Memory Deck Flashcards

Question

The Ring Model: Zero KODU

Answer 1

-VM KODU = -1 VM hosts, 0 Kernel, 1 Operating System, 2 Drivers, 3 User.

Answer 2

DORA - Discover, Offer, Request, ACK.

Answer 3

I Prefer Coffee Everytime Anyone Provides Donuts = Identification, Preservation, Collection, Examination, Analysis, Presentation, Decision.

Answer 4

RRA/RTID Request, Review, Approve or Reject, Test, Implement, Document.

Answer 5

RSA ESA O = Reconnaissance, Scanning, Access and Escalation, Exfiltration, Sustainment, Assault, Obfuscation.

Answer 6

I Ran Down My Ostrich = Initial, Repeatable, Defined, Managed, Optimized.

Answer 7

BCP policy → BIA → Identify preventive controls → Develop recovery strategies → Develop DRP → DRP training/testing → BCP/DRP maintenance

Answer 8

IDIOD - Don’t be an IDIOD = Initiation, Design, Implement, Operations, Disposal

Answer 9

“I Reckon All Dem Dere Taters’ Really Delicious” = Initiation, Requirements, Architecture, Design, Develop, Testing, Release, Disposal.

Answer 10

Atomic, Consistency, Isolation, Durability.

Answer 11

Authentic, Complete, Admissible, Convincing, Accurate

Answer 12

are FAR away.

Answer 13

is a good IDEA.

Answer 14

B(urn) Transport Layer—Segments (TCP) (SOME) DATAGRAM (UDP) Network Layer—Packets (PEOPLE) Data Link Layer—Frames (FEAR) Physical Layer— Bits (BIRTHDAYS)

Answer 15

Initiating, Diagnosing, Establishing, Acting, Learning

Answer 16

Initial, Repeatable, Defined, Managed, Optimized I RAN DOWN MY OSTRICH

Answer 17

PADDTIM - Planning, Analysis, Design, Development, Testing, Implementation, Maintenance

Answer 18

Inguannas In Paris Really Cant Teach Me = Iniitation, Impact, Preventative, Recovery, Continuity, Test, Manage

Answer 19

Complete loss of power Blackout Brief/Moementary Loss of Power Fault Prolonged/Extended drop in voltage Brownout Brief drop in voltage Sag Initial power rush (i.e., after an outage) Inrush Momentary rush of power Spike Prolonged/Extended rush of power Surge Big Fat Bears Sleep in Snoring Slumber Before Face Book Some Introverts Stayed Silent Blue Falcons Bring Simply Incredible Soaring Sights Best Friends Believe Silence Is Simply Silly

Answer 20

- FTP, File Transfer Protocol

Answer 21

- ssh, secure shell

Answer 22

SMTP, Simple Mail Transport Protocol

Answer 23

TFTP, Trivial File Transfer Protocol

Answer 24

HTTP, HyperText Transfer Protocol

Answer 25

POP3, Post Office Protocol (version 3)

Answer 26

- NNTP, Network News Transport Protocol

Answer 27

NTP, Network Time Protocol

Answer 28

- IMAP, Internet Message Access Protocol (version 4)

Answer 29

- SNMP, Simple Network Management Protocol

Answer 30

dedicated to Remote Desktop Protocol (RDP)

Answer 31

1. You go to the Amusement Park and Buy a Ticket from the Main Entrance Counter to Enter into the Amusement Part to Enjoy The Rides, whichever you have paid for. (Which we call TGT - Ticket Granting Ticket) 2. He goes to the first rider and says I want to ride MarygoRound and present the Ticket (TGT) to the Rider. But the rider says, show me the ticket that you have to ride this ride. 3. Rider suggest him to go to the different counter to get the ticket for this Ride (Call it Service Ticket). He goes to that counter and shows his Ticket (TGT) and gets Service Ticket for the MarrygoRound Ride. 4. After getting the Service Ticket, he shows it to the Rider and he allows him for this Ride. He Enjoys the Ride. 5. Overview 6. In Reality How it Happens - User Sends a Authentication Service Request to Domain Controller - Domain Controller Sends Back Authentication Service Response along with TGT Key - User Send an Application Request along with the TGT Key to the Domain Controller - Domain Controller Sends Back TGT Response along with the Service Ticket to Access the Requested Application - User sends a Request to the Application Server along with the Service Key - Application Server Validates it and Grant Permission to Access it

Answer 32

= 20 years. Notice there is the word "ten" in Patent. 10 fits better into 20, than it does 70 (Copyright).

Answer 33

Take Grant to the Colorado Rockies (Take/Grant/Create/Remove). The OSG is also light on this, as you only need to know what it is, and how it compares to the other models.

Answer 34

it's an integrity model.

Answer 35

– Many hosts Infrastructure. Best if your app really requires complex infrastructure (such as 5 databases, 10 firewalls, etc).

Answer 36

– One host. Best if: your app can run on 1 host, and you are concerned about: liability, security, time, and money wasted configuring code and infrastructure. PaaS is much more liability-optimal than IaaS. PaaS is the easiest to administer. PaaS your code – so IaC is PaaS.

Answer 37

– Service. Service is the most affordable, has least liability to the customer and the cheapest, but it takes time to configure code to work with SaaS and cloud.

Answer 38

– BiPlane Joint-Venture agreement

Answer 39

– Like Windows OLE (internal, under-the-hood) – under-the-hood 'SLA' internal agreement between (C)SP and its brokers.

Answer 40

– Completely different beast – Confirms understanding of each-other's "moo" (talk).

Answer 41

– Slave (small) Jobs Worked-on.

Answer 42

– Master Services Provided. Masters of Airlines.

Answer 43

(Sarbanes Oxley, 2002) – [say in British accent] ENRON really SOX. Its transaction flow really SOX.

Answer 44

– banks, lenders, insurance. Think about some fat banker Gramm (or Graham)

Answer 45

– Protects minors 13 or younger online. If you are an online pedo, then you cop it

Answer 46

– Protects Student data for over 18. Think about Phineas and FerP. They have to grow up eventually and go to college. It would be really unfortunate for Phineas and FerP fans if FerP's student card is leaked to public!

Answer 47

– U.S. Government information security is under prisma. [NIST SP 800-53 is used for FISMA]

Answer 48

Credit Card Security – Visa, MasterCard and American Express. What else is a card other than a credit card? – Your PCI card. Note: PCI DSS is a Standard, not a law.

Answer 49

– Copyright. Who hadn't heard of the DMCA strikes on Youtube?

Answer 50

– First major legislation to fight cybercrime. Think: CFAA – F for First.

Answer 51

Makes it illegal to invade electronic privacy of an individual.

Answer 52

Think of ECPA and CALEA – as a seed and a flower. Yes, calea is a plant, but let's make CALEA a CAULIPOWER with sour taste. ECPA grows into CALEA flower. Then terrorists come, and the garden of CALEA has to be destroyed. Like the privacy had to be destroyed.

Answer 53

Broadened wiretapping authorizations, no thanks to 9/11 in 2001.

Answer 54

– restricting export of civilian items that may have military applications, such as EARphones.

Answer 55

– restricting export of war items. Think "ITAR is war". Russia has a century-old pro-war newsagency of ITAR-TASS, and when Russia started its full-scale war, U.S. already had Russia added to ITAR list.

Answer 56

– in California only, require Privacy Statements from organizations. Similar mandatory effects to the EU's GDPR. Remember California=Privacy.

Answer 57

– Patents and Trademarks – (U.S. Patent & Trademark Office)

Answer 58

– Copyright – (Library of Congress)

Answer 59

Steps Prepare. Categorize (systems) Select (controls) [for systems] Implement (controls) [+documentation] Assess (controls) [take a step back] Authorize (controls) [stamp of approval] Monitor. Mnemonic device 1 PC SIA AM (PC of SIA in ArMenia) For SIA to run a rogue PC in Armenia is pretty RISKy https://img.youtube.com/vi/JKbVmjan3bQ/mqdefault.jpg Mnemonic device 2 PCS IAAM (PC-s I aam) [Being non-human is RISKy]

Answer 60

DC I DD PP NSFL but rememberable memorization trick, oh boy will you need DRP and thus BCP after this Develop (policy) Conduct BIA (Business Impact Analysis) Identify (preventative controls) Develop DRP strategies Develop IT contingency (plan) Plan Training Plan maintenance

Answer 61

(Confidentiality model) Like a BELL 🛎️: No Read Up↑, no Write Down↓. Compiled: NoR↑🛎NoW↓.

Answer 62

– (Integrity model) Opposite of Bell-LaPadula: No Read↓, no Write Up↑. Compiled: NoR↓▽NoW↑.

Answer 63

Think Chinese Brew tea – Chinese Wall. Walls off conflict-of-interest.

Answer 64

– (Integrity model) Use software to access data. Clerk uses WinStone software to access business data.

Answer 65

Fault – short – (Technical) Faults don't last forever Blackout – (obviously) long LO Electricity Sag – short-term – sag even sounds short – sag sac Brownout – alike to blackout – long-term HI Electricity Spike – Spikes are momentary Surge – Like insurgencies, they can last long!

Answer 66

Magnetic – low security Proximity – signal can be stolen RFID – Distance Microchip / SmartCard – Secure

Answer 67

Class A: 10.0.0.0 – 10.255.255.255 Class B: 172.16.0.0 – 172.31.255.255 Class C: 192.168.0.0 – 192.168.255.255

Answer 68

Private IP ranges' subnet masks Easy trick: class letter defines the number of 255's from left to right. For example, class B (2) would have 255.255.0.0

Answer 69

Rejection" is a "positive" for authN systems. FRR – Type 1 Error FAR – Type 2 Error CER – Intersection between FAR and FRR. Optimal configuration. Mnemonic device: FRR FAR, CER (meaning Freier's far, sire)

Answer 70

OpenID – Identity → Authentication OAuth – (stands for) Open Authorization

Answer 71

SAML – AuthN and AuthZ, open source, good for ADFS. SPML – Service Provisioning XACML – Access control (AuthZ but not AuthN) SOAP – messaging over network SCAP – Security Content (Automation Protocol) – Share threat intel

Answer 72

SOC 1 – Finance First SOC 2 – Trust Second/Trust is Two SOC 3 – SOC 2 lite for public eyes. SOC Type Type 1 – One point in time Type 2 – Two points – timeline

Answer 73

– Code [Static testing – is a subtype of white-box testing by definition]

Answer 74

– Runtime

Answer 75

By format Real – Real physical Objects Documentary – Docs Testimonial – Witness By reliability Primary – Originals Secondary – Certified copies By quality Hearsay – "he said she said" – bad Direct – Very good Corroborative – Supportive Conclusive – so good, that we can adjourn court after it. Evidence Rules Best – Original evidence is best (not photocopies) Parol – Written signed agreements can only be amended by written signed agreements (not parol evidence) Hearsay – Anti-hearsay evidence rule. Evidence-giver must present themselves and not through a third-party.

Answer 76

MTTF – Failure MTTR – Repair. Similar to WRT MTBF – Between failures. MTBF = MTTF + MTTR

Answer 77

RAID operations Striping – Speed Mirroring – Redundancy Remember this array, 0 1 S M SM – Like "Samsung" or "storage management", Samsung old-style logo RAID 01 – (At drive level) 0 Striping, (At drive-set level) 1 Mirroring Let's try one more for fun, RAID 100 – (At drive level) 1 Mirroring, (At drive-set level) 0 Striping, (At set of drive-sets level) 0 Striping

Answer 78

RAID 100 The trick is to read nested RAID from bottom to the top. First digit from the left defines the drive level,

Answer 79

– Striping – 2x speed

Answer 80

– Mirroring – 2x redundancy Speed over reliability

Answer 81

– Byte striping for speed

Answer 82

– Block striping for speed. Block is bigger than byte, therefore RAID 3 > RAID 2. Error-corrective

Answer 83

– Data and parity striped

Answer 84

– Same as RAID 5, but configuration is safer with little overhead over RAID 5 Nested

Answer 85

Mnemonic 1: Story Trojan War gives a good analogy: Recon – Greeks analyze Trojan city, culture, forces to find vulnerabilities, and find that Trojans are superstitious. Weaponization – Greeks design and build an exploit – a Trojan Horse Delivery – Greeks discreetly deliver a Trojan Horse to the Trojan gates Installation – Trojan Horse is interacted with and installed inside Troy. Exploitation – Under the cover of the night, the Greek warriors disembark Trojan Horse and walk on small Trojan streets to avoid early detection. Command & Control – Greeks establish command and control over Troy Maintain – Greeks take measures to maintain control of the city as well as to seize the treasury of the previous king.

Answer 86

– Original evidence is best (not photocopies)

Answer 87

– Written signed agreements can only be amended by written signed agreements (not parol evidence)

Answer 88

– Anti-hearsay evidence rule. Evidence-giver must present themselves and not through a third-party.

Answer 89

SoftWare Capability Maturity Model Somewhat reminiscent of common criteria. Mnemonic: IRDMO (THIRDMOON [of SW-CMM hell]) Moon Lvl 1: Initial: No plan Lvl 2: Repeatable: Basic lifecycle Lvl 3: Defined: Formal and documented DevOps Lvl 4: Managed: Quantitative measures (recall quantitative risk analysis) Lvl 5: Optimized: CI/CD

Answer 90

Initiating (everything for DevOps) Diagnosing (what needs to be fixed/changed) Establishing (plan) Acting (on plan → DevOps) Learning (lessons)

Answer 91

– like timelines on Wikipedia, (example).

Answer 92

– Project management modelling graph

Answer 93

- have a security clearance, access approval, and valid need to know for ALL data processed by Dedicated system

Answer 94

- have a security clearance and access approval for ALL data processed by System high mode system. Also, valid need to know for data PERSONALLY accessed.

Answer 95

- have a security clearance for ALL data processed by compartmented mode system. Also, access approval and a valid need to know for data PERSONALLY accessed.

Answer 96

- have a security clearance, access approval, and valid need to know for data PERSONALLY accessed. (Requirements are enforced primarily by hardware or software on the system, not by limiting physical access)

Answer 97

– (At drive level) 1 Mirroring, (At drive-set level) 0 Striping

Answer 98

Prepare your business Categorize business needs Select controls Implement controls Asses controls Authorize controls Monitor controls

Answer 99

Risk Maturity Model Ad-Hoc - Chaotic Starting Point Preliminary - Loose attempts at a risk management framework Defined - a risk management framework is defined Integrated - a risk framework is integrated into business strategy Optimized - a risk framework is optimized for the business and is not reactive

Answer 100

Most common hashing algorithms MD5 RIPEMD SHA HAVAL

Answer 101

Most common Symmetric cryptography algorithms TwoFish 3DES Blowfish Rivest Cipers AES IDEA DES SkipJack

Answer 102

then protect it with Diffie-Hellman! The Diffie-Hellman algorithm allows you to exchange session keys through insecure channels

Answer 103

Most common Asymmetric cryptography algorithms Diffie-Hellman El Gamal RSA Elliptic Curve Knapsack

Answer 104

Change Management Model. Request a change Review the change Approve the change Test the change Schedule the change Document the change

Answer 105

Information Lifecycle. Create the data Classify the data so we know how to protect it Storage such as encryption Usage such as access control and secure transmission Archival and when to choose when data should be archived Destruction in terms of when do we get rid of data and how do we do it securely

Answer 106

Incident Response Framework Detect the attack Respond to the attack Mitigate the damage of the attack Report the attack to senior management Recover from the attack and return to normal ops Remediate and find the root analysis Lessons Learned and how do we keep this from happening again

Answer 107

The BCP Process Scope your BCP BIA, perform your Business Impact Analysis Plan your BCP Approve your BCP

Answer 108

Capability Maturity Model Initial, just starting out your CCM journey Repeatable, now have repeatable procedures Defined, now you have defined procedures Managed, you now have quantifiably managed procedures Optimized, you are now optimizing your procedures for your business

Answer 109

IDEAL Software Framework Initiate your IDEAL framework Diagnose the problems you're trying to solve Establish a plan to solve your problems Act on your plan and solve your problems Learn from the entire process

Answer 110

Software Development Life Cycle (SDLC) Requirements Design Implement Test Evolve

Answer 111

Fire extinguisher categorizations Class A: "All Purpose" in the way that it means general purpose Class B: Boiling liquids Class C: Computers and electronics Class D: Death metals Class K: Kitchen and cooking

Answer 112

Alternative OSI Model Protocol Data Unit Layer 7: Data Layer 6: Data Layer 5: Data Layer 4: Segments Layer 3: Packets Layer 2: Frames Layer 1: Bits

Answer 113

OSI Model Layer Protocol Data Unit Layer 5,6,7: Data Layer 4: Segments Layer 3: Packets Layer 2: Frames Layer 1: Bits

Answer 114

Brewer-Nash security model intends to prevent conflict of interest

Answer 115

Goguen-Meseguer security model intends to protect integrity

Answer 116

Harrison-Ruzzo-Ullman focuses on subject object access rights

Answer 117

Clark-Wilson security model intends to protect Integrity

Answer 118

The Clark-Wilson security model describes the access control triple of Subject/Program/Object to prevent unauthorized subjects from modifying an object.

Answer 119

Graham-Denning security model works on secure object and subject create and deletion

Answer 120

Graham Denning has the 8 actions to securely control access. Also every time I eat s'mores I have a least 8 of them.

Answer 121

The Sutherland security model is meant to protect integrity by limiting interference of subjects.

Answer 122

Scoping security frameworks lets you focus in on just the aspects of the security framework that apply to your situation or organization

Answer 123

VAST is a threat modeling framework based on Agile

Answer 124

Tailoring is modifying or adjusting the security framework to fit your specific need

Answer 125

Evaluation Assurance Levels EAL 1 & 2 - Simple EAL 3 & 4 - Methodically tested EAL 5 & 6 - Semi-formally designed EAL 7 - Formally designed and tested

Answer 126

Six types of Firewalls Internal Segment: Placed between two internal segments of a network. Operates on layer 3 and up Static Packet: Looks just at packet headers and applies static rules. Operates on layers 3 and 4 Circuit Level: Just creates a secure connection to another host. Does NOT look at packets. Operates on layer 5. Application: Sits in front of an application and makes sure only sessions and protocols used for the application are used. Operates on layer 7 NGFW: The most advanced type of firewall that does UTM (unified threat management) including IDS/IPS, deep packet inspection, malware detection, and many other proprietary functions. Operates on Layer 3 and up Stateful Packet Inspection: Looks at the context of the packets and sessions. Operates on layers 3 and 4

Answer 127

eDiscovery Process Information Governance: Formatting information to be included in the eDiscovery process Identification: Finding relevant info Preservation: Keeping info safe from deletion and modification Collection: Centralizing info Processing: The first pass and removing irrelevant info Review: Attorney's reviewing and removing info that has attorney-client privilege Analysis: Further review of info Prodcution: turning over info to opposing counsel Presentation: showing info in court

Answer 128

A Patent is valid for 10+10=20 years

Answer 129

BIA Process (This is from the Cybex, I've found conflicting info elsewhere so maybe skip this one) Prioritize Identify Risk Likelihood Assesment Analyze Impact Resource Prioritization

Answer 130

Software Testing Plan Objective Preparation Meeting Rework Follow-up

Answer 131

Database management Cardinality refers to the number of tuples/rows in a table Degree refers to the number of attributes/columns in a table

Answer 132

= MOST Effective Protection Security is Encryption

Answer 133

= Risk Assessment is most important

Answer 134

= Most important thing is Cost and Security Effectiveness

Answer 135

5) Policy is Foundation

Answer 136

8) BIA Drive BCP

Answer 137

10) Legal MUST be First to be Abide

Answer 138

12) Incident Management reduce impact

Answer 139

4) Security Strategy you build First