Putting it all together Flashcards
What is the HITRUST Common Security and Privacy Framework
HITRUST is an American Company working to have one framework, one certification, and one assessment as a globally recognized standard for exchanging attestations of trust between organizations public or private. HITRUST CSF normalizes the many different sets of security and privacy requirements, definitions, and controls, starting from the ISO/IEC 27000 family, U.S. government requirements, standards and guidelines such as NIST, HIPAA, and others, along with industry frameworks from COBIT and ITIL.
Why are security control frameworks different from other security governance frameworks
Security control frameworks (SCFs) provide the framework publishers’ minimum acceptable practices for implementation and operation of security controls within their span of activities. eg SWIFT PCI DSS
What actually is a framework?
Frameworks provide a set of principles upon which an organization builds its policies and processes.
Why is ISO 27000 not really applicable when adopting a framework?
Because ISO 27000 provides a general overview of the ISO “family” of standards. It includes such items as terms and definitions.
Within the U.S., the Health Insurance Portability and Accountability Act (HIPAA) was introduced to protect healthcare data. What framework was developed to support HIPAA?
HITRUST. The Common Security Framework (CSF).
Types of investigation
Administrative
Civil
Regulatory
Criminal investigation
International Organization of Standardization (ISO) 223XX Series
standards that define the requirements and guidelines of implementing a Business Continuity Management System in an organization
National Institute of Standards and Technology Special Publication 800-34
Contingency Planning Guide for Federal Information Systems,
What is the MAD
The maximum allowable downtime
BCDR What is read-through
A controlled, isolated role-playing activity, only involving those personnel tasked with disaster recovery or DR responsibilities and activities and a moderator. The participants should gather at a centralised location, such as a conference room, and bring all DR guidance materials
BCDR What is a walkthrough
in a walk-through, instead of staying around a conference table, the participants will walk to each of the locations they will need to visit for response activities, hence the name. They can still refer to written guidance and should be monitored by someone who can record any problems and successes. The walk-through is more beneficial than the tabletop exercise in terms of being able to assess physical limitations for response actions and establish timing for certain activities.
BCDR What is a simulation
A simulation can be thought of as a walk-through exercise with more complexity and involvement. A simulation might involve all personnel in each office or location participating in a scripted emergency situation. An example would be a fire drill where everyone evacuates from the worksite. Simulations can be much more expensive than tabletop or walk-through exercises because they involve more people and activity.
This is by far the most expensive BCDR exercise option, with the greatest impact to the organization and its stakeholders.
Simulation
Is running a parallel test a part of BC testing?
Yes, the business continuity test requires that we have solutions in place that allow business functions to continue. Testing the solution to see if it works would be considered a DR test.
A building evacuation test would be what type of test?
A DR test, as while the building is empty of staff there may be an interruption to business functions.
You are storing corporate data in the cloud. What would identify and control the type of media used to store the data?
A contract. The storage media is an example of one of the elements that might be included within the contract.
Your Internet Service Provider (ISP) has promised you a minimum download speed of 10Gbps. What document is designed to ensure compliance?
A service-level agreement (SLA). The contract will include levels of service.
Acceptable use policies (AUPs) detail, from the user’s expected perspective, the appropriate and approved usage of the organization’s assets, including the IT environment, devices, and data. Policy aspects commonly included in AUPs include the following except which one:
A. Data disclosure
B. Passwords
C. Ethical policies
D. Internet usage
The correct answer is C.
Ethical policies are not part of AUPs. The following policy aspects are commonly included in AUPs:
Data access
System access
Data disclosure
Passwords
Data retention
Internet usage
When should you use qualitative risk assessment
- Newness
- Uniqueness
When should you use quantitative risk assessment
Business process involved with the risks are well understood
Measurement techniques are available
Experience with the process in question will produce a large enough quantity of data samples
ALE = SLE x ARO
ALE = Annual loss expectancy
The annualized rate of occurrence (ARO) is the number of times per year a given impact is expected, expressed as a number.
The single loss expectancy (SLE) is the expected impact related to a particular risk (the risk being assessed).
There are various threat modeling tools, and one of the leading tools is
Microsoft STRIDE
These are the elements of STRIDE:
Spoofing identity: the type of threat wherein an attacker poses as an entity other than the attacker, often as an authorized user.
Tampering with data: when the attacker attempts to modify the target data in an unauthorized way.
Repudiation: when the attacker, as a participant of a transaction, can deny (or conceal) the attacker’s participation in that transaction.
Information disclosure: just like it sounds, this category can include both inadvertent release of data (where an authorized user discloses protected data accidentally to unauthorized users, or gains access to material that their authorization should not allow) and malicious access to data (an attacker getting unauthorized access).
Denial of service (DoS): an attack on the availability aspect of the CIA triad; creating a situation in the target where authorized users cannot get access to the system/application/data.
Elevation of privilege: when an attacker not only gains access to the target but also can attain a level of control with which to completely disable/destroy the entire target system.
Aside from STRIDE name two other threat models
OOCTAVE and TRIKE
Types of controls
Technical controls (firewalls)
Physical controls (walls fences guards locks)
Administrative controls
Security control categories
Directive
Deterrent
Preventative
Compensating
Detective
Corrective
Recover
What type of control is a badge system
Preventative and compensating
When selecting security and privacy controls, an organization can use various frameworks. According to NIST SP 800-37, Revision 2, the Select Step of the Risk Management Framework, there are two approaches that can be used for the initial selection of security and privacy controls
baseline control selection approach, or an organization-generated control selection approach.
The baseline control selection approach
uses control baselines, which are pre-defined sets of controls specifically assembled to address the protection needs of a group, organisation, or community of interest.
The organisation-generated control selection approach differs from the baseline selection approach because
the organisation does not start with a pre-defined set of controls. Rather, the organisation uses its own selection process to select controls.
When would organisation generated controls be necessary
when the system is highly specialized (like a weapons system or a medical device) or has limited purpose or scope (such as a smart meter). In these situations, it may be more efficient and cost-effective for an organization to select a specific set of controls for the system (a bottom-up approach) instead of starting with a pre-defined set of controls
Risk management key performance indicators
Time to detect (user behaviours, indicators of intrusion, intrusions)
Number of endpoints connected to systems that have required security updates and patches
numbers of systems with known exploitable vulnerabilities
The SSAE 16 standard details three types of reports intended for different uses; these are
the SOC reports
What are the differences between the SOC reports
SOC 1 is a financial audit report, SOC 2 is a security and controls report and SOC 3 report is similar to SOC 2 drafted to be presented to a general audience.
SOC 1 offers two types of reports: Type I and Type II. While Type I showcases that your company’s internal financial controls are properly described and designed at a point in time, a Type II report tests
the effectiveness of your controls over a period (for example, six months).
SOC 2 Type II compliance audit looks at
the effectiveness of the same controls over a period, say, six months or a year, and takes longer for service providers to prepare for it.
What are the four perspectives on risk
Asset Based
Outcomes-based
Vulnerability-based
Threat-based
What is the converse of risk acceptance
Risk avoidance
What is the difference between risk acceptance and residual risk
risk acceptance means that the organisation does nothing
What does Mitigate become with ISO 27005:2018
Modification
What does transfer become with ISO 27005:2018
Sharing
Risk exposure is a term that has three meanings in risk management.
An exposure window measures over the time of the likelihood or probability of occurrence of a risk event.
the fraction of an asset’s value or the outcome to an organization that is reduced by a single occurrence of a risk event
an estimate or a description of how certain risks are categorically much lower or higher than others for a given organisation or person eg. companies operating or not operating in Iran
In risk management what is FAIR
The factor analysis of information risk, FAIR, method provides a solid numerically straightforward and managerially simple way to make most risk assessment tasks start out quantitative and stay that way.
Where is FAIR used
It’s been integrated into the NIST CSF HITRUST and is fully compatible with ISO 31000, COBIT and COSO risk management frameworks.
What are the common areas of security learning
Education
Training
Awareness
What is the difference between Education and Training
Education is focussed on cause and effect
Training is about get a set of skills
What type of security learning might be provided by an academic institution?
Question options:
A) Education
B) Training
C) Awareness
D) All of the above
All of the above
The process of reviewing a system for compliance against a standard or baseline. Examples include audits of security controls, configuration baselines, and financial records
Audit or Auditing
Adherence to a mandate; both the actions demonstrating adherence and the tools, processes, and documentation that are used in adherence.
Compliance
An act that involves the use of information, information systems, or information technologies in ways that violate the laws that pertain to the system and the information in question.
Cybercrime
The natural person who is identified or described by the data.
Data subject
A legal and ethical duty owed by a provider to a customer, and the actions taken by provider to fulfill that duty
Due Care
Specific mandates explicitly stating expectations of performance or conformance. Standards can be defined by one entity and adopted by others, or may be internal mandates exclusive to an organization.
Standards
The phases that an asset goes through from creation (collection) to destruction.
Asset Lifecycle
The process of grouping sets of data, information, or knowledge that have comparable sensitivities (impact or loss ratings), and have similar security needs mandated by law, contracts, or other compliance regimes.
Categorisation
The process of recognizing the impacts to the organization if its information suffers any security compromise - to its confidentiality-, integrity-, availability-, non-repudiation-, authenticity-, privacy-, or safety-related characteristics.
Classification
The removal of sensitive data from storage devices in such a way that there is assurance the data may not be reconstructed using normal system functions or software recovery utilities.
Clearing
Eliminating data using a controlled, legally defensible, and regulatory compliant way.
Defensible destruction
The removal of sensitive data from a system or storage device with the intent that the data cannot be reconstructed by any known technique.
Purging
The process of jointly addressing business resiliency and restoration of critical infrastructure and functionality after a disruption.
Recovery
Limiting the general baseline recommendations by removing those that do not apply.
Scoping
The process by which a security control baseline is modified based on (i) the application of scoping guidance, (ii) the specification of compensating security controls, if needed, and (iii) the specification of organization-defined parameters in the security controls via explicit assignment and selection statements. Source: NIST SP 800-37 Rev 1
Tailoring
Means to ensure that access to assets is authorized and restricted based on business and security requirements related to logical and physical systems.
Access control system
This is achieved when the type I and type II are equal.
Crossover Error Rate (CER)
The individual or entity who is responsible to classify, categorize and permit access to the data.
Data owner / controller
Any entity, working on behalf or at the behest of the data controller, that processes data
Data processor
The individual that the PII refers to
Data Subject
The system owner decides who gets access.
Discretionary access control (DAC)
This is erroneous recognition either by confusing one user with another, or by accepting an imposter as a legitimate user.
False Acceptance Rate (Type II)
This is failure to recognize a legitimate user.
False Rejection Rate (Type I)
The process of collecting and verifying information about a person for the purpose of proving that a person who has requested an account, a credential, or other special privilege is indeed who he or she claims to be and establishing a reliable relationship that can be trusted electronically between the individual and said credential for purposes of electronic authentication.
Identity proofing
Non-physical system that allows access based upon pre-determined policies
Logical access control system
What is the data lifecycle
Create, store, use, share, archive and destroy
In data destruction what is CLEARING
usually involves writing multiple patterns
of random values throughout all storage
media (such as main memory, registers,
and fixed disks). This is sometimes called
“clobbering” or “zeroizing”
In data destruction what is PHYSICAL DESTRUCTION
Physical destruction of the device or
system is the ultimate remedy to data
remanence. Magnetic or optical disks and
some flash drive technologies may require
being mechanically shredded, chopped,
or broken up,
SP800-181 Rev. 1 discusses
National Initiative for Cybersecurity Education (NICE). SP800-207
Which NIST publication addresses the engineering-driven actions for defensible systems?
SP800-160
SP800-207 discusses
zero-trust architecture
SP800-210 discusses
access control guidance for cloud systems.
Is DES still strong? Why
No only 56 Bits
High-performance Computing (HPC) Systems Vulnerabilities
Latency constraints: Given the speed at which the parallel processes must communicate, traditional tools such as IDS/IPS or firewalls would impose unacceptable latency costs on the processes being performed.
Improper workloads: If compromised, the HPC’s time could be consumed by unauthorized workloads, constraining resources for legitimate tasks.
High-performance Computing (HPC) Systems Mitigations
Proper architectural design: Architecting secure computing enclaves and positioning detection tools around the perimeter of the
environment may compensate for the reduction in security controls within the HPC environment itself.
Appropriate monitoring and logging practices: Logging imposes a computational cost but is invaluable to determining accountability.
Proper design of logging environments and regular log reviews remains best practice regardless of the type of computer system
Some of the common vulnerabilities for edge systems are
Network compromise: Edge computing relies heavily on the proper operation of the network infrastructure. Denial of service and physical disruption of connectivity are only two of the many causes of compromise.
Increased attack surface: Expanding the number and diversity of devices increases the potential for one miscongured device or compromised link to provide a bridgehead for a bad actor
These mitigations should be applied to reduce the vulnerabilities of edge computing
Increased network monitoring and incident response
Strengthen inventory and accountability practices to limit sprawl, rogue devices and obsolete/abandoned equipment in the
infrastructure.
The following are three well-known types of ICS systems
Supervisory control and data acquisition (SCADA)
Distributed control systems (DCSs)
Programmable logic controllers (PLCs)
What is STRIDE
A threat modelling tool
What do the letters in STRIDE stand for
Spoofing
Tampering
Repudiation
Information disclosure
Denial of service
Elevation of privilege
Common vulnerabilities for Edge and Fog computing
Network compromise
Increased attack surface
What is IKE
Internet key exchange
(IKE) allows two devices to
“exchange” symmetric keys
for the use of encrypting in
an Authentication Header
(AH) or Encapsulating
Security Protocol (ESP)
Side channel attacks are
passive attacks that rely on a physical attribute of the implementation such as power consumption and emanations.
Algebraic attacks are
a class of attacks that rely on the math structure of certain block ciphers. Fault analysis attacks attempt to force the system into an error state to gain erroneous results.
Kerberos might be susceptible to which type of attack?
pass the hash
The key used in a cryptographic operation is also called
Cryptovariable
What kind of attack is aimed at the RSA algorithm specifically
Factoring attack
Risk Management
Framework, SP 800-37r2, serves as
The standard against which audits and
control assessments will be performed
This framework is widely used as a best
practice assessment standard
SP 800-37r2
This provides a customizable, flexible set of controls
that organizations can use to protect the security and privacy of information and information systems from a wide variety of threats and risks. It uses a functional approach, more so than a theoretical or conceptual one, to focus on the degree of assurance, or confidence that the controls use to achieve their purpose.
NIST SP 800-53 r5
NIST SP 800-171r1
Protecting Controlled Unclassified Information in
Nonfederal Systems and Organizations
Which of these is not the role of the system administrator?
A Configuring information systems
B Security management
C Applying secure networking
D Reporting incidents
B Security management
Not C Applying secure networking
What was the most recent control designed to protect the exchange of personal data between the US and the European union
Privacy Shield
Privacy shield replaced Safe Harbor which was struck down by the Court of Justice of the European Union (CJEU) because it did not provide sufficient protection - what happened then
Privacy Shield was later also struck down by the CJEU in July 2020.
What are the two NIST publications that deal with risk management
Special Publication 800-37, and 800-53
How many steps does the NIST cyber security framework have - name them
The five steps are identify (people, systems, data, assets), protect (select and deploy the appropriate safeguards and countermeasures), detect (events), respond (take the appropriate actions) and recover (restore systems, services and data).
Which cybersecurity framework provides a certifiable framework aimed at providing healthcare organizations a mechanism to demonstrate compliance is being provided in a constant manner?
CSF
Which amendment under U.S. law provides protection from unreasonable search and seizure
Fourth
NIST SP800-34
Contingency Planning
Guide for Federal Information Systems,
provides instructions, recommendations,
and considerations for federal information
system contingency planning
Compliance is
adherence to a mandate,
regardless of the source.
What is a CSA STAR evaluation
The Cloud Security Alliance
offers a registration program for cloud
providers called STAR. It can be self-
administered by the target organization
or conducted by a certified external
auditor, depending on the STAR Level
the target organization seeks
Which type of business continuity/disaster recovery testing involves all personnel in each office/location participating in a scripted emergency situation?
Simulation
Name an open-source threat modelling methodology from MIT
TRIKE
What are prudent actions
Prudent actions are generally considered as those that other people with similar backgrounds of experience, education, and authority would take in the same circumstances.
Policy aspects commonly included in AUPs include the following except which one:
A Passwords
B Data disclosure
C Internet usage
D Ethical policies
Ethical Policies
What type of testing might be used to evaluate program effectiveness?
Log reviews
Social engineering
User participation
All
Is an intrusion prevention system a preventative or corrective measure
corrective (believe it or not)
As of 2021, how many countries are members of the Asia-Pacific Economic Council (APEC)?
21
True or False:
There is a variety of privacy frameworks in the industry, and they are each designed for specific organizations and are not specific to the jurisdictional legislation
The correct answer is False.
When it comes to privacy, it is important to know local legislation and regulation that may be applicable for your organization. There is a variety of privacy frameworks in the industry, each offering benefits and capabilities, usually designed for a certain location or type of organization.
Which of the following are seen as weaknesses in the original concept of Defense in Depth?
A It is seen as vulnerable to insider threats
B It wasn’t designed for use with cloud services.
C It doesn’t apply if there is one centralized corporate data center.
D It wasn’t designed for BYOD security.
AB,D
Which type of water-based fire suppression system combines elements of wet and dry pipe actions?
Pre-action combines elements of wet and dry pipe actions. Fire sensors initiate pre-action charging of the water pipes that can then activate independently as in a wet pipe system.
True or False:
Halon is an older type of water-type fire protection system and is mostly no longer in use.
Halon is an older type of gas-type fire protection system and is mostly no longer in use.
Which type of portable fire extinguisher would be best suited for fighting a magnesium lithium fire
Class D extinguishers are used on flammable metals.
Which of the following is also known as a cryptographic checksum?
A Distributed ledger technology
B Message Authentication Code (MAC)
C Message Integrity Code (MIC)
B Message Authentication Code
A MAC, also known as a cryptographic checksum, is a small block of data that is generated using a secret key and then appended to the message.
Which of the following are key properties of a hash function?
Select all that apply.
A Computed on the entire message
B Uniformly distributed
C Stochastic
D Collision resistant
E Possible to invert if required
ABD
This is a hashing algorithm with a variable length output message
digest
HAsh of VAriable Length (HAVAL)
The output message digest may be 128, 160,
192, 224, or 256 bits, and the number
It does twice the processing of SHA-1, performing five paired rounds of
16 steps each for 160 operations. As with any other hashing algorithm, the benefit of increasing the size of the message digest output is to provide better protection against collisions,
RIPEMD-160 (RACE Integrity
Primitives Evaluation Message Digest)
What does the simple property mean in the Bell-LaPadua model
No read up
What does the simple property mean in the Biba model
No read down
What does the star(*) mean in the Bell-LaPadua model
Subject can only save or
write to an object at same
or higher security level
(No Write Down)
What does the star(*) mean in the Biba
Subject cannot write to
object at higher integrity
level (No Write Up)
What does strong Star property mean in Bell-LaPadua model
Subject can only write to objects at SAME security level (Lateral Write Only)
What does Invocation mean in the Bell-LaPadua and Biba models
Not used in BLP but it means subject cannot send service requests in Biba
What does the Bell LaPadua security model protect
Confidentiality
What does the the Biba security model protect
Integrity
Which standard included multi-tenancy as a characterisitic of cloud computing in addition to the five defined by NIST?
ISO/IEC 17788
When comparing the NIST and ISO cloud characteristics, the ISO/IEC 17788 adds an additional essential cloud characteristic that NIST doesn’t list. Which one of these does ISO include?
A Pooling
B Multi-tenancy
C Measured service
D Network access
B Multi-tenancy
All of these are defined under ISO/IEC 17788 except which one?
Compute as a Service (CompaaS)
Network as a Service (NaaS)
Communication as a Service (CaaS)
Data Storage as a Service (DSaaS)
Network as a Service (NaaS)
What is a null cipher
hiding a message within another message that is in plaintext
Biba only addresses one of three key integrity goals. The Clark–Wilson model
improves on Biba by
focusing on integrity at the transaction level and addressing three major goals of integrity in a commercial environment.
What are the three goals of data integrity
Accuracy, Consistency and Non-repudiation
To address internal consistency (or consistency within the
model system itself), Clark and Wilson recommended
a strict definition of well-formed transactions. In other words, the set of steps within any transaction would need to be carefully designed and enforced
Clark–Wilson establishes a system of —– —– —– bindings such that the subject no
longer has direct access to the object.
subject–program–object
The ——— ——— model is primarily concerned with how a model system controls subjects and objects at a very basic level where other models simply assumed such control
Graham-Denning
Note that Graham and Denning use the term primitive protection rights much
in the same way that other security models describe
permissions or privileges
What are the 8 basic rules (commands) under Graham Denning
Create, Delete (subjects and objects (4))
Provision (Read Access, Delete Access, Transfer Access Grant Access)
What is the Rivest-Shamir-Adleman (RSA) Algorithm
asymmetric key cryptosystem that offers both encryption and digital signatures that provides non-repudiation, integrity, and authentication of source
What is the Diffie-Hellman-Merkle Algorithm
is a key negotiation algorithm and does not provide for message confidentiality.
The Diffie-Hellman-Merkle algorithm can be extremely useful for applications such
as
PKI and others where the generation of symmetric session keys are required.
It is often referred to as a session key negotiation algorithm.
Diffie-Hellman-Merkle
What is the math in Diffie Hellman based on
a discrete logarithm hard math problem
Diffie-Hellman-Merkle can be summarised as follows:
It is a key agreement protocol whereby two parties, without any prior arrangements, can
agree upon a secret symmetric key that is known only to them.
What does the Diffie-Hellman-Merkle use to formulate the shared secret symmetric key
On the client side (client private and server public) key and on the server (server private and client public)
Blowfish and Advanced Encryption Standard (AES) are both
symmetrical encryption algorithms.
BPL
Broadband over powerline
802.15
Bluetooth
Which type of fiber allows for data transmission of up to 80 km (50 miles)?
Single Mode
What is the A in the CIA triad
Availability
Which of the three types of fiber-optic cables are typically used when the cable length is less than 2,000 meters, making it ideal for intra-building interconnections
Multimode uses a larger diameter cable that allows the use of less expensive LEDs for transmission.
What is the distance limit for Plastic Optical Fibre?
100M
Three types of optical cable
Single mode
Multimode
Plastic optical fibre
Does STP need a bigger bend radius than UTP
Yes
Does using Network Function Virtualization reduce costs
No
Point-to-Point Tunneling Protocol (PPTP) is
a legacy protocol that relies on
Generic Routing Encapsulation (GRE) to
build the tunnel between the endpoints
PPTP is based on Point-to-Point Protocol
(PPP), so it does offer authentication
by way of
Password authentication protocol (PAP), challenge-handshake
authentication protocol (CHAP), or extensible authentication protocol
(EAP).
True or false: Layer 2 Tunnelling protocol relies on IPsec to provide encryption
True
True or false
Products and services used in a business environment involve encryption solutions, which means that they cannot be cracked by third parties.
What is a kill chain?
Reconnaissance
Weaponisation
Delivery
Exploitation
Installation
Command and Control
Actions on Objective
Kill Chain: if attackers are hiding in plain sight’ and erasing their tracks, then they would be in the _________- phase
‘Action on Objective’
Kill Chain: When backdoors for continued stealth access have been installed, the attacker would be in the ___________ phase;
‘installation’
Kill Chain: In this phase, the attacker is likely to be selecting their access technique
‘Weaponisation’
What does the Session Initiation Protocol (SIP) do
A VOIP protocol that Enables any SIP compatible device to communicate with any other SIP system.
Which generation of cellular networking introduced support for Long Term Evolution (LTE) and provided transmission speeds of up to 100 Mbps?
4G
Which cellular network uses software defined networking and provide speeds up to 35GB per second
5G
Bluetooth’s inherent weakness due to its
lack of encryption
What is The process whereby a newly
connected device is forced to a starting page
to establish authorized access
Captive portal
True or false Bluetooth is only effective at distances of up to 30 ft.
False. Bluetooth only has an effective range of 30 ft, but this can increase to 300 ft for industrial or advanced versions of Bluetooth.
Which of the following statements accurately describe Code-Division Multiple Access (CDMA)?
Select all that apply.
A Calls are transformed into digital data and given a channel and a timeslot.
B CDMA uses network-based allowed lists to verify their subscribers.
C Call data is encoded and calls are transmitted at once.
D The carrier must accept any CDMA phone.
E Phones are switched with the carrier’s permission.
BC and E
A and D are wrong
The carrier must accept any Global System for Mobiles (GSM) phone, not CDMA.
‘Calls are transformed into digital data and given a channel and a timeslot’ are also a feature of GSM phones, not CDMA.
What type of cell system: Call data is encoded and calls are transmitted immediately.
CDMA
Cell system? Phones are switched with the carrier’s permission.
CDMA
Cell system: Calls are transformed into digital data and given a channel and a timeslot.
GSM
Cell system: Carriers must accept any GSM-compliant phone.
GSM
An extension to network address translation (NAT), which translates all
addresses to one externally routable IP address, is to use
port address translation (PAT)
A _______ ______ mediates communications between untrusted endpoints (servers/hosts/clients) and trusted endpoints (servers/hosts/clients)
proxy firewall
A _____-_______ _______ creates a conduit through which a trusted host
can communicate with an untrusted one
A circuit-level proxy
An ____ - ____ _______ relays the traffic from a trusted endpoint
running a specific application to an untrusted endpoint.
application-level proxy
The most significant advantage of application- level proxies is that they
analyse the data field for various sorts of common attacks such as buffer overflows.
IPSec uses Authentication Headers (AH) to prove the identity of the originator and Encapsulating Security Payload (ESP) for payload encryption. What is the protocol ID for AH?
51
IPSec uses Authentication Headers (AH) to prove the identity of the originator and Encapsulating Security Payload (ESP) for payload encryption. What is the protocol ID for AH?
51
The Authentication Header (AH) is used to
prove the identity of the origin node and ensure that the transmitted data has not been tampered with.
A security association (SA) defines (A). All SAs cover transmissions in (B).
A (C) must be defined for two-way communication
(A) the mechanisms that an endpoint will use to communicate with its partner
(B) one direction only
(C) second SA
In transport mode what is protected
the ip payload
in tunnel mode what is protected
the IP payload and the header
what is transport mode normally used for
end-to-end protection for example between client and server
when is tunnel mode used
normally between network e.g. firewall to firewall VPNs
Which network topology provides a second ring for failover?
Fiber Distributed Data Interface (FDDI)
In software-defined networking (SDN), what happens at the control plane?
Node functionality is managed
PACS, as used by DHS, are divided into four areas that operate independently at the direction of the PACS administrator
Identification
Parking permit management
Alarm monitoring and intrusion detection
Visitor management
The Digital Identity Guidelines of NIST SP 800-63-3 contain recommendations
to support, among other items, requirement for identity proofing and registration.
IAL1 IAL2 IAL3
Identity Assurance Levels
IAL1
attributes,
if any, are self-asserted
or should be treated
as self-asserted.
IAL2
At IAL2, identifying attributes to have been verified in person or remotely are accepted,
using, at a minimum, the procedures given in SP 800-63A
IAL3
At IAL3, in-person identity proofing is required. Identifying attributes
must be verified by an authorised credential service provider (CSP) representative through examination of physical documentation as described in SP 800-63A.
