Official Study Guide 2 Flashcards
NIST SP800-53 discusses security controls as a security ___
baseline
Communication systems that rely on start and stop flags or bits to manage data transmission are known as ___
Asynchronous
___ motion detectors transmit ultrasonic or microwave signals into the monitor area, watching for changes in the returned signals bouncing off objects
Wave pattern
___ provides AAA functionality, but is a Cisco proprietary protocol
TACACS+
the TCP three-way handshake is ___
SYN, SYN/ACK, ACK
The ___ program helps to protect the supply chain for components and devices by ensuring that the companies that produce and supply them are secure
US Trusted Foundry
in an IaaS environment, the vendor is only responsible for the hardware and the ___
hypervisor
when testing a website, another word for synthetic monitoring (using realistic data) is ___
proactive monitoring
___ (or impersonation) attacks use stolen or falsified credentials to bypass authentication mechanisms. ___ attacks rely on falsifying an identity like an IP address or hostname without credentials. ___ attacks are a more specific type of impersonation attack that relies on captured network traffic to reestablish authorized
connections
Masquerading; Spoofing; Replay
The ___ evidence rule states that when an agreement between two parties is put into written form, it is assumed to be the entire agreement unless amended in writing
parol
The ___ evidence rule says that a copy of a document is not admissible if the original document is available
best
___ reviews the use and application of controls in an audited organization. It forms part of the underlying framework for SOC 1, 2, and 3 reports
SSAE-18
The Digital Millennium Copyright Act (DMCA) provides safe harbor protection for the operators of ___
Internet service providers
___ is a variation in the latency for different packets
Jitter
___ are a special form of input validation that ensure that the value remains within an expected range
Limit checks
___ via a web portal can require user authentication and can gather data like operating systems, versions, software information, and many other factors that can uniquely identify systems
Device fingerprinting
Packets with ___ IP addresses as sources or destinations should never be routed onto the Internet
private
The most frequent target of account management reviews are ___ accounts, as they create the greatest risk
highly privileged
The courts have applied the ___ rule to include the concept that attorneys may not introduce logs into evidence unless they are authenticated by the system administrator
hearsay
Attackers may use ___ as a tool to exploit a TOC/TOU race condition
algorithmic complexity
The formula for determining the number of encryption keys required by a symmetric
algorithm is ___
((n*(n − 1))/2)
many modern thieves immediately take steps to ensure that mobile devices ___ before they capture data or wipe the device for resale.
will not be trackable or allowed to connect to a network
___ server monitoring relies on synthetic or previously recorded traffic
Active
___ access control empowers people closer to the resources to control access but does not provide consistent control
Decentralized
Access control systems rely on ___ and ___ to provide accountability. Effective ___ systems are desirable, but not required, since logs can provide information about who accessed what resources, even if access to those resources is not managed well
identification; authentication;
authorization
EAP was originally intended to be used on ___ network channels and did not include ___
physically isolated; encryption
The Linux tool ___ creates a bit-by-bit copy of the target drive that is well suited to forensic use
dd
___ is specifically defined by HIPAA to include information about an individual’s medical bills
Personal health information (PHI)
___ include both the access and actions that you can take on an object. ___ usually refer to the ability to take action on an object and don’t include the access to it
permissions; Rights
___ combine rights and permissions, and roles describe sets of ___ based on job tasks or other organizational artifacts
Privileges; privileges
___ is a feature in operating systems (such as Windows) that enables computers to automatically self-configure an IP address and subnet mask when their DHCP server isn’t reachable. The IP address range for this is ___
Automatic Private IP Addressing (APIPA);
169.254.0.1 - 169.254.255.254
___, or registration, is the initial creation of a user account in the provisioning process
Enrollment
The ___ role is responsible for making sure systems provide value (balanced with security needs)
business or mission owner’s
The ___ (Act) makes it a crime to invade the electronic privacy of an individual. It prohibits the unauthorized monitoring of email and voicemail communications
Electronic Communications Privacy Act (ECPA)
Syslog uses port ___
UDP 514 (or TCP 6514)
___ is a TCP flag used to clear the buffer, resulting in immediately sending data
PSH
___ is the TCP urgent flag
URG
___ is a TCP flag for Nonce concealment protection
NS
___ is a TCP flag used to reset the connection
RST
As the incident response progresses, the root cause analysis is a component of the ___ step of the incident response process
remediation
___ errors are most likely to be missed by automated functional testing
Business logic
___ sites take a very long time to activate, measured in weeks or months
Cold
Test coverage is computed using the formula test coverage = number of ___/ total number of ___
use cases tested; use cases
___ is the first functional goal of physical security mechanisms
Deterrence
a good alternative to FTP for transferring files is ___
SCP—Secure Copy
The California Online Privacy Protection Act requires that commercial websites that collect personal information from users in California ___
conspicuously post a privacy policy
Iris scans have a longer useful life than many other types of biometric factors because ___
they don’t change throughout a person’s life span
The ___ Act is an example of civil law, whereas most cyber-security laws are criminal
Gramm-Leach-Bliley (GLBA)
The S/MIME secure email format uses the ___ file format for encrypted email messages
P7S
___ allows the storage of multiple different pieces of information in a database at different classification levels to prevent attackers from conducting aggregation or inference attacks
Polyinstantiation
Any primary key is, by definition, also a ___ key
candidate
to protect the integrity of an email message without encryption, you should ___
digitally sign it (no need to hash it)
to force cookies to use TLS, you should ___
set the Secure attribute on them
___ is specifically designed for encrypted file transfer, while ___ is used for secure command-line access
SFTP; SSH
The disaster recovery test types, listed in order (A-D) of their potential impact on the business from the least impactful to the most impactful, are as follows:
A. Checklist review
B. Parallel test
C. Tabletop exercise
D. Full interruption test
HIPAA requires that anyone working with personal health information on behalf of a HIPAA-covered entity be subject to the terms of a ___
business associates agreement (BAA)
an ___ can translate traffic between IPv6 networks and IPv4 networks
IPv6 to IPv4 gateway
WPA2 encryption has no effect on ___ attacks
password
in contrast to synthetic user monitoring, passive monitoring is also referred to as ___ monitoring
real user
