Stuff from Exams I don't know #2

Question 1

Trusted Platform Module - Remote Attestation

Answer 1

TPM uses Remote Attestation to create a hash summary of they system configuration to verify that changes have not been made.

Question 2

Trusted Platform Module - Binding and Sealing

Answer 2

Binding and Sealing are techniques used to encrypt data.

Question 3

Is a centrallized log server sometimes called a Bastion Host?

Answer 3

Yes.

Question 4

Pre-action sprinkler system

Answer 4

Best option for a computer facility because it provides the opportunity to prevent the release of water.

A combination dry pipe/wet pipe system. The system exists as a dry pipe until the initial stages of a fire (smoke, heat, and so on) are detected and then the pipes are filled with water. The water is released only after the sprinkler head activation triggers are melted by sufficient heat. If the fire is quenched before the sprinklers are triggered, the pipes can be manually emptied and reset. This also allows for manual intervention to stop the release of water before sprinkler triggering occurs. Preaction systems are the most appropriate water-based system for environments that include both computers and humans in the same locations.

Question 5

Two-person control

Answer 5

An example of M of N control.

In this case 2 people are required to both approve and take action for something to happen.

Question 6

Confinement (software development)

Answer 6

When a system restricts the access of a particular process to limit its ability to affect other processes running on the same system.

Example: Sandboxing, running in a VM, etc.

Question 7

OpenID vs Oauth

Answer 7

OAuth provides access/authorization, while OpenID provides authentication.

Question 8

Real User Monitoring

Answer 8

AKA RUM: passive monitoring technique that records user interaction with an application or system to ensure performance and proper application behavior.

Question 9

Synthetic Monitoring

Answer 9

Uses simulated behavior against a system to monitor performance/behavior.

Question 10

Passive Monitoring

Answer 10

Monitors live network traffic in a passive way, i.e. mirrored.

Question 11

Military and intelligence attack

Answer 11

Goal is to obtain secret and restricted information from military or law enforcement systems. Targets the classified data that resides on systems.

Question 12

ISO 27001 vs 27002

Answer 12

27001 is the standard for international information security management, and ISO 27002 is a supporting standard that guides how the information security controls can be implemented.

Question 13

Which key is used to enforce referential integrity between database tables?

Answer 13

Foreign Key

Question 14

Split-response attack

Answer 14

Can be used to force a client to inadvertently download content that wasn’t intended.

Question 15

DOM XSS Attack

Answer 15

DOM-based cross-site scripting is a type of cross-site scripting (XSS) where the attack takes advantage of the Document Object Model (DOM).

The DOM is an internal data structure that stores all of the objects and properties of a web page. For example, every tag used in HTML code represents a DOM object. Additionally, the DOM of a web page contains information about such properties as the page URL and meta information. Developers may refer to these objects and properties using JavaScript and change them dynamically.

Question 16

Is an “Alternative system” a term?

Answer 16

Yes - in a BIA this refers to alternate/redundant resources, i.e. backup connections.

Question 17

What type of access control does a NAC usually represent?

Answer 17

Risk-based Access Control

Question 18

Pseudonymization vs Tokenization vs anonymization

Answer 18

Pseudonymization is simply replacing data with artificial identifiers.

Tokenization specifically uses a token/randomized string of characters as an identifier.

Anonymization - removes all relevant personal data so that it is theoretically impossible to identify the subect.

Question 19

Structured Walk-through vs Simulation test (DRP testing)

Answer 19

The simulation test is similar to the structured walk-through. Here the DRP team members are given a test scenario and asked to come up with an appropriate response. These response methods are then tested for efficiency. This may involve the scheduling around non-critical business activities and the use of some operational personnel.

The structured walk-through involves role-play by the DRP team of a disaster scenario already documented in the DR Policy. The DRP team members then review copies of the disaster recovery plan and discuss the appropriate responses or any problematic areas with that particular type of disaster.

Question 20

SOAR - runbook or playbook?

Answer 20

A runbook is how to complete a task, like resetting a user’s password. A playbook on the other hand, would contain multiple runbooks and is geared towards a bigger goal or scenario.

Question 21

Is extranet a term?

Answer 21

Yes, Extranet: This shares similarities with the INTRAnet — it’s a private network that uses Internet protocols and can be used to publish corporate web sites. The main difference is users outside of the organization have access to the system, such as business associates.

Question 22

audit trails

Answer 22

“Audit trails maintain a record of system activity both by system and
application processes and by user activity of systems and applications. In
conjunction with appropriate tools and procedures, audit trails can assist
in detecting security violations, performance problems, and flaws in
applications. This bulletin focuses on audit trails as a technical control
and discusses the benefits and objectives of audit trails, the types of
audit trails, and some common implementation issues.”

Question 23

UEM

Answer 23

Unified Endpoint Management

Question 24

Which OSI layers are associated with Data STreams

Answer 24

App, Presentation, Session.

These layers have streams.

Layers 2, 3, 4 have Frames, packets, segments, or datagrams

Question 25

MTD

Answer 25

Maximum tolerable downtime

Question 26

Is White box a term in software testing?

Answer 26

Yes. Refers to all code being available for analysis

Question 27

Is terrorism considered a disaster?

Answer 27

Yes, even though it’s rarely accounted for in policy

Question 28

Grey box software test

Answer 28

In a gray box test, the tester evaluates the software from a user perspective but has access to the source code as the test is conducted.

Question 29

ACID

Answer 29

Atomicity
Consistent
Isolation
Durable

Question 30

Does containerization reduce overhead?

Answer 30

Generally yes

Question 31

Edge Computing vs Fog Computing

Answer 31

Network design philosophy where the compute power and data are located as closely as possible. Often implemented with IIoT (industrial internet of things).

Other example could be EDR tooling. Peforms centralized computing of data collected by disparate sensors

Question 32

Business organization analysis

Answer 32

Step of building a BCP, The purpose is to identify all departments and individuals who have a stake in the process. i.e. they are stakeholders.

Question 33

SDLC (software)

Answer 33

Software Development Life Cycle. i.e. Agile, Waterfall, Spiral

Question 34

SDLC (Systems)

Answer 34

Systems Development Lifecycle

Question 35

What fire suppression system is the highest risk in a data center?

Answer 35

Wet pipe

Question 36

ISO 27001 vs 27002

Answer 36

ISO 27001 and ISO 27002 are related standards within the ISO/IEC 27000 series, but they serve different purposes. ISO 27001 specifies the requirements for establishing, implementing, maintaining, and continually improving an Information Security Management System (ISMS), providing a framework for organizations to manage their information security risks. On the other hand, ISO 27002 offers guidelines and best practices for implementing specific security controls within the context of an ISMS, assisting organizations in selecting and implementing appropriate measures to address their information security risks as defined by ISO 27001.

Question 37

SAMM (Software)

Answer 37

SAMM is not specific to CISSP but is a framework developed by the Open Web Application Security Project (OWASP) to help organizations formulate and implement strategies for software security. It provides guidance on building and improving an organization’s software security posture by assessing and enhancing their software development and acquisition practices.

Question 38

Asset Tiers?

Answer 38

Tier zero is reserved for essential assets. These are assets that handle sensitive data and are always required to be available. An example would be a router or file server that an entire organization relies on.

A tier one asset is important, but not equally for every department—for some departments, it may be more important than for others. File shares or local network devices used by a group of employees would be an example of this. Workstations and phones would meet the criteria for a tier two classification. Tier two classifications generally describe non-critical assets that could impact an individual.

Question 39

Trusted Recovery Process

Answer 39

In CISSP, the Trusted Recovery Process refers to the establishment of a secure and verifiable method for restoring a system to a trusted state after a security incident. It focuses on maintaining the confidentiality, integrity, and availability of information during the recovery activities. This process involves validating the integrity of components, verifying software authenticity, and ensuring the absence of malicious alterations in the recovered state.

Question 40

Request Control, change control, release control

Answer 40

Request control involves the evaluation and management of requested changes or additions to a system or project. Change control is a broader process that encompasses the systematic handling of requested and unplanned changes, ensuring proper documentation, review, approval, and implementation. Release control extends the scope further by managing the deployment and distribution of changes, ensuring a coordinated and controlled release of new features, enhancements, or fixes into the production environment.

Question 41

Best location for data center on multi-level building

Answer 41

Middle floor.

Question 42

Most common risk associated with Cellular Hotspots

Answer 42

MITM/Rogue AP

Question 43

Distributed Control System

Answer 43

A distributed control system (DCS) is a network of PLCs, sensors, and supervisory computers. Generally, a DCS is process-specific and does not span large geographical areas, whereas a SCADA system controls multiple processes and can span large geographical areas.

Question 44

Real user monitoring (AKA Passive Monitoring)

Answer 44

Real user monitoring (RUM) analyzes the traffic or status of transactions for real user traffic. This is also known as passive monitoring.

Question 45

Reasonableness check

Answer 45

A reasonableness check ensures that data outputted from software falls within the specified boundaries. For example, ensuring that a person’s height is not negative or more than 10 feet.

Question 46

SAMM

Answer 46

Maintained by OWASP

Provides a framework for integrating security activities into the development and maintenance process.

Five Principals: Governance, design, implementation, verification, operations

Question 47

SAMM vs SW-CMM

Answer 47

SAMM’s main goal is to provide for a way to integrate security directly to the developmen tprocess.

SW-CMM’s goal is to provide a framework for assessing software maturity.