Study 3 Flashcards

1
Q

what are the 5 DRP tests?

A
  1. Read-Through Test
  2. Structured Walk-Through Test
  3. Simulation test
  4. Parallel Test
  5. Full-Interruption Test
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q
Common IP Header Protocol field values for
ICMP
IGMP
TCP
UDP
A
Common IP Header Protocol field values are:
ICMP=1
IGMP=2
TCP= 6
UDP=17
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

private Labels

A

Confidential
Private
Sensitive
Public

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

private Labels damage per label:

A

Confidential = Destroy
Private = Significant
Sensitive =Negative Impact
Public = No impact

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

DOD Labels damage per label:

A

Top Secret = Grave
Secret = Critical
Confidential = Serious
Unclassified = No effect

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

At which of the basic phases of the System Development Life Cycle are security requirements formalized?

A

Functional Requirements Definition

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

a special purpose computer on a network specifically designed and configured to withstand attacks

A

bastion host

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

In a database management system (DBMS), what is the “cardinality?”

A

The number of rows in a relation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

In a database management system (DBMS), what is the “degree

A

is the “number” of columns in a relation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

In a database management system (DBMS), what is the “domain of a relation”.

A

the set of allowable values that an attribute can take.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

is a type of polyalphabetic substitution cipher in which a text, typically from a book,

A

running key cipher

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What uses a key of the same length as the message where each bit or character from the plaintext is encrypted by an exclusive or (XOR) operation?

A

One-time pad

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

the data portion of each packet is encrypted, encryption within IPSEC is referred to as the encapsulation security payload (ESP), it is ESP that provides confidentiality over the process.
what method?

A

transport method

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

in IPsec the ESP payload and its header’s are encrypted. To achieve non-repudiation, an additional authentication header (AH) is applied.
what method?

A

tunnel mode

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is the Systems Development life cycle 5 steps:

A
  1. Initiation
  2. Acquisition / Development
  3. implementation
  4. Operation / Maintenance
  5. Disposal
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is the Software Development life cycle 5 steps:

A
  1. Requirements Gathering
  2. Design
  3. Development
  4. Testing / Validation
  5. Release / Maintenance
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What are the 3 Iterative Development Models

A
  1. Spiral Model
  2. Waterfall Method
  3. Rapid Application Development (RAD)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Iterative Development Models mean what?

A

Linear , we can’t go back to previous steps

19
Q

What are the 3 non-Iterative Development Models

A
  1. Agile Method
  2. New Waterfall Method
  3. Clean Room
20
Q

What Development Model uses prototypes and dummy GUI’s

A

Rapid Application Development (RAD)

21
Q

Attributes are what in a Data Base?

A

Columns fields

22
Q

Foreign Key matches primary keys

A

Referential Integrity

23
Q

field values match data type ( no letters in numerical fields

A

Semantic Integrity

24
Q

Each Tuple has a non-null primary Key

A

Entity Integrity

25
Q

Database Normalization

A

Removes redundant data

26
Q

DNS is what type of database

A

Hierarchical Database

27
Q

The S/MIME standard is based on the principle of What?

A

public-key encryption

28
Q

The SQL three sublanguages:

A
  1. Data Definition Language (DDL)
  2. Data Manipulation Language (DML)
  3. Data Control Language (DCL)
29
Q

The SQL sublanguages that is used to create databases, tables, views, and indices (keys) specifying the links between tables.

A

Data Definition Language (DDL)

30
Q

The SQL sublanguages that is used to query and extract data, insert new records, delete old records, and update existing records.

A

Data Manipulation Language (DML)

31
Q

The SQL sublanguages that is used by System and database administrators to control access to data.

A

he Data Control Language (DCL)

32
Q

Secure Sockets Layer (SSL) uses symmetric encryption for encrypting the bulk of the data being sent over the session and it uses asymmetric or public key cryptography for:

A

Peer Authentication

33
Q

Kerberos uses a database to keep a copy of

A

a copy of all of the symmetric/secret keys for the principals

34
Q

weakness of Kerberos is its

A

Key Distribution Center (KDC), which represents a single point of failure.

35
Q

The Exclusionary Rule

A

that evidence must be gathered legally or it can’t be used.

36
Q

A Hearsay evidence exception rule is?

A

business records exception :
The business records created during the ordinary course of business are considered reliable and can usually be brought in under this exception if the proper foundation is laid when the records are introduced into evidence

37
Q

The hearsay rule concerns with what?

A

computer-generated evidence

38
Q

computer-generated is what type of evidence

A

second-hand evidence

39
Q

Who of the following is responsible for ensuring that proper controls are in place to address integrity, confidentiality, and availability of IT systems and data?

A

System and information owners

40
Q

financial risks can be calculated is by using the formula:

A

Probability of harm (P) * Magnitude or Harm (M) = Cost of the prevention (C)

41
Q

Law system is based on the idea of legal precedents and social traditions.

A

Common Law

42
Q

? attack attempts to learn or make use of the information from the system but does not affect system resources.

A

passive attack

43
Q

?attack attempts to alter system resources to affect their operation

A

active attack