Missed questions Flashcards
Roles of a security admin
- User who is most likely to be responsible for user account management and reviews of audit date in a client/server architecture
- Usually have lesser privileges than system admins, but usually responsible for auditing sys admins
- Often work directly with sys admins and applications admins
Roles of a System Administrator
- User who monitors and maintains the system and applications in a distributed computing environment
Role of a System Operator
- Users who administer and maintain a mainframe system
Role of a Power User
- A heightened privilege account that enables a user to perform some tasks that ordinary users cannot
- A role that is found in a distributed computing environment
SP 800-30
Used to assess risk - 9 step process
SP 800-66
Similar to SP 800-30, but written for healthcare companies that must comply with HIPAA
CRAMM
CCTA Risk Analysis and Management Method - establishes a 3-stage approach to risk evaluation that analyzes technical and non-technical security aspects
FRAP
Facilitated Risk Analysis Process - a low-cost method of evaluating risk for one system or process at a time
SOMAP
Security Officers Management and Analysis Project - an open-source method for evaluating and managing risk
Spanning Tree Analysis
Creates a tree of all possible threats and prunes branches that do not apply to an asset 
VAR
Value at risk – identifies a profile of acceptable risk for a company in order to determine the most cost-effective risk mitigation method 
ITIL
IT infrastructure library – a methodology created by the UK government that is focused on improving IT service management processes 
COBIT
Control objectives for information and related technology - an ISACA framework that establishes 34 processes in 214 control objectives to assist in developing an IT security management plan 
ISO 27000
Establishes a framework for developing security management standards 
SP 800-37
Risk management framework (RMF) is a security compliance framework for government entities 
What provides authentication, integrity, and confidentialities over an L2TP tunnel?
AH (auth and integrity) and ESP (confidentiality)
POODLE attack
MITM that exploited vulns in SSL (and TLS fall back to SSLv3)
3 Layers of SSH
The transport layer, the user authentication layer, and the connection layer 
Five primary methods of testing a DRP
Disaster Recover Plan (DRP) Tests
- Read through test
- Structured walk through (table top exercise)
- Simulation test
- Parallel test (move to recovery site)
- Full interruption test (move to recovery site and full shut down at primary location)
Five phases of penetration testing 
1) Planning, 2) information gathering and discovery, 3) vulnerability scanning, 4) exploitation, and 5) reporting 
SDL
A Seven phase Security development lifecycle (SDL) model developed my by Microsoft: 1) training, 2) requirements, 3) design (threat modeling), 4) implementation (static analysis) 5) verification (dynamic analysis, fuzz testing, attack surface review) 6) release (incident response plan and final Security review) 7) response
XOR
Used for encryption - compares x and y. If they match = 0, if the don’t = 1
Technology that uses RFC 6749
OAuth 2.0 and OpenID Connect
OpenID Connect
- Used OpenID technologies, but is constructed around the OAuth 2.0 framework, defined by RFC 6749
- used JSON Web Tokens (JWTs)
- operates as a REST web service
OAuth 2.0
- an open standard to find an RFC6749 - an authorization framework that provides a third-party application with delegated access to resources, without providing the owners credentials to the application
- the version of OAuth that is in most to spell social media sites
OpenID
- an open standard method for decentralized authentication that is defined by the open ID foundation
- redirects a user to an open ID provider. the user is prompted for an open ID password. If the password is correct, the user is then authenticated on the third-party site
OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data
1) the collection limitation principle
2) the data quality principle
3) the purpose, pacification principle 4) do use limitation principle
5) the security safeguards principal
6) the openness principle
7) the individual participation principle 8) the accountability principle
What principle limits personal data collection to legal means and requires the individuals permission?
The collection limitation principle 
What principle requires that the integrity of the personal data be intact and maintained? 
The data quality principle 
What principle requires the disclosure of an adherence to the purpose for collecting the personal information 
The purpose specification principle 
What principle requires that the information not be disclosed to other parties without the individuals permission? 
Do use limitation principle 
What principle requires the reasonable protection of data against modification by or disclosure to an unauthorized individual? 
The security safeguards principal 
What principle requires that the information collection policy be open and available for scrutiny? 
The openness principal
What principle requires than an entity allow individuals to inquire about whether the entity is storing the individuals personal information? In addition, this principle enables the individual to challenge and update the content of the personal information 
The individual participation principle 
What principle requires that the entity adhere to the other principles? 
The accountability principle 
What is the first ring of the ring model
Kernel
What is the second ring of the ring model?
OS components that are not the kernel
What is the third ring of the ring model 
Device drivers 
What is the fourth ring of the ring model 
Users 
What is a COPE
A corporate owned, personally enabled device policy - a cope policy requires employees to use equipment that is purchased for them but they are also allowed to use for personal use 
ISO 27001
- focused on security governance, the process of directing and controlling IT security
- used to establish an information security management system (ISMS)
ISO 27002
- provides 14 objectives for security controls based on industry best practices
How many security associations (SAs) does ISAKMP establish for a VPN tunnel?
ISAKMPs are unidirectional, at least two SAs are required. If ESP and AH are used, then four SAs are required.
What is forced browsing?
- a brute force attack
- another name for predictable resource location, file enumeration, directory enumeration, and resource enumeration
What is a multi-homed device?
- A device that has more than one network connection
- Most firewalls are multi-homes
MTD
Maximum Tolerable Downtime
- the sum of the Recovery Time Objective (RTO) and the Work Recovery Time (WRT)
- sometimes considered synonymous with RTO
MTBF
Mean Time Between Failures
- typically assigned by the hardware manufacturer
MTTR
Mean Time to Repair
Relation in a relational database
A table with rows, columns, and cells
Tuple in a relational database
A row
Attribute in a relational database
A column
Cell in a relational database
A cell - contains the data
Objects that are greatly dependent on other objects in Object Oriented Programming are…
High coupling and low cohesion
How long does it take to bring a warm site online?
1-3 days (contains equipment and data circuits, but no data)
How long does it take to bring a cold site online?
Several days to week (does not contain equipment or data)
How long does it take to bring a hot site online?
Minutes to hours
What are the four security modes for systems that process classified information?
- Dedicated mode
- System high mode
- Compartmented mode
- Multilevel mode
How long do companies have to report a data breach under the GDPR?
72 hours
Pharming
DNS cache poisoning attacks
Teardrop
Denial of Service attack that sends several large overlapping IP fragments (a network layer protocol attack)
What are the steps of a Business Continuity Plan?
1) Develop the BCP policy statement
2) Conduct a BIA
3) Identify preventive controls
4) Develop recovery strategies
5) Develop an IT contingency plan
6) Perform DRP training and testing
7) Perform BCP/DRP maintenance
Code freezing
The point at which the application is considered ready for production and no further changes to the code are allowed
Code commit
AKA Code check-in, occurs when a developer has written and tested code on a local copy of a given project and then uploads the local changes to the code repository
Regression testing
Performed to ensure that a change has not broken existing functionality or introduced new problems
Combinational testing
A type of black-box testing that involves entering every possible variation of input data into the application
LAND
Local Area Network Denial (LAND) - a type of attack where the attacker sends an IP (network layer protocol) packet with the same source and destination address and port
Fraggle
A denial of service (DOS) attack that sends UDP echo and chargen packets with a spoofed source address.
Smurf
A DOS attack that sends ICMP echo request packets with a spoofed source address
Vigenere cipher
Uses a square matrix to encrypt text - constructed by repeating the alphabet 26 times
What is a policy?
A high-level overview of the company’s security posture that contain mandatory directives. They should contain purpose, scope, responsibilities, and compliance.
What is a procedure?
Mandatory, low-level guides that explain how to accomplish a task.
What are standards?
Mandatory technical aspects of a security program, including any hardware and software that is required.
What is are baselines?
Somewhat discretionary minimum level of security that a company’s employees and systems must meet
What are guidelines?
Discretionary that recommend helpful bits of advice to employees
What standards were developed by OASIS?
SAML, SPML, and XACML
Bluetooth Info
- IEEE 802.15 standard
- 2.4 GHz range
- uses FHSS and AFH
- v4.1 uses strong encryption (AES-CCM)
- v2.1 uses weak encryption cipher (E0)
What can be used to create multiple broadcast domains?
A router or level-3 switch
What can be used to create separate collision domains
Each port on a bridge, switch, or router creates a separate collision domain
Who is the data owner?
The information/business owner - responsible for classifying data. It’s typically a manager who is responsible for the security of a particular information asset
Who is the data custodian?
The data steward - responsible for the hands-on protection of data - like data back-ups, system recovery, etc.
The Bell-LaPadula Model
No read up, and no write down policy to protect confidentiality
The Biba Model
No read down and no write up policy to protect data integrity
The Lipner Model
Uses Bell-LaPadula and Biba models to provide both confidentiality and integrity
Chinese Wall Model
AKA Brewer-Nash security model, designed to mitigate conflicts of interest - mitigates security risks from third-parties
Graham-Denning Model
Uses an access control matrix to map subjects and objects to a series of eight rules
Harrison-Ruzzo-Ullman Model
Extends the Graham-Denning model by including a rights integrity protection system that prevents a subject or object from being created if that subject or object already exists in the ACM
ToE, ST, PP, and EAL
Terms of Common Criteria:
ToE: target of evaluation, the system or product to be tested
ST: security target, the documentation that describes the ToE and any security requirements
PP: a set of security requirements and objects for the type of product to be tested
Evaluation Assurance Level: a rating level that is assigned to the product after the product has been tested
EAL1-EAL7
EAL1: functionally tested
EAL2: structurally tested
EAL3: methodically tested and checked
EAL4: methodically designed, tested, and reviewed
EAL5: semi-formally designed and tested
EAL6: semi-formally verified, designed, and tested
EAL7: formally verified, designed, and tested
ISC2 Code of Ethics (rank ordered)
1) Protect society, the common good, necessary public trust and confidence, and infrastructure
2) Act honorably, honestly, justly, responsibly, and legally
3) Provide diligent and competent service to principals
4) Advance and protect the profession
KDC
Key Distribution Center (Kerberos)
- Enables SSO services by acting as a trusted third-party authentication server
Safest fire suppression system for electrical fires
FE-13
What are the two modes that IPsec operates in?
Transport and Tunnel modes.
- In transport mode, ESP encrypts only the packet data leaving the IP headers unencrypted. AH typically is only used in transport mode because it needs unencrypted headers for authentication
- In tunnel mode, ESP encrypts encrypts both the packet data and IP headers.
Serving Parameter Index
For IPsec, a 32 bit number generated by the sending device and used to identify each unidirectional SA
What are the four types on investigations?
1) Civil
2) Criminal
3) Administrative
4) Regulatory
Five rules of evidence
1) be authentic
2) be accurate
3) be complete
4) be convincing
5) be admissible
ALE =
ALE = ARO x SLE
Annual loss expectancy = Annualized rate of occurrence x single loss expectancy
VLAN Hopping Attack
- attacker attempts to inject packets into other VLANs by accessing the VLAN trunk and double-tagging 802.1Q frames
- a successful VLAN hopping attack enables an attacker to send traffic over other VLANs without using a router
- could occur from a VOIP system on the same switch as a data network
Due Care
A legal liability concept that defines the minimum level of information protection that a business must achieve
Due Diligence
A legal liability concept that requires an organization to continually review its practices to ensure that protection requirements are met
Piracy
An IP attack the focuses on infringement of copyright
2 FIM Models
Federated Identity Management:
1) third-party certification/bridge model
2) cross-certification
FIM is the process of providing access to a company’s data resources to organizations of parties that are not owned by the company. WS-Fed protocol is an example.
Class A fire suppression (UK A)
wood, paper, and other combustibles
Class B fire suppression (UK B)
Liquids
Class B fire suppression (UK C)
gasses
Class C fire suppression (UK E)
electrical
Class D fire suppression (UK D)
metals
