Wiley_08072017

Question 1

This is necessary to obtain a Search Warrant

Answer 1

PROBABLE CAUSE

Question 2

ISC Code of Ethics:

Answer 2

• Protect society, the commonwealth, and the infrastructure.
• Act honorably, honestly, justly, responsibly, and legally.
• Provide diligent and competent service to principals.
• Advance and protect the profession.

Question 3

Prudent Man Rule is from what guideline?

Answer 3

The Federal Sentencing Guidelines formalized the prudent man rule and applied it to information security

Question 4

Christopher would like to send Renee a message using asymmetric encryption. What key should he use to encrypt the message? Renee’s public key is used to encrypt the message.

Answer 4

The sender of a message uses the recipient’s public key to encrypt it.

Question 5

This is generated by the difference in power between the hot and ground wires of a power source or operating electrical equipment

Answer 5

Common mode noise

Question 6

A Security Label protects against

Answer 6

Tampering

Question 7

Warm Sites take ___ hours to recover

Answer 7

12

Question 8

Packet Switching has ______ delays.

Circuit Switching has _______ delays.

Answer 8

Packet = Variable Delays

Circuit = Fixed Delays

Question 9

Replaced SSL

Answer 9

TLS

Question 10

_______ _________ mechanisms are set in place to establish a means of verifying the correctness of detection systems and sensors

Answer 10

Secondary verification

Question 11

Audit Report Requirements:

Answer 11

purpose

scope

results

Question 12

A ______ is created through the assignment of an IP address and a subnet mask.

Answer 12

subnet

Question 13

________ connects disparate networks rather than creating network segments

Answer 13

Router

Question 14

Routers only manage traffic between ______

Answer 14

subnets

Question 15

_________ is a networking device that can be used to create digital network segments (i.e., VLANs) that can be altered as needed by adjusting the settings internal to the device rather than on end-point devices

Answer 15

Switch

Question 16

Spoofing Countermeasures

Answer 16

SPOOFING Countermeasures:
Patching

Source/Destination Verification on Routers

IDS

Question 17

CPU _________ are the fastest form of memory..

Answer 17

registers

Question 18

______ is a subset of sampling, which is a process of extracting data from a large body of information but with a specified cut-off point or threshold

Answer 18

Clipping

Question 19

IDSs can detect attacks from:

Answer 19

1) external connection attempts,
2) execution of malicious code,
3) unauthorized access attempts to controlled objects.

Question 20

The document Ethics and the Internet was issued as RFC 1087 by the ____ ____ ____

Answer 20

Internet Advisory Board

Question 21

CESAR Cipher is a ________ CIPHER

Answer 21

SUBSTITUTION

Question 22

Block Cipher: Operate on __________and apply the encryption algorithm to the __________message block.

Answer 22

CHUNKS, ENTIRE

Used by most modern encryption algorithms used BLOCK.

Question 23

Substitution Cipher: Replace with a different ________.

Answer 23

Character

Question 24

Stream Ciphers: Operate on ____ bit or character at a time.

Answer 24

ONE

Question 25

ONE TIME Ciphers are ______CIPHERS…

Answer 25

STREAM

Question 26

A _______ is a system that hides the true meaning of a message. This uses a variety of
techniques to alter and/or rearrange the characters or words of a message to achieve
confidentiality….

Answer 26

Cipher

Question 27

CIPHER provides ____________

Answer 27

Confidentiality

Question 28

CFB vs CBC: Cipher Feedback Mode (CFB) uses a _________ cipher, compared to CBC’s block cipher.

Answer 28

streaming

Question 29

Cipher Feedback (CFB): A mode in which the DES algorithm is used to encrypt the
preceding block of cipher text. This block is then XORed with the _________block of plain text
to produce the next block of cipher text….C F B uses a STREAMING cipher..

Answer 29

Next

Hint CFB is “NEXT”

Question 30

Cipher Block Chaining (CBC): A process in which each block of unencrypted text is
XORed with the block of cipher text immediately preceding it before it is encrypted using
the DES algorithm…
In Cipher Block Chaining (CBC) mode, each block of unencrypted text is XORed with the block of cipher text immediately __________it before it is encrypted using the DES algorithm.

Answer 30

preceding

Question 31

TCP IP Handshake

Answer 31

SYN
SYN/ACK
ACK

Question 32

Provides daily updates on fires

Answer 32

N I F C provides daily updates on fire

Question 33

This attacks the three-way handshake process used by TCP/IP to initiate communication sessions

Answer 33

SYN Flood Attack

Question 34

AGILE Software Development prefers being FLEXIBLE as opposed to following a _____

Answer 34

Plan

Question 35

Auxiliary alarm systems facilitate local, remote, and centralized alarm systems by notifying external sources (police, fire, and medical) of signifying events…
AUXILARY ALARMS will notify ______Sources…

Answer 35

EXTERNAL

Question 36

A _______ is a form of gate that prevents more than one person at a time from gaining entry and often restricts movement in one direction.

Answer 36

turnstile

Question 37

RSA is an example of __________cryptography, which does not require a preexisting relationship to provide a secure mechanism for data exchange. Two individuals can begin communicating securely from the moment they start communicating…

Answer 37

asymmetric

Question 38

RSA does not have a _________ relationship and can start communications quickly…

Answer 38

pre existing

Question 39

3 Common forms of Governance:

Answer 39

1) IT …2) CORPORATE…3) SECURITY..

Question 40

_________ is the periodic examination and review of a network to ensure that it meets security and regulatory compliance..

Answer 40

Auditing

Question 41

_________mode noise is generated by the difference in power between the hot and ground wires of a power source or operating electrical equipment…next topic..

Answer 41

Common

Question 42

REAL EVIDENCE – Tangible. Can be brought in to court. This is usually ________EVIDENCE..

Next topic…

Answer 42

CONCLUSIVE

Question 43

DOCUMENTARY EVIDENCE – Written items to prove a ____. Must be authenticated.

Answer 43

fact

Question 44

BEST EVIDENCE - must be the ______.

Answer 44

ORIGINAL

Question 45

PAROLE EVIDENCE means evidence is _______and NOT verbal.

Answer 45

written

Question 46

Static Packet Filtering Firewall - ..Layer ______, A static packet-filtering firewall filters traffic by examining data from a message header….

Answer 46

3,

Question 47

Static Packet Filtering Firewall - .. Layer 3 (NETWORK). A static packet-filtering firewall filters traffic by examining data from a message _______.

Answer 47

header

Question 48

Application Level Gateway Firewall - ..Layer 7, A K A Proxy..Filters traffic based on Internet Service OR Application..SLOW and considered ____ generation. Operates at Layer 7. ..

Answer 48

2nd

Question 49

Circuit Level Gateway Firewall – Layer ___(Session). SOCKS (Socket Secure). 2nd generation. Manages based on Circuit as opposed to the content. Allows and Denies strictly on SOURCE/DESTINATION address and port. ..

Answer 49

5,

Question 50

Circuit Level Gateway Firewall – Layer 5 (Session). SOCKS (Socket Secure). 2nd generation. Manages based on Circuit as opposed to the _______. Allows and Denies strictly on SOURCE/DESTINATION address and port. ..

Answer 50

content

Question 51

2 Types of MULTIPROCESSING systems

Answer 51

SMP and MMP

Question 52

used to create a UNIQUE CIPHER TEXT every time the same message is encrypted with the same key…

Answer 52

Initialization Vector

Question 53

802.3 is Layer ___

Answer 53

2

Question 54

An initialization vector (IV) is a random bit string (a nonce) that is the same length as the block size that is XORed with the message. IVs are used to create a unique cipher text every time the same message is encrypted with the same key…

Answer 54

IV

Question 55

SAML attacks are often focused on ______authentication…

Answer 55

web-based

Question 56

What are the two VPN modes?

Answer 56

Tunnel and Transport

Question 57

The Code of Federal Regulations (CFR) is an example of __________ law.

Answer 57

administrative

Question 58

Who provides daily updates on wildfires occurring in the United States.

Answer 58

The National Interagency Fire Center

Question 59

Macro viruses use scripting languages such as _____ ______ for Applications..

Answer 59

Visual Basic..
MACRO viruses use SCRIPTING..
Macro viruses use V B Script..
MACRO uses scripting..
MACRO uses scripting..

Question 60

_________serve as operational guides for both security professionals and users. They are flexible, so they can be customized for each unique system or condition. This document states what should be done (in other words, what security mechanisms should be deployed) instead of prescribing a specific product or control and detailing configuration settings. These outline methodologies, include suggested actions, and are not compulsory…

Answer 60

Guidelines

Question 61

IPX/SPX, AppleTalk, and NetBEUI are examples of __ ___ protocols.

Answer 61

non-IP protocols.

Question 62

_______– Interrupts and Takes Over..
________ – RELAYS..
_________ – TARGETS 2 ROUND ENCRYPTION SUCH AS DOUBLE DES..

Answer 62

HIJACK – Interrupts and Takes Over..

MAN IN THE MIDDLE – RELAYS..

MEET IN THE MIDDLE – TARGETS 2 ROUND ENCRYPTION SUCH AS DOUBLE DES..

Question 63

_________uses a “lock” feature to allow an authorized user to make changes and then “unlock” the data elements only after the changes are complete.

Answer 63

Concurrency

Question 64

_______ model uses multiple iterations of the waterfall model, so it is considered a meta-mode..
This is a form of WATERFALL.

Answer 64

Spiral model uses multiple iterations of the waterfall model, so it is considered a meta-mode..
Spiral Model is a form of WATERFALL.

Question 65

________is the process by which online activities of user accounts and processes are tracked and recorded..

Answer 65

Auditing

Question 66

________is freedom from being observed, monitored, or examined without consent or knowledge..

Answer 66

PRIVACY

Question 67

ECC-RSA ____-bit key is the equivalent of an RSA _____-bit key..

Answer 67

ECC RSA 160 bit = RSA 1024 bit..
ECC RSA 160 bit = RSA 1024 bit..
ECC RSA 160 bit = RSA 1024 bit..

Question 68

____________access control operates on a set of defined rules or restrictions that filter actions and activities performed on the system. System wide restrictions that override object access..

Answer 68

Nondiscretionary

Question 69

INTEGRITY and ________depend on Each Other..

Answer 69

CONFIDENTIALITY

Question 70

________attack, the attacker is racing with the legitimate process to replace the object before it is used..
tries to be beat the legitimate process before it is used..

Answer 70

TOC/TOU

Question 71

_________, removes but does not repair..Removal of a virus, removes but does not repair..

_________,removes virus and repairs damage..

Answer 71

Removal, removes but does not repair..Removal of a virus, removes but does not repair..

Clean removes virus and repairs damage..

Question 72

_________,removes virus and repairs damage..

Answer 72

Clean removes virus and repairs damage..

Question 73

When audit trails legally prove accountability, then you also reap the benefit of _______..

Answer 73

nonrepudiation

Question 74

______ ______ ______ are designed to prevent unauthorized, insecure, or restricted information flow, often between different levels of security..

Answer 74

Information flow models

Question 75

Databases: The event that occurs when two or more rows in the same table appear to have identical primary key elements but contain different data for use at differing Classification levels. This is often used as a defense against some types of inference attacks.

Answer 75

Polyinstantiation

Question 76

Database transactions must be _____—that is, they must be an “all‐or‐nothing” affair..

Answer 76

Atomic

Question 77

DSA: The Digital Signature Algorithm (as specified in FIPS 186-2) supports true digital signatures, providing integrity verification and .

Answer 77

nonrepudiation

Question 78

Biba and Clark Wilson provide ______

Answer 78

Integrity

Question 79

3DES effective key length ___ Bit..

Answer 79

3DES effective key length 168bit..

Question 80

______ ________ attack may be used on encrypted messages..

Answer 80

Frequency Analysis

Question 81

A ____ _____ maintains a row of security attributes for each controlled object. This is also a row of an access control matrix.

Answer 81

capabilities list

Question 82

A _____ ______ is closely associated with the access control matrix..

Answer 82

capabilities list

Question 83

IPSEC needs ______in order to be secure on a dialup

Answer 83

L2TP

Question 84

In a _______security mode system, there is no requirement that all users have appropriate clearances to access all the information processed by the system…

Answer 84

Multilevel

Question 85

_________ model allows the development process to return only to the immediately preceding phase of development at any given time.

Answer 85

Waterfall

Question 86

______ ______ and Job Rotation support peer auditing..

Answer 86

Mandatory vacations

Question 87

2 examples of Peer Auditing

Answer 87

Mandatory vacations and Job Rotation

Question 88

The __________phase usually concludes with the notification of the incident response team.

Answer 88

identification phase

Question 89

This type of system houses hundreds or thousands of CPU’s that have their own operation system.

Answer 89

MMP Massively Parallel Processing

M M P used for large, complex tasks.

Question 90

implement multithreading techniques at the operating system level…Single..Operating System level..S M P used for simple operations..This system is the O S level..

Answer 90

SMP Symmetric multiprocessing systems

S M P sends threads to available processor for simultaneous execution..

Question 91

A _____ ______ is any method that is used to secretly pass data and that is not normally used for communication. Covert Channeling can be difficult to detect. Need to AUDIT and ANALYZE logs.

Answer 91

Covert channel

Question 92

How to mitigate Covert Channel

Answer 92

Audit, Monitor, Analyze

Question 93

Two types of Covert Channels: 1) Covert TIMING Channel – Alters system performance or timing in a _____ manner…2) Covert STORAGE Channel – Writes data to common ______area so another process can read it.

Answer 93

Predictable

Storage

Question 94

When an intruder is detected by an I D S, they are transferred to a ____ ______. The transfer of the intruder into a padded cell is performed automatically, without informing the intruder that the change has occurred. The padded cell is unknown to the intruder before the attack, so it cannot serve as an enticement or entrapment. Padded cells are used to detain intruders, not to detect vulnerabilities….

Answer 94

padded cell

Question 95

One of the most common vulnerabilities and hardest to protect against is the occurrence of ______ and _______ …

Answer 95

occurrence of errors and omissions

Question 96

types of FIREWALLS (4):

Answer 96

Static

Application

Circuit

Stateful..

Question 97

Name this Firewall:
Layer 3 (Network) and 4 (Transport), 3rd generation.  Looks at source/destination ports, addresses and applications.

Answer 97

Stateful Inspection Firewall – A K A DYNAMIC.

Question 98

Two Firewall Modes

Answer 98

Transport Mode: In transport mode, only the IP packet data is encrypted, but the header of the packet is not..

Tunnel Mode: Tunnel mode, HEADER AND PACKET DATA IS ENCYRPTED. The source and destination IP addresses are encrypted and an ESP header is added followed by a new IP header…When IPSec is used in tunnel mode, entire packets, rather than just the payload, are encrypted. This mode is designed for use in gateway-to-gateway TUNNEL IS MORE SECURE.

Question 99

Which Firewall mode only encrypts IP Packet Data and NOT Header

Answer 99

Transport

Question 100

Which of the two FW modes are more secure and why.

Answer 100

Tunnel is more secure because Header and Packet are Encrypted.