Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
245 Cards in this Set
- Front
- Back
|
What are the 2 types of cryptography that enforce confidentiality? |
Symmetric (shared key) and Asymmetric (combo of public and private keys) |
|
|
What type of cryptography supports nonrepudation? |
Asymmetric (public keys) |
|
|
What famous substitution cipher shifts each letter of the alphabet 3 spaces (aka ROT3 or rotate 3 or C3)? |
Caesar Cipher |
|
|
What are the 4 goals of cryptography? |
1. Confidentiality 2. Integrity 3. Authentication 4. Nonrepudation |
|
|
What is the difference between the Caesar cipher and the General shift cipher? |
Caesar shifts the alphabet 3 spaces and the General shifts 12 spaces (ROT12) |
|
|
What cipher did Germany use in WWII that had a machine create complex substitution and could only be decrypted with a similar machine? |
Enigma |
|
|
Data in transit and data at rest...Which is subject to physical theft and which is subject to eavesdropping? |
Data at rest is subject to theft while data in motion is subject to eavesdropping. |
|
|
True or False. Some cryptographic algorithms rely on keys to maintain their security and some don't. |
False. All cryptographic algorithms rely on keys and you must keep the keys private. |
|
|
What principle says a cryptographic system is secure even if everything except the key is made public? |
Kerchoff principle |
|
|
What form of encryption has each pair of potential communicators use a shared private (secret) key? |
Symmetric |
|
|
What form of encryption does each participant have their own pair of keys where one is public and one is private? |
Asymmetric |
|
|
In asymmetric encryption, which key do you use for encryption and which for decryption? |
The public key is used for encryption and the private key is used for decryption. |
|
|
True or False. All Symmetric keys are longer and stronger than Asymmetric keys. |
False. All keys in Asymmetric are longer and stronger than Symmetric keys. |
|
|
AES, DES, Blowfish, and Skipjack are examples of what type of encryption? |
Symmetric |
|
|
True or False. The participants in Asymmetric encryption share their public key with those they want to communicate with. They never share their private key. Participants use the person's public key to encrypt the communication they want to send to them. |
True |
|
|
What is a cryptovariable? |
Key |
|
|
In Boolean mathematics, what stands for True and what stands for False? |
1 = true; 0 = false |
|
|
What is a random number that acts as a placeholder variable in a function called? (Adds randomness to encryption) |
Nonce |
|
|
What is it called when you can prove your knowledge of something without revealing it to a third party? |
Zero knowledge Proof |
|
|
What is it called when knowledge is split across multiple people so no one person has all of the knowledge (e.g. SOD)? |
Split knowledge |
|
|
What ciphers rearrange letters of plaintext? |
Transposition ciphers |
|
|
What ciphers use polyalphabetic (multiple alphabets) substitution? |
Vigenere ciphers |
|
|
What ciphers use different substitution alphabets for each letter and is unbreakable when done right? |
Vernam ciphers (One-time Pads) |
|
|
With what cipher do you line your message over a book passage, assign the alphabetic value to both, apply modulo 26, then turn back into a letter. |
Running key ciphers (book cipher) |
|
|
What cipher encrypts blocks or chunks of a message? |
Block cipher |
|
|
What encrypts one character or bit of a message at a time? |
Stream ciphers |
|
|
What are the 2 principles of obscuring plaintext? |
Confusion and diffusion |
|
|
What function is used to map data of an arbitrary size to a bit of a fixed size? |
Hash function |
|
|
What is a function that is infeasible to invert? |
One-way function |
|
|
What is the most important value to cryptography whose output is True (1) only when 1 input is true? |
Exclusive OR (circle with a plus sign in it) |
|
|
What encryption algorithm is a block cipher of 64 bits of text with an 80 bit key where 2 or more US agencies hold a portion of the key (aka split knowledge)? |
Skipjack |
|
|
What are 3 common public/asymmetric cryptosystems? |
RSA (named after its inventors) El Gamal Elliptical Curve (ECC) |
|
|
What public/asymmetric cryptosystem relies on the difficulty of computing large prime numbers and has a 1,088 bit key? |
RSA (Rivest, Shamir & Adleman) |
|
|
What public/asymmetric cryptosystem extends Diffie-Hellman key exchange to an encryption method, but doubles the size of the message? |
El Gamal |
|
|
What public/asymmetric cryptosystem is most difficult to break as it uses the elliptic curve equation and can get away with the smaller key size of 160 bit? |
Elliptical Curve |
|
|
What is the most important parameter a security administrator can set? |
The length of the encryption key |
|
|
What generates a unique output value from the content of the message, called the message digest? |
Hash Functions |
|
|
True or False. Message digests are sent by the receiver separately and after the message. |
False. Message digests are generated by the sender and sent to the recipient along with the message. |
|
|
What are 4 other names for message digest? |
Hash, fingerprint, checksum, digital ID |
|
|
What are the 5 requirements for hash functions? |
1. Input can be any length 2. Output has a fixed length 3. Should be easy to compute 4. Is a one-way function 5. Is collision free (always unique) |
|
|
What hashing algorithm was developed by the NIST and produces 160 bit message digest? |
SHA Secure Hash Algorithm |
|
|
SHA-0 and SHA-1 produce what size of message digest? |
Both are 160 bits |
|
|
What message digest sizes do SHA-256, SHA-224, as variant examples have? |
256 and 224 respectively |
|
|
MD4 & MD5 hashing algorithms both process 512 bit MD with how many rounds resulting in 128 bit MD? |
MD4 goes through 3 rounds of computation & MD5 goes through 4 |
|
|
What hash function produces hashes of 128, 160, 192, 224, and 256 bits & let's you specify the number of rounds (3, 4, or 5)? |
HAVAL (Hash of Variable Length) |
|
|
What hash algorithm implements a partial digital signature, uses symmetric encryption and has MDs of various lengths? |
HMAC Hashed Message Authentication Code |
|
|
What provides message authentication and is used for assuring integrity of transmitted data? |
Hash function |
|
|
What assures to the recipient the message truly came from the sender, the message was not altered, and enforces nonrepudation? |
hashing algorithm |
|
|
What is it called when you combine symmetric and asymmetric cryptography with hashing and digital certificates? |
Hybrid cryptography |
|
|
What does international standard X.509 govern? |
Digital certificates |
|
|
What are endorsed copies of an individuals public key? |
Digital certificates |
|
|
Where can a user verify a certificate? |
With a trusted certificate authority (CA) |
|
|
Who are the glue that binds the public key infrastructure together? They are neutral. |
Certificate authorities (CA) |
|
|
Symantec, Thawte, GeoTrust, GlobalSign, Comodo Limited, Stanfield, GoDaddy, DigiCert are all major what? |
Certificate authorities |
|
|
Who assists CAs with the burden of verifying user's identities? They pre-qualify individuals. |
Registration authorities (RA) |
|
|
What algorithm verifies a certificate path is valid under a given public key infrastructure (PKI)? |
Certification path validation (CPV) |
|
|
Who certifies your public key? |
Certificate authority (CA) |
|
|
What is a way to check the validity of a certificate in real time when a CA provides this service? |
Online Certificate Status Protocol (OCSP) |
|
|
What is a list of PKI certificates that have been canceled/withdrawn? |
Certificate revocation list (CRL) |
|
|
Who is responsible for the communication? |
It is always the sender's responsibility |
|
|
What is an encryption app that provides privacy and authentication? It is often used for signing, encrypting, and decrypting texts, emails, files, etc. |
Pretty Good Privacy (PGP) |
|
|
What is the defacto standard for email; is used in Outlook; uses RSA encryption and X.509 for exchanging keys? |
Secure Multipurpose Internet Mail Extension (S/MIME) |
|
|
What uses encryption techniques to embed secret messages making alterations to the least significant bits of the image files? |
Steganography |
|
|
What is a kind of marker covertly embedded in a noise-tolerant signal such as an audio, video or image data? |
Digital watermark |
|
|
What uses encryption to enforce copyright rules on digital media and is most successful with ebooks? |
Digital Rights Management (DRM) |
|
|
What is a Content Scrambling System (CSS), that enforces playback and region restrictions on DVDs, used for? |
Protecting against mass distribution of movies and media. (has been broken) |
|
|
What is an Advanced Access Content System (AACS) that protects content stored on Blu-ray and HD DVD used for? |
Also protecting against mass distribution of movies and media. (has been broken) |
|
|
What are 2 types of encryption for data traveling over networks? |
Link encryption and End to end encryption |
|
|
What protects entire communication circuits via tunnels? It encrypts all traffic entering the tunnel, even parts not needing it, and decrypts as it exits. |
Link encryption |
|
|
What protects networks using technologies like SSH and TLS routing faster because not everything in the message is encrypted? (is weaker than Link encryption) |
End to end encryption |
|
|
What secure communications architecture/standard uses public keys and it's primary use is with VPNs? |
IPsec (Internet Protocol security) |
|
|
What supports integrity and nonrepudation while providing authentication and access control? |
Authentication Header (AH) |
|
|
What parts of the CIA does an Encapsulating Security Payload (ESP) provide? |
Confidentiality and integrity |
|
|
What is the establishment of shared security attributes between 2 networks and may include cryptography and a traffic encryption key? |
Security Association (SA) |
|
|
What type of encryption attack is an algebraic manipulation that attempts to reduce the complexity of the algorithm by focusing on the logic of the algorithm? |
Analytic attack |
|
|
What type of encryption attack exploits weaknesses in the implementation of the encryption, including its source code? |
Implementation attack |
|
|
What encryption attack goes after public/statistical weaknesses like floating point errors and focuses on the HW or OS that is hosting the encryption? |
Statistical attack |
|
|
What encryption attack uses massive amounts of processing power to find keys and passwords? |
Brute force attack |
|
|
How much time does one additional bit of key length add to the time it takes a brute force attack to succeed? |
Every bit doubles the time |
|
|
What is a precomputed table for reversing cryptographic hash functions usually for cracking password hashes? |
Rainbow tables |
|
|
What is a random value added to the end of the password before the OS hashes the password? |
cryptographic salt |
|
|
What encryption attack is it when an attacker applies every possible key to encrypt and every possible key to decrypt then finds a match? |
Meet-in-the-Middle attack |
|
|
What attack is it where the attacker secretly relays and possibly alters the communication between 2 parties who believe they are communicating with each other? |
Man-in-the-Middle |
|
|
What attack is it where an attacker substitutes a message that produces the same MD, thereby maintaining the digital signature? |
Birthday attack |
|
|
What type of access control has the OS constrain the ability of a subject with predefined attributes to access an object? |
MAC (mandatory access control) |
|
|
What type of access control restricts access to objects based on the identity of subjects and/or groups they belong to? |
DAC (discretionary access control) |
|
|
What 3 access control models address confidentiality and which 2 addresses integrity of stored information? |
Bell-LaPadula, Access Matrix, and Take-Grant access control models address confidentiality. Biba and Clark-Wilson address integrity. |
|
|
What access control model is a state machine model that addresses only confidentiality? |
Bell-LaPadula |
|
|
What 2 MAC (mandatory access control) properties does Bell-LaPadula define? |
No read up (simple security property) and No write down (star property) |
|
|
What 2 DAC (discretionary access control) properties does Bell-LaPadula define? |
Access Matrix and trusted subject |
|
|
What are each of the columns in an Access Control Matrix table? |
Each column is an ACL (access control list) |
|
|
What are each of the rows in an Access Control Matrix table? |
Each row is a CL (capability list) |
|
|
What access control model flipped the government created Bell-LaPadula model so it addressed integrity which is more important than confidentiality to commercial organizations? |
Biba |
|
|
What 2 properties does Biba define? |
No read down (simple integrity property) and No write up (star integrity property) |
|
|
What are the 4 basic operations the Take-Grant model defines when it specifies the rights that a subject can transfer to or from another subject or object? |
Create, revoke, take, grant |
|
|
What access control model is similar to Biba but uses data definitions instead of machine states and is based on the concept of a well formed transaction (transaction is controlled so it maintains internal and external consistency)? |
Clark-Wilson |
|
|
What access control model requires these 4 procedures? 1. Constrained data item (CDI) - data inside the control area 2. Unconstrained data item (UDI) - data outside the control area 3. Integrity verification procedure (IVP) - scans data for integrity 4. Transformation procedures (TP) - the only procedures allowed to modify |
Clark-Wilson |
|
|
What access control model focuses on the type and direction of information (Bell-LaPadula and Biba are based on it)? |
Information Flow model |
|
|
What access control model ensures actions of objects and subjects are not seen and don't interfere with other objects and subjects on the same system? (Helps protect against Trojan horses) |
Non-Interference model |
|
|
What is HW, SW and controls that work together to enforce security policy (is not the entire system, just the components responsible for access)? |
Trusted Computing Base |
|
|
What is an imaginary boundary that separates the trusted computing base from the rest of the system? |
Security perimeter |
|
|
What is a system component that enforces access controls on an object? It is an abstract machine that mediates all access to an object by a subject. |
Reference monitor |
|
|
What is the combination of HW, firmware and SW in a Trusted Computing Base that implements the reference monitor concept? |
A security kernel |
|
|
3 requirements of a security kernel are that it must... |
1. Mediate all access 2. Be protected from modification 3. Be verified as correct |
|
|
What is an abstract model used to design computer programs and it illustrates what condition the program will be in at any time? |
A state machine |
|
|
What is the common name for TCSEC (trusted computer system evaluation criteria) which is the formal implementation of the Bell-LaPadula model? |
Orange Book |
|
|
What is Europes model for a structured set of criteria for evaluating computer security within products and systems? |
ITSEC (information technology security evaluation criteria) |
|
|
What replaced both the US's TCSEC (trusted computer system evaluation criteria) and Europe's ITSEC (information technology security evaluation criteria)? |
The international standard, Common Criteria (CC) |
|
|
What is the set of publications called aimed to set security standards on information systems that describe how to evaluate trusted systems? |
Rainbow series (rainbow books) |
|
|
What NIST Rainbow series is titled Trusted Network Interpretation? |
Red book |
|
|
What NIST Rainbow series is titled DoD Password Management Guideline? |
Green book |
|
|
What NIST Rainbow series is titled Guidance for Applying TCSEC in Specific Environments? |
Light Yellow book |
|
|
What NIST Rainbow series is titled A Guide to Understanding Audit in Trusted Systems? |
Tan book |
|
|
What NIST Rainbow series is titled Trusted Product Security Evaluation Program? (Is for vendors) |
Bright Blue book |
|
|
What TCSEC category is minimal protection? |
Category D |
|
|
What TCSEC category is discretionary protection? |
Category C |
|
|
What TCSEC category is mandatory protection? |
Category B |
|
|
What TCSEC category is verified protection? |
Category A |
|
|
What TCSEC category has sub categories of labeled security, structured protection and security domains? |
Category B mandatory protection |
|
|
What TCSEC category has a sub category of controlled access protection? |
Category C discretionary protection |
|
|
What are the 7 levels of Common Criteria called? |
EALs (Evaluation Assurance Levels) |
|
|
What is a TPM (Trusted Platform Module)? |
Encryption chip on a mainboard |
|
|
What is a HSM (HW Security Module)? |
Cryptprocessor for managing keys |
|
|
What is a system that is labeled to handle only one level of security? Burden falls onto admins on who they allow access to it. |
Single-state system |
|
|
What is a system that is certified to handle multiple levels of security? Requires protection mechanisms to prevent information from crossing levels. |
Multistate system |
|
|
What protection mechanism organizes code and OS components into rings? The deeper in the circle the higher the privilege. |
Protection Rings |
|
|
In the 4 ring model, what Ring does the kernel sit? (The kernel can preempt code running in another ring) |
Ring 0 |
|
|
What Ring do other OS components reside? |
Ring 1 |
|
|
What Ring do drivers and protocols reside? |
Ring 2 |
|
|
What Ring are the user level programs and apps at? |
Ring 3 |
|
|
What Rings operate in supervisory or privileged mode and which one runs in user mode? |
Rings 0 - 2 run in privilege mode. Ring 3 runs in user mode |
|
|
What is it where higher numbered rings make a system call to lower numbered rings for access? |
Mediated Access Model |
|
|
What provides separate memory spaces for each process running on a system? It prevents processes from overwriting each other's data. |
Process isolation |
|
|
What government security mode is it where users have the same clearance and access approval for all data on the system along with a valid need to know for ALL of the data on the system? |
Dedicated mode |
|
|
What government security mode is it where users have the same clearance and access approval for all data on the system along with a valid need to know for SOME of the data? |
System high mode |
|
|
What government security mode is it where users have the same clearance and access approval for certain compartments along with a valid need to know in the compartment? |
Compartment mode |
|
|
What government security mode is it where users clearance level must be higher than the systems sensitivity level and the user has access approval and valid need to know? |
Multilevel mode (aka Controlled mode) |
|
|
What is memory only the PC can read, but not change? It is burned in at the factory? |
Read-Only Memory (ROM) |
|
|
What is memory that you burn in the contents? (After burn in, it is ROM) |
Programmable Read-Only Memory (PROM) |
|
|
What is it when you can erase the entire chip with ultraviolet light allowing you to burn in new memory (information)? |
Electronically Erasable Programmable Read-Only Memory (EEPROM) |
|
|
What is like EEPROM, but you can erase and rewrite parts of a chip? NAND is most common. |
Flash Memory |
|
|
What is readable and writable memory that disappears when powered off? |
Random Access Memory (RAM) |
|
|
What is the largest RAM storage available to the computer? It is made up of dynamic RAM chips. |
Real Memory (aka Main Memory or Primary Memory) |
|
|
What is assigning locations to all of the memory resources? |
Memory Addressing |
|
|
What is magnetic, optical or flash media that is not immediately available to the CPU? |
Secondary Memory |
|
|
What is the greatest threat to RAM? |
Theft |
|
|
What is the difference between volatile and nonvolatile storage? |
How likely the storage device is to lose data when the power is turned off. |
|
|
What media are nonvolatile as they are designed to retain their data? |
Magnetic media |
|
|
What are 3 security risks of storage media? |
1. Data remanence 2. Theft 3. Unauthorized access |
|
|
What shoulder surfing attack uses a program called TEMPEST that picks up radiation from a monitor? |
Van Eck phreaking |
|
|
Why should you ban the use of modems? |
It is easy to create uncontrolled access points to your network. |
|
|
What ensures only one device maps to a specific memory address? |
Memory-Mapped I/O |
|
|
What kind of attack is able to harm a client? E.g. malicious website that transfers code to a vulnerable browser on the client |
Client-side attack |
|
|
In db security, what attack is it where a lot of low security level data is combined to create something higher? |
Aggregation attack |
|
|
In db security, what attack is it where data is combined and then humans infer something of higher value? |
Inference attack |
|
|
What is the collection of computer resources from multiple locations to reach a common goal? It is a distributed system with non-interactive workloads. The content of each of its packets is potentially exposed to the world. |
Grid computing |
|
|
What is similar to grid computing but has no central management system? |
Peer to Peer (P2P) |
|
|
What language do you use to authenticate over the web and is used in SSO solutions? |
SAML (security association markup language) |
|
|
What is radio communications between devices in close proximity? |
NFC (near field communication) |
|
|
What is it called when photos capture location and time stamp that others can derive information from? |
Geotagging |
|
|
What is allow by default or deny by exception? |
Blacklist |
|
|
What is deny by default or implicit deny? |
Whitelist |
|
|
What is one of the most notorious security violations because they typically allow non-sanitized input, where a program overruns its boundary and overwrites adjacent memory? |
Buffer overflow |
|
|
What initiative did Bill Gates create that says: Designers must set hard limits on how much data will be accepted. Developers must build code with input limitations. Testers must check that buffer overflows can't occur. |
Trustworthy Computing Initiative |
|
|
What are entry points to a system known only by the developer of it; violates security policy? |
Maintenance Hooks (aka back doors) |
|
|
What is it called when an attacker makes small, random changes to data? |
Data diddling |
|
|
What is it called when an attacker is racing the process to replace the object before it is used? |
Time-of-check-to-time-of-use (TOCTTOU) |
|
|
What is the most effective means of reducing risk of a mobile device? |
Minimize sensitive data stored there |
|
|
True or False. The most important aspect of security is physical security. |
True |
|
|
What is the process of identifying relationships between mission critical apps and processes resulting in a list of items to secure first? |
Critical Path Analysis |
|
|
True or False. When it comes to site selection, cost, location and size are important, but security is most important. Securing assets depends on site security. |
True |
|
|
What is it called when you structure the physical environment to influence individual's decisions that offenders make before committing a crime? |
Crime Prevention Through Environmental Design (CPTED) |
|
|
What type of security control are dogs? |
Physical |
|
|
What type of security control are alarms, heating, ventilating, and fire detection? |
Technical |
|
|
What type of security control are site selection and construction? |
Administrative |
|
|
True or False. Corporate security responsibility does not extend to personal employee property, like cars in the company parking lot, unless the employee is considered a company asset, like executives. |
True |
|
|
When designing physical security, follow this order: |
1. Deterrence 2. Denial 3. Detection 4. Delay |
|
|
Where are networking cables connected to switches, routers, LAN extenders, and patch panels located? You want to prevent unauthorized access to these rooms. |
Wiring Closets (aka Premises Wire Distribution Room) |
|
|
True or False. Server rooms need not be human compatible. This is the best way to secure it. Put them on the top floor or basement. |
True |
|
|
What fire rating should the walls of a server room have? |
1 hour minimum fire rating |
|
|
The most common intrusion detector for datacenters/server rooms is simple circuit with foil tape in the entrance points. They are only useful when connected to an alarm. What are the 2 places it can fail? |
Its power source and how it communicates. |
|
|
What is securing the electrical signals or radio frequencies emanating from devices? |
Emanation Security |
|
|
What is erasing data by replacing it with meaningless data? |
Zeroization |
|
|
Where should valuable assets be located? |
In the heart or center of protection provided by the facility. |
|
|
What is a momentary loss of power? |
Fault |
|
|
What is a complete loss of power? |
Blackout |
|
|
What is a momentary low voltage? |
Sag |
|
|
What is a prolonged low voltage? |
Brownout |
|
|
What is a self charging battery allowing companies to manage the power coming from electric companies? |
Uninterruptible Power Supply (UPS) |
|
|
What is a momentary high voltage? |
Spike |
|
|
What is prolonged high voltage? |
Surge |
|
|
What is an initial surge of power from connecting to a power source? |
Inrush |
|
|
What is nonfluctuating of pure power? |
Clean |
|
|
What generates radio frequency interference? |
Fluorescent lights, electrical cables, space heaters, computers, etc |
|
|
What temperature and humidity should computer rooms be kept at? |
60-75 degrees and 40-60% humidity |
|
|
How many static volts can destroy sensitive circuits? |
40 |
|
|
How many volts destroys data on hard drives? |
1,500 |
|
|
How many volts causes systems to shut down? |
2,000 |
|
|
What is the fire triangle? |
Heat, oxygen, fuel |
|
|
What are the 4 stages of fire? |
1. Incipient (air ionization) 2. Smoke 3. Flame 4. Heat |
|
|
What is a non-reactive gas that starves fire of oxygen (used in some fire extinguishers)? |
Halon (can no longer use as it depletes the ozone... use argon or inergen instead) |
|
|
What class of fire extinguishers is used for common combustible fires and uses water or soda acid? |
Class A |
|
|
What class of fire extinguishers is used for liquid fires and uses CO2, halon or soda acid? |
Class B |
|
|
What class of fire extinguishers is used for electrical fires and uses CO2 or halon? |
Class C |
|
|
What water suppression system is always full of water? |
Wet pipe system (aka closed head system) |
|
|
What water suppression system contains compressed air until needed, then fills with water? |
Dry pipe system |
|
|
What water suppression system is a large dry pipe system? |
Deluge system |
|
|
What water suppression system is a wet/dry combo but water is only released after sprinkler heads are activated allowing no water if the fire is put out first? Is best for computer rooms. |
Preaction system |
|
|
True or False. Gas discharge systems are usually more effective than water suppression systems, but cannot be used where people go. |
True |
|
|
At what temperature are storage tapes damaged? |
100 degrees |
|
|
At what temperature are CPUs and RAM damaged? |
175 degrees |
|
|
At what temperature is paper damaged? |
350 degrees |
|
|
What will a fence that is 3-4 feet tall do? |
Deter casual trespassers |
|
|
What will a fence 6-7 feet tall do? |
Deter most intruders |
|
|
What will a fence 8+ feet tall with barbed wire do? |
Deter everyone |
|
|
What is a double set of doors that can trap people at the discretion of security personnel called? |
Mantrap |
|
|
What type of motion detector looks for changes in the electronic or magnetic field? |
Capacitance |
|
|
What type of motion detector looks for changes in light levels? |
Photoelectric |
|
|
What type of alarm triggers additional locks or shuts doors? |
Deterrent alarm |
|
|
What type of alarm triggers a siren or bell or lights? |
Repellant alarm |
|
|
What type of alarm is silent and triggers recording and law enforcement? |
Notification alarm |
|
|
Fill in the blanks. The outermost layer of physical security is ___ blank. The next inside layer is ___ blank. |
The outermost layer of physical security is LIGHTING. The next inside layer is FENCING OR A WALL. |
|
|
Who validates the validity of a digital certificate as described in X.509 standard? They provide information on behalf of CAs. |
Validation Authority (VA) |
|
|
What enables 3rd party verification of the system state using a cryptographic hash of the known good HW and SW configuration? |
Attestation |
|
|
What does fail soft mean? |
Locks default to locked or unlocked depending on the sensitivity of the data in the area. |
|
|
What does fail safe mean? |
Locks default to unlocked as fail safe deals with protecting people. |
|
|
What does fail secure mean? |
Locks default to locked so what it is protecting remains secure. |
|
|
What is the difficulty (in terms of time, effort, and resources) of breaking a cryptosystem? |
Work factor |
|
|
You cannot overwrite data on SSDs like you can on hard disk drives and degausser's do not work. How do you remove sensitive data from an SSD? |
Destroy the SSD or use functionality on the SSD, called ATA Secure Erase to delete the data. |
|
|
What is the process of viewing an application from its highest level functions, where lower level functions are treated as black boxes - known to work, even if we don't know how? |
Abstraction |
|
|
What is an example of a stream cipher and is considered unbreakable? |
One-time pad (used only once) |
|
|
What are the 3 main types of fire detection systems? |
Heat-sensing, flame-sensing, smoke-sensing |
|
|
What security model is nicknamed the Chinese Wall? |
Brewer and Nash |
|
|
What access security model seeks to avoid conflict of interest? |
Brewer-Nash (Chinese Wall) |
|
|
Trust or Assurance. Which describes the degree of confidence that your controls are satisfying your security requirements? |
Assurance |
|
|
True or False. Hash functions have no key. |
True |
|
|
Is Diffie-Hellman primarily used with symmetric or asymmetric key exchanges? |
Symmetric |
|
|
What Common Criteria concept identifies security requirements for a product? |
PP (Protection Profile) |
|
|
What Common Criteria concept identifies the security properties of the product being evaluated? |
ST (Security Target) |
|
|
What attack is it where both the plaintext and it's encrypted version are known to the attacker? |
Known plaintext attack |
|
|
What attack affects the firmware (e.g. BIOS) and is so severe you likely have to replace the system? |
Phlashing |
|
|
What automatically triggers the alarm if the power is cut to the alarm system? |
Heartbeat sensor |
|
|
At what stage of a fire is technology able to detect it? |
1st stage - incipient |
|
|
What interface uses classification based restrictions to offer only subject-specific authorized information and functions? |
Restricted interface model
Used in Clark-Wilson model |
|
|
What do you implement in an app to restrict what users can do or see based on their privileges? |
Constrained/restricted interface Used in Clark-Wilson model |
