Stuff from Exams I don't know

Question 1

Types of MAC Mandatory Access Control environments:

Answer 1

Hierarchical

Compartmentalized

Hybrid

Question 2

Generational Fuzzing AKA Intelligent Fuzzing

Answer 2

A form of fuzzing that develops inputs based on models of expected inputs to perform the same task. This is also sometimes called intelligent fuzzing. A form of fuzzing that modifies known inputs to generate synthetic inputs that may trigger unexpected behavior.

Question 3

Regression Testing

Answer 3

testing software functions based on prior test scenarios to ensure that a change has not negatively impacted the software

Question 4

SCAP Protocol - NIST

Answer 4

The Security Content Automation Protocol (SCAP) is a method for using specific standards to enable automated vulnerability management, measurement, and policy compliance evaluation of systems deployed in an organization, including e.g., FISMA (Federal Information Security Management Act, 2002) compliance. The National Vulnerability Database (NVD) is the U.S. government content repository for SCAP. An example of an implementation of SCAP is OpenSCAP.

Question 5

zzuf

Answer 5

Input fuzzing tool

Question 6

Data Diddling

Answer 6

Changing data with malicious intent before or during input to the system. The act of making small changes to data, typically malicious in intent.

Question 7

XST Attack

Answer 7

Method to steal Cookies:

A Cross-Site Tracing (XST) attack involves the use of Cross-site Scripting (XSS) and the TRACE or TRACK HTTP methods. According to RFC 2616, “TRACE allows the client to see what is being received at the other end of the request chain and use that data for testing or diagnostic information.”, the TRACK method works in the same way but is specific to Microsoft’s IIS web server. XST could be used as a method to steal user’s cookies via Cross-site Scripting (XSS) even if the cookie has the “HttpOnly” flag set or exposes the user’s Authorization header

Question 8

CPTED - Crime prevention through environmental design 5 strategies

Answer 8

Strategies: Natural Surveillance, Natural Access Control, Territorial Reinforcement, activity support, Maintenance.

Question 9

XDRF

Question 10

E-Discovery reference model steps

Answer 10

Identification. …
Preservation. …
Collection. …
Processing. …
Review. …
Analysis. …
Production.

Question 11

Forensic Disk Controller

Answer 11

Performs four functions,

write blocking,
returning data requested by a read operation,
access-significant information from the device,
reporting errors from the device back to the forensic host

Question 12

Limit Check

Answer 12

Type of input control:
An input control text that assesses the value of a data field to determine whether values fall within set limits.

Question 13

Dry pipe, vs wet pipe, vs pre-action

Question 14

Calculation of SYMMETRIC keys needed in a large group for all to communicated securely.

Answer 14

(n(n-1))/2

Question 15

Calculation of ASYMMETRIC keys needed in a large group for all to communicated securely.

Answer 15

2 times people

Question 16

Output Encoding - AKA Encoding

Answer 16

Defensive technique against injection attack:

involves translating special characters into some different but equivalent form that is no longer dangerous in the target interpreter, for example translating the < character into the < string when writing to an HTML page.

Question 17

Escaping

Answer 17

Injection Attack defensive technique:

Escaping involves adding a special character before the character/string to avoid it being misinterpreted, for example, adding a \ character before a “ (double quote) character so that it is interpreted as text and not as closing a string.

Question 18

Type 1 error

Answer 18

False Positive

Remember - in Biometrics it is better to FAIL SAFE. So a False Positive = False Rejection

Question 19

Type 2 Error

Answer 19

False Negative

In biometrics this is a FALSE ACCEPT. This is Negative, and failing open.

NOT GOOD

Question 20

Real evidence

Answer 20

Real physical object

Question 21

Documentary Evidence

Answer 21

Documentation, logs.

Question 22

Testimonial evidence

Answer 22

Witness interview on stand

Question 23

Primary Evidence

Answer 23

Original copies/objects

Question 24

Secondary Evidence

Answer 24

Certified copies

Question 25

Hearsay Evidence

Answer 25

He said she said sort of situations. Second hand accounts of an event. Not admissable.

Question 26

Direct Evidence

Answer 26

Primary evidence, i.e. Security camera footage showing a person breaking into a store and stealing items;

Question 27

Corroborative Evidences

Answer 27

Supports the validity of another piece of evidence. “Paints the picture” of a situation.

If you swear before a judge that you saw a suspect in front of a convenience store at a certain time, the store’s security video might be corroborating evidence for your testimony. If you accuse your neighbor of denting the door of your car, a corresponding dent in her bumper could be corroborating evidence.

Question 28

Conclusive evidence

Answer 28

Conclusive – so good, that we can adjourn court after it.

Evidence that must, as a matter of law, be taken to establish some fact in issue and that cannot be disputed. For example, the certificate of incorporation of a company is conclusive evidence of its incorporation.

Question 29

Best Evidence Rule

Answer 29

Original evidence is best - not copies.

Question 30

Parol Evidence Rule

Answer 30

Parol – Written signed agreements can only be amended by written signed agreements (not parol evidence)

Question 31

Hearsay Evidence rule

Answer 31

States that hearsay evidence shall not be permitted

Question 32

SPML

Answer 32

Provisioning protocol

Service Provisioning Markup Language is an XML-based framework, being developed by OASIS, for exchanging user, resource and service provisioning information between cooperating organizations.

Question 33

COPPA - The Children’s Online Privacy Protection Act of 1998

Answer 33

COPPA - The Children’s Online Privacy Protection Act of 1998

If you own or operate a website, you’re probably already familiar with the Children’s Online Privacy Protection Act (COPPA). This law, passed in 1998, requires that the operators of websites used by children under the age of 13 take precautionary measures to ensure the privacy of those children. After 15 years of existence, the Federal Trade Commission (FTC) recently announced new COPPA compliance rules that will go into effect beginning on July 1, 2013.

Question 34

Land Attack

Answer 34

A LAND Attack is a Layer 4 Denial of Service (DoS) attack in which, the attacker sets the source and destination information of a TCP segment to be the same. A vulnerable machine will crash or freeze due to the packet being repeatedly processed by the TCP stack.

Question 35

FISMA

Answer 35

The Federal Information Security Management Act (FISMA) was originally passed in 2002 as part of the Electronic Government Act. FISMA defines a framework of guidelines and security standards to protect government information and operations.

Question 36

FERPA

Answer 36

The Family Educational Rights and Privacy Act of 1974 is a United States federal law that governs the access to educational information and records by public entities such as potential employers, publicly funded educational institutions, and foreign governments

Question 37

Take-Grant Model

Answer 37

The Take-Grant model is another confidentiality-based model that supports four basic operations: take, grant, create, and revoke.

This model allows subjects with the take right to remove take rights from other subjects. Subjects possessing the grant right can grant this right to other subjects.

The create and revoke operations work in the same manner: Someone with the create right can give the create right to others and those with the revoke right can remove that right from others.

Question 38

What does Accountability rely on?

Answer 38

Authorization, identification, audit trails

Question 39

XTACACS

Answer 39

Extended TACACS

An alternative to RADIUS. TACACS is available in three versions: original TACACS, XTACACS (extended TACACS), and TACACS+. TACACS integrates the authentication and authorization processes. XTACACS keeps the authentication, authorization, and accounting processes separate. TACACS+ improves XTACACS by adding two-factor authentication.

Question 40

XACML - Extensible Access Control Markup Language

Answer 40

XACML is a standard language for access control that allows for communication between the access control system and implementation, even if they are from a different vendor

Question 41

Does a router perform IPv4 to IPv6 translations?

Answer 41

TECHNICALLY - no. A gateway does.

In reality - yes.

Question 42

Clipping (in log sampling)

Answer 42

Form of non-statistical sampling that reduces the amount of logs in the database, based off of thresholds.

Question 43

COBIT - Control Objectives for Information Technology

Answer 43

Framework for evaluating controls in an organization. Can be used for architecting the environment AND for auditing.

The COBIT framework specifically manages control variables within IT and how they align with business practices.