Mod A Flashcards
1
Q
Also known as encapsulation, a characteristic of object-oriented programming (OOP) and used to isolate objects and subjects from each other
A
data hiding
2
Q
Processors typically support 2 states:
A
supervisor aka kernel mode
problem aka user mode
3
Q
In ____ state, the processor is operating at the highest privileges which means running process has access to all info on that system
A
supervisor
4
Q
In ____ state, the processor can access info that is has been granted the privileges to access
A
problem
5
Q
The process of logically segregating functions of hardware and software so that changes in the processes do not affect the other layers.
A
layering
6
Q
In a brute force attack, the attacker has access to only the ______ text
A
cipher
7
Q
In a known plaintext attack, the attacker has access to _____ text
A
both plain and cipher text
8
Q
A type of known plain text attack in which multiple sets of plaintext and corresponding ciphertext can be analyzed for patterns or trends which can help extract the key
A
Linear cryptanalysis
9
Q
A legal liability concept that requires an organization review its practices to ensure that protection requirements are met.
A
due diligence
10
Q
Practicing due diligence can help create a defense against _____
A
negligence
11
Q
A legal liability concept that defines the minimum level of info protection that a business must achieve
A
due care
12
Q
The process of measuring business practices against the judgement of any reasonable individual is also known as the ______ rule
A
prudent man
13
Q
This law was created in 1974 to govern the way federal agencies use and distribute personal information of U.S. citizens. It states that agencies cannot disseminate personal info without the permission of the individual. U.S. census and labor statistics are exempt.
A
U.S. Privacy Act of 1974
14
Q
Created to provide a framework for how info traverses international borders. This guideline contains the following principles:
collection limitation
data quality
purpose specification
use limitation
security safeguards
openness principle
individual participation
accountability
A
OECD Guidelines
15
Q
A link-state routing protocol that learns the entire network topology for the area using cost
A
OSPF
16
Q
A distance-vector routing protocol that is only aware of directly connected neighbor routers and uses hop count as a metric
A
RIP
17
Q
____ routing protocols send updates only when the network topology changes.
A
link-state
18
Q
____ routing protocol sends entire content of the routing table to all neighbor routers every 30 seconds by default whether or not a topology change occurs
A
RIP
19
Q
Data stored in a cloud is considered data at ___ and is not considered in transit until accessed over the internet
A
rest
20
Q
Data stored in a SAN is considered data at ____-
A
rest
21
Q
DNS servers use a ______ to store information about how to resolve IP addresses to domain names
A
hierarchical database
22
Q
A ___ file is a flat file database that stores domain name resolution info locally. When DNS is unavailable, the computer might be able to resolve IP addresses of domain names by looking up info stored on this file.
A
hosts
23
Q
A ____ database can be accessed, read, and written to by using code written in OOP language
A
Object-oriented
24
Q
This database created relationship between records in tables by using primary keys.
A
relational
25
An open standard defined in Request for Comments (RF) 6749 that provides third-party application delegated access to resources without providing the owners credentials to the application
OAuth 2.0
26
An open standard developed by OASIS used to exchange authentication and authorization info. It is used to provide a standard way of encoding info so that info can be read and processed by multiple independent systems
SAML (extensible markup language (XML))
27
A XML based open standard developed by OASIS used for SSO. It is based on DSML (directory services markup lanaguage) that can be used to present LDAP info in XML format.
SPML (security provisioning markup language)
28
A XML based open standard developed by OASIS and is used to define access control policies. Most commonly used for attribute or role based policies and used in combination with SDN (software defined networking) systems
XACML
29
Port numbers from ___ to ___ are registered ports and are assigned by IANA. Also called user ports.
1024 - 49151
30
Port numbers from ___ to ___ are system ports and are assigned by IANA. Also called well known ports.
0 - 1023
31
Using antivirus software is a _____ access control
corrective
directive
preventive
detective
corrective
(ex: antivirus can take corrective action to repair damage caused by a computer virus)
32
A security standard based on British Standard 7799 (BS 7799) focused on security governance
ISO 27001
33
This standard use to be ISO 17799 and is based on British Standard 7799 (BS 7799). It defines security objectives and provide a list of security controls based on industry best practices
ISO 27002
34
An IT management framework created by the Information Systems Audit Control Association (ISACA) and IT Governance Institute (ITGI). It is used by security architects to provide an example of minimum security requirements of any organization.
COBIT (Control objects for information and related technology)
35
RTO + WRT = ?
MTD (max tolerable downtime)
36
The amount of time a business can survive without a particular service
RTO (recovery time objective)
37
A hardware rating that indicates how long a system should run before failing, on average.
MTBF (mean time between failures)
38
Indicates the amount of time it will take to recover a failed device or system
MTTR (mean time to repair)
39
AH is typically used wtih ESP in ___ mode
transport
(because IP headers are encrypted in tunnel mode)
40
ESP provides _____ for IPSec VPN tunnels
confidentiality
41
AH provides ____ and ___ for IPSec VPN tunnels
authentication and integrity
42
In ____ mode, ESP encrypts the entire packet including the IP headers and data. AH uses the IP headers to authenticate packets.
tunnel
43
In ___ mode, ESP encrypts only the packet data, leaving the IP headers unencrypted
transport
44
When AH and ESP are used together, ______ must establish separate SAs (4 total) for each protocol.
Internet Security Association and Key Management Protocol (ISAKMP)
45
A ___ creates a separate collision domain for each port on it.
switch
46
Groupings of subject and objects that have the same security requirements are called
security domains
47
Ring 0 of CPU ring model
Kernel
48
Ring 1 of CPU ring model
OS components that are not the kernel
49
Ring 2 of CPU ring model
Device drivers
50
Ring 3 of CPU ring model
Users
51
Process of hiding the operational complexity of a system from a system's user
Abstraction
52
What are the 5 rules of evidence?
Be authentic
Be accurate
Be complete
Be convincing
Be admissable
53
An open standard method for decentralized authentication that is maintained by Open ID Foundation but uses RFC 6749 as a framework. It uses JSON Web Tokens (JWTs) and operates as a REST web service
OpenID Connect
54
Standard defined by RFC 5849
OAuth 1.0
55
A ____ is designed to prevent theft of computer equipment and is typically bolted to the wall, floor, or large immobile surface
lockdown enclosure
56
System ____ involves removing system service that are not required for the system to perform its intended function
hardening
56
Is a firewall a multihomed device?
Yes
57
___ firewalls maintain a state table and make forwarding decisions based on the state of each session
state
58
____ filtering firewalls makes simple filtering decision based on each individual packet
packet
59
Are stateful firewalls more secure than packet filtering firewalls?
Yes, because packet filtering requires you open both inbound and outbound traffic, meaning exposure of the internal network to undesirable inbound traffic on that port.
60
____ firewalls terminate the connection with the source device and initiate a new connection with the destination to hide the true source of the traffic
Proxy
61
What is the documentation for a system or product to be tested? It is used to test the security of IT products with the goal to identify and remove known vulnerabilities from a product rather than discover new vulnerabilities.
Common Criteria (CC) Security Target (ST
62
In CC ST, the ____ is the system or product that is to be tested
target of evaluation
63
In CC ST, the ___ is the documentation that describes the ToE and any security requirements
ST (security target)
64
In CC ST, the ___ is a set of security requirements and objects for the type of product to be tested
Protection Profile (PP)
65
In CC ST, the ___ is a rating level that is assigned to the product after the product has been tested
Evaluation Assurance Level (EAL)
66
How many EALs are in CC ST? Name them.
7 ratings
1. functionally tested
2. structurally tested
3. methodically tested and checked
4. methodically designed, tested, and reviewed
5. semi-formally designed and tested
6. semi-formally verified, designed, and tested
7. formally verified, designed, and tested
67
The safest fire suppression system in an electrical environment is
FE-13 because it is safe for humans and computer equipment
68
Is FE-13 safer than FM 200?
Yes, FE-13 can be breathed up to 24 percent while FM-200 is 9 percent
69
___ should be used as a fire suppression agent only in areas that are unstaffed
CO2
70
The ____ requires that each EU member nation create its own centralized data protection authority
GDPR
71
GDPR requires companies to inform authorities of major data breached within how many hours?
72
72
Although sometimes used interchangeably, security marking and security labeling are different:
______ marking refers to the use of human readable security attributes while ____ refers to the use of security attributes for internal data structures within the information systems
marking; labeling
73
___ stacks enable hosts to communicate with both IPv4 and IPv6 hosts. They are configured with both addresses.
Dual
74
The tunneling method, ____ is used to pass IPv4 traffic over an IPv6 only network
4to6 tunneling
vice versa = 6to4 tunneling
75
A ____ can quarantine a host that does not comply with a security policy. It intercepts hosts that are not yet registered on the network then sends the host's information to an authentication server to see if the host complies.
NAC (network admission control)
76
RAID ___ provides striping for a set of mirrored disks
10
77
RAID ___ aka a striped set, uses striping which is a method of writing data across multiple hard desks to increase performance.
0
78
RAID ___ provides mirroring but not increased write performance. AKA a mirrored set
1
79
RAID 3 and 4 provides striping for a set of mirrored disks that use parity to provide fault tolerance. RAID ___ stripes data at the byte level while RAID ___ stripes data at the block level.
3;4
80
What are the BCP (business continuity plan) steps?
1. Develop a BCP policy statement
2. Conduct a BIA
3. Identify preventive controls
4. Develop recovery strategies
5. Develop an IT contingency plan
6. Perform DRP training and testing
7. Perform BCP/DRP maintenance
81
___ level managers are responsible for developing and agreeing to the BCP policy statement
C-level (ex: CEO, CFO, CIO)
82
A ____ identifies business systems and processes that are critical for a company to continue to operate
BIA (business impact analysis)
83
A _____ is also called a tabletop exercise and is a simulation where no actual recovery occurs. The teams talk through the process to identify any logical gaps
structured walk-through test
84
A _____ also called a walk-through drill is a simulation in which team members actually carry out the recovery process and performed after regular business hours.
simulation test
85
The BCP and DRP should be reviewed every ___ months and a formal audit should be performed ___
3; annually
86
____ security guards are guards that are trained and employed by the company that requires them.
Proprietary
87
ASTM standard Class 1 gate is
Residential (house)
88
ASTM standard Class 2 gate is
Commercial/General Access (parking garage)
89
ASTM standard Class 3 gate is
Industrial/Limited access (loading dock for 18 wheeler trucks)
90
ASTM standard Class 4 gate is
Restricted Access (airports, prisons)
91
Kerberos and Secure European System for Applications in a Multi-vendor Environment (SESAME) are examples of ___ model
SSO (single sign on)
92
___ is the process of providing access to a company's data resources to organizations or parties that are not owned by the company
FIM (federated identity management)
93
____ model of FIM uses a single organization to manage the authentication and verification process for each company that is participating in the model. Also known as bridge model
trusted third-party
94
___ model of FIM that enables participants to trust another participants PKI. It is difficult to manage as the organization increases
cross-certification
95
You can find a X.509 certificates's serial number or revocation date on a ___
CRL (certificate revocation list)
96
The Online Certificate Status Protocol (OCSP) server will tell you a X.509 certificate's ____
status
97
A CA's revocation data can be found on an _____
ARL (authority revocation list)
98
Are symmetric encryptions stronger per bit than asymmetric encryption?
Yes
99
Lifetime session keys makes Kerberos more vulnerable to ____ attacks
replay
100
Describe the Kerberos authentication steps
1. Client requests authentication from a KDC (key distribution center)
2. When the KDC authenticates the client, it sends the client a ticket-granting-ticket (TGT) and a session key
3. The client decrypts the session key and sends it to the Kerberos ticket granting server (TGS) along with the TGT (which is encrypted with a secret key for that TGS)
4. The TGS uses the TGT and session key to verify the identify of the user
5. Once verified, the TGS sends the user a service ticket (ST) that is encrypted with a key specific to the device that the client wants to access. The TGS also sends the client a second session key.
6. The client sends the ST and second session key to the device the client wants to access.
7. The device then uses the ST and second session key to verify the client has permission to access that device.
101
Kerberos does not by itself require any sort of password complexity and therfore is vulnerable to _____ attacks
password guessing
102
Deploying multiple KDC and TGS in the Kerberos realm mitigates ____
single point of failure
103
Since the Kerberos KDC database stores user's credentials in a clear text format, it is vulnerable to ______
theft of cached credentials
104
A ___ is another name for a table in a relational database
relation
105
A ___ is another name for a row of data in a relational database
tuple
106
A ___ is another name for a column of data in a relational database
attribute
107
A ____ contains the data within a relational database
cell
108
True or False
Both SSH and FTP are used to transfer files over a network. SSH is secure while FTP sends data in clear text.
True
109
TCP is ____ oriented while UDP is ____ oriented
connection; connectionless
110
Database view contains the results of what?
a database query
111
In system high mode, users must have?
security clearance and access approval that permits access to all info processed by the system
112
In dedicated mode, users must have?
security clearance, access approval, and a valid need to know for all information processed by the system
113
in compartmented mode, users must have?
security clearance
114
In multilevel mode, users must have?
security clearance, access approval, need to know only information they will access on the system, not all info
115
Prevention obfuscation attempts to make a code obscure to _____ by making it hard to decompile code
computers
116
____ obfuscation deals with renaming classes, fields, and methods, replacing them with new identifiers that lack intuitive meaning
Lexical
117
___ obfuscation deals with modifying data and data structures in order to hide what the data is used for or what the structures do
Data
118
___ obfuscation deals with making an application harder to understand or to decompile. ex: grouping unrelated structures
Control flow
119
PDU at network layer
packet
120
PDU at transport layer
segment
121
PDU at data link layer
frame
122
PDU at physical layer
bits
123
Formula for ALE?
ARO x SLE
124
A printer that fails once every 4 years has an ARO of?
0.25 or 25%
1 failure/ 4 years = 0.25 failures per year
125
The frequency at which equipment fails is called the what?
ARO (annual rate of occurency)
126
The cost of one occurrence failure is called what?
SLE (single loss expectancy)
127
The cost to maintain or replace equipment is called what?
ALE (annual loss expectancy)
128
___ investigations attempt to resolve disputes between two parties such as private individuals or corporate entities.
Civil
129
___ investigations are typically conducted by law enforcement personnel and attempt to determine whether a criminal law has been violated. They depend on 'beyond a reasonable' doubt standard of proof.
Criminal
130
____ investigations attempt to determine whether an administrative law or industry standard has been violated
Regulatory
131
___ investigations are internal investigations that attempt to determine whether organizational policies or operational procedures have been violated
Administrative
132
A _____ is another name for a hypervisor
VMM (virtual machine monitor)
133
Type __ hypervisors are installed on bare metal servers meaning it is it's own OS. Because of their proximity to the physical hardware, they tend to perform well.
1
134
Type __ hypervisors are applications installed on host OSs. like Windows, MAC, and Linux. They are easy to deploy and maintain.
2
135
A ____ plane is centralize on the SDN network.
Control
136
The SDN consists of what 3 planes?
application, control, and data
137
A simulation test where employees are relocated to the DRP's recovery location
parallel test
