CISSP Notes 3 Flashcards
Packers
Provide runtime compression of executables. The original .exe is compressed, and a small executable decompresser is prepended to the .exe. Upon execution the decompresser unpacks the compressed executable machine code and runs it.
compartmented security mode
A system is operating in ________ when all users have clearance to access all the information processed by the system in a system high-security configuration, but might not have the need-to-know and formal access approval.
Sutherland Model
A model that is based on the idea of defining a set of system states, initial states, and state transitions. Through the user of only these predetermined secure states, integrity is maintained and interference is prohibited.
Hardware Segmentation
Physically mapping software to individual memory segments.
System-High Security Model
A system is operating _____ when all users have a security clearance to access the information but not necessarily a need-to-know for all the information processed on the system.
Garbage Collector
Tool that marks unused memory segments as usable to ensure that an operating system does not run out of memory.
Trusted Paths
For the TCB to communicate with the rest of the system, it must create secure channels, also called _____
System State
A snapshot of a system at a specific moment in time.
Absolute Address
Hardware addresses used by CPU.
Sandbox
Designed to prevent an attacker who is able to compromise a java applet from accessing system files, such as the password file.
Accreditation
Is the formal declaration by the designated approving authority that an IT system is approved to operate in a particular security mode using a prescribed set of safeguards at an acceptable level of risk
Transformation Procedures (TP)
______ are the only procedures that are allowed to modify a constrained data item (CDI)
ActiveX
Are the functional equivalents of Java applets. They use digital certificates instead of a sandbox to provide security. They are tied more closely to the operating system, allowing functionality such as installing patches via Windows Update.
ITSEC
European standard used to assess the effectiveness of the security controls built into a system.
Read-Only Memory (ROM)
Nonvolatile memory that is used on motherboards for BIOS functionality and various device controllers to allow for operating system-to-device communication. Sometimes used for off-loading graphic rendering or cryptographic functionality.
System security capabilities
The _____ of information systems include memory protection, virtualization, Trusted Platform Module, interfaces and fault tolerance.
Cache
Fast and expensive memory type that is used by a CPU to increase read and write operations.
Clark-Wilson Model
A security model that uses multifaceted approach to enforcing data integrity. Instead of defining a formal state machine, this model defines each data item and allows modifications through only small set of programs.
Security Kernel
The collection of components in the TCB that work together to implement reference monitor functions.
Logical Addressing
Indirect addressing used by processes within an operating system. The memory manager carries out logical-to-absolute address mapping.
Emanation
_____ is energy that escapes an electronic system, which may be remotely monitored under certain circumstances.
Goguen-Meseguer Model
The ____ model is based on predetermining the set or domain - a list of objects that a subject can access. This model is based on automation theory and domain separation.
Assurance evaluation criteria
The comprehensive evaluation of the technical and nontechnical security features of an IT system and other safeguards.
TCSEC
U.S. DoD standard used to assess the effectiveness of the security controls built into a system. Replaced by the Common Criteria.
Stack
Memory construct that is made up of individually addressable buffers. Process-to-process communication takes place through the use of them.
Process Isolation
Is used to prevent an active process from interacting within an area of memory that was not specifically assigned or allocated to it.
Virtual Memory
Combination of main memory (RAM) and secondary memory within an operating system.
Covert channel
________ is a way for an entity to receive information in an unauthorized manner. It’s also an information flow that is not controlled by a security mechanism.
Maintenance Hooks
They are instructions within software that only the developer knows about and can invoke, and which give the developer easy access to the code.
Fault Tolerance
The ability of a system to suffer a fault but continue to operate. This is achieved by adding redundant components such as additional disks within a RAID.
Time of Check/Time of Use
A type of attack which takes advantage of the dependency on the timing of events that take place in a multitasking operating system.
Limit Register
Ending of address space assigned to a process. Used to ensure a process does not make a request outside its assigned memory boundaries.
Lattice Model
A structure consisting of a finite partially ordered set together with least upper and greatest lower bound operators on the set.
Race Condition
______ happens when two different processes need to carry out their tasks on one resource.
Pipelining
______ combines multiple steps into one combined process, allowing simultaneous fetch, decode, execute, and write steps for different instructions.
Watchdog timers
_______ is designed to recover a system by rebooting after critical processes hang or crash. It reboots the system when it reaches zero; critical operating system processes continually reset the timer, so it never reaches zero as long as they are running.
Dedicated Mode
A system is operating in a ______ if all users have a clearance for, and a formal need-to-know about, all data processed within the system.
API
Software interface that enables process-to-process interaction. Common way to provide access to standard routines to a set of software programs.
Hardware separation
Is a form of CPU hardware layering that separates and protects domains (such as kernel mode and user mode) from each other.
Microkernel Architecture
Reduced amount of code running in kernel mode carrying out critical operating system functionality. Only the absolutely necessary code runs in kernel mode, and the remaining operating system code runs in user mode.
RAM
Memory sticks that are plugged into a computer’s motherboard and work as volatile memory space for an operating system.
Security Policy
Strategic tool used to dictate how sensitive information and resources are to be managed and protected.
Hypervisor
Central program used to manage virtual machines (guests) within a simulated environment (host).
P2P
Alternative to the classic client/server computer model. Any system may act as a client, a server, or both, depending on data needs.
Thin clients
Normally run on a system with a full operating system, but use a Web browser as a universal client, providing access to robust applications which are downloaded from the server and run in the client’s browser.
IoT
______ refers to small internet connected devices, such as baby monitors, thermostats, case registers, appliances, light bulbs, smart meters, fitness monitors, cars, etc.
ASLR
Memory protection mechanism used by some operating systems. The addresses used by components of a process are randomized so that it is harder for an attacker to exploit specific memory vulnerabilities.
Applets
_____ are small pieces of mobile code that are embedded in other software such as web browsers.
Java
_______ is an object-oriented language used not only to write applets, but also as a general purpose programming language. Java bytecode is platform-independent.
Diskless workstations
______ contains CPU, memory, and firmware, but no hard drive. It includes PCs, routers, embedded devices, and others. The kernel and operating system are typically loaded via the network.
Are launched directly from an attacker (the client) to a listening service. The Conficker worm of 2008+ spread via a number of methods, including this method on TCP port 445 - exploiting a weakness in the RPC service.
Server-side attack
Systematic whittling at assets in accounts or other records with financial value, where very small amounts are deducted from balances regularly and routinely.
Salami attack
An attacker gains access to a system and makes small random or incremental changes to data during storage, processing, I/O, instead of obviously altering the file.
Data Diddling
Malicious variations of official BIOS or firmware is installed that allows remote controlled access or other malicious actions.
Phlashing attack
Holds different condition bits. One of the bits states whether the CPU should be working in user mode or Kernel mode.
Program Status Word (PSW)
Single-purpose digital computer deployed for the management and automation of various industrial electro-mechanical operations
Programmable Logic Controller (PLC)
Static file on TCP/IP supporting systems that contains hard-coded references for domain names and their associated IP addresses.
HOSTS file
Often contains historical information not normally stored in productions DBs because of storage limitation and data security concerns
Data Warehouses
Software that runs an algorithm to identify unused committed memory and then tells the OS to mark the memory as available.
Garbage Collectors
Designed to do limited sets of specific functions, and it may consist of the same components of typical computer systems; or it could be a micro-controller (integrated chip with on-board memory and peripheral ports)
Embedded Systems
Minimal human interfaces, can be stand-alone; other similarly systems-integrated or traditional IT system integrated; mechanical buttons and knobs or simple LCD screen interfaces
SCADA
A technology that allows the electronic emanations that every monitor produces (Van Eck radiations) to be read from a distance.
TEMPEST
The science of raw data examination with the focus of extracting useful information out of the bill information set.
Data Analytic
Refer to devices that offer a computational means to control something in the physical world.
Cyber-physical systems
The user of an object (or OS component) doesn’t necessarily need to know the details of how the object works
Abstraction
A form of parallel distributed processing that loosely groups a significant number of processing nodes to work toward a specific processing goal
Grid Computing
Typically found in industrial process plans where the need to gather data and implement control over a large-scale environment from a single location is essential.
Distributed Control Systems
A set of functions that applications can call upon to carry out different types of procedures
Dynamic-Link Libraries
Holds information such as the program counter, stack pointer and PSW
Special Registers
Used to hold variables and temp results as the ALU works through its execution process
General Registers
Can cause the client to download contents and store it in the cache that was not the intended element of a requested webpage
Split-Response Attack
A technique to look for duplication of efforts, manual steps which can be automated, and other streamlined techniques to reduce time and effort in business processes
Process Enhancement
Document a new employee should sign upon employment which outlines rules, restrictions, acceptable use policies, job description, violations, consequences and length of employment.
Employment agreement
A document which needs to be signed by an employee in order to protect the organization’s confidential information or business practices.
Nondisclosure agreement
A document which needs to be signed by an employee in order to protect trade secrets or knowledge which distinguishes the company from the competition. It may even prevent the employee from working for a competitive company for a certain period of time.
Noncompete agreement
This process is essential to making sure a terminated employee is handled in a private, respectful, and careful manner as to make sure precautions are taken.
Employment Termination Process
Document containing vendor, consultant, or contractor controls used to define the expected performance, compensation, scope, and consequences of a missed agreement.
Service Level Agreement
The act of following the necessary laws, rules, policies, requirements, standards, or regulations.
Compliance
The freedom from being observed, leaked, monitored or experience unauthorized access to your data.
Privacy
Private information which can be traced back to the original person
Personally Identifiable Information
A system in which governance can be mandated by a third party law, regulation, standard, license, obligation or requirement.
Third-party governance
The process of reading through and verifying standards and requirements between exchanged documentation.
Documentation review
This loss can occur when failing to meet the required documentation requirements of third-party governance; specifically in the military or government.
Authorization to Operate
The process of examining the environment for risk and scoring the likelihood of it happening
Risk analysis
The direct target of a threat
Asset
The dollar value attached to an asset
Asset Valuation
Can be caused by the absence of a safeguard
Vulnerability
The percentage that a threat will be realized
Exposure factor
The calculation of a risk
Threat x vulnerability
The step taken to protect an asset
Safeguard or counter-measure
When a safeguard or counter-measure has failed and an exploit has been successful by the threat agent
Breach
Network topology that uses a single unilateral cable
Ring Topology
Network topology in which all points connect to one another
Mesh Topology
Fourth layer of the OSI Model
Transport
Fourth layer of the TCP/IP Model
Application
The #1 most important concept in all of the CISSP
Human life comes first
The place where security should begin in any SDLC
First phase/stage
The battleground where information and communication technology is used and utilized as a competitive factor over an enemy
Information warfare
Calculations made with numbers, graphs, historical numbers and research
Quantitative Analysis
Calculations based on feelings and instinct
Qualitative Analysis
SSL belongs in this layer of the OSI Model
TransportLayer
TCP belongs in this layer of the OSI Model
TransportLayer
Protocol data unit at the transport layer
Segments
Protocol data unit at the network layer
packets
Protocol data unit at the data link layer
frames
SMTP, HTTP, DNS belong in this layer of the OSI Model
ApplicationLayer
This layer of the OSI Model is not concerned with the data, but the format of the data
Presentation Layer
This layer of the OSI Model is responsible for establishing the connection between applications
Session Layer
Communication that takes place unidirectionally, in one direction
Simplex
This layer of the OSI Model is responsible for establishing the connections between endpoints, between the actual physical computers, not the applications
Transport Layer
Mode in which two applications can communicate with each other and send messages at the same time
Full-duplex
MAC addresses belong in which layer of the OSI Model?
Data Link Layer
Voltage, bits, UTP, NIC cards are all on which layer of the OSI Model?
Physical Layer
Connection-oriented protocol
TCP
Enables private IP addresses to be routed through the Internet
Network Address Translation
Allows fiber channel protocol encapsulation over Ethernet networks
Fiber Channel Over Ethernet
Layer 2 protocol which allows private IP addresses over a dedicated link, acting like a VPN
MPLS (Multiprotocol Label Switching)
Transmission in which the entire communication channel is utilized
Baseband
Transmission in which communications channels can be divided up into different types of subchannels for different types of data
Broadband
Has a copper core surrounded by a layer of shielding and grounded. It is further protected by an outer jacket. It is somewhat resistant to EMI.
Coaxial cable
Protocol that does not guarantee delivery
UDP
Components of a TCP handshake
SYN, SYN/ACK, ACK
192.168.1.12 is what type of IP address?
Private (RFC 1918)
10.0.0.2 is what type of IP address?
Private (RFC 1918)
127.0.0.1 is what type of IP address?
Loopback
Will you have to calculate subnets for the CISSP exam?
No.
Allows bigger networks to become smaller, more segmented and manageable networks.
Subnetting/CIDR
Does not require network address translation as it has its own configuration administration.
IPv6
Cabling with high transmission speeds, not susceptible to EMI, and can go for extended distances.
Fiber-optic cable
Contains large glass cores, can carry more data than single mode in fiber optic cables.
Multimode
This kind of cabling interference can be caused by other wires, microwaves, motors, computers, or other types of electronics.
Noise
The weakening and eventual loss of a signal.
Attenuation
802.3
Ethernet
When you hear conversations on your electronic device from another electronic device
Crosstalk
The most common network topology
Star Topology
CSMA/CA
Carrier sense multiple access with collision avoidance
Computers which all receive a Layer 2 broadcast frame are all in this type of domain.
Broadcast.
FDDI
Fiber Distributed Data Interface
Protocol which assigns IP addresses.
DHCP
Protocol used by ping
ICMP
Protocol for Internet mail servers which can send and receive email
Post Office Protocol
Protocol that does not download messages from an email server and erase them
IMAP
192.168.255.22 is an example of a Class _____ network
C
172.16.0.66 is an example of a Class _____ network
B
10.255.255.255 is an example of a Class ____ network
A
If someone said they were having IP connectivity issues, which layer of the OSI Model would you look at first?
Network Layer
Type of firewall that has the ability to look at the entire packet, not just the source and destination address and associated ports
Application-Level Proxy Firewalls
These types of firewalls remember the state of a connection, and has become the de facto standard. It was first created by Checkpoint.
Stateful
IDS is a technical _____________ control
Detective
A firewall with two interfaces is said to be __________
dual-homed
A type of proxy that does not have the ability to perform deep packet inspection, and operates at the session layer
Circuit-level proxy
Firewalls that can examine the relationship between previous and current network packets are known as _______ filtering firewalls
Stateful
Firewalls that can only examine the source, destination, and port are known as _______ filtering firewalls
packet
Firewalls which have two interfaces
Dual-homed firewalls
A server or a firewall designed to receive inbound network attacks
bastion host
A storage area network combined with backup tapes would provide a high degree of ______
availability/redundancy
Provides integrity through well-formed transactions
Clark-Wilson Model
CPTED
Crime Prevention Through Environmental Design
This algorithm uses less computing power and offers more security
Elliptical Curve Cryptography
The most common type of intrusion detection system
Signature-based
