Random Flashcards
What is RFC 6749
OpenID Connect
What is RFC 6749?
OAuth 2.0
What is RFC 5849?
OAuth 1.0
What does multi-homed device mean?
A multi-homed device has more than one network connection.
How often can electronic vaulting occur?
Daily, hourlyy, weekly,
What must a user have for all information processed in system high mode?
A security clearance and access approval
What is geotagging?
An investigative technique in which idenfiies the physical location of a given decice by examining the characteristics of the content that is generated by the device
What does an attacker typically have in a brute-force attack?
Only the ciphertext
What are the ISC Code of Ethic canons?
- Protect society, the common good, necessary public trust and confidence, and the infrastructure.
- Act honorable, honestly, justly, responsibily and legally
- Provide diligent and competent service to principals
- Advance and protect the profession.
What is secondary storage?
Non-volatile memory such as ROMs
What is the NIST SP 800-30?
Guide for conducting risk assessments.
In Micrsoft’s SDL when is static analysis performed?
During the Implementation Phase.
In Microsoft’s SDL when is dynamic analysis and fuzz testing performed?
They are both performed in the Verification Phase
In Microsoft’s SDL when is the incident response plan created?
In the Release Phase.
What are examples of circuit switched technology?
T1, POTS, ISDN, PPP
What are examples of packet switched technologies?
Frame-Relay, X.25 (replaced by FR).
What are the seven categories of access controls?
- Directive
- Deterrent
- Preventive
- Compensating
- Detective
- Corrective
- Recovery
What is prevention obsfucation?
Attempting to make code obscure to computers. Making it difficult to de-obfuscate or to decompile the code.
What is lexical obfuscation?
Renaming classes, fields, and methods and replacing them with new identifiers that lack intuitive meaning. E.g. replacing salary with the letter “a”.
What is control flow obsfucation?
Deals with making an application harder to understand or to decompile.
What is NIC teaming?
Combining multiple physical network adapters into a virtual NIC which will be presented to the OS as a single NIC.
What is the function of ARP?
It assigns IP addresses to MAC addresses
What is the function of RARP?
It assigns MAC addresses to IP addresses
What is the steps of BCP development process?
- Develop a BCP policy statement.
- Conduct a BIA
- Identify preventive controls
- Develop recovery strategies
- Develop an IT contingency plan
- Perform DRP training and testing
- Perform BCP/DRP maintenance.
What is a teardrop attack?
It is an attack attempting to cause DoS. An attacker sends fragmented packets to the server.