CISSP Notes 3 Flashcards by Dubie Dubendorfer

Packers

Provide runtime compression of executables. The original .exe is compressed, and a small executable decompresser is prepended to the .exe. Upon execution the decompresser unpacks the compressed executable machine code and runs it.

How well did you know this?

Not at all

Perfectly

compartmented security mode

A system is operating in ________ when all users have clearance to access all the information processed by the system in a system high-security configuration, but might not have the need-to-know and formal access approval.

How well did you know this?

Not at all

Perfectly

Sutherland Model

A model that is based on the idea of defining a set of system states, initial states, and state transitions. Through the user of only these predetermined secure states, integrity is maintained and interference is prohibited.

How well did you know this?

Not at all

Perfectly

Hardware Segmentation

Physically mapping software to individual memory segments.

How well did you know this?

Not at all

Perfectly

System-High Security Model

A system is operating _____ when all users have a security clearance to access the information but not necessarily a need-to-know for all the information processed on the system.

How well did you know this?

Not at all

Perfectly

Garbage Collector

Tool that marks unused memory segments as usable to ensure that an operating system does not run out of memory.

How well did you know this?

Not at all

Perfectly

Trusted Paths

For the TCB to communicate with the rest of the system, it must create secure channels, also called _____

How well did you know this?

Not at all

Perfectly

System State

A snapshot of a system at a specific moment in time.

How well did you know this?

Not at all

Perfectly

Absolute Address

Hardware addresses used by CPU.

How well did you know this?

Not at all

Perfectly

Sandbox

Designed to prevent an attacker who is able to compromise a java applet from accessing system files, such as the password file.

How well did you know this?

Not at all

Perfectly

Accreditation

Is the formal declaration by the designated approving authority that an IT system is approved to operate in a particular security mode using a prescribed set of safeguards at an acceptable level of risk

How well did you know this?

Not at all

Perfectly

Transformation Procedures (TP)

______ are the only procedures that are allowed to modify a constrained data item (CDI)

How well did you know this?

Not at all

Perfectly

ActiveX

Are the functional equivalents of Java applets. They use digital certificates instead of a sandbox to provide security. They are tied more closely to the operating system, allowing functionality such as installing patches via Windows Update.

How well did you know this?

Not at all

Perfectly

ITSEC

European standard used to assess the effectiveness of the security controls built into a system.

How well did you know this?

Not at all

Perfectly

Read-Only Memory (ROM)

Nonvolatile memory that is used on motherboards for BIOS functionality and various device controllers to allow for operating system-to-device communication. Sometimes used for off-loading graphic rendering or cryptographic functionality.

How well did you know this?

Not at all

Perfectly

System security capabilities

The _____ of information systems include memory protection, virtualization, Trusted Platform Module, interfaces and fault tolerance.

How well did you know this?

Not at all

Perfectly

Cache

Fast and expensive memory type that is used by a CPU to increase read and write operations.

How well did you know this?

Not at all

Perfectly

Clark-Wilson Model

A security model that uses multifaceted approach to enforcing data integrity. Instead of defining a formal state machine, this model defines each data item and allows modifications through only small set of programs.

How well did you know this?

Not at all

Perfectly

Security Kernel

The collection of components in the TCB that work together to implement reference monitor functions.

How well did you know this?

Not at all

Perfectly

Logical Addressing

Indirect addressing used by processes within an operating system. The memory manager carries out logical-to-absolute address mapping.

How well did you know this?

Not at all

Perfectly

Emanation

_____ is energy that escapes an electronic system, which may be remotely monitored under certain circumstances.

How well did you know this?

Not at all

Perfectly

Goguen-Meseguer Model

The ____ model is based on predetermining the set or domain - a list of objects that a subject can access. This model is based on automation theory and domain separation.

How well did you know this?

Not at all

Perfectly

Assurance evaluation criteria

The comprehensive evaluation of the technical and nontechnical security features of an IT system and other safeguards.

How well did you know this?

Not at all

Perfectly

TCSEC

U.S. DoD standard used to assess the effectiveness of the security controls built into a system. Replaced by the Common Criteria.

How well did you know this?

Not at all

Perfectly

Stack

Memory construct that is made up of individually addressable buffers. Process-to-process communication takes place through the use of them.

Process Isolation

Is used to prevent an active process from interacting within an area of memory that was not specifically assigned or allocated to it.

Virtual Memory

Combination of main memory (RAM) and secondary memory within an operating system.

Covert channel

________ is a way for an entity to receive information in an unauthorized manner. It's also an information flow that is not controlled by a security mechanism.

Maintenance Hooks

They are instructions within software that only the developer knows about and can invoke, and which give the developer easy access to the code.

Fault Tolerance

The ability of a system to suffer a fault but continue to operate. This is achieved by adding redundant components such as additional disks within a RAID.

Time of Check/Time of Use

A type of attack which takes advantage of the dependency on the timing of events that take place in a multitasking operating system.

Limit Register

Ending of address space assigned to a process. Used to ensure a process does not make a request outside its assigned memory boundaries.

Lattice Model

A structure consisting of a finite partially ordered set together with least upper and greatest lower bound operators on the set.

Race Condition

______ happens when two different processes need to carry out their tasks on one resource.

Pipelining

______ combines multiple steps into one combined process, allowing simultaneous fetch, decode, execute, and write steps for different instructions.

Watchdog timers

_______ is designed to recover a system by rebooting after critical processes hang or crash. It reboots the system when it reaches zero; critical operating system processes continually reset the timer, so it never reaches zero as long as they are running.

Dedicated Mode

A system is operating in a ______ if all users have a clearance for, and a formal need-to-know about, all data processed within the system.

API

Software interface that enables process-to-process interaction. Common way to provide access to standard routines to a set of software programs.

Hardware separation

Is a form of CPU hardware layering that separates and protects domains (such as kernel mode and user mode) from each other.

Microkernel Architecture

Reduced amount of code running in kernel mode carrying out critical operating system functionality. Only the absolutely necessary code runs in kernel mode, and the remaining operating system code runs in user mode.

RAM

Memory sticks that are plugged into a computer's motherboard and work as volatile memory space for an operating system.

Security Policy

Strategic tool used to dictate how sensitive information and resources are to be managed and protected.

Hypervisor

Central program used to manage virtual machines (guests) within a simulated environment (host).

P2P

Alternative to the classic client/server computer model. Any system may act as a client, a server, or both, depending on data needs.

Thin clients

Normally run on a system with a full operating system, but use a Web browser as a universal client, providing access to robust applications which are downloaded from the server and run in the client's browser.

IoT

______ refers to small internet connected devices, such as baby monitors, thermostats, case registers, appliances, light bulbs, smart meters, fitness monitors, cars, etc.

ASLR

Memory protection mechanism used by some operating systems. The addresses used by components of a process are randomized so that it is harder for an attacker to exploit specific memory vulnerabilities.

Applets

_____ are small pieces of mobile code that are embedded in other software such as web browsers.

Java

_______ is an object-oriented language used not only to write applets, but also as a general purpose programming language. Java bytecode is platform-independent.

Diskless workstations

______ contains CPU, memory, and firmware, but no hard drive. It includes PCs, routers, embedded devices, and others. The kernel and operating system are typically loaded via the network.

Are launched directly from an attacker (the client) to a listening service. The Conficker worm of 2008+ spread via a number of methods, including this method on TCP port 445 - exploiting a weakness in the RPC service.

Server-side attack

Systematic whittling at assets in accounts or other records with financial value, where very small amounts are deducted from balances regularly and routinely.

Salami attack

An attacker gains access to a system and makes small random or incremental changes to data during storage, processing, I/O, instead of obviously altering the file.

Data Diddling

Malicious variations of official BIOS or firmware is installed that allows remote controlled access or other malicious actions.

Phlashing attack

Holds different condition bits. One of the bits states whether the CPU should be working in user mode or Kernel mode.

Program Status Word (PSW)

Single-purpose digital computer deployed for the management and automation of various industrial electro-mechanical operations

Programmable Logic Controller (PLC)

Static file on TCP/IP supporting systems that contains hard-coded references for domain names and their associated IP addresses.

HOSTS file

Often contains historical information not normally stored in productions DBs because of storage limitation and data security concerns

Data Warehouses

Software that runs an algorithm to identify unused committed memory and then tells the OS to mark the memory as available.

Garbage Collectors

Designed to do limited sets of specific functions, and it may consist of the same components of typical computer systems; or it could be a micro-controller (integrated chip with on-board memory and peripheral ports)

Embedded Systems

Minimal human interfaces, can be stand-alone; other similarly systems-integrated or traditional IT system integrated; mechanical buttons and knobs or simple LCD screen interfaces

SCADA

A technology that allows the electronic emanations that every monitor produces (Van Eck radiations) to be read from a distance.

TEMPEST

The science of raw data examination with the focus of extracting useful information out of the bill information set.

Data Analytic

Refer to devices that offer a computational means to control something in the physical world.

Cyber-physical systems

The user of an object (or OS component) doesn't necessarily need to know the details of how the object works

Abstraction

A form of parallel distributed processing that loosely groups a significant number of processing nodes to work toward a specific processing goal

Grid Computing

Typically found in industrial process plans where the need to gather data and implement control over a large-scale environment from a single location is essential.

Distributed Control Systems

A set of functions that applications can call upon to carry out different types of procedures

Dynamic-Link Libraries

Holds information such as the program counter, stack pointer and PSW

Special Registers

Used to hold variables and temp results as the ALU works through its execution process

General Registers

Can cause the client to download contents and store it in the cache that was not the intended element of a requested webpage

Split-Response Attack

A technique to look for duplication of efforts, manual steps which can be automated, and other streamlined techniques to reduce time and effort in business processes

Process Enhancement

Document a new employee should sign upon employment which outlines rules, restrictions, acceptable use policies, job description, violations, consequences and length of employment.

Employment agreement

A document which needs to be signed by an employee in order to protect the organization's confidential information or business practices.

Nondisclosure agreement

A document which needs to be signed by an employee in order to protect trade secrets or knowledge which distinguishes the company from the competition. It may even prevent the employee from working for a competitive company for a certain period of time.

Noncompete agreement

This process is essential to making sure a terminated employee is handled in a private, respectful, and careful manner as to make sure precautions are taken.

Employment Termination Process

Document containing vendor, consultant, or contractor controls used to define the expected performance, compensation, scope, and consequences of a missed agreement.

Service Level Agreement

The act of following the necessary laws, rules, policies, requirements, standards, or regulations.

Compliance

The freedom from being observed, leaked, monitored or experience unauthorized access to your data.

Privacy

Private information which can be traced back to the original person

Personally Identifiable Information

A system in which governance can be mandated by a third party law, regulation, standard, license, obligation or requirement.

Third-party governance

The process of reading through and verifying standards and requirements between exchanged documentation.

Documentation review

This loss can occur when failing to meet the required documentation requirements of third-party governance; specifically in the military or government.

Authorization to Operate

The process of examining the environment for risk and scoring the likelihood of it happening

Risk analysis

The direct target of a threat

Asset

The dollar value attached to an asset

Asset Valuation

Can be caused by the absence of a safeguard

Vulnerability

The percentage that a threat will be realized

Exposure factor

The calculation of a risk

Threat x vulnerability

The step taken to protect an asset

Safeguard or counter-measure

When a safeguard or counter-measure has failed and an exploit has been successful by the threat agent

Breach

Network topology that uses a single unilateral cable

Ring Topology

Network topology in which all points connect to one another

Mesh Topology

Fourth layer of the OSI Model

Transport

Fourth layer of the TCP/IP Model

Application

The #1 most important concept in all of the CISSP

Human life comes first

The place where security should begin in any SDLC

First phase/stage

The battleground where information and communication technology is used and utilized as a competitive factor over an enemy

Information warfare

Calculations made with numbers, graphs, historical numbers and research

Quantitative Analysis

Calculations based on feelings and instinct

Qualitative Analysis

SSL belongs in this layer of the OSI Model

Transport Layer

TCP belongs in this layer of the OSI Model

Transport Layer

Protocol data unit at the transport layer

Segments

Protocol data unit at the network layer

packets

Protocol data unit at the data link layer

frames

SMTP, HTTP, DNS belong in this layer of the OSI Model

Application Layer

This layer of the OSI Model is not concerned with the data, but the format of the data

Presentation Layer

This layer of the OSI Model is responsible for establishing the connection between applications

Session Layer

Communication that takes place unidirectionally, in one direction

Simplex

This layer of the OSI Model is responsible for establishing the connections between endpoints, between the actual physical computers, not the applications

Transport Layer

Mode in which two applications can communicate with each other and send messages at the same time

Full-duplex

MAC addresses belong in which layer of the OSI Model?

Data Link Layer

Voltage, bits, UTP, NIC cards are all on which layer of the OSI Model?

Physical Layer

Connection-oriented protocol

TCP

Enables private IP addresses to be routed through the Internet

Network Address Translation

Allows fiber channel protocol encapsulation over Ethernet networks

Fiber Channel Over Ethernet

Layer 2 protocol which allows private IP addresses over a dedicated link, acting like a VPN

MPLS (Multiprotocol Label Switching)

Transmission in which the entire communication channel is utilized

Baseband

Transmission in which communications channels can be divided up into different types of subchannels for different types of data

Broadband

Has a copper core surrounded by a layer of shielding and grounded. It is further protected by an outer jacket. It is somewhat resistant to EMI.

Coaxial cable

Protocol that does not guarantee delivery

UDP

Components of a TCP handshake

SYN, SYN/ACK, ACK

192.168.1.12 is what type of IP address?

Private (RFC 1918)

10.0.0.2 is what type of IP address?

Private (RFC 1918)

127.0.0.1 is what type of IP address?

Loopback

Will you have to calculate subnets for the CISSP exam?

No.

Allows bigger networks to become smaller, more segmented and manageable networks.

Subnetting/CIDR

Does not require network address translation as it has its own configuration administration.

IPv6

Cabling with high transmission speeds, not susceptible to EMI, and can go for extended distances.

Fiber-optic cable

Contains large glass cores, can carry more data than single mode in fiber optic cables.

Multimode

This kind of cabling interference can be caused by other wires, microwaves, motors, computers, or other types of electronics.

Noise

The weakening and eventual loss of a signal.

Attenuation

802.3

Ethernet

When you hear conversations on your electronic device from another electronic device

Crosstalk

The most common network topology

Star Topology

CSMA/CA

Carrier sense multiple access with collision avoidance

Computers which all receive a Layer 2 broadcast frame are all in this type of domain.

Broadcast.

FDDI

Fiber Distributed Data Interface

Protocol which assigns IP addresses.

DHCP

Protocol used by ping

ICMP

Protocol for Internet mail servers which can send and receive email

Post Office Protocol

Protocol that does not download messages from an email server and erase them

IMAP

192.168.255.22 is an example of a Class _____ network

172.16.0.66 is an example of a Class _____ network

10.255.255.255 is an example of a Class ____ network

If someone said they were having IP connectivity issues, which layer of the OSI Model would you look at first?

Network Layer

Type of firewall that has the ability to look at the entire packet, not just the source and destination address and associated ports

Application-Level Proxy Firewalls

These types of firewalls remember the state of a connection, and has become the de facto standard. It was first created by Checkpoint.

Stateful

IDS is a technical _____________ control

Detective

A firewall with two interfaces is said to be __________

dual-homed

A type of proxy that does not have the ability to perform deep packet inspection, and operates at the session layer

Circuit-level proxy

Firewalls that can examine the relationship between previous and current network packets are known as _______ filtering firewalls

Stateful

Firewalls that can only examine the source, destination, and port are known as _______ filtering firewalls

packet

Firewalls which have two interfaces

Dual-homed firewalls

A server or a firewall designed to receive inbound network attacks

bastion host

A storage area network combined with backup tapes would provide a high degree of ______

availability/redundancy

Provides integrity through well-formed transactions

Clark-Wilson Model

CPTED

Crime Prevention Through Environmental Design

This algorithm uses less computing power and offers more security

Elliptical Curve Cryptography

The most common type of intrusion detection system

Signature-based

An architecture in which multiple segmented networks are separated by two or more firewalls

Three-tier deployment

The concept of providing security to a local device, to a local host whether it is connected to the network or not

Endpoint security

A remote encrypted connection for users connecting to the corporate headquarters externally

Virtual Private Network

When two transmissions collide on a transmission medium meant for one connection

Collision

An environment which communicates only using MAC addresses (Layer 2 of the OSI Model)

Broadcast domain

A device in the middle of the same broadcast domain which repeats traffic from multiple systems

Hub

PSTN

Public switched telephone network

Also known as a store and forward device

Bridge

An intelligent hub

Switch

A device that connects two different networks together

Router

A type of firewall which receives traffic only from the router in front of it, and then sends the packets to the internal host(s)

Screened host

An intangible firewall

Virtual firewall

Firewall company the created the stateful filtering firewall

Checkpoint

Firewall company that boasts a single-pass architecture and named after a city in California

Palo Alto

A type of proxy firewall that can look into the sequence numbers of a TCP packet

Application-level proxy

Total number of connections created by a proxy when a host tries to connect to a web server

4 connections. One from the host to the proxy, one from the proxy to the web server, one from the web server to the proxy, and one from the proxy to the host

A type of attack which creates Instability caused by malformed fragments

Teardrop attack

The first and implicit rule for a firewall

Implicit deny rule

Type of rules you create and put on a firewall, and not ones that are already built into the firewall

Explicit rules

A firewall rule that logs and drops traffic and is usually at the bottom of the rule base

Cleanup rule

Allowing excessive half-connected TCP sessions to overflow the NIC buffer can cause this attack on availability

Denial of service

Sharing your private key with someone else can destroy ___________

Confidentiality

A firewall rule that drops any connections directed only at the firewall

Stealth rule

A computer used to study the techniques, attack styles, and tactics of attackers utilizing various exploits

Honeypot

A device capable of providing multiple security services such as threat prevention, VPNs, stateful filtering, IDS/IPS, or DLP

UTM (Unified Threat Management)

If in a company there is a single point of failure, then there needs to be ________

redundancy / high availability / fault-tolerance

Max speed of 1000Base-T

1 Gbps

Type of cable which has zero susceptibility to EMI

Fiber-optic

Type of cable that has a PVC shielding around four pairs of wires twisted around each other

Twisted-Pair

Most common type of unshielded twisted-pair cable

CAT 5

Degradation of a signal

Attenuation

A standard best practice rule when designing and allocating network repeaters, concentrators and segments

5-4-3 Rule

Lines which are dedicated to carry voice and data over trunk lines

T-carriers

CSU/DSU

Channel service unit/data service unit

A type of switching which sets up a dedicated virtual link between two systems. May experience fixed delays and travels in a constant and predictable manner.

Circuit switching

A type of switching that sets up a connection which can pass through several links on the way to the destination. Consists of variable delays.

Packet switching

VoIP

Voice over Internet Protocol

A dedicated WAN link technology which is obsolete now, but should be known for the CISSP exam.

Frame Relay

QOS

Quality of service. It is a way to make some data processes faster than others. For example, voice data needs to be faster and higher priority for meetings and conferences.

A weakness of PAP (Password Authentication Protocol)

Cleartext passwords

Three components of the first phase of the BCP/DRP

Policy, scope, implementation

BIA

Business Impact Analysis

A site which will meet the requirement of an MTD of 1-2 hours

Hot site

A cloud service where the tenant is responsible for software, hardware, upgrades, licenses, and their own security except for the actual physical security

Infrastructure as a Service (IaaS)

A type of cloud service which provides an operating system such as Windows Server 2003

Platform as a Service

An employee drug test is this type of control

Administrative preventative

A governance and management framework created by ISACA

Control Objectives for Information and related Technology (COBIT)

Designed to improve an organization's process and the posture of their security program

Capability Maturity Model Integration

Computer crime laws are also known as this

Cyberlaw

When an actual computer was used to carry out a crime

Computer-assisted crime

Logs which record events such as reboots and stopped/started services.

System logs

Logs which record ingress and egress network traffic along with source/destination IP address and source/destination port numbers.

Firewall logs

Logs which can record how long a user has been on a specific website, and when a user has gone to an unauthorized website

Proxy logs

Logs which contain when changes have been made to a firewall, who approved it, and who implemented it

Change logs

The amount of time data is backed up, stored or preserved from destruction

Retention period

Tool used to discover open ports on a system either locally or remotely

Nmap

Two web server ports

80/443

A SYN packet receives a _________ back

SYN/ACK

Tool used to easily launch DDOS in MSSQL attacks

Metasploit

Sets the archive bit to 1 for a file which has changed for backup

Incremental backups

Leftover risk after implemented controls

Residual risk

The probability of a threat using an exploit to expose a vulnerability

Risk

Document which makes sure that the project or plan about to be implemented doesn’t involve things that waste our time and resources

Scope

The process of identifying the business functions of an organization and prioritizing them from most important, to least important.

Business Impact Analysis

The group who plans the BCP/DRP

BCP Committee

Using instinct, experience, and wisdom to calculate risk

Qualitative analysis

Using numbers, calculations, and math to calculate risk

Quantitative analysis

Point of time before a disaster from which data needs to be recovered.

Recovery Point Objective

Recovery of services from initial disaster to recovery, but still within the Maximum Tolerable Downtime.

Recovery Time Objective

Critical business resources support critical business ________

Functions

A backup site to a backup site

Tertiary site

Infrequent backups sent to an offsite facility

Electronic Vaulting

Has a faster data recovery time than electronic vaulting

Remote Journaling

Data is being backed up at the same time it is being received

Remote Mirroring

A duplicate site with the same content, but not the same web address

Mirror Site

Files which are backed up since the last full backup, and the archive bit may not be set back to zero

Differential backup

Definition of when immediate operations are back after a disaster

Recovery

Definition of when all organizational functions are back after a disaster

Restoration

Occurs before a disaster

Testing

Occurs after a disaster

Implementation

Someone or something which has identified a vulnerability, and will proceed to exploit it

Threat

An specific entity which takes advantage of a vulnerability

Threat agent

A risky BCP/DRP test which requires a business impacting halt to production

Full-interruption test

A disaster which is recreated at an alternate site

Parallel test

Testing which involves a round table discussion

Structured-walkthrough

The level of importance for knowing BCP/DRP for the CISSP exam

High

IPSec provides confidentiality through _______

Encryption

IPSec secures data in _______

Motion

One of the least favorite yet critical task for an information security professional

Updating documentation

The collection of all software, hardware, firmware within a system which work in conjunction to provide and enforce the overall security policy

Trusted Computing Base

Penetration testing will look for vulnerabilities and also do this

Exploit them

A great framework to keep your organization's information security management in line with best practices. It is optional, not obligatory.

ISO 27001

The results of a penetration test should be sent to this group.

Senior management

There's only one way to send the findings of a penetration test.

Securely

The difference between hacking and penetration testing

Permission

The next thing to implement after issuing organization policies

Controls

These require constant tests and reviews

Policies and BCP/DRP

New CAT exam questions may include these terms

MOST, LEAST, BEST

Two high-level terms to think about constantly during the exam

Risk and cost

COBIT deals with which concept of the CIA Triad

Integrity

IAAA

Identification, Authorization, Authentication, Accountability

What each must bring to the table, otherwise the secret does not open, reveal, or unlock

Split-knowledge

Everything requires management understanding, support, initiation, and _______

approval

Anti-virus is a type of ________ security

endpoint

Backups can provide both availability and _______

integrity

Man in the middle attacks compromise both confidentiality and _________

integrity

Virtual private networking technology that allows private data and IP addresses over an insecure medium

IPSec

The most important component of BCP/DRP

Documentation

Web encryption techniques

SSL/TLS/VPN

Defining organization security policies upholds these three concepts

Confidentiality, integrity, and availability

To meet standards and compliance an organization needs _____

audits

Outdated software, lack of updates, no patching, misconfigurations all present ________

risk

OSPF and BGP routing protocols can uphold the concept of _______

availability

Billions of devices part of a group which can come with default credentials and difficult to patch. Can be used for DDOS

Internet of Things

Shutting down a computer, releasing all volatile memory, and starting it up again

Cold boot

In order to prove authenticity of a website on the Internet we use _______

SSL certificates

An organization can use its own internal certificate for internal vendors or users who are part of a ________ identity

federated

Security always starts off with _______

policy

In order to have BCP/DRP in an organization, senior management must be first convinced it would cost _______ to not have one. That is the key.

A CISO must perform __________ in order to verify and check the effects of controls, BCP/DRP, and other pending policies for approval.

due diligence

Directive, deterrent, preventative, corrective, recovery, and ________ controls

compensating

A proper change management process should include the necessary procedures in case a change needs to be ______ back

rolled

Recommended controls should be testable, provide accountability, consistent (integrity), overrides for privileged operators (confidentiality) and measures to be fail-safe (________)

availability

An organization's business goals should come ____ and security should come ______.

first/second

Ultimately responsible for the confidentiality of classified data

Data owner

Implements the protections and controls for the system and the data. Receives instructions from the data owner.

Data custodian

Takes into account critical business functions and provides corrective or recovery measures to minimize disruption

Business Continuity Planning

Management tool which can help identify cost and the effectiveness of implemented controls

Metrics

Policies are this type of strategy

Directive

Objects = labels, Subjects = _______

clearances

Bugs and vulnerabilities found in the original version of software which has not been updated yet due to it not being sold yet.

Shrink Wrap Attack

Holds all the credentials for users utilizing SAML, and can be a single point of failure.

IDP - Identity Provider

Can disrupt communications over the wire and even mask or scramble an attack

Crosstalk

A primary concern in implementing biometrics is user ________

acceptance

An attack with the same source and destination IP addresses

Land Attack

The primary result of a Land Attack is a _____-

denial of service

Unplugging the power cable to a server is a form of ________

denial of service

Network security device which can hide the identity of internal network clients

Proxy

Networking technique which can hide the identity of internal network clients

Network Address Translation

Injection using

Cross-site scripting

Instead of mathematics, quantum cryptography uses _______ for key exchange

photons

When two entities come together with their own partial secret to open a master secret, it is known as _________

split-knowledge

Encryption turns plaintext secrets into ______

ciphertext

Batman uses _______ bit encryption for his communications with the Batcave, allies, and vehicle communication

4096

Technique which rearranges the plaintext message

transposition

Security guards and dogs are this type of control

Physical deterrent (and can also be the most expensive control i.e. salaries, dog training, and dog treats :) )

Physical limitation of the Internet of Things devices

Lack of CPU or RAM power to provide encryption calculations

The 10.x private IP range

10.0.0.0 to 10.255.255.255.255

Sender cannot deny sending the message

Nonrepudiation

QKD

Quantum Key Distribution

Hashing and encryption are a part of ________

cryptography

variable length message converted to fixed length message

hashing

The Caesar Cipher used this block cipher technique

Substitution

Type of memory that temporarily holds data

RAM

Type of memory that can permanently store data

ROM

Creating a preset scenario and environment in which a victim has an increased chance of handing over confidential information

Pretexting Attack (ISC2 Fourth Edition book)

CDs and USB flash drives are left at a location to conduct this type of attack

Baiting Attack

Three types of cloud solutions

IaaS, PaaS, SaaS

Provides bare metal or the very basic infrastructure resources to a cloud tenant

Infrastructure as a Service

A security professional may need to perform inspection, review and assessment to confirm ______

assurance

The most important question to ask when studying for the CISSP exam and while taking the exam itself

Why?

Rests on the belief of these three concepts: technology, analysis, mythology

Big Data

The sharing of computing resources across a network in which multiple machines function as one large computer

Grid computing

The ability for cloud tenants to spin up new virtual machines if their organization is increasing in size, or shut down previous virtual machines if their organization is decreasing their infrastructure.

Elasticity

Type of cloud in which a tenant is confident they are not sharing a pool of resources with other tenants

Private cloud

Risky issue when different encryption keys used to encrypt plaintext also produces the same ciphertext. This is not good.

Key clustering

Type of cloud most used by military or governments

Private cloud

When different hashed plaintext produces the same ciphertext

Collision

Venom Snake discovered his true identity from an ______________ cassette tape

encoded

Substitution exchanges characters, while transposition ______ letters

scrambles

The amount of time and effort it takes to crack an encryption key. The time and effort to decide if it's worth it or not.

Work factor

Another term for ciphertext

Cryptogram

CBC depends on each previous block for encryption. But what does it do to encrypt the very first block?

Initialization Vector

Bit-by-bit encryption

Stream cipher (RC4, WEP)

Block-by-block encryption

Block cipher

Variable-length message turned into a fixed-length message

Hashing

Variable-length message turned into another variable-length message

Encryption

Was the Caesar cipher mono or poly alphabetic?

Mono (It was just 1 alphabet)

The Vernam cipher is used for this unbreakable style of encryption

One-Time Pad

Symmetric ciphers can use ___________ key distribution

out of band

This block cipher mode requires an initialization vector because of its chaining process

Cipher Block Chaining

This symmetric algorithm was broken using a known-plaintext attack, the simplest of cryptographic attacks.

DES

Ron Rivest, Adi Shamir, Len Adleman

RSA

Has the highest strength key length of all the asymmetric encryption algorithms

Elliptic Curve Cryprography (ECC)

Allows the exchange of assertions between identity management systems between federated identity web environments

Security Assertion Markup Language (SAML)

These are more commonly hashed and salted on a system and not encrypted, lacking decryption keys

Password files

This is used to prevent a user from changing a message and state the altered message came from the sender

Digital signatures

When data packets are decrypted and re-encrypted at each node along a communications channel

Link encryption

The architecture of a system which distributes public certificates, verifies public keys are tied to a certain organization, and verify the public keys

Public Key Infrastructure (PKI)

Requires actual collusion to complete the process

Dual Control

Approves data release or disclosure

Data owner

Regulation, data mapping, data classification

Data retention policies in the cloud

The first step of the cyber kill chain

Reconnaissance

Eavesdropping without affecting the communications medium, system, or protocol

Passive attack

Message alteration, system file modification, masquerading

Active attacks

Responsible for implementing RAID to maintain the data

Data custodian

Scope, classification, assurance, marking and labeling

Data classification requirements

DEP, ASLR, ACL

Memory Protection

Fence jumping, badge cloning, lock bypass, lockpicking, dumpster diving

Physical security facility attacks

The last stage of the penetration testing process

Reporting

Backup method which ensures no single point of failure with parity written to all drives

RAID5

Not a cost-efficient backup method involving RAID mirroring

RAID1

Detailed actions for personnel to follow

Procedures

A commonality or pattern within an organization

Standards

Mark Zuckerberg testifying in front of Congress

Senior management is ultimately responsible

Proving a system does what it is supposed to do

Certification

Making sure a system provides high-level testing, inspection, analysis and reviews.

Assurance

The formal approval to introduce a system into an organization

Accreditation

Responsible for the security elements within an enterprise which work to uphold business processes

The security professional

Develops disaster recovery plans which could impact the organization

Business Continuity Planner

Not collecting any private information in the first place

Rejecting the risk

Not installing your Windows Updates even though you know you should

Accepting the risk

The only time it might be a good idea to share your password with someone else

Under investigation by law enforcement

Code which requires a trigger to be executed

Logic bomb

The weakest component of an organization

People

Everything in an organization begins with this

Policy

Type of cloud where resources are shared with other tenants

Public cloud

Company that sells books and cloud computing space

Amazon

Currently the best way to detect man in the middle attacks

Quantum cryptography

Fourth canon of the CISSP Code of Ethics

Advance and protect the profession

Bringing in a crime scene investigator is this type of control

Physical detective

Exit interviews are this type of control

Administrative detective

Firewalls are this type of control

Technical preventative

Tenant takes full responsbility in this type of cloud service model

Infrastructure as a Service

Public, Private, Hybrid, Community

Cloud deployment models

One of security's biggest enemies

Complexity

Security compromises of projects, but is part of an overall ______

program

Group that doesn't understand DDOS, but only the numbers, figures, and risks behind it

Senior management

Overrules the rules of the organization

Law of the land

Group which is part of the overall part of the security program

Everyone

Data not to be decrypted by an organization

Employee financial and health data

Release date of AIO CISSP study guide by Shon Harris 8th Edition

22-Oct-18

Renting or leasing Windows Server 2012 from the cloud

Software as a Service

How the cloud exists and why it is utilized

Concepts to know for the exam

Best way to get rid of CD-ROM data

Physical destruction

Data left over even after erasure

Data remanence

Testing which takes place after an update or change

Regression testing

Investing in a test case before committing full financial resources to software code

Prototyping

Software model which allows risk analysis and feedback per iteration

Spiral Model

Used in databases to restrict access to only authorized users. Also a Drake album.

Views