Terms Flashcards

1
Q

Data classification

A

Civil: CPSP

Confidential / Private / Sensitive & Proprietary / Public

Military: TSC

Top Secret / Secret / Confidential / Sensitive But Unclassified / Unclassified

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Outsource code development to 3rd party.

A. Code from 3rd party will need to be manually reviewed for function and security.
B. If 3rd party goes out of business, existing code may need to be abandoned.
C. Third-party code development is always more expensive
D. A software escrow agreement should be established.

A

A,B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

A VPN can be a significant security improvement for many communication links. A VPN can be established over which of the following?

A. Wireless LAN connection
B. Remote access dial-up connection
C. WAN link
D. All of the above

A

D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

WPA3. The policy also states that ENT authentication will not be implemented. What authentication mechanism can be implemented in this situation?

A. IEEE 802.1X
B. IEEE 802.1q
C. SAE
D. EAP-FAST

A

WPA3 supports ENT (aka IEEE 802.1X) and SAE authentication. SAE still uses a password, but it no longer encrypts and sends that password across the connection to perform authentication. Instead, SAE performs a zero-knowledge proof process known as Dragonfly Key Exchange, which is itself a derivative of Diffie-Hellman.

IEEE 802.1X defines port-based network access control that ensures clients can’t communicate with a resource until proper authentication. It is based on EAP from PPP.

IEEE 802.1q defines the use of VLAN tags and is not relevant to Wi-FI authentication.

EAP-FAST is a Cisco protocol to replace LEAP. Not supported in WPA3.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

SW-CMM, which phrase is used to gain a detailed understanding of the software development process?

A

Managed.

Repeatable: basic lifecycle.
Defined: formal, documented development process.
Optimizing: continous improvement.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

AAA services. Accountability contains

A

Logging / Identification verification / Authorization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Social Engineering. Trick user to install.

A

Trojan horse. Viruses and logic bombs do not typically use social engineering.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Ring protection. Which layer Not implemented

A

Layer1 and 2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

X XOR Y

A

If both values are false / true, output is false.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

BIA 第一步

A

Identification of priorites

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Stateful inspection firewalls

A

Layer3 & Layer4.

adjust filtering rules based on the content and context of traffic of existing sessions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q
A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly