Weaknesses 3-20 Flashcards
What is the appropriate default level for an access control mechanism?
No access
The Vigenere cipher was developed in 16th century France. What does it use as a key?
A secret word
How are FDDI and FDDI-2 different?
FDDI-2 allows for fixed bandwidth to be assigned
SSL requires what kind of infrastructure for certificate authorities and certificates?
PKI - Public Key Infrastructure
In 1976 Diffie and Hellman introduced what cryptography technology?
Electronic Key Distribution - Diffie-Hellmen key exchange
What three types of attacks fall under the umbrella of timing attacks?
Between the lines, NAK, and line disconnect
TRUE/FALSE - SYN attack is considered a timing attack
FALSE
Allowing one object to have two security classifications requires what?
Polyinstantiation
TRUE / FALSE - PPTP can only work over IP
TRUE
What is the first step in an audit?
Determine goals
During what step of the penetration testing process do you perform port scans and identify resources?
Enumeration
TRUE/FALSE - TPM uses two types of internal memory for specific purposes. Persistent memory, which is static and contains the endorsement key / storage key — and Versatile memory, which is dynamic and contains attestation key, platform configuration hashes, and storage keys
TRUE
What are the six phases of a project?
Initiate project, perform BIA, create strategy, create plan, implement, test, maintain
What is the difference between 802.11a and 802.11b?
802.11a works in 5GHz range and provides faster data transfer speed than 802.11b
If a company has high turnover rate, which access control structure is best?
Role base
Determining what a user can access based on the data, not the subject’s identity, is called what?
Content-based access control
What is the main purpose of information risk management (IRM)?
It is the process of identifying, assessing, and reducing the risk to an acceptable level
Which group states that the internet is a privilege and should be treated and used with respect?
Internet Architecture board
What is the goal of Operational security?
To keep production in proper working order, and protecting the hardware and media from unauthorized access.
What is the difference between confusion and diffusion?
Confusion is carried out with substitution, diffusion is carried out through transposition
A virus that affects both a boot record and files in a directory is called what?
Multipartite
What is the proper steps in selecting and implementing a new computer project?
Evaluation, certification, acredidation
What architecture type is used when an external router is used to filter traffic before it enters the network and another screening service is used to monitor traffic before it enters the internal network
Screened-subnet
Why are network sniffers dangerous to an environment?
Their presence and activities are not auditable
During which phase of the software development life cycle should attack surface analysis and threat modeling be performed?
Design
What is the difference between OSA and SKA?
SKA requires a WEP encryption key
What is the product of data mining?
Meta data
If an organization has a formal media library, which individual is reponsible for the overall security and protection of the media?
Media librarian
TRUE/FALSE - The volume of data is a critical factor in DLP
FALSE