Domain 3: Security Engineering

Question 1

Ceaser Cipher

Answer 1

substitution cipher, shift 3 letters to the right

Question 2

Four Fundamental Goals of Cryptography

Answer 2

Confidentiality, Integrity, Authentication, Nonrepudiation

Question 3

Key space

Answer 3

defined by bit size. a 128 bit key has a value from 0 to 2^128

Question 4

The Kerchoff Principle

Answer 4

a cryptographic system should be secure even if everything about the system, except the key, is public knowledge

Question 5

Cryptovariables

Answer 5

cryptographic keys

Question 6

Crptography

Answer 6

the art of creating and implementing secret codes and ciphers

Question 7

Cryptanalysis

Answer 7

the study of methods to defeat codes and ciphers

Question 8

Cryptology

Answer 8

Cryptography + Cryptanalysis

Question 9

Boolean mathematics

Answer 9

defines rules used for bits and bytes

Question 10

modulo function

Answer 10

remainder after division

Question 11

One- way function

Answer 11

operation that easily produces output values for each possible combinations of input but makes it impossible to reverse engineer

Question 12

Nonce

Answer 12

random number that acts as a placeholder variable, must be random and used one time only ex: Initialization Vector

Question 13

IV

Answer 13

Initialization Vector - a random bit string as long as the block that is XORed with the message

Question 14

Zero-knowledge proof

Answer 14

The magic door - watch someone go in one entrance and come back before buying their password

Question 15

Work function

Answer 15

time and effort required to perform a complete brute-force attack, directly proportional to the security and protection of the crytosystem

Question 16

Difference between Codes and Ciphers

Answer 16

codes are not meant to provide confidentiality

Question 17

Transposition Ciphers

Answer 17

rearrange the letters of the plaintext

Question 18

Substitution Cipher

Answer 18

replace each bit of plaintext with a different character

Question 19

Ceaser Cipher encryption function

Answer 19

C = (P+3) mode 26

Question 20

Vigenere Cipher

Answer 20

polyalphabetic - alphabet written 26 times

Question 21

Period Analysis

Answer 21

examination of frequency based on the repeated use of the key

Question 22

One-Time Pads

Answer 22

substitution cipher, use a different substitution alphabet for each letter

Question 23

One-Time Pad encryption function

Answer 23

C = (P+K) mod 26, K = key

Question 24

One-Time Pad Security Requirements (4)

Answer 24

Random, used once, physically protected, as long as the message

Question 25

Running Key or Book Cipher

Answer 25

key is as long as the message itself and is often from a book

Question 26

Block Ciphers

Answer 26

operate on chunks of messages

Question 27

Steam Cipher

Answer 27

act on on bit at a time

Question 28

Confusion

Answer 28

relationship btwn plaintext and ciphertext is so complicated that an attacker can’t determine the key

Question 29

Diffusion

Answer 29

a change in the plaintext results in multiple changes spread through the ciphertext

Question 30

Symmetric Key Algorithm Pros and Cons

Answer 30

Pro - Very Fast, used for bulk encryption

Cons - key distribution, does not implement non repudiation, not scalable, keys must be regenerated often

Question 31

Symmetric Key Algorithm

Answer 31

relies on a shared key given to all members used to encrypt and decrypt, aka secret key and private key

Question 32

Asymmetic Key Algorithm

Answer 32

public key, each user has a public and private key, receivers public key encrypts, receivers private key decrypts, also digital signature tech

Question 33

Asymmetic Key Algorithm Pros and Cons

Answer 33

Pros - adding new users only requires 1 public-private key pair, easier to remove users, less key regeneration, provides integrity, authentication, nonrepudiation, key distribution is easy, no preexisting relationship is necessary
Cons - speed

Question 34

Which key algorithm?
Single shared key vs key pair
Confidentiality, Integrity, Nonrepudiation, authentication vs Confidentidality
Slow vs Fast
Non Scalable vs Scalable
In-Band vs Out of band exchange
Bulk encyrption vs small blocks of data

Answer 34

Symmetic = Single shared key, Confidentidality, Fast, Non Scalable, Out of band exchange, Bulk encyrption
Asymmetric = Key pair, Confidentiality, Integrity, Nonrepudiation, authentication, Slow, Scalable, In-Band, Small blocks of data

Question 35

Message Digest

Answer 35

Summary of a messages content produced by hashing

Question 36

Hashing provides ____

Answer 36

Integrity

Question 37

DES

Answer 37

Data Encryption Standard - no longer secure, 64 bit block cipher with 5 modes of operation, key is 56 bits, uses 16 rounds of XOR operations to generate ciphertext

Question 38

Symmetric Standards

Answer 38

DES, 3DES, IDEA, Blwofish, Skipjack, AES

Question 39

DES Modes of Operation

Answer 39

Cipher Block Chaining Mode, Cipher Feedback Mode, Output Feedback Mode, Counter Mode, Electronic Codebook Mode

Question 40

ECB

Answer 40

Electronic Codebook mode - least secure, simply encrypts block with same key, enemy could build a code book

Question 41

CBC

Answer 41

Cipher Block Chaining Mode - each block is XORed with the ciphertext block proceeding it before encyrption, IV

Question 42

CFB

Answer 42

Cipher Feedback Mode - streaming cipher version of CBC, real time operation, IV and chaining

Question 43

OFB

Answer 43

Output Feedback Mode - same as CFB but XORs with a seed value, no chaining, uses previous seed value to determine next

Question 44

CTR

Answer 44

Counter Mode - stream cipher, uses a counter for XOR operation

Question 45

3DES

Answer 45

Triple DES - adapted version of DES

Question 46

3DES Versions

Answer 46

DES - EEE3 = 168 bit key length
DES - EDE3 = 168 bit key length
DES - EEE2 = 112 bit key length
DES - EDE2 = 112 bit key length

Question 47

DES-EEE3

Answer 47

encrypts plaintext 3 times using 3 different keys,

C= E (K1, E (K2, E (K3,P)))

Question 48

DES-EDE3

Answer 48

C= E (K1, D (K2, E (K3,P)))

Question 49

DES-EEE2

Answer 49

C= E (K1, E (K2, E (K1,P)))

Question 50

DES-EDE2

Answer 50

C= E (K1, E (K2, E (K1,P)))

Question 51

IDEA

Answer 51

International Data Encryption Algorithm = 64-bit block with 128 bit key, uses 52 16-bit subkeys, open to all, in PGP, same modes as DES

Question 52

Blowfish

Answer 52

64 bit blocks of text, allows use of variable length keys ranging from 32 to 448 bits

Question 53

Skipjack

Answer 53

64 bit block, supports escrow of encryption keys

Question 54

AES

Answer 54

Advanced Encryption Standard - 3 key strengths, 128 bit (10 round of encryption), 192 bit (12 rounds), 256 bit (14 rounds). Processes 128 bit blocks

Question 55

Block Size and Key Size:
AES
Rijndael
Blowfish
DES
IDEA
RC2
RC4
RC5
Skipjack
3DES
Twofish

Answer 55

Block size and key size
AES = 128 bit block, 128, 192 or 256 bit key
Rijndael = Variable block, 128, 192 or 256 bit key 
Blowfish = 64 bit block, 32-338 bit key
DES = 64 bit block, 56 bit key
IDEA = 64 bit block, 128 bit key
RC2 = 64 bit block, 128 bit
RC4 = Streaming, 128 bit
RC5 = 32, 64 or 128 bit block, 0-2040 bit key
Skipjack = 64 bit block, 80 bit key
3DES = 64 bit block, 112 or 168 bit key
Twofish = 123 bit, 256 bit key

Question 56

Three Main methods to distribute Symmetric Keys

Answer 56

Offline distribution, Public key encryption, Diffie-Hellmen Key exchange

Question 57

Fair Crytosystems Key Escrow

Answer 57

key is divided into two or more pieces and given to independent third parties

Question 58

Escrow Encryption Standard Key Escro

Answer 58

provides gov’t with technical means to decrypt ciphertext

Question 59

RSA

Answer 59

Most famous asymmetric algorithm - depends on the difficulty of factoring large prime numbers, key length of 1088 bits

Question 60

El Gamal

Answer 60

asymmetric encryption, doubles the length of any message it encrypts

Question 61

Asymmetric Key Algorithms

Answer 61

RSA, El Gamal, Elliptic Curve

Question 62

Elliptic Curve

Answer 62

more difficult to solve, only 160 bit kit equivalent to 1088 RSA key. Good for small devices with less processing power

Question 63

Hash Functions

Answer 63

take a long message and generate a unique output known as the message digest

Question 64

5 Requirements for a Cryptographic Hash Function

Answer 64

1. Input can be any length
2. Output has a fixed length
3. Hash Function in relatively easy to compute
4. Hash Function is one-way
5. Hash Function is collision free

Question 65

SHA

Answer 65

Secure Hashing Algorithm, SHA 2 is the most secure
SHA-1 = 512 bit blocks, 160 bit message digest
SHA-256 = 512 bit blocks, 256 bit message digest
SHA-224 = 512 bit blocks, 224 bit message digest
SHA-512 = 1024 bit blocks, 512 bit message digest
SHA-382 = 1024 but blocks, 834 bit message digest

Question 66

MD2

Answer 66

no longer used, 128 bit message digest

Question 67

MD4

Answer 67

message padded to be 64 bits smaller than 512 bit multiple, 3 rounds of computation, 128 bit message digest, no longer used

Question 68

MD5

Answer 68

512 bit blocks, same padding as MD4, reduce the speed, no longer secure, 128 bit message digest

Question 69

Goals of Digital Signatures

Answer 69

Nonrepudiation and Integrity and Authentication

Question 70

How to Digitally sign

Answer 70

Alice hashes plaintext, encrypt message digest using her private key (this is the digital signature), Append signed message digest to plaintext message, Send to Bob, Bob decrypts digital signature using Alice’s Public Key, Bob hases the plaintext message, Bob compares the decrypted message digest to his message digest

Question 71

HMAC

Answer 71

Hashed Message Authentication Code implements a partial digital signature, integrity but not non repudiation

Question 72

DSS

Answer 72

Digital Signature Standard - by NIST, aka FIPS 186-4

Question 73

Certificates

Answer 73

provide communicating parties with the assurance that the people they are communicating with are who they claim to be - endorsed copies of an individuals public key

Question 74

Certificate Authority

Answer 74

neutral organization which offer notarization services for digital certificates

Question 75

Enrollment

Answer 75

the process of proving your identity to the CA to obtain a certificate

Question 76

CRL

Answer 76

certificate revocation list

Question 77

OCSP

Answer 77

Online Certificate Status Protocol - eliminates latency of CRL

Question 78

Asymmetric Key Management

Answer 78

Choose encryption system wisely, select keys wisely, keep your private key secret, retire old keys, back up your key

Question 79

If your email needs confidentiality, _________

Answer 79

encrypt the message

Question 80

If your email needs integrity, ___________

Answer 80

hash the message

Question 81

If your email needs authentication, integrity, and/or nonrepudiation

Answer 81

digitally sign the message

Question 82

If your email needs confidentiality, integrity, authentication, and nonrepudiation

Answer 82

encrypt and digitally sign the message

Question 83

PGP

Answer 83

Pretty Good Privacy is a secure email system combining CA concept with web of trust

Question 84

S/MIME

Answer 84

Secure Multipurpose Internet Mail Extensions - de factor standard for encrypted email, uses RSA and X.509 certificates

Question 85

Steganography

Answer 85

embed secret messages within another message

Question 86

DRM

Answer 86

Digital Rights Management - uses encryption to enforce copyright restrictions on digital media

Question 87

Link Encryption

Answer 87

used to protect data in transit - protects entire communication circuits by creating a secure tunnel between two points, encrypts header info so you need to decrypt at points

Question 88

End to End Encryption

Answer 88

used to protect data in transit - protects comms between two parties, more susceptible to eavesdroppers, faster, does not encrypt header info, ex: TLS, Banking, VPN

Question 89

IPsec

Answer 89

provides a complete infrastructure for secured network communications

Question 90

IPsec AH

Answer 90

Authentication Header - provides assurances of message integrity and nonrepudiation

Question 91

IPsec ESP

Answer 91

Encapsulating Security Payload - provides confidentiality and integrity

Question 92

ISAKMP

Answer 92

Internet Security Association and Key Management Protocol - provides background security support services for IPsec by negotiating, establishing, modifying, and deleting SAs

Question 93

Two modes of IPsec

Answer 93

Transport mode - only packet is encrypted

Tunnel mode - entire packet is encrypted

Question 94

Security Association

Answer 94

created to set up IPsec, represents the communication session and records any config and status info about the session, need one SA for each direction of data flow

Question 95

WEP

Answer 95

Wired Equivalent Privacy - protect comms within wireless LAN, outdates

Question 96

WPA

Answer 96

WiFi Protected Access, improves on WEP by implementing Temporal Key Integrity Protocol, outdated

Question 97

WPA

Answer 97

adds AES cryptography

Question 98

Analytical Attack

Answer 98

algebraic manipulation that attempts to reduce the complexity of the algorithm

Question 99

Implementation Attack

Answer 99

exploits weaknesses in implementation, focus on sw code

Question 100

Statistical Attack

Answer 100

focuses on inability to produce totally random numbers

Question 101

Frequency Analysis and the Ciphertext Only Attack

Answer 101

uses known letter frequencies

Question 102

Known Plaintext Attack

Answer 102

Attacker has a copy of the plaintext and ciphertext

Question 103

Chosen Ciphertext

Answer 103

attacker has ability to decrypt chosen portion of the ciphertext

Question 104

Chosen Plaintext

Answer 104

attacker has the ability to encrypt plaintext messages

Question 105

Meet in the Middle Attack

Answer 105

attacker uses a known plaintext and encypts, decrypts equivalent ciphertext and finds which keys match up

Question 106

Man in the Middle Attack

Answer 106

attacker sits between two communication parties and intercepts communications

Question 107

Birthday attack

Answer 107

finds flaws in one to one nature of hasing

Question 108

Replay Attack

Answer 108

attacker intercepts message and later replays it to start a new session

Question 109

Confinement

Answer 109

allows a process to read from and write to only certain memory location and resources aka sandboxing

Question 110

Bounds

Answer 110

limits set on the memory addresses and resources it can access

Question 111

Isolation

Answer 111

a process is confined through enforcing access bounds

Question 112

Controls

Answer 112

uses access rules to limit the access of a subject to an object

Question 113

Trusted System

Answer 113

a system in which all protection mechanisms work together to process sensitive data for many types of users while maintaining a stable and secure computing environment

Question 114

Assurance

Answer 114

the degree of confidence in satisfaction of security needs

Question 115

Security Model

Answer 115

gives software designers something against which to measure their design and implementation

Question 116

Trusted Computing Base

Answer 116

a combination of hw, sw and controls that work together to enforce your security policy, provide methods to access resources inside and outside TCB

Question 117

Security Perimeter

Answer 117

an imaginary boundary that separated the TCB from the rest of the system, prevents insecure comms, need trusted paths for secure comms

Question 118

Reference Monitor

Answer 118

part of the TCB that validates access to every resource prior to granting access requests

Question 119

Security Kernel

Answer 119

collection of components in the TBC that work together to implement reference monitor functions

Question 120

State Machine Model

Answer 120

a system that is always secure no matter what state it is in

Question 121

Information Flow Model

Answer 121

designed to prevent unauthorized, insecure, or restricted information flow

Question 122

Noninterference Model

Answer 122

loosely based on information flow, concerned with how the actions of a subject at a higher security level affect the system state of the actions of a subject at a lower security level

Question 123

Take-Grant Model

Answer 123

shows how rights can be passed from one subject to another or from a subject to an object

Question 124

Access Control Matrix

Answer 124

table of subjects and objects that indicated the actions or functions that each subject can perform on each other

Question 125

Bell-LaPadula Model

Answer 125

No read up, No write down, enforced through DAC, confidentiality is upheld

Question 126

Biba Model

Answer 126

No read down, no write up, Integrity is up held

Question 127

Clark-Wilson Model

Answer 127

objects can only be accessed through an interface

Question 128

Brewer and Nash (Chinese Wall)

Answer 128

blocks conflicting data/access based on competition

Question 129

Goguen-Meseguer Model

Answer 129

subjects are allowed only to perform predetermined actions against predetermined objects

Question 130

Sutherland Model

Answer 130

prevents interference in support of integrity, defines states

Question 131

Graham-Denning Model

Answer 131

secure creation and deletion of both subjects and objects

Question 132

TCSEC or Rainbow Series

Answer 132

set of standards that attempted to specify minimum acceptable security criteria

Question 133

ITSEC

Answer 133

European Model, more focused on integrity and availability

Question 134

TCSEC Categories

Answer 134

A = Verified Protection (all phases of development are evaluated), B= Mandatory Protection (security labels, Bell La-Padula Model), C = Discretionary Protection (basic controls and complete documentation), D = Minimal Protection

Question 135

Red Book

Answer 135

TCSEC for networks

Question 136

Green Book

Answer 136

password creation and management guidelines

Question 137

Common Criteria

Answer 137

global effort to validate products,

Question 138

Structure of Common Criteria

Answer 138

Part 1: Intro and General Model
Part 2: Security Functionality Requirements
Part 3: Security Assurance

Question 139

CC Evaluation Assurance Levels (EAL 1- EAL 7)

Answer 139

EAL1 - Functionally Tested
EAL2 - Structurally Tested
EAL3 - Methodically Tested and Checked
EAL4 - Methodically Designed, Tested and Reviewed
EAL5 - Semi-formally Designed and Tested
EAL6 - Semi-formally Verified, Designed and Tested
EAL7 - Formally Verified, Designed, and Tested

Question 140

PCI-DSS

Answer 140

Payment Card Industry - Data Security Standard, requirements for improving security of electronic payment transactions

Question 141

ISO

Answer 141

International Organization of Standardization

Question 142

Certification

Answer 142

comprehensive evaluation of the technical and nontechnical security features of an IT system

Question 143

Accredidation

Answer 143

management reviews the certification information and decides if it meets the security needs of the org

Question 144

Virtualization

Answer 144

used to host one or more OSs within the memory of a single host computer

Question 145

TPM

Answer 145

Trusted Platform Module - store and process cryptographic keys for the process of hard drive encryption

Question 146

Fault Tolerance

Answer 146

ability of a system to suffer a fault but continue to operate

Question 147

Fault Tolerance is generally achieved through the use of _________

Answer 147

RAID

Question 148

Hardware

Answer 148

tangible part of the system

Question 149

Multitasking

Answer 149

handle two or more tasks at once (not truly multitasking)

Question 150

Multiprocessing

Answer 150

harnessing the power of more than one processor

Question 151

Multiprogramming

Answer 151

pseudosimultaneous execution of two tasks on a single processor, , special software, usually large scale systems

Question 152

Multithreading

Answer 152

multiple tasks performed in a single process (i.e. opening multiple word docs)

Question 153

Single State Systems

Answer 153

use policy mechanisms to manage different levels of info, handle one level at a time

Question 154

Multistate Systems

Answer 154

handle multiple security levels simultaneously

Question 155

Protection Rings

Answer 155

Ring 0- highest level of privilege, kernel/Memory
Ring 1 - Other OS Components
Ring 2 - Drivers, protocols
Ring 3 - User Level programs and apps

Question 156

Dedicated Security Mode

Answer 156

Valid Clearance, Access Approval, & Need to Know for all info

Question 157

Security Modes Need 2 things _____

Answer 157

MAC environment & physical control

Question 158

System High Security Mode

Answer 158

Valid Clearance & Access Approval for all info, Need to Know for some info

Question 159

Compartmented Security Mode

Answer 159

Valid Clearance and Need to Know for all info, access approval for any info

Question 160

Multilevel Security Mode

Answer 160

Not all users have clearance, access approval and need to know for all info

Question 161

ROM

Answer 161

Read Only Memory - has PROM, EPROM, Flash Memory

Question 162

RAM

Answer 162

Random Access Memory - readable and writable, volatile

Question 163

Registers

Answer 163

On board memory

Question 164

Secondary Memory

Answer 164

magnetic, optical or flash based media that contain data not immediately available to the CPU

Question 165

Memory Security Issues

Answer 165

data retention, controlling access, ability to get data off of chips

Question 166

Storage Media Security

Answer 166

Data remanence, sanitization issues, prone to theft

Question 167

Firmware

Answer 167

software that is stored in a ROM chip, BIOS and device firmware

Question 168

Applet

Answer 168

code objects sent from a server to a client to perform some action

Question 169

Java Applets

Answer 169

programs transmitted over the internet to perform operations on remote systems

Question 170

ActiveX Controls

Answer 170

proprietary Microsoft tech, no sandbox restrictions

Question 171

Aggregation

Answer 171

combine records from one or more tables to produce potentially useful info , combine low level info and can get higher level info

Question 172

Interference

Answer 172

use deductive capability to combine prices of nonsensitive data to get classified data

Question 173

Data Mining

Answer 173

comb through data warehouses and look for potentially correlated info

Question 174

Data Warehousing

Answer 174

large databases to store large amount of info

Question 175

Data Analytics

Answer 175

science of raw data examination with the focus of extracting useful info out of bulk info

Question 176

Cloud Computing

Answer 176

processing and storage are performed elsewhere over a network connection

Question 177

Platform as a Service

Answer 177

operating system as a cloud based service

Question 178

Software as a Service

Answer 178

Google Docs, Office 365

Question 179

Infrastructure as a Service

Answer 179

platform + computing services

Question 180

Grid Computing

Answer 180

groups of processors that work together to reach a specific goal

Question 181

P2P

Answer 181

networked app solutions that share tasks and workload

Question 182

ICS

Answer 182

Industrial Control System

Question 183

DCS

Answer 183

Distributed Control Systems - large scale environment from a single location

Question 184

PLC

Answer 184

Programmable Logic Controllers - single purpose digital computers

Question 185

SCADA

Answer 185

Supervisory Control and Data Acquisition - stand alone device or networked

Question 186

Application Control

Answer 186

device mgmt solution on mobile device that limits installation of apps

Question 187

Storage Segmentation

Answer 187

isolate the OS and preinstalled apps from user apps and data

Question 188

Asset Tracking

Answer 188

maintain oversight over an inventory

Question 189

MDM

Answer 189

Mobile Device Management - push or remove apps, manage data, config settings

Question 190

Ways to Secure Mobile Devices

Answer 190

MDM, Storage Segmentation, Asset Tracking, Disabling Unused Features, Remote Wiping, FDE, etc.

Question 191

Application Whitelisting

Answer 191

Implicit Deny

Question 192

BYOD Concerns

Answer 192

data ownership, support ownership, patch mgmt, AV mgmt, forensics, privacy, on-boarding/off-boarding, adherence to corporate policy, user acceptance, Infrastructure considerations, legal concerns, Acceptable Use Policy, Camera/Video

Question 193

Embedded Systems

Answer 193

a computer implemented as part of a larger system ex: smart TVs, HVAC controls, smart appliances, etc.

Question 194

Cyber-physical

Answer 194

any computational device that can cause a movement to occur

Question 195

Methods of Securing Embedded Devices

Answer 195

Network Segmentation, Security Layers, App Firewalls, Manual Updates, Firmware Version Control, Wrappers, Control Redundancy and Diversity

Question 196

Network Segmentation

Answer 196

controlling traffic among networked devices to isolate the static environment - VLANS, MAC Address, IP Addresses, TCP/UDP ports

Question 197

Layering

Answer 197

Protection Mechanism Used to separate functions based on security, only allow communications through specific interfaces

Question 198

Abstraction

Answer 198

object-oriented programming, “black-box” doctrine, don’t need to know the details of how the object works just how to use it

Question 199

Data Hiding

Answer 199

data existing at one level of security is not visible to processes running at different security levels

Question 200

Process Isolation

Answer 200

requires the operating system provide separate memory spaces for each process, prevents reading and writing to other processes

Question 201

Hardware Segmentation

Answer 201

similar to process isolation but enforces through physical access controls

Question 202

Principle of Least Privilege

Answer 202

run in user mode whenever possible

Question 203

Separation of Privilege

Answer 203

least privilege for admins

Question 204

Covert Channel

Answer 204

method used to pass info over a path not normally used for communication, best way to detect is to analyze audit logs

Question 205

Covert Timing Channel

Answer 205

alters system component performance or modifies a resources timing

Question 206

Covert Storage Channel

Answer 206

writes data to a common storage area where another process can read it

Question 207

Maintenance Hooks

Answer 207

entry points into a system known only by developer (back doors)

Question 208

Data diddling attack

Answer 208

attacker makes small, random, or incremental changes to data

Question 209

Salami Attack

Answer 209

stealing small amounts of money from accounts

Question 210

Time of Check

Answer 210

time at which the subject checks the status of the object

Question 211

Time of Use

Answer 211

time at which the procedure accesses the object

Question 212

TOCTTOU

Answer 212

Time of check to time of use- attacker replaces original object with another inbetween TOC and TOU

Question 213

Faraday Cage

Answer 213

enclosure that acts as an EM capacitor

Question 214

Critical Path Analysis

Answer 214

define necessary supporting elements for operations

Question 215

Technology Convergence

Answer 215

systems merge over time and perform similar or redundant

Question 216

A proper level of security must be planned and designed before __________

Answer 216

construction begins

Question 217

Administrative Physical Security Controls

Answer 217

facility construction, site management, awareness training, emergency response…

Question 218

Technical Physical Security Controls

Answer 218

access controls, CCTV, IDS, HVAC, etc.

Question 219

Physical Physical Security Controls

Answer 219

fencing, lighting, locks, dogs, guards, etc.

Question 220

Functional order of physical security control types

Answer 220

1. Deterrent
2. Denial
3. Detection
4. Delay

Question 221

MTTF

Answer 221

Mean time to failure - expected typical functional lifetime of the device

Question 222

MTTR

Answer 222

Mean Time to Repair - time to repair device

Question 223

MTBF

Answer 223

Mean time between failures - time between first and any subsequent failures

Question 224

Premises Wire Distribution Room

Answer 224

Wiring closet

Question 225

Server rooms should be located at the _____ of the building

Answer 225

Core

Question 226

Heartbeat Sensor

Answer 226

communication pathway is constantly or periodically checked

Question 227

TEMPEST Measures (3)

Answer 227

Faraday Cage, White Noise, Control Zone

Question 228

Control Zone

Answer 228

implementation of either a Faraday Cage or white noise generation or both to protect a specific area in a environment

Question 229

UPS

Answer 229

Uninterruptible Power Supply - self charging battery

Question 230

Fault

Answer 230

Momentary loss of power

Question 231

Blackout

Answer 231

complete loss of power

Question 232

Sag

Answer 232

Momentary Low voltage

Question 233

Brownout

Answer 233

Prolonged low voltage

Question 234

Spike

Answer 234

Momentary high voltage

Question 235

Surge

Answer 235

prolonged high votlage

Question 236

Inrush

Answer 236

initial surge of power usually associated with connecting to a power source

Question 237

Noise

Answer 237

steady interfering power disturbance or fluctuation

Question 238

Transient

Answer 238

short duration of line noise disturbance

Question 239

Clean

Answer 239

nonfluctuating power

Question 240

ANSI Power Standards for Brownout

Answer 240

allow for 8% drop in power btwn source and facility meter and 3.5% drop between the facility meter and wall outlet

Question 241

Temp and Humidity for rooms

Answer 241

60-70 degrees F, 40-60% humidity

Question 242

Abrupt system shutdown happens at ______ static volts

Answer 242

2000

Question 243

Destruction of data stored on hard drives happens at ____ static volts

Answer 243

1500

Question 244

Scrambling of monitor displays happens at ______ static volts

Answer 244

1000

Question 245

Destruction of sensitive circuits happens at ______ static volts

Answer 245

40

Question 246

Fire Extinguisher Classes

Answer 246

A: Common combustibles; Water, Soda Acid
B: Liquids; CO2, Halon, Soda Acid
C: Electrical; CO2, Halon
D: Metal: Dry Powder

Question 247

Wet Pipe System

Answer 247

always full of water, immediate discharge

Question 248

Dry Pipe System

Answer 248

contains compressed air, discharges water

Question 249

Deluge System

Answer 249

dry pipe, larger amount of water

Question 250

Preaction System

Answer 250

combination dry and wet pipe - most approriate to use

Question 251

What kind of cryptography does SSL/TLS use?

Answer 251

Hybrid but Asymmetric over Symmetric

Question 252

What kind of cyrptography does SSL/TLS use for data exchange?

Answer 252

Symmetric

Question 253

What kind of cyrptography does SSL/TLS use for key exchange?

Answer 253

Asymmetric

Question 254

What is the formula for symmetric cryptography?

Answer 254

[N*(N-1)]/2

Question 255

What is the formula for asymmetric cryptography?

Answer 255

2N

Question 256

Name the 6 testable asymmetric algorithms

Answer 256

RSA, DSA, ECC, El Gamal, Diffue Hellmen, Knapsack