Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CISSP > Domain 4 simple > Flashcards

Domain 4 simple Flashcards

1
Q

Internet Key Exchange uses diffie-hellman style of negotiation Use public key certificates

A

IKE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

IP Security

A

IPSec

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

UDP port 500

A

Which Port is IPSEC on

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Tunnel is created and is the “production channel”

A

Phase 2 of IPSec

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

old combined fields 3,4 and payload

A

What gets hashed in ESP Auth

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Negotiation of tunnel

A

Phase 1 of IPsec

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Security Parameter Index (SPI) is an identification tag added to the header while using IPsec for tunneling the IP traffic

A

Define SPI in IPSec

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Layer 2 tunneling protocol

A

L2TP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Layer 3

A

what layer does IPSec operate on

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Encapsulating Security Payload

A

ESP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

There could be duplicate IPs

A

When Combining two systems on a network with IPSec the risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Request for Comment 1918 (RFC 1918), “Address Allocation for Private Internets,”

A

Define RFC 1918

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Maximum Transmission Units

A

MTU

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Point-to-point tunneling protocol

A

PPTP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Contains info showing which security association to ue and the packet sequence number

A

ESP Header

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Multi-protocol label switching

A

MPLS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Multiprotocol Label Switching (MPLS) is a routing technique in telecommunications networks that directs data from one node to the next based on short path labels rather than long network addresses

A

Define MPLS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Contains the encrypted part of the packet. If the encryption to use when the security association is establsihed

A

ESP Payload

19
Q

Internet security association key management protocol

A

ISAKMP

20
Q

Bi Directional. RFC 2048

A

Characteristics of ISAKMP

21
Q

May include padding (filler bytes) if requires by the encryption ALGO or to align fields

A

ESP Trailer

22
Q

This field contains the integrity check (hash) of the ESP packet.

A

Authentication field (ESP Auth)

23
Q
  1. Sender created segment with port address set to 5002. sender sends segment to device that is set to create and ipsec tunnel if “interesting traffic” shows up3. interesting traffic arrives at device, device looks at layer 3 header and figures out where its going to tunnel to4. device invokes ISAKMP and builds bi-directional tunnel5. If key pairs, uses diffie hellmen called ISAKMP-Oakily6. Security Parameter Index appears on each device7. Enter Phase 2, creates permanent tunnel8. Data is then passed between phase 2 tunnel
A

Steps of IPSec

24
Q

Replaced SAS 70Auditing Standard. Replaced by SSAE18

A

SSAE 16

25
Q

Newer version of SSAE 16Scope is to look for control gaps referred to as a “finding”

A

SSAE 18

26
Q

AT 801 applies to examination engagements to report on controls at organizations that provide services to user entities when those controls are likely to be relevant to user entities’ internal control over financial reporting.

A

AT 801

27
Q

Global Standard of Auditing

A

ISAE 3402

28
Q

Audits a Point in time. Checks on that the process of what you are currently doing (snap shot) ( present time only)

A

Auditing type 1

29
Q

Audits a period of time. Checks on historical business operations. Most in depth and covers a period of time (ex. past 10 years)

A

Auditing type 2

30
Q

Qualified Report - A qualified report is one in which the auditor concludes that most matters have been dealt with adequately, except for a few issues. An auditor’s report is qualified when there is either a limitation of scope in the auditor’s work, or when there is a disagreement with management regarding application, acceptability or adequacy of accounting policies. For auditors an issue must be material or financially worth consideration to qualify a report. The issue should not be pervasive, that is, the issue should not misrepresent the factual financial position.Unqualified Report - In an unqualified report, the auditors conclude that the financial statements of your business present fairly its affairs in all material aspects. The opinion embodies the assumptions that your business observed compliance with generally accepted accounting principles and statutory requirements. Also known as a clean report, such a report implies that any changes in the accounting policies, their application and effects, are adequately determined and divulged.

A

Auditing Word Pair

31
Q

Type 1. “report on the fairness of the presentation of management’s description of the service organization’s system and the suitability of the design of the controls to achieve the related control objectives included in the description as of a specified date.Type 2: report on the fairness of the presentation of management’s description of the service organization’s system and the suitability of the design and operating effectiveness of the controls to achieve the related control objectives included in the description throughout a specified period”

A

SAS 70 (old) consists of two types of audits

32
Q

Requirements describe system, control objective, finances

A

SOC 1

33
Q

cyber security needs

A

SOC 2

34
Q

systrust, webtrust, trust services (smaller in effort, cost, and size)

A

SOC 3

35
Q

Service Organization Control

A

SOC

36
Q

True

A

Only SOC 2/3 have type 1 and type 2 Audits

37
Q

SOC 2, Technology, Type 2 (most in depth and shows historical process)

A

gold standard of Auditing is

38
Q

unqualified

A

Which type of Auditing report do you desire to get

39
Q

unqualified

A

Which type of Auditing report do you desire to get

40
Q

True

A

high trust audit, PCI audits are not included in SOC audits

41
Q

True

A

high trust audit, PCI audits are not included in SOC audits

42
Q
  1. RFP (request for Proposal)2. Response (bids)3. Negotiate Contract (terms, and terms of disposal and decommission)4. Statement of work (what you can, cannot do, will, will not do) signing “as is” statement5. Follow on - routine maintenance, updates, improvements, patches to software6. disposal and decommission
A

Steps of planning phase

43
Q

This is the “as is” signing.Any issues or bugs found before this point will be paid for by developer (contracted company)Any issues or bugs found after this point will be paid for by the customer company

A

Importance of signing statement of work

44
Q

Software Development Lifecycle

A

SDLC

CISSP (13 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions