Total seminars Flashcards
What is the MAU in a token ring network?
A media access unit (MAU) is a standalone device that acts as an Ethernet transceiver when connecting network nodes in local area networks LAN). MAUs are used in token ring network topology, where network stations form a logical ring — that is, data passes from one device to another in a continuous circle.
How MAUs work
MAUs typically operate at the data link layer (also called layer 2) of the open systems interconnection (OSI) model. MAUs manage physical connections between network devices, ensuring that data is transmitted and received correctly.
Unlike in conventional ring topology, if one device on the token ring fails, MAUs can bypass it and forward the data to the next device in the ring.
Types of MAU
Passive: Passive MAUs operate without an external power source, which means they can extend the network in places without convenient power outlets. Passive MAUs rely on the physical properties of cables and network interface cards (NICs) for data transmission.
Active: Active MAUs require an external power source for operation. In addition to data transmission, active MAUs can provide other network services, like amplifying signals or managing collisions.
What is a system account?
A local system account is a user account that is created by an operating system during installation and that is used for operating system-defined purposes.
What is OCTAVE?
The Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) is a risk assessment methodology typically employed by small teams of representatives from both IT and business areas to conduct risk analysis. It was developed by the Computer Emergency Response Team (CERT) Coordination Center at Carnegie Mellon University.
What is a Java Virtual Machine?
The Java Virtual Machine (JVM) is platform independent and acts as a translator to run portable code. The JVM converts bytecode to the machine code that the processor on a particular system can understand.
What is a runtime environment?
A runtime environment (RTE) functions as a miniature operating system for the program and provides all the resources portable code needs.
What is bytecode?
Bytecode is intermediate code created by Java and is not processor specific, which makes the Java programming language platform independent. The Java Virtual Machine (JVM) converts the bytecode to the machine code that the processor on a particular system can understand.
How do you classify incidents?
A nondisaster is a disruption in service that has significant but limited impact on the conduct of business processes at a facility. The solution could include hardware, software, or file restoration.
A disaster is an event that causes the entire facility to be unusable for one day or longer. This usually requires the use of an alternate processing facility and restoration of software and data from offsite copies.
A catastrophe is a major disruption that destroys the facility altogether. This requires both a short-term solution, which would be an offsite facility, and a long-term solution, which may require rebuilding the original facility, and affects a business for weeks, months, or years.
A mishap is not one of the normal categorizations for a disaster; however, it may be a simple accident or other negative incident that does not qualify as a disaster. Depending upon its scope and severity, it may be considered a nondisaster.
How are synchronous and asynchronous transmissions different?
Synchronous network transmissions provide timing synchronization rules to govern how systems communicate with each other. It differs from asynchronous transmission in that it is more complex and costly, it has a robust error checking, and is used for high-speed, high-volume transmissions. It is considered more reliable since asynchronous communications do not provide a method for regulating timing.
Asynchronous network transmissions provide synchronization rules to govern how systems communicate with each other. It differs from synchronous signaling in that it is simpler and less costly, its parity bits are used for error control, and it is used for irregular transmission patterns. It does not use any type of timing synchronization to regulate communications flow. Because of the lack of timing synchronization, it is less robust and reliable.
Asynchronous communication devices, such as modems, are not synchronized in that the devices involved can send data at will, sending a sequence of bits framed with start and stop bits that are reassembled into data at the receiving end. Asynchronous transmissions do not use a timing signal. Synchronous communication devices, on the other hand, determine a synchronization scheme before data transmission.
Explain SPF vs DKIM vs DMARC
Sender Policy Framework (SPF) is an e-mail validation system designed to prevent e-mail spam by detecting e-mail spoofing by verifying the sender’s IP address. SPF allows administrators to specify which hosts are allowed to send e-mail from a given domain by creating a specific SPF record in DNS. Mail exchanges use DNS to check that mail from a given domain is being sent by a host sanctioned by that domain’s administrators.
The DomainKeys Identified Mail (DKIM) standard, codified in RFC 6376, allows e-mail servers to digitally sign messages to provide a measure of confidence for the receiving server that the message is from the domain it claims to be from.
The Domain-based Message Authentication, Reporting and Conformance (DMARC) system defines how domains communicate to the rest of the world whether they are using SPF or DKIM (or both). It also codifies the mechanisms by which receiving servers provide feedback to the senders on the results of their validation of individual messages.
What is the difference between Heuristic and Anomaly Based Detection?
Anomaly-based detection is similar to heuristic detection but examines behaviors exhibited after the code is executed; it does not look at the characteristics of the code before or during execution, as heuristic detection does, to determine if it is malicious.
What is the Facilitated Risk Analysis Process?
Facilitated Risk Analysis Process (FRAP) is a qualitative risk assessment methodology that focuses only on the systems that really need assessing, to reduce costs and time obligations. It stresses prescreening activities so that the risk assessment steps are carried out only on the item(s) that needs it the most. FRAP is intended to be used to analyze one system, application, or business process at a time.
What is OAuth and OIDC?
OAuth is an authorization framework and does not provide any authentication services; OpenID Connect (OIDC) is a simple authentication layer built on top of OAuth and handles authentication with third-party identity providers.
The authorization server is the system that keeps track of which clients are allowed to use which resources, and issues access tokens to those clients.
client is a process that requests access to a protected resource. Because this term describes the relationship of an entity with a resource provider in a client/server architecture, the “client” could actually be a web service (e.g., LinkedIn) that makes requests from another web service (e.g., Google).
The resource server controls the resource that the client is trying to access.
The resource owner is whoever owns a protected resource and is able to grant permissions for others to use it. These permissions are usually granted through a consent dialog box. The resource owner is typically an end user but could be an application or service.
In open-standards authorization framework that works between applications. It exchanges messages between the APIs of applications and creates a temporary token showing that access to the information or services provided by one application to the other is authorized.
What is XOR?
XOR is an operation that is applied to 2 bits and is a function commonly used in binary mathematics and encryption methods. When combining the bits, if both values are the same, the result is 0 (1 XOR 1 = 0). If the bits are different from each other, the result is 1 (1 XOR 0 = 1).
What are the steps of the SDLC process?
Project planning, requirements, design, coding, testing, deployment, maintenance
The requirements gathering phase is where requirements are formally gathered, including functional requirements (what the software must do) and performance requirements (how well it must do it).
The design phase of the software development life cycle (SDLC) involves determining how the software will meet its functional and performance requirements, in terms of included functions, mechanisms, and components.
During the development/acquisitions phase, software is actually programmed, if developed internally, or acquired, meaning it is commissioned or bought from another source.
The operation/maintenance phase involves implementing software after it has been accepted by the organization and putting it into operational use. Maintenance involves planned change management, updates, and so on.
What is the difference between software verification and validation?
Verification determines if the software product accurately represents and meets the specifications. After all, a product can be developed that does not match the original specifications, so this step ensures the specifications are being properly met. It answers the question, “Did we build the product right?”
Validation determines if the software product provides the necessary solution for the intended real-world problem.
What is jitter?
Irregularity in the arrival times of consecutive packets, which hurts voice and video communications.
What is line noise?
Random fluctuations in electrical-magnetic impulses that are carried along a physical medium.
What should you do during an M&A?
Depending on the terms of the divestiture, you should at least ensure that any vulnerabilities are mitigated to the maximum extent possible, to ensure a secure configuration and up-to-date patch management has been implemented on assets, which maintains and possibly increases the assets’ value. You should also ensure that any sensitive data is removed from the assets unless it is specifically part of the sale.
While it may be part of the terms of the sale to wipe all media in the assets, you likely do not wish to make sensitive data backups available to the new owners.
What is a cleanroom approach?
Cleanroom is a methodology that attempts to prevent errors or mistakes by following highly structured and formal methods of developing and testing. This approach is used for high-quality and mission-critical applications that will be put through a strict certification process.
What is the Joint Application Development methodology?
The Joint Application Development (JAD) methodology uses a team approach in application development in a workshop-oriented environment. This methodology is distinguished by its inclusion of members other than coders in the team.
What is the reuse methodology?
The reuse methodology approaches software development by using progressively developed code. Reusable programs are evolved by gradually modifying preexisting prototypes to customer specifications.
What is the exploratory methodology?
The exploratory methodology is used in instances where clearly defined project objectives have not been presented. Instead of focusing on explicit tasks, the exploratory methodology relies on covering a set of specifications likely to affect the final product’s functionality.
What is a data bus?
A system that transfers data within a computer.
What is spaghetti code?
Source code that is difficult to understand because it has no defined structure.
What is bounds checking?
Any method of detecting whether a variable is within some bounds before it is used.
What is an ISMS?
An information security management system. It defines the controls an organization needs to implement.
What is 802.16?
The network standard for MAN networks, to include Wimax.
What is 802.15.4?
The standard for Personal Area Networks.
What is a Vernam cipher?
Another name for a one-time pad.
What is the most important criteria for selecting security controls?
Protection level.
What is Cyclic Redundancy Checking?
CRC can detect errors in data transmission.
What is the difference between KPI and KRI?
Key performance indicators measure how well things are going currently, while key risk indicators measure how badly things could go in the future.
What is cohesion?
Cohesion reflects how many different types of tasks a module can carry out. If a module carries out only one task (e.g., subtraction) or tasks that are very similar (e.g., subtraction, addition, multiplication), it is described as having high cohesion, which is a good thing. The higher the cohesion, the easier it is to update or modify the module and not affect other modules that interact with it.
What is an island-hopping attack?
An island-hopping attack is one in which the attacker compromises an easier target that is somehow connected to the more desirable ultimate target, which the attacker then goes after. The attacker jumps from computer to computer until they reach the ultimate, more desirable target.
What do you do after a risk response has been implemented?
The continuing effectiveness of controls to protect assets is carefully monitored to ensure that they maintain their protection in the face of a changing threat environment.
What is a fault tree analysis?
A fault tree analysis usually proves to be a useful approach to identifying failures that can take place within more complex environments and systems. Fault tree analysis follows this general process. First, an undesired effect is taken as the root or top event of a tree of logic. Then, each situation that has the potential to cause that effect is added to the tree as a series of logic expressions. Fault trees are then labeled with actual numbers pertaining to failure probabilities. This is typically done by using computer programs that can calculate the failure probabilities from a fault tree.
What guides the development of testing and assessment procedures?
The security assessment strategy guides the development of standard testing and assessment procedures. This standardization is important because it ensures these activities are done in a consistent, repeatable, and cost-effective manner.
What is a compliance check?
A compliance check is a test or assessment designed to determine if a control or security process complies with governance requirements. It might involve any other type of test, but its purpose is to determine compliance with standards.
What are the steps of the security assessment process?
The organization should start its assessment process by conducting a vulnerability assessment, to determine any obvious weaknesses in the security control infrastructure. Then the organization should conduct a penetration test to see which of these vulnerabilities could be exploited. After mitigating the security control vulnerabilities, the organization should undergo a compliance audit to make sure that it meets the requirements of the governing body regulating protected healthcare information.
What is Kanban?
Kanban is an Agile development methodology that stresses visual tracking of all tasks so that the team knows what to prioritize at what point in time in order to deliver the right features right on time. Kanban projects used to be very noticeable because entire walls in conference rooms would be covered in sticky notes representing the various tasks that the team was tracking. Nowadays, many Kanban teams opt for virtual walls on online systems.
Describe Extreme Programming.
Extreme Programming (XP) is an Agile development methodology that takes code reviews to the extreme (hence the name) by having them take place continuously.
Extreme Programming (XP) is an Agile development methodology that relies on test-driven development, in which the unit tests are written before the code. The programmer first writes a new unit test case, which fails because there is no code to satisfy it. The next step is to add just enough code to get the test to pass.
Describe Scrum.
Scrum is an Agile methodology that acknowledges the fact that customer needs cannot be completely understood and will change over time. It focuses on team collaboration, customer involvement, and continuous delivery.
What is a covert channel?
A covert channel is the act of using an unintended communication path to send and receive messages. It is a way for an entity to receive information in an unauthorized manner. In a covert timing channel, one process relays information to another by modulating its use of system resources.
What are the elements of a media management and protection policy?
Inventory control, secure object permissions assigned to media, and authorized access to physical media are all important elements that should be included in a media management and protection policy.
What is an informative policy?
An informative policy is meant to educate employees about events, new developments, or changes within the organization. The message is purely one-way, meaning employees are not responsible for doing anything after reading the document. An example would be a document that explains how a company interacts with partners, the company’s goals and mission, or a general reporting structure in different situations.
What is the definition of software quality?
Fitness for purpose.
How should risk be expressed to senior leaders?
Cost approach, income approach, or market approach.
What is the difference between awareness, training, and education?
Awareness answers the question “what” and gives employees initial knowledge about a topic. Training presents the detailed “how” of a topic, and education answers the “why” questions of a topic.
What is a rule-based access control model?
Rule-based access control is commonly used in conjunction with other models and is typically found on resources or devices, such as files, shares, printers, firewalls, routers, and so on, and prescribes rules for traffic entering and leaving those devices.
