Study 3

Question 1

what are the 5 DRP tests?

Answer 1

1. Read-Through Test
2. Structured Walk-Through Test
3. Simulation test
4. Parallel Test
5. Full-Interruption Test

Question 2

Common IP Header Protocol field values for
ICMP
IGMP
TCP
UDP

Answer 2

Common IP Header Protocol field values are:
ICMP=1
IGMP=2
TCP= 6
UDP=17

Question 3

private Labels

Answer 3

Confidential
Private
Sensitive
Public

Question 4

private Labels damage per label:

Answer 4

Confidential = Destroy
Private = Significant
Sensitive =Negative Impact
Public = No impact

Question 5

DOD Labels damage per label:

Answer 5

Top Secret = Grave
Secret = Critical
Confidential = Serious
Unclassified = No effect

Question 6

At which of the basic phases of the System Development Life Cycle are security requirements formalized?

Answer 6

Functional Requirements Definition

Question 7

a special purpose computer on a network specifically designed and configured to withstand attacks

Answer 7

bastion host

Question 8

In a database management system (DBMS), what is the “cardinality?”

Answer 8

The number of rows in a relation

Question 9

In a database management system (DBMS), what is the “degree

Answer 9

is the “number” of columns in a relation.

Question 10

In a database management system (DBMS), what is the “domain of a relation”.

Answer 10

the set of allowable values that an attribute can take.

Question 11

is a type of polyalphabetic substitution cipher in which a text, typically from a book,

Answer 11

running key cipher

Question 12

What uses a key of the same length as the message where each bit or character from the plaintext is encrypted by an exclusive or (XOR) operation?

Answer 12

One-time pad

Question 13

the data portion of each packet is encrypted, encryption within IPSEC is referred to as the encapsulation security payload (ESP), it is ESP that provides confidentiality over the process.
what method?

Answer 13

transport method

Question 14

in IPsec the ESP payload and its header’s are encrypted. To achieve non-repudiation, an additional authentication header (AH) is applied.
what method?

Answer 14

tunnel mode

Question 15

What is the Systems Development life cycle 5 steps:

Answer 15

1. Initiation
2. Acquisition / Development
3. implementation
4. Operation / Maintenance
5. Disposal

Question 16

What is the Software Development life cycle 5 steps:

Answer 16

1. Requirements Gathering
2. Design
3. Development
4. Testing / Validation
5. Release / Maintenance

Question 17

What are the 3 Iterative Development Models

Answer 17

1. Spiral Model
2. Waterfall Method
3. Rapid Application Development (RAD)

Question 18

Iterative Development Models mean what?

Answer 18

Linear , we can’t go back to previous steps

Question 19

What are the 3 non-Iterative Development Models

Answer 19

1. Agile Method
2. New Waterfall Method
3. Clean Room

Question 20

What Development Model uses prototypes and dummy GUI’s

Answer 20

Rapid Application Development (RAD)

Question 21

Attributes are what in a Data Base?

Answer 21

Columns fields

Question 22

Foreign Key matches primary keys

Answer 22

Referential Integrity

Question 23

field values match data type ( no letters in numerical fields

Answer 23

Semantic Integrity

Question 24

Each Tuple has a non-null primary Key

Answer 24

Entity Integrity

Question 25

Database Normalization

Answer 25

Removes redundant data

Question 26

DNS is what type of database

Answer 26

Hierarchical Database

Question 27

The S/MIME standard is based on the principle of What?

Answer 27

public-key encryption

Question 28

The SQL three sublanguages:

Answer 28

1. Data Definition Language (DDL) 2. Data Manipulation Language (DML) 3. Data Control Language (DCL)

Question 29

The SQL sublanguages that is used to create databases, tables, views, and indices (keys) specifying the links between tables.

Answer 29

Data Definition Language (DDL)

Question 30

The SQL sublanguages that is used to query and extract data, insert new records, delete old records, and update existing records.

Answer 30

Data Manipulation Language (DML)

Question 31

The SQL sublanguages that is used by System and database administrators to control access to data.

Answer 31

he Data Control Language (DCL)

Question 32

Secure Sockets Layer (SSL) uses symmetric encryption for encrypting the bulk of the data being sent over the session and it uses asymmetric or public key cryptography for:

Answer 32

Peer Authentication

Question 33

Kerberos uses a database to keep a copy of

Answer 33

a copy of all of the symmetric/secret keys for the principals

Question 34

weakness of Kerberos is its

Answer 34

Key Distribution Center (KDC), which represents a single point of failure.

Question 35

The Exclusionary Rule

Answer 35

that evidence must be gathered legally or it can't be used.

Question 36

A Hearsay evidence exception rule is?

Answer 36

business records exception : The business records created during the ordinary course of business are considered reliable and can usually be brought in under this exception if the proper foundation is laid when the records are introduced into evidence

Question 37

The hearsay rule concerns with what?

Answer 37

computer-generated evidence

Question 38

computer-generated is what type of evidence

Answer 38

second-hand evidence

Question 39

Who of the following is responsible for ensuring that proper controls are in place to address integrity, confidentiality, and availability of IT systems and data?

Answer 39

System and information owners

Question 40

financial risks can be calculated is by using the formula:

Answer 40

Probability of harm (P) * Magnitude or Harm (M) = Cost of the prevention (C)

Question 41

Law system is based on the idea of legal precedents and social traditions.

Answer 41

Common Law

Question 42

? attack attempts to learn or make use of the information from the system but does not affect system resources.

Answer 42

passive attack

Question 43

?attack attempts to alter system resources to affect their operation

Answer 43

active attack