Official Study Guide Flashcards
the Digital Millennium Copyright Act (DMCA) requires ISP’s to act promptly when notified of copyright infringement to address data stored or cached on systems controlled by it, but not on ___
data actively transmitted
the ___ act provides protection of trade secrets
Economic Espionage
Patents are registered with the ___
United States Patent and Trademark Office (USPTO)
the ___ requires federal agencies to implement information security programs
Federal Information Security Management Act (FISMA)
a ___ audit covers business continuity planning
SOC 2
the threshold for malicious damage to a federal computer system that triggers the Computer Fraud and Abuse Act is ___
$5,000
___ is a control objective framework that is widely accepted around the world and focuses specifically on information security controls
ISO 27002
___ requires that communications service providers cooperate with law enforcement requests
The Communications Assistance for Law Enforcement Act (CALEA)
the ___ of a company is not typically involved in BDP meetings, but should approve it when it is complete
CEO
the cutoff age below which parents must give consent in advance of the collection of personal information from their children under the Children’s Online Privacy Protection Act (COPPA) is ___
13
reliability of the materials and equipment used by a company are addressed in its ___
supply chain
A ___ most often refers to a formal US government process for assessing security controls and is often paired with a Security Test and Evaluation (ST&E) process.
security controls assessment (SCA)
Control Objectives for Information and Related Technology (COBIT) would be used by a ___ to help balance IT security needs with business needs
business owner
the security baseline applied to a system is primarily determined by ___
the classification of data it contains
even if it has been anonymized, personal health information should be classified as ___
Private
to make sure the windows workstations are in compliance with a security baseline, use ___
Microsoft Group Policy
data with the military classification of ___ would, if disclosed, could cause serious harm to national security
Secret
due to danger of remnant data, the US National Security Agency requires the ___ of SSD’s when no longer needed
physical destruction
The ___ requires conspicuously posted privacy policies on commercial websites that collect the personal information of California residents
California Online Privacy Protection Act
data “in motion” means data that is travelling ___ only
electronically
the earliest detection of fires can detect them in the ___ phase
incipient
business “Confidential” classification is equivalent to ___ or the military classification ___ and poses ___ danger, even though “Confidential” is the lowest military classification
proprietary; top secret; exceptionally grave
restricting access of a process to system resources to limit its impact on other processes (like a sandbox) is known as ___
confinement
if a customer is using IaaS and leaves sensitive information on a vendor’s drive, it is the ___ responsibility to remove the data
vendor’s
in assessing and accepting security controls, ___ means it has been validated by a company’s testers, ___ means it has been accepted by management (or an approved authority), and ___ means it has been validated by a third party
certification; accreditation; verification
to deter a casual intruder, fences should be ___ high, to deter a determined intruder it should be ___ high and have ___ at the top
6 ft; 8 ft; 3 strands of barbed wire
Halon is no longer used for fire suppression because ___
it contains CFC’s
___ sensors detect changes in electromagnetic fields to detect motion
capacitance
___ is malware which exploits port __ and infects IoT devices
Mirai, 23
Frame Relay supports ___, unlike X.25
multiple private virtual circuits (PVCs)
wireless clients on a LAN typically operate in ___ mode, which allows them to communicate with other clients through a Access Point
Infrastructure (or Master)
The RST flag is used to ___ in a TCP packet
reset or disconnect a session
The ___ Authentication Protocol is used by PPP servers to authenticate remote clients. It encrypts both the username and password and performs periodic reauthentication while connected using techniques to prevent replay attacks
Challenge-Handshake (CHAP)
DNS ___ is when an attacker changes the domain name to IP address mappings of a system to redirect traffic to alternate systems, and DNS ___ occurs when
an attacker sends false replies to a requesting system, beating valid replies from the actual DNS server
poisoning; spoofing
___ is a converged protocol that allows location-independent file services over traditional network technologies. It costs less than traditional Fibre Channel
iSCSI
1000BaseT is capable of a ___-meter run
100
the two classes of Integrated Services Digital Network (ISDN) are ___ and ___
Basic Rate Interface (BRI); Primary Rate Interface (PRI)
SPIT stands for ___
Spam over Internet Telephony
one risk of non-IP protocols on a network is that ___
firewalls may not be able to filter them out
Ethernet uses a ___ topology
bus
___ is used to allow assertions of domain identity
to validate email
Domain Keys Identified Mail (DKIM)
of the most commonly found LAN authentication technologies, Kerberos is SSO but ___ is not
RADIUS
Kerberos uses ___ to encrypt authentication information
AES
when an access table has no roles, rules or classifications, it is likely a simple ___ system, which is becoming more popular with cloud-based systems
resource-based access
an LDAP Distinguished Name (DN) can have values separated by ___ or ___, but cannot end with any character like ___
”,” or “+”
“;”
The stored sample of a biometric factor is called a ___ or a ___
reference profile; reference template
SAML does not have a security mode and relies on
___ and ___ to ensure security if needed
TLS; digital signatures
badge readers are considered a category ___ control
physical
in Mandatory Access Control a user with a Secret classification can access data classified as ___
Secret only (not higher or lower)
The ___ for LDAP provides support for a range of authentication types, including secure methods
Simple Authentication and Security Layer (SASL)
in ___ access control, the owner of the data rather than a system administrator sets permissions
discretionary
Nikto is useful for ___
vulnerability scanning web servers and applications
if nmap shows a port being “Filtered” is means ___
it cannot be reached due to firewall interference
if you learn about a zero day vulnerability on systems you use, your first step should be to check ___
the versions you are running to see if the vulnerability applies to you
only ___ wireless scans can reveal rogue devices
passive
Linux, wireless and firewall systems all generate a syslog, but ___ systems use a proprietary format
windows
a TCP ___ scan can be used to identify active services on a network without using any elevated privileges
connect
in reporting on a pen test, care should be taken to avoid ___
accidental additional exposure if the wrong people see the vulnerabilities reported
Port ___ is used for administrative connections
22 (SSH)
besides disk space, excessive logging can also tax ___
system processing power (slow things down)
___ scans use a read-only account to access configuration files, allowing more accurate testing of vulnerabilities
Authenticated
anything that disrupts operations can be considered a ___
disaster
___ refers to the privileges granted to users when an account is first provisioned
Entitlement
The ___ phase of incident response focuses on actions that can contain the damage incurred during an incident. This includes limiting the scope and or effectiveness of the incident
Mitigation
for something to be considered a security ___, an actual security compromise or policy violation must take place
incident
mandatory vacations should be for at least ___ days
7
Egress filtering scans outbound traffic for potential security policy violations. This includes traffic with a private IP address as the destination, traffic with a broadcast address as the destination, and traffic that has a falsified source address not belonging to
the organization, but shouldn’t include ___
Traffic with a destination address on an external network
many firewalls use ___ as part of their anti-SYN-flood response
spoofing
a ___ can help manage assets by gathering information about all systems on a network (even mobile devices), the OS and applications installed, security settings, etc.
System Center Configuration Manager (SCCM or ConfigMgr)
the degree of a table is the number of ___
columns (Attributes)
___ is a security issue that arises when a collection of facts has a higher classification than the classification of any of those facts standing alone. An ___ problem occurs when an attacker can pull together pieces of less sensitive information and use them to derive information of greater sensitivity
Aggregation; inference
___ viruses use multiple propagation mechanisms to defeat system security controls but do not necessarily include techniques designed to hide the malware from antivirus software.
Multipartite
___ viruses tamper with the operating system to hide their existence
Stealth
___ is typically the last phase of the software testing process
User acceptance testing (UAT)
___ provides the most effective defense against session hijacking because it encrypts all traffic between the client and server, preventing the attacker from stealing session credentials
Transport Layer Security (TLS)
When a system uses shadowed passwords, the /etc/passwd file would contain ___ to indicate that the password hash is in the shadow file
an x
A ___ in an website input field is used to escape outside the input field in a SQL injection attack
single quotation mark
parameterization and ___ restricted characters in an input field prevents them from being passed to the database
Escaping
expert systems have two main components, a knowledge base and ____
an inference engine
testing software with knowledge of the code, but from the user’s perspective is ___ box testing
grey
limiting ___ is one way to limit the abuse of API’s
request rates