CISSP Quick Tips Flashcards

Question 1

Q

Vulnerability

Answer

A

The absence of a safeguard (in other words, it is a weakness) that can be exploited.

Question 2

Q

Threat

Answer

A

the possibility that someone or something would exploit a vulnerability, intentionally or accidentally, and cause harm to an asset.

Question 3

Q

Risk

Answer

A

the probability of a threat agent exploiting a vulnerability and the loss potential from that action.

Question 4

Q

What reduces risk?

Answer

A

Reducing vulnerabilities and/or threats

Question 5

Q

Exposure

Answer

A

An instance of being exposed to losses from a threat.

Question 6

Q

Countermeasure

Answer

A

Also called a safeguard, mitigates the risk.

• A countermeasure can be an application, software configuration, hardware, or procedure.

Question 7

Q

Due care

Answer

A

If someone is practicing due care, they are acting responsibly and will have a lower probability of being found negligent and liable if a security breach takes place.

Question 8

Q

Why is the importance of Security Management growing?

Answer

A

• Security management has become more important over the years because networks have evolved from centralized environments to distributed environments.

Question 9

Q

The objectives of security

Answer

A

To provide availability, integrity, and confidentiality protection to data and resources.

Question 10

Q

Planning horizon

Answer

A

Strategic planning is long term, tactical planning is midterm, and operational planning is day to day. These make up a planning horizon.

Question 11

Q

ISO/IEC 27002 (formerly ISO 17799 Part 1)

Answer

A

A comprehensive set of controls comprising best practices in information security and provides guidelines on how to set up and maintain security programs.

Question 12

Q

Security components

Answer

A

Can be technical (firewalls, encryption, and access control lists) or nontechnical (security policy, procedures, and compliance enforcement).

Question 13

Q

Asset identification

Answer

A

Should include tangible assets (facilities and hardware)

and intangible assets (corporate data and reputation).

Question 14

Q

Project sizing

Answer

A

Means to understand and document the scope of the project

Must be done before a risk analysis is performed.

Question 15

Q

Assurance

Answer

A

The degree of confidence that a certain security level is being provided.

Question 16

Q

CobiT

Answer

A

A framework that defines goals for the controls that should be used to
properly manage IT and to ensure that IT maps to business needs.

Question 17

Q

Four domains of CobiT

Answer

A

Plan and Organize
Acquire and Implement
Deliver and Support
Monitor and Evaluate.

Question 18

Q

ISO/IEC 27001

Answer

A

The standard for the establishment, implementation,

control, and improvement of the Information Security Management System.

Question 19

Q

How should security management work?

Answer

A

It should work from the top down (from senior management down to the staff).

Question 20

Q

Governance

Answer

A

The set of responsibilities and practices exercised by the board
and executive management with the goal of providing strategic direction,
ensuring that objectives are achieved, ascertaining that risks are managed
appropriately, and verifying that the enterprise’s resources are used responsibly.

Question 21

Q

What should determine which security model a company chooses?

Answer

A

Should depend on the type of business, its critical missions, and its objectives.

Question 22

Q

The OECD

Answer

A

an international organization that helps different governments
come together and tackle the economic, social, and governance challenges of
a globalized economy.

Question 23

Q

How can risk be treated?

Answer

A

It can be transferred, avoided, reduced, or accepted.

Question 24

Q

What is an example of risk transference?

Answer

A

When a company buys insurance.

Question 25

Q

Ways to reduce risk

Answer

A

Improving security procedures and implementing safeguards.

Question 26

Q

Formula for total risk

Answer

A

Threats × vulnerability × asset value = total risk

Question 27

Q

Formula for residual risk

Answer

A

(Threats × vulnerability × asset value) × controls gap = residual risk

Question 28

Q

Main goals of risk analysis

Answer

A

- Identify assets and assign
values to them
- Identify vulnerabilities and threats
- Quantify the impact of
potential threats
- provide an economic balance between the impact of the risk and the cost of the safeguards.

Question 29

Q

Information risk management (IRM)

Answer

A

The process of identifying, assessing,
and reducing risk to an acceptable level and implementing the right
mechanisms to maintain that level of risk.

Question 30

Q

Failure Modes and Effect Analysis (FMEA)

Answer

A

A method for determining
functions, identifying functional failures, and assessing the causes of failure
and their failure effects through a structured process.

Question 31

Q

Fault tree analysis

Answer

A

A useful approach to detect failures that can take place within complex environments and systems.

Question 32

Q

Quantitative risk analysis

Answer

A

Attempts to assign monetary values to components within the analysis.

Question 33

Q

Is a purely quantitative risk analysis possible?

Answer

A

No, because qualitative items

cannot be quantified with precision.

Question 34

Q

Why is capturing the degree of uncertainty when carrying out a risk analysis
important?

Answer

A

because it indicates the level of confidence the team and management should have in the resulting figures.

Question 35

Q

What must be considered when determining the value of information?

Answer

A

the cost to acquire and develop data
the cost to maintain and
protect data
the value of the data to owners, users, and adversaries
the cost of replacement if the data is lost
the price others are willing to pay for the
data
lost opportunities
the usefulness of the data,

Question 36

Q

Automated risk analysis tools

Answer

A

Reduce the amount of manual work involved in the analysis.
They can be used to estimate future expected losses and calculate
the benefits of different security measures.

Question 37

Q

Single loss expectancy (SLE)

Answer

A

The amount that could be lost if a specific

threat agent exploited a vulnerability.

Question 38

Q

Formula for Annualized Loss Expectancy (ALE)

Answer

A

Single loss expectancy × frequency per year = annualized loss expectancy
(SLE × ARO = ALE).

Question 39

Q

Qualitative risk analysis

Answer

A

Uses judgment and intuition instead of numbers.
• Involves people with the requisite experience and education evaluating threat scenarios and rating the probability, potential loss, and severity of each threat based on their personal experience.

Question 40

Q

The Delphi technique

Answer

A

A group decision method where each group member can communicate anonymously.

Question 41

Q

What must be considered when choosing the right safeguard to reduce a specific risk?

Answer

A

the cost, functionality, and effectiveness must be evaluated and a cost/benefit analysis performed.

Question 42

Q

A security policy

Answer

A

A statement by management dictating the role security plays in the organization.

Question 43

Q

Procedures

Answer

A

Detailed step-by-step actions that should be followed to achieve a certain task.

Question 44

Q

A standard

Answer

A

Specifies how hardware and software are to be used. Standards are
compulsory.

Question 45

Q

A baseline

Answer

A

A minimum level of security.

Question 46

Q

Guidelines

Answer

A

Recommendations and general approaches that provide advice and flexibility.

Question 47

Q

Job rotation

Answer

A

A control to detect fraud.

Question 48

Q

Mandatory vacations

Answer

A

A control type that can help detect fraudulent activities.

Question 49

Q

Separation of duties

Answer

A

Ensures no single person has total control over an activity or task.

Question 50

Q

Split knowledge and dual control

Answer

A

Two aspects of separation of duties.

Question 51

Q

Why is data classified?

Answer

A

to assign priorities to data and ensure the appropriate level of protection is provided.
• Data owners specify the classification of data.

Question 52

Q

What requirements does security have?

Answer

A

Functional requirements, which define the expected behavior from a product or system
Assurance requirements, which establish
confidence in the implemented products or systems overall.

Question 53

Q

How should the security program fit into the business plan?

Answer

A

Security program should be integrated with current business objectives and goals.

Question 54

Q

What is management’s role in security?

Answer

A

Management must define the scope and purpose of security management,
provide support, appoint a security team, delegate responsibility, and review
the team’s findings.

Question 55

Q

Who should be included in the risk management team?

Answer

A

should include individuals from different

departments within the organization, not just technical personnel.

Question 56

Q

How would qualitative and quantitative ratings be expressed?

Answer

A

A qualitative rating would be expressed in high, medium, or low, or on a
scale of 1 to 5 or 1 to 10. A quantitative result would be expressed in dollar
amounts and percentages.

Question 57

Q

What should safeguards default to?

Answer

A

They should default to least privilege, and have fail-safe defaults and override capabilities.

Question 58

Q

How should safeguards be imposed?

Answer

A

Uniformly, so everyone has the same

restrictions and functionality.

Question 59

Q

What is a key element during the initial security planning process?

Answer

A

To define reporting relationships.

Question 60

Q

The data custodian (information custodian) is responsible for _____________?

Answer

A

Maintaining and protecting data.

Question 61

Q

What does a security analyst do?

Answer

A

Works at a strategic level and helps develop policies, standards, and guidelines, and also sets various baselines.

Question 62

Q

Application owners are responsible for _____________.

Answer

A

Dictating who can and cannot access
their applications, as well as the level of protection these applications provide
for the data they process and for the company.

Question 63

Q

Access

Answer

A

A flow of information between a subject and an object.

Question 64

Q

A subject

Answer

A

An active entity that requests access to an object, which is a passive entity.

Answer 65

A

can be a user, program, or process.

Answer 66

A

The assurance that information is not disclosed to unauthorized subjects.

Answer 67

A

Encryption, logical and physical access control, transmission protocols, database views, and controlled traffic flow.

Answer 68

A

Directories, web access management,

password management, legacy single sign-on, account management, and profile update.

Answer 69

A

Reduces the complexity of keeping up with different passwords for different systems.

Answer 70

A

Reduces help-desk call volumes by allowing users to reset their own passwords.

Answer 71

A

Reduces the resolution process for password issues for the help-desk department.

Answer 72

A

contain all resource information, users’ attributes, authorization profiles, roles, and possibly access control policies so other IdM applications have one centralized resource from which to gather this information.

Answer 73

A

Common in account management

products that provide IdM solutions.

Answer 74

A

Refers to the creation, maintenance, and deactivation of user objects and attributes, as they exist in one or more systems, directories, or applications.

Answer 75

A

Usually considered the authoritative source for user identities because that is where it is first developed and properly maintained.

Answer 76

A

discretionary, mandatory, and

nondiscretionary.

Answer 77

A

Enables data owners to dictate what

subjects have access to the files and resources they own.

Answer 78

A

Uses a security label system. Users have
clearances, and resources have security labels that contain data classifications.
MAC compares these two attributes to determine access control capabilities.

Answer 79

A

uses a role-based method to determine access rights and permissions.

Answer 80

A

Based on the user’s role and responsibilities within the company.

Answer 81

A

menus and shells, database views, and physically constrained interfaces.

Answer 82

A

are bound to objects and indicate what subjects can use them.

Answer 83

A

Bound to a subject and lists what objects it can access.

Answer 84

A

centralized and decentralized

Answer 85

A

A decentralized administration example is a peer-to-peer working group.

Answer 86

A

A security policy, personnel controls,

supervisory structure, security-awareness training, and testing.

Answer 87

A

Network segregation, perimeter security,

computer controls, work area separation, data backups, and cable.

Answer 88

A

System access, network architecture,

network access, encryption and protocols, and auditing.

Answer 89

A

Preventive, detective, corrective, deterrent, recovery, or compensative.

Answer 90

A

Identified, authenticated,

and authorized, and should be held accountable for its actions.

Answer 91

A

Biometrics, a password, a passphrase,

a cognitive password, a one-time password, or a token.

Answer 92

A

means the system rejected an authorized

individual, and a Type II error means an imposter was authenticated.

Answer 93

A

A memory card cannot process information, but a smart card can.

Answer 94

A

no access

Answer 95

A

limit users’ rights to only what is

needed to perform tasks of their job.

Answer 96

A

Requires a user to be authenticated to the network only one time.

Answer 97

A

Kerberos, SESAME, domains, and thin clients.

Answer 98

A

In Kerberos, a user receives a ticket from the KDC so they can authenticate to a
service.

Answer 99

A

The Kerberos user receives a ticket granting ticket (TGT), which allows him to
request access to resources through the ticket granting service (TGS). The TGS
generates a new ticket with the session keys.

Answer 100

A

Denial of service
Spoofing, dictionary
Brute force
Wardialing.

Answer 101

A

can track user activities, application events, and system events.

Answer 102

A

A type of auditing that tracks each keystroke made by a user.

Answer 103

A

protected and reviewed.

Answer 104

A

can unintentionally disclose information.Just removing pointers to files is not always enough protection for proper
object reuse.

Answer 105

A

electrical signals in airwaves. The ways to

combat this type of intrusion are TEMPEST, white noise, and control zones.

Answer 106

A

someone knows, is, or has.

Answer 107

A

synchronous or asynchronous methods.

Answer 108

A

two of the three user authentication attributes (what someone knows, is, or has).

Answer 109

A

privacy and integrity but not availability.

Answer 110

A

the KDC is a single point of failure
it is susceptible to password guessing
session and secret keys are locally stored
KDC needs to always be available
there must be management of secret keys.

Answer 111

A

statistical (monitor behavior) or signature-based (watch for known attacks).

Answer 112

A

A safeguard against disclosure of confidential information because it returns media back to its original state.

Answer 113

A

A type of social engineering with the goal of obtaining personal information, credentials, credit card number, or financial data.

Answer 114

A

Two systems can have the exact same hardware, software components, and
applications, but provide different levels of protection because of the different
security policies and security models the two systems were built upon.

Answer 115

A

A CPU contains a control unit, which controls the timing of the execution of
instructions and data, and an ALU, which performs mathematical functions
and logical operations.

Answer 116

A

Most systems use protection rings. The more privileged processes run in the
lower-numbered rings and have access to all or most of the system resources.
Applications run in higher-numbered rings and have access to a smaller amount of resources.

Answer 117

A

Operating system processes are executed in privileged or supervisor mode, and
applications are executed in user mode, also known as “problem state.”

Answer 118

A

Nonvolatile and can be a hard drive, CD-ROM drive, floppy drive, tape backup, or a jump drive.

Answer 119

A

Combines RAM and secondary storage so the system seems to have a larger bank of memory.

Answer 120

A

Occurs when two processes are trying to access the same resource at the same time.

Answer 121

A

Security mechanisms can focus on different issues, work at different layers,
and vary in complexity.The more complex a security mechanism is, the less amount of assurance it can usually provide.

Answer 122

A

Not all system components fall under the trusted computing base (TCB), which includes only those system components that enforce the security policy directly and protect the system. These components are within the security perimeter.

Answer 123

A

Hardware, software, and firmware that

provide some type of security protection.

Answer 124

A

An imaginary boundary that has trusted components within it (those that make up the TCB) and untrusted components outside it.

Answer 125

A

An abstract machine that ensures all subjects have the necessary access rights before accessing objects. Therefore, it mediates all accesses to objects by subjects.

Answer 126

A

The mechanism that actually enforces the rules of the reference monitor concept.

Answer 127

A

must isolate processes carrying out the reference monitor concept
must be tamperproof
must be invoked for each access attempt
must be small enough to be properly tested.

Answer 128

A

All the objects available to a subject.

Answer 129

A

Can be done through segmented memory
addressing, encapsulation of objects, time multiplexing of shared resources,
naming distinctions, and virtual mapping.

Answer 130

A

how well it enforces the security policy.

Answer 131

A

processes data at different classifications (security levels), and users with different clearances (security levels) can use the system.

Answer 132

A

so they have just enough system

privileges to fulfill their tasks and no more.

Answer 133

A

Some systems provide security at different layers of their architectures, which
is called layering. This separates the processes and provides more protection
for them individually.

Answer 134

A

occurs when processes work at different layers and have layers of access control between them. Processes need to know how to communicate only with each other’s interfaces.

Answer 135

A

maps the abstract goals of a security policy to computer system terms and concepts. It gives the security policy structure and provides a framework for the system.

Answer 136

A

Often proprietary to the manufacturer or vendor, whereas the open system allows for more interoperability.

Answer 137

A

Deals only with confidentiality
Has a simple security rule, which means a subject cannot read data from a higher level (no read up).
The *-property rule means a subject cannot write to an object at a lower level (no write down).
The strong star property rule dictates that a subject can read and write to objects at
its own security level.
used mainly in military systems.

Answer 138

A

deals with the different states a system can enter. If a system starts in a secure state, all state transitions take place securely, and the system shuts down and fails securely, the system will never end up in an insecure state.

Answer 139

A

provides an upper bound and a lower bound of authorized access for subjects.

Answer 140

A

does not permit data to flow to an object

in an insecure manner.

Answer 141

A

only deals with one level of data classification, and all users must have this level of clearance to be able to use the system.

Answer 142

A

Deals only with integrity
does not let subjects write to objects at a higher integrity level (no write up), and it does not let subjects read data at a lower integrity level (no read down).
used in the commercial sector

Answer 143

A

Deals only with integrity
dictates that subjects can only access objects through applications. This model also illustrates how to provide functionality for separation of duties and requires auditing tasks within software.
used in the commercial sector.

Answer 144

A

enable the system to process

data classified at different classification levels.

Answer 145

A

means that a system uses all of its protection mechanisms properly to process sensitive data for many types of users.

Answer 146

A

the level of confidence you have in this trust and that the protection mechanisms behave properly in all circumstances predictably.

Answer 147

A

also called Trusted Computer System Evaluation Criteria (TCSEC), was developed to evaluate systems built to be used mainly by the military. Its use was expanded to evaluate other types of products.

Answer 148

A

means a system provides minimal
protection and is used for systems that were evaluated but failed to meet
the criteria of higher divisions.

Answer 149

A

deals with discretionary protection

Answer 150

A

deals with mandatory protection (security labels).

Answer 151

A

means the system’s design and level of

protection are verifiable and provide the highest level of assurance and trust.

Answer 152

A

Requires object reuse protection and auditing.

Answer 153

A

first rating that requires security labels.

Answer 154

A

requires security labels for all subjects and devices, the existence of a trusted path, routine covert channel analysis, and the provision of separate administrator functionality.

Answer 155

A

evaluates the assurance and functionality of a system’s protection mechanisms separately, whereas TCSEC combines the two into one rating.

Answer 156

A

Developed to provide globally recognized
evaluation criteria and is in use today. It combines sections of TCSEC,
ITSEC, CTCPEC, and the Federal Criteria.

Answer 157

A

EAL1 to EAL7.

Answer 158

A

the technical evaluation of a system or product and its security components. Accreditation is management’s formal approval and acceptance of the security provided by a system.

Answer 159

A

An unintended communication path that transfers data in a way that violates the security policy.

Answer 160

A

timing and storage covert channels

Answer 161

A

enables a process to relay information to another process by modulating its use of system resources.

Answer 162

A

a process to write data to a storage medium

so another process can read it.

Answer 163

A

Developed to let a programmer into the application quickly for maintenance. This should be removed before the application goes into production or it can cause a serious security risk.

Answer 164

A

Where instructions are executed by the CPU. The operating system’s instructions are executed in a privileged mode, and
applications’ instructions are executed in user mode.

Answer 165

A

ensures that multiple processes can run concurrently and the processes will not interfere with each other or affect each other’s memory segments.

Answer 166

A

in the system’s kernel.

Answer 167

A

stands for time-of-check/time-of-use. This is a class of asynchronous attacks.

Answer 168

A

the first goal of integrity, which is to prevent unauthorized users from making modifications.

Answer 169

A

all three integrity goals: prevent unauthorized users from making modifications, prevent authorized users from making improper modifications, and maintain internal and external consistency.

Answer 170

A

users can only access and manipulate objects through programs. It uses access triple, which is subject-program-object.

Answer 171

A

Physical security

Answer 172

A

combines the physical environment and sociology issues that surround it to reduce crime rates and the fear of crime.

Answer 173

A

The value of property within the facility and the value of the facility itself need to be ascertained to determine the proper budget for physical security

Answer 174

A

help minimize the resulting damage and

speed the recovery process. Manual controls can be time-consuming and errorprone, and require constant attention.

Answer 175

A

Construction materials and structure composition

Answer 176

A

local crime, natural disaster possibilities, and distance to hospitals, police and fire stations, airports, and railroads.

Answer 177

A

should maintain the appropriate temperature and humidity levels and provide closed-loop recirculating air-conditioning and positive pressurization and ventilation.

Answer 178

A

corrosion

Answer 179

A

static electricity.

Answer 180

A

drills and exercises of emergency procedures, simulation testing, documentation, inspections and reports, prescreening of employees, post-employment procedures, delegation of responsibility and rotation of duties, and security-awareness training.

Answer 181

A

User-activated (action needs to be

taken by a user) or system sensing (no action needs to be taken by the user).

Answer 182

A

is a proximity identification device that does not require action by the user. The reader transmits signals to the device, and the device responds with an access code.

Answer 183

A

If interior partitions do not go all the way up to the true ceiling, an intruder
can remove a ceiling tile and climb over the partition into a critical portion of
the facility.

Answer 184

A

Include motion detectors, CCTVs, vibration

sensors, and electromechanical devices.

Answer 185

A

can be penetrated, are expensive to install and monitor, require human response, and are subject to false alarms.

Answer 186

A

enables one person to monitor a large area, but should be coupled with alerting functions to ensure proper response.

Answer 187

A

uses a keypad and is programmable.

Answer 188

A

destruction, modification, theft,

unauthorized copying, and disclosure.

Answer 189

A

need to be able to hold the necessary load and provide the required fire rating.

Answer 190

A

shutoff valves and positive drains

substance flows out instead of in

Answer 191

A

interruption of services, theft, physical

damage, unauthorized disclosure, and loss of system integrity.

Answer 192

A

is what is used in day-to-day operations, and the alternate power source is a backup in case the primary source fails.

Answer 193

A

they are experiencing high demand.

Answer 194

A

A disturbance of power and can be caused by electromagnetic interference (EMI) or radio frequency interference (RFI).

Answer 195

A

lightning, motors, and the current difference between wires.

Answer 196

A

electrical system mechanisms, fluorescent lighting, and electrical cables.

Answer 197

A

disturbance imposed on a power line that causes electrical interference.

Answer 198

A

condition the line to keep voltage steady and clean.

Answer 199

A

the size of the electrical load the UPS
can support, the speed with which it can assume the load when the primary
source fails, and the amount of time it can support the load.

Answer 200

A

protect from electrical and magnetic induction, which causes interference to the power voltage.

Answer 201

A

used to deter trespassing and to enable people to enter a facility through a few controlled entrances.

Answer 202

A

on and above suspended ceilings, below

raised floors, and in air ducts to provide maximum fire detection.

Answer 203

A

Gases, like Halon, FM-200, and other Halon substitutes

Answer 204

A

before activation of a fire suppressant
to ensure it stays in the needed area and that smoke is not distributed to
different areas of the facility.

Answer 205

A

within 50 feet of electrical

equipment and should be inspected quarterly.

Answer 206

A

No, because it depletes the ozone. FM-200 or other similar substances are used instead of halon.

Answer 207

A

require human response, can cause false alarms, and
depend on a constant power supply, so these protection systems should be
backed up by other types of security systems.

Answer 208

A

reduce the accidental discharge of water because the water does not enter the pipes until an automatic fire sensor indicates there is an actual fire.
In locations with freezing temperatures where broken pipes cause problems, dry pipes should be used.

Answer 209

A

delays water release

Answer 210

A

if the operating system does not

have packet forwarding or routing disabled.

Answer 211

A

A set of rules that dictates how computers communicate over networks.

Answer 212

A

has services and protocols required by the user’s applications for networking functionality.

Answer 213

A

formats data into a standardized format and deals with the syntax of the data, not the meaning.

Answer 214

A

the network layer, layer 3.

Answer 215

A

sets up, maintains, and breaks down the dialog (session) between two applications. It controls the dialog organization and
synchronization.

Answer 216

A

provides end-to-end transmissions

Answer 217

A

provides routing, addressing, and fragmentation of packets. This layer can determine alternative routes to avoid network congestion.

Answer 218

A

prepares data for the network medium by framing it. This is where the different LAN and WAN technologies live.

Answer 219

A

provides physical connections for transmission and performs the electrical encoding of data. This layer transforms bits to electrical signals.

Answer 220

A

A suite of protocols that is the de facto standard for transmitting data
across the Internet. TCP is a reliable, connection-oriented protocol, while IP is
an unreliable, connectionless protocol.

Answer 221

A

defines how the physical layer transmits the network layer packets. ARP and RARP are two protocols at this layer.

Answer 222

A

TCP and UDP

Answer 223

A

a connectionless protocol that does not send or receive acknowledgments when a datagram is received. It does not ensure data arrives at its destination. It provides “best-effort” delivery.

Answer 224

A

A connection-oriented protocol that sends and receives acknowledgments. It ensures data arrives at its destination.

Answer 225

A

translates the IP address into a MAC address (physical Ethernet address),
while RARP translates a MAC address into an IP address.

Answer 226

A

works at the network layer and informs hosts, routers, and devices of
network or computer problems. It is the major component of the ping utility

Answer 227

A

resolves hostnames into IP addresses and has distributed databases all
over the Internet to provide name resolution.

Answer 228

A

is called ARP poisoning and can redirect traffic to an attacker’s computer or an
unattended system

Answer 229

A

accomplished by ACLs and is a first generation firewall. Traffic can be filtered by addresses, ports, and protocol types.

Answer 230

A

move frames from one network to another by placing them inside of routable encapsulated frames.

Answer 231

A

application independence, high performance, and

scalability, but it provides low security and no protection above the network layer.

Answer 232

A

transfer an isolated copy of each approved packet from one network to another network.

Answer 233

A

requires a proxy for each approved service and can understand and make access decisions on the protocols used and the
commands within those protocols.

Answer 234

A

Yes, but at a lower layer. Circuit-level

firewalls do not look as deep within the packet as application proxies do.

Answer 235

A

is the middleman in communication. It does not allow anyone to connect directly to a protected host within the internal network.
Proxy firewalls are second-generation firewalls.

Answer 236

A

good security and have full applicationlayer
awareness, but they have poor performance, limited application support,
and poor scalability.

Answer 237

A

keeps track of each communication session. It must maintain a state table that contains data about each connection. It is a third generation firewall.

Answer 238

A

uses tunneling protocols and encryption to provide a secure network link
between two networks or hosts. A private and secure connection can be made
across an unsecure network.

Answer 239

A

PPTP, L2TP, or IPSec

Answer 240

A

data link

Answer 241

A

network

can handle multiple tunnels at the same time

Answer 242

A

usually the most expensive type of WAN connectivity method because the fee is based on the distance between the two destinations rather than on the amount of bandwidth used. T1 and T3 are examples of dedicated links.

Answer 243

A

packet-switched WAN technologies that use virtual circuits instead of dedicated ones.

Answer 244

A

serves as the central meeting place for

all cables from computers and devices.

Answer 245

A

divides networks into more controllable segments to ensure more efficient use of bandwidth

Answer 246

A

data link

understand MAC addresses, not IP addresses.

Answer 247

A

A device with combined repeater and bridge technology.

Answer 248

A

data link

understands MAC addresses

Answer 249

A

link two or more network segments, where each segment can function as an independent network

Answer 250

A

network

works with IP addresses, and has more network knowledge than bridges, switches, or repeaters.

Answer 251

A

by MAC addresses and forwards broadcast traffic.

Answer 252

A

IP addresses and does not forward broadcast traffic.

Answer 253

A

switching and routing technology

Answer 254

A

the loss of signal strength when a cable exceeds its maximum length.

Answer 255

A

are twisted-pair cabling types that are the most popular, cheapest, and easiest to work with

Answer 256

A

they are the easiest to tap into, have

crosstalk issues, and are vulnerable to electromagnetic interference (EMI).

Answer 257

A

is more expensive than UTP and STP, is more resistant to EMI, and can carry baseband and broadband technologies.

Answer 258

A

carries data as light waves, is expensive, can transmit data at high speeds, is difficult to tap into, and is resistant to EMI. If security is extremely important, fiber cabling should be used.

Answer 259

A

transfers data in fixed cells, is a WAN technology, and transmits data at
very high rates. It supports voice, data, and video applications.

Answer 260

A

LAN and MAN technology, usually used for backbones, that uses token-passing technology and has redundant rings in case the primary ring goes down.

Answer 261

A

802.3, the most commonly used LAN implementation today and can operate at 10 to 1,000 Mbps.

Answer 262

A

802.5 is an older LAN implementation that uses a token-passing technology.

Answer 263

A

all computers compete for the shared network cable, listen to learn when they can transmit data, and are susceptible
to data collisions.

Answer 264

A

set up a circuit that will be used during a data transmission session. Packet-switching technologies do not set up circuits— instead, packets can travel along many different routes to arrive at the same
destination.

Answer 265

A

is programmed into WAN devices, whereas
a switched virtual circuit (SVC) is temporary. SVCs are set up and then torn
down quickly when no longer needed.

Answer 266

A

used when a LAN device needs to communicate with WAN devices. It ensures the necessary electrical signaling and format are used. It interfaces between a DTE and a DCE.

Answer 267

A

a BRI rate that uses two B channels and one D channel, and a PRI rate that uses up to 23 B channels. They support voice, data, and video.

Answer 268

A

a WAN protocol that works at the data link layer and performs packet switching. It is an economical choice because the fee is based on bandwidth usage.

Answer 269

A

an encapsulation protocol for telecommunication connections. It replaced
SLIP and is ideal for connecting different types of devices over serial lines.

Answer 270

A

transmits high-speed bandwidth over existing phone lines.

Answer 271

A

this can be compromised by enabling call forwarding.

Answer 272

A

PAP sends credentials in cleartext, and CHAP authenticates using a challenge/
response mechanism and therefore does not send passwords over the network

Answer 273

A

is a proxy-based firewall solution. It is a circuit-based proxy firewall and does not use application-based proxies

Answer 274

A

protects the payload and header information of a packet

Answer 275

A

protects only the payload

Answer 276

A

between the perimeter router and the LAN.

Answer 277

A

is a DMZ created by two physical firewalls.

Answer 278

A

when companies do not want systems to know internal hosts’ addresses, and it enables companies to use private, nonroutable IP addresses.

Answer 279

A

WLAN technology and has several variations—

802.11a, 802.11b, 802.11f, 802.11g, and 802.11i.

Answer 280

A

outlines wireless personal area network (WPAN) technologies

Answer 281

A

addresses wireless MAN technologies.

Answer 282

A

A protocol stack used instead of TCP/IP on wireless devices

Answer 283

A

different SSIDs

Answer 284

A

works in the 2.4GHz range at 11 Mbps

Answer 285

A

works in the 5GHz range at 54 Mbps.

Answer 286

A

32, 128; thus, IPv6

provides more possible addresses with which to work.

Answer 287

A

allows large IP ranges to be divided into smaller, logical and easier to maintain network segments

Answer 288

A

is a signaling protocol widely used for VoIP

communications sessions

Answer 289

A

A new variant to the traditional e-mail spam has emerged on VoIP networks (Spam over Internet Telephony).

Answer 290

A

is a SMTP server that is configured in such a way that it can transmit e-mail messages from any source to any destination.

Answer 291

A

the science of protecting information by encoding it into an unreadable format.

Answer 292

A

the Enigma used by the Germans in WWII.

Answer 293

A

A readable message

Answer 294

A

an encrypted message

Answer 295

A

the mathematical rules that dictate the functions of enciphering and deciphering.

Answer 296

A

the study of breaking cryptosystems.

Answer 297

A

a service that ensures the sender cannot later falsely deny sending a message.

Answer 298

A

an instance in which two different keys generate the same ciphertext from the same plaintext.

Answer 299

A

The range of possible keys.
A larger keyspace and the full use of the keyspace allow for more random keys to be created. This provides more protection.

Answer 300

A

substitution and transposition

Answer 301

A

change a character (or bit) out for another

Answer 302

A

scramble the characters (or bits).

Answer 303

A

uses more than one alphabet to defeat frequency analysis.

Answer 304

A

a method of hiding data within another media type, such as a graphic, WAV file, or document. This method is used to hide the existence of the data.

Answer 305

A

a random string of bits inserted into an encryption algorithm. The result determines what encryption functions will be carried out on a message and in what order.

Answer 306

A

the sender and receiver use the same key for encryption and decryption purposes.

Answer 307

A

the sender and receiver use different keys for encryption and decryption purposes.

Answer 308

A

provide barriers of secure key distribution and scalability. However, symmetric key algorithms perform much faster than
asymmetric key algorithms.

Answer 309

A

Confidentiality, but not authentication

or nonrepudiation.

Answer 310

A

DES, 3DES, Blowfish, IDEA,

RC4, RC5, RC6, and AES.

Answer 311

A

used to encrypt keys, and symmetric algorithms are used to encrypt bulk data.

Answer 312

A

are much slower than symmetric key algorithms, but can provide authentication and nonrepudiation services.

Answer 313

A

RSA, ECC, Diffie-Hellman,

El Gamal, Knapsack, and DSA.

Answer 314

A

stream and block ciphers.

Answer 315

A

use a keystream generator and encrypt a message one bit at a time.

Answer 316

A

divides the message into groups of bits and encrypts them.

Answer 317

A

Block ciphers are usually implemented in software, and stream ciphers are usually implemented in hardware.

Answer 318

A

is a block cipher that divides a message into 64-bit blocks and employs S-box-type functions on them.

Answer 319

A

uses 48 rounds of computation and up to three different keys.

Answer 320

A

is a symmetric block cipher with a key of 128 bits.

Answer 321

A

an asymmetric algorithm developed by Rivest, Shamir, and Adleman and is the de facto standard for digital signatures.

Answer 322

A

used as asymmetric algorithms and can provide digital signature, secure key distribution, and encryption functionality. They use much less resources, which makes them better for wireless device and cell phone encryption use.

Answer 323

A

When symmetric and asymmetric key algorithms are used together. The asymmetric algorithm encrypts the symmetric key,
and the symmetric key encrypts the data

Answer 324

A

A symmetric key used by the sender and receiver of messages for encryption and decryption purposes. The session key is only good while that communication session is active and then it is destroyed

Answer 325

A

A framework of programs, procedures,
communication protocols, and public key cryptography that enables a diverse
group of individuals to communicate securely.

Answer 326

A

a trusted third party that generates and

maintains user certificates, which hold their public keys.

Answer 327

A

to keep track of revoked

certificates.

Answer 328

A

the mechanism the CA uses to associate a public key to a person’s identity.

Answer 329

A

validates the user’s identity and then sends the request for a certificate to the CA. The RA cannot generate certificates.

Answer 330

A

a mathematical function that is easier to compute in one direction than in the opposite direction.

Answer 331

A

based on a one-way function that factors large numbers into prime numbers. Only the private key knows how to use the trapdoor and how to decrypt messages that were encrypted with the corresponding public key.

Answer 332

A

provide data integrity only.

Answer 333

A

Produced when a hash algorithm is applied to a message, and this value is signed with a private key to produce a digital signature.

Answer 334

A

SHA-1, MD2, MD4, MD5, and HAVAL.

Answer 335

A

produces a variable-length hash value, whereas the other hashing algorithms mentioned produce a fixed-length value.

Answer 336

A

produces a 160-bit hash value and is used in DSS.

Answer 337

A

An attack on hashing functions through brute force. The attacker tries to create two messages with the same hashing value.

Answer 338

A

uses a pad with random values that are XORed against the message to produce ciphertext. The pad is at least as long as the message itself and is used once and then discarded.

Answer 339

A

is the result of a user signing a hash value with a private key. The act of signing is the actual encryption of the value with the private key.

Answer 340

A

It provides authentication, data integrity, and nonrepudiation.

Answer 341

A

RSA, El Gamal, ECDSA, and DSA.

Answer 342

A

one of the most challenging pieces of cryptography. It pertains to creating, maintaining, distributing, and destroying cryptographic keys.

Answer 343

A

is a key agreement protocol and does not

provide encryption for data and cannot be used in digital signatures.

Answer 344

A

The “next version” of SSL and is an open-community protocol, which allows for expansion and interoperability with other technologies.

Answer 345

A

encrypts the entire packet, including headers and trailers, and has to be decrypted at each hop.

Answer 346

A

does not encrypt the headers and trailers, and therefore does not need to be decrypted at each hop.

Answer 347

A

is an Internet standard that provides secure
e-mail over the Internet by using encryption, digital signatures, and key
management.

Answer 348

A

is the military’s PEM.

Answer 349

A

is an e-mail security program that uses public key encryption. It employs a web of trust instead of the hierarchical structure used in PKI.

Answer 350

A

provides protection for each message sent between two computers, but not the actual link.

Answer 351

A

protects the communication channel. HTTPS is HTTP that uses SSL for security purposes.

Answer 352

A

is a proposed electronic commerce

technology that provides a safer method for customers and merchants to perform transactions over the Internet.

Answer 353

A

AH provides integrity and authentication, and ESP provides those
plus confidentiality.

Answer 354

A

transport mode (the data payload is protected) or tunnel mode (the payload and headers are protected).

Answer 355

A

IKE is the de facto standard and

is a combination of ISAKMP and OAKLEY.

Answer 356

A

contains strategy documents that provide
detailed procedures that ensure critical business functions are maintained and
that help minimize losses of life, operations, and systems.

Answer 357

A

enterprisewide, with individual organizational units each having their own detailed continuity and contingency plans.

Answer 358

A

critical applications and provide a sequence for efficient recovery.

Answer 359

A

senior executive management support for initiating the plan and final approval

Answer 360

A

personnel turnover, reorganizations, and undocumented changes.

Answer 361

A

proper BCPs are not developed and used.

Answer 362

A

natural, manmade, or technical.

Answer 363

A

initiating the project; performing
business impact analyses; developing a recovery strategy; developing a recovery
plan; and implementing, testing, and maintaining the plan.

Answer 364

A

getting management support, developing

the scope of the plan, and securing funding and resources.

Answer 365

A

is one of the most important first steps in
the planning development. Qualitative and quantitative data needs to be gathered, analyzed, interpreted, and presented to management.

Answer 366

A

Executive commitment and support

Answer 367

A

must be presented to gain executive support. This is done by explaining regulatory and legal requirements, exposing vulnerabilities, and providing solutions.

Answer 368

A

should be prepared by the people who will actually carry them out.

Answer 369

A

should comprise representatives from all departments or organizational units.

Answer 370

A

should identify the individuals who will interact with external entities such as the press, shareholders, customers, and civic officials. Response to the disaster should be done quickly and honestly, and should be consistent with any other employee response.

Answer 371

A

added operational costs, loss in reputation and public confidence, loss of competitive advantage, violation of regulatory or legal requirements, loss in productivity, delayed income, interest costs, and loss in revenue.

Answer 372

A

geographical, organizational, or

functional means.

Answer 373

A

is one in which a company promises another company it can move in and share space if it experiences a disaster and vice versa.
Reciprocal agreements are very tricky to implement and are unenforceable.
However, they are cheap and sometimes the only choice.

Answer 374

A

is fully configured with hardware, software, and environmental needs. It can usually be up and running in a matter of hours. It is the most expensive option, but some companies cannot be out of business longer than a day without detrimental results.

Answer 375

A

does not have computers, but it does have some peripheral devices such as disk drives, controllers, and tape drives. This option is less expensive than a hot site, but takes more effort and time to get operational.

Answer 376

A

is just a building with power, raised floors, and utilities. No devices are available. This is the cheapest of the three options, but can take weeks to get up and operational.

Answer 377

A

least critical organizational units

Answer 378

A

a clear indication of what is being
tested, how success will be determined, and how mistakes should be expected
and dealt with.

Answer 379

A

is one in which copies of the plan are handed out to each functional area to ensure the plan properly deals with the area’s needs and vulnerabilities.

Answer 380

A

one in which representatives from each

functional area or department get together and walk through the plan from beginning to end.

Answer 381

A

one in which a practice execution of the plan takes place. A specific scenario is established, and the simulation continues up to the point of actual relocation to the alternate site.

Answer 382

A

is one in which some systems are actually run at the alternate site.

Answer 383

A

one in which regular operations are stopped and where processing is moved to the alternate site.

Answer 384

A

involves transmitting the journal or transaction log offsite to a backup facility

Answer 385

A

refers to going through someone’s trash to find confidential or useful information. It is legal, unless it involves trespassing, but in all cases it is considered unethical.

Answer 386

A

is a passive attack that eavesdrops on communications. It is only legal with prior consent or a warrant.

Answer 387

A

is the act of tricking or deceiving a person into giving confidential or sensitive information that could then be used against him or his company.

Answer 388

A

Uses prewritten rules and is not based on precedence

Is different from civil (tort) laws, which work under a common law system

Answer 389

A

Made up of criminal, civil, and administrative laws

Answer 390

A

Addresses mainly personal conduct, and uses regional traditions and customs as the foundations of the laws
Is usually mixed with another type of listed legal system rather than being
the sole legal system used in a region

Answer 391

A

Laws are derived from religious beliefs and address an individual’s religious
responsibilities; commonly used in Muslim countries or regions.

Answer 392

A

Using two or more legal systems

Answer 393

A

is the act of willfully modifying information, programs, or documentation in an effort to commit fraud or disrupt production.

Answer 394

A

means an employee has more rights than necessary to complete her tasks.

Answer 395

A

deals with an individual’s conduct that violates government laws developed to protect the public.

Answer 396

A

wrongs committed against individuals or companies that result in injury or damages. Civil law does not use prison time as a
punishment, but usually requires financial restitution.

Answer 397

A

covers standards of performance or conduct expected by government agencies from companies, industries, and certain
officials.

Answer 398

A

grants ownership and enables that owner to legally enforce his rights to exclude others from using the invention covered by the patent.

Answer 399

A

protects the expression of ideas rather than the ideas themselves.

Answer 400

A

protect words, names, product shapes, symbols, colors, or a combination of these used to identify products or a company. These items are used to distinguish products from the competitors’ products.

Answer 401

A

are deemed proprietary to a company and often include information that provides a competitive edge. The information is protected as long as the owner takes the necessary protective actions.

Answer 402

A

jurisdiction problems for law enforcement and the courts.

Answer 403

A

dictate that data collected by government agencies must be collected fairly and lawfully, must be used only for the purpose for which they were collected, must only be held for a reasonable amount of time, and must be accurate and timely.

Answer 404

A

it is legal in their business sector and must inform all employees that they may be subjected to monitoring.

Answer 405

A

should be used to inform users of what could happen if they do not follow the rules pertaining to using company resources. This provides legal protection for the company.

Answer 406

A

unauthorized intrusion, unauthorized alteration or destruction, and using
malicious code.

Answer 407

A

the newness of the types of crimes, the complexity involved, jurisdictional issues, and evidence collection. New laws are being written to properly deal with cybercrime.

Answer 408

A

it can be found to be negligent and legally liable for damages.

Answer 409

A

not fulfilling a legally recognized obligation,

failure to conform to a standard of care that results in injury or damage, and proximate causation.

Answer 410

A

the victims are not aware of the crime or are too embarrassed to let anyone else know.

Answer 411

A

intangible objects that can also be stolen or disclosed via technological means.

Answer 412

A

to ensure that it will be admissible in court by showing it was properly controlled and handled before being presented in court.

Answer 413

A

management, IT, legal, human resources, public relations, security, and other key areas of the organization.

Answer 414

A

is secondhand and usually not admissible in court.

Answer 415

A

made and collected in the normal course of business, not specially generated for a case in court.
Business records can easily be hearsay if there is no firsthand proof of their
accuracy and reliability.

Answer 416

A

the identification and collection of the
evidence, and its storage, preservation, transportation, presentation in court,
and return to the owner.

Answer 417

A

the motive, opportunity, and means (MOM).

Answer 418

A

relevant, sufficient, and reliable.

Answer 419

A

it was seized legally and the chain of custody was not broken.

Answer 420

A

In many jurisdictions, law enforcement agencies must obtain a warrant to
search and seize an individual’s property, as stated in the Fourth Amendment.
Private citizens are not required to protect the Fourth Amendment rights of
others unless acting as a police agent.

Answer 421

A

is the act of luring an intruder and is legal.

Answer 422

A

induces a crime, tricks a person, and is illegal.

Answer 423

A

is executed by carrying out smaller crimes with the hope that the larger crime will not be noticed. The common salami attack is the act of skimming off a small amount of money.

Answer 424

A

make a bit mirror

image copy of the storage media

Answer 425

A

go directly to a secure state.

Answer 426

A

the software that controls the access restrictions, data integrity, redundancy, and the different types of manipulation available for a database.

Answer 427

A

In relational database terminology, a database row

Answer 428

A

how a specific row is located from other parts of the database.

Answer 429

A

is an access control mechanism used in databases to ensure that only authorized subjects can access sensitive information.

Answer 430

A

uses two-dimensional tables with rows (tuples) and columns (attributes).

Answer 431

A

uses a tree-like structure to define relationships between data elements, using a parent/child relationship.

Answer 432

A

a data definition language (DDL), a data manipulation language (DML), a query language (QL), and a report generator.

Answer 433

A

a central repository that describes the data elements within a database and their relationships. A data dictionary contains data about a database, which is called metadata.

Answer 434

A

provided by concurrency mechanisms. One concurrency control is locking, which prevents users from accessing and modifying data being used by someone else.

Answer 435

A

makes sure that a row, or tuple, is uniquely identified by a primary key, and referential integrity ensures that every foreign key refers to an existing primary key.

Answer 436

A

cancels changes and returns the database to its previous state. This
takes place if there is a problem during a transaction.

Answer 437

A

terminates a transaction and saves all changes to the database.

Answer 438

A

is used if there is a system failure or problem during a transaction. The user is then returned to the state of the last checkpoint.

Answer 439

A

can happen if a user does not have access to a group of elements, but has access to some of the individual elements within the group.
Aggregation happens if the user combines the information of these individual
elements and figures out the information of the group of data elements, which
is at a higher sensitivity level.

Answer 440

A

is the capability to derive information that is not explicitly available.

Answer 441

A

partitioning the database, cell suppression, and adding noise to the database.

Answer 442

A

The process of allowing a table to have multiple rows with the same primary key. The different instances can be distinguished by their security levels or classifications.

Answer 443

A

is when different objects are given the same input and react differently.

Answer 444

A

inference and aggregation.

Answer 445

A

combines data from multiple databases and data sources.

Answer 446

A

is the process of massaging data held within a data warehouse to provide more useful information to users.

Answer 447

A

metadata, which can contain previously unseen relationships and patterns.

Answer 448

A

the added cost, time, and effort and the lack of functionality.

Answer 449

A

project initiation
functional design
analysis and planning
system design specifications
software development
installation
operations and maintenance
disposal in some form or fashion

Answer 450

A

at the beginning of a project

and continue throughout the lifetime of the product.

Answer 451

A

No. A programmer should not have direct access to code in production. This is an
example of separation of duties.

Answer 452

A

deals with testing and assessing the security mechanism in a system, while accreditation pertains to management formally accepting the system and its associated risk.

Answer 453

A

needs to be put in place at the beginning of a project and must be enforced through each phase.

Answer 454

A

authorized, tested, and recorded. The changes must not affect the security level of the system or its capability to enforce the security policy.

Answer 455

A

a software development method that follows a cyclic approach to software development.

Answer 456

A

a software development method that is a classical method using discrete phases of development that require formal reviews and documentation before moving into the next phase of the project.

Answer 457

A

a software development method that is a method that builds upon the waterfall method with an emphasis on risk analysis, prototypes, and simulations at different phases of the development cycle. This method periodically revisits previous stages to update and verify design requirements.

Answer 458

A

a comprehensive analysis technique that tests programs under artificially created attack scenarios.

Answer 459

A

are translated into machine languages for

the system and its processor to understand.

Answer 460

A

is translated into machine code, or object code, by compilers, assemblers, and interpreters.

Answer 461

A

modularity, reusability, and more granular control within the programs themselves.

Answer 462

A

members, or instances, of classes. The classes dictate the objects’ data types, structure, and acceptable actions.

Answer 463

A

communicate with each other through messages.

Answer 464

A

functionality that an object can carry out.

Answer 465

A

are hidden from other objects, which

is referred to as data hiding. Each object encapsulates its data and processes.

Answer 466

A

they use standard interfaces.

Answer 467

A

represents a real-world problem and modularizes the problem into cooperating objects that work together to solve the problem.

Answer 468

A

an object does not require much interaction with other modules

Answer 469

A

enables objects to be as independent and

modular as possible; therefore, the higher the cohesion and the lower the coupling, the better.

Answer 470

A

manages communications between objects

and enables them to interact in a heterogeneous and distributed environment.

Answer 471

A

provides a standardized way for objects within different applications, platforms, and
environments to communicate. It accomplishes this by providing standards
for interfaces between objects.

Answer 472

A

provides an architecture for components to

interact on a local system.

Answer 473

A

uses the same interfaces as COM, but enables components to interact over a distributed, or networked, environment.

Answer 474

A

enables several different applications to
communicate with several different types of databases by calling the required
driver and passing data through that driver.

Answer 475

A

enables a program to call another program (linking) and permits a piece of data to be inserted inside another program or document (embedding).

Answer 476

A

enables applications to work in a client/server model by providing the interprocess communication (IPC) mechanism.

Answer 477

A

provides much of the same functionality as DCOM, which enables different objects to communicate in a networked environment.

Answer 478

A

keep track of different subjects, objects, and resources.

Answer 479

A

uses a knowledge base full of facts, rules of thumb, and expert advice. It also has an inference machine that matches facts against patterns and determines which rules are to be applied.

Answer 480

A

mimic human reasoning and replace human experts.

Answer 481

A

inference engine processing, automatic logical processing, and general methods of searching for problem solutions.

Answer 482

A

attempt to mimic a brain by using units
that react like neurons
ANNs can learn from experiences and can match patterns that regular programs and systems cannot.

Answer 483

A

sandbox so the applet is restricted from accessing the user’s hard drive or system resources. Programmers have figured out how to write applets that escape the sandbox.

Answer 484

A

uses a security scheme that includes digital signatures. The browser
security settings determine how ActiveX controls are dealt with.

Answer 485

A

allows programs created with different programming languages and running on different operating systems to interact without compatibility issues.

Answer 486

A

an application that requires a host application for replication.

Answer 487

A

languages used to develop macros are

easy to use and they infect Office products, which are everywhere.

Answer 488

A

overwrites data in the boot sector and can contain the rest of the virus in a sector it marks as “bad.”

Answer 489

A

hides its tracks and its actions.

Answer 490

A

tries to escape detection by making copies of itself and modifying the code and attributes of those copies.

Answer 491

A

can have one part of the virus in the boot sector and another part of the virus on the hard drive.

Answer 492

A

tries to escape detection by changing, or garbling, its own code.

Answer 493

A

does not require a host application to replicate.

Answer 494

A

executes a program when a predefined event takes place, or a date and time are met.

Answer 495

A

is a program that performs useful functionality and malicious functionally without the user knowing it.

Answer 496

A

Smurf and Fraggle

Answer 497

A

physical access controls to limit access to authorized personnel only.

Answer 498

A

involves the verification that supporting documentation requirements are met.

Answer 499

A

ensures that an asset is operating within accepted standards.

Answer 500

A

monitored and protected from unauthorized

modification.

Answer 501

A

lack of training or issues resulting from a poorly designed system.

Answer 502

A

a need to know.

Answer 503

A

should be implemented to establish a baseline of user activity and acceptable errors.

Answer 504

A

should be in place so that if fraud

takes place, it requires collusion.

Answer 505

A

more restrictive controls put upon their accounts.

Answer 506

A

should be limited to authorized personnel, should be audited for compliance to stated policies

Answer 507

A

should be put in place so changes are approved, documented, tested, and properly implemented.

Answer 508

A

requesting a change, approving a change, documenting a change, testing a change, implementing a change, and reporting to management.

Answer 509

A

Systems should not allow their bootup sequences to be altered in a way that
could bypass operating system security mechanisms.

Answer 510

A

background investigations, references,

experience, and education claims checked out.

Answer 511

A

should be updated on a continual basis.

Answer 512

A

zeroization, degaussing, or media destruction.

Answer 513

A

involves protecting a system from inception to development to operation to removal.

Answer 514

A

resource protection, change control, hardware and software controls, trusted system recovery, separation of duties, and least privilege.

Answer 515

A

ensures that users, administrators, and others accessing a system have access only to the objects they absolutely require to complete their job.

Answer 516

A

should be done on a regular basis to identify new vulnerabilities.

Answer 517

A

any unusual or unexplained occurrences, unscheduled initial program loads, and deviations from standards.

Answer 518

A

the proper startup and shutdown sequence, error handling, and restoration procedures.

Answer 519

A

involves sending malformed fragmented packets to a vulnerable system.

Answer 520

A

allow for mail servers to be used to forward spam messages.

Answer 521

A

involves an attacker sending false messages to a victim in the hopes that the victim will provide personal information that can be used to steal their identity.

Answer 522

A

occurs when an attacker looks for sensitive information without knowing what format it is in.

Answer 523

A

encrypts all fax data leaving a fax server.

Answer 524

A

system reboot, emergency system restart, and system cold start.

Answer 525

A

is to protect resources.

Answer 526

A

disclosure, theft, corruption, interruption, and destruction.

Answer 527

A

involves balancing the necessary level of security with ease of use, compliance, and cost constraints.

Brainscape's Knowledge GenomeTM

CISSP Quick Tips Flashcards

Brainscape's Knowledge Genome^TM