Other stuff Flashcards

1
Q

What is the Compliance Rule wrt DRM?

A

The Compliance rule specifies the behaviors of the DRM implementation and any applications that are accessing the implementation. The compliance rule specifies the following elements: Definition of specific license rights Device requirements Revocation of license path or penalties when the implementation is not robust enough or noncompliant Answer: B is incorrect. Over- the- air provisioning is a mechanism to deploy MIDlet suites over a network. It is a method of distributing MIDlet suites. MIDlet suite providers install their MIDlet suites on Web servers and provide a hypertext link for downloading. A user can use this link to download the MIDlet suite either through the Internet microbrowser or through WAP on his device. Answer: C is incorrect. An access control is a system, which enables an authority to control access to areas and resources in a given physical facility, or computer-based information system. Access control system, within the field of physical security, is generally seen as the second layer in the security of a physical structure. It refers to all mechanisms that control visibility of screens, views, and data within Siebel Business Applications.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is the Compliance Rule wrt DRM?

A

The Compliance rule specifies the behaviors of the DRM implementation and any applications that are accessing the implementation. The compliance rule specifies the following elements: Definition of specific license rights Device requirements Revocation of license path or penalties when the implementation is not robust enough or noncompliant Answer: B is incorrect. Over- the- air provisioning is a mechanism to deploy MIDlet suites over a network. It is a method of distributing MIDlet suites. MIDlet suite providers install their MIDlet suites on Web servers and provide a hypertext link for downloading. A user can use this link to download the MIDlet suite either through the Internet microbrowser or through WAP on his device. Answer: C is incorrect. An access control is a system, which enables an authority to control access to areas and resources in a given physical facility, or computer-based information system. Access control system, within the field of physical security, is generally seen as the second layer in the security of a physical structure. It refers to all mechanisms that control visibility of screens, views, and data within Siebel Business Applications.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are the four phases of a DITSCAP assessment?

A

Definition, Verification, Validation, and Post Accreditation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is OTA provisioning?

A

Over- the- air provisioning is a mechanism to deploy MIDlet suites over a network. It is a method of distributing MIDlet suites.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

DoD 8500.2 MAC I?

A

High integrity and availability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

DoD 8500.2 MAC II?

A

High integrity and medium availability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

DoD 8500.2 MAC III?

A

Basic integrity and availability.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is a qualitative risk analysis?

A

A quick, high level analysis of risks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is a qualitative risk analysis?

A

A quick, high level analysis of risks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What does P0f do?

A

P0f is a passive OS fingerprinting tool that is used to identify the operating system of a target host simply by examining captured packets even when the device is behind a packet firewall.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What does P0f do?

A

P0f is a passive OS fingerprinting tool that is used to identify the operating system of a target host simply by examining captured packets even when the device is behind a packet firewall.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is SuperScan?

A

SuperScan is a TCP/UDP port scanner. It also works as a ping sweeper and hostname resolver. It can ping a given range of IP addresses and resolve the host name of the remote system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is NBTscan?

A

NBTscan is a scanner that scans IP networks for NetBIOS name information. It sends a NetBIOS status query to each address in a supplied range and lists received information in human readable form. It displays IP address, NetBIOS computer name, logged-in user name and MAC address of each responded host.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is a “user data constraint?

A

User data constraint is a security constraint element summarized in the Java Servlet Specification 2.4. It sets up a requirement to receive the constrained requests over a protected layer connection, such as TLS (Transport Layer Security). The user data constraint offers guarantee (NONE, INTEGRAL, and CONFEDENTIAL) for the transportation of data between client and server.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is phase 1 of DITSCAP?

A

The Phase 1 of DITSCAP C&A is known as Definition Phase. The goal of this phase is to define the C&A level of effort, identify the main C&A roles and responsibilities, and create an agreement on the method for implementing the security requirements. The Phase 1 starts with the input of the mission need. This phase comprises three process activities: Document mission need Registration Negotiation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is phase 1 of DITSCAP?

A

The Phase 1 of DITSCAP C&A is known as Definition Phase. The goal of this phase is to define the C&A level of effort, identify the main C&A roles and responsibilities, and create an agreement on the method for implementing the security requirements. The Phase 1 starts with the input of the mission need. This phase comprises three process activities: Document mission need Registration Negotiation

17
Q

What are the risk response types?

A

Avoid
Transfer
Mitigate
Accept

18
Q

What are the risk response types?

A

Avoid
Transfer
Mitigate
Accept

19
Q

What is 2Mosaic?

A

2Mosaic is a tool used for watermark breaking. It is an attack against a digital watermarking system. In this type of attack, an image is chopped into small pieces and then placed together. When this image is embedded into a web page, the web browser renders the small pieces into one image.

20
Q

What is the teardrop attack?

A

Teardrop is an attack with IP fragments that cannot be reassembled. In this attack, corrupt packets are sent to the victim’s computer by using IP’s packet fragmentation algorithm. As a result of this attack, the victim’s computer might hang.

21
Q

What is RPO?

A

Recovery Point Objective.

The Recovery Point Objective (RPO) describes the acceptable amount of data loss measured in time. It is the point in time to which data must be recovered as defined by the organization. The RPO is generally a definition of what an organization determines is an “acceptable loss” in a disaster situation.

22
Q

What is phase 3 of DITSCAP?

A

The Phase 3 of DITSCAP C&A is known as Validation. The goal of Phase 3 is to validate that the preceding work has produced an IS that operates in a specified computing environment.

23
Q

What is Exposure Factor?

A

Exposure Factor is represented in the impact of the risk over the asset, or percentage of asset lost.

24
Q

What is Exposure Factor?

A

Exposure Factor is represented in the impact of the risk over the asset, or percentage of asset lost.

25
Q

What is the pipes and filters architecture style?

A

In the pipes and filters architecture style, a device receives input from connectors and generates transformed outputs.

26
Q

What is the pipes and filters architecture style?

A

In the pipes and filters architecture style, a device receives input from connectors and generates transformed outputs.

27
Q

What is phase 2 of DITSCAP?

A

The Phase 2 of DITSCAP C&A is known as Verification. The goal of this phase is to obtain a fully integrated system for certification testing and accreditation. This phase takes place between the signing of the initial version of the SSAA and the formal accreditation of the system.

28
Q

What is phase 2 of DITSCAP?

A

The Phase 2 of DITSCAP C&A is known as Verification. The goal of this phase is to obtain a fully integrated system for certification testing and accreditation. This phase takes place between the signing of the initial version of the SSAA and the formal accreditation of the system.

29
Q

What is “Sherwood Applied Business Security Architecture”?

A

SABSA (Sherwood Applied Business Security Architecture) is a framework and methodology for Enterprise Security Architecture and Service Management. SABSA is a model and a methodology for developing risk-driven enterprise information security architectures and for delivering security infrastructure solutions that support critical business initiatives. The primary characteristic of the SABSA model is that everything must be derived from an analysis of the business requirements for security, especially those in which security has an enabling function through which new business opportunities can be developed and exploited.

30
Q

What is the difference between DITSCAP and NIACAP?

A

and a management structure to certify and accredit systems that maintain the information assurance and the security posture of a system or site. Answer: D is incorrect. DITSCAP is a process, which establishes a standard process, a set of activities, general task descriptions, and a management structure to certify and accredit the IT systems that will maintain the required security posture.

31
Q

What is the difference between DITSCAP and NIACAP?

A

and a management structure to certify and accredit systems that maintain the information assurance and the security posture of a system or site. Answer: D is incorrect. DITSCAP is a process, which establishes a standard process, a set of activities, general task descriptions, and a management structure to certify and accredit the IT systems that will maintain the required security posture.

32
Q

What are the objectives of a security program?

A

The first action of a management program to implement information security is to have a security program in place. The objectives of a security program are as follows: Protect the company and its assets Manage risks by identifying assets, discovering threats, and estimating the risk Provide direction for security activities by framing of information security policies, procedures, standards, guidelines and baselines Information classification Security organization Security education

33
Q

What is ESAPI?

A

ESAPI (Enterprise Security API) is a group of classes that encapsulate the key security operations, needed by most of the applications. It is a free, open source, Web application security control library. ESAPI provides an easy way to programmers for writing lower-risk applications and retrofitting security into an existing application. It offers a solid foundation for new development