Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CISSP-2020 > My Memory Palace-2 > Flashcards

My Memory Palace-2 Flashcards

1
Q

ISO/IEC 15288:2015

A

systems engineering standard covering processes and life cycle stages.

defines a set of processes divided into four categories:

  1. Agreement
  2. Organization Project-Enabling
  3. Technical Management
  4. Technical
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

ISO 15408

A

Common Criteria, provides a structured methodology for documenting security requirements.

Use of the Common Criteria “protection profiles” and “security targets” greatly aids in the development of products and systems that have IT security functions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

ISO/IEC 21827:2008

A

Systems Security Engineering – Capability Maturity Model (SSE-CMM)

describes the essential characteristics of an organization’s security engineering process that must exist to ensure good security engineering.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Confinement (sandboxing)

A

ability to control read / write activity as software executes in a system and accesses memory

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Bounds

A

limits set on the memory addresses and resources a process can access in a system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Isolation

A

the ability to use bounds and confinement to control the impact process behavior has on a system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Controls (in the context of access)

A

use of access rules to limit subject / object interaction

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Trusted System

A

one where all protection mechanisms work together to process sensitive data for many types of users while maintaining a stable, secure environment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Assurance

A

the degree of confidence or certainty in a system’s ability to satisfy the defined security requirements

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Vulnerability scanning

A

Just identify Weakness; Does NOT evaluate the amount of vulnerability that represents to the company.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Different between permission and right

A

Permission - CRUD on object

Right - the ability to perform actions on a system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Fail-safe

A

systems provide the ability to automatically terminate processes in response to failure. example, an automated locking system that defaults to unlock in case of power failure.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Fail-secure

A

state refers to the ability of a system to maintain and preserve the secure state of the system in the event of a system failure. Fail-secure state implies that a system should be able to protect itself and its information assets if critical processes are terminated & if system becomes unusable. I.e. automatic lock default to lock in case of power failure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Fail-soft

A

is the termination of selected, non-critical processes after a hardware or software failure is detected.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Black Box Testing

A

Combinatorial - every possible test cases/combination of Input testing

Pairwise Testing - a subset of Combinatorial, test two or more than one component at a time.

Fuzzing - Fuzz testing with various inputs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

CISSP-2020 (12 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions