Stuff from Exams I don't know #2 Flashcards
Trusted Platform Module - Remote Attestation
TPM uses Remote Attestation to create a hash summary of they system configuration to verify that changes have not been made.
Trusted Platform Module - Binding and Sealing
Binding and Sealing are techniques used to encrypt data.
Is a centrallized log server sometimes called a Bastion Host?
Yes.
Pre-action sprinkler system
Best option for a computer facility because it provides the opportunity to prevent the release of water.
A combination dry pipe/wet pipe system. The system exists as a dry pipe until the initial stages of a fire (smoke, heat, and so on) are detected and then the pipes are filled with water. The water is released only after the sprinkler head activation triggers are melted by sufficient heat. If the fire is quenched before the sprinklers are triggered, the pipes can be manually emptied and reset. This also allows for manual intervention to stop the release of water before sprinkler triggering occurs. Preaction systems are the most appropriate water-based system for environments that include both computers and humans in the same locations.
Two-person control
An example of M of N control.
In this case 2 people are required to both approve and take action for something to happen.
Confinement (software development)
When a system restricts the access of a particular process to limit its ability to affect other processes running on the same system.
Example: Sandboxing, running in a VM, etc.
OpenID vs Oauth
OAuth provides access/authorization, while OpenID provides authentication.
Real User Monitoring
AKA RUM: passive monitoring technique that records user interaction with an application or system to ensure performance and proper application behavior.
Synthetic Monitoring
Uses simulated behavior against a system to monitor performance/behavior.
Passive Monitoring
Monitors live network traffic in a passive way, i.e. mirrored.
Military and intelligence attack
Goal is to obtain secret and restricted information from military or law enforcement systems. Targets the classified data that resides on systems.
ISO 27001 vs 27002
27001 is the standard for international information security management, and ISO 27002 is a supporting standard that guides how the information security controls can be implemented.
Which key is used to enforce referential integrity between database tables?
Foreign Key
Split-response attack
Can be used to force a client to inadvertently download content that wasn’t intended.
DOM XSS Attack
DOM-based cross-site scripting is a type of cross-site scripting (XSS) where the attack takes advantage of the Document Object Model (DOM).
The DOM is an internal data structure that stores all of the objects and properties of a web page. For example, every tag used in HTML code represents a DOM object. Additionally, the DOM of a web page contains information about such properties as the page URL and meta information. Developers may refer to these objects and properties using JavaScript and change them dynamically.
Is an “Alternative system” a term?
Yes - in a BIA this refers to alternate/redundant resources, i.e. backup connections.
What type of access control does a NAC usually represent?
Risk-based Access Control
Pseudonymization vs Tokenization vs anonymization
Pseudonymization is simply replacing data with artificial identifiers.
Tokenization specifically uses a token/randomized string of characters as an identifier.
Anonymization - removes all relevant personal data so that it is theoretically impossible to identify the subect.
Structured Walk-through vs Simulation test (DRP testing)
The simulation test is similar to the structured walk-through. Here the DRP team members are given a test scenario and asked to come up with an appropriate response. These response methods are then tested for efficiency. This may involve the scheduling around non-critical business activities and the use of some operational personnel.
The structured walk-through involves role-play by the DRP team of a disaster scenario already documented in the DR Policy. The DRP team members then review copies of the disaster recovery plan and discuss the appropriate responses or any problematic areas with that particular type of disaster.
SOAR - runbook or playbook?
A runbook is how to complete a task, like resetting a user’s password. A playbook on the other hand, would contain multiple runbooks and is geared towards a bigger goal or scenario.
Is extranet a term?
Yes, Extranet: This shares similarities with the INTRAnet — it’s a private network that uses Internet protocols and can be used to publish corporate web sites. The main difference is users outside of the organization have access to the system, such as business associates.
audit trails
“Audit trails maintain a record of system activity both by system and
application processes and by user activity of systems and applications. In
conjunction with appropriate tools and procedures, audit trails can assist
in detecting security violations, performance problems, and flaws in
applications. This bulletin focuses on audit trails as a technical control
and discusses the benefits and objectives of audit trails, the types of
audit trails, and some common implementation issues.”
UEM
Unified Endpoint Management
Which OSI layers are associated with Data STreams
App, Presentation, Session.
These layers have streams.
Layers 2, 3, 4 have Frames, packets, segments, or datagrams
MTD
Maximum tolerable downtime
Is White box a term in software testing?
Yes. Refers to all code being available for analysis
Is terrorism considered a disaster?
Yes, even though it’s rarely accounted for in policy
Grey box software test
In a gray box test, the tester evaluates the software from a user perspective but has access to the source code as the test is conducted.
ACID
Atomicity
Consistent
Isolation
Durable
Does containerization reduce overhead?
Generally yes
Edge Computing vs Fog Computing
Network design philosophy where the compute power and data are located as closely as possible. Often implemented with IIoT (industrial internet of things).
Other example could be EDR tooling. Peforms centralized computing of data collected by disparate sensors
Business organization analysis
Step of building a BCP, The purpose is to identify all departments and individuals who have a stake in the process. i.e. they are stakeholders.
SDLC (software)
Software Development Life Cycle. i.e. Agile, Waterfall, Spiral
SDLC (Systems)
Systems Development Lifecycle
What fire suppression system is the highest risk in a data center?
Wet pipe
ISO 27001 vs 27002
ISO 27001 and ISO 27002 are related standards within the ISO/IEC 27000 series, but they serve different purposes. ISO 27001 specifies the requirements for establishing, implementing, maintaining, and continually improving an Information Security Management System (ISMS), providing a framework for organizations to manage their information security risks. On the other hand, ISO 27002 offers guidelines and best practices for implementing specific security controls within the context of an ISMS, assisting organizations in selecting and implementing appropriate measures to address their information security risks as defined by ISO 27001.
SAMM (Software)
SAMM is not specific to CISSP but is a framework developed by the Open Web Application Security Project (OWASP) to help organizations formulate and implement strategies for software security. It provides guidance on building and improving an organization’s software security posture by assessing and enhancing their software development and acquisition practices.
Asset Tiers?
Tier zero is reserved for essential assets. These are assets that handle sensitive data and are always required to be available. An example would be a router or file server that an entire organization relies on.
A tier one asset is important, but not equally for every department—for some departments, it may be more important than for others. File shares or local network devices used by a group of employees would be an example of this. Workstations and phones would meet the criteria for a tier two classification. Tier two classifications generally describe non-critical assets that could impact an individual.
Trusted Recovery Process
In CISSP, the Trusted Recovery Process refers to the establishment of a secure and verifiable method for restoring a system to a trusted state after a security incident. It focuses on maintaining the confidentiality, integrity, and availability of information during the recovery activities. This process involves validating the integrity of components, verifying software authenticity, and ensuring the absence of malicious alterations in the recovered state.
Request Control, change control, release control
Request control involves the evaluation and management of requested changes or additions to a system or project. Change control is a broader process that encompasses the systematic handling of requested and unplanned changes, ensuring proper documentation, review, approval, and implementation. Release control extends the scope further by managing the deployment and distribution of changes, ensuring a coordinated and controlled release of new features, enhancements, or fixes into the production environment.
Best location for data center on multi-level building
Middle floor.
Most common risk associated with Cellular Hotspots
MITM/Rogue AP
Distributed Control System
A distributed control system (DCS) is a network of PLCs, sensors, and supervisory computers. Generally, a DCS is process-specific and does not span large geographical areas, whereas a SCADA system controls multiple processes and can span large geographical areas.
Real user monitoring (AKA Passive Monitoring)
Real user monitoring (RUM) analyzes the traffic or status of transactions for real user traffic. This is also known as passive monitoring.
Reasonableness check
A reasonableness check ensures that data outputted from software falls within the specified boundaries. For example, ensuring that a person’s height is not negative or more than 10 feet.
SAMM
Maintained by OWASP
Provides a framework for integrating security activities into the development and maintenance process.
Five Principals: Governance, design, implementation, verification, operations
SAMM vs SW-CMM
SAMM’s main goal is to provide for a way to integrate security directly to the developmen tprocess.
SW-CMM’s goal is to provide a framework for assessing software maturity.
