbound network attacks
bastion host
A storage area network combined with backup tapes would provide a high degree of ______
availability/redundancy
Provides integrity through well-formed transactions
Clark-Wilson Model
CPTED
Crime Prevention Through Environmental Design
This algorithm uses less computing power and offers more security
Elliptical Curve Cryptography
The most common type of intrusion detection system
Signature-based
An architecture in which multiple segmented networks are separated by two or more firewalls
Three-tier deployment
The concept of providing security to a local device, to a local host whether it is connected to the network or not
Endpoint security
A remote encrypted connection for users connecting to the corporate headquarters externally
Virtual Private Network
When two transmissions collide on a transmission medium meant for one connection
Collision
An environment which communicates only using MAC addresses (Layer 2 of the OSI Model)
Broadcast domain
A device in the middle of the same broadcast domain which repeats traffic from multiple systems
Hub
PSTN
Public switched telephone network
Also known as a store and forward device
Bridge
An intelligent hub
Switch
A device that connects two different networks together
Router
A type of firewall which receives traffic only from the router in front of it, and then sends the packets to the internal host(s)
Screened host
An intangible firewall
Virtual firewall
Firewall company the created the stateful filtering firewall
Checkpoint
Firewall company that boasts a single-pass architecture and named after a city in California
Palo Alto
A type of proxy firewall that can look into the sequence numbers of a TCP packet
Application-level proxy
Total number of connections created by a proxy when a host tries to connect to a web server
4 connections. One from the host to the proxy, one from the proxy to the web server, one from the web server to the proxy, and one from the proxy to the host
A type of attack which creates Instability caused by malformed fragments
Teardrop attack
The first and implicit rule for a firewall
Implicit deny rule
Type of rules you create and put on a firewall, and not ones that are already built into the firewall
Explicit rules
A firewall rule that logs and drops traffic and is usually at the bottom of the rule base
Cleanup rule
Allowing excessive half-connected TCP sessions to overflow the NIC buffer can cause this attack on availability
Denial of service
Sharing your private key with someone else can destroy ___________
Confidentiality
A firewall rule that drops any connections directed only at the firewall
Stealth rule
A computer used to study the techniques, attack styles, and tactics of attackers utilizing various exploits
Honeypot
A device capable of providing multiple security services such as threat prevention, VPNs, stateful filtering, IDS/IPS, or DLP
UTM (Unified Threat Management)
If in a company there is a single point of failure, then there needs to be ________
redundancy / high availability / fault-tolerance
Max speed of 1000Base-T
1 Gbps
Type of cable which has zero susceptibility to EMI
Fiber-optic
Type of cable that has a PVC shielding around four pairs of wires twisted around each other
Twisted-Pair
Most common type of unshielded twisted-pair cable
CAT 5
Degradation of a signal
Attenuation
A standard best practice rule when designing and allocating network repeaters, concentrators and segments
5-4-3 Rule
Lines which are dedicated to carry voice and data over trunk lines
T-carriers
CSU/DSU
Channel service unit/data service unit
A type of switching which sets up a dedicated virtual link between two systems. May experience fixed delays and travels in a constant and predictable manner.
Circuit switching
A type of switching that sets up a connection which can pass through several links on the way to the destination. Consists of variable delays.
Packet switching
VoIP
Voice over Internet Protocol
A dedicated WAN link technology which is obsolete now, but should be known for the CISSP exam.
Frame Relay
QOS
Quality of service. It is a way to make some data processes faster than others. For example, voice data needs to be faster and higher priority for meetings and conferences.
A weakness of PAP (Password Authentication Protocol)
Cleartext passwords
Three components of the first phase of the BCP/DRP
Policy, scope, implementation
BIA
Business Impact Analysis
A site which will meet the requirement of an MTD of 1-2 hours
Hot site
A cloud service where the tenant is responsible for software, hardware, upgrades, licenses, and their own security except for the actual physical security
Infrastructure as a Service (IaaS)
A type of cloud service which provides an operating system such as Windows Server 2003
Platform as a Service
An employee drug test is this type of control
Administrative preventative
A governance and management framework created by ISACA
Control Objectives for Information and related Technology (COBIT)
Designed to improve an organization’s process and the posture of their security program
Capability Maturity Model Integration
Computer crime laws are also known as this
Cyberlaw
When an actual computer was used to carry out a crime
Computer-assisted crime
Logs which record events such as reboots and stopped/started services.
System logs
Logs which record ingress and egress network traffic along with source/destination IP address and source/destination port numbers.
Firewall logs
Logs which can record how long a user has been on a specific website, and when a user has gone to an unauthorized website
Proxy logs
Logs which contain when changes have been made to a firewall, who approved it, and who implemented it
Change logs
The amount of time data is backed up, stored or preserved from destruction
Retention period
Tool used to discover open ports on a system either locally or remotely
Nmap
Two web server ports
80/443
A SYN packet receives a _________ back
SYN/ACK
Tool used to easily launch DDOS in MSSQL attacks
Metasploit
Sets the archive bit to 1 for a file which has changed for backup
Incremental backups
Leftover risk after implemented controls
Residual risk
The probability of a threat using an exploit to expose a vulnerability
Risk
Document which makes sure that the project or plan about to be implemented doesn’t involve things that waste our time and resources
Scope
The process of identifying the business functions of an organization and prioritizing them from most important, to least important.
Business Impact Analysis
The group who plans the BCP/DRP
BCP Committee
Using instinct, experience, and wisdom to calculate risk
Qualitative analysis
Using numbers, calculations, and math to calculate risk
Quantitative analysis
Point of time before a disaster from which data needs to be recovered.
Recovery Point Objective
Recovery of services from initial disaster to recovery, but still within the Maximum Tolerable Downtime.
Recovery Time Objective
Critical business resources support critical business ________
Functions
A backup site to a backup site
Tertiary site
Infrequent backups sent to an offsite facility
Electronic Vaulting
Has a faster data recovery time than electronic vaulting
Remote Journaling
Data is being backed up at the same time it is being received
Remote Mirroring
A duplicate site with the same content, but not the same web address
Mirror Site
Files which are backed up since the last full backup, and the archive bit may not be set back to zero
Differential backup
Definition of when immediate operations are back after a disaster
Recovery
Definition of when all organizational functions are back after a disaster
Restoration
Occurs before a disaster
Testing
Occurs after a disaster
Implementation
Someone or something which has identified a vulnerability, and will proceed to exploit it
Threat
An specific entity which takes advantage of a vulnerability
Threat agent
A risky BCP/DRP test which requires a business impacting halt to production
Full-interruption test
A disaster which is recreated at an alternate site
Parallel test
Testing which involves a round table discussion
Structured-walkthrough
The level of importance for knowing BCP/DRP for the CISSP exam
High
IPSec provides confidentiality through _______
Encryption
IPSec secures data in _______
Motion
One of the least favorite yet critical task for an information security professional
Updating documentation
The collection of all software, hardware, firmware within a system which work in conjunction to provide and enforce the overall security policy
Trusted Computing Base
Penetration testing will look for vulnerabilities and also do this
Exploit them
A great framework to keep your organization’s information security management in line with best practices. It is optional, not obligatory.
ISO 27001
The results of a penetration test should be sent to this group.
Senior management
There’s only one way to send the findings of a penetration test.
Securely
The difference between hacking and penetration testing
Permission
The next thing to implement after issuing organization policies
Controls
These require constant tests and reviews
Policies and BCP/DRP
New CAT exam questions may include these terms
MOST, LEAST, BEST
Two high-level terms to think about constantly during the exam
Risk and cost
COBIT deals with which concept of the CIA Triad
Integrity
IAAA
Identification, Authorization, Authentication, Accountability
What each must bring to the table, otherwise the secret does not open, reveal, or unlock
Split-knowledge
Everything requires management understanding, support, initiation, and _______
approval
Anti-virus is a type of ________ security
endpoint
Backups can provide both availability and _______
integrity
Man in the middle attacks compromise both confidentiality and _________
integrity
Virtual private networking technology that allows private data and IP addresses over an insecure medium
IPSec
The most important component of BCP/DRP
Documentation
Web encryption techniques
SSL/TLS/VPN
Defining organization security policies upholds these three concepts
Confidentiality, integrity, and availability
To meet standards and compliance an organization needs _____
audits
Outdated software, lack of updates, no patching, misconfigurations all present ________
risk
OSPF and BGP routing protocols can uphold the concept of _______
availability
Billions of devices part of a group which can come with default credentials and difficult to patch. Can be used for DDOS
Internet of Things
Shutting down a computer, releasing all volatile memory, and starting it up again
Cold boot
In order to prove authenticity of a website on the Internet we use _______
SSL certificates
An organization can use its own internal certificate for internal vendors or users who are part of a ________ identity
federated
Security always starts off with _______
policy
In order to have BCP/DRP in an organization, senior management must be first convinced it would cost _______ to not have one. That is the key.
more
A CISO must perform __________ in order to verify and check the effects of controls, BCP/DRP, and other pending policies for approval.
due diligence
Directive, deterrent, preventative, corrective, recovery, and ________ controls
compensating
A proper change management process should include the necessary procedures in case a change needs to be ______ back
rolled
Recommended controls should be testable, provide accountability, consistent (integrity), overrides for privileged operators (confidentiality) and measures to be fail-safe (________)
availability
An organization’s business goals should come ____ and security should come ______.
first/second
Ultimately responsible for the confidentiality of classified data
Data owner
Implements the protections and controls for the system and the data. Receives instructions from the data owner.
Data custodian
Takes into account critical business functions and provides corrective or recovery measures to minimize disruption
Business Continuity Planning
Management tool which can help identify cost and the effectiveness of implemented controls
Metrics
Policies are this type of strategy
Directive
Objects = labels, Subjects = _______
clearances
Bugs and vulnerabilities found in the original version of software which has not been updated yet due to it not being sold yet.
Shrink Wrap Attack
Holds all the credentials for users utilizing SAML, and can be a single point of failure.
IDP - Identity Provider
Can disrupt communications over the wire and even mask or scramble an attack
Crosstalk
A primary concern in implementing biometrics is user ________
acceptance
An attack with the same source and destination IP addresses
Land Attack
The primary result of a Land Attack is a _____-
denial of service
Unplugging the power cable to a server is a form of ________
denial of service
Network security device which can hide the identity of internal network clients
Proxy
Networking technique which can hide the identity of internal network clients
Network Address Translation
Injection using
Cross-site scripting
Instead of mathematics, quantum cryptography uses _______ for key exchange
photons
When two entities come together with their own partial secret to open a master secret, it is known as _________
split-knowledge
Encryption turns plaintext secrets into ______
ciphertext
Batman uses _______ bit encryption for his communications with the Batcave, allies, and vehicle communication
4096
Technique which rearranges the plaintext message
transposition
Security guards and dogs are this type of control
Physical deterrent (and can also be the most expensive control i.e. salaries, dog training, and dog treats :) )
Physical limitation of the Internet of Things devices
Lack of CPU or RAM power to provide encryption calculations
The 10.x private IP range
10.0.0.0 to 10.255.255.255.255
Sender cannot deny sending the message
Nonrepudiation
QKD
Quantum Key Distribution
Hashing and encryption are a part of ________
cryptography
variable length message converted to fixed length message
hashing
The Caesar Cipher used this block cipher technique
Substitution
Type of memory that temporarily holds data
RAM
Type of memory that can permanently store data
ROM
Creating a preset scenario and environment in which a victim has an increased chance of handing over confidential information
Pretexting Attack (ISC2 Fourth Edition book)
CDs and USB flash drives are left at a location to conduct this type of attack
Baiting Attack
Three types of cloud solutions
IaaS, PaaS, SaaS
Provides bare metal or the very basic infrastructure resources to a cloud tenant
Infrastructure as a Service
A security professional may need to perform inspection, review and assessment to confirm ______
assurance
The most important question to ask when studying for the CISSP exam and while taking the exam itself
Why?
Rests on the belief of these three concepts: technology, analysis, mythology
Big Data
The sharing of computing resources across a network in which multiple machines function as one large computer
Grid computing
The ability for cloud tenants to spin up new virtual machines if their organization is increasing in size, or shut down previous virtual machines if their organization is decreasing their infrastructure.
Elasticity
Type of cloud in which a tenant is confident they are not sharing a pool of resources with other tenants
Private cloud
Risky issue when different encryption keys used to encrypt plaintext also produces the same ciphertext. This is not good.
Key clustering
Type of cloud most used by military or governments
Private cloud
When different hashed plaintext produces the same ciphertext
Collision
Venom Snake discovered his true identity from an ______________ cassette tape
encoded
Substitution exchanges characters, while transposition ______ letters
scrambles
The amount of time and effort it takes to crack an encryption key. The time and effort to decide if it’s worth it or not.
Work factor
Another term for ciphertext
Cryptogram
CBC depends on each previous block for encryption. But what does it do to encrypt the very first block?
Initialization Vector
Bit-by-bit encryption
Stream cipher (RC4, WEP)
Block-by-block encryption
Block cipher
Variable-length message turned into a fixed-length message
Hashing
Variable-length message turned into another variable-length message
Encryption
Was the Caesar cipher mono or poly alphabetic?
Mono (It was just 1 alphabet)
The Vernam cipher is used for this unbreakable style of encryption
One-Time Pad
Symmetric ciphers can use ___________ key distribution
out of band
This block cipher mode requires an initialization vector because of its chaining process
Cipher Block Chaining
This symmetric algorithm was broken using a known-plaintext attack, the simplest of cryptographic attacks.
DES
Ron Rivest, Adi Shamir, Len Adleman
RSA
Has the highest strength key length of all the asymmetric encryption algorithms
Elliptic Curve Cryprography (ECC)
Allows the exchange of assertions between identity management systems between federated identity web environments
Security Assertion Markup Language (SAML)
These are more commonly hashed and salted on a system and not encrypted, lacking decryption keys
Password files
This is used to prevent a user from changing a message and state the altered message came from the sender
Digital signatures
When data packets are decrypted and re-encrypted at each node along a communications channel
Link encryption
The architecture of a system which distributes public certificates, verifies public keys are tied to a certain organization, and verify the public keys
Public Key Infrastructure (PKI)
Requires actual collusion to complete the process
Dual Control
Approves data release or disclosure
Data owner
Regulation, data mapping, data classification
Data retention policies in the cloud
The first step of the cyber kill chain
Reconnaissance
Eavesdropping without affecting the communications medium, system, or protocol
Passive attack
Message alteration, system file modification, masquerading
Active attacks
Responsible for implementing RAID to maintain the data
Data custodian
Scope, classification, assurance, marking and labeling
Data classification requirements
DEP, ASLR, ACL
Memory Protection
Fence jumping, badge cloning, lock bypass, lockpicking, dumpster diving
Physical security facility attacks
The last stage of the penetration testing process
Reporting
Backup method which ensures no single point of failure with parity written to all drives
RAID5
Not a cost-efficient backup method involving RAID mirroring
RAID1
Detailed actions for personnel to follow
Procedures
A commonality or pattern within an organization
Standards
Mark Zuckerberg testifying in front of Congress
Senior management is ultimately responsible
Proving a system does what it is supposed to do
Certification
Making sure a system provides high-level testing, inspection, analysis and reviews.
Assurance
The formal approval to introduce a system into an organization
Accreditation
Responsible for the security elements within an enterprise which work to uphold business processes
The security professional
Develops disaster recovery plans which could impact the organization
Business Continuity Planner
Not collecting any private information in the first place
Rejecting the risk
Not installing your Windows Updates even though you know you should
Accepting the risk
The only time it might be a good idea to share your password with someone else
Under investigation by law enforcement
Code which requires a trigger to be executed
Logic bomb
The weakest component of an organization
People
Everything in an organization begins with this
Policy
Type of cloud where resources are shared with other tenants
Public cloud
Company that sells books and cloud computing space
Amazon
Currently the best way to detect man in the middle attacks
Quantum cryptography
Fourth canon of the CISSP Code of Ethics
Advance and protect the profession
Bringing in a crime scene investigator is this type of control
Physical detective
Exit interviews are this type of control
Administrative detective
Firewalls are this type of control
Technical preventative
Tenant takes full responsbility in this type of cloud service model
Infrastructure as a Service
Public, Private, Hybrid, Community
Cloud deployment models
One of security’s biggest enemies
Complexity
Security compromises of projects, but is part of an overall ______
program
Group that doesn’t understand DDOS, but only the numbers, figures, and risks behind it
Senior management
Overrules the rules of the organization
Law of the land
Group which is part of the overall part of the security program
Everyone
Data not to be decrypted by an organization
Employee financial and health data
Release date of AIO CISSP study guide by Shon Harris 8th Edition
22-Oct-18
Renting or leasing Windows Server 2012 from the cloud
Software as a Service
How the cloud exists and why it is utilized
Concepts to know for the exam
Best way to get rid of CD-ROM data
Physical destruction
Data left over even after erasure
Data remanence
Testing which takes place after an update or change
Regression testing
Investing in a test case before committing full financial resources to software code
Prototyping
Software model which allows risk analysis and feedback per iteration
Spiral Model
Used in databases to restrict access to only authorized users. Also a Drake album.
Views
