Practice B Flashcards
the now defunct Department of Defense standard that described computer system security was ___, aka Orange Book, which was later supplemented with a standard for Network security called ___, aka Red Book. This became the basis for the European standard called ___ now used internationally
TCSEC; Trusted Network Interpretation; ITSEC
the ___ is an international standard used to test the security of IT products. It assigns an ___ to each product tested
International Common Criteria; Evaluation Assurance Level (EAL)
TLS was introduced after SSL was found to be vulnerable to the ___ exploit
POODLE
a ___ attack can be used to hide a spoofing attack
DoS
the ___ is a common standard for describing vulnerabilities, and the ___ provides a naming system for those vulnerabilities
Security Content Automation Protocol (SCAP);
Common Vulnerabilities and Exposures (CVE)
switches forward ___ of data and use ___ to make forwarding decisions, they also divide a network into separate ___ domains
Frames (and multicast frames); MAC addresses of the destination device; collision
the Business Continuity Plan Policy statement should be written by ___
C-level executives
only RIPv2 supports ___ authentication
MD5
___, aka Orange Book was used to ___, whereas the ___ is concerned with IT product security standards
TCSEC; evaluate security systems; International Common Criteria
ITSEC begins by describing what is included in the ___, which includes all components of a system responsible for security
Trusted Computing Base (TCB)
Remote Procedure Calls (RPC) are handled by OSI layer ___
Session (remotely initiates a session)
transient authentication refers to ___
something you have
a ___ fire suppression system is actually safer than a FM-200 system in a data center
FE-13
___ can not only detect a TCP flood, but reset the connection
Network Based Intrusion Detection System (NIDS)
___ in Object Oriented Programming allows data to be processed differently depending on the data type
polymorphism
running different VLAN’s on the same switch introduces the risk of ___
VLAN hopping
___ delegates 3rd party authenticated access to resources but doesn’t share password information
OAuth
although nonces are used in many protocols to introduce randomness and complexity, one application that doesn’t use them is ___
salting
a rainbow table attack is considered a type of ___ attack
brute force
a circuit-level firewall operates on OSI layer
5 - Session
only a ___ site can serve as part of a DR plan
hot
in a ___, a process with a lower security level can participate in an unauthorized exchange of sensitive information with a higher security level
covert storage channel
frequency analysis might be a good option for ___ cryptoanalysis
cipher text only
IPSec uses ___ to verify integrity of data packets
Authentication Headers (AH)
___ documents define the technical aspects of a security program, including any hardware and software that is required
standards