Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
89 Cards in this Set
- Front
- Back
|
What is an example of discretionary access control?
|
Identity-based access control
|
|
|
The rule-based access control where access is determined by rules (such as the correspondence of clearance labels to classification labels) is a type of:
|
Mandatory Access control
|
|
|
Another type of non-discretionary access control is lattice-based access control. In this type of control a lattice model is applied. How is this type of access control concept applied?
|
The pair of elements is the subject and object, and the subject has an upper bound equal or higher than the upper bound of the object being accessed.
|
|
|
Which authentication mechanisms creates a problem for mobile users?
|
address-based mechanism.
|
|
|
Which is an example of discretionary access control?
|
Identity-based access control
|
|
|
The controls that usually require a human to evaluate the input from sensors or cameras to determine if a real threat exists are associated with:
|
Detective/physical
|
|
|
What is called the percentage of invalid subjects that are falsely accepted?
|
False Acceptance Rate (FAR) or Type II Error
|
|
|
Which BEST provides e-mail message authenticity and confidentiality?
|
Signing the message using the sender's private key and encrypting the message using the receiver's public key
|
|
|
Which type of attack consists of modifying the length and fragmentation offset fields in sequential IP packets?
|
Teardrop attack
|
|
|
What is the main difference between a Smurf and a Fraggle attack?
|
A Smurf attack is ICMP-based and a Fraggle attack is UDP-based.
|
|
|
ISO has defined five basic tasks related to network management:
|
Fault management: Detects the devices that present some kind of fault.
Configuration management: Allows users to know, define and change remotely the configuration of any device. Accounting resources: Holds the records of the resource usage in the WAN. Performance management: Monitors usage levels and sets alarms when a threshold has been surpassed. Security management: Detects suspicious traffic or users and generates alarms accordingly. |
|
|
In a stateful inspection firewall, data packets are captured by an inspection engine that is operating at the:
|
Network or Transport Layer.
|
|
|
What ISO/OSI layer do switches primarily operate at?
|
Data link layer
|
|
|
A hardware RAID implementation is usually:
|
platform-independent.
|
|
|
Which of the following Common Data Network Services is used to a shared printer or a print queue/spooler?
|
Print services.
|
|
|
What is the proper term to refer to a single unit of TCP data at the transport layer?
|
TCP segment.
|
|
|
To mitigate the risk of fire in your new data center, you plan to implement a heat-activated fire detector. Your requirement is to have the earliest warning possible of a fire outbreak. Which type of sensor would you select and where would you place it?
|
Rate-of-rise temperature sensor and below the raised floors
|
|
|
Which could be defined as the likelihood of a threat agent taking advantage of a vulnerability?
|
A risk
|
|
|
Which of the following is the best reason for the use of an automated risk analysis tool?
|
Minimal information gathering is required due to the amount of information built into the tool.
|
|
|
What is commonly used for retrofitting multilevel security to a database management system?
|
A trusted front-end.
|
|
|
What is based on the premise that the quality of a software product is a direct function of the quality of its associated software development and maintenance processes?
|
The Software Capability Maturity Model (CMM)
|
|
|
What is NOT a suitable method for distributing certificate revocation information?
|
CA revocation mailing list
|
|
|
A public key algorithm that does both encryption and digital signature is which of the following?
|
RSA
|
|
|
Which of the following is not an encryption algorithm?
|
SHA-1
|
|
|
What kind of Encryption technology does Verisign's SSL utilize?
|
Hybrid: Symmetric and asymmetric cryptography
|
|
|
What is the key size of the International Data Encryption Algorithm (IDEA)?
|
128 bits
|
|
|
There are more than 20 books in the Rainbow Series. Which one covers password management guidelines
|
Green Book
|
|
|
There are more than 20 books in the Rainbow Series. Which one covers Database Management System Interpretation?
|
Lavender Book
|
|
|
Which Rainbow book covers Trusted Network Interpretation?
|
Red Book
|
|
|
In the Bell-LaPadula model, the Star-property is also called:
|
The confinement property
|
|
|
What Bell LaPadula states that the classification of an object does not change while the object is being processed by the system?
|
The Tranquillity property
|
|
|
Configuration Management controls what?
|
Auditing and controlling any changes to the Trusted Computing Base.
|
|
|
Most threats come from:
|
Errors and Omissions
|
|
|
What is defined as a key distribution protocol that uses hybrid encryption to convey session keys that are used to encrypt data in IP packets?
|
Simple Key-management for Internet Protocols (SKIP)
|
|
|
What is an Internet IPsec protocol to negotiate, establish, modify, and delete security associations, and to exchange key generation and authentication data, independent of the details of any specific key generation technique, key establishment protocol, encryption algorithm, or authentication mechanism?
|
Internet Security Association and Key Management Protocol (ISAKMP)
|
|
|
What is defined as a key establishment protocol based on the Diffie-Hellman algorithm proposed for IPsec but superseded by IKE?
|
OAKLEY
|
|
|
What attribute is included in a X.509-certificate
|
Distinguished name of the subject
|
|
|
Who vouches for the binding between the data items in a digital certificate?
|
Certification authority
|
|
|
In a Public Key Infrastructure, how are public keys published?
|
Through digital certificates.
|
|
|
What key size is used by the Clipper Chip?
|
80 bits
|
|
|
What is NOT included in a Public Key Infrastructure (PKI)?
|
Internet Key Exchange (IKE)
|
|
|
the attacker has the ciphertext of several messages encrypted with the same encryption algorithm. Its goal is to discover the plaintext of the messages by figuring out the key used in the encryption process.
|
ciphertext-only attack
|
|
|
the attacker has the plaintext and the ciphertext of one or more messages
|
known-plaintext attack
|
|
|
the attacker can chose the ciphertext to be decrypted and has access to the resulting plaintext
|
chosen-ciphertext attack
|
|
|
What can best be described as a domain of trust that shares a single security policy and single management?
|
A security domain
|
|
|
What is defined as the hardware, firmware and software elements of a trusted computing base that implement the reference monitor concept?
|
A security kernel
|
|
|
In the Bell-LaPadula model, the Star-property is also called:
|
The confinement property
|
|
|
The Orange Book describes four hierarchical levels to categorize security systems. Which levels require mandatory protection?
|
A and B
|
|
|
What access control technique is also known as multilevel security?
|
Mandatory access control
|
|
|
In Mandatory Access Control, sensitivity labels contain what information?
|
the item's classification and category set
|
|
|
According to the Orange Book, which security level is the first to require a system to protect against covert timing channels?
|
B3
|
|
|
According to the Orange Book, which security level is the first to require configuration management?
|
B2
|
|
|
Which of the following uses a directed graph to specify the rights that a subject can transfer to an object, or that a subject can take from another subject?
|
Take-Grant model
|
|
|
What is another name for the Orange Book?
|
The Trusted Computer System Evaluation Criteria (TCSEC)
|
|
|
If an operating system permits executable objects to be used simultaneously by multiple users without a refresh of the objects, what security problem is most likely to exist?
|
disclosure of residual data.
|
|
|
Which Orange Book evaluation level is described as "Labeled Security Protection"?
|
B1
|
|
|
What corresponds to the type of memory addressing where the address location that is specified in the program instruction contains the address of the final desired location?
|
Indirect addressing
|
|
|
Which of the following is a tool used to supplement the UNIX/Linux filesystem integrity?
|
Tripwire
|
|
|
Which security model uses division of operations into different parts and requires different users to perform each part?
|
Clark-Wilson model
|
|
|
The Orange Book states that "Hardware and software features shall be provided that can be used to periodically validate the correct operation of the on-site hardware and firmware elements of the TCB [Trusted Computing Base]." This statement is the formal requirement for:
|
System Integrity
|
|
|
In what security mode can a system be operating if all users have the clearance to all data processed by the system, but might not have the need-to-know and formal access approval?
|
Compartmented security mode
|
|
|
Which TCSEC (Orange Book) rating or level requires the system to clearly identify functions of the security administrator to perform security-related functions?
|
B3
|
|
|
Compartmented Mode Workstations (CMW) are most similar to what Orange Book evaluation level?
|
B3
|
|
|
Which of the following is NOT a common integrity goal?
|
Prevent paths that could lead to inappropriate disclosure.
|
|
|
Which security model ensures that actions that take place at a higher security level do not affect actions that take place at a lower level?
|
The noninterference model
|
|
|
What is necessary for a subject to have read access to an object in a Multi-Level Security Policy?
|
The subject's sensitivity label must dominate the object's sensitivity label
|
|
|
Which of the following is a straightforward approach that provides access rights to subjects for objects?
|
Access Matrix model
|
|
|
What was developed by the National Computer Security Center (NCSC)?
|
TCSEC
|
|
|
What is not an Orange Book-defined operational assurance requirement?
|
Configuration management
|
|
|
Which of the following are required for Life-Cycle Assurance?
|
Security Testing and Trusted distribution.
|
|
|
What is necessary for a subject to have write access to an object in a Multi-Level Security Policy?
|
The subject's sensitivity label must be dominated by the object's sensitivity label.
|
|
|
What statement pertaining to the Trusted Computer System Evaluation Criteria (TCSEC) is incorrect?
|
With TCSEC, functionality and assurance are evaluated separately.
|
|
|
What can be defined as a formal declaration by a Designated Approving Authority where an information system is approved to operate in a particular security mode using a prescribed set of safeguards at an acceptable level of risk?
|
Accreditation
|
|
|
What control requires that two persons are needed to perform a specific task to minimize errors and reduce fraud?
|
Dual preventative control.
|
|
|
What describes a computer processing architecture in which a language compiler or pre-processor breaks program instructions down into basic operations that can be performed by the processor at the same time?
|
Very-Long Instruction-Word Processor (VLIW)
|
|
|
How do the Information Labels of Compartmented Mode Workstations differ from the Sensitivity Levels of B3 evaluated systems?
|
Information Labels contain more information than Sensitivity Labels, but are not used by the Reference Monitor to determine access permissions.
|
|
|
What can best be defined as the process of independently assessing a system against a standard of comparison, such as evaluation criteria?
|
Evaluation
|
|
|
What is used to protect programs from all unauthorized modification or executional interference?
|
A protection domain
|
|
|
What increases the performance in a computer by overlapping the steps of different instructions?
|
pipelining
|
|
|
In what security mode can a system be operating if all users have the clearance or authorization and need-to-know to all data processed within the system?
|
Dedicated security mode
|
|
|
At what Orange Book evaluation levels are configuration management required?
|
B2 and above
|
|
|
At what Orange Book evaluation levels are design specification and verification required?
|
B1 and above.
|
|
|
A trusted system does NOT involve which of the following?
|
Assurance that the security policy can be enforced in an efficient and reliable manner.
|
|
|
cryptanalyst obtains a sample of ciphertext, without the plaintext associated with it. This data is relatively easy to obtain in many scenarios, but this attack is generally difficult, and requires a very large ciphertext sample.
|
ciphertext-only attack
|
|
|
is one in which the cryptanalyst obtains a sample of ciphertext and the corresponding plaintext as well.
|
known-plaintext attack
|
|
|
the cryptanalyst is able to choose a quantity of plaintext and then obtain the corresponding encrypted ciphertext.
|
chosen-plaintext attack
|
|
|
special case of chosen-plaintext attack in which the cryptanalyst is able to choose plaintext samples dynamically, and alter his or her choices based on the results of previous encryptions.
|
adaptive-chosen-plaintext attack
|
|
|
A cryptanalyst can mount an attack of this type in a scenario in which he has free use of a piece of decryption hardware, but is unable to extract the decryption key from it.
|
adaptive-chosen-ciphertext
|
|
|
Attack in which cryptanalyst may choose a piece of ciphertext and attempt to obtain the corresponding decrypted plaintext. This type of attack is generally most applicable to public-key cryptosystems.
|
A chosen-ciphertext attack
|
