Practice B Flashcards
the now defunct Department of Defense standard that described computer system security was ___, aka Orange Book, which was later supplemented with a standard for Network security called ___, aka Red Book. This became the basis for the European standard called ___ now used internationally
TCSEC; Trusted Network Interpretation; ITSEC
the ___ is an international standard used to test the security of IT products. It assigns an ___ to each product tested
International Common Criteria; Evaluation Assurance Level (EAL)
TLS was introduced after SSL was found to be vulnerable to the ___ exploit
POODLE
a ___ attack can be used to hide a spoofing attack
DoS
the ___ is a common standard for describing vulnerabilities, and the ___ provides a naming system for those vulnerabilities
Security Content Automation Protocol (SCAP);
Common Vulnerabilities and Exposures (CVE)
switches forward ___ of data and use ___ to make forwarding decisions, they also divide a network into separate ___ domains
Frames (and multicast frames); MAC addresses of the destination device; collision
the Business Continuity Plan Policy statement should be written by ___
C-level executives
only RIPv2 supports ___ authentication
MD5
___, aka Orange Book was used to ___, whereas the ___ is concerned with IT product security standards
TCSEC; evaluate security systems; International Common Criteria
ITSEC begins by describing what is included in the ___, which includes all components of a system responsible for security
Trusted Computing Base (TCB)
Remote Procedure Calls (RPC) are handled by OSI layer ___
Session (remotely initiates a session)
transient authentication refers to ___
something you have
a ___ fire suppression system is actually safer than a FM-200 system in a data center
FE-13
___ can not only detect a TCP flood, but reset the connection
Network Based Intrusion Detection System (NIDS)
___ in Object Oriented Programming allows data to be processed differently depending on the data type
polymorphism
