Domain 1 and Test Sudy 1 Flashcards
What are the three levels/types of authentication?
Type 1 - Something you know
Type 2 - Something you have
Type 3 - Something you are
What contract is based upon connecting disparate business networks together?
ISA
Interconnect service agreement.
Which authentication protocol is deprecated because of vulnerabilities?
LEAP
What is the Defined step in CMMI?
Processes characterized for the organization and is proactive.
What part of an SDN is responsible for the routing of data?
Control plane.
What part of an SDN determines how to handle incoming packets?
Data plane.
When discussing platforms, what is SoC?
System on a chip, a sophisticated, embedded system.
What are some regulatory standards?
GDPR, HIPAA, GLBA, SOX, PIPEDA, COPPA, FISMA
What are two advantages of high level programming languages?
Human readable syntax and it is easier to enforce coding standards because there is a specific order to that syntax.
What is PEAP?
A Microsoft favored package protected by TLS
Describe trademark
Trademark is the exclusive right to use symbols, words, colors, etc.
In contracts what is an OLA?
Operating level agreement. This defines the interdependent relationships in support of an SLA. Describes the responsibilities of each support group towards other support groups, and includes timeframes.
What CMMI level focuses on continuous process improvement?
Optimizing
What attack allowed Linux OS command injection?
Shellshock.
What is Initial in CMMI?
Processes are inconsistent, not organized, reactive, poorly managed.
What are the common tenets of privacy law?
NPSLARSD Notification Participation Scope Limitation Accuracy Retention Security Dissemniation
or DRSSLAPN Dissemination Retention Scope Security Limitation Accuracy Participation Notificiation
What is SASL?
Simple authentication and securtiy layer, a directory access protocol that can implement a wide variety of authentication methods.
Which authentication protocol uses a secure tunnel but does not distribute certificates?
EAP-TTLS
What are four industry standards?
ISO, CSA Star, Uptime Institute, SSAE 16
What are STRIDE, VAST, OCTAVE, and Trike?
Threat modeling techniques.
What are three main tenets of Clark-Wilson?
Prevent unauthorized users form making changes, prevent authorized users from making improper changes, and maintaining consistency.
What is Optimizing in CMMI?
Focus on continuous process improvement.
What CMMI level are processes characterized for the organization and is proactive?
Defined.
What CMMI level are processes measured and controlled?
Quantitatively managed.
What is MAD
Maximum allowable downtime - the maximum time until the business is non viable. Also known as MTD
What is an XML based protocol that can provision services and user accounts?
SPML
What is unit testing?
A method by which small, individual units and components are verified.
What is the difference between US Code and Code of Regulations?
Code of regulations is administrative law, where US Code are laws enacted by congress. Code of regulations are based on US Code.
Which directory access can implement a wide variety of authentication methods?
SASL
Simple authentication and security layer
What CMMI level is inconsistent processes, not organized, reactive, and poorly managed?
Initial
What is a fuzzing tool that offers both dumb and intelligent techniques?
Peach Fuzzer
What is EAP-FAST?
LEAP successor using a protected tunnel by Cisco.
What is Heartbleed?
An attack on OpenSSL that allows for the reading of memory.
What is scoping in risk management?
Selecting controls that are applicable to a given asset.
What is an embedded system that is quite sophisticated?
SoC or System on a Chip
What is the difference in cohesion and coupling?
Cohesion refers to methods that are similar and belong together. Coupling refers to the degree to which methods are dependent on other methods or modules.
In contracts, what is an MSA?
Master services agreement. An agreement that will govern future transactions.
Which IP protection is best for a new logo?
Trademark
What is a CPU level vulnerability that let an application read outside of its protected area?
Meltdown
What is an attack against SSLv3 that allows an attacker to decrypt traffic in flight?
POODLE
Which biometric type is not considered very accurate, regardless of health?
Hand Geometry
What is assessing in risk management?
Verifying that controls are functional.
What CMMI level are processes focused on basic project management and reactive?
Managed or Repeatable
What is CPE?
Common platform enumeration.
What type of contract deals with future transactions?
MSA
Master services agreement
Which IP protection is best for a new idea?
Patent
What is the P12 certificate format?
PKCS 12 or P12 can contain both public and private keys as a single, encrypted file.
What is something may exploit a vulnerability and creates risk?
A threat.
Which IP protection is best for creative works?
Copyright
In contracts, what is an ISA?
Interconnection services agreement. A business contract between organizations for the purpose of interconnecting their networks.
What describes timeframe for delivery of services among support groups?
OLA
Operating level agreement.
What is EAP-TTLS?
EAP Tunnled TLS, doesn’t require signed certificates.
What is the CMMI?
Capability Maturity Model Integration
What is EAP-TLS?
EAP for requiring client side certificates and assumes users will reject untrusted certificates.
What are the parts of an SDN?
Control plane and data plane. Control plane relates to the networking components responsible for routing of data, data plane is the component that determines how to forward or process inbound packets.
What is NIST 800-137
Continuous Security Monitoring
What are the two CISCO created authentication protocols?
LEAP, EAP-FAST
What is Meltdown?
A CPU level vulnerability that allowed one application to read outside of its protected area to others.
What is SPML?
Services provision markup langauge, an XML based protocol capable of provisioning services.
What network type is defined via code instead of hardware?
SDN
Software defined network.
In contracts what is an MOU?
A nonbinding agreement between two or several parties that expresses a common line of action but does not imply a legal commitment, a form of a gentleman’s agreement.
What is a certificate format to store both public and private keys as a single file?
PKCS 12 or P12
What is a Microsoft favored credential package that is protected by TLS?
PEAP
What is Managed or Repeatable in CMMI?
Processes are focused on basic project management and still reactive.
What is adherence to a mandate?
Compliance
What is an attack that allows for the reading of memory?
Heartbleed
What is ShellShock?
A Linux attack that would allow OS command injection?
What is an area of storage not fully used by a file?
Cluster tip
What is Categorizing in risk management?
Describing, examining, and identifying a system. It is also assining a security role.
Which authentication protocol uses certificate exchanges to secure credentials?
EAP-TLS
Describe patents.
Patents protect new, original ideas or inventions.
What is a vulnerability?
Something that could be exploited
What type of contract is nonbinding and expresses a common line of action between two or more groups?
MOU
Memorandum of understanding
What is the smallest possible part of software testing?
Unit testing
What are the parts of STRIDE, and who made it?
Microsoft made it, Spoofing identity Tampering with data Repudiation Information Disclosure DOS Elevation of privelege
Which authentication protocol encapsulates credentials inside a TLS envelope?
PEAP
What is SLA and what does it mean?
Service Level Agreement
Defines the minimum requirements.
What is Tailoring in risk management?
Customizing selected controls to meet specific needs.
What is an SDN?
Software defined Network - network connections are defined through code.
What is the term for acting on a vulnerability?
Exploit
What is the POODLE attack?
An attack against SSLv3 decrypting traffic in flight.
What is VAST?
Visual agile and simple threat modeling that promotes its use across the entire infrastructure.
What is the term for how an organization is managed?
Governance
What is a standards based system and software inventory system?
CPE
What is a cluster tip?
An area not fully utilized by a file, often used for stegonography
In contracts, what is an MOA?
Memorandum of agreement, describes a cooperative relationship to work on a project together.
What are the traits that DRM should have?
ICPDA Interoperability Continous audit trail Persistency Dynamic Policy Control Automatic Expiration
What is Quantitatively Managed in CMMI?
Processes are measured and controlled.
What is LEAP
Cisco made authentication protocol, it is deprecated because of vulnerabilities.
What is Selecting in risk management?
Identifying controls that apply to your assets.
Describe copyright.
Copyright protects the representation of ideas, creative works.
What type of contract deals with cooperatively working on a project?
MOA
Memorandum of understanding.
What is the NIST standard for continuous monitoring?
NIST 800-137
