Total seminars Flashcards

1
Q

What is the MAU in a token ring network?

A

A media access unit (MAU) is a standalone device that acts as an Ethernet transceiver when connecting network nodes in local area networks LAN). MAUs are used in token ring network topology, where network stations form a logical ring — that is, data passes from one device to another in a continuous circle.

How MAUs work

MAUs typically operate at the data link layer (also called layer 2) of the open systems interconnection (OSI) model. MAUs manage physical connections between network devices, ensuring that data is transmitted and received correctly.

Unlike in conventional ring topology, if one device on the token ring fails, MAUs can bypass it and forward the data to the next device in the ring.

Types of MAU

Passive: Passive MAUs operate without an external power source, which means they can extend the network in places without convenient power outlets. Passive MAUs rely on the physical properties of cables and network interface cards (NICs) for data transmission.

Active: Active MAUs require an external power source for operation. In addition to data transmission, active MAUs can provide other network services, like amplifying signals or managing collisions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is a system account?

A

A local system account is a user account that is created by an operating system during installation and that is used for operating system-defined purposes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is OCTAVE?

A

The Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) is a risk assessment methodology typically employed by small teams of representatives from both IT and business areas to conduct risk analysis. It was developed by the Computer Emergency Response Team (CERT) Coordination Center at Carnegie Mellon University.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is a Java Virtual Machine?

A

The Java Virtual Machine (JVM) is platform independent and acts as a translator to run portable code. The JVM converts bytecode to the machine code that the processor on a particular system can understand.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is a runtime environment?

A

A runtime environment (RTE) functions as a miniature operating system for the program and provides all the resources portable code needs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is bytecode?

A

Bytecode is intermediate code created by Java and is not processor specific, which makes the Java programming language platform independent. The Java Virtual Machine (JVM) converts the bytecode to the machine code that the processor on a particular system can understand.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

How do you classify incidents?

A

A nondisaster is a disruption in service that has significant but limited impact on the conduct of business processes at a facility. The solution could include hardware, software, or file restoration.

A disaster is an event that causes the entire facility to be unusable for one day or longer. This usually requires the use of an alternate processing facility and restoration of software and data from offsite copies.

A catastrophe is a major disruption that destroys the facility altogether. This requires both a short-term solution, which would be an offsite facility, and a long-term solution, which may require rebuilding the original facility, and affects a business for weeks, months, or years.

A mishap is not one of the normal categorizations for a disaster; however, it may be a simple accident or other negative incident that does not qualify as a disaster. Depending upon its scope and severity, it may be considered a nondisaster.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

How are synchronous and asynchronous transmissions different?

A

Synchronous network transmissions provide timing synchronization rules to govern how systems communicate with each other. It differs from asynchronous transmission in that it is more complex and costly, it has a robust error checking, and is used for high-speed, high-volume transmissions. It is considered more reliable since asynchronous communications do not provide a method for regulating timing.

Asynchronous network transmissions provide synchronization rules to govern how systems communicate with each other. It differs from synchronous signaling in that it is simpler and less costly, its parity bits are used for error control, and it is used for irregular transmission patterns. It does not use any type of timing synchronization to regulate communications flow. Because of the lack of timing synchronization, it is less robust and reliable.

Asynchronous communication devices, such as modems, are not synchronized in that the devices involved can send data at will, sending a sequence of bits framed with start and stop bits that are reassembled into data at the receiving end. Asynchronous transmissions do not use a timing signal. Synchronous communication devices, on the other hand, determine a synchronization scheme before data transmission.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Explain SPF vs DKIM vs DMARC

A

Sender Policy Framework (SPF) is an e-mail validation system designed to prevent e-mail spam by detecting e-mail spoofing by verifying the sender’s IP address. SPF allows administrators to specify which hosts are allowed to send e-mail from a given domain by creating a specific SPF record in DNS. Mail exchanges use DNS to check that mail from a given domain is being sent by a host sanctioned by that domain’s administrators.

The DomainKeys Identified Mail (DKIM) standard, codified in RFC 6376, allows e-mail servers to digitally sign messages to provide a measure of confidence for the receiving server that the message is from the domain it claims to be from.

The Domain-based Message Authentication, Reporting and Conformance (DMARC) system defines how domains communicate to the rest of the world whether they are using SPF or DKIM (or both). It also codifies the mechanisms by which receiving servers provide feedback to the senders on the results of their validation of individual messages.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is the difference between Heuristic and Anomaly Based Detection?

A

Anomaly-based detection is similar to heuristic detection but examines behaviors exhibited after the code is executed; it does not look at the characteristics of the code before or during execution, as heuristic detection does, to determine if it is malicious.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is the Facilitated Risk Analysis Process?

A

Facilitated Risk Analysis Process (FRAP) is a qualitative risk assessment methodology that focuses only on the systems that really need assessing, to reduce costs and time obligations. It stresses prescreening activities so that the risk assessment steps are carried out only on the item(s) that needs it the most. FRAP is intended to be used to analyze one system, application, or business process at a time.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is OAuth and OIDC?

A

OAuth is an authorization framework and does not provide any authentication services; OpenID Connect (OIDC) is a simple authentication layer built on top of OAuth and handles authentication with third-party identity providers.

The authorization server is the system that keeps track of which clients are allowed to use which resources, and issues access tokens to those clients.

client is a process that requests access to a protected resource. Because this term describes the relationship of an entity with a resource provider in a client/server architecture, the “client” could actually be a web service (e.g., LinkedIn) that makes requests from another web service (e.g., Google).

The resource server controls the resource that the client is trying to access.

The resource owner is whoever owns a protected resource and is able to grant permissions for others to use it. These permissions are usually granted through a consent dialog box. The resource owner is typically an end user but could be an application or service.

In open-standards authorization framework that works between applications. It exchanges messages between the APIs of applications and creates a temporary token showing that access to the information or services provided by one application to the other is authorized.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is XOR?

A

XOR is an operation that is applied to 2 bits and is a function commonly used in binary mathematics and encryption methods. When combining the bits, if both values are the same, the result is 0 (1 XOR 1 = 0). If the bits are different from each other, the result is 1 (1 XOR 0 = 1).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What are the steps of the SDLC process?

A

Project planning, requirements, design, coding, testing, deployment, maintenance

The requirements gathering phase is where requirements are formally gathered, including functional requirements (what the software must do) and performance requirements (how well it must do it).

The design phase of the software development life cycle (SDLC) involves determining how the software will meet its functional and performance requirements, in terms of included functions, mechanisms, and components.

During the development/acquisitions phase, software is actually programmed, if developed internally, or acquired, meaning it is commissioned or bought from another source.

The operation/maintenance phase involves implementing software after it has been accepted by the organization and putting it into operational use. Maintenance involves planned change management, updates, and so on.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is the difference between software verification and validation?

A

Verification determines if the software product accurately represents and meets the specifications. After all, a product can be developed that does not match the original specifications, so this step ensures the specifications are being properly met. It answers the question, “Did we build the product right?”

Validation determines if the software product provides the necessary solution for the intended real-world problem.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is jitter?

A

Irregularity in the arrival times of consecutive packets, which hurts voice and video communications.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is line noise?

A

Random fluctuations in electrical-magnetic impulses that are carried along a physical medium.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What should you do during an M&A?

A

Depending on the terms of the divestiture, you should at least ensure that any vulnerabilities are mitigated to the maximum extent possible, to ensure a secure configuration and up-to-date patch management has been implemented on assets, which maintains and possibly increases the assets’ value. You should also ensure that any sensitive data is removed from the assets unless it is specifically part of the sale.

While it may be part of the terms of the sale to wipe all media in the assets, you likely do not wish to make sensitive data backups available to the new owners.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What is a cleanroom approach?

A

Cleanroom is a methodology that attempts to prevent errors or mistakes by following highly structured and formal methods of developing and testing. This approach is used for high-quality and mission-critical applications that will be put through a strict certification process.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What is the Joint Application Development methodology?

A

The Joint Application Development (JAD) methodology uses a team approach in application development in a workshop-oriented environment. This methodology is distinguished by its inclusion of members other than coders in the team.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What is the reuse methodology?

A

The reuse methodology approaches software development by using progressively developed code. Reusable programs are evolved by gradually modifying preexisting prototypes to customer specifications.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What is the exploratory methodology?

A

The exploratory methodology is used in instances where clearly defined project objectives have not been presented. Instead of focusing on explicit tasks, the exploratory methodology relies on covering a set of specifications likely to affect the final product’s functionality.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What is a data bus?

A

A system that transfers data within a computer.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

What is spaghetti code?

A

Source code that is difficult to understand because it has no defined structure.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

What is bounds checking?

A

Any method of detecting whether a variable is within some bounds before it is used.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

What is an ISMS?

A

An information security management system. It defines the controls an organization needs to implement.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

What is 802.16?

A

The network standard for MAN networks, to include Wimax.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

What is 802.15.4?

A

The standard for Personal Area Networks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

What is a Vernam cipher?

A

Another name for a one-time pad.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

What is the most important criteria for selecting security controls?

A

Protection level.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

What is Cyclic Redundancy Checking?

A

CRC can detect errors in data transmission.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

What is the difference between KPI and KRI?

A

Key performance indicators measure how well things are going currently, while key risk indicators measure how badly things could go in the future.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

What is cohesion?

A

Cohesion reflects how many different types of tasks a module can carry out. If a module carries out only one task (e.g., subtraction) or tasks that are very similar (e.g., subtraction, addition, multiplication), it is described as having high cohesion, which is a good thing. The higher the cohesion, the easier it is to update or modify the module and not affect other modules that interact with it.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

What is an island-hopping attack?

A

An island-hopping attack is one in which the attacker compromises an easier target that is somehow connected to the more desirable ultimate target, which the attacker then goes after. The attacker jumps from computer to computer until they reach the ultimate, more desirable target.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

What do you do after a risk response has been implemented?

A

The continuing effectiveness of controls to protect assets is carefully monitored to ensure that they maintain their protection in the face of a changing threat environment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

What is a fault tree analysis?

A

A fault tree analysis usually proves to be a useful approach to identifying failures that can take place within more complex environments and systems. Fault tree analysis follows this general process. First, an undesired effect is taken as the root or top event of a tree of logic. Then, each situation that has the potential to cause that effect is added to the tree as a series of logic expressions. Fault trees are then labeled with actual numbers pertaining to failure probabilities. This is typically done by using computer programs that can calculate the failure probabilities from a fault tree.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

What guides the development of testing and assessment procedures?

A

The security assessment strategy guides the development of standard testing and assessment procedures. This standardization is important because it ensures these activities are done in a consistent, repeatable, and cost-effective manner.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

What is a compliance check?

A

A compliance check is a test or assessment designed to determine if a control or security process complies with governance requirements. It might involve any other type of test, but its purpose is to determine compliance with standards.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

What are the steps of the security assessment process?

A

The organization should start its assessment process by conducting a vulnerability assessment, to determine any obvious weaknesses in the security control infrastructure. Then the organization should conduct a penetration test to see which of these vulnerabilities could be exploited. After mitigating the security control vulnerabilities, the organization should undergo a compliance audit to make sure that it meets the requirements of the governing body regulating protected healthcare information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

What is Kanban?

A

Kanban is an Agile development methodology that stresses visual tracking of all tasks so that the team knows what to prioritize at what point in time in order to deliver the right features right on time. Kanban projects used to be very noticeable because entire walls in conference rooms would be covered in sticky notes representing the various tasks that the team was tracking. Nowadays, many Kanban teams opt for virtual walls on online systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

Describe Extreme Programming.

A

Extreme Programming (XP) is an Agile development methodology that takes code reviews to the extreme (hence the name) by having them take place continuously.

Extreme Programming (XP) is an Agile development methodology that relies on test-driven development, in which the unit tests are written before the code. The programmer first writes a new unit test case, which fails because there is no code to satisfy it. The next step is to add just enough code to get the test to pass.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

Describe Scrum.

A

Scrum is an Agile methodology that acknowledges the fact that customer needs cannot be completely understood and will change over time. It focuses on team collaboration, customer involvement, and continuous delivery.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

What is a covert channel?

A

A covert channel is the act of using an unintended communication path to send and receive messages. It is a way for an entity to receive information in an unauthorized manner. In a covert timing channel, one process relays information to another by modulating its use of system resources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

What are the elements of a media management and protection policy?

A

Inventory control, secure object permissions assigned to media, and authorized access to physical media are all important elements that should be included in a media management and protection policy.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

What is an informative policy?

A

An informative policy is meant to educate employees about events, new developments, or changes within the organization. The message is purely one-way, meaning employees are not responsible for doing anything after reading the document. An example would be a document that explains how a company interacts with partners, the company’s goals and mission, or a general reporting structure in different situations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

What is the definition of software quality?

A

Fitness for purpose.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

How should risk be expressed to senior leaders?

A

Cost approach, income approach, or market approach.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

What is the difference between awareness, training, and education?

A

Awareness answers the question “what” and gives employees initial knowledge about a topic. Training presents the detailed “how” of a topic, and education answers the “why” questions of a topic.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

What is a rule-based access control model?

A

Rule-based access control is commonly used in conjunction with other models and is typically found on resources or devices, such as files, shares, printers, firewalls, routers, and so on, and prescribes rules for traffic entering and leaving those devices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

What is a control zone?

A

A control zone is an area that has been split up based on its respective level of sensitivity. Access controls should be chosen for each zone based on the criticality of devices and the sensitivity of data being processed.

51
Q

What is the difference between a memory card and a smart card?

A

The main difference between memory cards and smart cards is their capacity to process information. Memory cards hold information but cannot process information. Smart cards hold information and have the necessary hardware and software to actually process that information.

52
Q

What does an organization have to do to keep its trademark?

A

In the United States, a company must file paperwork with the USPTO between the fifth and sixth years showing that it is actually using the trademark. This means that you can’t just create a trademark you don’t ever use and keep others from using it. Another “Declaration of Use” must be filed between the ninth and tenth year, and then every nine to ten years thereafter.

53
Q

What is Simple Object Access Protocol?

A

Simple Object Access Protocol (SOAP) is a specification that outlines how information pertaining to web services is exchanged in a structured manner. It provides the basic messaging framework, which allows users to request a service and, in exchange, the service is made available to that user. SOAP can work with many other application layer protocols beyond just Hypertext Transfer Protocol (HTTP).

54
Q

What is a virtual password?

A

Most systems do not use the actual passphrase or password the user enters. Instead, they put this value through some type of encryption or hashing function to come up with another format of that value, referred to as a virtual password.

55
Q

What are the four phases of evidence handling?

A

The international standard on digital evidence handling is ISO/IEC 27037, Guidelines for Identification, Collection, Acquisition, and Preservation of Digital Evidence. This document identifies four phases of evidence handling: identification, collection, acquisition, and preservation.

56
Q

What is an SNMP community string?

A

A community string is basically a password a manager uses to request data from the agent, and there are two main community strings with different levels of access: read-only and read-write. As the names imply, the read-only community string allows a manager to read data held within a device’s Management Information Base (MIB), and the read-write string allows a manager to read the data and modify it.

57
Q

How is DAC implemented?

A

The most common implementation of discretionary access control (DAC) is through access control lists (ACLs), which are dictated and set by the owners and enforced by the operating system. When you look at the properties of a file or directory and see the choices that allow you to control which users can have access to this resource and to what degree, you are witnessing an instance of ACLs enforcing a DAC model.

58
Q

What is a dual-homed device?

A

Dual-homed refers to a device that has two interfaces: one connected to one network and the other connected to a different network. Dual-homed (as well as multihomed, which have several network interface cards spanning multiple networks) devices can filter traffic between the two networks. A single-homed device only has one network interface card and is attached to only one network.

59
Q

How do KRIs use SLE?

A

When considering KRIs, it is useful to relate them to single loss expectancy (SLE) equations. The SLE is the organization’s potential monetary loss if a specific threat were to be realized. It is the product of the loss and the likelihood that the threat will occur. A change in a KRI equates to a change in the likelihood that a specific threat will be realized, increasing the risk of a loss.

60
Q

How is WPA3 different than WPA2?

A

Wi-Fi Protected Access 3 (WPA3) is an improved protocol from the WPA2 standard. WPA3 Enterprise is similar to its predecessor but makes use of stronger cryptography by restricting the allowed algorithms to a handful of strong ones that use 192-bit keys. WPA3 Personal employs Simultaneous Authentication of Equals (SAE), which uses the Diffie-Hellman key exchange method but adds an authentication element based on the (potentially weak) password.

61
Q

What is an S-box?

A

Substitution boxes, or S-boxes, are used within block ciphers. S-boxes contain lookup tables to determine how a block of data is encrypted or decrypted. The key is used to decide which S-box to utilize with each block. Stream ciphers use keystream generators, which produce a stream of bits that is XORed with the plaintext bits to produce ciphertext.

62
Q

How do you test backups?

A

Important considerations for developing a strategy to test data backups are as follows: develop threat scenarios, develop a plan to test backups, leverage automation, minimize impact on business processes, ensure coverage so that every system is tested, document results, and fix or improve any issues.

63
Q

What should a security plan contain?

A

A security plan is developed at the beginning of a development project and integrated into the functional plan to ensure that security is not overlooked. The security plan often includes computer standards, documents developed in previous projects, security policies, accreditation statements, incident-handling plans, and national or international guidelines.

64
Q

What are distinguished names?

A

Each directory service has a way of identifying and naming the objects it will manage. In databases based on the X.500 standard that are accessed by the Lightweight Directory Access Protocol (LDAP), the directory service assigns distinguished names (DNs) to each object.

65
Q

What are the generations of programming languages?

A

The first generation of programming languages introduced machine language, which is a format that the computer’s processor can understand and work with directly.

Second-generation languages included hardware-specific symbolic representation of machine language instruction. Assembly language.

Third generation was more programmer friendly. C++, Java, etc.

Fourth-generation languages include very high-level languages and domain-specific languages such as database management, web development, etc. Examples include SQL and HTML.

Fifth-generation programming languages include knowledge-based programming, artificial intelligence, and natural language constructs.

66
Q

What is DBMS?

A

A database management system (DBMS) is a software system that allows you to efficiently create, read, update, and delete (CRUD) any given set of data. It is optimized for efficient storage of data, which means that, unlike flat files, it gives you ways to optimize the storage of all your information.

67
Q

What are the max sizes of IPv4 and IPv6 packets?

A

IPv4 limits packets to 65,535 bytes of payload, and IPv6 extends this size to 4,294,967,295 bytes. These larger packets are referred to as jumbograms and improve performance over high-MTU (maximum transmission unit) links, which have increased as newer technologies have evolved. An IPv6 jumbogram is an IPv6 packet carrying a payload larger than 65,535 bytes.

68
Q

What is DSSS?

A

Direct sequence spread spectrum (DSSS) is a frequency management technology primarily used in IEEE 802.11 wireless networks.

69
Q

What is FHSS?

A

Frequency hoping spread spectrum, used in wireless networks.

70
Q

How do pin tumbler locks work?

A

Pin tumbler locks (the most commonly used tumbler lock) require the key to have just the right grooves to put all the spring-loaded pins in the right position so the lock can be locked or unlocked.

71
Q

How do cipher locks work?

A

Cipher locks, also known as programmable locks, are keyless and use keypads to control access into an area or facility. The lock requires a specific combination to be entered into the keypad and possibly a swipe card.

Cipher locks cost more than traditional locks, but their combinations can be changed, specific combination sequence values can be locked out, and personnel who are in trouble or under duress can enter a specific code that will open the door and initiate a remote alarm at the same time.

72
Q

How do wafer tumblr locks work?

A

Wafer tumbler locks (also called disc tumbler locks) are the small, round locks you usually see on file cabinets. They use flat discs (wafers) instead of pins inside the locks. They often are used as car and desk locks. This type of lock does not provide much protection because it can be easily circumvented.

73
Q

How do combination locks work?

A

Combination locks require the correct combination of numbers to unlock them, not a key. These locks have internal wheels that have to line up properly before being unlocked. A user spins the lock interface left and right by so many clicks, which lines up the internal wheels. Once the correct turns have taken place, all the wheels are in the right position for the lock to release and open the door.

74
Q

What is the difference between BRI and PRI in ISDN?

A

Basic Rate Interface (BRI) Integrated Services Digital Network (ISDN) service provides two data (also called bearer, or B) channels (at 64 Kbps each), and one D, or control, channel (at 16 Kbps). Data is transferred over B channels and the call setup, maintenance, and teardown takes place over the D channel.

Primary Rate Interface (PRI) ISDN service provides 23 B channels and one D channel. BRI ISDN is generally used for home and small office subscribers. Note that ISDN is an obsolescent pure digital technology that uses legacy phone lines for both voice and data.

75
Q

What is a cognitive passwords?

A

Cognitive passwords are fact- or opinion-based information used to verify an individual’s identity. A user is enrolled by answering several questions based on her life experiences.

76
Q

How do you make sure third-party software development is secure?

A

Third-party software development security can be achieved through trust in the third-party developer’s processes, as well as contractual agreements between the organization and the third party.

77
Q

How does SPML work?

A

In SPML (Services Provisioning Markup Language), Provisioning Service Provider (PSP) is the software that responds to the account requests. The Requesting Authority (RA) is the entity that is making the request to set up a new account or make changes to an existing account. The Provisioning Service Target (PST) is the entity that carries out the provisioning activities on the requested system.

78
Q

Describe the Spiral methdology.

A

The Spiral methodology uses an iterative approach to software development and places emphasis on risk analysis. The methodology is made up of four main phases: determine objectives, risk analysis, development and test, and plan the next iteration.

79
Q

Describe the Waterfall methodology.

A

The Waterfall methodology uses a linear-sequential life-cycle approach where all requirements are gathered in the initial phase and there is no formal way to integrate changes as more information becomes available or requirements change. This methodology doesn’t use prototyping.

80
Q

Describe the incremental methodology.

A

When using the Incremental methodology, each incremental phase results in a deliverable that is an operational product. The Incremental methodology is not based upon risk analysis processes.

81
Q

What are breach and attack simulations?

A

Breach and attack simulations (BAS) are automated systems that launch simulated attacks against a target environment and then generate reports on their findings. They are meant to be realistic but not cause any adverse effect to the target systems. For example, a ransomware simulation might use “defanged” malware that looks and propagates just like the real thing but, when successful, will only encrypt a sample file on a target host as a proof of concept.

82
Q

What is a synthetic transaction?

A

A synthetic transaction is a script that runs to emulate the actions of a real person performing transactions on the system. The usefulness of synthetic transactions is that they allow security professionals to systematically test the behavior and performance of critical services.

83
Q

What are the three categories into which CIS categorizes controls?

A

The Center for Internet Security (CIS) Controls categorizes controls into basic, foundational, and organizational controls based on the criticality of implementation. The CIS Controls can also be scaled using three implementation groups, geared toward small, medium, and large organizations.

84
Q

What is Message Authentication Code?

A

Message authentication code (MAC) uses a symmetric key and a hashing algorithm and provides system authentication and integrity.

It is a cryptographic checksum.

85
Q

What are the levels of the CMMI?

A

Within the Initial level (maturity level 1), the development process is unpredictable and reactive. Work gets completed but is often delayed and over budget. (Source: CMMI Institute, https://cmmiinstitute.com/learning/appraisals/levels).

Within the Managed level (maturity level 2), work is managed on the project level. Projects are planned, performed, measured, and controlled. (Source: CMMI Institute, https://cmmiinstitute.com/learning/appraisals/levels)

Within the Defined level (maturity level 3), projects are proactive rather than reactive. Organization-wide standards provide guidance across projects, programs, and portfolios. (Source: CMMI Institute, https://cmmiinstitute.com/learning/appraisals/levels).

Level 4: Quantitatively Managed
Measured and controlled. Organization is data-driven with quantitative performance improvement objectives that are predictable and align to meet the needs of internal and external stakeholders.

Within the Optimizing level (maturity level 5), projects are stable and flexible. The organization is focused on continuous improvement and is built to pivot and respond to opportunity and change. The organization’s stability provides a platform for agility and innovation. (Source: CMMI Institute, https://cmmiinstitute.com/learning/appraisals/levels)

86
Q

What is the reference monitor?

A

The reference monitor is an abstract machine that mediates all access subjects have to objects, both to ensure that the subjects have the necessary access rights and to protect the objects from unauthorized access and destructive modification. It is an access control concept, not an actual physical component, which is why it is normally referred to as the “reference monitor concept” or an “abstract machine.”

87
Q

What is the ASOR?

A

An authoritative system of record (ASOR) is a hierarchical tree-like structure system that tracks subjects and their authorization chains. The ASOR should contain the subject’s name, associated accounts, authorization history per account, and provision details.

88
Q

What is the difference between an indicator, a metric, a measurement, and a factor?

A

An indicator is a particularly important metric that describes a key element of the effectiveness of a system, such as an information security management system (ISMS). In other words, indicators are meaningful to business leaders. If one of management’s goals is to minimize the number of high-severity incidents, then an indicator could be the ratio of such incidents declared during a reporting period compared to an established baseline.

A metric is a derived value that is generated by comparing multiple measurements against each other or against a baseline. Metrics are, by their very nature, comparative. An effective metric could be the ratio of verified incidents to intrusion detection system (IDS) alerts during a 30-day period.

A measurement is a quantitative observation of a factor at a particular point in time. In other words, this is raw data. Two examples of measurements would be 356 intrusion detection system (IDS) alerts in the last 24 hours and 42 verified events investigated by the incident response team in the month of January.

A factor is an attribute of a system, such as an information security management system (ISMS), that has a value that can change over time. Examples of factors are the number of alerts generated by an intrusion detection system (IDS) or the number of events investigated by the incident response team.

89
Q

What is sealing?

A

Sealing is the process of encrypting the data for a system’s specific hardware and software configuration and storing it on the Trusted Platform Module (TPM). This method is used to prevent tampering with hardware and software components to circumvent security mechanisms. If the drive or system is tampered with, the drive cannot be accessed.

90
Q

What is regression testing?

A

Regression testing retests after a change to software or a system to ensure functionality, performance, and protection.

91
Q

What is integration testing?

A

Integration testing verifies that components work together as outlined in design specifications.

92
Q

What is acceptance testing?

A

Acceptance testing ensures that the code meets customer requirements.

93
Q

What is unit testing?

A

Unit testing tests individual components in a controlled environment where programmers validate data structure, logic, and boundary conditions.

94
Q

What is SABSA?

A

Sherwood Applied Business Security Architecture (SABSA) slices an enterprise into different layers so that security can be more focused and precise. The model is made up of six layers. Each layer represents a different view of the organization and the types of security controls that need to be put into place.

95
Q

What is a deferred commitment?

A

Deferred commitment refers to the benefit of OOP of being able to redefine internal components of an object without changing other parts of the system, which is an advantage over procedural programming.

96
Q

What is modularity?

A

Modularity refers to the benefit of OOP of having building blocks of software that are autonomous objects, cooperating through the exchange of messages.

97
Q

What is re usability?

A

Reusability refers to the benefit of OOP of having classes that are reused by other programs, though they may be refined through inheritance.

98
Q

What is naturalness?

A

Naturalness refers to the benefit of OOP of being able to map object-oriented analysis, design, and modeling to business needs and solutions.

99
Q

What does the change control analyst do?

A

The change control analyst is responsible for approving or rejecting requests to make changes to the network, systems, or software. This role must make certain that the change will not introduce any vulnerabilities, that it has been rigorously tested, and that it is properly rolled out. While not necessarily a security role, the change control analyst needs to understand how various changes can affect security, interoperability, performance, and productivity.

100
Q

What are the four essential characteristics of threat intelligence?

A

The four essential characteristics of good threat intelligence, known by the acronym CART, are complete, accurate, relevant, and timely. Historical is not one of those essential characteristics, since that could circumvent the timely characteristics of good intelligence.

101
Q

Which is faster, 802.11a or 802.11b?

A

802.11a works in the 5-GHz range and provides a faster data transfer speed than 802.11b.

102
Q

What is attenuation?

A

Attenuation is the loss of signal strength as it travels. Regardless of which type of cabling is used, attenuation is inevitable given a long enough distance, which is why repeaters were invented.

103
Q

What is the primary security issue with APIs?

A

Parameter validation is the primary security issue with APIs

104
Q

How do you determine key space?

A

The keyspace equals 2 to the nth power, n being the size of the key

105
Q

What is the Telephone Records and Privacy Protection Act of 2006?

A

the Telephone Records and Privacy Protection Act of 2006 imposes stiff criminal penalties on anyone who uses pretexting to obtain confidential information.

106
Q

What is CASE?

A

Computer-aided software engineering (CASE) refers to any type of software tool that supports automated development of software, which can come in the form of program editors, debuggers, code analyzers, version-control mechanisms, and more.

107
Q

Which mode does IPSec use for VPN implementations?

A

IPSec Transport mode is used on a local area network. VPN implementations use tunnel mode.

108
Q

Which OSI layer does E2EE work at?

A

End-to-end encryption (E2EE) works at the application layer of the OSI model. Because it works with higher layer protocols, it cannot protect IP headers or data.

109
Q

Which OSI layer does PPTP work at?

A

Point-to-point Tunneling Protocol (PPTP) works at the data link layer of the OSI model. PPTP provides no protection for IP headers or data payloads and does not work with IPSec. It uses the Microsoft Point-To-Point Encryption (MPPE) protocol for encryption services.

110
Q

Which OSI layer does TLS work at?

A

Transport Layer Security (TLS) works at the session layer of the OSI model. It does not protect IP headers and payloads.

111
Q

How does TLS verify the identity of endpoints?

A

Transport Layer Security (TLS) uses digital certificates to verify the identity of one or both endpoints in a transmission.

112
Q

What is software-defined security?

A

Software-defined security refers to applications that perform security functions and make quick, dynamic security decisions in areas such as advanced traffic filtering, intrusion detection and response, and malware analysis and containment.

113
Q

What is the four-dimensional model in ITIL 4?

A

ITIL 4 blends all parts of an organization using a four-dimensional model built around the concept of value for the stakeholders. The dimensions in this model are organizations and people, value streams and processes, information and technology, and partners and suppliers. These exist in a broader context that is influenced by factors that can be political, economic, social, technological, legal or environmental. Effective organizations must consider all four dimensions within their broader context when planning, developing, and offering products and/or services if they are to provide value.

114
Q

How do MANs connect businesses to WANs, other MANs, etc?

A

Synchronous Optical Networking (SONET) or Fiber Distributed Data Interface (FDDI) rings

115
Q

What is a covert timing channel?

A

A covert timing channel modulates the operating system’s resources, which allows for communication between two processes. This is an example of a covert communication channel.

116
Q

What is the Wassenaar Arrangement?

A

The Wassenaar Arrangement is an agreement among numerous countries (currently 42 signatories) to control the export of certain types of sensitive items and technologies to agreed-upon “terrorist countries” (countries identified by the signatories as having connections with terrorist groups and activities). The agreed-upon controls do not apply to products that can be downloaded from the Internet.

117
Q

What is OFDMA?

A

Orthogonal frequency division multiple access (OFDMA) is derived from a combination of FDMA and TDMA. In OFDMA, each of the channels is subdivided into a set of closely spaced orthogonal frequencies with narrow bandwidths (subchannels). Each of the different subchannels can be transmitted and received simultaneously in a multiple input, multiple output (MIMO) manner.

118
Q

What is a maintenance hook?

A

Sometimes developers include lines of code in a product that will allow them to do a few keystrokes and get right into the application. This allows them to bypass any security and access controls so they can quickly access the application’s core components. This is referred to as a “back door” or “maintenance hook” and must be removed before the code goes into production.

119
Q

What are the four phases of evidence handling?

A

ISO/IEC 27037, the international standard on digital evidence handling, identifies four phases of evidence handling: identification, collection, acquisition, and preservation.
—The first step is to identify the digital crime scene. Evidence will exist in a multitude of devices such as routers, network appliances, cloud services, smartphones, and even IoT devices.
—Evidence collection is the process of gaining physical control over devices that could potentially have evidentiary value. A chain of custody documents each person that has control of the evidence at every point in time. In large investigations, one person may collect evidence, another transport it, and a third store it. Keeping track of all these individuals is critical to proving in court that the evidence was not tampered with.
—Acquisition means creating a forensic image of digital data for examination. Generally there are two types of acquisition: physical and logical. In digital acquisition, the investigator makes a bit-for-bit copy of the contents of a physical storage device, bypassing the operating system. This includes all files, but also free space and previously deleted data. In a logical acquisition, on the other hand, the forensic image is of the files and folders in a file system, which relies on the operating system.
—Preservation of evidence in a forensically sound manner requires established procedures based on legally accepted best practices. This includes ensuring that only a small group of qualified individuals have access to the evidence, and then only to perform specific functions. This also includes procedures such as two-person control and secure media storage.

120
Q

What are boundary conditions?

A

Boundary conditions are test cases that occur between data communication points during interface tests.

121
Q

What is ITU-T H.323?

A

The ITU-T H.323 recommendation is a standard that deals with audio and video calls over packet-based networks. H.323 defines four types of components: terminals, gateways, multipoint control units, and gatekeepers. H.323 doesn’t set up and break down call sessions or provide phone-line features.

122
Q

What is Spanning Tree Protocol?

A

Spanning Tree Protocol (STP) ensures that frames do not circle networks forever, provides redundant paths in case a bridge goes down, assigns unique identifiers to each bridge, assigns priority values to these bridges, and calculates path costs. STP also enables an administrator to indicate whether traffic should travel certain paths instead of others. Newer bridges implement the Shortest Path Bridging (SPB) protocol, which is defined in IEEE 802.1aq and is more efficient and scalable than STP.

123
Q

What is the work factor?

A

The ratio of real power to apparent power is called the work factor, which can never be greater than one (since the denominator is the ideal apparent power).

124
Q

What is the difference between volts, amps, and watts?

A

Volts measures the potential electric force between two points in a circuit. Amps measures the actual electric flow through the circuit, also called current. Watts measures electrical power and is calculated by multiplying voltage by amperage.