Practice test Flashcards
The Brewer-Nash model
Chinese wall-Conflicts of interest pertain to accessing company-sensitive information from different companies that are in direct competition with one another
The Digital Signature Standard approves three encryption algorithms for use in digital signatures
the Digital Signature Algorithm (DSA); the Rivest, Shamir, Adleman (RSA) algorithm; and the Elliptic Curve DSA (ECDSA) algorithm.
In the subject/object model of access control, the user or process making the request for a resource is the …..of that request. In this example, Harry is requesting resource access and is, therefore, the subject.
subject
The use of a sandbox is an example of ……
confinement
What concept describes the degree of confidence that an organization has that its controls satisfy security requirements
Assurance
The Simple Integrity Property
states that an individual may not read a file classified at a lower security level than the individual’s security clearance.
The Trusted Platform Module (TPM)
is a hardware security technique that stores an encryption key on a chip on the motherboard and prevents someone from accessing an encrypted drive by installing it in another computer.
A preaction fire suppression system activates in two steps.
The pipes fill with water once the early signs of a fire are detected. The system does not dispense water until heat sensors on the sprinkler heads trigger the second phase.
The *-Security Property
The *-Security Property states that an individual may not write to a file at a lower classification level than that of the individual. This is also known as the confinement property
The Diffie-Hellman algorithm allows
allows for the secure exchange of symmetric encryption keys over a public network.
Protection Profiles (PPs) specify the ……… and protections that must be in place for a product to be accepted under the ….
security requirements &Common Criteria.
……. says that a cryptographic system should be secure even if everything about the system, except the key, is public knowledge.
Kerckhoff’s principle
The *-Integrity Property
states that a subject cannot modify an object at a higher integrity level than that possessed by the subject.
Covert channel
A method used to pass information over a path not normally used for communication.
Time of use:
The time at which a subject can access an object.
Parameter checking
A method that can help prevent buffer overflow attacks.
Race condition
The exploitation of difference between time of check and time of use.
The Ready state is used when
a process is prepared to execute but the CPU is not available
The Running state
is used when a process is executing on the CPU
The Waiting state
is used when a process is blocked waiting for an external event.
The Stopped state is
s used when a process terminates
EAL1 evaluation assurance level under the Common Criteria
EAL1 assurance applies when the system in question has been functionally tested. It is the lowest level of assurance under the Common Criteria.
Multistate systems
are certified to handle data from different security classifications simultaneously by implementing protection mechanisms that segregate data appropriately.
The verification process is similar to the certification process in that it validates security controls
Verification may go a step further by involving a third-party testing service and compiling results that may be trusted by many different organizations. Accreditation is the act of management formally accepting an evaluating system, not evaluating the system itself.
Process … ensures that any behavior will affect only the memory and resources associated with a process.
isolation
Class A fire extinguishers
are useful only against common combustible materials
Class B extinguishers are
are for liquid fires.
Class C extinguishers
are for electrical fires
Class D fire extinguishers
are for combustible metals.
The TEMPEST program
reates technology that is not susceptible to Van Eck phreaking attacks because it reduces or suppresses natural electromagnetic emanations.
Trusted Computing Base
is a small subset of the system contained within the kernel that carries out critical system activities.
What physical security control broadcasts false emanations constantly to mask the presence of true electromagnetic emanations from computing equipment
White noise
Multithreading
permits multiple tasks to execute concurrently within a single process. These tasks are known as threads and may be alternated between without switching processes.
Heartbeat sensors
send periodic status messages from the alarm system to the monitoring center. The monitoring center triggers an alarm if it does not receive a status message for a prolonged period of time, indicating that communications were disrupted.
Soda acid and other dry powder extinguishers work to remove the….
fuel supply
While halon and carbon dioxide remove the … supply from a fire.
oxygen
The of a ….of the limits set on the memory addresses and resources that the process may access.
bounds
….. motion detectors monitor the electromagnetic field in a monitored area, sensing disturbances that correspond to motion.
Capacitance
The …… is responsible for coordinating access to physical hardware and enforcing isolation between different virtual machines running on the same physical platform
hypervisor
The …model of composition theory occurs when one system provides input for a second system and then the second system provides input for the first system. This is a specialized case of the cascading model, so the feedback model is the most appropriate answer.
feedback
Data center humidity should be maintained between …and …. Values below this range increase the risk of static electricity, while values above this range may generate moisture that damages equipment.
40% and 60%
……uses a black box approach to hide the implementation details of an object from the users of that object.
Abstraction
Capability tables list the ……assigned to subjects and identify the objects that …… can access
privileges subjects
Access control lists….
are object-focused rather than subject-focused.
OAuth
is used to log into third-party websites using existing credentials
During the Kerberos authentication process, the steps take place in the following order
E. User provides authentication credentials C. Client/TGS key generated B. TGT generated A. Client/server ticket generated D. User accesses service
A …….is a transitive trust between parts of a domain tree or forest that shortens the trust path
shortcut trust
a …….is a transitive trust between two forest root domains,
forest trust
an … is a nontransitive trust between AD domains in separate forests.
external trust
Kerberos, Active Directory Federation Services (ADFS), and Central Authentication Services (CAS) are all ….implementations
SSO
When the owner of a file makes the decisions about who has rights or access privileges to it, they are using …….access control
discretionary
….controls would grant access based on a subject’s role
Role-based access
….. access controls apply a fixed set of rules to an environment to manage access. …. access controls include rule-, role-, and lattice-based access controls.
Nondiscretionary
Mandatory access control systems are based on a ……
lattice-based model.
….. is an AAA protocol used to provide authentication and authorization; it’s often used for modems, wireless networks, and network devices
RADIUS
…. is the Extensible Authentication Protocol, an authentication framework often used for wireless networks.
EAP
……..access controls match permissions to resources like a storage volume. Resource-based access controls are becoming increasingly common in cloud-based infrastructure as a service environments
Resource-based
By default, RADIUS uses …… and only encrypts passwords. RADIUS supports TCP and TLS, but this is not a default setting
UDP
…. occurs when users retain from roles they held previously rights they do not need to accomplish their current job
Privilege creep
…… occur when two or more processes need to access the same resource in the right order.
Race conditions
….. is a CPU architecture feature that allows the use of otherwise unused cycles,
out-of-order execution
The stored sample of a biometric factor is called a …….
reference profile or a reference template
……., is an XML-based language designed to allow platforms to generate and respond to provisioning requests
Service Provisioning Markup Language, or SPM
… is used to make authorization and authentication data
SAML
….. is used to describe access controls.
XACML
…. is a messaging protocol and could be used for any XML messaging but is not a markup language itself
SOAP, or Simple Object Access Protocol,
….. series of standards covers directory services.
The X.500
By default, in what format does OpenLDAP store the value of the user Password attribute
In the clear
….errors occur when a valid subject is not authenticated
Type 1
… errors occur in biometric systems when an invalid subject is incorrectly authenticated as a valid user
Type 2
….is the process of determining what a user is allowed to do
Authorization
When you input a username and password, you are ….. yourself by providing a unique identifier and a verification that you are the person who should have that identifier (the password)
authenticating
…… is the eXtensible Access Control Markup Language, not a type of attack
XACML
……… authentication relies on facts or data that the user already knows that can be used to create questions they can answer on an as-needed basis (for example, a previous address, or a school they attended).
Dynamic knowledge-based
……… relies on an alternate channel like a phone call or text message
Out-of-band identity proofing
…..authentication factors are biometric, or “something you are,” rather than knowledge based.
Type 3
…. are procedures and the policies from which they derive. They are based on regulations, requirements, and the organization’s own policies.
Administrative access controls
…. access controls return an environment to its original status after an issue
Corrective
…. are technical access controls that rely on hardware or software to protect systems and data.
Logical controls
…controls are used in addition to or as an alternative to other controls
Compensating
…… is a table that lists objects, subjects, and their privileges.
An access control matrix
….. focus on objects and which subjects can access them
Access control lists
…list subjects and what objects they can access.
Capability tables
….. supports TLS over TCP. ….does not have a supported TLS mode over
RADIUS
Verifying information that an individual should know about themselves using third-party factual information (a ….) is sometimes known as dynamic knowledge-based authentication
Type 1 authentication factor
Type 2 authentication factor
something u have
… is a federated identity solution designed to allow web-based SSO
Shibboleth
…..is a federated identity solution designed to allow web-based SSO
Shibboleth
…. is an open-source project designed to provide users with control over the release of their identity information.
Higgins
….. typically require a challenge to be entered on the token to allow it to calculate a response, which the server compares to the response it expects.
Asynchronous tokens
….., such as Google Authenticator, use a time-based algorithm that generates a constantly changing series of codes
Synchronous soft tokens
…. for LDAP provides support for a range of authentication types, including secure methods
The Simple Authentication and Security Layer (SASL)
…. controls help cover for issues with primary controls or improve them
Compensation
….. which is used to return operations to normal function after a failure.
recovery control,
…. testing modifies a program in small ways and then tests that mutant to determine if it behaves as it should or if it fails. This technique is used to design and test software tests through mutation
Mutation
… code analysis and regression testing are both means of testing code, whereas code auditing is an analysis of source code rather than a means of designing and testing software tests.
Static
….are document-based artifacts like policies or designs,
Specifications
…are actions that support an information system that involves people,
activities
an …….is one or more people applying specifications, mechanisms, or activities.
individual
A …. or … box penetration test provides all of the information an attacker needs,
crystal
A …. or … box penetration test provides all of the information an attacker needs,
crystal
WPA2 enterprise uses …… authentication for users rather than a preshared key.
RADIUS
…. is used to ensure that software modules properly meet interface specifications and thus will properly exchange data.
Interface testing
…. tests software in a running environment
Dynamic testing
…..fuzzing relies on models for application input and conducts fuzzing attacks based on that information
Generational
… based fuzzers are sometimes called “dumb” fuzzers because they simply mutate or modify existing data samples to create new test samples.
Mutation
…. logs are used in troubleshooting specific software packages as they perform their functions
trace
…., also often called network flows, are captured to provide insight into network traffic for security, troubleshooting, and performance management.
Flows
….ogging provides information about events on the routers
Audit
A …….is often used to provide insight into how well testing covered the set of use cases that an application is being tested for.
test coverage analysis
Testing how a system could be ….., focuses on behaviors that are not what the organization desires or that are counter to the proper function of a system or application
misused, or misuse testing
….. is used to verify whether a desired functionality works.
Use case testing
….is used to determine how code handles variables that change over time
Dynamic testing
…… uses emulated or recorded transactions to monitor for performance changes in response time, functionality, or other performance monitors
Synthetic monitoring
…… uses a span port or other method to copy traffic and monitor it in real time.
Passive monitoring
……. is a passive monitoring technique that records user interaction with an application or system to ensure performance and proper application behavior.
Real user monitoring (RUM)
…. can help identify rogue devices by capturing MAC address vendor
Passive scanning
…. which is a type of functional or unit testing, tests to ensure that changes have not introduced new issues
Regression testing,
… testing checks to see whether a change has had the effect it was supposed to,
Nonregression
…focuses on simple problems with impact on critical functionality
smoke testing
……a vulnerability is a commonly used key performance indicator for security teams
Time to remediate
….. measures how long a packet can exist in hops,
Time to live
….. is a measure used to determine how important a service or system is to an organization
business criticality
…… are used to measure how effective code testing is
coverage rates
…… are used to measure how effective code testing is
coverage rates
…… are all important to test when performing software testing
Application programming interfaces (APIs), user interfaces (UIs), and physical interfaces
….is used to describe the security condition of a system
The Open Vulnerability and Assessment Language (OVAL)
……..is used to create security checklists in a standardized fashion.
The Extensible Configuration Checklist Description Format (XCCDF)
……is titled “Assessing Security and Privacy Controls in Federal Information Systems and Organizations: Building Effective Assessment Plans,” and covers methods for assessing and measuring controls.
NIST SP 800-53A
….. is an introduction to computer security
NIST 800-12
… covers contingency planning,
800-34
….is the “Guide to Integrating Forensic Techniques into Incident Response.
800-86
…. is a detailed code review that steps through planning, overview, preparation, inspection, rework, and follow-up phases.
Fagan testing
….. involves testing system or application components to ensure that they work properly together.
Interface testing
……… component of SCAP provides a consistent way to refer to operating systems and other system components
The Common Platform Enumeration (CPE)
…….helps describe the root causes of software flaws
The Common Weaknesses Enumeration (CWE) component
….. standardizes steps of the vulnerability assessment process.
The Open Vulnerability and Assessment Language (OVAL)
Windows defines five types of events: …, which indicate a significant problem; … which may indicate future problems;.., which describes successful operation; …, which record successful security accesses; and ….audits, which record failed security access attempts.
errors,warnings, information,success audits,failure
…coverage tests verify that every line of code was executed during the test.
Statement
… verifies that every if statement was executed under all if and else if conditions
Branch coverage
….coverage verifies that every logical test in the code was executed under all sets of inputs.
Condition
…coverage verifies that every function in the code was called and returns results.
Function
… is the process of reviewing code without running it.
Static analysis
…… use language beyond typical use case diagrams, including threatens and mitigates
Misuse case diagrams
….are the documents associated with the system being audited. …. generally include policies, procedures, requirements, and designs.
Specifications
…. is a description of the level of interaction between objects
Coupling
….is the strength of the relationship between the purposes of methods within the same class.
Cohesion
…… attacks exploit the trust that sites have in a user’s browser by attempting to force the submission of authenticated requests to third-party sites.
Cross-site request forgery (XSRF or CSRF)
…. summarize large amounts of data and provide only summary information as a result. When carefully crafted… may unintentionally reveal sensitive information.
Aggregate functions
…. summarize large amounts of data and provide only summary information as a result. When carefully crafted… may unintentionally reveal sensitive information.
Aggregate functions
…. ensures that records exist in a secondary table when they are referenced with a foreign key from another table. Foreign keys are the mechanism used to enforce ….
Referential integrity
…. ensures that records exist in a secondary table when they are referenced with a foreign key from another table. Foreign keys are the mechanism used to enforce ….
Referential integrity
….l ensures that changes to software versions are made in accordance with the change and …..
Configuration contro
… is a security issue that arises when a collection of facts has a higher classification than the classification of any of those facts standing alone
Aggregation
An ….problem occurs when an attacker can pull together pieces of less sensitive information and use them to derive information of greater sensitivity
inference
….configuration may be appropriate in this case. In this configuration, the firewall would continue to pass traffic without inspection while it is restarting. This would minimize downtime, and the traffic would still be protected by the other security controls described in the scenario
A fail open
… that user-supplied input does not violate security conditions and is the most effective defense against cross-site scripting attacks.
Input validation verifies
… is a form of input validation, but it is used to ensure that numeric input falls within an acceptable range and is not applicable against cross-site scripting attacks
Bounds checking
… requires that once a transaction is committed to the database it must be preserved
Durability
…. ensures that if any part of a database transaction fails, the entire transaction must be rolled back as if it never occurred.
Atomicity
… ensures that all transactions are consistent with the logical rules of the database, such as having a primary key.
Consistency
….reviews are often done via email or using a central code review system, allowing developers to review code asynchronously.
Pass around
is a formal review process that would involve both the developer and a team to review the code using a formal process.
Fagan inspection
….occur when one transaction writes a value to the database that overwrites a value needed by transactions that have earlier precedence, causing those transactions to read an incorrect value.
Lost updates
…occur when one transaction reads a value from a database that was written by another transaction that did not commit
Dirty reads
….charts use nodes to represent milestones or deliverables and then show the estimated time to move between milestones
PERT
….. use a different format with a row for each task and lines showing the expected duration of the task.
Gantt charts
…… structures are an earlier deliverable that divides project work into achievable tasks. Wireframe diagrams are used in web design.
Work breakdown
…….. is performed after developers make changes to an application. It reruns a number of test cases and compares the results to baseline results. Orthogonal array testing is a method for generating test cases based on statistical analysis
Regression testing
… uses records of past software bugs to inform the analysis
Pattern testing
….develops a matrix of all possible inputs and outputs to inform the test plan.
Matrix testing
….testing is a method for generating test cases based on statistical analysis
Orthogonal array
…..attacks may take advantage of the use of reflected input in a web application where input provided by one user is displayed to another user.
Cross-site scripting (XSS)
….nti-malware software has a higher likelihood of detecting a zero-day exploit than signature-based methods. Heuristic-based software does not require frequent signature updates because it does not rely upon monitoring systems for the presence of known malware. The trade-off with this approach is that it has a higher false positive rate than signature detection methods.
Heuristic-based a
….. store is an example of a NoSQL database that does not follow a relational or hierarchical model like traditional databases. A graph database is another example of a NoSQL database, but it uses nodes and edges to store data rather than keys and values.
A key-value
… approach prevents any activity from taking place during a system security failure and is the most conservative approach to failure management.
The fail closed
…. allows the storage of multiple different pieces of information in a database at different classification levels to prevent attackers from inferring anything about the absence of information
Polyinstantiation
….viruses use multiple propagation mechanisms to spread between systems. This improves their likelihood of successfully infecting a system because it provides alternative infection mechanisms that may be successful against systems that are not vulnerable to the primary infection mechanism.
Multipartite
A …..is a false vulnerability in a system that may attract an attacker
pseudoflaw
A ….. is a segment of unused network address space that should have no network activity and, therefore, may be easily used to monitor for illicit activity
darknet
……separates the control plane from the data plane.
Software-defined networking
….. contain an entry for every network communication session that took place on a network and can be compared to a list of known malicious hosts.
netflow
is used to ensure that one person does not obtain two privileges that would create a potential conflict
segregation of duties
…… is a term used to describe the unintentional accumulation of privileges over time, also known as privilege creep
Aggregation
… performs four functions. One of those, write blocking, intercepts write commands sent to the device and prevents them from modifying data on the device. The other three functions include returning data requested by a read operation, returning access-significant information from the device, and reporting errors from the device back to the forensic host.
A forensic disk controller
The ….on will then copy all files modified since the last full backup.
differential backup
….. framework focuses on IT service management.
The IT Infrastructure Library (ITIL)
….provides a common core of project management expertise
The Project Management Body of Knowledge (PMBOK)
…. focuses on IT architecture issues.
The Open Group Architecture Framework (TOGAF)
An attack committed against an organization by an insider, such as an employee, is known as …
sabotage.
… identifies the maximum amount of data, measured in time, that may be lost during a recovery effort
The recovery point objective (RPO)
…. environment, the vendor is responsible for hardware- and network-related responsibilities. These include configuring network firewalls, maintaining the hypervisor, and managing physical equipment. The customer retains responsibility for patching operating systems on its virtual machine instances.
In an infrastructure as a service
…. environment, the vendor is responsible for hardware- and network-related responsibilities. These include configuring network firewalls, maintaining the hypervisor, and managing physical equipment. The customer retains responsibility for patching operating systems on its virtual machine instances.
In an infrastructure as a service
…. is the set of systems that could cause a collision if they transmitted at the same time.
A collision domain
….. protocols use metrics including the direction and distance in hops to remote networks to make decisions. ….routing protocol considers the shortest distance to a remote network
Distance-vector,A link-state
…. is a distributed denial-of-service attack (DDoS) that spoofs a victim’s IP address to systems using an IP broadcast, resulting in traffic from all of those systems to the target.
Smurf attack
…. is a distributed denial-of-service attack (DDoS) that spoofs a victim’s IP address to systems using an IP broadcast, resulting in traffic from all of those systems to the target.
Smurf attack
…… can operate at speeds over 200 Mbps, and it can operate on both the 2.4 and 5 GHz frequency range. .. ..operates at 54 Mbps using the 2.4 GHz frequency range, and … is capable of 1 Gbps using the 5 GHz range. 802.11a and b are both outdated and are unlikely to be encountered in modern network installations.
802.11n,802.11g,802.11ac
…… can operate at speeds over 200 Mbps, and it can operate on both the 2.4 and 5 GHz frequency range. .. ..operates at 54 Mbps using the 2.4 GHz frequency range, and … is capable of 1 Gbps using the 5 GHz range. 802.11a and b are both outdated and are unlikely to be encountered in modern network installations.
802.11n,802.11g,802.11ac
802.1x provides …… authentication and can be used with technologies like EAP, the Extensible Authentication Protocol. 802.11a is a wireless standard, 802.3 is the standard for Ethernet, and 802.15.1 was the original Bluetooth IEEE standard.
port-based,
SPIT stands for Spam over Internet Telephony and targets ….
VoIP systems.
SPIT stands for Spam over Internet Telephony and targets ….
VoIP systems.
