Sunflower PDF Flashcards

Question 1

Q

CIA

Answer

A

Confidentiality, Integrity, Availability

Question 2

Q

CIA - Negative

Answer

A

Disclosure, Alteration, destruction

Question 3

Q

Confidentiality

Answer

A

Prevent unauthorized disclosure, need to know, and least privilege. Assurance that information is not disclosed to unauthorized programs, users, processes, encryption, logical and physical access control
Violations - Disclosure - most are a result of human error, oversight, or ineptitude.

Question 4

Q

Integrity

Answer

A

no unauthorized modifications, consistent data, protecting data or a resource from being altered in an unauthorized fashion. ensures that data is not altered without authorization

Question 5

Q

Availability

Answer

A

reliable and timely, accessible, fault tolerance and recovery procedures, WHEN NEEDED

Question 6

Q

IAAA

Answer

A

requirements for accountability.

Identification, Authentication, accountability, Authorization

Question 7

Q

Identification

Answer

A

user claims identity, used for users access control

Question 8

Q

Authentication

Answer

A

testing of evidence of users identity

Verifies the claimed identity of system users and is a major function of cryptosystems

Question 9

Q

Accountability

Answer

A

determine actions to an individual person

Question 10

Q

Authorization

Answer

A

rights and permissions granted

Question 11

Q

Privacy

Answer

A

Level of confidentiality and privacy protections.

protecting personal information from disclosure to any unauthorized individual or entity

Question 12

Q

Risk

Answer

A

Not possible to get rid of all risk. Get risk to acceptable/tolerable level

Question 13

Q

ISO 27005

Answer

A

risk management frame work

Question 14

Q

ISO Respnsibilities

Answer

A

Written Products - ensure they are done
CIRT - Implement and Operate
Security Awareness - Provide leadership
Communicate - Risk to higher management
Report to as high a level as possible
Security is everyone's responsibility

Question 15

Q

Control Frameworks

Answer

A

Consistent - Approach &amp; application
Measurable - way to determine progress
Standardized - All the Same
Comprehension - examine everything
Modular - to help in review and adaptive. layered, abstraction

Question 16

Q

Due Care

Answer

A

to do all that you could have reasonably done to try and prevent security breach/ compromise / disaster, and took the necessary steps required as countermeasures / controls (safeguards). The benefit of “due care” can be seen as the difference between the damage with or without “due care” safeguards in place. AKA doing something about the threats, failing to perform periodic security audits can result in the perception that due care is not being maintained

Question 17

Q

Due Diligence

Answer

A

means that the company properly investigated all of its possibly weaknesses and vulnerabilities AKA understanding the threats

Question 18

Q

What is a man-in-the-middle attack

Answer

A

an attack in which a malicious user is positioned between the the 2 endpoints of a communication’s link

Question 19

Q

what is a reply attack

Answer

A

a malicious user records the traffic between a client and a server and then retransmits them to the server with slight variations of the timestamp and source ip address. it is similar to hijacking

Question 20

Q

What is a sniffer attack

Answer

A

Any Activity that results in a malicious user obtaining information about a network or the traffic over that network. Data is captured using a sniffer or protocol analyzer.

Question 21

Q

What is a spamming attack

Answer

A

Directing floods of messages to a victim’s email inbox or other messaging system. Suck attacks cause DoS issues by filling up storage space and preventing legitimate messages from being delivered

Question 22

Q

List the security features offered by the Network layer of the OSI model.

Answer

A

The Network layer (layer 3) offers confidentiality, authentication, and integrity.

Question 23

Q

What are the five generation types of firewalls?

Answer

A

Static packet filtering, application-level gateway, stateful inspection, dynamic packet filtering, and kernel proxy

Question 24

Q

What is a Proxy

Answer

A

Any system that performs a function or requests a service on behalf of another system. Proxies are most often used to provide clients with Internet access while protecting their identity.

Question 25

Q

What are network and protocal security mechanisms

Answer

A

everything we just reviewed

Question 26

Q

Protocol services used to connect to LAN and WAN communication Technologies

Answer

A

Frame Relay, SMDS, SDH, SONET, X.25, ATM, SDLC, HDLC, ISDN

Question 27

Q

How are PVC, SVC, DTE, and DCE used in a Frame Relay network

Answer

A

Frame relay requires the use of a DTE and a DCE at each connection point. PVC is always available; SVC is established using the best paths currently available.

Question 28

Q

Remote access authentication mechanisms

Answer

A

Radius, Diameter, Tacacs, Tacacs+

Question 29

Q

What is tunneling, and why is it used?

Answer

A

A process that protects the contents of packets by encapsulating them in another protocol. This creates the logical illusion of a communications tunnel through an untrusted intermediary network.

Question 30

Q

What is a VPN?

Answer

A

A virtual private network (VPN) is a communication tunnel that provides point-to-point transmission of both authentication and data traffic over an intermediary network.

Question 31

Q

What are some common VPN protocols?

Answer

A

PPTP, L2TP, SSH, and IPsec (Note: SSL/TLS is a valid VPN protocol as well, but it’s not necessarily recognized on the exam as such.)

Question 32

Q

What are the two modes available through IPsec, and what do they do?

Answer

A

In transport mode, the IP packet data is encrypted, but the header is not. In tunnel mode, the entire IP packet is encrypted, and a new header is added to govern transmission through the tunnel.

Question 33

Q

What is NAT?

Answer

A

Network Address Translation (NAT) allows the private IP addresses defined in RFC 1918 to be used in a private network while still being able to communicate with the Internet.

Question 34

Q

What is transparency?

Answer

A

A characteristic of a service, security control, or access mechanism that ensures it is unseen by users

Question 35

Q

What are some important aspects to consider when designing email security?

Answer

A

Nonrepudiation, access control, message integrity, source authentication, verified delivery, acceptable use policies, privacy, management, and backup and retention policies

Question 36

Q

What are possible mechanisms for adding security to email?

Answer

A

S/MIME, MOSS, PEM, and PGP

Question 37

Q

What are elements of effective user training against social-engineering attacks?

Answer

A

Always err on the side of caution whenever communications are odd or unexpected. Always request proof of identity. Identify what information can be conveyed via voice communications by classifying the information. Never change passwords over the phone.

Question 38

Q

What are the most common threats against communication systems?

Answer

A

Denial of service, eavesdropping, impersonation, replay, and modification

Question 39

Q

What are some countermeasures to eavesdropping?

Answer

A

Maintaining physical access security, using encryption, employing one-time authentication methods

Question 40

Q

What is an ARP attack?

Answer

A

The modification of ARP mappings. When ARP mappings are falsified, packets are not sent to their proper destination. ARP mappings can be attacked through spoofing. Spoofing provides false MAC addresses for requested IP addressed systems to redirect traffic to alternate destinations.

Question 41

Q

What is privacy?

Answer

A

Prevention of unauthorized intrusion, knowledge that information deemed personal or confidential won’t be shared with unauthorized entities, freedom from being observed without consent

Question 42

Q

What are the requirements for accountability?

Answer

A

Identification, authentication, authorization, and auditing

Question 43

Q

What is nonrepudiation?

Answer

A

Nonrepudiation prevents a subject from claiming not to have sent a message, not to have performed an action, or not to have been the cause of an event.
Prevents masquerading

Question 44

Q

What is layering?

Answer

A

Layering is the use of multiple controls in a series. The use of a multilayered solution allows for numerous controls to be brought to bear against whatever threats occur.

Question 45

Q

How is abstraction used?

Answer

A

Abstraction is used to collect similar elements into groups, classes, or roles that are assigned security controls, restrictions, or permissions.

Question 46

Q

What is data hiding?

Answer

A

Data hiding is preventing data from being known by a subject. Keeping a database from being accessed by unauthorized visitors is a form of data hiding.

Question 47

Q

What is change control or change management?

Answer

A

A mechanism used to systematically manage change. Typically, it involves extensive logging, auditing, and monitoring of activities related to security controls and security solutions.

Question 48

Q

What are the goals of change management?

Answer

A

Implementation of changes in an orderly manner, formalized testing, ability to reverse changes, ability to inform users of changes, systematical analysis of changes, minimization of negative impact of changes

Question 49

Q

What is data classification?

Answer

A

Data classification is the primary means by which data is protected based on categories of secrecy, sensitivity, or confidentiality.

Question 50

Q

What criteria are used to classify data?

Answer

A

Usefulness, timeliness, value or cost, maturity or age, lifetime or expiration period, disclosure damage assessment, modification damage assessment, national or business security implications, storage

Question 51

Q

What is the government/military data classification scheme?

Answer

A

Top secret, secret, confidential, sensitive, and unclassified

Question 52

Q

What is the commercial business/private sector classification scheme?

Answer

A

Confidential, private, sensitive, public

Question 53

Q

What are the elements of a termination procedure policy?

Answer

A

Have at least one witness; escort terminated employee off the premises immediately; collect identification, access, or security devices; perform exit interview; disable network account

Question 54

Q

What is the function of the data owner security role?

Answer

A

The data owner is responsible for classifying information for protection within the security solution.

Question 55

Q

What is the data custodian security role?

Answer

A

The data custodian is assigned the tasks of implementing the prescribed protection defined by the security policy and upper management.

Question 56

Q

What is the function of the auditor security role?

Answer

A

The auditor is responsible for testing and verifying that the security policy is properly implemented and the derived security solutions are adequate.

Question 57

Q

What should the documents that make up a formalized security structure include?

Answer

A

Policies, standards, baselines, guidelines, and procedures

Question 58

Q

What is generally involved in the processes of risk management?

Answer

A

Analyzing an environment for risks, evaluating each risk as to its likelihood and damage, assessing the cost of countermeasures, and creating a cost/benefit report to present to upper management

Question 59

Q

What should be considered when establishing the value of an asset?

Answer

A

Cost of purchase, development, maintenance, acquisition, and protection; value to owners/users/competitors; equity value; market valuation; liability of asset loss; and usefulness

Question 60

Q

What are the basics distinctions between qualitative and quantitative risk analysis?

Answer

A

Quantitative risk analysis assigns real dollar figures to the loss of an asset. Qualitative risk analysis assigns subjective and intangible values to the loss of an asset.

Question 61

Q

What are the four possible responses by upper/senior management to risk?

Answer

A

Reduce/mitigate, assign/transfer, accept, or reject/deny

Question 62

Q

What is residual risk?

Answer

A

Once countermeasures are implemented, the risk that remains is known as residual risk. Residual risk is the risk that management has chosen to accept rather than mitigate.

Question 63

Q

What is total risk?

Answer

A

The amount of risk an organization would face if no safeguards were implemented. A formula for total risk is threats * vulnerabilities * asset value = total risk.

Question 64

Q

What is the controls gap?

Answer

A

The difference between total risk and residual risk. The controls gap is the amount of risk that is reduced by implementing safeguards.

Answer 65

A

Awareness, training, and education

Answer 66

A

A strategic plan is a long-term plan that is fairly stable. The tactical plan is a midterm plan that provides more details. Operational plans are short term and highly detailed.

Answer 67

A

One - A primary key is a key which has been chosen to be the principal (or primary) representative attribute for that row of data. The primary key is unique and that attribute is then used throughout the database and is accessed and passed around to other tables as the representative attribute for the data in question.

In practice, the primary key attribute is also marked as NOT NULL in most databases, meaning that attribute must always contain a value for the record to be inserted into the table.

Answer 68

A

Foreign key

Answer 69

A

Polyinstantiation

Answer 70

A

Certification and accreditation

Answer 71

A

Site accreditation

Answer 72

A

Dedicated security mode

Answer 73

A

Delete the file, disinfect the file, or quarantine the file.

Answer 74

A

Polymorphic virus

Answer 75

A

In the /etc/shadow file, much older systems may still use /etc/passwd.

Answer 76

A

Education

Answer 77

A

32BRAIDS

3DES, 2fish, Blowfish, RC4-6, AES, IDEA, DES, Serpent

Answer 78

A

DEERQ

Diffe-Hellman, ElGamal, Elliptic curve, RSA, Quantum

Answer 79

A

SYN, SYN/ACK, ACK

Answer 80

A

It sends overlapping packet fragments to the victim machine.
A teardrop attack is a denial-of-service (DoS) attack that involves sending fragmented packets to a target machine. Since the machine receiving such packets cannot reassemble them due to a bug in TCP/IP fragmentation reassembly, the packets overlap one another, crashing the target network device.

Answer 81

A

Trap door (or back door) or maintenance hook

Answer 82

A

1 XOR 1 = 0
1 XOR 0 = 1
0 XOR 0 = 0

Answer 83

A

One-way function also a hash
hashes are also known as the following: message digest, hash value, hash total, CRC, fingerprint, checksum, and digital ID

Answer 84

A

Obscure the meaning of a message

Answer 85

A

False - Code Words and help provide the meaning of a message

Answer 86

A

Diffusion

Answer 87

A

Simple substitution

Answer 88

A

A cryptosystem should be secure even if everything about the system, except the key, is public knowledge.
– Auguste Kerckhoffs

Answer 89

A

56 bits (8bits are used for parity (error correcting)

Answer 90

A

International Data Encryption Algorithm
Block cipher and free for public use
128-bit key 64-bit block
used in PGP
Intended as a replacement for DES

Answer 91

A

Advanced Encryption Standard or Rijndael
128, 192, 256-bit key, 128-bit block
first and only publicly accessible cipher approved by the US NSA for top secret information

Answer 92

A

Key exchange

Answer 93

A

Hashed Message authentication code 
implements a partial digital signature - it guarantees the integrity of a message during transmission.
It does not provide nonrepudiation
HMAC-SHA256 ...
Variable Hash value length
adds Authentication and Integrity

Answer 94

A

DSA - Digital Signature Algorithm
RSA - Rivest-Shamir-Adleman
ECDSA - Elliptic Curve Digital Signature Algorithm
Think Asymmetric Encryption Algorithms

Answer 95

A

Enrollment

Answer 96

A

Certificate authorities (CAs)

Answer 97

A

Privacy Enhanced Mail - An email encryption mechanism that provides authentication, integrity, confidentiality, and nonrepudiation. PEM is a layer 7 protocol

Answer 98

A

Secure Hypertext Transfer Protocol (S-HTTP) - encrypts only the served page data and submitted data like POST fields, this leaving the initiation of the protocol unchanged. Port 80 since headers are unencypted

Hypertext Transfer Protocol Secure (HTTPS) - Provides authentication and integrity using SSL/TLS encryption on port 443.

Answer 99

A

Secure Electronic Transaction - a communications protocol standard for securing credit card transactions over networks. A set of security protocols and formats that enabled users to employ the existing credit card payment infrastructure on an open network in a secure fashion.
Cryptographic methods used: RSA public key cryptography and DES private key cryptography in connection with digital certificates

Answer 100

A

Authentication Header (AH), Encapsulating Security Payload (ESP), IP Payload Compression protocol (IPComp), and Internet Key Exchange (IKE)

Answer 101

A

Replay attack

Answer 102

A

The certificate was compromised, the certificate was erroneously issued, the certificate details changed, the private key was exposed, or there was a change of security association.

Answer 103

A

Asymmetric

Answer 104

A

technology allows multiple users to make use of the same process without interfering with each other.
The ability of a CPU to provide multiple threads of execution concurrently sharing the resources of a single core. parallel execution

Answer 105

A

Concurrent execution of multiple tasks (or processes). This is not parrallel execution.

Answer 106

A

using 2 or more CPUs (not cores)

Answer 107

A

System mode, privileged mode, supervisory mode, and kernel mode.
Ring 0

Answer 108

A

When the CPU needs information from one of its registers to complete an operation.

Answer 109

A

Not a memory addressing scheme but a way of referring to data that is supplied to the CPU as part of an instruction

Answer 110

A

CPU is provided with an actual address of the memory location to access

Answer 111

A

The memory address supplied to the CPU as part of the instruction doesn’t contain the actual value that the CPU is to use as an operand.

Answer 112

A

uses a value stored in one of the CPU’s registers as the base location from which to begin counting. CPU than adds the offset supplied with the instruction to that base address and retrieves the operand from the computer memory location

Answer 113

A

Read only memory. PC cannot change once written

Answer 114

A

Programmable read-only memory. Similar to a ROM chip but allows the end user to “burn in the chip’s content at a later date.” Once burned in no further changes are possible

Answer 115

A

Erasable Programmable Read-Only Memory - 2 subcategories UVEPROM and EEPROM
UVEPROM - Ultraviolet EPROMs can be erased with a light.
EEPROM - Electronically EPROM - Uses electric voltages delivered to the pins of the chip to force erasure.

Answer 116

A

Write Once Read Many

Answer 117

A

Also known as main memory or primary memory is typically the largest RAM storage resource available to a computer and normally composed of DRAM chips.

Answer 118

A

Fastest and closest memory to the CPU. Can be referenced as Registers

Answer 119

A

CPU onboard memory. All data used by the ALU must be loaded in to a register. It is part of the ALU

Answer 120

A

quality of information, which could cause harm or damage if disclosed

Answer 121

A

Act of decision where an operator can influence or control disclosure in order to minimize harm or damage

Answer 122

A

The level to which information is mission critical is its measure of criticality.

Answer 123

A

Act of hiding or preventing disclosure.

Answer 124

A

act of keeping something a secret or preventing the disclosure of information

Answer 125

A

keeping information confidential that is personally identifiable or that might cause harm, embarrassment, or disgrace to someone if revealed.

Answer 126

A

Storing something in an out-of-the-way location

Answer 127

A

Act of keeping something separated from others

Answer 128

A

Sensitivity, Discretion, Criticality, Concealment, Secrecy, Privacy, Seclusion. Isolation

Answer 129

A

Accuracy, Truthfulness, Authenticity, Validity, Nonrepudiation, Accountability, Responsibility, Completeness, Comprehensiveness

Answer 130

A

Being correct and precise

Answer 131

A

Being a true reflection of reality

Answer 132

A

Being authentic or genuine

Answer 133

A

Being factually or logically sound

Answer 134

A

Not being able to deny having performed an action or activity or being able to verify the origin of a communication or event

Answer 135

A

Being responsible or obligated for actions and results

Answer 136

A

having all needed and necessary components or parts

Answer 137

A

Being complete in scope; the full inclusion of all needed elements

Answer 138

A

Usability, Accessibility, Timeliness

Answer 139

A

The state of being easy to use or learn or being able to be understood and controlled by a subject

Answer 140

A

Assurance that the widest range of subjects can interact with a resource regardless of their capabilities or limitations

Answer 141

A

Being prompt, on time, within a reasonable time frame, or providing low-latency response

Answer 142

A

Claiming to be an identity when attempting to access a secured area or system

Answer 143

A

Proving that you are the identity (password, pin, …)

Answer 144

A

Defining the permissions (allow/grant or deny) of a resource and object access for a specific identity

Answer 145

A

Recording of log of the events and activities related to the system and subjects

Answer 146

A

AKA Accountability Reviewing logs files to check for compliance and violations in order to hold subjects accountable for their actions

Answer 147

A

Also known as defense in depth. key concepts Abstraction, Data hiding, Encryption

Answer 148

A

Use for efficiency. Similar elements are put into groups, classes, or roles that are assigned security controls, restrictions, or permission as a collective.

Answer 149

A

Preventing data from being discovered or accessed. Act of intentionally positioning data so that it is not viewable or accessible to an unauthorized subject.

Answer 150

A

art and science of hiding the meaning or intent of a communications from unintended recipients

Answer 151

A

The collection of practices related to supporting defining, and directing the security efforts of an organization. The implementation of a security solution and a management method that are tightly interconnected. Security needs to be managed and governed throughout the organizations, not just in the IT department. NIST 800-53, 800-100

Answer 152

A

Top-down - Senior management is responsible for initiating and defining policies for the organization. Middle management to flesh out the security policy into standards, baselines, guidelines, and procedures. Operational managers or security professionals must then implement the configurations prescribed in the security management documentation and end users must comply with all the security policies of the organization

Answer 153

A

Senior management must approve.

Answer 154

A

Long term 5 years that is stable

Answer 155

A

midterm - 1 year- provides more details on accomplishing the goals set forth in the strategic plan or can be crafted ad hoc based upon unpredicted events.

Answer 156

A

Short-term, highly detailed plan based on the strategic and tactical plans. Only useful or valid for a short time.

Answer 157

A

Needs to address every aspect of an organization this includes the organizational processes of acquisitions, divestitures, and governance committees.

Answer 158

A

is to ensure that any change does not lead to reduced or compromised security

Answer 159

A

1) Implement changes in a monitored or orderly manner.
2) Formalized testing process is included to verify that a change produces expected results.
3) All changes can be reversed (backout or rollback)
4) Users are informed of changes before they occur to prevent loss of productivity
5) effects of changes are systematically analyzed to determine whether security or business processes are negatively affected.
6) Negative impact of changes on capabilities, functionality, and performance is minimized
7) Changes are reviewed and approved by a change advisory board (CAB)

Answer 160

A

Primary means by which data is protected based on its need for secrecy, sensitivity, or confidentiality

Answer 161

A

required once an asset no longer warrants or needs the protection of its currently assigned classification or sensitivity level.

Answer 162

A

drastic effects and cause grave damage to national security

Answer 163

A

significant effects and cause critical damage to national security

Answer 164

A

noticeable effects and cause serious damage to national security

Answer 165

A

used for data that is neither sensitive nor classified.

Answer 166

A

U.S. Can Stop Terrorism
U - Unclassified
S - Sensitive …

Answer 167

A

Extremely sensitive and for internal use only

Answer 168

A

personal nature and intended for internal use only

Answer 169

A

Negative impact could occur for the company if disclosed

Answer 170

A

lowest used for data that does not fit in Sensitive, Private or Confidential

Answer 171

A

People Should Prevent Communism
P - Public
S - Sensitive …

Answer 172

A

Trained and experienced network, system, and security engineer. functional responsibility for security, including writing the security policy and implementing it. Often filled by a team that is responsible for designing and implementing security solutions based on the approved security policy.

Answer 173

A

responsible for classifying information. typically a high-level manager

Answer 174

A

implementing the prescribed protection defined by the security policy and senior management

Answer 175

A

any person who has access to the secured system

Answer 176

A

Reviewing and verifying that the security policy is properly implemented and the derived security solution are adequate

Answer 177

A

COBIT, Open Source Security Testing methodology Manual (OSSTMM), ISO/IEC 27002 (replaced ISO 17799), Information Technology Infrastructure Library (ITIL)

Answer 178

A

Documented set of best IT security practices crafted by the Information systems Audit and Control Association (ISACA).
Principle 1: Meeting stake holder needs
P 2: Covering Enterprise End to End
P 3: Applying a single, Integrated Frame work
P 4: Enabling a Holistic Approach
P 5: Separating Governance from Management

Answer 179

A

Peer reviewed guide for the testing and analysis of a security infrastructure

Answer 180

A

International and replaced ISO 17799 the basis of implementing organizational security and related management practices

Answer 181

A

Initially crafted by the British government, set of recommended best practices for core IT security and operational processes and is often used as a starting point for crafting of a customized IT security solution.

Answer 182

A

Using reasonable care to protect the interests of an organization. The Action

Answer 183

A

Practicing the activities that maintain the due care effort. Research

Answer 184

A

showing both due care and due diligence is the only way to disprove negligence in an occurrence of loss.

Answer 185

A

Focuses on issues relevant to every aspect of an organization.

Answer 186

A

Required whenever industry or legal standard are applicable to your organization

Answer 187

A

Discusses behaviors and activities that are acceptable and defines consequences of violations

Answer 188

A

is designed to provide information or knowledge about a specific subject, such as company goals, mission statements, or how the organization interacts with partners and customers

Answer 189

A

Must! Define compulsory requirements for the homogeneous use of hardware, software, technology, and security controls. They provide a course of action by which technology and procedures are uniformly implemented throughout an organization.

Answer 190

A

Minimum level of security that every system throughout the organization must meet. Operationally focused . Goals of the security policy and requirements of the standards and defines them specifically. Used to compare IT systems

Answer 191

A

offers recommendations on how standards and baselines are implemented and serves as an operational guide for both security professionals and users.

Answer 192

A

Step by step document describes actions to implement a specific security mechanism, control, or solution.

Answer 193

A

Implement security at each stage of a product’s development.

Answer 194

A

Secure by Design, Secure by Default, Secure in Deployment and Communication.

Answer 195

A

Takes place during the early stages of systems development, specifically during initial design and specifications.

Answer 196

A

takes place after a product has been created and deployed.

Answer 197

A

Focused on Assets - identify threats to the valuable assets.
Focused on Attackers - Identify Potential attackers and identify the threats they represent base on attack goals
Focused on Software - Identify Potential threats against the software.

Answer 198

A

Threat categorization scheme developed by Microsoft.
Spoofing
Tampering
Repudiation
Information disclosure
Denial of Service
Elevation of Privilege

Answer 199

A

Process of Attack Simulation and Threat Analysis.
Risk centric 7 stage threat modeling methodology.
Stage 1: Definition of the Objectives (DO) for the Analysis of Risks
Stage 2: Definition of the Technical Scope (DTS)
Stage 3: Application Decomposition and Analysis (ADA)
4: Threat Analysis (TA)
5: Weakness and Vulnerability Analysis (WVA)
6: Attack Modeling & Simulation (AMS)
7: Risk Analysis & Management (RAM)

Answer 200

A

Risk-based threat modeling methodology approach. a method of performing a security audit in a reliable and repeatable procedure.

Answer 201

A

Visual, Agile, and Simple Threat
Threat modeling concept based on Agile project management and Programming principles. Goal is to integrate threat and risk management into an Agile Programming environment on a scalable basis.

Answer 202

A

Damage potential, Reproducibility, Exploitability, Affected users, Discoverability.
Qualitative and flexible rating solution for Prioritizing and Responding to risk

Answer 203

A

The type and extent of access the position requires on the secured network.

Answer 204

A

Security concept in which significant and sensitive work tasks are divided among several individual administrators or high-level operators.
This acts as a protection against collusion.

Answer 205

A

Occurrence of negative activity undertaken by two or more people often for the purpose of fraud, theft, or espionage.

Answer 206

A

Rotating employees among multiple job positions, is simply a means by which an organization improves its overall security

Answer 207

A

Used to protect the confidential information within an organization from being disclosed by a former employee

Answer 208

A

Prevent an employee with special knowledge of secrets from one organization from working in a competing organization in order to prevent that second organization from benefiting from the worker’s special knowledge of secrets.

Answer 209

A

Is the process of adding new employees to the identity and access management (IAM) system of an organization

Answer 210

A

It is the removal of an employee’s identity from the IAM system once that person has left the organization

Answer 211

A

with at least one witness, preferably a higher-level manager and/or a security guard.

Answer 212

A

1) Inform the person that they are relieved of their job
2) Request the return of all access badges, keys… Property
3) Disable the person’s electronic access to all aspects of the organization
4) Remind the person about the NDA obligations
5) Escort the person off the premises

Answer 213

A

At the start of the exit interview

Answer 214

A

Policy used to define the levels of performance expectations, compensations, and consequences for entities, persons, or organizations that are external to the primary organization. Common items addressed in SLAs: System up time. Maximum consecutive downtime, Peak load, Average load, Responsibility for diagnostics, Failover time

Answer 215

A

The act of conforming to or adhering to rules, policies, regulations, standards, or requirements

Answer 216

A

Payment Card Industry Data Security Standard.

Answer 217

A

Active prevention of unauthorized access to information that is personally identifiable.
Freedom from unauthorized access to information deemed personal or confidential
Freedom from being observed, monitored, or examined without consent or knowledge

Answer 218

A

The collection of practices related to supporting, defining, and directing the security efforts of an organization

Answer 219

A

the system of oversight that may be mandated by law, regulation, industry standards, contractual obligation, or licensing requirements.

Answer 220

A

The process of reading the exchange materials and verifying them against standard and expectations and is typically performed before any on-site inspection takes place. If the documentation is incomplete, inaccurate, or otherwise insufficient, the on-site review is postponed until the documentation can be updated and corrected.

Answer 221

A

reduce risk to an acceptable level

Answer 222

A

is anything within an environment that should be protected. It is anything used in a business process or task. examples: computer file, network service, system resource, process, program, product, IT infrastructure, database, hardware device furniture, product recipes/formulas, intellectual property, personnel, software, facilities and so on.

Answer 223

A

Dollar value assigned to an asset based on actual cost and nonmonetary expenses

Answer 224

A

any Potential occurrence that may cause an undesirable or unwanted outcome for an organization or for a specific asset.

Answer 225

A

The weakness in an asset or the absence or the weakness of a safeguard or countermeasure.

Answer 226

A

is being susceptible to asset loss because of a threat; there is the possibility that a vulnerability can or will be exploited by a threat agent or event

Answer 227

A

possibility or likelihood that a threat will exploit a vulnerability to cause harm to an asset. Risk = Threat * vulnerability

Answer 228

A

can also be called security control, or countermeasure

Is anything that removes or reduces a vulnerability or protects against one or ore specific threats

Answer 229

A

is the exploitation of a vulnerability by a threat agent

Answer 230

A

is the occurrence of a security mechanism being bypassed or thwarted

Answer 231

A

Assign Asset Value (AV)
Calculate Exposure Factor (EF)
Calculate Single loss expectancy (SLE)
Assess the annualized rate of occurrence (ARO)
Derive the annualized loss expectancy (ALE)
Perform cost/benefit analysis of countermeasures

Answer 232

A

Percentage of loss that an organization would experience if a specific asset were violated by a realized risk.

Answer 233

A

= Asset Value (AV) * Exposure Factor (EF)

Answer 234

A

is the expected frequency with which a specific threat or risk will occur within a single year

Answer 235

A

Possible yearly cost of all instances of a specific realized threat against a specific asset.
= Single Loss Expectancy (SLE) * Annualized Rate of Occurrence (ARO)

Answer 236

A

Brainstorming, Delphi technique (anonymous feedback-and-response process used to enable a group to reach an anonymous consensus), Storyboarding, Focus groups, Surveys, Questionnaires, Checklists, One-on-one meetings, Interviews

Answer 237

A

Reduce or mitigate
Assign or transfer
Accept
Deter
Avoid
Reject or ignore

Answer 238

A

Risk management Framework

Answer 239

A

a guideline or recipe for how risk is to be assessed, resolved, and monitored

Answer 240

A

1 Categorize - The information system and the information processed, stored and transmitted by that system

2 Select - an initial set of baseline security controls for the information system based on the security categorization; tailoring the supplementing the security control baseline as needed.

3 Implement - security controls and describe how the controls are employed within the information system and its environment of operation

4 Assess - Security controls using appropriate assessment procedures to determine the extent to which the controls are implemented correctly

5 Authorize - information system operation based on a determination of the risk to organizational operations and assets, individuals, other organizations, and the Nation resulting from the operation of the information system and the decision that this risk is acceptable

6 Monitor - the security controls in the information system on an ongoing, basis including assessing control effectiveness, documenting changes to the system or its environment of operation

Can Sara Implement Assurance At MonkeyJoe’s

Answer 241

A

keep the business making money.

Answer 242

A

1 Project scope and planning
2 Business impact assessment
3 Continuity Planning
4 Approval and Implementation

Please bring candy apples

Answer 243

A

Structured analysis of the Business’s Organization from a crisis planning point of view

Creation of a BCP team approved by senior management

Assessment of resources available to participate in business continuity activities

Analysis of the legal and regulatory landscape that governs and organization’s response to catastrophic event

Answer 244

A

Should include all departments and individuals who have a stake in the BCP process

Operational departments - core services the business provides to its clients

Critical support services - IT, facilities, maintenance personnel, groups responsible for upkeep of the Operational departments

Corporate Security teams - physical security

Senior executives/key individuals - essential for the ongoing viability of the organization

Answer 245

A

Quantitative and Qualitative Decision making

Identify Priorities
Risk Identification
Likelihood Assessment
Impact Assessment
Resource Prioritization

Is Risk Likely In Research

Answer 246

A

Maximum tolerable downtime or Maximum tolerable outage
Maximum length of time a business function can be inoperable without causing irreparable harm to the business.

A Disasters is declared after the MTD/MTO

Answer 247

A

Recovery time objective
Amount of time you can feasibly recover the function in the event of a disruption.

Recovery only begins after the MTD/MTO has passed.

Answer 248

A

Ensures BCP personnel have a written coninuity document to reference in the emergency.

Provides a historical record of the BCP process.

Forces the team members to commit their thoughts to paper.

Answer 249

A

1 Strategy development - Bridges the gap between the buiness impact assessment and the continuity planning phases of BCP development

2 Provisions and Processes - Develops Documents and designs procedureas and mechanisms that will mitigate the risks.

3 People - First priority make sure they are safe.

Answer 250

A

1 Criminal law
2 Civil
3 administrative

Answer 251

A

Preserve the peace and keep our society safe. acts such as murder, assault, robbery, and arson. Penalties for violating include community service, monetary penalties (fines) and deprivation of civil liberties (prison)

Answer 252

A

Bulk of all laws. designed to provide for an orderly society and govern matters that are not crimes but require an impartial arbiter to settle. Penalties usually include severe financial penalties

Answer 253

A

Executive Branch of our government. FCC, FDA, …

Answer 254

A

Computer Fraud and Abuse Act - 1984 - cover all “federal interest” computers. Malicious damage in excess of $1,000 later changed to $5,000

Amendments - 1994 - Outlawed the creation of any type of malicious code that might cause damage to a computer system.

covered any computer used in interstate commerce rather than just federal
Allowed for the imprisonment of offenders, regardless of whether they actually intended to cause dame
Provided legal authority for the victims of computer crime to purse civil action to gain injunctive relief and compensation for damages.

Amendment again in 1996, 2001, 2002, and 2008 now covers International.

Answer 255

A

Amendments to the CFAA - covers systems used in international commerce

Extends similar proctections to portions of the national infrastructure other than computing systesm, (railroads, gas pipelines, electric power grids, and telecommunications cirucitys.
Treats any intentional act that causes damage to national infrastructure as a felony

Answer 256

A

Federal Information Security Management ACT - 2002- requires that federal agencies implement an information security program that covers the agency operations.

Answer 257

A

2014 - series of bills into law.

Federal Information Systems Modernization Act which Modified the rules of FISMA by centralizing federal cybersecurity responsibility with the Department of Homeland Security
Cybersecurity Enhancement Act - which charges the NIST with responsibility for coordinating nationwide work on voluntary cybersecurity standards including NIST SP 800-53: Security and Privacy Controls for Federal Information systems and Organizations. NIST SP 800-171, NIST Cybersecurity Framework (CSF)
National Cybersecurity Protection Act - Charged the Department of Home Security with establishing a national cybersecurity and communications integration center.

Answer 258

A

Works of art until 70 years after death of last person or 75 after a corporation

Answer 259

A

Digital Millennium Copyright Act

prohibition of attempts to cirumvent copyright protection mechanisms placed on a protected work by the copyright holder. Penalties of $1,000,000 and 10 years in prison for repeat offenders.
Limits liability of Internet service providers when their circuits are used by criminals violating the copyright law.

Answer 260

A

Small TM symbol to show you intend to protect words or slogans. Official recognition requires registration with United States Patent and Trademark Office (USPTO) and uses the (R) symbol.
- granted for 10 years but can be renewed for unlimited successive 10-year periods

Answer 261

A

20 years from initial application

Must be new
must be useful
must not be obvious

Answer 262

A

You must implement adeqate controls within your organization to ensure that only authorized personnel with a need to know the secrets have access to them and that they are bound by a NDA.

Answer 263

A

Protects Trade Secrets

Imprisonment for 15 years and $500,000 fine for Intention of benefiting a foreign government
Imprisonment for 10 years and $250,000 for other circumstances

Answer 264

A

International Traffic in Arms Regulations - Controls the export of items that are specifically designated as military and defense items. Items covered appear on a list called the United States Munitions List (USML).

Answer 265

A

Export Administration Regulations - Covers a broader set of items than ITAR and are commercial in nature but has military applications. Items are listed in the Commerce Control List (CCL)

Answer 266

A

Cannot export high-performance computing systems to counties that are classified as state sponsors of terrorism. Cuba, Iran, North Korea, Sudan, and Syria

Answer 267

A

Controls the release of encryption products outside the US.

- Submit products for review by the Commerce Department. will take no longer than 30 days.

Answer 268

A

basis for privacy rights in the US.

Answer 269

A

Maintain only the records that are necessary for conducting their business and that they destroy those records when they are no longer needed for a legitimate function of government.

Answer 270

A

Electronic Communications Privacy Act of 1986- A crime to invade the electronic privacy of an individual. Increased Federal Wiretap Act to include unauthorized access of electronically stored data.

Answer 271

A

Communications assistance for Law Enforcement Act of 1994. Amended the Electronic Communications Privacy Act of 1986 to require all communications carriers to make wiretaps possible for law enforcement with an appropriate court order, regardless of the technology in use.

Answer 272

A

Health Insurance Portability and Accountability Act of 1996 - Strict security measures for hospitals, physicians, Insurance companies, and other organizations that process or store private medical information about individuals.

Answer 273

A

Health Information Technology for Economic and Clinical Health Act of 2009.
Amended HIPAA which updated many of HIPAA’s privacy and security requirements and was implemented through the HIPAA Omnibus Rule in 2013
- Any relationship between a covered entity and a business associate must be governed by a written contract known as a business associate agreement (BAA) and must protect Protected Health Information (PHI)
2019 Amendment - new data breach noticication requirements with the HITECH breach Notification Rule

Answer 274

A

Children’s Online Privacy Protection Act of 1998 - April of 2000

Parents must give verifiable consent to collection of information about children younger than the age of 13
websites must have a privacy notice that clearly states the types of information they collect.
Parents must be provided with teh opportunity to review any information collected from their children and permanently delete it.

Answer 275

A

Gramm-Leach-Bililey Act of 1999

Banks, insurance companies, and credit providers were severely limited in the services they could provide and share.
Financial institutions must provide written privacy policies to all their customers

Answer 276

A

Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism.

wiretapping easier
blanket authorization for a person and then monitor all communications to or from that person under the single warrant.

Answer 277

A

Family Educational Rights and Privacy Act

Parents/students have the right to inspect any educational records maintained by the institution
Right to request correction of records they think are erroneous and the right to include a statement in the records contesting anything that is not corrected
Schools may not release personal information from student records without written consent.

Answer 278

A

1998 - identity theft a crime against the person whose identity was stolen and provides server criminal penalties for anyone found guilty. 15 year prison and/or $250,000

Answer 279

A

European Union General Data Protection Regulation 2016

Data breach notification 72 hours
centralized data protection authorities in each EU member state
individuals will have access to their own data
data portability for transfer of personal information between service providers at the individual’s request
right to be forgotten

Answer 280

A

Personally Identifiable Information
Any information that can identify an individual.
National Institute of Standards and Technology (NIST) Special Publications (SP) 800-122

Answer 281

A

Protected health information
- HIPAA mandates the protection of PHI
- Health information means any information, whether oral or recorded in any form or medium, that
1 - Created or received by a health care provider, health plan, public health authority, employer, life insurer, school or university, or health care clearinghouse
2 - relates to the past, present, or future physical or mental health or condition of any individual, the provision of health care to an individual, or the past, present, future payment for provision of health care to an individual

Answer 282

A

Trade Secrets

- refers to any data that helps an organization maintain a competitive edge.

Answer 283

A

Advanced persistent threat 1 - Group operating out of China that stole lots of data from commercial industry

Answer 284

A

APT 28 and APT 29
U.S. Department of Homeland Security (DHS) and Federal Bureau of Investigation (FBI) analysis report documenting Russian malicious Cyber activity targeting US government entities and politics.

Answer 285

A

Some nongovernment organizations use labels for classifying data. Class 3 is the highest (Confidential or Proprietary and Class 0 the lowest public.

Civilian organizations aren’t required to use any specific classification labels.

Answer 286

A

Converts cleartext into scrambled ciphertext and makes it more difficult to read.

Answer 287

A

data stored on media such as system hard drives, external USB drives, storage area networks (SANs), and backup tapes

Answer 288

A

also known as Data in motion any data transmitted over a network

Answer 289

A

data in memory or temporary storage buffers, while an application is using it. RAM, Cache, Registries …

Answer 290

A

Data loss prevention systems. Can use headers, footers, and watermarks (data labels) to identify documents that include sensitive information and apply the appropriate security controls.

Answer 291

A

NIST SP 800-88r1

Answer 292

A

Approved disintegrator which shred the SSDs to a size of 2 millimetres or smaller.

Answer 293

A

Simply performing a delete operation against a file

Answer 294

A

is a process of preparing media for reuse and ensuring that the cleared data cannot be recovered using traditional recovery tools

Answer 295

A

more intense form of clearing that prepares media for reuse in less secure environments

Answer 296

A

creates a strong magnetic field that erases data on some media in a process called degaussing. Degaussing a hard disk will normally destroy the electronics used to access the data.

Answer 297

A

Final stage in the lifecycle of media and is the most secure method of sanitizing media

Answer 298

A

involves retaining and maintaining important information as long as it is needed and destroying it when it is no longer needed. Organization’s security policy or data policy typically identifies retention timeframes.

Answer 299

A

uses the same key to encrypt and decrypt data

Answer 300

A

Advanced Encryption Standard
Symmetric
128, 192, 256 bits key size

Answer 301

A

3DES
Replacement for DES
Symmetric 
56-bit keys (112 or 168 also available)
8-bits for parity (error correction)

Answer 302

A

Symmetric
First to use salt
32 to 448 bits
bcrypt is based on Blowfish
Bcrypt adds 128 additional bits as a salt to protect against rainbow table attacks

Answer 303

A

Padding Oracle On Downgraded Legacy Encryption

Discovered by Google and showed SSL is susceptible.

Answer 304

A

Virtual Private Networks

allow employees to access the organization’s internal network from their home or while traveling

Answer 305

A

Combined with Layer 2 Tunneling Protocol (L2TP) for VPNs. L2TP transmits data in cleartext, but L2TP/IPsec encrypts data and sends it over the internet using Tunnel mode to protect while in transit. includes AH and ESP

When used in transport mode only the packet payload is encrtypted. This mode is designed for peer-to-peer communication.
When used in tunnel mode the entire packet, including the header, is encrypted. This mode is designed for gateway to gateway communication.

Answer 306

A

Authentication Header - Protocol 51
provides authentication and integrity
Transport mode only

Answer 307

A

Encapsulating Security Payload - Protocol 50
provides confidentiality
in Transport mode only that packet data is encrypted in tunnel mode entire IP packet is encrypted.

Answer 308

A

are secure protocols used to transfer encrypted files over a network.

Answer 309

A

Transmit data in cleartext so not appropriate for transmitting sensitive data over a network

Answer 310

A

Person who has ultimate organizational responsibility for data. Chief Executive Officer (CEO), president, or department (DH)

Answer 311

A

also System Owner

is the person who owns the asset or system that processes sensitive data. typically the same person as the data owner

Answer 312

A

Can be the same as System owner or can overlap responsibilities

Answer 313

A

Any system used to process data but can also be
A natural or legal person, public authority, agency, or other body, which processes personal data solely on behalf of the data controller

Answer 314

A

Program to replace Safe Harbor Program and makes sure the US is compliant with the EU GDPR.
Administered by the US department of commerce and International Trade Administration (ITA)

Answer 315

A

process of using pseudonyms to represent other data and can refer to several pieces of information on a single data point

Answer 316

A

process of removing all relevant data so that it is impossible to identify the original subject or person.

Answer 317

A

form of anonymization that swaps data in individual data columns so that records no longer represent the actual data.

Answer 318

A

responsible for granting appropriate access to personnel. They don’t necessarily have full administrator rights and privileges, but they do have the ability to assign permissions

Answer 319

A

helps protect the integrity and security of the data by ensuring that it is properly stored and protected. Responsible for the day-to-day tasks.

Answer 320

A

any person who accesses data via a computing system to accomplish work tasks

Answer 321

A

California Online Privacy Protection Act
Requires a conspicuously posted privacy policy for any commercial websites or online services that collect personal information of California residents

Answer 322

A

Security control baselines as a list of security controls
A single set of controls does not apply to all situations, but any organization can select a set of baseline controls and tailor it to its needs

Answer 323

A

reviewing a list of baseline controls and selecting only those controls that apply to the IT system you’re trying to protect

Answer 324

A

Modifying the list of security controls within a baseline so that they align with the mission or the organization

Answer 325

A

Shift the letter X places to the right. ROT3 (Caesar Cipher) A becomes D, B becomes E

Answer 326

A

German WWII machine that used a series of 3 to 6 rotors to implement substitution

Answer 327

A

Japanese WWII similar machine to the Enigma

Answer 328

A

uses a shared key

Answer 329

A

uses individual combinations of public and private keys for each users of the system

Answer 330

A

enforce message integrity through the use of encrypted messages.

Answer 331

A

represents a message when encryption functions are described

Answer 332

A

a concept that makes algorithms known and public, allowing anyone to examine and test them. Cryptographic system should be secure even if everything about the system, except the key, is public knowledge. The principle can be summed up as “The enemy knows the system.”

Answer 333

A

Same as Cryptographic keys

Answer 334

A

The study of methods to defeat codes and ciphers

Answer 335

A

Cryptography and cryptanalysis are commonly referred to as Cryptology

Answer 336

A

Federal Information Processing Standard “Security Requirements for Cryptographic Modules,” defines the hardware and software requirements for cryptographic modules that the federal government uses.

Answer 337

A

Logical Operation for “AND”

Answer 338

A

Logical Operation for “OR”

Answer 339

A

Logical Operation for “NOT”

Answer 340

A

Exclusive OR

Answer 341

A

Remainder - remainder value left over after a division operation is preformed. Represented in equations by mod or %

Answer 342

A

Random number that acts as a placeholder variable in functions

must be unique each time it is used
example initialization Vectors (IV)

Answer 343

A

Initialization Vectors

a random bit string that is the same length as the block size and is XORed with the message.
are used to create unique ciphertext every time the same message is encrypted using the same key

Answer 344

A

The magic door.

Answer 345

A

M of N Control requires that a minimum number of agents (M) out of the total number of agents (N) work together to perform high-security tasks

Answer 346

A

The strength of a cryptography system is measuring the effort in terms of cost and/or time.

Answer 347

A

Hide the true meaning of plain text

Answer 348

A

use an encryption algorithm to rearrange the letters of a plaintext message, forming the ciphertext message

Answer 349

A

use the encryption algorithm to replace each character or bit of the paintext message with a different character (Caesar Cipher)

Answer 350

A

uses a single encryption/decryption chart encrypt the paintext - Substitution Cipher

Answer 351

A

As so know as Vernam ciphers.
C = (P + K) mod 26
They are unbreakable if used properly
- Pad must be randomly generated.
- Pad must be physically protected against desclosure
- Pad may only be used once
- Key must be at least as long as the message to be encrypted.

Answer 352

A

Also known as a book cipher

Key is as long as the message and is often chosen from a common book.

Answer 353

A

Chunks or blocks of a message and apply the encryption algorithm to an entire message block at the same time

Answer 354

A

RC4

operate on one character or bit of a message at a time

Answer 355

A

Cryptographic algorithms rely on these 2 basic operations to obscure plaintext.

Confusion occurs when the relationship between the plaintext and the key is so complicated that an attacker can’t merely continue altering the plaintext and analyzing the resulting ciphertext to determine the key
Diffusion occurs when a change in the plaintext results in multiple changes spread throughout the ciphertext.

Answer 356

A

Key Distribution
Does not implement nonrepudiation (at least 2 people know the key)
Algorithm is not scalable n(n-1)/2
Keys must be regenerated often (each time someone leaves).

Answer 357

A

Also known as Public Key Algorithms solve the symmetric key issues
- It also provides support for Digital Signatures

Answer 358

A

Single shared key vs key pair sets
Out-of-band exchange vs In-band exchange
Not scalable vs Scalable
Fast vs slow
Bulk encryption vs Small blocks of data, digital signatures, digital envelopes, digital certificates
Confidentiality vs Confidentiality, integrity, authenticity, nonrepudiation

Answer 359

A

Data Encryption Standard 1977

Electronic Code Book (ECB) - Think easy least secure
Cipher Block Chaining Mode (CBC) - each Block of unencrypted text is XORed with the block of ciphertext immediately preceding it before it is encrypted
Cipher Feedback Mode (CFB) streaming cipher version of CBC. CFB operates against data produced in real time
Ouput Feedback Mode (OFB) similar to CFB but instead of XORing an encrypted version fo the previous block of ciphertext DES XORs the plaintext with a seed value
Counter Mode uses a stream cipher similar to that used in CFB and OFB modes - Great for parallel computing
Block size 64
Key size 56
8 bits for parity

Answer 360

A

3DES
replaced DES
- Block 64
- key 112 or 168

Answer 361

A

International Data Encryption Algorithm
used in PGP
- Block 64
- key size 128

Answer 362

A

First to use a Salt often used in SSH

Block size 64
key size 32-448

Answer 363

A

Private keys

Block 64
key 80

Answer 364

A

Advanced Encryption Standard

128-bit keys require 10 rounds of encryption
192-bit keys 12
256-bit keys 14

Block size of 128

Answer 365

A

Uses the techniques Prewhitening and Postwhitening

Prewhitening- XORing the plaintext with a separate subkey before the first round of encryption
Postwhitening - uses a similar operation after the 16th round of encryption
Block 128
key 1-256

Answer 366

A

One party provides the other party with the secret key by paper or storage media

Answer 367

A

exchanging secret keys afters using the PKI for initial communications to verify each other’s identity.

uses LDAP when integrating digital certificates into transmissions

Answer 368

A

Can be used when PKI is not available.

Answer 369

A

Fair cryptosystems

Escrowed encryption standard

Answer 370

A

The secret key is divided into 2 or more pieces, each of which is given to an independent third party.

Answer 371

A

basis behind Skipjack

a technological means to decrypt ciphertext

Answer 372

A

Large Prime numbers

Public key algorithm that remains the worldwide standard today

Answer 373

A

Asymmetric algorithm

super-increasing sets

Answer 374

A

disadvantage - it doubles the length of any message it encrypts.

Answer 375

A

also known as ECC
160 bit key size
y^2 = x^3 + ax + b

Answer 376

A

Hash of Variable Length
MD5 variant
128, 160, 192, 224, 256 bits value length

Answer 377

A

Message Digest 2

128 value length

Answer 378

A

Message Digest 4

128 value length

Answer 379

A

Message Digest 5

128 value length

Answer 380

A

Secure Hash Algorithm

160 value length

Answer 381

A

Secure Hash Algorithm

224 value length

Answer 382

A

Secure Hash Algorithm

256 value length

Answer 383

A

Secure Hash Algorithm

384 value length

Answer 384

A

Secure Hash Algorithm

512 value length

Answer 385

A

Federal Information Processing standard
also known as the Digital Signature Standard (DSS)
- all federally approved digital signature algorithms must use the SHA-3 hashing function

Answer 386

A

Enrollment

Answer 387

A

The digital signature of the CA is authentic
you trust the CA
certificate is not listed on a CRL
Certificate actually contains the data you are trusting

Answer 388

A

The certificate was compromised
The certificate was erroneously issued
The details of the certificate changed
The security association changed

Answer 389

A

Certificate Revocation Lists
- maintained by the various certificte authorities and contain the serial numbers of certificates that have been issued by a CA and have been revoked along with the date and time the revocation went into effect.

Answer 390

A

Online Certificate Status Protocol
This protocol eliminates the latency inherent in the use of certificate revocation lists by providing a means for real-time certificate verification.

Answer 391

A

Hardware security modules

Provide an effective way to manage encryption keys

Answer 392

A

Pretty Good Privacy
2 versions
- Commercial - RSA for key exchange, IDEA for encryption/decryption, and MD5 for message dgest
- OpenPGP - Diffie-Hellman (DH) for key exchange, Carlisle Adams/Stafford Tavares (CAST) 128-bit encryption/decryption algorithm, and SHA-1 for hashing.

Answer 393

A

Secure/Multipurpose Internet Mail Extensions
- RSA encryption
- X.509 certificates for digital signatures and for the exchange of symmetric keys used for longer communications sessions.
- supports AES and 3DES
De facto standard for mail encryption

Answer 394

A

art of using cyprographic techniques to embed secret messages within another message

Answer 395

A

Digital Rights Management
software that uses encryption to enforce copyright restrictions on digital media.

Document DRM restrictions

Reading a file
Modifying the contents of a file
Removing watermarks from a file
Downloading/saving a file
Printing a file
Taking screenshots of file content

Answer 396

A

Protects data traveling over networks
2 types
- Link Encryption
- End-to-End encryption

Answer 397

A

protects entire communications circuits by creating a secure tunnel between two points using either a hardware or software solution that encrypts all traffic entering one end of the tunnel and decrypts all traffic entering the other end.

Answer 398

A

protects communications between 2 parities and is performed independently of link encryption. TLS is an example.

Answer 399

A

Internet Security Association and key management Protocol
Provides background security support services for IPsec by negotiating, establishing, modifying, and deleting security associations.

Answer 400

A

WiFi Protected Access
Improves on WEP encryption by implementing the Temporal Key Integrity Protocol (TKIP), eliminating the cryptographic weaknesses that undermined WEP.
WPA 2 adds AES
- It does not provide End-to-End security on the wireless part is encrypted.

Answer 401

A

provides a flexible framework for authentication and key management in wired and wireless networks.

Answer 402

A

algebraic manipulation that attempts to reduce the complexity of the algorithm

Answer 403

A

exploits weaknesses in the implementation of a cryptography system

Answer 404

A

exploits statistical weaknesses in a cryptosystem such as floating-point errors and inability to produce truly random numbers.

Answer 405

A

attempts every possible valid combination for a key or password

Answer 406

A

Frequency Analysis

- used on simple ciphers such as substitution or transposition

Answer 407

A

Frequency Analysis

- has both the plaintext and encrypted message

Answer 408

A

attacker has the ability to decrypt chosen portions of the ciphertext message and use the decrypted portion on the message to discover the key

Answer 409

A

the ability to encrypt plaintext messages of their choosing and can then analyze the ciphertext output of the encryption algorithm

Answer 410

A

attacker uses a known plaintext message. the pain text is then encrypted using every possible key (k1), and the equivalent ciphertet is decrypted using all possible keys (k2)

Answer 411

A

a malicious individual sits between 2 communicating parties and intercepts all communications (including the setup of the cryptographic session).

Answer 412

A

works on cryptographic algorithms that don’t incorporate temporal protections. individual intercepts an encrypted message between 2 parties and then later “replays” the captured message to open a new session. Time stamp and expiration period will prevent this type of attack.

Answer 413

A

allows a process to read from and write to only certain memory locations and resources

Answer 414

A

limits set on the memory addresses and resources it can access

Answer 415

A

Sandbox

used to protect the operating environment, the kernel of the operating system, and other independent applications.

Answer 416

A

uses access rules to limit the access of a subject to an object. Access rules state which objects are valid for each subject

Answer 417

A

one in which all protection mechanisms work together to process sensitive data for many types of users while maintaining a stable and secure computing environment

Answer 418

A

as the degree of confidence in satisfaction of security needs

Answer 419

A

Trusted Computing Base
Orange Book/Trusted Computer System Evaluation Criteria (TCSEC)
U.S. Department of Defense standard DOD 5200.28

Answer 420

A

is an imaginary boundary that separates the TCB from the rest of the system

Answer 421

A

part of the TCB that validates access to every resource prior to granting access request

Answer 422

A

describes a system that is always secure no matter what state it is in

Answer 423

A

always boots into a secure state, maintains a secure state across all transitions, and allows subject to access resources only in a secure manner compliant with the security policy

Answer 424

A

focuses on the flow of information. Are baed on a state machine model. Bell and Biba - Secret cannot see Top Secret
Are designed to prevent unauthorized, insecure, or restricted information flow, often between different levels of security (these are often referred to as multilevel models).

Answer 425

A

based on information flow model.

Actions that take place at higher level do not interfere with low level

Answer 426

A

4 rules - Take/Grant and Create/Remove

Answer 427

A

is a table of subjects and objects that indicates the actions or functions that each subject can perform on each object

Answer 428

A

Only model that provides Confidentiality
Simple - no read up
* - no write down
Discretionary Security Property states that the system uses an access matrix to enforce discretionary access control

Answer 429

A

Uses a multifaceted approach to enforcing data integrity.
known as a triple or an access control triple
three-part relationship of subject/program/object or subject/transaction/object

Answer 430

A

Chinese Wall

permit access controls to change dynamically based on a user’s previous activity. Conflicts of interest

Answer 431

A

subjects are allowed only to perform predetermined actions against predetermined objects

Answer 432

A

focuses on preventing interference in support of integrity. use to prevent a covert channel

Answer 433

A

8 Ways - Secure creation and deletion of both subjects and objects.
Securely Create/delete an object/subject
Securely provide the read/grant/delete/transfer access right

Answer 434

A

TCSEC - 1980s- whole series of such publications through the mid-1990s
Category A - Verified protection. The highest level of security
Cat B - Mandatory protection
Cat C - Discretionary protection
Cat D - Minimal protection.

Answer 435

A

D - Minimal Protection
C1 - Discretionary Protection
C2 - Controlled Access Protection
B1 - Labeled Security
B2 - Structured protection
B3 - Security Domains
A1 - Verified Protection

Answer 436

A

Systems in a networking context

Answer 437

A

Password Management Guidelines, provides password creation and management guidelines, it’s important for those who configure and mange trusted systems

Answer 438

A

represents a more or less global effort that involves everybody who worked on TCSEC and ITSEC as well as other global players. 7 EAL

Answer 439

A

EAL1 - Functionally tested
EAL2 - Structurally tested
EAL3 - methodically tested and checked
EAL4 - Methodically designed, tested, and reviewed
EAL5 - Semi-formally designed and tested
EAL6 - Semi-formally verified, designed, and tested
EAL7 - Formally verified, designed, and tested

Answer 440

A

Often an internal verification of security and the results of the verification are trusted only by your organization

Answer 441

A

is often performed by a third-party testing service, and the results are trusted by everyone in the world who trusts that specific testing group involved

Answer 442

A

handling 2 or more task simultaneously

Answer 443

A

single chip with multiple execution cores that operate simultaneously

Answer 444

A

Multiprocessors - more than 1 cpu

Answer 445

A

symmetric multiprocessing - processors share a common operating system, data bus, and memory resources

Answer 446

A

Massively parallel processing - MPP systems house hundreds or thousands of processors, each of which has its own operating system and memory/bus resources.

Answer 447

A

involves the pseudosimultaneous execution of 2 tasks on a single processor coordinated by the operating system as a way to increase operational efficiency

Answer 448

A

permits multiple concurrent tasks to be performed within a single process. this is a single process which is different than multitasking

Answer 449

A

single-state systems require the use of policy mechanisms to mange information at different levels. TS can only handle TS

Answer 450

A

are capable of implementing a much higher level of security. Can handle multiple security levels simultaneously - TS, S, C all at once.

Answer 451

A

Operating states
Ready - Process is ready for execution
Waiting - Process is waiting on a resource or another process to finish
Running - is being processed on the CPU
Supervisory - process must perform an action that requires higher privileges
Stopped - when a process finishes or must be terminated

Answer 452

A

Dedicated Mode
System High Mode
Compartmented mode
Multilevel Mode

Answer 453

A

similar to single-state system

Each user must have a security clearance that permits access to all information processed by the system
Each user must have access approval for all information processed by the system.
Each user must have a valid need to know for all information processed by the system

Answer 454

A

Each user must have a valid security clearance that permits access to all information processed by the system
each user must have access approval for all information processed by the system
Each user must have a valid need to know for some information processed by the system but not necessarily all information processed by the system

Answer 455

A

Each user must have a valid security clearance that permits access to all information processed by the system
Each user must have access approval for any information they will have access to on the system
Each user must have a valid need to know for all information they will have access to on the system

Answer 456

A

Some users do not have a valid security clearance for all information processed by the system. Thus, access is controlled by whether the subject’s clearance level dominates the object’s sensitivity label.
Each user must have access approval for all information they will have access to on the system.
Each user must have a valid need to know for all information they will have access to on the system

Answer 457

A

User mode, Privileged Mode

Answer 458

A

is the basic mode used by the CPU when executing user applications

Answer 459

A

Privileged mode
Supervisory mode
system mode
kernel mode
Ring 0

Answer 460

A

Programmable Read-Only Memory

content’s are “burned in” by the end user. Once “burned in” no further changes are possible

Answer 461

A

Erasable Programmable Read-Only Memory

UVEPROM - uses ultra violet light to erase memory
EEPROM - uses electric voltages delivered to pins of the chip to force erasure Electronically Erasable PROM

Answer 462

A

Nonvolatile form of EEPROM. EEPROM must be fully erased before writing whereas Flash can be erased and written in blocks or pages.

Answer 463

A

Static Ram - fastest (Cache and Registers), uses flip-flops. Maintains the contents unaltered as long as power is supplied and imposes no CPU overhead for periodic refresh operations

Answer 464

A

Dynamic Ram - less expensive than SRAM because capacitors are cheaper than flip-flops. System must keep writing to DRAM or contents will change.

Answer 465

A

how the cpu access Register memory locations

Answer 466

A

not a memory addressing scheme but a way of referring to data that is supplied to the CPU as part of an instruction.

Answer 467

A

CPU is provided with an actual address of the memory location to access

Answer 468

A

Memory address supplied to the CPU as part of the instruction doesn’t contain the actual value that the CPU is to use as an operand. CPU reads the provided address to learn the direct address of where the data resides and then retrieves the actual operand from that address

Answer 469

A

uses a value stored in one of the CPU’s registers as the base location from which to begin counting. Cpu then adds the offset supplied with the instruction to that base address and retrieves the operand from that computed memory location

Answer 470

A

CDs are random (you can skip around), Tape is Sequential you must read all the contents to get to the part you need.

Answer 471

A

Microcode

software stored in a ROm chip

Answer 472

A

basic input/output system - independent primitive instructions that a computer needs to start up and load the operating system from disk.
Unified extensible firmware interface - more advanced interface between hardware and the operating system

Answer 473

A

Code objects that are sent from a server to a client to perform actions

Answer 474

A

code objects sent from a user’s system to query and process data stored on a remote system

Answer 475

A

Anything that is temporarily stored on the client for future reuse.

Answer 476

A

It ensures that data existing at one level of security is not visible to processes running at different security levels.

Answer 477

A

Prevents unauthorized data access. Requirement in a multilevel security mode system
Protects the integrity of processes

Answer 478

A

Service oriented architecture

constructs new applications or functions out of existing but separate and distinct software services

Answer 479

A

outlines the security needs of your organization and emphasizes methods or mechanisms to employ to provide security.

Answer 480

A

Cost, Location, and size are important

Answer 481

A

Mean time to failure or Mean time to repair

Answer 482

A

Mean time between failures

Answer 483

A

Premises wire distribution room and intermediate distribution facilities (IDF)

Answer 484

A

Demarcation point

entrance point to the building where the cable from the provider connects the internal cable plant.

Answer 485

A

main wiring closet for the building, often connected to or adjacent to the entrance facility

Answer 486

A

provides wired connections between the equipment room and the telecommunications rooms, including cross-floor connections.

Answer 487

A

wiring closet- serves the connection needs of a floor or a section of a large building by providing space for networking equipment and cabling systems.serves as the interconnection point between the backbone distribution system and the horizontal distribution system.

Answer 488

A

provides the connection between the telecommunication room and work areas, often including cabling, cross-connection blocks, patch panel, and supporting hardware infrastructure.

Answer 489

A

Located at the core of the building

1-hour minimum fire rating.

Answer 490

A

identity token containing integrated circuits (ICs)
Processor IC card
IC card with an ISO 7816 interface
viewed as a complete security solution but should not be considered complete by themselves.

Answer 491

A

using someone else’s security ID to gain entry into a facility.

Answer 492

A

Following someone through a secured gate or doorway without being identified or authorized personally

Answer 493

A

simply the implementation of either a Faraday cage or white noise generation or both to protect a specific area in an environment

Answer 494

A

Sensitive Compartmented Information Facility

Answer 495

A

60 - 75 degrees (15 to 23 Celsius) humidity between 40 - 60

Answer 496

A

1 - Incipient Stage - only ionization but no smoke
2 - Smoke Stage - smoke is visible from the point of ignition
3 - flame Stage - can be seen with the naked eye
4 - Heat Stage - fire is considerably further down the timescale to the point where there is an intense heat buildup and everything in the area burns.

Answer 497

A

A - Water, soda acid (dry powder or liquid chemical)
B - CO2, halon, soda acid
C - CO2, halon
D - Dry powder - Oxygen suppression cannot be used on metal fires because burning metal produces its own Oxygen.

Halon replacement and safest HM-200

Answer 498

A

wet pipe - (closed head system) always full of water
dry pipe - contains compressed air. when triggered the air escapes opening a water valve that in turn causes the pipes to fill and discharge water into the environment
deluge system - form of dry pipe that uses larger pipes and therefore delivers a significantly larger volume of water.
Preaction system - combination dry and wet pipe system. dry until the initial stage of a fire are detected then the pipes fill with water. water is release only after the sprinkler head activation triggers are melted by sufficient heat.

Answer 499

A

FM-200
CEA-410
NAF-S-III
FE-13
Argon
Inergen
Aero-K

Answer 500

A

3 to 4 feet - deter causal trespassers
6 to 7 - deter most intruders, except determined ones
8+ with 3 strands of barbed wire - deter even determined intruders

Answer 501

A

Primary purpose of lighting is to discourage casual intruders, trespassers, prowlers, or would-be thieves who would rather perform their misdeeds in the dark.

Should not illuminate the positions of guards, dogs, patrol posts, or other similar security elements.

Answer 502

A

If a facility employs restricted areas to control physical security a mechanism to handle visitors is required

Answer 503

A

can be as simple as a name tag. Badges, identification cards, and security IDs

Answer 504

A

a device that senses movement or sound in a specific area.
infrared - heat-based
Wave pattern - low ultrasonic or high microwave frequency signal into a monitored area
photoelectric - senses changes in visible light levels. Usually deployed in internal rooms that have no windows and are kept dark.
capacitance - senses changes in the electrical or magnetic field surrounding a monitored object.

Answer 505

A

Alarms that trigger deterrents like engaging additional locks, shut doors,

Answer 506

A

trigger repellants like sound (audio siren or bell) and turns on lights

Answer 507

A

Often silent from the intruder/attacker perspective but record data about the incident and notify administrators, security guards, and law enforcement. log files and CCTV tapes

Answer 508

A

Must broadcast an audible (up to 120 decibel) alarm signal that can be easily heard up to 400 feet away.

Answer 509

A

Silent locally, but offsite monitoring agents are modified so they can respond to the security breach

Answer 510

A

can be added to either local or centralized alarm systems. when triggered emergency services are notified to respond to the incident and arrive at the location.

Answer 511

A

Please do not throw sausage pizza away

Physical - Data (LLC and MAC) - Network - Transport - Session - Presentation - Application

Answer 512

A

Bits - Frame - Packet - Segment (TCP)/Datagram (UDP) - Protocol data unit - Protocol data unit - Protocol data unit

Big - fat - pricks - should/die - Protocol

Answer 513

A

EIA/TIA-232 / EIA/TIA-449
X.21
High-Speed serial Interface (HSSI)
Synchronous Optical Networking (SONET)
V.24 and V.35

Answer 514

A

Serial Line Internet protocol (SLIP)
Point-to-Point Protocol (PPP)
Address Resolution Protocol (ARP)
Layer 2 Forwarding (L2F)
Layer 2 Tunneling Protocol (L2TP)
Point-to-Point Tunneling Protocol (PPTP)
Integrated Services Digital network (ISDN)

Answer 515

A

Internet control Message Protocol (ICMP) - protocol number 1
Routing Information Protocol (RIP)
Open Shortest Path First (OSPF)
Border Gateway Protocol (BGP)
Internet Group management Protocol (IGMP)
Internet Protocol (IP)
Internet Protocol Security (IPSec)
Internetwork Packet Exchange (IPX)
Network Address Translation (NAT)
Simple Key Management for Internet Protocols (SKIP)

Answer 516

A

Routing Information Protocol - Distance # of Hops

Answer 517

A

Open Shortest Path First - Link state - speed

Answer 518

A

Transmission Control Protocol (TCP)
User Datagram Protocol (UDP)
Sequenced Packet Exchange (SPX)
Secure Sockets Layer (SSL)
Transport Lyer Security (TLS)

Answer 519

A

Network File system (NFS)
Structured Query Language (SQL)
Remote Procedure Call (RPC)

Simplex - One-way communication
Half-Duplex - Two-way but only one direction can send data at a time
Full-Duplex - 2-way which data can be sent in both directions simultaneously

Answer 520

A

American Standard Code for Information Interchange (ASCII)
Extended Binary-Coded Decimal Interchange Mode (EBCDICM)
Tagged Image File Format (TIFF)
Joint Photographic Experts Group (JPEG)
Moving Picture Experts Group (MPEG)

Answer 521

A

HTTP - FTP - LPD Line Print Daemon - SMTP - Telnet - TFTP - Electronic Data Interchange (EDI) - Post Office Protocol version 3 (POP3) - IMAP - SNMP - NNTP - Secure Remote Procedure Call (S-RPC) - Secure Electronic Transaction (SET)

Answer 522

A

Link - Internet - Transport - Application

LITA

Answer 523

A

FUP
FIN - Finish
URG - Urgent
PSH - Push

Answer 524

A

Class First binary digits Decimal
A 0 1-126
B 10 128-191
C 110 192-223
D 1110 224-239
E 1111 240-255

Answer 525

A

255.0.0.0 = /8
255.255.0.0 = /16
255.255.255.0 = /24
number of address 2^N - 2

Answer 526

A

File Transfer Protocol (FTP) - TCP 20/21
Telnet - TCP 22
SSH - TCP 22
Simple Mail Transfer Protocol (SMTP) - TCP 25
DNS - TCP 53
Dynamic Host Configuration Protocol (DHCP) - UDP 67 and 68
Trivial File Transfer Protocol (TFTP) - UDP 69
Hypertext Transfer Protocol (HTTP) - TCP 80
Post Office Protocol (POP3) - TCP 110
NTP - TCP 123
Windows File Sharing - TCP 135, 137-139, 445
Internet Message Access Protocol (IMAP) - TCP 143
Simple Network Management Protocol (SNMP) - UDP 161, 162 (for Trap Messages)
Secure Sockets Layer (SSL)/TLS - TCP 443
Line Print Daemon (LPD) - TCP 515
Microsoft SQL - TCP 1433/1434
Oracle - TCP 1521
H.323 - TCP 1720
PPTP - TCP 1723
Remote Authentication Dial-In User Service (RADIUS)
UDP 1812
Network File system (NFS) - TCP 2049
RDP - TCP 3389
X Window - TCP 6000-6063
HP jetDirect Printing 9100

Answer 527

A

A and AAAA - Address record - links FQDN to IPv4 (A) and IPv6 (AAAA)
PTR - Pointer Record - Links IP address to FQDN reverse lookups
CNAME - Canonical Name - Links FQDN alias to another FQND
MX - Mail exchange - Links a mail and messaging-related FQDN to an IP address
NS - Name server record - Designates the FQDN and IP address of an authorized name server
SOA - Start of authority record - Specifies authoritative information about the zone file, such as primary name server, serial number, time-outs, and refresh intervals

Answer 528

A

.com, .net, .mil, …

Answer 529

A

google, yahoo, cnn, msn

Answer 530

A

Domain Name System security Extensions
Security improvement to the existing DNS infrastructure which provides reliable authentication between devices during DNS operations.

Answer 531

A

The act of falsifying the DNS information used by a client to reach a desired system. attacking the DNS server and placing incorrect information into its zone file which causes the real DNS to send false data back to clients

Answer 532

A

DNS spoofing or DNS pharming

can listen in on network traffic for any DNS query or specific DNS queries related to a target site.

Answer 533

A

Domain theft
changing the registration of a domain name without the authorization of the valid owner.
Stealing the owner’s logon credentials, using XSRF, hijacking a session, using MitM, or exploiting a flaw in the domain registrar’s system

Answer 534

A

merging of specialty or proprietary protocols with standard protocols, such as those from the TCP/IP suite

Answer 535

A

Fiber Channel over Ethernet
network data-storage solution (SAN) or network-attached storage (NAS) that allows for high-speed file transfers upward to 128Gbps

Answer 536

A

Multiprotocol Label Switching
high-throughput high-performance network technology that directs data across a network based on short path labels rather than longer network addresses. saves significant time over traditional IP-based routing processes, which can be quite complex.
T1/E1, ATM, Frame Relay, SONET, DSL

Answer 537

A

Internet Small Computer System Interface
network storage standard based on IP. can be used to enable location-independent file storage, transmission, and retrieval over LAN, WAN, or public internet connections. Low cost alternative to Fiber Channel

Answer 538

A

Software-Defined Networking
separating the infrastructure layer form the control layer
network design that is directly programmable from a central location, is flexible, is vendor neutral, and is open-standards based.

Answer 539

A

Content distribution network or Content delivery network
collection of resource services deployed in numerous data centers across the internet in order to provide low latency, high performance, and high availability of the hosted content

Answer 540

A

IEEE standard for wireless network communications

Answer 541

A

Amendment Speed Frequency

11 2 Mbps 2.4 GHz
11a 54 Mbps 5 GHz
11b 11 Mbps 2.4 GHz
11g 54 Mbps 2.4 GHz
11n 200+ Mbps 2.4 & 5 GHz
11ac 1 Gbps 5 GHz

Answer 542

A

wireless access points when deploying

Answer 543

A

2 wireless devices when no AP is available (wireless device to device)

Answer 544

A

extended service set identifier
All AP should use the same so clients can roam the area while maintaining network connectivity.
extended APs

Answer 545

A

uses MAC addresses

Answer 546

A

process of investigating the presence, strength, and reach of wireless AP deployed in an environment

Answer 547

A

Open system authentication

There is no real authentication required. transmitts everything in clear text.

Answer 548

A

Shared key authentication

some form of authentication must take place before network communications can occur.

Answer 549

A

Wired Equivalent Privacy

RC4

Answer 550

A

Wi-Fi Protected Access

based on LEAP and Temporal Key Integrity Protocol (TKIP)

Answer 551

A

802.11i

Counter Mode Cipher Block Chaining Message Authentication Code Protocol (CCMP) which is based on AES

Answer 552

A

enterprise authentication. standard port based network access control that ensures that client cannot communicate with a resource until proper authentication has taken place.
EAP - Extensible Authentication Protocol
is an authentication framework

Answer 553

A

Lightweight Extensible Authentication Protocol

Cisco proprietary alternative to TKIP for WPA

Answer 554

A

Protected Extensible Authentication Protocol

Encapsulates EAP methods within a TLS tunnel that provides authentication and potentially encryption

Answer 555

A

LEAP
PEAP
EAP-TTLS
EAP-TLS

Answer 556

A

Counter Mode with Cipher Block Chaining Message Authentication Code Protocol
created to replace WEP and TKIP/WPA. Uses AES with 128-bit key. Is the preferred standard security protocol for wireless.

Answer 557

A

authentication technique that redirects a newly connected wireless web client to a portal access control page
Hotel/Restaurants redirect for agreement

Answer 558

A

retransmission of captured communications in the hope of gaining access to the targeted system.
Mitigated by keeping the firmware of teh base station updated as well as operating a wireless-focused network intrusion detection system (NIDS) W-IDS or W-NIDS

Answer 559

A

initialization vector

A mathematical cryptographic term for a random number

Answer 560

A

Commonly discovered during a site survey
Mitigation - be aware of the correct and valid SSID. monitor the wireless signals for abuses such as newly appearing WAPs

Answer 561

A

attack in which a hacker operates a flse access point that will automatically cole, or twin, the identity of an access point based on a client device’s request to connect.

Answer 562

A

Network Access Control

concept of controlling access to an environment through strict adherence to and implementation of security policy.

Answer 563

A

are essential tools in managing and controlling network traffic

Answer 564

A

a private network

Answer 565

A

a cross between the internet and an intranet

Answer 566

A

first-generation firewalls - basic
filters traffic by examining data from a message header
fooled with spoofed packets
filters based on IP addresses, ports and some protocols ICMP (1), ESP (50), AH (51)…

Answer 567

A

Second generation
Proxy firewall or second-generation
Slow as they must examine each packet
Operates at layer 7
filters traffic based on the internet service used to transmit or receive the data. Each application must have its own unique proxy server therefore the firewall comprises numerous individual proxy servers.

Answer 568

A

second generation
establish communication sessions between trusted partners.
OSI layer 5 (session)

Answer 569

A

third generation
OSI 3 and 4
Dynamic packet filtering firewalls
evaluate the state or the context of the network traffic (source and destination addresses, application usage, source of origin, and relationship between current packets and the previous packets of the same session.

Answer 570

A

DPI - complete packet inspection and information extraction (IX)
filtering mechanism that operates typically at the application layer in order to filter the payload contents of a communication rather than only on the header values.
Often integrated with application layer firewalls and stateful inspection firewalls.

Answer 571

A

Multifunction device (MFD) composed of several security features in addition to a firewall
IDS, IPS, TLS/SSL proxy, web filtering, QoS management, bandwidth throttling, NATing, VPN anchoring, and antivirus

Answer 572

A

computer or appliance that is exposed on the internet and has been hardened by removing all unnecessary elements, such as services, program, protocols, and ports

Answer 573

A

firewall-protected system logically positioned just inside a private network. All inbound traffic is routed to the screened host and acts a a proxy.

Answer 574

A

Repeaters, Concentrators, Amplifiers, and Hubs

Answer 575

A

Bridges, Switches, Brouters (2 and 3)

Answer 576

A

Routers and Brouters (layers 2 and 3)

RIP, OSPF, BGP

Answer 577

A

remote access, mutilayer switch used to connect distant networks over WAN links

Answer 578

A

communication occurs over multiple frequencies at the same time

Answer 579

A

Frequency Hopping Spread Spectrum
transmits data in a series while constantly changing the frequency in use. entire range of available frequencies is employed, but only one frequency is used at a time

Answer 580

A

Direct Sequence Spread Spectrum
employs all the available frequencies simultaneously in parallel. Uses chipping code which allows a receiver to reconstruct data even if parts were distorted because of interference and works similar to RAID-5.

Answer 581

A

Orthogonal Frequency-Division Multiplexing
employs a digital multicarrier modulation scheme that allows for a more tightly compacted transmission. modulated signals are perpendicular (orthogonal) and therefore do not cause interference with each other. Smaller frequency set but greater data throughput.

Answer 582

A

802.15 - personal area networks (PAN)

Answer 583

A

allows an attacker to transmit Short Message Service (SMS)-like messages to your device

Answer 584

A

allows hackers to connect with your Bluetooth devices without your knowledge and extract information from them.

Answer 585

A

attack that grants hackers remote control over the feature and functions of a Bluetooth device

Answer 586

A

Radio Frequency Identification - Asset tracking

Answer 587

A

Near-field communication

Answer 588

A

Fiber Distributed Data Interface
Dual token ring - high-speed token-passing
traffic flowing in opposite directions

Answer 589

A

IEEE Ethernet standard

Answer 590

A

single sign-on (SSO)
Managing Identity and Authentication
symmetric-key

KDC - key distribution Center
Kerberos Authentication Server
TGS - ticket-granting service
AS - Authentication service
TGT - ticket-granting-ticket
ticket

Answer 591

A

Secure Remote Procedure Call

Authentication service and is simply a means to prevent unauthorized execution of code on remote systems

Answer 592

A

IPsec
Kerberos
SSH
Signal Protocol
S-RPC
SSL
TLS

Answer 593

A

CHAP
PAP
EAP

Answer 594

A

Challenge Handshake Authentication Protocol
used over Point-to-Point (PPP) links.uses a challenge-response dialogue that cannot be replayed. periodically reauthenticates the remote system throughout an established communication session to verify a persistent identity of the remote client

Answer 595

A

Password Authentication Protocol
standardized authentication protocol for PPP.
transmit username and passwords in cleartext. no form of encryption; simply provides a means to transport the logon credentials from the client to the authentication server.

Answer 596

A

Extensible Authentication Protocol
Framework for authentication instead of an actual protocol. customized authentication security solutions such as supporting smart cards, token, and biometrics.

Answer 597

A

Private branch exchange - basic phone service

Answer 598

A

Plain old Telephone system / public switched telephone network - basic phone services

Answer 599

A

Voice over IP

Caller ID can be falsified resulting in vishing (VoIP phishing) or Spam over Internet Telephony (SPIT)

Answer 600

A

Secure Real-Time Transport Protocol or Secure RTP

minimize the risk of VoIP DoS through robust encryption and reliable authentication

Answer 601

A

initial client connection is disconnected, and a person or party would call the client on a predetermined number that would usually be stored in a corporate directory in order to verify the identity of the client.

Answer 602

A

hackers that abuse phone systems. gain access to voice mailboxes, redirect messages, block access, and redirect inbound and outbound calls.

Answer 603

A

Direct Inward System Access

help manage external access and external control of a PBX by assigning access codes to users.

Answer 604

A

used to manipulate line voltages to steal long-distance services

Answer 605

A

used to simulate tones of coins being deposited into a pay phone

Answer 606

A

used to simulate 2600 Hz tones to interact directly with telephone network trunk systems

Answer 607

A

used to control the phone system. is a dual-tone multifrequency (DTMF) generator.

Answer 608

A

use of various multimedia-supporting communication solution to enhance distance collaboration

Answer 609

A

Simple Mail Transfer Protocol
accepts messages from clients, transport those messages to other servers, and deposit them into a user’s server-based inbox (server to server, client to server but not server to client)

Answer 610

A

Post Office Protocol version 3 / Internet Message Access Protocol
Clients retrieve email from their server-based inboxes.

Answer 611

A

standard for email addressing and message handling

Answer 612

A

Secure Multipurpose Internet Mail Extensions
Most secure
Authentication is provided through X.509 digital certificates. Privacy through Public Key Cryptography Standard (PKCS) encryption and 2 types of messages can be formed: signed messages and secured enveloped messages

Answer 613

A

one of 2 types of messages provided by S/MIME

integrity, sender authentication, and nonrepudiation

Answer 614

A

integrity, sender authentication, and confidentiality

Answer 615

A

will attempt to set up an encrypted connection with every other email server in the event that it is supported. otherwise it will downgrade to plaintext

Answer 616

A

Sender Policy Framework

checking that inbound messages originate from a host quthorized to send messages by the owners of the SMTP origin domain

Answer 617

A

use a modem to dial up directly to a remote access sever
Connecting to a network over the internet through a VPN
Connecting to a terminal server system through a thin-client connection
connecting to an office-located personal computer using a remote desktop service
using cloud-based desktop solution

Answer 618

A

network communications process that protects the contents of protocol packets by encapsulating them in packets of another protocol. Encapsulation is what creates the logical illusion of a communications tunnel over the untrusted intermediary network.
Problems with - It is generally inefficient means of communicating because most protocols include their own error detection, error handling, acknowledgment, and session management features, so using more than one protocol at a time compounds the overhead required to communicate a single message.

Answer 619

A

Point-to-Point Tunneling Protocol
MS-CHAP Microsoft CHAP
CHAP
PAP
EAP
Shiva Password Authentication Protocol (SPAP)

Answer 620

A

Layer 2 Tunneling Protocol

derived by combining elements from both PPTP and L2F (Layer 2 Forwarding Protocol which is a cisco developed VPN)

Answer 621

A

when software within a guest OS is able to breach the isolation protection provided by the hypervisor in order to violate the container of other guest OSs or to infiltrate a host OS.

Answer 622

A

Class A 10.0.0.0 - 10.255.255.255
Class B 172.16.0.0 - 17.31.255.255
Class C 192.168.0.0 - 192.168.255.255

Answer 623

A

Automatic Private IP Addressing

Link-local address assignment RFC 3927

Answer 624

A

127.x.x.x normally seen as 127.0.0.1 but any of the 127 address are loopbacks

Answer 625

A

Telephone - all data travels down the same path

Constant traffic, Fixed known delays, Connection oriented, Sensitive to connection loss, used primarily for voice

Answer 626

A

data can travel different paths

Bursty traffic, Variable delays, connectionless, Sensitive to data loss, Used for any type of traffic

Answer 627

A

also called Communication path is a logical pathway ot circuit created over a packet-switched network between 2 specific endpoints

Answer 628

A

Permanent Virtual Circuits - always on

Answer 629

A

Switch Virtual Circuits - like dial-up because a virtual circuit has to be created using the best paths currently available before it can be used and then disassembled after the transmission is complete

Answer 630

A

also called leased line or point-to-point link
Digital Signal Level 0 (DS-0) - Partial T1 64Kbps to 1.544Mbps
DS-1 - T1 - 1.544 Mbps
DS-3 - T3 - 44.736 Mbps
European digital transmission format 1 - E1 - 2.108 Mbps
European digital transmission format 3 - E3 - 34.368 Mbps
Cable modem or cable routers - 10+ Mbps

Answer 631

A

WAN Connection packet-switching technology used in Europe uses PVCs. OLD

Answer 632

A

packet-switching PVCs unlike X.25 upports multiple PVCs over a single WAN carrier service connection
layer 2

Answer 633

A

Asynchronous transfer mode
Cell-switching
WAN communication technology, as opposed to a packet-switching technology like fram relay

Answer 634

A

Switched Multimegabit Data Service

connectionless packet-switching techonlogy. used to connect multiple LANs to form a metropolitan area network

Answer 635

A

Synchronous Digital Hierarchy and Synchronous Optical Network
Fiber-optic high-speed network standards
SDH - International Telecommunications Union (ITU)
SONET - American National Standards

hardware or physical layer standards defining infrastructure and line speed requirements
both support mesh and ring topoligies

Answer 636

A

Synchronous Data Link Control

dedicated leased lines to provide connectivity for mainframes

Answer 637

A

High-level data link control
refined version of SDLC designed specifically for serial synchronous connections. Full-duplex, supports PPP and multipoint connections. Polling and operates a OSI Layer 2 offers flow control and includes error detection and correction

Answer 638

A

High Speed Serial Interface
DTE/DCE interface standard that defines how multiplexors and routers connect to high-speed network carrier services such as ATM or Frame Relay

Answer 639

A

also call a hash total

Answer 640

A

exists between a high-security area and low-security one such as between a LAN and the internet, physical environment and logical
Important to state in security policy the point at which control ends or begins

Answer 641

A

Wireshark, NetWitness, T-Sight, Zed Attack Proxy (ZAP) and Cain & Abel

Answer 642

A

occurs when a user is first given an identity

Answer 643

A

Subjects are granted access to objects based on proven identities

Answer 644

A

Users and other subjects can be held accountable for their actions when auditing is implemented

Answer 645

A

Mobile Device Management

use context-aware authentication to identify device users.

Answer 646

A

Admins - 15 length
users - 8
Maximum age - 45 days
Complexity 
History 
Minimum password age - at least 1 day

Answer 647

A

String of characters similar to a password but that has unique meaning to the users.

Answer 648

A

series of challenge questions about facts or predefined responses that only the subject should know.
birthday, maiden name, first boss, first pet, favorite sport

Answer 649

A

focus on the pattern of blood vessels in the back of the eye. Most accurate but reveal medical conditions, high blood pressure and pregnancy

Answer 650

A

focusing on the colored area around the pupil. 2nd most accurate and scans can be done 6 to 12 meters away. can be fooled with a high-quality image of a person’s eye. light glasses, contacts all affect this type of scan.

Answer 651

A

False Rejection Rate - Type I

Answer 652

A

False Acceptance Rate - Type II

Answer 653

A

Crossover error rate or equal error rate

the point where the FRR and FAR percentages are equal or cross.

Answer 654

A

enrollment or biometric factor is sampled and stored in the device’s database.
Also called reference profile or reference template
enrollment time over 2 minutes are unacceptable

Answer 655

A

amount of time the system requires to scan a subject and approve or deny access

Answer 656

A

has a high level of privileges, it is configured with a strong, complex password that is changed more often than regular users

Answer 657

A

convenient for users
increases security as users do not have to remember multiple usernames and passwords
disadvantage once an account is compromised, an attacker gains unrestricted access to all of the authorized resourcesFP

Answer 658

A

is the trusted third party that provides authentication services.

Answer 659

A

hosts the functions of the KDC: TGS and AS

Answer 660

A

Service that grants tickets

Answer 661

A

verifies or rejects the authenticity and timeliness of tickets. Often called the KDC

Answer 662

A

provides proof that a subject has authenticated through a KDC and is authorized to request tickets to access other objects

Answer 663

A

encrypted message that provides proof that a subject is authorized to access an object

Answer 664

A

1 user types username (UN) and password (PW) into client
2 client encrypts the UN with AES & transmits to KDC
3 KDC verifies UN against a database of known credentials
4 KDC generates a symmetric key used by the client and kerberos server. It encrypts with a hash of the user’s PW. KDC generates an encrypted time-stamped TGT.
5 KDC transmeits the encrypted symmetric key and the encrypted time-stamped TGT to the client
6 client installs the TGT for use until it expires. Client also decrypts the symmetric key using a hash of the user’s PW.

Answer 665

A

used to access objects on the network
1 client sends TGT back to the KDC with a request for access to the resource
2 KDC verifies that the TGT is valid and checks its access control matrix to verify user privileges
3 KDC generates a service ticket and sends it to the client
4 client sends the ticket to the server or service hosting the resource
5 server or service hosting the resource verifies the validity of the ticket with KDC
6 once identity and authorization is verified Kerberos activity is complete

Answer 666

A

Hypertext Markup Language

commonly used to display static web pages used to describe how data is displayed using tags.

Answer 667

A

Extensible Markup Language
actually describing the data and not how to display data
example: exam results passed

Answer 668

A

Security Assertion Markup Language
developed by OASIS designed for exchanging user information for federated identity SSO purposes. based on Directory Service Markup Language (DSML) which can display LDAP-based directory service information in the XML format

Answer 669

A

Extensible Access Control Markup Language
developed by OASIS used to define access control policies within an XML format. Commonly implements policies as an attribute-based access control system can also use role-base access controls. Helps provide assurances to all members in a federation that they are granting the same level of access to different roles.

Answer 670

A

Open authorization
open standard used for access delegation. RFC 6749
given one site permission to access another account.

Answer 671

A

open standard by OpenID Foundation. provides decentralized authentication, allowing users to log into multiple unrelated websites with one set of credentials maintain by a third-party service referred to as an OpenID provider.
example: using google to login into 23 and me

Answer 672

A

authentication layer using the OAuth 2.0 framework. Like OpenID, it is maintained by OpenID Foundation. similar to OpenID but uses JavaScript Object notation (JSON) Web Token or ID token. Can also provide profile information about the user.

Answer 673

A

also known as logon scripts
establish communication links by providing an automated process to transmit logon credentials at the start of a logon session.
Can be used to create a SSO like environment

Answer 674

A

provide a storage space for users to keep their credentials when SSO isn’t available

Answer 675

A

RADIUS, TACACS+, Diameter

Answer 676

A

Remote Authentication Dial-in User Service
centralizes authentication for remote connections
provide Callback
UDP
encrypts only the exchange of the password (does not encrypt the entire session) additional protocols can be used to encrypt the data seesion. RFC 2865

Answer 677

A

Terminal Access Controller Access-Control System
Cisco
advantages over RADIUS - separates authentication, authorization, and accounting into separate processes, which can be hosted on three separate servers if desired. encrypts all the authentication information and not just password. TCP 49 (TACACS & XTACACS UDP 49)

Answer 678

A

enhanced version of RADIUS
IP, Mobile IP, and VoIP
not backwards compatible to RADIUS
TCP 3868 or Stream Control Transmission Protocol (SCTP) port 3868
support IPsec TLS for encryption

Answer 679

A

also known as registration

the process that creates a new identity and establishes the factors the system needs to perform authentication

Answer 680

A

granted to users to create, read, edit, or delete a file on a file server. Similarly, you can grant a user access rights to a file, so in this context, access rights and permission are synonymous.

Answer 681

A

ability to take an action on an object. example user might have the right to modify the system time on a computer or the right to restore backed-up data.

Answer 682

A

combination of rights and permissions. example an administrator for a computer will have full privileges, granting the administrator full rights and permission on the computer. The administrator will be able to perform any action and access any data on the computer.

Answer 683

A

Object focused - is a table that includes subjects, objects and assigned privileges
ACLs are object focused and identify access granted to subjects for any specific object

Answer 684

A

Subject focused - another way to identify privileges assigned to subjects. example capability table created for the accounting role will include a list of all objects that the accounting role can access and will include the specific privileges assigned to the accounting role for these objects.
are subject focused and identify the objects that subjects can access.

Answer 685

A

or restricted interfaces to restrict what users can do or see based on their privileges.

Answer 686

A

restrict access to data based on the content within an object. database view is a content-dependent control. A view retrieves specific columns from one or more tables, creating a virtual table.

Answer 687

A

require specific activity before granting users. example consider the data flow from a transaction selling digital products online. Users and products to a shopping cart and begin the checkout process. the process denies access to the download page if users don’t go through the purchase process first.

Answer 688

A

ensure that subjects are granted access only to what they need to know for their work tasks and job functions.

Answer 689

A

ensures that subjects are granted only the privileges they need to perform their work tasks and job functions.

Answer 690

A

ensures that sensitive functions are split into tasks performed by 2 or more employees.

Answer 691

A

a document that defines the security requirements for an organization

Answer 692

A

Discretionary Access Control

User/Owner - every object has an owner and the owner can grant or deny access

Answer 693

A

Role-Based Access Control

use of Roles/groups

Answer 694

A

or Restrictions/Filters

applies global rules that apply to all subjects

Answer 695

A

Attribute Based Access Control
use of rules that can include multiple attributes. this allows it to be much more flexible than a rule-based access control model that applies the rules to all subjects equal

Answer 696

A

Mandatory Access Control

use of labels applied to both subjects and objects.

Answer 697

A

administrators Centrally administer nondiscretionary access controls and can make changes that affect the entire environment

Answer 698

A

similar to RBAC - each user is assigned an array of tasks.

Answer 699

A

relates various classification labels in an ordered structure from low security to medium security to high security, such as Confidential, Secret, and Top Secret, respectively. Viso Drawings root - …

Answer 700

A

There is no relationship between one security domain and another. each domain represents a sparate isolated compartment

Answer 701

A

combines both hierarchical and compartmentalized concepts so that each hierarchical level may contain numerous subdivisions that are isolated from the rest of the security domain.

Answer 702

A

malicious individuals who are intent on waging an attack against a person or system

Answer 703

A

originally defined as technology enthusiasts with no malicious intent however media now uses the term hacker in place of cracker.

Answer 704

A

To reduce the number of security-related design and coding defects
reduce the severity of any remaining defects

Answer 705

A

Focused on Assets
Focused on Attackers
Focused on Software

Answer 706

A

collecting multiple pieces of nonsensitive information and combining them to learn sensitive information

Answer 707

A

form of phishing targeted to a specific group of users, such as employees within a specific organization

Answer 708

A

variant of phishing that targets senior or high-level executives such as chief executive officers (CEOs)

Answer 709

A

IM & VoIP

Answer 710

A

analyze the information sent to the readers from Smartcards

Answer 711

A

Control Physical Access to System
Control electronic access to files
Create a strong password policy
Hash and salt passwords
use password masking
Deploy multifactor authentication
Use account lockout controls
Use last logon notification
Educate users about security -> best to improve security

Answer 712

A

Security tests
Security assessments
Security audits

Answer 713

A

Verify that a control is functioning properly

Availability of security testing resources
Criticality of the systems and applications protected by the tested controls
Sensitivity of information contained on tested systems and applications
Likelihood of a technical failure of the mechanism implementing the control
Likelihood of a misconfiguration of the control that would jeopardize security
Risk that the system will come under attack
Rate of change of the control configuration
Other changes in the technical environment that may affect the control performance
Difficulty and time required to perform a control test
Impact of the test on normal business operations

Answer 714

A

comprehensive reviews of the security of a system, application, or other tested environment

Answer 715

A

Framework for security assessments and privacy controls in Federal information systems and organizations.

Answer 716

A

similar to Security assessments but must be preformed by independent auditors

Answer 717

A

are performed by an organization’s internal audit staff and are typically intended for internal audiences

Answer 718

A

Performed by an outside auditing firm
top 4
- Ernst &amp; Young
- Deloitte &amp; Touche
- PricewaterhouseCoopers
- KPMG

Answer 719

A

conducted by, or on behalf of, another organization. For example, a regulatory body might have the authority to initiate an audit of a regulated firm under contract or law

Answer 720

A

Statement on Standards for Attestation Engagements document 16

Answer 721

A

SSAE 16 Type I report
description of the controls provided by the audited organization as well as the auditor’s opinion based upon the description. cover a single point in time and do not involve actual testing of the controls by the auditor
- simply take the service organization at their word that controls are implemented as described.

Answer 722

A

SSAE 16 Type 2 report
minimum 6-month time period and include an opinion from the auditor on the effectiveness of these controls based upon actual testing performed by the auditor.
- considered much more reliable than Type I because they include independent testing of controls.

Answer 723

A

Control Objectives for Information and related Technologies

Business and IT working together
Framework for conducting audits and assessments
Describes the common requirements that organizations should have in place surrounding their information systems.

Answer 724

A

Security content Automation Protocol
- common framework for discussion and also facilitates the automation of interactions between different security systems. components: CVE, CVSS, CCE, CPE, XCCDF, OVAL

Answer 725

A

Common vulnerabilities and Exposures

naming system for describing security vulnerabilities

Answer 726

A

Common Vulnerability Scoring system

standardized scoring system for describing the severity of security vulnerabilities

Answer 727

A

Common Platform Enumeration

naming system for operating systems, applications, and devices.

Answer 728

A

Extensible Configuration Checklist Description Format

a language for specifying security checklists

Answer 729

A

Open Vulnerability and Assessment Language

language for describing security testing procedures

Answer 730

A

Also known as half-open scanning

sends a single packet to each scanned port with the SYN flag set. if system response with SYN/ACK flags set port is open

Answer 731

A

Opens a full connections to the remote system. used when the user running the scan does not have permissions to run a half-open scan.

Answer 732

A

Sends a packet with the ACK flag set, indicating that it is part of an open connection. Test the firewall rules and firewall methodology

Answer 733

A

Sends a packet with the FIN, PSH, and URG flags set.

Answer 734

A

port is open and an application is actively accepting connections on the port.

Answer 735

A

port is accessible, meaning firewall is allowing access, but there is no application accepting connections on that port

Answer 736

A

nmap is unable to determine whether a port is open or closed because a firewall is interfering with the connection attempt.

Answer 737

A

The number of V’s indicate how detailed the report is. -VVV is the most detailed.

Answer 738

A

special purpose tools that scour web applications for known vulnerabilities
When you should scan:
- Scan all applications when you begin performing web vulnerability scanning for the first time. will detect issues with legacy applications
- Scan any new application before moving in tinto a production environment for first time
- Scan any modified application before the code changes move into production
- scan all applications on a recurring basis. Limited resources may require scheduling these scans based on the priority of the application.

Answer 739

A

1 Detection - initial identification of a vulnerability normally takes place as the result of a vulnerability scan
2 Validation - after detection an administrator should confirm the vulnerability to determine that it is not a false positive report
3 Remediation - validated vulnerabilities should then be remediated

Answer 740

A

Planning - agreement upon the scope and rules.
Information gathering and discovery - manual/automated tools to collect information about the target environment
Vulnerability scanning - probes for system weaknesses using network, web, and database vulnerability scans
Exploitation - manual/automated exploit tools to attempt to defeat system security
Reporting - summarizes the results of the penetration testing and makes recommendations for improvements to system security

Please Ice Very Exposed Rice

Answer 741

A

or peer review
foundation of software assessment programs. Developers other than the one who wrote the code review it for defects
1 Planning
2 Overview
3 Preparation
4 Inspection
5 Rework
6 Follow-up

Plan Our Pre Inspection Review Follow-up

Answer 742

A

evaluates the security of software without running it by analyzing either the source code or the complied application.

Answer 743

A

evaluates the security of software in a running environment and is often the only option for organizations deploying applications written by someone else

Answer 744

A

specialized dynamic testing technique that provides many different types of input to software to stress its limits and find previously undetected flaws

Answer 745

A

takes previous input values from actual operation of the software and manipulates (or mutates) it to create fuzzed input

Answer 746

A

develops data models and creates new fuzzed input based on an understanding of the types of data used by the program.

Answer 747

A

developers work on different parts of a complex application that must function together to meet business objectives.
3 types
- Application Programming Interfaces (APIs)
- User Interfaces (UIs)
- Physical Interfaces

Answer 748

A

Application Programming Interfaces
offer a standardized way for code modules to interact and may be exposed to the outside world through web services. Developers must test APIs to ensure that they enforce all security requirements.

Answer 749

A

User Interfaces

GUIs, and command-line. provide end users with the ability to interact with the software

Answer 750

A

exist in some spplications that manipulate machinery, logic controllers, or other objects in the physical world

Answer 751

A

or Abuse case testing

evaluate the vulnerability of their software to users intentionally misusing the software.

Answer 752

A

estimate the degree of testing conducted against the new software
formula or equation
test coverage = (Number of use cases tested) / (Total number of use cases)

Answer 753

A

Branch coverage - every if statement been executed under all if and else conditions
Condition coverage - logical test in the code been executed under all sets of inputs
Function coverage - every function in the code been called and returned results.
Loop coverage - every loop in the code been executed under conditions that cause code execution multiple times, only once, and not at all?
Statement coverage - every line of code been executed during the test

Answer 754

A

real-world monitoring / Real user monitoring (RUM)

just watching the network with tools.

Answer 755

A

or Active monitoring (stress testing)

perform artificial transactions against a website to assess performance

Answer 756

A

Security information and event management
Collects data from many sources within the network. It provides real-time monitoring of traffic and analysis and notification of potential attacks. It also provides long-term storage of data, allowing security professionals to analyze the data.

Answer 757

A

Key Performance and Risk Indicators

number of open vulnerabilities
time to resolve vulnerabilities
vulnerability/defect recurrence
Number of compromised accounts
Number of software flaws detected in preproduction scanning
Repeat audit findings
User attempts to visit known malicious sites

Answer 758

A

amount of privileges granted to users, typically when first provisioning an account

Answer 759

A

in context of least privilege, aggregation refers to the amount of privileges that users collect over time

Answer 760

A

trust relationship between 2 security domains allow subjects in one domain (named primary) to access objects in the other domain (named training).

Answer 761

A

ensures that no single person has total control over a critical function or system

Answer 762

A

builds on principle of least privilege and applies it to applications and processes. requires the use of granular rights and permissions

Answer 763

A

is similar to a separation of duties and responsibilities policy, but it also combines the principle of least privilege

Answer 764

A

Sarbanes-Oxley Act of 2002
Stocks - public companies that have registered equity or debt securities with the Securities and Exchange Commission (SEC)

Answer 765

A

or the two-man rule

requires the approval of 2 individuals for critical task

Answer 766

A

Destruction or Purging

Answer 767

A

Choose your own device

Answer 768

A

Request the Change 
Review the change
Approve/reject the change
Test the change
Schedule and implement the change
Document the change

Answer 769

A

identify desired changes and request

Answer 770

A

Experts from several different areas within the organization review. they may approve or reject or may require approval at a formal change review board after extensive testing.

Answer 771

A

Based on review experts approve or reject. They also record the response in the change management documentation

Answer 772

A

If approved it should be tested, preferable on a non-production server.

Answer 773

A

change is schedule so that it can be implemented with the least impact on the system and the customers.

Answer 774

A

ensure that all interested parties are aware of it and change the configuration management documentation.

Answer 775

A

1.0 –> 1.1 minor update 1.1 –> 2.0 major update 1.1 –> 1.1.1 patches

Answer 776

A

identifying vulnerabilities, evaluating them, taking steps to mitigate risks associated with them

Answer 777

A

any event that has a negative effect on the confidentiality, integrity, or availability of an organization’s assets. ITILv3 - “an unplanned interruption to an IT Service or a reduction in the quality of an IT Service”

Any attempted network intrusion
Any attempted denial-of-service attack
Any detection of malicious software
any unauthorized access of data
any violation of security policies

Answer 778

A

DR MRRRL

Detection - Response - Mitigation - Reporting - Recovery - Remediation - Lessons Learned

Answer 779

A

also determine if it is a security incident.

IDS
Anti-malware software
audit logs
end users

Answer 780

A

activate the incident response team (or CIRT - Computer incident response team)

Answer 781

A

steps that attempt to contain an incident

primary goal of an incident response team is to limit the effect or scope of an incident.

Answer 782

A

report the incident within the organization and to organizations and individuals outside the organization

Answer 783

A

after investigators collect all appropriate evidence form a system, the next step is to recover the system, or return it to a fully functioning state.

Answer 784

A

Personnel look at the incident and attempt to identify what allowed it to occur, and then implement methods to prevent it from happening again

Answer 785

A

Personnel examine the incident and the response to see if there are any lessons to be learned.

Answer 786

A

Educating users is extremely important as a countermeasure against botnet infections.

Answer 787

A

Disrupts the standard 3-way hand-shake used by Transmission Control Protocol (TCP). Attacks sends multiple SYN packets but never complete the connection with an ACK.

Answer 788

A

floods victim with ICMP echo packets. It is a spoofed broadcast ping request using the IP address of the victim as the source IP address.

Answer 789

A

similar to smurf but uses UDP over ports 7 and 19. Broadcast a UDP packet using the spoofed IP address of the victim. All systems on the network will then send traffic to the victim, just as with a smurf attack.

Answer 790

A

floods a victim with ping request. effective when launched by zombies within a botnet.

Answer 791

A

employs an oversize ping packet.
Ping packets are normally 32 or 64 bytes. Ping of Death uses a ping packet over 64KB which is bigger than many system could handle.

Answer 792

A

attacker fragments traffic in such a way that a system is unable to put data packets back together. When a system tries to put fragments back together they cannot.

Answer 793

A

attacker sends spoofed SYN packets to a victim using the victim’s IP address as both the source and destination IP address. tricks the system into constantly replying to itself and can cause it to freeze, crash, or reboot.

Answer 794

A

refers to an attack on a system exploiting a vulnerability that is unknown to others.

Answer 795

A

is any script or program that performs and unwanted, unauthorized, or unknown activity on a computer system

Answer 796

A

is a criminal act of destruction or disruption committed against an organization by an employee.

Answer 797

A

malicious act of gathering proprietary, secret, private, sensitive, or confidential information about an organization.

Answer 798

A

or signature-based, pattern-matching

uses a database of known attacks developed by the IDS vendor

Answer 799

A

or statistical, anomaly, heuristics
starts by creating a baseline of normal activities and events on the system. it then compares day to day activity against the baseline.

Answer 800

A

Notifications send to admins via email, text, pager, or pop-up windows. alerts can generate a report detailing the activity.

Answer 801

A

can modify the nevironment using sereral different methods. Modifying ACLs to block traffic and can even disable all communications over specific cable segments. Similar to an IPS

Answer 802

A

detects TLS/SSL traffic, takes steps to decrypt it and sends the decypted traffic to an IDS/IPS for inspection.
The decryptor detects and intercepts a TLS handshake between an internal client and an internet server. It then establishes 2 HTTPS sessions one between the internal client and decryptor the 2 between the TLS decryptor and the internet server.

Answer 803

A

Similar to an active response IDS system but is placed in line with the traffic so that all traffic must pass through the IPS and the IPS can choose what traffic to forward and what traffic to block. Also known as an IDPS.

Answer 804

A

Is legal - it the intruder discovers honeypot on their own through no outward efforts of the owner

Answer 805

A

Is illegal - in connection with a honeypot occurs when the honeypot owner actively solicits visitors to access the site and then charges them with unauthorized intrusion

Answer 806

A

are false vulnerabilities or apparent loopholes intentionally implanted in a system in an attempt to tempt attackers. Often used on honeypot systems to emulate well-known operating system vulnerabilities.

Answer 807

A

similar to a honeypot, but it performs intrusion isolation using a different approach, when an IDPS detects an intruder, that intruder is automatically transferred to a padded cell. the cell has the look and feel of an actual network but the attacker is unable to perform any malicious activities or access any confidential data from within the cell. It is a simulated environment that offers fake data to retain an intruder’s interest, similar to a honeypot.

Answer 808

A

inform users and intruders about basic security policy guidelines. include stuff like online activities are audited and monitored, and often provide reminders of restricted activities. important from a legal standpoint because these banners can legally bind users to a permissible set of actions, behaviors, and processes.

Answer 809

A

most important protection against malicious code is anti-malware with up-to-date signature files and heuristic capabilities.

Answer 810

A

Obtaining Permission
Testing Techniques - white box, grey …
Protect Reports
Ethical hacking

Answer 811

A

or data extraction
process of extracting specific elements from a larger collection of data to construct a meaningful representation or summary of the whole.
form of data reduction that allows someone to glean valuable information by looking at only a small sample of data in an audit trail.

Answer 812

A

uses precise mathematical functions to extract meaningful information from a very large volume of data.

Answer 813

A

form of nonstatistical sampling. It selects only events that exceed a clipping level, which is a predefined threshold for the event. The system ignores events until they reach this threshold.

Answer 814

A

the act of recording the keystrokes a user performs on a physical keyboard. Think Banks

Answer 815

A

assurances that after a failure or crash, the system is just as secure as it was before the failure of crash occurred.

Answer 816

A

does not fail in a secure state. administrator is required to manually perform the actions necessary to implement a secured or trusted recovery after a failure or system crash.

Answer 817

A

system is able to perform trusted recovery activities to restore itself against at least one type of failure. Example Hardware RAID.

Answer 818

A

similar to automated recovery however it includes mechanisms to ensure that specific objects are protected to prevent their loss.

Answer 819

A

automatically recover specific functions.

Answer 820

A

variation in latency between different packets

Answer 821

A

time it takes a packet to travel from source to destination

Answer 822

A

when a disaster interrupts your business, your disaster recovery plan should kick in nearly automatically and begin providing support for recovery operations

Answer 823

A

must engineer your disaster recovery plan so that those business units with the highest priority are recovered first.

Answer 824

A

standby facilities large enough to handle the processing load of an organization and equipped with appropriate electrical and environmental support systems.

Answer 825

A

backup facility is maintained in constant working order, with a full complement of server, workstations, and communications links ready to assume primary operations responsibilities

Answer 826

A

They always contain the equipment and data circuits necessary to rapidly establish operations.
12 hours.

Answer 827

A

company that leases computer time

Answer 828

A

or Reciprocal agreements, are popular in disaster recovery literature but are rarely implemented in real-world practice.

difficult to enforce
Cooperating organizations should be located in relatively close proximity to each other to facilitate transportation of employees between sites.
Confidentiality concerns often prevent businesses from placing their data in the hands of others.

Answer 829

A

database backups are moved to a remote site using bulk transfers. if using a vendor for Electronic vaulting insist on a written definition of the service that will be provided, including the storage capacity, bandwidth of the communications link to the electronic vault, and the time necessary to retrieve vaulted data in the event of a disaster.

Answer 830

A

transfer copies of the database transaction logs containing the transactions that occurred since the previous bulk transfer.

Answer 831

A

Most expensive and the most advanced database backup solution. Live database server is maintained at the backup site.

Answer 832

A

executive Summary Providing a high-level overview of the plan
Department-specific plans
Technical guides for IT personnel responsible for implementing and maintaining critical backup systems
Checklists for individuals on the disaster recovery team
Full copies of the plan for critical disaster recovery team members.

Answer 833

A

Virtual tape libraries used in Disk 2 Disk (D2D) backup solutions to make disk storage appear as tapes to backup software.

Answer 834

A

Grandfather-Father-Son (GFS)
Tower of Hanoi Strategy
Six Cartridge Weekly

Answer 835

A

unique tool used to protect a company against the failure of a software developer to provide adequate support for its products or against the possibility that the developer will go out of business and no technical support will be available for the product.

Answer 836

A

should be hired, trained, and prepared to take on the responsibility of address the media in the event of a disaster

Answer 837

A

Read Street Signs partially For Maintenance

Read-Through Test
Structured Walk-through
Simulation Test
Parallel Test
Full-Interruption Test
Maintenance

Answer 838

A

one of the simplest and most critical
distribute copies of disaster recovery plans to the members of the team
ensures key personnel are aware of their responsibilities and have that knowledge refreshed.
provides individuals an opportunity to review the plans for obsolete information and update any items that require modification
helps identify situation in which key personnel have left the company and nobody bothered to reassign their disaster recovery responsibilities

Answer 839

A

or Table-Top exercise

- members gather to role-play a disaster scenario at a conference room table.

Answer 840

A

members are presented with a scenario and asked to develop an appropriate response. some of the responses are then tested which make interrupt noncritical business activities and the use of some operational personnel

Answer 841

A

relocating personnel to the alternate recovery site and implementing site activation procedures. Operations at the main facility are not interrupted.

Answer 842

A

involve actually shutting down operations at the primary site and shifting them to the recovery site. significant risk as they require the operational shutdown of the primary site and transfer to the recovery site followed by the reverse process to restore operations at the primary site.

Answer 843

A

Living document. must adapt the recovery plan to meet those changed needs.

Answer 844

A

internal investigations that examine either operational issues or a violation of the organization’s policies.
Operational investigations have the loosest standards for collection of information

Answer 845

A

typically conducted by law enforcement personnel, investigate the alleged violation of criminal law. Must be beyond a reasonable doubt standard of evidence

Answer 846

A

typically do not involve law enforcement but rather involve internal employees and outside consultants working on behalf of a legal team

Answer 847

A

Government agencies may conduct regulatory investigations when they believe that an individual or corporation has violated administrative law.

Answer 848

A

or eDiscovery

Information Governance - ensures that information is well organized for future eDiscovery efforts
Identification - Locates the information that may be responsive to a discovery request when the organization believes that litigation is likely
Preservation - ensures that potentially discoverable information is protected against alteration or deletion
Collection j- gathers the responsive information centrally for use in the eDiscovery process
Processing - screens that collected information to perform a “rough cut” of irrelevant information, reducing the amount of information requiring detailed screening.
Review - examines the remaining information to determine what information is responsive to the request and removing any information protected by attorney-client privilege
Analysis - Perform deeper inspection of the content and context of remaining information
Production - places the information into a format that may be shared with others.
Presentation - displays the information to witnesses, the court, and other parties.

Answer 849

A

Admissible Evidence - must meet all 3 requirements
- relevant to determining a fact
- material to the case
- competent - it must have been obtained legally
Type of Evidence
- Real Evidence - tangible or object evidence - murder weapon, clothing, or other physical objects
- Documentary Evidence - any written items brought into court to prove a fact at hand. must also be authenticated example: a computer log must include a witness (system administrator to testify log was collected as a routine business practice and is indeed the actual log that the system collected.
– Documentary Evidence - best evidence rule states that when a document is used as evidence in a court proceeding, the original document must be introduced. Copies or descriptions of original evidence (known as secondary evidence) will not be accepted as evidence unless certain exceptions to the rule apply
– parole evidence rule - when an agreement between parties is put into written form, the written document is assumed to contain all the terms of the agreement and no verbal agreement may modify the written agreement.
- Testimonial Evidence - evidence consisting of the testimony of a witness, either verbal testimony in court or written testimony in a recorded deposition.

Answer 850

A

General description of the evidence
Time and date the evidence was collected
Exact location the evidence was collected from
Name of the person collecting the evidence
Relevant circumstances surrounding the collection.

Answer 851

A

digital evidence - all the general forensic and procedural principles must be applied
Upon seizing digital evidence, actions taken should not change that evidence.
access original digital evidence - person should be trained for the purpose
seizure, access, storage, or transfer of digital evidence must be fully documented, preserved, and available for review.
individual is responsible for all actions taken with respect to digital evidence while the digital evidence is in their possession
any agency that is responsible for seizing, accessing, storing, or transferring digital evidence is responsible for compliance with these principles.

Answer 852

A

IDS/IPS logs
Network flow data captured by a flow monitoring system
Packet captures deliberately collected during an incident
logs from firewalls and other network security devices

Answer 853

A

reviews of applications or the activity that takes place within a running application
conduct a review of software code, looking for backdoors, logic bombs, or other security vulnerabilities
review and interpret log files form application or database servers, seeking other signs of malicious activity, such as SQL injection attacks, privilege escalations, or other application attacks

Answer 854

A

Personal computers
Smartphones
Tablet computers
Embedded computers in cars, security systems, and other devices.

Answer 855

A

Voluntarily Surrender
Subpoena - or court order to surrender evidence and served by law enforcement.
Search warrant

Answer 856

A

Military and intelligence attacks - obtain secret and restricted information from law enforcement or military and technological research sources
Business attacks - obtaining an organization’s confidential information
Financial attacks - obtain money or services
Terrorist attacks - Fear
Grudge attacks - carried out to damage an organization or a person
Thrill attacks - Script Kitty - for the fun of it

Answer 857

A

The safety and welfare of society and the common good, duty to our principals, and to each other requires that we adhere, and be seen to adhere, to the highest ethical standards of behavior
Therefor, strict adherence to this Code is a condition of certification

Answer 858

A

Protect Society, the common good, necessary public trust and confidence, and the infrastructure.
Act honorably, honestly, justly, responsibly, and legally
Provide diligent and competent service to principals
Advance and protect the profession

Answer 859

A

Python, C++, Ruby, R, Java, and Visual Basic

Answer 860

A

C, Java, and FORTRAN

Answer 861

A

Python, R, JavaScript, and VBScript

Answer 862

A

methods from a class (parent or superclass) are inherited by another subclass (child)

Answer 863

A

forwarding of a request by an object to another object or delegate. An object delegates if it does not have a method to handle the message

Answer 864

A

is the characteristic of an object that allows it to respond with different behaviors to the same message or method because of changes in external conditions

Answer 865

A

strength of the relationship between the purposes of the methods within the same class

Answer 866

A

level of interaction between objects. Lower coupling mean less interaction. Lower coupling provides better software design because objects are more independent. Lower coupling is easier to troubleshoot and update.

Answer 867

A

formalized processes by which trust is built into the lifecycle of a system

Answer 868

A

verifies that the values provided by a user match the programmer’s expectation before allowing further processing. Should be done server side

Answer 869

A

Should be done before users are allow to access or modify data

Answer 870

A

detail for developers and admin. detailed error messages should be disabled on any servers and applications that are publicly accessible

Answer 871

A

configured to send detailed logging or errors and other security events to a centralized log repository

Answer 872

A

Open Web Application Security Project
Top 10 security threats for web
- Input validation failures
- Authentication attempts, especially failures
- access control failures
- Tampering attempts
- Use of invalid or expired session tokens
- Exceptions raised by the operating system or applications
- Use of administrative privbileges
- Transport Layer Security (TLS) failures
- Cryptographic errors

Answer 873

A

Fail-Secure - puts the system into a high level of security (possibly disables it entirely) until an administrator can diagnose the problem and restore the system to normal operations
Fail-open - allows users to bypass failed security controls, erring on the side of permissiveness

Answer 874

A

simple statement agreed on by all interested stakeholders that states the purpose of the project as well as the general system requirements

Answer 875

A

specific system functionalities are listed, and developers begin to think about how the parts of the system should interoperate to meet the functional requirements.

Answer 876

A

data provided to a function

Answer 877

A

the business logic describing what actions the system should take in response to different inputs

Answer 878

A

data provided from a function

Answer 879

A

Initiating - Business reasons behind the change are outlined, support is built for the initiative, and the appropriate infrastructure is put in place
Diagnosing - engineers analyze the current state of the organization and make general recommendations for change
Establishing - organization takes the general recommendations from the diagnosing phase and develops a specific plan of action that helps achieve those changes
Acting - organization develops solutions and then tests, refines, and implements them
Learning - moving forward and if the organization has achieved the desired goals and, when cecessary, propose new actions to put the organization back on course.

Answer 880

A

IRDMO

Initial
Repeatable
Defined
Managed
Optimized

IDEAL and SW-CMM - II DR ED AM LO

Answer 881

A

Program Evaluation Review Technique
tool used to judge the size of a software product in development and calculate the standard deviation (SD) for risk assessment.

Answer 882

A

Reduce Risk in environment

Request Control
Change Control
Release control
Configuration Identification
Configuration Control
configuration Status Accounting
Configuration Audit

Answer 883

A

Development and Operations

Software development, Quality assurance, IT operations

Answer 884

A

evaluates the security of software without running it by analyzing either the source code or the compiled application.

Answer 885

A

evaluates the security of software in a runtime environment and is often the only option for organizations deploying applications written by someone else

Answer 886

A

2-dimensional tables made up of rows and columns
Attributes (or fields) or degree - column
Record or tuple or cardinality - rows

Answer 887

A

database transactions

Atomicity - all-or-nothing if any part fails the entire transaction must be rolled back as if it never occurred.
Consistency - all transaction must begin operating in an environment that is consistent with all of the database’s rules.
Isolation - transactions operate separately from each other
Durability - once they are committed to the database, they must be preserved.

Answer 888

A

or edit control
is a preventive security mechanism that endeavors to make certain that the information stored in the database is always correct or at least has its integrity and availability protected
- failed concurrency has following issues
– Lost updates - when 2 different processes make update to a database unaware of each other’s activity
– Dirty Reads - process reads a record form a transaction that did not successfully commit

Answer 889

A

Open Database Connectivity

Answer 890

A

injecting theselves into trusted runtime processes of the operating system, such as svchost.exe, winlogin.exe, and explorer.exe

Answer 891

A

use more than one propagation technique in an attempt to penetrate systems that defend against only method or the other

Answer 892

A

hide themselves by actually tampering with the operating system to fool antivirus packages into thinking that everything is functioning normally. Think Rootkit

Answer 893

A

modify their own code as they travel from system to system

Answer 894

A

use cryptographic techniques to avoid detection

Answer 895

A

nuisance and wasted resources caused by virus hoaxes. Often delivered by email with a warning that the virus is destructive and no antivirus is able to detect or eradicate it.

Answer 896

A

2001 Microsoft IIS

randomly selected hundreds of IP addresses and then probed those addresses to see whether they were used by hosts running a vulnerable version of IIS
Defaced HTML pages replacing normal content with the following text Welcome to http://www.worm.com! Hacked By Chinese!
planted a logic bomb that would initiate a DDOS attack against the IP address 198.137.240.91 which belonged to the White House’s home page.

Answer 897

A

Searching for unprotected administrative shares of system on the local network
Exploiting Zero-day vulnerabilities on the Windows Server service and Windows Print Spooler service
Connecting to systems using a default database password
Spreading by the use of shared infected USB drives

Answer 898

A

vulnerabilities exist when a developer does not properly validate user input to ensure that it is of an appropriate size
Steps to include for user inputs
- user can’t enter a value longer than the size of any buffer that will hold it.
- user can’t enter an invalid value for the variable types that will hold it
can’t enter a value that will cause the program to operate outside its specified parameters.

Answer 899

A

or TOCTTOU

Time of check time of use

Answer 900

A

apply security patches release for operating will fortify a network against almost all rootkit attacks as well as a large number of other potential vulnerabilities

Answer 901

A

Cross-Site Scripting
user takes advantage of web site
web applications contain some type of reflected input

Answer 902

A

Cross-site request forgery attacks or CSRF

websites take advantage of user

Answer 903

A

Use prepared statements - leverage prepared statements to limit the application’s ability to execute arbitrary code.

Perform input validation

Limit Account privileges

Answer 904

A

Advanced Persistent Threat
sophisticated adversaries with advance technical skills and significant financial resources
Think Zero-day

Brainscape's Knowledge GenomeTM

Sunflower PDF Flashcards

Brainscape's Knowledge Genome^TM