Missed Questions Flashcards
Within the context of the CBK, which of the following provides a MINIMUM level of security ACCEPTABLE for an environment ?
A standard
A procedure
A baseline
A guideline
The correct answer is: A baseline
Baselines provide the minimum level of security necessary throughout the organization.
Standards specify how hardware and software products should be used throughout the organization.
Procedures are detailed step-by-step instruction on how to achieve certain tasks.
Guidelines are recommendation actions and operational guides to personnel when a specific standard does not apply.
A network-based vulnerability assessment is a type of test also referred to as:
A routing vulnerability assessment.
A host-based vulnerability assessment.
A passive vulnerability assessment.
An active vulnerability assessment.
The correct answer is: An active vulnerability assessment.
A network-based vulnerability assessment tool/system either re-enacts system attacks, noting and recording responses to the attacks, or probes different targets to infer weaknesses from their responses.
Since the assessment is actively attacking or scanning targeted systems, network-based vulnerability assessment systems are also called active vulnerability systems.
There are mostly two main types of test:
PASSIVE: You don’t send any packet or interact with the remote target. You make use of public database and other techniques to gather information about your target.
ACTIVE: You do send packets to your target, you attempt to stimulate response which will help you in gathering information about hosts that are alive, services runnings, port state, and more.
See example below of both types of attacks:
Eavesdropping and sniffing data as it passes over a network are considered passive attacks because the attacker is not affecting the protocol, algorithm, key, message, or any parts of the encryption system. Passive attacks are hard to detect, so in most cases methods are put in place to try to prevent them rather than to detect and stop them.
Altering messages , modifying system files, and masquerading as another individual are acts that are considered active attacks because the attacker is actually doing something instead of sitting back and gathering data. Passive attacks are usually used to gain information prior to carrying out an active attack.
In order to be able to successfully prosecute an intruder:
A point of contact should be designated to be responsible for communicating with law enforcement and other external agencies.
A proper chain of custody of evidence has to be preserved.
Collection of evidence has to be done following predefined procedures.
Whenever possible, analyze a replica of the compromised resource, not the original, thereby avoiding inadvertently tamping with evidence.
The correct answer is: A proper chain of custody of evidence has to be preserved.
If you intend on prosecuting an intruder, evidence has to be collected in a lawful manner and, most importantly, protected through a secure chain-of-custody procedure that tracks who has been involved in handling the evidence and where it has been stored. All other choices are all important points, but not the best answer, since no prosecution is possible without a proper, provable chain of custody of evidence.
Which model, based on the premise that the quality of a software product is a direct function of the quality of its associated software development and maintenance processes, introduced five levels with which the maturity of an organization involved in the software process is evaluated?
The Total Quality Model (TQM)
The IDEAL Model
The Software Capability Maturity Model
The Spiral Model
The Software Capability Maturity Model (CMM) is based on the premise that the quality of a software product is a direct function of the quality of its associated software development and maintenance processes. It introduces five maturity levels that serve as a foundation for conducting continuous process improvement and as an ordinal scale for measuring the maturity of the organization involved in the software processes.
Which of the following is best defined as a circumstance in which a collection of information items is required to be classified at a higher security level than any of the individual items that comprise it?
Aggregation
Inference
Clustering
Collision
The Internet Security Glossary (RFC2828) defines aggregation as a circumstance in which a collection of information items is required to be classified at a higher security level than any of the individual items that comprise it.
What is a trusted shell?
It means that it is a communications channel between the user, or program, and the kernel.
It means that someone working in that shell can communicate with someone else in another trusted shell.
It means that it won’t let processes overwrite other processes’ data.
It means that someone who is working in that shell cannot “bust out of it”, and other processes cannot “bust into it”.
The correct answer is:
A trusted shell means that someone who is working in that shell cannot “bust out of it”, and other processes cannot “bust into it”.
__________ attack is also known as Time of Check(TOC)/Time of Use(TOU)
Eavesdropping
Traffic Analysis
Race Condition
Masquerading
A Race Condition attack is also known as Time of Check(TOC)/Time of Use(TOU).
A race condition is when processes carry out their tasks on a shared resource in an incorrect order. A race condition is possible when two or more processes use a shared resource, as in data within a variable. It is important that the processes carry out their functionality in the correct sequence. If process 2 carried out its task on the data before process 1, the result will be much different than if process1 carried out its tasks on the data before process 2.
What is the primary role of cross certification?
Build an overall PKI hierarchy
Creating trust between different PKIs
Set up direct trust to a second root CA
Prevent the nullification of user certificates by CA certificate revocatio
The correct answer is: Creating trust between different PKIs
More and more organizations are setting up their own internal PKIs. When these independent PKIs need to interconnect to allow for secure communication to take place (either between departments or different companies), there must be a way for the two root CAs to trust each other.
These two CAs do not have a CA above them they can both trust, so they must carry out cross certification. A cross certification is the process undertaken by CAs to establish a trust relationship in which they rely upon each other’s digital certificates and public keys as if they had issued them themselves.
When this is set up, a CA for one company can validate digital certificates from the other company and vice versa.
Which of the following is used to create and modify the structure of your tables and other objects in the database?
SQL Data Relational Language (DRL)
SQL Data Identification Language (DIL)
SQL Data Definition Language (DDL)
SQL Data Manipulation Language (DML)
The correct answer is: SQL Data Definition Language (DDL)
The SQL Data Definition Language (DDL) is used to create, modify, and delete views and relations (tables).
SQL actually consists of three sublanguages:
The Data Definition Language (DDL) is used to create databases, tables, views, and indices (keys) specifying the links between tables. Because it is administrative in nature, users of SQL rarely use DDL commands. DDL also has nothing to do with the population of use of the database, which is accomplished by data manipulation language (DML).
The Data Manipulation Language (DML) is used to query and extract data, insert new records, delete old records, and update existing records.
The Data Control Language (DCL). It is used by System and database administrators to control access to data. It provides the security aspects of SQL and is therefore our primary area of concern.
This type of backup management provides a continuous on-line backup by using optical or tape “jukeboxes,” similar to WORMs (Write Once, Read Many):
Hierarchical Storage Management (HSM).
Hierarchical Resource Management (HRM).
Hierarchical Access Management (HAM).
Hierarchical Instance Management (HIM).
The correct answer is: Hierarchical Storage Management (HSM).
Hierarchical Storage Management (HSM) provides a continuous on-line backup by using optical or tape “jukeboxes,” similar to WORMs.
Which of the following is a CHARACTERISTIC of a decision support system (DSS) in regards to Threats and Risks Analysis?
1) DSS is aimed at solving highly structured problems.
2) Data collection method that happens in an anonymous fashion.
3) DSS supports only structured decision-making tasks.
4) DSS combines the use of models with non-traditional data access and retrieval functions.
The correct answer is: Data collection method that happens in an anonymous fashion.
DSS emphasizes flexibility in the decision-making approach of users. It is aimed at solving less structured problems, combines the use of models and analytic techniques with traditional data access and retrieval functions and supports semi-structured decision-making tasks.
DSS is sometimes referred to as the Delphi Method or Delphi Technique:
The Delphi technique is a group decision method used to ensure that each member gives an honest opinion of what he or she thinks the result of a particular threat will be. This avoids a group of individuals feeling pressured to go along with others’ thought processes and enables them to participate in an independent and anonymous way.
Which of the following statements pertaining to ethical hacking is INCORRECT?
1) An organization should use ethical hackers who do not sell auditing, hardware, software, firewall, hosting, and/or networking services.
2) Testing should be done remotely to simulate external threats.
3) Ethical hacking should not involve writing to or modifying the target systems negatively.
4) Ethical hackers never use tools that have the potential of affecting servers or services.
The correct answer is: Ethical hackers never use tools that have the potential of affecting servers or services.
This means that many of the tools used for ethical hacking have the potential of exploiting vulnerabilities and causing disruption to IT system. It is up to the individuals performing the tests to be familiar with their use and to make sure that no such disruption can happen or at least should be avoided.
An organization should use ethical hackers who do not sell auditing, hardware, software, firewall, hosting, and/or networking services. An ethical hacking firm’s independence can be questioned if they sell security solutions at the same time as doing testing for the same client. There has to be independance between the judge (the tester) and the accuse (the client).
An Ethernet address is composed of how many bits?
32-bit address
48-bit address
64-bit address
128-bit address
The correct answer is: 48-bit address
An Ethernet address is a 48-bit address that is hard-wired into the Network Interface Cards (NIC) of the network node.
Critical areas should be lighted:
Eight feet high and two feet out.
Eight feet high and four feet out.
Ten feet high and four feet out.
Ten feet high and six feet out.
The correct answer is: Eight feet high and two feet out.
Lighting should be used to discourage intruders and provide safety for personnel, entrances, parking areas and critical sections. Critical areas should be illuminated 8 feet high and 2 feet out.
The Open Web Application Security Project (OWASP) Top Ten list of risks has been published for the past several years. Which of the following choice represents threats that have been at the top of the list for many years?
Sniffing
Injection
Race Condition
Bufferoverflow
The correct answer is: Injection
SQL injection and other database related raw content injections with LDAP, XML through dynamic SQL queries indicate the highest risks to information systems with web and database tiered systems.
