Missed questions Flashcards

Question 1

Q

Roles of a security admin

Answer

A

User who is most likely to be responsible for user account management and reviews of audit date in a client/server architecture
Usually have lesser privileges than system admins, but usually responsible for auditing sys admins
Often work directly with sys admins and applications admins

Question 2

Q

Roles of a System Administrator

Answer

A

User who monitors and maintains the system and applications in a distributed computing environment

Question 3

Q

Role of a System Operator

Answer

A

Users who administer and maintain a mainframe system

Question 4

Q

Role of a Power User

Answer

A

A heightened privilege account that enables a user to perform some tasks that ordinary users cannot
A role that is found in a distributed computing environment

Question 5

Q

SP 800-30

Answer

A

Used to assess risk - 9 step process

Question 6

Q

SP 800-66

Answer

A

Similar to SP 800-30, but written for healthcare companies that must comply with HIPAA

Question 7

Q

CRAMM

Answer

A

CCTA Risk Analysis and Management Method - establishes a 3-stage approach to risk evaluation that analyzes technical and non-technical security aspects

Question 8

Q

FRAP

Answer

A

Facilitated Risk Analysis Process - a low-cost method of evaluating risk for one system or process at a time

Question 9

Q

SOMAP

Answer

A

Security Officers Management and Analysis Project - an open-source method for evaluating and managing risk

Question 10

Q

Spanning Tree Analysis

Answer

A

Creates a tree of all possible threats and prunes branches that do not apply to an asset

Question 11

Q

VAR

Answer

A

Value at risk – identifies a profile of acceptable risk for a company in order to determine the most cost-effective risk mitigation method

Question 12

Q

ITIL

Answer

A

IT infrastructure library – a methodology created by the UK government that is focused on improving IT service management processes

Question 13

Q

COBIT

Answer

A

Control objectives for information and related technology - an ISACA framework that establishes 34 processes in 214 control objectives to assist in developing an IT security management plan

Question 14

Q

ISO 27000

Answer

A

Establishes a framework for developing security management standards

Question 15

Q

SP 800-37

Answer

A

Risk management framework (RMF) is a security compliance framework for government entities

Question 16

Q

What provides authentication, integrity, and confidentialities over an L2TP tunnel?

Answer

A

AH (auth and integrity) and ESP (confidentiality)

Question 17

Q

POODLE attack

Answer

A

MITM that exploited vulns in SSL (and TLS fall back to SSLv3)

Question 18

Q

3 Layers of SSH

Answer

A

The transport layer, the user authentication layer, and the connection layer

Question 19

Q

Five primary methods of testing a DRP

Answer

A

Disaster Recover Plan (DRP) Tests
- Read through test
- Structured walk through (table top exercise)
- Simulation test
- Parallel test (move to recovery site)
- Full interruption test (move to recovery site and full shut down at primary location)

Question 20

Q

Five phases of penetration testing

Answer

A

1) Planning, 2) information gathering and discovery, 3) vulnerability scanning, 4) exploitation, and 5) reporting

Question 21

Q

SDL

Answer

A

A Seven phase Security development lifecycle (SDL) model developed my by Microsoft: 1) training, 2) requirements, 3) design (threat modeling), 4) implementation (static analysis) 5) verification (dynamic analysis, fuzz testing, attack surface review) 6) release (incident response plan and final Security review) 7) response

Question 22

Q

XOR

Answer

A

Used for encryption - compares x and y. If they match = 0, if the don’t = 1

Question 23

Q

Technology that uses RFC 6749

Answer

A

OAuth 2.0 and OpenID Connect

Question 24

Q

OpenID Connect

Answer

A

Used OpenID technologies, but is constructed around the OAuth 2.0 framework, defined by RFC 6749
used JSON Web Tokens (JWTs)
operates as a REST web service

Question 25

Q

OAuth 2.0

Answer

A

an open standard to find an RFC6749 - an authorization framework that provides a third-party application with delegated access to resources, without providing the owners credentials to the application
the version of OAuth that is in most to spell social media sites

Question 26

Q

OpenID

Answer

A

an open standard method for decentralized authentication that is defined by the open ID foundation
redirects a user to an open ID provider. the user is prompted for an open ID password. If the password is correct, the user is then authenticated on the third-party site

Question 27

Q

OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data

Answer

A

1) the collection limitation principle
2) the data quality principle
3) the purpose, pacification principle 4) do use limitation principle
5) the security safeguards principal
6) the openness principle
7) the individual participation principle 8) the accountability principle

Question 28

Q

What principle limits personal data collection to legal means and requires the individuals permission?

Answer

A

The collection limitation principle

Question 29

Q

What principle requires that the integrity of the personal data be intact and maintained?

Answer

A

The data quality principle

Question 30

Q

What principle requires the disclosure of an adherence to the purpose for collecting the personal information

Answer

A

The purpose specification principle

Question 31

Q

What principle requires that the information not be disclosed to other parties without the individuals permission?

Answer

A

Do use limitation principle

Question 32

Q

What principle requires the reasonable protection of data against modification by or disclosure to an unauthorized individual?

Answer

A

The security safeguards principal

Question 33

Q

What principle requires that the information collection policy be open and available for scrutiny?

Answer

A

The openness principal

Question 34

Q

What principle requires than an entity allow individuals to inquire about whether the entity is storing the individuals personal information? In addition, this principle enables the individual to challenge and update the content of the personal information

Answer

A

The individual participation principle

Question 35

Q

What principle requires that the entity adhere to the other principles?

Answer

A

The accountability principle

Question 36

Q

What is the first ring of the ring model

Question 37

Q

What is the second ring of the ring model?

Answer

A

OS components that are not the kernel

Question 38

Q

What is the third ring of the ring model

Answer

A

Device drivers

Question 39

Q

What is the fourth ring of the ring model

Question 40

Q

What is a COPE

Answer

A

A corporate owned, personally enabled device policy - a cope policy requires employees to use equipment that is purchased for them but they are also allowed to use for personal use

Question 41

Q

ISO 27001

Answer

A

focused on security governance, the process of directing and controlling IT security
used to establish an information security management system (ISMS)

Question 42

Q

ISO 27002

Answer

A

provides 14 objectives for security controls based on industry best practices

Question 43

Q

How many security associations (SAs) does ISAKMP establish for a VPN tunnel?

Answer

A

ISAKMPs are unidirectional, at least two SAs are required. If ESP and AH are used, then four SAs are required.

Question 44

Q

What is forced browsing?

Answer

A

a brute force attack
another name for predictable resource location, file enumeration, directory enumeration, and resource enumeration

Question 45

Q

What is a multi-homed device?

Answer

A

A device that has more than one network connection
Most firewalls are multi-homes

Question 46

Q

MTD

Answer

A

Maximum Tolerable Downtime
- the sum of the Recovery Time Objective (RTO) and the Work Recovery Time (WRT)
- sometimes considered synonymous with RTO

Question 47

Q

MTBF

Answer

A

Mean Time Between Failures
- typically assigned by the hardware manufacturer

Question 48

Q

MTTR

Answer

A

Mean Time to Repair

Question 49

Q

Relation in a relational database

Answer

A

A table with rows, columns, and cells

Question 50

Q

Tuple in a relational database

Question 51

Q

Attribute in a relational database

Question 52

Q

Cell in a relational database

Answer

A

A cell - contains the data

Question 53

Q

Objects that are greatly dependent on other objects in Object Oriented Programming are…

Answer

A

High coupling and low cohesion

Question 54

Q

How long does it take to bring a warm site online?

Answer

A

1-3 days (contains equipment and data circuits, but no data)

Question 55

Q

How long does it take to bring a cold site online?

Answer

A

Several days to week (does not contain equipment or data)

Question 56

Q

How long does it take to bring a hot site online?

Answer

A

Minutes to hours

Question 57

Q

What are the four security modes for systems that process classified information?

Answer

A

Dedicated mode
System high mode
Compartmented mode
Multilevel mode

Question 58

Q

How long do companies have to report a data breach under the GDPR?

Question 59

Q

Pharming

Answer

A

DNS cache poisoning attacks

Question 60

Q

Teardrop

Answer

A

Denial of Service attack that sends several large overlapping IP fragments (a network layer protocol attack)

Question 61

Q

What are the steps of a Business Continuity Plan?

Answer

A

1) Develop the BCP policy statement
2) Conduct a BIA
3) Identify preventive controls
4) Develop recovery strategies
5) Develop an IT contingency plan
6) Perform DRP training and testing
7) Perform BCP/DRP maintenance

Question 62

Q

Code freezing

Answer

A

The point at which the application is considered ready for production and no further changes to the code are allowed

Question 63

Q

Code commit

Answer

A

AKA Code check-in, occurs when a developer has written and tested code on a local copy of a given project and then uploads the local changes to the code repository

Question 64

Q

Regression testing

Answer

A

Performed to ensure that a change has not broken existing functionality or introduced new problems

Answer 60

A

A type of black-box testing that involves entering every possible variation of input data into the application

Answer 61

A

Local Area Network Denial (LAND) - a type of attack where the attacker sends an IP (network layer protocol) packet with the same source and destination address and port

Answer 62

A

A denial of service (DOS) attack that sends UDP echo and chargen packets with a spoofed source address.

Answer 63

A

A DOS attack that sends ICMP echo request packets with a spoofed source address

Answer 64

A

Uses a square matrix to encrypt text - constructed by repeating the alphabet 26 times

Answer 65

A

A high-level overview of the company’s security posture that contain mandatory directives. They should contain purpose, scope, responsibilities, and compliance.

Answer 66

A

Mandatory, low-level guides that explain how to accomplish a task.

Answer 67

A

Mandatory technical aspects of a security program, including any hardware and software that is required.

Answer 68

A

Somewhat discretionary minimum level of security that a company’s employees and systems must meet

Answer 69

A

Discretionary that recommend helpful bits of advice to employees

Answer 70

A

SAML, SPML, and XACML

Answer 71

A

IEEE 802.15 standard
2.4 GHz range
uses FHSS and AFH
v4.1 uses strong encryption (AES-CCM)
v2.1 uses weak encryption cipher (E0)

Answer 72

A

A router or level-3 switch

Answer 73

A

Each port on a bridge, switch, or router creates a separate collision domain

Answer 74

A

The information/business owner - responsible for classifying data. It’s typically a manager who is responsible for the security of a particular information asset

Answer 75

A

The data steward - responsible for the hands-on protection of data - like data back-ups, system recovery, etc.

Answer 76

A

No read up, and no write down policy to protect confidentiality

Answer 77

A

No read down and no write up policy to protect data integrity

Answer 78

A

Uses Bell-LaPadula and Biba models to provide both confidentiality and integrity

Answer 79

A

AKA Brewer-Nash security model, designed to mitigate conflicts of interest - mitigates security risks from third-parties

Answer 80

A

Uses an access control matrix to map subjects and objects to a series of eight rules

Answer 81

A

Extends the Graham-Denning model by including a rights integrity protection system that prevents a subject or object from being created if that subject or object already exists in the ACM

Answer 82

A

Terms of Common Criteria:
ToE: target of evaluation, the system or product to be tested
ST: security target, the documentation that describes the ToE and any security requirements
PP: a set of security requirements and objects for the type of product to be tested
Evaluation Assurance Level: a rating level that is assigned to the product after the product has been tested

Answer 83

A

EAL1: functionally tested
EAL2: structurally tested
EAL3: methodically tested and checked
EAL4: methodically designed, tested, and reviewed
EAL5: semi-formally designed and tested
EAL6: semi-formally verified, designed, and tested
EAL7: formally verified, designed, and tested

Answer 84

A

1) Protect society, the common good, necessary public trust and confidence, and infrastructure
2) Act honorably, honestly, justly, responsibly, and legally
3) Provide diligent and competent service to principals
4) Advance and protect the profession

Answer 85

A

Key Distribution Center (Kerberos)
- Enables SSO services by acting as a trusted third-party authentication server

Answer 86

A

Transport and Tunnel modes.
- In transport mode, ESP encrypts only the packet data leaving the IP headers unencrypted. AH typically is only used in transport mode because it needs unencrypted headers for authentication
- In tunnel mode, ESP encrypts encrypts both the packet data and IP headers.

Answer 87

A

For IPsec, a 32 bit number generated by the sending device and used to identify each unidirectional SA

Answer 88

A

1) Civil
2) Criminal
3) Administrative
4) Regulatory

Answer 89

A

1) be authentic
2) be accurate
3) be complete
4) be convincing
5) be admissible

Answer 90

A

ALE = ARO x SLE
Annual loss expectancy = Annualized rate of occurrence x single loss expectancy

Answer 91

A

attacker attempts to inject packets into other VLANs by accessing the VLAN trunk and double-tagging 802.1Q frames
a successful VLAN hopping attack enables an attacker to send traffic over other VLANs without using a router
could occur from a VOIP system on the same switch as a data network

Answer 92

A

A legal liability concept that defines the minimum level of information protection that a business must achieve

Answer 93

A

A legal liability concept that requires an organization to continually review its practices to ensure that protection requirements are met

Answer 94

A

An IP attack the focuses on infringement of copyright

Answer 95

A

Federated Identity Management:
1) third-party certification/bridge model
2) cross-certification

FIM is the process of providing access to a company’s data resources to organizations of parties that are not owned by the company. WS-Fed protocol is an example.

Answer 96

A

wood, paper, and other combustibles

Answer 97

A

electrical

Brainscape's Knowledge GenomeTM

Missed questions Flashcards

Brainscape's Knowledge Genome^TM