Need2Know Flashcards
Change Management (steps)
RRATSID
- request the change
- review the change
- approve / reject the change
- test the change.
- schedule the change.
- implement the change.
- document the change
Static Packet Filtering firewall
filters by message header: source, destination and port.
first gen - easily fooled.
layer 3 (network)
Levels of Gov / Military security classification
Top Secret Secret Confidential Sensitive but Unclassified Unclassified
Business / Private Sector security classificaiton
Confidential (company data) // Private (eg: medical records)
Sensitive
Public
Explain Data Encapsulation –> Protocol Data Unit (PDU)
Transport layer = segments
Network layer = packets
Data Link layer = frames
Physical layer = bits
Encapsulation…..
Segments –> Packets
Packet –> Frames
Frames –> Bits
Administrative Controls used to secure personnel
job descriptions principle of least privilege separation of duties job responsibilities, job rotation performance reviews background checks job training exit interview
Application-level gateway firewall
aka Proxy Firewall
Layer 7 (application)
Circuit-level gateway firewall
Works at layer 5 (session)
e.g., SOCKS
manage traffic based on the circuit, not the content of traffic.
Stateful inspection firewalls
aka Dynamic Packet Filtering
Network & Transport layers
processes based on source and destination ports, addresses, etc.
Deep-packet inspection firewalls
DPI
application layer
filters payload content - complete packet inspection
works in tandem wit application firewall
Next gen firewalls
multifunction device (MFD)
IDS, Proxy, QoS, VPN, etc.
Baseline
establishes a common foundation upon which all more security measures can be built
Trusted Computer System Evaluation Criteria (TCSEC)
Information Tech Security Evaluation Criteria (ITSEC)
National Institute of Standards and Tech (NIST)
Security Marking vs Security Labeling
Security Marking = human-readable security attributes.
Security Labeling = security attributes for internal data structures within IT
Change Management
the process of understanding, communicating, and documenting changes to a system so that negative effects from change can be avoided.
Typcial process:
- request the change
- review the change
- approve / reject change
- test
- schedule
- implement
- document.
Baselining
config management that involves monitoring of security changes over time.
Risk Transference
buying insurance.
What are the two common data classification schemes?
Military
Private Sector
Lighter Than Air Industries expects that it would lose $10 million if a tornado struck its aircraft operations facility. It expects that a tornado might strike the facility once every 100 years.
Referring to the scenario, what is the annualized loss expectancy?
The annualized loss expectancy (ALE) is computed by taking the product of the single loss expectancy (SLE), which was $10 million in this scenario, and the annualized rate of occurrence (ARO), which was 0.01 in this example. These figures yield an ALE of $100,000.
The absence or weakness of a safeguard or countermeasure?
When a safeguard or a countermeasure is not present or is not sufficient, what remains?
Vulnerability
What law protects the right of citizens to privacy by placing restrictions on the authority granted to government agencies to search private residences and facilities?
Fourth Ammendment.
You are concerned about the risk that an avalanche poses to your $3 million shipping facility. Based on expert opinion, you determine that there is a 5 percent chance that an avalanche will occur each year. Experts advise you that an avalanche would completely destroy your building and require you to rebuild on the same land. Ninety percent of the $3 million value of the facility is attributed to the building, and 10 percent is attributed to the land itself.
1) What is the single loss expectancy of your shipping facility to avalanches?
2) What is the annualized loss expectancy?
1) The SLE is the product of the AV and the EF. From the scenario, you know that the AV is $3,000,000 and the EF is 90 percent, based on that the same land can be used to rebuild the facility. This yields an SLE of $2,700,000.
2) This problem requires you to compute the ALE, which is the product of the SLE and the ARO. From the scenario, you know that the ARO is 0.05 (or 5 percent). From question 8, you know that the SLE is $2,700,000. This yields an SLE of $135,000.
What element of data categorization management can override all other forms of access control?
Taking Ownership
NOT:
Physical Access
Classification
Custodian
Ownership grants an entity full capabilities and privileges over the object they own. The ability to take ownership is often granted to the most powerful accounts in an operating system because it can be used to overstep any access control limitations otherwise implemented.
You are concerned about the risk that an avalanche poses to your $3 million shipping facility. Based on expert opinion, you determine that there is a 5 percent chance that an avalanche will occur each year. Experts advise you that an avalanche would completely destroy your building and require you to rebuild on the same land. Ninety percent of the $3 million value of the facility is attributed to the building, and 10 percent is attributed to the land itself. What is the single loss expectancy of your shipping facility to avalanches?
A: $3,000,000
B: $2,700,000
C: $270,000
D: $135,000
Government Data Classificaiton
Top Secret
Secret
Confidential
Unclassified
Business / Commercial / Private Data Classification
Confidential / Proprietary ——————–> Top Secret
Private————————————————> Secret
Sensitive ——————————————–> Confidential
Public ————————————————> Unclassified
Multitasking
Multicore
Multiprocessing
Multi-programming
Multitasking – handles two or more tasks simultaneously
Multicore – multiple CPU on one chip
Multiprocessing – a system with more than 1 cpu
Multi-programming – psudosimultaneous processing two tasks on a single CPU — OBSOLETE
Secondary Memory
Secondary memory is a term used to describe magnetic, optical, or flash media.
Fault Blackout Sag Brownout Surge Inrush Noise
Fault — momentary loss of power
Blackout – total loss of power
Sag – momentary LOW VOLTAGE
Brownout – prolonged low voltage
Surge – prolonged HIGH voltage
Inrush – initial surge of power that happens when hooking a device up to power source
Noise — steady interferring power disturbance
Fire Extinguishers
Class: A B C D
A = Common Combustibles –> water, soda acid
B = Liquid —> CO2, Halon
C = Electronics –> Halon
D = Metal –> Dry powder
Dynamic RAM
Static RAM
Dynamic RAM uses CAPACITORS
Static RAM uses FLIP-FLOPS
Relational Databases
Attributes / Field
Attribute –> Column in table
Each customer would have it’s own record, or truple (a row in a table)
Number of rows in table = cardinality
Number of columns = degree
Types of Storage
Primary Memory - RAM
Secondary Storage - CD/DVD, flash drives
Virtual memory - hard drive
Virtual storage - uses RAM but goes away
Sequential access storage -
Volatile storage - goes away at power off (RAM)
Nonvolatile storage - NVRAM
Aggregation
Aggregation attacks involve the use of specialized database functions to combine information from a large number of database records to reveal information that may be more sensitive than the information in individual records would reveal.
What database technique can be used to prevent unauthorized users from determining classified information by noticing the absence of information normally available to them?
A. Inference
B. Manipulation
C. Polyinstantiation
D. Aggregation
Polyinstantiation allows the insertion of multiple records that appear to have the same primary key values into a database at different classification levels.
SDLC
Change Management
Procedures to manage change existing apps.
Request Control –> request mod, cost/benifit analysis, prioritize tasks
Change Control –> re-create situation, analyze change, create & test
Release Control –> approve final changes
Security Admins:
Config Identification
Config Control
Config Status Accounting
Config Audit
- 15
- 11
- 3
- 15 = bluetooth (PAN)
- 11 = wifi
- 3 = ethernet
What database security feature uses a locking mechanism to prevent simultaneous edits of cells?
A. Semantic integrity mechanism B. Concurrency C. Polyinstantiation D. Database partitioning This Answer is Correct
Concurrency uses a “lock” feature to allow an authorized user to make changes and then “unlock” the data elements only after the changes are complete. This is done so another user is unable able to access the database to view and/or make changes to the same elements at the same time.
Which source of interference is generated by electrical appliances, light sources, electrical cables and circuits, and so on?
A. Cross-talk noise
B. Radio frequency interference
C. Traverse mode noise
D. Common mode noise
Radio frequency interference (RFI) is the source of interference that is generated by electrical appliances, light sources, electrical cables and circuits, and so on
Which recovery site alternative provides shared resources through contractual leasing options?
A. Cloud services
B. Mobile site
C. Hot site
D. Cold site
A cloud service company (previously known by the term service bureau) is an organization that provides online time-leased computer services for a fee.
Which database principle ensures that transactions execute in an all-or-nothing fashion?
A. Atomicity
B. Consistency
C. Isolation
D. Durability
ACID
The atomicity of database transactions requires transaction execution in an all-or-nothing fashion. If any part of the transaction fails, the entire transaction is rolled back.
In the Biba model, what rule prevents a user from reading from lower levels of classification?
A. Star axiom
B. Simple property
C. No read up
D. No write down
The Biba simple property rule is “no read down.”
The Biba star axiom is “no write up”. “
No read up” is the simple rule for Bell LaPadula.
“No write down” is the star rule for Bell LaPadula.
If a specific step-by-step guide does not exist that prescribes how to accomplish a necessary task, which of the following is used to create such a document?
A. Policy
B. Standard
C. Procedure
D. Guideline
A guideline offers recommendations on how standards and baselines are implemented and serves as an operational guide for both security professionals and users. Guidelines are flexible so they can be customized for each unique system or condition and can be used in the creation of new procedures (i.e., step-by-step guides).
A momentary loss of power is what form of power issue?
A. Brownout
B. Spike
C. Sag
D. Fault
Fault = short loss of power
Brownout = LOW VOLTAGE for prolonged period of time
Spike = HIGH VOLTAGE short period
Sag = short period of LOW VOLTAGE
Tom built a database table consisting of the names, telephone numbers, and customer IDs for his business. The table contains information on 30 customers. What is the degree of this table?
A. Two
B. Three
C. Thirty
D. Undefined
The cardinality of a table refers to the number of rows in the table while the degree of a table is the number of columns.
Change Management Steps
Change management:
1) Request
2) Impact assessment
3) Approval/Disapproval
4) Build and test
5) Notification
6) Implementation
7) Validation
Secure Sockets Layer (SSL) uses a Message Authentication Code (MAC) for what purpose?
integrity
Which of the following is not a form of spoofed traffic filtering?
A. Block inbound packets whose source address is an internal address
B. Block outbound packets whose source address is an external address
C. Block outbound packets whose source address is an unassigned internal address
D. Block inbound packets whose source address is on a block/black list
Using a block list or black list is a valid form of security filtering; it is just not a form of spoofing filtering.
Among the following concepts, which element is not essential for an audit report?
A. Audit purpose
B. Audit scope
C. Audit results
D. Audit overview
Audit overview is not essential for an audit report —> the purpose, scope, and results of an audit are the three primary (and necessary) elements.
What security flaw conveys information by writing data to a common storage area where another process can read it?
A. Covert timing channel
B. Buffer overflow
C. Covert storage channel
D. Maintenance hook
A covert storage channel conveys information by writing data to a common storage area where another process can read it. Storing data in such a way introduces a security flaw that allows unauthorized users to access the data.