Ij Flashcards
In the waterfall model which of the following evaluates a given product against the specifications written for the product
Verification
Verification evaluates the products performance to the acclaimed functionalities and production levels. It also compares the specifications of the product to the actual resulting product
When containing an Incident what is the first step that should always be taken
Secure the area and protect potential evidence
Based on the following asset information what is the organization single loss expectancy per hour?
Maintaining and updating their database cost $124,000 per year customer base revenue is $500,000 per year. For every hour of data compromise Or unavailability they could lose one percent of their customers
5,000
Chosen ciphertext attacks are mainly use against what kind of ciphers?
Pubic key
The risk of the following attack could be mitigated by software develop training
Buffer overflow
Which of the following relies on UDP
DHCP
Who is the primary user of an IDE
Software developer
A company has decided they need to separate the development team from the support team. According to general security principles what job function should be done by the development team
Software design
What protocol provides the user authentication authorization for remote client access?
802.1x
EAP-TLS
ChAP
RADIUS
RADIUS
Which distributed computing architecture is used extensively by web applications? Timesharing Three tier Peer to peer Client server
Three tier
An individual with secret level security clearance cannot read a document designed as top-secret. Which security model is is an example of?
Discretionary access control, Beba, Bell-lapadula or clark Wilson 
Bell la Padula
What type of memories typically use as cash memory?
Cashing random access memory, read only memory, dynamic random access memory, static random access memory
Static random access memory
During an evacuation who is responsible for checking that each individual that area has begun evacuation?
Door monitor, business unit manager, safety warden or meeting point leader
Safety warden
Which of the following is not a responsibility of an information owner?
Approving any disclosure activities, ensuring that the necessary security controls are in place, defining security requirements per classification of back up requirements or ensuring that proper access rights are being used in configuring them properly
Ensuring that proper access rights are being used in configuring them properly
Which of the following biometric access control measures the blood vessels in an eye?
I rescan, fingerprint, facial recognition or retina pattern
Retina pattern
Which of the following devices are read in written into a sequential order?
USB stick, solid-state drive, floppy drive or magnetic tape
Magnetic tape
Which of the following circumstances is computer application security most effective and economical?
When the system is optimized before the additional security, when the system as customers to meet specific security threat, when the system is Design from the beginning to provide the necessary security or when the system is purchase off-the-shelf
When the system is designed from beginning to provide the necessary security
When planning to perform a vulnerability assessment, a large international companies CIO decided to scan their entire IP address space. How can this affect the value of the scan?
The scan will review more problems that can be resolved in a reasonable time, the scan will have a high chance of failing before it completes, the network network will be unavailable while the scan is running or the scan will admit computers are not running at the time
The skin will reveal more problems than can be resolved in a reasonable time
What type of host discovery is used to find a live network systems that aren’t running responsive listing services?
Port scanning, Port monitoring, active or passive
Passive
Which of the following attributes could be used to qualify access control measures?
Administrative defensive detective, administrative preventive detective, associative preventive deterrent, associative preventive detective
Administrative preventive and detective
What is a driving factor in clearly stated data destruction policies?
Easy availability of archival info,
Pre-trial discovery during litigation,
historical records to advise policy makers,
or statistical analysis of past performance
Pretrial discovery during litigation
With regard to access control terminology when are built in subjects for an operating system defined?
When an administrator has a business need,
at that time the operating system is designed,
at the time the operating system is compiled
or when a new policy dictates the need for one
At the time the operating system is designed
Which of the following is example of a directive control?
Background check, encryption, Smart card or locks?
Background check
What is the number of UDP port that could be open on a system?
131,070, 131,072, 65,535 or 65,536
65,536
What step of incident response comes immediately after response?
Containment, mitigation remediation or reporting
Mitigation
What security issue is related to Legacy SCADA protocols like modbus, DNP3, pro fibrous and RP – 570?
They’re clear text
A computer is assigned a time to transmit by controller to void collisions. Which of the following uses a technique?
CSMA\CD, pulling, CSMA backslash CA or ATM? 
Polling
Pulling is commonly used in mainframe environments
What type of token generates new unique codes at fix time intervals?
Asynchronous dynamic, static, challenge response or synchronous dynamic
Synchronous dynamic
A mouse trap manufacturing company factory was flooded during a tsunami. Another division within the company manufacture rat traps in another plant that was not flooded. It could be used to make mouse traps after a day of retooling. What kind of site is this?
Cold, warm, hot or reciprocal
Warm
The computer ethics Institute has published a code of ethics which six to govern behavior of computer users. Which statement accurately reflects one of the 10 Commandments??
Dial shall not use the computer as a witness tool, that should not interfere with other people’s computer work, they’ll shall not use a computer for recreation, or thou shall not waste government computer resources
Thou shall not interfere with other people’s computer work
Against which risk is a perimeter firewall effective?
External exploit of a file server with an unpatri access vulnerability,
An employee opening attachment in a fishing email
Attackers pivoting to a database from a user machine with compromised credentials
Infective files downloaded via SSL from a compromise external Web server
External export of a file server with the unpaired remote access vulnerability
What resources consumed by a botnet during a DDOS
RAM
BANDWIDTH
CAM table space
Source ports
Bandwidth
Which of the following is a primary protective mechanism for active X?
Sandbox, antivirus, integrity checking or digital signature? 
Digital signature
What does CER, FAR AND FRR relate to IN A GRAPH?
Business impact analysis, biometric authentication, IDS/IPS tuning Or vulnerability assessment
Biometric authentication
Which of the following tools we use to record and send a users password over the network?
Keylogger, father, Kerberos or a root kit
Keylogger
What should take place to restore server and it’s data files after a system failure?
Take a forensic hard drive image, reformat the server and reinstall the OS, implement system recovery procedures or clone the server from a similar system
Implement system recovery procedures
Which of the following is only likely to be identified through an assessment of core security processes
IP addresses of house probably in the network perimeter, the root cause of security failures, identification of zero de compromises or the number of listening services on a network
The root cause of security failures
What activity can often uncover evidence of a data breach?
Vulnerability assessment, user acceptance testing, centralize log review, business impact analysis
Centralized log review
While reviewing a file server security log a system administrator notices there are no events log for any type of file access. What type of issue is this?
Authentication, authorization, accountability or availability
Accountability
Removing unnecessary applications and services is part of what process?
Creating security metrics, The provisioning systems, continuous monitoring, or applying security baselines
Applying security baselines
Key component to any baseline security configuration is establishing the minimum necessary services applications needed to perform the required functions this can also be referred to as principle of lease privilege
Which part of a pen test are WHOIS and DNS often use
Exploitation, reconnaissance, vulnerability assessment or scanning
Reconnaissance
Which of the following is so she was buffer overflows?
Cat, and map, a a a a or gets ()
gets()
What is the meterpreter in the Metasploit framework?
payload, a threat, and exploit or vulnerability
A payload
What is a mandatory component of a single sign-on system?
A non-discretionary access control, Federated Identity management, multifactoral syndication or centroids credential source
Centralize credential source
What is the difference between an incremental backup and a differential back up?
And incremental back up is on site and a differential is remote,
a differential backup is on site incrementals remote,
an incremental back up creates files for each day and a differential back up file grows each day
or differential backup creates files for each day in incremental back up file girls each day
An incremental backup creates files for each day and a differential back up file grows each day
Which of the following should be used to extinguish a fire and operating electrical transformer station?
Soda acid, dry powder, CO2 or water
CO2
A $200,000 service firm has a single loss expectancy of 40,000. What is a server firms exposure factor?
20%, 40%, 200% of 500%
20%
Which code review method is a characteristic of extreme programming?
Pair programming, fuzz testing, tool assisted or static analysis
Pair programming
What is the defining characteristic of an 802. 11 ad hoc wireless network?
Clients connect to an access point, Allows access points to communicate with clients, operates without essential access point are used for sniffing wireless networks
Operates without a central access point
An ad hoc wireless network is a peer to peer network specifically designed to operate without is central access point
What does an attacker do with the return pointer when it’s over written?
Set it to a program on the drive the Attacker wants to run
Sets it to another currently running applications and the machine
Set it to an incoming data stream from the network
Sets it to the location in the stack are the commands are
Sets it to location in the stack where the commands are
And administrator working on a web server open some malicious link while downloading patches. What kind of attack is this?
Trojan horse, server-side, come in injection or client-side
Client-side
Which of the following is used to identify how an ATM sell can reaches destination?
Point of point protocol, virtual path identifier, permanent virtual circuit or switch to virtual circuit
Virtual path identifier
Which software development Methodology is not primary code centric?
SDLC
DEVOPS
LIBSAFE
CMMI
Devops
What organization manages request for comments (RFCs)
National Institute of standards and technology, Internet engineering task force(IETF) , International organization for standardization ISO or Center for Internet security CIS
Internet engineering task force I ETF
Which of the following types of business country plan testing is known as validity testing?
Full interpretation, simulation testing, structure walk-through testing or checklist

Structure walk through testing
Which of the following topologies is most widely used today because of scalability and fault tolerance
Star biology, bus topology, ring topology or loop topology
Star
What’s the following categories fits these terms: Client/server, three – tier and peer-to-peer
Software architecture, Computer architecture, software development Methodology, interprocess communication
Software architecture
What element is part of the base metrics in the common vulnerabilities scoring system?
Temporal,
access vector
environmental or
emanations 
Access vector
The defense on a computer fraud case United States wishes to offer a third-party personal email records into evidence that could help prove her client had no malicious intent. What is the prosecuting same most likely to do?
Object based on the hearsay rule 
I’ve just based the emails containing PII in the main headers
Object base in the exclusionary rule
Object based on data retention policies

Object base and the hearsay rule
Which software development methodology uses and enter iterative approach to develop it working model with typically includes frequent interaction between the customer and developer
Spiral, address, scram or prototyping
Prototyping
What type of evidence obtained from an outside source and is admissible in court?
Hearsay, circumstantial, inculpatory kr corroborating 
Hearsay
I do bass administrators alerted to a spike in activity that has caused a space shortages over the last week. Where should the administrator look to turn whether the increase in activities due to valid or abnormal request?
The database is Aralog, the operating system‘s application law, the database is transaction log or the app ring system security log
The database transaction log
How can organization share a single document repository were each company retains control over its own authentication credentials
Access control matrix, two factor authentication, coveralls key distribution center or Federated identity management
Federated Identity management
Fuzzing a running applications part of what process?
Code review, stress testing, dynamic application security testing or static analysis
Dynamic application Security testing
There are many types of testing methods involve a exercising and maintaining a business continuity plan. Which of the following types of testing is known as consistency testing
The literally testing, structured walk-through testing, simulated testing, or checklist testing
Checklist testing
What functionality do open ID and Saml provide?
Openid uses centralized Storage for credentials, while SAML uses distributed storage 
true or false?
False
Open ID performs authentication while SMAL and codes authentication related information
What causes the chrome browser to have many process instances when there are multiple tabs
Standard libraries
Buffer overflow
Sandboxing
Memory leaks
Sandboxing
Which of following is not one of the private IP address ranges designated by the internet assigned numbers authority
- 12.0.0:16-128.92.0.0/16
- 0.0.0/8
- 168.0.0/16
- 16.0.0/16-172.31.0.0/16
128.12.0.0/16-128.920.0/16
What is the act of hiding data within another medium?
Permutation
Substitution
Steganography
Transposition
Straganography
If a company does not inform employees that they may be monitored and does not have a policy stating how monitoring should take place, what should a company do?
Don’t monitor individual employees in any fashion
What is the goal of synthetic transactions
Ensure an application is performing as intended
What is one way of avoiding excessive damage to equipment while maximizing personal safety and using recommendations of fire protection and insurance industries for data centers
Dry pipe
Which of the following characteristics of secondary memory?
Has slower data retrieval speeds
Which of the following Algorithms is used to secure the exchange of key when implementing public Key cryptography
DES
AES
IDEA
DIFFIE-hellman
Diffie hellman
What computer resources make up the TCB?
The kernel and processes designed to meet a formal security policy
What is the first step to be accomplished in a preliminary legal investigation
Gather evidence, determine if Crime has occurred, interview witnesses or inspect damage
Determine if a crime had occurred
Even Joy streaming videos from the wild while on her work computer. Sometimes access to videos are cut off for hours or even the rest of the workday period it seems random to eve the day of the week the websites hosting the videos, and how long she can access sight do not follow a pattern. Which control is blocking the website?
Context base access control, web application firewall, whole space in certain section or time base access control
Context based access control
Which of the following does every user in organization not need to be aware of regarding their organizations information security policy?

The actions required to recover systems in case of a disaster
What writing protocol is used to communicate between autonomous systems and large networks such as the Internet?
ARP RIP DNA ESP BGP
BGP
Which of the following terms describes determining an individual is who they claim to be?
Authorization, identification, authentication
Authentication
Which of the following land transmission protocols is use on ethernet networks??
CSMA/CD
TOLEN PASSING
CSMA/ca
Polling 
Csma/cd
The pen testing team is getting access to orientation by sending a PDF file from a spoon human resources email address. Which the following controls would help medicate this attack?
security audits, code review, user training or transport layer security? 
User training
What is the security weakness of the password authentication protocol? PAP
Sends passwords in plaintext
When a cookie is marked secure which of the following controls are in place?
It may be sent over SSL/TLS, it cannot be accessed by JavaScript, is encrypted with the private key or it is encrypted with a symmetrical key? 
It may be sent over SSL/TLS
The most complete picture of the security of network results from which of the following?
I Pinterest, vulnerability assessment, firewall rule based audit or security assessment
Security assessment
Once you understand a risk, you can decide not to become evolved in this risk situation. What should the choices below describes this decision
Risk avoidance, risk acceptance, risk reduction or risk transfer
Risk avoidance
What mechanism can be used to ensure that it failed database transaction or system for the return the subject to a meaningful point in some process
Checkpoint
The following statement can be best described as what type of security documentation? I’ll end-user systems on the network must be protected at the host level again smell weird unauthorized access
Procedure, policy, standard, baseline, guideline
Policy
Which of the following best describes operation security
Taking steps to make sure environment and information access within it stay at a certain level of protection
What is the unit of transmission in an ethernet network called
Frame
Which of the following forms of communication should be used and reporting an incident to management
Out of band
What component of a VoIP system exchanges traffic between a packet switch in circuit-switched network
Media gateway
What solution aims to solve latency issues caused by differences between client in public servers
Content distribution networks
Provides faster delivery of content to the user distributed world wide
It is a group of servers that are placed all over the globe and increase the delivery of web content
What type of control can automatically initiate corrective control
Detective
Dedicated
Dedicate a motive operation means at the system contains objects of one classification label
Which search engine poses a problem for SCADA system is connected to the Internet
Shodon
What is the Best definition for equal error rate EER
The rate at which the FAR equals a FRR
In tunnels mode IPSEC The outer packet is address to which of the following
The receiving Gateway
Which of the following sulfur controls is an output control
Reconciliation
What type of control as a security policy
Directive
What Mac motive operation place a reference monitor to mediate between subjects and objects
Multi level
Which of the following destroys patterns that connect plane textures associate ciphertext
Diffusion
Compressing IPv6
Leading zeros are all suppressed
Which of the following access control measures is directive
Background check
What type of memory must be refreshed by reading and rereading each but every Few milliseconds
DRAM
Which Class of fire suppress by dry powder
Electrical
Which of the following pen testing activities with the effective invalidating Tempus effectiveness
Radiation monitoring
Which distributed computing Thank you architectures fully decentralized
Peer to peer
The account management process should ensure adherence to a security principal
Least priv
Which of the following Theresas the Internet activities board consider violation of the ethics in the Internet
Compromising the privacy of users
Antivirus Blocked an executable and sent a notice to security event information management system. What type of control does antivirus represent
Preventative
During a preliminary investigation of potential security incident which step should occur in what order
Review the complaint, inspect the damage, exam in logs and work with management and if necessary is this management in notifying law enforcement
With respect to do classification rolls in which of the following is a responsibility the system owner
To assist in identification of the common security controls
Metasploit
Validate if the vulnerability is exploitable
Where would attackers focus our efforts to disable Kerberos
Key distribution center
Which of the following concepts requires having a central authority maintain a copy of everybody’s private keys are there any users encrypted data can be decrypted by the central authority
Escrowed encryption
What should be considered in the purchase of a preventative control
Total cost of ownership
A no NIDS is alerted by a database connection
False negative
False negative occurs when the IDS is not set off an alert and the traffic is malicious
What is an application Output control
Reconciliation
What technology allows a single switch to host multiple networks 
Vlan 
What memory addressing technique always refers to a temporary storage location of the rather than the main memory
Registered direct addressing
Which of the following provides the set of statements used to design a database Sxhema
Data definition language
What layer of the OSI model does 802.1X provide authentication
Data link
Why would someone use frame-relay instead of x.25
Lower overhead
What are the four tasks in the access provisioning life cycle
Account Administration
Maintenance
Monitoring
And revocation
Identity is what
Making a claim to the system as to who you are
Providing user name and password is what
Authentication
After authentication then authorization is next, what does it do
Looks what what access the user has
After authorization is accountability
This deals with who does what in the system
What is AAA
Authentication
Authorization
Accountability
Auhtorizarion determines what
What access to what group of information a user or group of users has
Accountability is what
Makes the user responsible for their actions
Four
Four categories of authentication are
Something you know (password, phrase)
something you have
Something you are
Someplace you are
True or false using two authentication factors is known as two factor authentication
True
What is CER
Crossover error rate
Percentage of false rejection rate compared to false acceptance rate
PoLP is what
Principle of least privilege and it makes sure individuals are granted access necessary to perform their required business functions
True or false, the PoLP applies to users and system configuration, firewall rulesets, and many other items in security
True
What is a key policy for fraud deterrence/detection
Rotation of duties
What is the base level of protection that a reasonable person takes to check a piece of code
Due care
What is the process followed to ensure that an org is exercising their duty of care
Due diligence
What do detective controls do
Makes us aware of a condition that might warrant further inspection or response
Any device that has an alarm feature is this
Prevention controls do what
Deprive unauthorized access to resources
What includes organizational policies and procedures
Administrative or directives
Type of controls
Preventative Detective Corrective Deterrent Recovery Compensating
Administrative controls are
Background checks and policies and procedures
Physical controls are
Locks
Security laptops
Security magnetic media
The protection of cable
Technical controls are
Encryption
Smart cards
Preventative controls do what
Prevent an attack from being successful
Detective controls do what
Assuming an attack has begun, it tried to detect that there is a problem after an attack occurs
Timing in critical
Deterrent controls do what
Discourages security violations, such as a beware of dog sign
Compensating controls do what
Provide alternatives to other controls. If there is a weakness in a control, add another layer of security to reduce the risk
Corrective controls do what
Reacts to an attack and takes corrective action
Recovery controls do what
Restores the operating state to normal after an attack or system failure
First step to managing risk is what
Asset evaluation
What is the impact of unavailability
What is the impact of a data breach
What is the impact of the data was altered
Risk =
Threat x vulnerability
What is something that can bring harm to a system
Threat
What is a threat source , aka threat source
It is the cause of a threat
What is the means a threat exercises a vulnerability?
Exploit
What is the source or binary code that eases the ability for an attackers to exploit a vulnerability
Exploit code
What is the action that the attacker wants to carry out as a result of the exploitation.
What is part of the post exploitation portion of an attack
Payload
What is the worlds most used pen testing framework
Metasploit
What are the two primary approaches to risk assessment
Quantitative and qualitative
What type of risk assessment is perfected by the business and usually uses numbers
Quantitative
Quantitative formulas
SLE = EF xAV
ARO
ALE =SLE X ARO
TCO
ROI
Which risk assessment focuses on what
Uses risk matrix and does not use numbers
What must an effective risk management prioritize
A risk reduction strategy
What are the three fundamental elements of security
Confidentiality integrity and availability
What defines the CIA triad in terms of loss?
Disclosure alteration and denial (DAD)
What is the request for information to be made to initially gather information about the available providers of the item or service being procured.
RFI
Request for information
What is the stage of procurement to determine which providers will bid for the project
Request for proposal
Rfq
Request for quote
What is used when a business operates legally as a partnership
It addresses ownership, profits/losses and contributions
BPA
Business partner agreement
What is used when two org interconnect information systems/networks
MOU/A
It defines basic roles, responsibilities and requirements. It also refers to the ISA got details concerning the security requirements
Woah dictates the technical security requirements associated with two orgs connecting information system/networks
ISA
What is used to force service providers to agree to provide and acceptable level of security or else potentially be found in a breach of contract
SLA
What is an internal
Agreement that supports the SLA?
OLA
operating level agreement
What governs how about org that license a large volume of software is allowed to use that software?
ELA
enterprise license agreement
COTS
commercial off the shelf
What does SOC stand for
Service organization controls
What is the name for a SOC 1
Service organizations: internal
Control over financial reporting (ICFR)
What is the name for a SOC II
Service organizations:trust services criteria
Name for a SOC III
Service organizations: trust services criteria for general use report
What needs does a SOC I meet
Entities that use service organizations and the CPAs that audit the user entities financial statements and controls on the financial statements
What does a SOC II do
Gives a detailed information action and assurance about the controls at a service org relevant to security, availability and processing integrity of the systems the service org uses to process users data and the confidentiality and privacy of the information processed by these systems
What is a SOC III used for
Giving assurance about the controls at a service organization relevant to security availability, processing integrity confidentiality or privacy
The concept of threat modeling is closely associated with what?
Software or application development
Approach for threat misruling is STRIDE . What does STRIDE. Stand for
Spoofing ID TAMPERING With data repudiation Information disclosure DoS Elevation priv
What is the goal of threat identification
Appreciate the threat sources, understand their motivation and determine their capabilities
What is the method attackers use to touch or exercise vulnerabilities
Threat vectors or vector
What represents all the ways in which an attacker could attempt to introduce data to exploit a vulnerability
Attack surface
How do you reduce the attack surface of an application
Security configuration management or hardening . This ensures only necessary features are enables on systems
What governs individual conduct as it pertains to laws both federal and state
Criminal law
What refers to an action against a coma y that causes damage or financial losss
Civil law
What protects inventions for 20 years
Patent
What is a recorded thought, a form of expression copyright
Lifi uses what
Uses LED lights bulbs to send data
What includes 4g and 5g
Lifi zig bee and satellite and cellular networking
Tools used to recover shared WEP keys
WEPcrack
Airsnort
dwepcrack
What uses existing LES bulbs to send data to receivers
LIFI
What are the benefits of LIFI
Speed
Down side is it cannot pass through light
What leverages battery powered radios to form a mesh person area network
Zigbee
What network let’s the computers in a network communicate directly with each other without an intermediary
Peer to peer
What are characteristics of the waterfall methodology
The project is divided into sequential stages, each with specific milestones
This is knows your be the most direct toward the objectives with the shortest dev time and cost possible
What maturity level of software assurance modem (SAMM) as described as initial understanding and ad hoc provision of security practice?
Level 1
Level 0: implicit starting point representing the activities in the practice being unfulfilled
Level 1: same as question
Level 2: increase efficiency and or effectiveness of sec. Practice
Level 3: comprehensive mastery of the sec practice at scale
Ensuring only min required access is given to developers at any time is an example of what?
Least priv
What approach would be best suited to help identify flaws by examining source code?
Static application security testing
What applies an agile methodology to threat and vulnerability management, incident handling/response and overall security operations?
Security orchestration automation and response (SOAR)
SOAR is the automatic handling of security operations-related tasks. Process of executing these tasks, like scanning for vulnerabilities or searching logs
One of the oldest Programming vulnerabilities allows that allows code to be inserted into memory locations potentially allow code execution?
A buffer overflow
This is when the programmer fails to perform bounds checking
For example
The ()gets functions goes not enforce a character length limit when data is input
Which level in the CMMI is defined by the phrase
The software process for both management and engineering activities is documented, standardized and integrated into a standard software process for the organization?
Level 3
Which type of testing would be most appropriate to ensure that all expected functionality of the app is present and working properly?
Quality assurance
What development methodologies uses paired programmers who work from a detailed specification, has a high level of customer involvement and uses detailed test procedures?
Extreme programming (XP)
What principle is violated when developers reviews code in production
Separation of duties
What maturity level of software assurance model is described as comprehensive mastery of the security practice scale?
Level 3
What file methodology co twins small teams of developers, senior member of the org who acts like a coach and the product owner?
Scrum
What can be used to develop applications faster and increase programmers analysts productivity
IDE
Integrated development environment
Musically has a code editors, debugger and build/compiler
What is the best way to reduce risk in software
Code review
Management is concerned about apps having successfully passed through QA and user acceptance testing but later having unforeseen issues when deployed into the prod. What term would be most applicable to address this?
Devops
Which software developmental model has unique discrete sequential phases
Waterfall
What enables rapid deployment of virtual security applicable and devices like virtual firewalls, virtual IPS
Software defined security
What term describes a structured approach to documenting and approving changes to systems
Change control
What level of the CMMI model is defined by detailed measures of the software process in product quality are collected
Level 4
What type of coding far is exploited would allow a normal user account to gain increased or even admin access
Priv escalation
This type of attack increases a users or process privilege typically to superuser level. Most of these tax require nonprivileged local access. SETU ID root programs are frequent targets of priv escalation attacks
What is the main factor that drives a spiral model of application development
Risk
What is being implemented if development staff does not manage security functions
Separation of duties
Development team should have clearly defined borders between developers, the QA department in the coder applications used on prod environments 
One of the primary approach is to ensure that Java applet do not negatively impact the underlying operating system involves running the code with any more isolate environment with limited access
Sandbox
Some numeric values are often stored in fixed length memory locations. What type of a taxi to explode this characteristic to achieve memory corruption
Integer overflow
What should be done in order to be able to correlate the mini logs produced by different systems
Use a reliable and accurate time source
Maintaining a centralized Backup copy of all your logs as quickly important to your monitoring. If they are accurate this what is the log correlation. It’s a timestamps her off it will not be helpful
What type of minoring would be best suited for discovering a compromise internal system being used to scan public hosted cloud assets
Egress monitoring
It monitors traffic leaving an organization, system for interface like the traffic from internal system that scans public hosted cloud assets. Ingressed monitoring examine the behavior of assets of an organization or system seem whether they are in compliance with standards or not
Measuring the baseline of activity overtime in highlighting expectations is referred to as what
Anomaly detection
This type of tool notices unusual trends in traffic patterns. They use expected behavior patterns as their baseline then ignore sells patterns as a process data
And Apache web service is considered to be what type of Kobe service
PaaS
Edmonds have control over the service configuration only, and not the general operating system. An admin could we start the web service but not reboot the entire system
What detective technology would be best able to help discover adversary Compromise of a legitimate user account based on deviation from typical behavior
UEBA
user and entity behavior analytics provides baseline self profile how users behave. A SIEM may include you EBA data but that cannot be guaranteed
What is the goal of a business impact analysis
It focuses on determining mission critical business processes and the impact associated with disruption of those services. Its purpose is to determine the tolerable level of impact and keep business functions. The primary focus is on the disruption of availability and determination of the effect of an outage over a period of time. The BIA informs the requirements regarding RTO
What is a computer forensics image
A binary copy of the hard drive
Binary copy can capture files that have been deleted and hashing algorithms can be used during acquisition and After to be right assurance to the integrity of the image acquired
During incident response, you find a dynamic internal IP address is Implicated as the attacker. What would be a key log needed for incident response in forensics
DHCP logs
It provides assets with the IP address is dynamically, so that the IP address of a house can vary. The DHCP logs could enable investigatory to determine which host the adversary used
Marin Is the manager of the quality department and you just his RFID card to access the building and later uses the same car to access his office what type of control is this
Technical
What are two types of identity management systems?
LDAP
AD
DC
DN
Ad and ldap
Active directory
Lightweight directory access protocol
An SSO system is characterized by what
Provides a single user name and password to access entire network
What is the best performing biometric authentication systems have
Low crossover error rate
After a users thumb print has been enrolled for future authentication what does their print get stored as
Hash
Parametric images are converted to hashes so there’s a hacker exploits a password they will only obtain representations of the biometrics and not the real images
Nadia As a security administrator tasked with finding users with week passwords. What type of attack but she attempts first as part of the security audit
Rainbow tables
Birthday
Dictionary
Brute force
Dictionary
What is it called when an employee moves from department to department and the rights and priv are not removed
Authorization creep
Which SSO system uses secret keys, principals and tickets
Kerberosis
Kerberosis uses a key distribution center to grant tickets to users for services to use such as email and file sharing
Kerberosis uses what keys
Symmetric
This provides redundancy with the key distribution center to medicate it being a single point of failure. Make certain to use the longest to resist brute force attacks
Diskless comouters with lots of memory and fast CPUs that obtain their operating system and data from a centralized server called what
Thin clients
When implementing security containers on a system it will be divided into too secret, secret, confidential and unclassified. Which type of system is she implementing
MAC
mandatory access control
What is not a SSO system
Circumference
Which should be added to make tjeee factor authentication if the person uses a card to swipe into the server room?
Pin
Retina scan
Otp
Authenticator
Pin
Retina scan
Which access control model prioritizes availability over Confidential Aliti and integrity so that owners of their files determine the authorizations of their objects
DAC
Discretionary access control
Allow MAC address 35:35:43:an:ac:a1
Deny all
Rule based access control
What are two difference between TACAS and RADIUS
TACAS encrypts all the data . RADIUS encrypts the password only and
TACAS transmits data via T P and RADIUS transmits data via UDP
Which is not a physical access control type
8 foot fence
Data backup
Security awareness training
Network segmentation
Security awareness training
Example of admin controls
Non disclosure agreement
Dress code policy
What device would monitor network activities
IDS
When tasked with lowers the threshold of monitoring activities as part of her seeking to discover an external threat, what is one thing that she will notice first
The system perform reduces
By lowering the threshold, increases alerts. So false positives increase and logging tables fill up faster. The increased monitoring will eventually find it
When an admin is given priv to Ana he printers and hard drives but not the network, what is this an example of
Least priv
Ok Unix and Linux systems what is the best rewrite to implement to mitigate brute force attacks
Name the root log in name to roto-root3r
What is an example of data hiding
Steganography
What is the act of intentionally positioning data so that it is not viewer or accessible to an unauthorized subject
Data hiding
What is an important part of multilevel secure systems?
Data hiding
What is the science of hiding the meaning of intent of a communication from unintended recipients
Encryption
What is the line of intersection between any two areas, subnets or environment s that have different security requirements or needs
Security boundary
What is it called when there is an established plan, policy and process to Protect the interests of an organization
Due diligence
What is it called when it is practicing the individual activities that maintain the due diligence effort?
Due care
What is the document that defines the scope of security needed by the org and discusses the assets that require protection
Security policies
What defines requirements for the use of hardware, software, technology and security controls
Standards
What is the minimum level of security that every system throughout the org must meet
A baseline
What is the element of the formalized security policy structure
Guideline
Do all users need to know the security standards, baselines, guidelines, and procedures for all security classification levels
No they do not
What is the process where potential threats are identified, categorized and analyzed
Threat modeling
What type of testing is specialized dynamic testing technique that too idea different types of input to software to dress its limits and find previously infected flaws
Fuzzing
CIA
Confidentiality integrity and availability
What is the principle that objects are not disclosed to unauthorized objects?
Confidentiality
What is the principle that objects retain their veracity and are intentionally modified k my by authorized subjects
Integrity
What is the principle that authorized subjects are granted timely and uninterrupted access to objects
Availability
What is AAA
identification, authentication, authorization auditing and accountability
What is the process of verifying or testing that a. Claim identity is valid
Authentication
WhG ensures activity or object based access is possible given the rights and priv assigned to the authenticated identity
Authorization
What is auditing
Programmatic means by which subject are held accountable for their actions while authenticated on a system through the documentation or recording of subject based activities
What repudiation
Ensures that the subject of an activity cannot deny that the event occurred
Abstraction is what
It is used to collect similar elements into groups classes are bowls that are assigned security controls, restrictions are permissions as a collective. It has efficiency to caring out a security plan
What is defense ok depth
Is known as layering, it is simply they use multiple controls in a series. Using a multi layered solution allows for numerous different controls to guard against whatever threats come to pass
What is it called when you are preventing the different been discovered her access by subject
Data Hiding
What is it called when there’s a line of intersection between the two areas, subnets, or environments that have different security requirements or needs
Security boundaries
What is security governance
It is a collection of practices related to supporting defining interesting to secure the efforts of an organization
What is the process of reading the exchange materials And verifying them again standards and expectations. In many situations special related to government or military agencies are contractors failing to provide sufficient documentation to meet requirements of third-party governance can result in loss of or a voiding of authorization to operate
Documentation review
What is security management planning
Ensures proper creation implementation and enforcement of a security policy.
What needs to be in order in order to be able to create an comprehensive security plan you need what
Security policy Standards Baselines Guidelines And procedures
Security management is based on theee rules of plans
Strategic tatical and operational
Key security roles are
Senior manager, security professional, as an owner, custodian, user and auditor
Confidentiality integrity and availability are typically viewed as the primary goals and objectives of a security infrastructure. Which Of the following is not considered a violation of confidentiality
Stealing passwords using a key struggling tool,
eavesdropping on wireless network communications,
hardware destruction caused by arson or
social engineering that tricks to use her and she providing personal information to a false website
Eavesdropping on the wireless network
What is a primary goal and objective a security
The CIA Triad
James recently discovered an attack taking place against his org that prevented employees from accessing critical records. What part of the CIA was violated
Availability
What is security governance
Security governance seeks to compare the security processes and infrastructure used within the organization with knowledge and insight obtained from external sources
You have been tasked with crafting a long-term security plan That is fairly stable. It needs to find the organization securities purpose. It also needs to find security function in a line it to the goals, Michigan, and objectives of the organization. Why are you being asked to create
Strategic plan
What is a risk associated with a. Merger
Inappropriate info disclosure Increased worker compliance Data loss Downtime Additional insight into the motivations of inside attackers
What is a set recommended best practices for core IT security and operational processes and
ITIL
What security role has the functional responsibility for security including writing the security policy and implementing it
Security professional
When confidential Documents are exposed to an authorized entities, which element of straight is used to reference that violation
D
Denial of service
A development team is working on a new project. During the early stages of systems development the team considers the vulnerabilities, threats, and risks of their solution and integrates protections Against Unwanted outcomes. What concept to start modeling is this
Proactive approach 
Whenever an organization work for the third party it’s supply chain risk management process it should be applied. One of the common requirements is establishment of minimum security requirements of the third-party. What should these requirements me based on
Existing security policy
What is a risk centric threat modeling approach that aims at selecting or developing countermeasures in relation To the value of the assets to be projected
PASTA
Process for attack simulation and threaten else’s. It is a seven states threat modeling methodology
What term relates to defense in depth
Layering, classifications, zones, realms, compartments, sales, segmentations, lattice structure and protection rings
