Practice Test 2 Flashcards
another name for an asynchronous attack
TOC/TOU time-of-check/time-of-use attack; attack happens when an attacker interrupts a task and changes something to affect the result. Tasks occur in the correct order, but data transmitted by the tasks is changed in some manner.
/etc/hosts.equiv file on a UNIX system poses a security risk because …
it allows all users to connect remotely without authenticating. It is used if the authentication on the remote systems is equivalent to the local system. Remove this file if you don’t plan to use it.
certification path validation
checks the authenticity of the certificates in the certification path
three functions of cross certification
primarily for building a trust relationship between different certification hierarchies when users belonging to different hierarchies are required to communicate and might require authentication for legitimate connections. process implies the establishment of a trust relationship between two certificate authorities (CAs) through the signing of another CA’s public key in a certificate referred to as a cross certificate. used to establish trust between different PKIs and build an overall PKI hierarchy. Allows users to validate each other’s certificate when they are certified under different certification hierarchies.
develop the continuity planning policy statement
the first step that needs to be completed during the initiation phase of a business continuity plan
focused on minimizing property damage and preventing loss of life
disaster recovery plan is concerned with personnel safety and resuming operations
policies that provide protection against remote maintenance PBX attacks
turn off the remote maintenance features when not needed, use strong authentication on the remote maintenance ports, keep PBX terminals in a locked, restricted area, replace or disable embedded logins and passwords
tool assists in app dev design layout as part of application development life cycle
CASE Computer-aided software engineering is the use of software tools to assist in the development and maintenance of application software
Delphi
technique of expert judgment that ensures each member in a group decision-making process provides an honest opinion on the subject matter in question
When is Delphi used and how?
Experts document their views in writing, papers are collected, and final decisions based on majority. Used in risk assessment process and to estimate the cost of a software development project
Spiral
software development model based on the waterfall model; analyze risks, build prototypes, and simulate the application tasks in phases of the development cycle
What do operational controls do?
Controls check the software to test if there are security compromises or not
What are components of operational software controls?
backup controls, software testing, and anti-virus management
What are examples of operational controls?
Trusted recovery procedures, audit trails, configuration management
Mitigation for time of use/time of check attack
ensure that critical sets of information are executed in order and in entirety or rolled back or prevented from making any changes
Mitigation for maintenance hooks
encrypt all sensitive information in the system, implement auditing to supplement IDS, and use a host based IDS to record any attempt to access the system using these hooks
covert storage channel
one process writes data to hard drive and another process reads it
covert storage attack
higher level subject writes data and a lower level subject reads it
covert timing channel
process transmits data to another process
overt channel
developed for communication; processes should use overt and not covert channels; overt channels do not have divided categories like timing and storage channels
Function of the Session layer in the OSI model
data synchronization; establishes and maintains dialogue or sessions between two computers on the network; communicates problems like file transfer errors
Function of the Network layer in the OSI model
logical network addressing and routing; in the TCP/IP stack, IP provides network addressing and routing
Function of the Data Link layer in the OSI model
physical network addressing; network interface cards (NICs) are configured with media access control (MAC) addresses. A NIC’s MAC address is used by a network communications protocol on Ethernet or Token Ring architectures to identify the NIC on the network
Process of auditing and tracking changes to the trusted computing base
configuration management identifies controls and changes to the hardware, software, firmware changes throughout the lifecycle of an infrastructural asset
Four majors aspects of configuration management
configuration identification, configuration control, configuration status accounting, configuration auditing
media controls
labeling, handling, storage, and disposal of storage media
system controls
restrict the execution of instructions that can only be executed when the operating system is only running in supervisor or privileged mode
input and output controls
programming the application to accept only restricted and specific values as input to prevent errors and misuse by manipulation
Preventing conflict of interests and collusion
separation of duties
evaluating information to identify vulnerabilities, threats, risks, issues
due diligence
when an organization has taken the necessary steps to protect its organization, resources, and people
due care
Which class of IP network addresses has a value between 128 and 191 for the first octet?
Class B
Class B address class range
128 - 191
Class A address class range
0 - 126
Class C address class range
192-223
Class D address class range
224 - 239
Class E address class range
240 - 255
What is the 127 network address used for
loopback
Class A binary
the leftmost bit is zero
Class B binary
all addresses in binary start with 10
Class C binary
all addresses in binary start with 110
Class D binary
all addresses in binary start with 1110
Class E binary
all addresses in binary start with 11110
When are exigent circumstances used?
When evidence may be destroyed; police can seize the evidence before its destruction without a warrant and the judge will decide later if the seizure was proper and if the evidence can be admitted in court
Suppression substance for fire involving wood, paper, laminates
water and soda acid; Class A fire - soda acid removes the fuel while water reduces the temperature
Suppression substance for Class B and C fires
Class B or C fires; B has liquids: petroleum products and coolants; C has electrical equipment and wiring; Suppress with halon and carbon dioxide - used in unattended facilities because it is harmful to humans - CO2 is corrosive and not to be used in computer facility fire suppression systems
less intrusive biometrics access control
voice print; fingerprint can be used by law enforcement; iris and retinal scans seem more invasive
easiest password type to remember
passphrase; static is more difficult because the passphrase can be a full sentence
dynamic password
software generated password
synchronous dynamic password
must be used within a fixed timeframe
asychronous dynamic password
does not need to fit in a fixed timeframe