Other stuff

Question 1

What is the Compliance Rule wrt DRM?

Answer 1

The Compliance rule specifies the behaviors of the DRM implementation and any applications that are accessing the implementation. The compliance rule specifies the following elements: Definition of specific license rights Device requirements Revocation of license path or penalties when the implementation is not robust enough or noncompliant Answer: B is incorrect. Over- the- air provisioning is a mechanism to deploy MIDlet suites over a network. It is a method of distributing MIDlet suites. MIDlet suite providers install their MIDlet suites on Web servers and provide a hypertext link for downloading. A user can use this link to download the MIDlet suite either through the Internet microbrowser or through WAP on his device. Answer: C is incorrect. An access control is a system, which enables an authority to control access to areas and resources in a given physical facility, or computer-based information system. Access control system, within the field of physical security, is generally seen as the second layer in the security of a physical structure. It refers to all mechanisms that control visibility of screens, views, and data within Siebel Business Applications.

Question 2

What is the Compliance Rule wrt DRM?

Answer 2

The Compliance rule specifies the behaviors of the DRM implementation and any applications that are accessing the implementation. The compliance rule specifies the following elements: Definition of specific license rights Device requirements Revocation of license path or penalties when the implementation is not robust enough or noncompliant Answer: B is incorrect. Over- the- air provisioning is a mechanism to deploy MIDlet suites over a network. It is a method of distributing MIDlet suites. MIDlet suite providers install their MIDlet suites on Web servers and provide a hypertext link for downloading. A user can use this link to download the MIDlet suite either through the Internet microbrowser or through WAP on his device. Answer: C is incorrect. An access control is a system, which enables an authority to control access to areas and resources in a given physical facility, or computer-based information system. Access control system, within the field of physical security, is generally seen as the second layer in the security of a physical structure. It refers to all mechanisms that control visibility of screens, views, and data within Siebel Business Applications.

Question 3

What are the four phases of a DITSCAP assessment?

Answer 3

Definition, Verification, Validation, and Post Accreditation

Question 4

What is OTA provisioning?

Answer 4

Over- the- air provisioning is a mechanism to deploy MIDlet suites over a network. It is a method of distributing MIDlet suites.

Question 5

DoD 8500.2 MAC I?

Answer 5

High integrity and availability

Question 6

DoD 8500.2 MAC II?

Answer 6

High integrity and medium availability

Question 7

DoD 8500.2 MAC III?

Answer 7

Basic integrity and availability.

Question 8

What is a qualitative risk analysis?

Answer 8

A quick, high level analysis of risks.

Question 9

What is a qualitative risk analysis?

Answer 9

A quick, high level analysis of risks.

Question 10

What does P0f do?

Answer 10

P0f is a passive OS fingerprinting tool that is used to identify the operating system of a target host simply by examining captured packets even when the device is behind a packet firewall.

Question 11

What does P0f do?

Answer 11

P0f is a passive OS fingerprinting tool that is used to identify the operating system of a target host simply by examining captured packets even when the device is behind a packet firewall.

Question 12

What is SuperScan?

Answer 12

SuperScan is a TCP/UDP port scanner. It also works as a ping sweeper and hostname resolver. It can ping a given range of IP addresses and resolve the host name of the remote system.

Question 13

What is NBTscan?

Answer 13

NBTscan is a scanner that scans IP networks for NetBIOS name information. It sends a NetBIOS status query to each address in a supplied range and lists received information in human readable form. It displays IP address, NetBIOS computer name, logged-in user name and MAC address of each responded host.

Question 14

What is a “user data constraint?

Answer 14

User data constraint is a security constraint element summarized in the Java Servlet Specification 2.4. It sets up a requirement to receive the constrained requests over a protected layer connection, such as TLS (Transport Layer Security). The user data constraint offers guarantee (NONE, INTEGRAL, and CONFEDENTIAL) for the transportation of data between client and server.

Question 15

What is phase 1 of DITSCAP?

Answer 15

The Phase 1 of DITSCAP C&A is known as Definition Phase. The goal of this phase is to define the C&A level of effort, identify the main C&A roles and responsibilities, and create an agreement on the method for implementing the security requirements. The Phase 1 starts with the input of the mission need. This phase comprises three process activities: Document mission need Registration Negotiation

Question 16

What is phase 1 of DITSCAP?

Answer 16

The Phase 1 of DITSCAP C&A is known as Definition Phase. The goal of this phase is to define the C&A level of effort, identify the main C&A roles and responsibilities, and create an agreement on the method for implementing the security requirements. The Phase 1 starts with the input of the mission need. This phase comprises three process activities: Document mission need Registration Negotiation

Question 17

What are the risk response types?

Answer 17

Avoid
Transfer
Mitigate
Accept

Question 18

What are the risk response types?

Answer 18

Avoid
Transfer
Mitigate
Accept

Question 19

What is 2Mosaic?

Answer 19

2Mosaic is a tool used for watermark breaking. It is an attack against a digital watermarking system. In this type of attack, an image is chopped into small pieces and then placed together. When this image is embedded into a web page, the web browser renders the small pieces into one image.

Question 20

What is the teardrop attack?

Answer 20

Teardrop is an attack with IP fragments that cannot be reassembled. In this attack, corrupt packets are sent to the victim’s computer by using IP’s packet fragmentation algorithm. As a result of this attack, the victim’s computer might hang.

Question 21

What is RPO?

Answer 21

Recovery Point Objective.

The Recovery Point Objective (RPO) describes the acceptable amount of data loss measured in time. It is the point in time to which data must be recovered as defined by the organization. The RPO is generally a definition of what an organization determines is an “acceptable loss” in a disaster situation.

Question 22

What is phase 3 of DITSCAP?

Answer 22

The Phase 3 of DITSCAP C&A is known as Validation. The goal of Phase 3 is to validate that the preceding work has produced an IS that operates in a specified computing environment.

Question 23

What is Exposure Factor?

Answer 23

Exposure Factor is represented in the impact of the risk over the asset, or percentage of asset lost.

Question 24

What is Exposure Factor?

Answer 24

Exposure Factor is represented in the impact of the risk over the asset, or percentage of asset lost.

Question 25

What is the pipes and filters architecture style?

Answer 25

In the pipes and filters architecture style, a device receives input from connectors and generates transformed outputs.

Question 26

What is the pipes and filters architecture style?

Answer 26

In the pipes and filters architecture style, a device receives input from connectors and generates transformed outputs.

Question 27

What is phase 2 of DITSCAP?

Answer 27

The Phase 2 of DITSCAP C&A is known as Verification. The goal of this phase is to obtain a fully integrated system for certification testing and accreditation. This phase takes place between the signing of the initial version of the SSAA and the formal accreditation of the system.

Question 28

What is phase 2 of DITSCAP?

Answer 28

The Phase 2 of DITSCAP C&A is known as Verification. The goal of this phase is to obtain a fully integrated system for certification testing and accreditation. This phase takes place between the signing of the initial version of the SSAA and the formal accreditation of the system.

Question 29

What is “Sherwood Applied Business Security Architecture”?

Answer 29

SABSA (Sherwood Applied Business Security Architecture) is a framework and methodology for Enterprise Security Architecture and Service Management. SABSA is a model and a methodology for developing risk-driven enterprise information security architectures and for delivering security infrastructure solutions that support critical business initiatives. The primary characteristic of the SABSA model is that everything must be derived from an analysis of the business requirements for security, especially those in which security has an enabling function through which new business opportunities can be developed and exploited.

Question 30

What is the difference between DITSCAP and NIACAP?

Answer 30

and a management structure to certify and accredit systems that maintain the information assurance and the security posture of a system or site. Answer: D is incorrect. DITSCAP is a process, which establishes a standard process, a set of activities, general task descriptions, and a management structure to certify and accredit the IT systems that will maintain the required security posture.

Question 31

What is the difference between DITSCAP and NIACAP?

Answer 31

and a management structure to certify and accredit systems that maintain the information assurance and the security posture of a system or site. Answer: D is incorrect. DITSCAP is a process, which establishes a standard process, a set of activities, general task descriptions, and a management structure to certify and accredit the IT systems that will maintain the required security posture.

Question 32

What are the objectives of a security program?

Answer 32

The first action of a management program to implement information security is to have a security program in place. The objectives of a security program are as follows: Protect the company and its assets Manage risks by identifying assets, discovering threats, and estimating the risk Provide direction for security activities by framing of information security policies, procedures, standards, guidelines and baselines Information classification Security organization Security education

Question 33

What is ESAPI?

Answer 33

ESAPI (Enterprise Security API) is a group of classes that encapsulate the key security operations, needed by most of the applications. It is a free, open source, Web application security control library. ESAPI provides an easy way to programmers for writing lower-risk applications and retrofitting security into an existing application. It offers a solid foundation for new development