Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
264 Cards in this Set
- Front
- Back
|
What are three types of controls?
|
○ Administrative Controls § Policies, procedures, and guidelins ○ Technical Controls (Logical Controls) § Implementing, maintaining access control mechanisms, password, identification and authentication -encryption, auditing ○ Physical Controls § Locking systems, monitoring for physical intrusion, |
|
|
What is the AIC triad?
|
○ Availability § System up times and access policies ○ Integrity § Accuracy and reliability of information ○ Confidentiality § Shoulder Surfing - looking at someone's password over someone's shoulder § Social Engineering |
|
|
What is the order of an attack?
|
• A threat agent gives rise to: ○ A threat Exploits § A Vulnerability □ Leads to a risk ® Which can damage an asset ◊ Which causes an exposure } Which can be prevented with a counter measure
|
|
|
What are the three types of goals in an organizational security model?
|
Strategic, Tatical, Operational |
|
|
What are 3 security frameworks?
|
ISO, Committee of Sponsoring Organizations (COSO), Control Objectives for Information and Related Technology (CobiT) |
|
|
What is the COSO framework?
|
Corporate Governance to deal with fraud in finance and reporting - Control Environment, Risk Assessment, Control Activities, Information Monitoring and Communication, Monitoring
|
|
|
What makes up a security policy?
|
Policies, Standards, Guidleines and Procedures
|
|
|
What are the types of policiies?
|
Regulatory, Advisory, Informative
|
|
|
What are the steps in security program development?
|
Plan and Organize, Implement, Operate and maintain, monitor and evaluate
|
|
|
What are the types of risk?
|
Physical Damage, Human interaction, Equipment malfunction, inside / outside attacks, misuse of data, loss of data, application error
|
|
|
What are the risk analysis approaches?
|
Qualitative, Quanatative, Automated
|
|
|
What are the risk treatment methods?
|
Avoid, Reduce, Transfer / Share, Retain |
|
|
What is ARO?
|
Annual rate of occurance
|
|
|
What is SLE?
|
Single Loss Expectancy
|
|
|
What are the four goals of risk analysis?
|
§ Identify assets and their value to the organization § Identify vulnerabilities and threats § Quantify the probability and business impacts of these threats § Provide an economic balance between the threat and the cost of the counter measure
|
|
|
What NIST Standards are used for risk assessment?
|
SP 800-36 and SP 800-66 (Healthcare / HIPPA)
|
|
|
What is ALE?
|
Annual Rate of Expectancy = SLE x ARO
|
|
|
What is Exposure Factor?
|
Percentage of loss a realized threat could have on a certain asset. Fire could destroy 20% of an asset
|
|
|
How do you value a safeguard to a company?
|
ALE before safeguard - ALE after safeguard - cost of safeguard
|
|
|
What is residual risk?
|
Residual Risk - Risk left over after a control is implemented
|
|
|
What is total risk?
|
Total Risk - Risk if no safeguard is implemented
|
|
|
Within an organizational policy, what are two subsets of policies?
|
Issue specific and system specific policies
|
|
|
What is a baseline?
|
May be a minimum level of protection required or a point in time used for comparison
|
|
|
What are three policy categories?
|
○ Advisory - Strongly advises employees on behaviors and details potential consequences ○ Regulatory - Advises which types of behaviors employees should or should not engage in. ○ Informative - not enforceable but to educate individuals
|
|
|
What is due care?
|
The company has taken responsibility for the activities which take place within the corporation and steps to protect the company - do correct
|
|
|
What is due diligence?
|
Act of investigating and understanding the risks the company faces - do detect
|
|
|
What are the military levels of classification?
|
○ Top Secret ○ Secret ○ Confidential ○ Sensitive but unclassified ○ Unclassified
|
|
|
What are the business levels of classification?
|
○ Confidential ○ Private ○ Sensitive ○ Public
|
|
|
What is the data classification procedure?
|
○ Define classification levels ○ Specify criteria to determine levels ○ Have the data owner indicate the classification he/she is responsible for ○ Identify the data custodian who will be responsible for maintaining data and its security level ○ Indicate security controls ○ Document any exceptions ○ Indicate the method of ownership transfer ○ Create a procedure for periodic review ○ Indicate procedures for declassification ○ Integrate these issues into a security awareness program
|
|
|
What is IRM and what does it stand for?
|
Information Risk Management - Process of identifying, assessing, and reducing risk to an acceptable level
|
|
|
What is a data custodian?
|
• Responsible for maintaining and protecting the data. Usually fulfilled by IT or security. Ensures regular backups, retaining records, and fulfilling the security policy.
|
|
|
Who is considered an end user?
|
Any individual who uses the data to preform work related functions
|
|
|
What is the security administrator responsible for?
|
• Person with root account access who is responsible for creating new user accounts, implementing new security software, testing patches, and components
|
|
|
What and who is the data owner?
|
Usually a member of management who is charge of a specific business unit who is ultimately responsible for the protection of the data. The data owner decides upon the classification of the data
|
|
|
What is "common criteria"?
|
The Common Criteria were created in the early 1990s as a way of combining the strengths of both the Trusted Computer System Evaluation Criteria (TCSEC) and Information Technology Security Evaluation Criteria (ITSEC) while eliminating their weaknesses.Uses EAL1 - EAL7
|
|
|
What does ISO 17799 define?
|
security policy; organization of information security; asset management; human resources security; physical and environmental security; communications and operations management; access control; information systems acquisition, development and maintenance; information security incident management; business continuity management; compliance.
|
|
|
What are the basic components of s ecurity policy?
|
Scope, responsibilities, purpose, compliance, enforcement
|
|
|
What is FMEA?
|
• Failure Modes and Effect Analysis (FMEA) ○ Method for determining functions and identifying function failures
|
|
|
Who specifies data classification?
|
Data Owners
|
|
|
What are the security principles
|
Confidentiality, Integrity, Availability
|
|
|
What are the steps in accessing a resource?
|
Identification, Authentication, Authorization, (Access to resource), Accountability
|
|
|
What is a race condition?
|
○ When a process carry out their tasks on a shared resource in an incorrect condition ○ If authorization happens before authentication this could be exploited
|
|
|
What is the Digital Identity Life Cycle?
|
§ Create § Maintain § Terminate
|
|
|
What does CoBit define?
|
It defines goals for the controls that should be used to properly manage IT and ensure IT maps to business needs, not specifically just security needs.
|
|
|
What does Information Technology Infrastructure Library (ITIL) define?
|
the de facto standard of best practices for IT service management
|
|
|
What is a directory service?
|
A service which manages a hierarchical database based on X.500 standard that allows on how identification, authentication, authorization, and access control take place
|
|
|
What is and what does DN stand for in AD?
|
Distinguished Names = Collect of attributes about a specific object - Comprised of a Common Name (CN), organizational unit (May have multiple) and a Domain component, may have multiple domain components
|
|
|
What is a meta directory in IDM?
|
Centralizse multiple identity sources into one.
|
|
|
What is the difference between a virtaul directory and a meta directory?
|
Meta contains a database with usernames / passwords while a virtual directory points you to another source
|
|
|
How is password synchronization different from single sign on?
|
SSO requires only one login while password sync still requires you to log into all systems
|
|
|
What comprises a digital identity?
|
○ Digital Identity § Attributes: Access level, job title § Traits: Physical features § Entitlements: Manager approved X
|
|
|
What is a Federated Identity?
|
Portable identity and its associated entitlements that can be moved across business boundaries
|
|
|
Who Needs Identity management?
|
§ Users have 6+ username / password combinations § Takes more than one day to setup and provision a user § Takes more than one day to revoke access § Access can't be restricted, audited or monitored
|
|
|
What is a type 1 and type 2 error?
|
· Type 1: False Positive - Should have access but were not given access · Type 2: False Negative - They were given access but should not have been.
|
|
|
What is the CER?
|
Cross Over Error Rate (CER) - Represents the point at which the false rejection rate equals the false acceptance rate. - Minimization of error
|
|
|
What is a rainbow table?
|
A set of passwords that are already hashed to compare against
|
|
|
What is a clipping level?
|
How long a user can be locked out for after failed password attempts
|
|
|
What are four types of SMART card attacks?
|
○ Fault Generation - type of attack trying to manipulate the smart card's environment ○ Side Channel - using differential power analysis - trying to see what is released during card processing ○ Micro probing - Disassembling a card and reading its components ○ Software attacks - POS style attacks
|
|
|
What ISO standard defines SMART card standardization?
|
§ 14443-1 - Physical Characteristics § 14443-3 - Initialization and anti-collision § 14443-4 - Transmission Control
|
|
|
What is authorization creep?
|
As employees move over time, their old access may remain in place and they slowly gain uneccessary access
|
|
|
What is KDC?
|
Key Distribution Center for Kerberos - holds all keys for Kerberos
|
|
|
How does ticketing work in Kerberos?
|
A principal authenticates with the key distribution center (KDC) which provides them a ticket. The principal then uses that ticket to authenticate with other principals
|
|
|
What type of encryption does SESAME use?
|
SESAME uses symmetric and asymmetric -
|
|
|
What type of encryption does KERBEROS use?
|
Symmetric
|
|
|
What is discretionary access control?
|
Discretionary Access Control: Allows the resource owner to specify access.
|
|
|
What is mandatory access control?
|
· Mandatory Access Control: Operating Systems enforce security policy through labels - set based on security label
|
|
|
What is a session?
|
○ Session is mapping between a user and a subset of assigned role
|
|
|
In hierarchical RBAC, what are the two type?
|
○ Limited hierarchies: Only one level of inheritance is allowedGeneral Hierarchies: Allows for multiple levels of hierarchies
|
|
|
What is Static Separation of Duties?
|
Preventing certain groups from overlapping in a RBAC - for instance a user cannot be in the cashier group and accounts receivable
|
|
|
What is the difference between dynamic seperation of duties and static seperation of duties?
|
Dynamic allows the user to belong to both groups but be active in only one group.
|
|
|
What are the ways of managing RBAC?
|
· Non-RBAC - access directly mapped to applications · Limited RBAC - Users are mapped to multiple roles and directly to certain applications that do not have RBAC · Hybrid RBAC - Users are mapped to multi-application roles · Full RBAC - Users are mapped solely to enterprise roles
|
|
|
What is an access control list (ACL)?
|
Access Control Lists (ACLs) - ACLs map values from the access control matrix to an object. It is a column in an access control Matrix - bound to an object
|
|
|
What is a capabiltiy table?
|
· Capability Tables ○ Specifies access rights a certain subject possesses pertaining to specific objects. Kerberos is a capability table
|
|
|
What is AAA stand for?
|
Authentication, Authorization, Accounting
|
|
|
What is diameter?
|
An evolution of RADIUS which was used to combine voice, fax, and mobile IP into one protocol while adding in and seperating out AAA functionality
|
|
|
What are the access control layers? What are example of each layer?
|
· Administrative ○ Policy, procedures, personal controls, supervisory structure, security awareness training, testing · Physical ○ Network segregation, perimeter security, backups, cabling, control zone · Technical ○ System access, architecture, encryption, auditing
|
|
|
What are the types of access control?
|
· Deterrent - Discourages an attack · Preventive - Avoid an incident from occurring · Corrective - Fixes components or systems after an incident · Recovery - Intended to bring controls back to normal operations · Detective - Helps identify an incident's activities · Compensative - Controls that provide for an alternative measure of control · Directive - Mandatory controls that have been put in place due to regulatory or environment requirements
|
|
|
What is scrubbing?
|
Cleaning logs to hide your tracks
|
|
|
What are the types of RAM?
|
○ Dynamic - loses its charge with time ○ Static - Doesn't lose charge but more transistors take up more space ○ Synchronous DRAM - Uses the same timing as the CPU to speed up refreshes ○ EDO DRAM - Uses a look ahead to access the next block of memory ○ Burst EDO DRAM - Transmits more data than EDO at onceDDR SDRAM - carries out read operations on the rising and falling cycles of a clock pulse so it carries two operations per clock cycle
|
|
|
What are the types of static RAM?
|
○ PROM - Programmable ROM - can be set once ○ EPROM - Erasable PROM - Can be modified through a physical interaction such as UV light ○ EEPROM - Eliminates the UV light
|
|
|
What are the 9 steps of the risk management process?
|
System CharacterizationThreat IdentificationVulnerability IdentificationControl AnalysisLikelihood DeterminationImpact AnalysisRisk DeterminationControl RecommendationsResults Determination
|
|
|
What is a policy?
|
Typically describes protecting one of the AIC
|
|
|
What is OCTAVE?
|
Operationally Critical Threat Assest Vulnerability Evaluation - Risk management framework - 3 processes - evaluates risk - Auditing framework
|
|
|
What are the classes of fire extinguisher?
|
A - Common Combustibles - Wood, paper, ectB - Flammable Liquids / Gases C - Live Electrical equipmentD - Combustable Metals - Magnesium, LithiumK - Cooking Media - Oils, fats, lards
|
|
|
What are the different RAID levels?
|
RAID 0 - StrippingRAID 1 - Mirroring RAID 3 - Stripped Set w/ Dedicated Parity (Byte)RAID 4 - Stripped Set w/ Dedicated Partiy (Block)RAID 5 - Distributed Parity
|
|
|
What is a LAND attack?
|
Uses a spoofed syn packet that includes victim's IP as the source and destination IP
|
|
|
What is a LAND attack?
|
The attacker sends ICMP echo request messages with spoofed source addresses of the victim to the dedicated broadcast address.
|
|
|
What is a teardrop?
|
Malformed packet that targets packets that fragment. Packets have overlapping frame segments
|
|
|
What is FRAGGLE?
|
Fraggle is the same as smurf except on UDP
|
|
|
What is SAFE Harbor laws?
|
Allow data sharing between the EU and the US. US companies must subscribe the EU data protection laws
|
|
|
What are the phases of the SDLC?
|
InitiationDevelop / AcquisitionImplementationOperation / MaintenanceDisposal
|
|
|
What is polymorphism?
|
The ability to create a single type of class and overload it.
|
|
|
What is COBRA?
|
Common Object Request Broker Architecture - open vendor neutral networked object broker framework - Competes with Microsoft's COM - multiple language integration
|
|
|
What is Phase Line Alternative?
|
Provides requirements for using CCTVs
|
|
|
What does CMM stand for?
|
Software Capabiltiy Maturity Model - CMM - Developed to improve and evaluate software development process. Phases - Initial, Repeatable, Defined, Managed, Optimizing
|
|
|
What is a row in a database called?
|
Truple
|
|
|
Wat is a column in a database called?
|
Attribute
|
|
|
What is a specific index in a database called?
|
Value
|
|
|
What are the two database langauges and what is their purpose?
|
DDL - Data Defined Language - Create modify and delete tablesDML - Data Manipulation language - query and update tables
|
|
|
In databases, what is entity integrity?
|
Ensures each truple has a unique primary key
|
|
|
What is EAP?
|
Extensible Authentication Protocol - provides authentication on a port level -
|
|
|
Does frame relay have error recovery?
|
No frame relay does not have error recovery. X.25 has error recovery
|
|
|
How do you convert IPv4 to IPv6?
|
Tunneling
|
|
|
What is TGT?
|
Ticket granting service
|
|
|
What are some symmetric encryption protocols?
|
DES, 3DES, AES, TwoFish, Blowfish, IDEA, RC5
|
|
|
What are some asymmetric encryption protocols?
|
DEER - Diffie Hellman, ElGamal, Elliptic Curve, RSA
|
|
|
What are stream ciphers?
|
Cipher Feedback (CFB) - Plaintext block is xord'd with cipher text from previous blockOutput Feedback (OFB) - Plaintext block is Xor'd with encrypted material from previous block
|
|
|
What are block ciphers?
|
Electronic Code Book (ECB) - All text uses the same cipher key - repeated input = repeated outputCipher Block Forwarding (CBC) - Cipher text is generated from plain text output
|
|
|
What is HMAC?
|
Uses a symmetric key in combination to a hash algorithm to verify integrity
|
|
|
What is non-repudiation?
|
Inability for a user to deny an action because of the methods used to permit or authorize the action
|
|
|
What is key escrow?
|
Keys are held by a third party
|
|
|
What are the types of coaxial?
|
Thin Net - 10Base2 - Thick Net - 10Base5 - Uses vampire tap
|
|
|
What are the types of fiber?
|
10Base-FL - 4 KM100Base-FX - 2 KM1000BAse-LX - Long wave length
|
|
|
What are types of email encryption?
|
PGP / GPG - Uses IDEA for confidentiality and MD5 for integrity - uses certificates for identification and authentication. S/MIME - Secure Multipurpose Internet Mail extensions - certificate based - used to handle attachmentsPEM - Privacy Enhanced mail - requires global PKI - Uses AES for encryption and RSA for athentication and key management
|
|
|
What are the two modes of IPSec?
|
Tunnel - Gateway to gatewayTransport - End to end encryption
|
|
|
What are the two securtiy settings for IPSec?
|
Authentication Header (AH) - AH provides integrity and authenticationEncapsulating Security Payload (ESP) - Confidentiality - ESP provides integrity, authentication and encryption.
|
|
|
What is steganograpy? |
Hiding data within an image file |
|
|
What are the types of cipher attacks? |
Fill in |
|
|
What are the categories of physical controls?
|
Detective, Deterrent, Preventive, Corrective, Recovery, Compensating
|
|
|
What is CPTED? What are the tree main strategies?
|
Crime Prevention through environmental design - Natural Access control, Natural surveillance, territorial reinforcement (Sphere of influence)
|
|
|
What are the types of locks?
|
Mechanical, combination locks, cipher locks
|
|
|
What are replacement for halogen?
|
Argon, FE-13,FM-200, Intergen
|
|
|
What are the heights of fences?
|
3-4 ft: Deters casual trespasser6-7 ft: Too diificult to climb easily8 feet + 3 ft strands of barbed wire - Deters determined trespassers
|
|
|
What are the classes of gates?
|
Class I: ResidentialClass II: CommercialClass III: IndustrialClass IV: Restricted
|
|
|
What are physical intrustion detection types?
|
Electromechanical - Alarm sounds the elecrtical circuit is brokenPhotoElectric - Detects changes in a beam of lightPIR - Passive Infared, detects heat signaturesAcoustical - Detects soundVibration Sensing - Sensor detects vibrations
|
|
|
What are the fluctuations in voltage?
|
Spike - Momentary high voltageSurge - Prolonged high voltageSag/Dip - Momentary low voltageBrownout - Prolonged low voltageFault - momentary outageBlack out - prolonged outage
|
|
|
What are the types of fire surpression?
|
Wet Pipe - Always contain water and are usually discharged by temperatureDry Pipe - Water is in a holding tank and pipes are pressurized with airPreaction - Like dry pipe except there is a delay before water is usedDeluge - high volume of water dispersal
|
|
|
Describe IDEA
|
Block Cipher, 128 bit key, faster than DES, symmetric encryption
|
|
|
Desribe RC
|
Stream cipher, variable key size, used in SSL, TKIP, variable block sizes
|
|
|
What is the Bell-LaPadula?
|
Developed for DoD, provides confidentiality Simple Security Rules - No Read Up* Property - No write downStrong * Property - A subject can only read and write to their level
|
|
|
What is DNSSEC?
|
Publci key signatuers in DNS responses
|
|
|
What is Clark Wilson?
|
Focused on integrity, comprised of 5 elements: Users Transformation Procedures: Manipulate CDI through well formed transactions (Via IVP) Constrained Data Items: Data items whose integrity is to be preserved Unconstrained Data Items: Data items outside the control area Integrity Verification Procedures Confirms that all CDIs are in valid states |
|
|
What is the Biba model?
|
Concerned only with integrity - Created by DoDSimple Integrity Axiom - No read down* Integrity Axiom - No write upInvocation Property - Prohibits a subject at one level of integrity from invoking a subject at a higherlevel of integrity
|
|
|
What is Graham Denning Model?
|
Model concerned about actual implementation that define how objects should be created and deleted
|
|
|
What is an information flow model?
|
States that all information should oly flow in directions stated by the security policy.
|
|
|
What is the lattice model?
|
Mathematical construct built upon the notion of a group. Uses multiple levels of classification. Lattice implements MAC
|
|
|
What is dedicated security mode?
|
A system which is operating with all users in a given clearance and need to know about all data on the system, all uesrs have been given formal approval, all users have an NDA
|
|
|
What is system high security mode?
|
The same as dedicated except not all users need to know all information on the machine
|
|
|
What is trust level?
|
Tells the customer how much protection they can expect from the system
|
|
|
What are the rating in the orange book?
|
A - Verified ProtectionB - Mandatory ProtectionC - Discretionary Protection D - Minimal Security
|
|
|
What is accerditation?
|
Management's sign off that the product sovles an organization's problem.
|
|
|
What are the types of VPN tunnelling protocols?
|
PPP: Point to Point - Internet dail upPPTP: Point to Point Tunneling Protocol - Encrypts and encapsulates packetsL2F - Provides mutual authenticationL2TP - Tunnels many types of networks but is not encryptedIPSec - Provides authentication and encryption at the network level
|
|
|
What is CSU/DSU?
|
Breaks apartment telephone conversation into bits using time domain multiplexing
|
|
|
What are the types of virtual circuits?
|
Permanent Virtual Circuit - Programmed in advanceSwitched Virtual Circuit - Built up on demand
|
|
|
What are the pieces of frame relay?
|
DTE - Data termining equipment - user ownedDCE - Telco switched
|
|
|
What is jitter?
|
Jitter is deviation from true periodicity of a presumed periodic signal in electronics and telecommunications, often in relation to a reference clock source - Jitter is bad for voice
|
|
|
Describe ISDN?
|
Digital point to point curcuit switched - B Channel (Voice) - D Channel (Signaling) - Basic Rate Interfcae and Primary Rate Interface
|
|
|
What does object oriented programming provide?
|
Modularity, Deferred commitment, reusability, naturalness
|
|
|
What is Cohesion?
|
Represents how many different types of tasks a module can carry out. If it can carry out only one task, then it has high cohesion. If it has high cohesion then it has few dependencies and easier to replace
|
|
|
What is coupling?
|
Measurement of how much interaction with other modules is requierd for one module to carry out its task - low coupling is less complex
|
|
|
What is OLE?
|
Object linking and embedding - provides a way for objects to be shared on a computer - pictures can embedded into documents
|
|
|
What encryption does WPA use? WPA2?
|
TKIP - Used in WPA, RC4 stream cipherCCMP - Counter Mode CBC-MAC Personal - Does cipher block
|
|
|
What is ODBC?
|
An API which allows an application to access a local or remote database - developed by Microsoft
|
|
|
What is OLE DB?
|
Used only by Microsoft and ActiveX
|
|
|
What are the stages of (System) SDLC?
|
Initiation, Acquisition / Development, Implementation, Operation, Disposal
|
|
|
What are the stages of (Software)SDLC?
|
Requirements gathering, design, development, testing, release
|
|
|
What are ISDN's two interfaces and how many channels are there?
|
BRI - 2B + 1 D = 144 kbsPRI - 23B + 1 D = 1.544 Mbps
|
|
|
What sprinkling system releases a large quantity of water in a short period of time?
|
Deluge
|
|
|
What is CASE?
|
Computer Aided Software Engineering - supports the following activities: development environments, version control, code analyzers, automatic code creation tools
|
|
|
What is the prudent person rule?
|
A person is expected to react and carry out specific duties that a responsible and prudent person would do in similar circumstances_
|
|
|
What are the 7 steps to a business contingency planning?
|
Develop contingency planning policy statementConduct a BIAIdentify preventitive controlsDevelop recovery strategiesDevelop an IT contingency planPlan, test, trainPlan maintenance
|
|
|
What is MTD?
|
Maximum tolerable downtime
|
|
|
When a system detects a problem, what are the there ways to react?
|
Reboot, emergency system restart, cold restart
|
|
|
When would you use a hybrid security model?
|
When individuals should be able to dictate security permissions yet database and network permissions should be managed by IT.
|
|
|
What is an EICAR?
|
Introduces a benign virus to test detection and reaction antivirus software
|
|
|
What software development methodology uses discrete phases prior to moving into the next portion of a project?
|
Waterfall
|
|
|
Who was ITSec developed by?
|
European Use
|
|
|
What is super zapping?
|
A utility to bypass access controls of the OS
|
|
|
What is masquerading?
|
Claiming another's identity at a physical level
|
|
|
What is degaussing?
|
Protection of stored or displayed information by removal/reduction of the magnetic field (demagnetization).
|
|
|
How processes in different levels of trust communciate?
|
Using the reference monitor
|
|
|
What are the requirements of the security kernel?
|
· Must be small enough to comprehensively test · Must be invoked for every access attempt and impossible to circumvent · Must provide isolation for processes carrying out the reference monitor concept.
|
|
|
What is the non interference model?
|
Tasks at a higher level do not affect those at a lower level
|
|
|
What is the main purpose for IRM?
|
Process of identifying, assessing, and reducing risk to an acceptable level
|
|
|
What type of access control implements an access control matrix?
|
DAC
|
|
|
What protocols does L2TP work over?
|
Frame Relay, ATM, X.25 - Developed from L2F and PPP
|
|
|
What is main purpose of a guard ?
|
In a multi level security mode using a MAC model, a guard allows two processes to securely communicate between them
|
|
|
In MAC, what does a sensitivity label contain?
|
Items classification and category
|
|
|
Kerberos depends on what type of encryption method?
|
Secret Key
|
|
|
What is compartmented security mode?
|
Compartmented Security Mode - All users have the clearance to access all information processed by the system in a system high security configuration but might not have the need to know and formal access approval. - Must have highest clearance
|
|
|
What protocol does the NSA use based on IPSec?
|
High Assurance Protocol Encrypter
|
|
|
Describe TCSEC classification system?
|
Uses different assurance levels (A) Verified Protection, (B) Mandatory Protection, © Discretionary Protection, (D) Minimal Security Each level has sub divisions too - also known as the Orange Book
|
|
|
What are TPEP and EPL?
|
TPEP - Overall Orange book evaluation processEPL - Evaluated Product List
|
|
|
What was Europe's security model? Americas?
|
US - TCSEC / Orange BookEurope - ITSec
|
|
|
What does ITSEC evaluate?
|
A systems function and assurance
|
|
|
What is assurance?
|
Degree of confidence in protection methods
|
|
|
What was the ITSec evaluation rating system?
|
F1-F10 for functionE0-E6 for assurance
|
|
|
What is a protection profile?
|
Protection Profile - Creates a set of requirements for a product not yet on the market. Describes environment, function, and objectives
|
|
|
What ISO defines evaluation of security products?
|
ISO 15408 -(1, 2, 3)
|
|
|
What does a retinal scan measure?
|
Pattern of blood vessels in the back of the eye
|
|
|
What is a synchronous token?
|
Used to generate for one time passwords - device a user would carry
|
|
|
What is the difference between MAC and RuBAC?
|
MAC uses labels to define accessRuBAC uses a set of rules to define access
|
|
|
In DAC, who defines access to a file?
|
The owner
|
|
|
What are non discretionary access controls?
|
RBAC and RuBAC and MAC - They all provide centralized administration
|
|
|
What is the difference between authentication and identification?
|
Identification allows you to who you areAuthentication allows you to verify who you are
|
|
|
What is a TOC/ToU attack?
|
Time of Check / Time of Use Attacks (TOC/TOU) - Attack modifies a file which is used later in the process - IE if he is authenticated via a file, the file is later changed to identify someone else before it is checked again
|
|
|
What is a RACE attack?
|
Race Attack - if an attacker can change the order of processes executed.
|
|
|
What is the reference monitor?
|
Abstract machine that mediates all access subjects have to objects both to ensure that subjects have necessary rights and to protect the objectives from unauthorized access. The reference monitor provides direction on how access should take place - Uses NEAT - · N - Non by passable · E - Evaluable · A - Always invoked · T - Tamper Proof |
|
|
What is multi-programming?
|
Multi-Programming - Multiple processes can be loaded into memory at the same time
|
|
|
What is cooperative Multitasking?
|
· Cooperative Multitasking - Allows for time slicing of a processor - processes had too much control over the CPU and could hang
|
|
|
What is preemptive multitasking?
|
· Preemptive Multitasking - System can suspend a process to allow another process access - System can also release resources if an application is hung up
|
|
|
What is data hiding?
|
Use of segregation in design decisions to protect software components from negatively interacting with eachother - strict interfaces
|
|
|
What is micro architecture?
|
Design of micro processor which specifies all physical components such as registers, logic gates, ALU, cache, ect.
|
|
|
What are the types of micro kernel architecture?
|
Monolithic - All of the code works in kernel modeMicrokernel - Reduced amount of code running in the kernel mode carrying out critical functions - Only absolutely necessary code runs in kernel modeHybrid Micro Kernel Mode - Reduced amount of code running in kernel mode carrying out critical operating system functionality
|
|
|
What is Address Space Layout Randomization (ASLR)
|
ASLR changes memory addresses continuously.
|
|
|
What is data execution prevention (DEP?)
|
DEP prevents programs from executing in certain memory locations - declares certain sections "off limits"
|
|
|
What are the two ways a door can react if there is a power failure?
|
· Fail Safe - Door will default to unlockedFail Secure - Door defaults to locked if there's any power issues
|
|
|
What are the types of glass in windows?
|
○ Standard Class - Residential glass ○ Tempered glass - harder to break than regular glass ○ Acrylic Glass - Made of polycarbonate - produces toxic flames when it burns. ○ Polycarbonate - Most expensive and most resistant ○ Embedded Wires - stop glass fro shattering ○ Laminated Glass - Two sheets with plastic between - much more difficult to break
|
|
|
What are two types of relocking?
|
○ Passive Relocking - if being tampered with, more bolts fall into place preventing the safe from opening ○ Thermal relocking - When a certain temperature is reached, an extra lock is implemented
|
|
|
What is in-rush current?
|
When a device is powered on, it is the sudden increase in current
|
|
|
What is Perimeter Intrusion Detection and Assessment System?
|
Type of fencing with sensors located on the wrie mesh and at the base of the fence to detect if someone is climbing the fence
|
|
|
What is depth of focus? To cover a large area, what size lens opening do you need?
|
Portion of the monitor which is in focus in a CCTV. Depth of field increases as the size of the opening decreases . So to cover a large area you need a small lens opening
|
|
|
How does a risk analysis team work? |
Risk analysis is used for management to set an acceptable risk level which allows the risk management team to develop baselines which in turn can be measured with metrics
|
|
|
Describe the OSI Model?
|
○ Application - HTTPS, FTP, APIs ○ Presentation - TIFF, GIF, JPEG ○ Session - How communication takes place - NFS, SQL, RPC ○ Transport - Agree on data transfer, error detection, correction and recovery - SSL, TCP, UDP ○ Network - ICMP, OSPF, BGP, ect ○ Data Link - Logical lin control and MAC ○ Physical - UTP, wires
|
|
|
What are the parts of a PDU in order (Top down)?
|
Data (application)Segments (Transport)Packets (Network)Frames (Data Link)Bits (Physical
|
|
|
What is a TCP Wrapper?
|
A TCP Wrapper is a host based ACL
|
|
|
What is a device which translates a digital to analog and back again?
|
Modem
|
|
|
Which of the following represents the best programming?
|
The best programming uses the most cohesive modules possible, but because different modules need to pass data and communicate, they usually cannot be totally cohesive. Also, the lower the coupling, the better the software design, because it promotes module independence. The more independent a component is, the less complex the application is and the easier it is to modify and troubleshoot.
|
|
|
What does an interpreter do?
|
Interpreters translate one command at a time during execution, as opposed to compilers and assemblers where source code for the whole application is transformed to executable code before being executed.
|
|
|
What are the types of backups?
|
Full Backup/Archival Backup - Complete/Full backup of every selected file on the system regardless of whether it has been backup recently.. This is the slowest of the backup methods since it backups all the data. It’s however the fastest for restoring data.Incremental Backup - Any backup in which only the files that have been modified since last full back up are backed up. The archive attribute should be updated while backing up only modified files, which indicates that the file has been backed up. This is the fastest of the backup methods, but the slowest of the restore methods.Differential Backup - The backup of all data files that have been modified since the last incremental backup or archival/full backup. Uses the archive bit to determine what files have changed since last incremental backup or full backup. The files grows each day until the next full backup is performed clearing the archive attributes. This enables the user to restore all files changed since the last full backup in one pass. This is a more neutral method of backing up data since it’s not faster nor slower than the other two
|
|
|
What does a multiplexer do?
|
In electronics, a multiplexer (or mux) is a device that selects one of several analog or digital input signals and forwards the selected input into a single line. A multiplexer of 2n inputs has n select lines, which are used to select which input line to send to the output. Multiplexers are mainly used to increase the amount of data that can be sent over the network within a certain amount of time and bandwidth. A multiplexer is also called a data selector.
|
|
|
What is a scanning attack?
|
The attacker will make use of a scanner to perform the attack, the scanner will send a very large quantity of packets to the target in order to illicit responses that allows the attacker to find information about the operating system, vulnerabilities, misconfiguration and more. The packets being sent are sometimes attempting to identify if a known vulnerability exist on the remote hosts.
|
|
|
Within Crime prevention through Environmental Design (CPTED) the concept of territoriality is best described as:
|
Ownership - Crime prevention through Environmental Design (CPTED) is a concept that encourages individuals to feel ownership and respect for the territory they consider occupy. By encouraging the use of physical attributes that express ownership, the individual is more apt to protect and be aware in that environment
|
|
|
What is the difference between Session and Transport?
|
These 2 layers, on the surface, behave the same; they set up some sort of session so that communication can take place. The key to remembering the difference is that the session layer works with applications and the transport layer acts with computer systems.In that analogy then you can start placing protocols into each layer. For example, protocols such as SQL and RPC are more application related, wheras as TCP and UDP are more system related.Another way of looking at it (paraphrasing from the book), think of the tranport layer as the bus and the session layer are the different "people" (applications) riding the bus.
|
|
|
What are the types of DNS queries?
|
○ Recursive - Requested can be passed on from the DNS server that received it until it can be answered ○ Non Recursive - Request goes to a specific DNS and it is either answered or rejected
|
|
|
What does MPLS stand for and do?
|
Multiprotocol Label Switching (MPLS) - Addresses the service requirements of switches doing layer 4
|
|
|
What are the types of firewall filtering?
|
§ Packet Filtering - Decision based on network layer rules - Cannot make application level decision § Stateful Inspection - Keeps a state table tracking conversations - High degree of security and scalable without a significant performance degradation § Circuit Proxy - Middle man firewall - circuit level proxy can look into the contents of a packet but doesn't carry out deep packet inspection. SOCKS firewall can carry out circuit level proxy operations § Application Proxy - can inspect application layer services - Not well suited for large quantities of traffic - only works for known protocols § Dynamic Packet Filtering - Makes entries for each connection which is established § Kernel Proxy - Looks at packets at every level of the application stack
|
|
|
What are the types of firewall architecture?
|
§ Screened Host - Router filters traffic prior to it being passed to a firewall § Multi home / Dual Homed - Connected to multiple different networksScreen Subnet - Using a DMZ to screen traffic
|
|
|
What are common firewall rule configurations?
|
§ Silent Rule - Drops traffic without logging it § Stealth Rule - Disallows access to firewall software from unauthorized systems § Cleanup Rule - Last rule in a rule base that drops and logs all traffic § Negate Rule - Used instead of permissive any rules.
|
|
|
What are the types of proxies?
|
○ Forwarding Proxy - allows the client to specify the server it wants to communicate with ○ Open Proxy - Forwarding proxy which is open for anyone to use. Allows a user to conceal their IP addressReverse Proxy - Appears to the clients as the original server - commonly used when the requests are coming from an external source
|
|
|
What is a VAN network?
|
VAN - Value Added Network - Resellers network which is communicated by a company's network through EDI
|
|
|
How many conversations can a T1 carry?
|
24 conversations - 1.5 Mbps
|
|
|
How many T1's can a T3 carry?
|
28xT1's - 44Mbps
|
|
|
What is Asynchronous Transfer Mode?
|
· ATM - Asynchronous Transfer Mode - Encapsulates the data into fixed cells, cars on the highway (SONET)Uses cell switched technology - uses fixed size cells to transfer data
|
|
|
What are DCE / DTE ?
|
DCE = Customer OwnedDTE = Telecom owned
|
|
|
Describe PPP?
|
Point to Point Protocol (PPP) - Data link protocol - Uses Link Control Protocol (LCP) that establishes and maintains the connection. Network control protocols (NCP) are used to maintain the connection. Uses PAP and CHAP for authentication
|
|
|
What is cardinality?
|
There are also optional participation conditions to the above (where a row in one table doesn't have to relate to the other table at all). When talking about database query optimization, cardinality refers to the data in a column of a table, specifically how many unique values are in it.
|
|
|
What are packet switched technologies?
|
X.25, Frame Relay
|
|
|
What are dedicated point to point technologies?
|
HDLC, PPP
|
|
|
How many bits is MD5?
|
128
|
|
|
What is the primary goal of configuration management?
|
System Stability
|
|
|
What is pipelining?
|
pipeline is a set of data processing elements connected in series, so that the output of one element is the input of the next one. The elements of a pipeline are often executed in parallel or in time-sliced fashion; in that case, some amount of buffer storage is often inserted between elements. Pipelining is used in processors to allow overlapping execution of multiple instructions within the same circuitry. The circuitry is usually divided into stages, including instruction decoding, arithmetic, and register fetching stages, wherein each stage processes one instruction at a time.
|
|
|
What PKCS defines RSA?
|
PKCS#1
|
|
|
What is the the set of allowable values an attribute can take?
|
The domain of a relation is the set of allowable values that an attribute can take.
|
|
|
What is a tripwire?
|
It is a data integrity assurance software aimed at detecting and reporting accidental or malicious changes to data.
|
|
|
Does a digital signature provide encryption?
|
No. It provides integrity, signatures, and authentication.
|
|
|
What are Capacitance detectors?
|
Capacitance detectors monitor an electrical field surrounding the object being monitored. They are used for spot protection within a few inches of the object, rather than for overall room security monitoring used by wave detectors. Penetration of this field changes the electrical capacitance of the field enough to generate and alarm. Wave pattern motion detectors generate a frequency wave pattern and send an alarm if the pattern is disturbed as it is reflected back to its receiver. Field-powered devices are a type of personnel access control devices. Audio detectors simply monitor a room for any abnormal sound wave generation and trigger an alarm.
|
|
|
What is a padded cell?
|
Padded cells are simulated environments to which IDSs seamlessly transfer detected attackers and are designed to convince an attacker that the attack is going according to the plan.
|
|
|
What step confirms that users’ needs have been met by the supplied solution?
|
Acceptance confirms that users’ needs have been met by the supplied solution. Verification and Validation informs Acceptance by establishing the evidence – set against acceptance criteria - to determine if the solution meets the users’ needs. Acceptance should also explicitly address any integration or interoperability requirements involving other equipment or systems. To enable acceptance every user and system requirement must have a 'testable' characteristic.
|
|
|
What is defined as the hardware, firmware and software elements of a trusted computing base that implement the reference monitor concept?
|
Security Kernel
|
|
|
What can be attached to a data object to verify origin and integrity?
|
Digital Signature
|
|
|
What does a message authentication code verify?
|
used to authenticate a message and to provide integrity and authenticity assurances on the message. Integrity assurances detect accidental and intentional message changes, while authenticity assurances affirm the message's origin.
|
|
|
After a company is out of an emergency state, what should be moved back to the original site first?
|
Least critical
|
|
|
How does a user (P1) establish session to an application server (P2)
|
1) Principal P1 authenticates to the KDC, and gets a TGT2) Principal P1 requests access to P2. This request is made to the KDC on which the TGS (Ticket Granting Service) sits.3) KDC checks P1's TGT, and if valid sends a service ticket ST to P14) P1 sends a request to P2 to request access, together with the ST given by the TGS.5) P2 checks the ST and allows access if valid.
|
|
|
What does an incremental backup do?
|
Backs up all the files that have changed since the last full or incremental backup and sets the archive bit to 0.
|
|
|
What does a A Differential backup do?
|
Backs up all the files that have changed since the last full leaves the archive bit set to 1.
|
|
|
What X standard defines security certificates?
|
X.509
|
|
|
What is a security association?
|
A Security Association (SA) is a simplex logical connection between two IPSec systems. For bi-directional communication to be established between two IPSec systems, two separate Security Associations, one in each direction, must be defined.
|
|
|
The absence of a safeguard, or a weakness in a system that may possibly be exploited is called a(n)?
|
Vulnerability
|
|
|
What is the confinement property?
|
Also known as the star property - it is in the Bell-LaPadula model - it indicates no write down.
|
|
|
What are the types of hashing?
|
§ Unit Testing - Checking each component § Integration Testing - Tests if components work together § Acceptance Testing - Ensuring that the code meets customer requirements § Regression Testing - Testing after a change takes place to ensure the system still functions.
|
|
|
What are the steps in CMMI?
|
MMI - Comprehensive integrated set of guidelines for developing products and software § Initial § Repeatable § Defined § Managed § Optimized (Company has budget and integrated plans)
|
|
|
What are the steps in cange control? |
§ Make a formal request for change § Analyze the request § Record the change request § Submit the change for approval § Develop the Change § Report results to management
|
|
|
What is J2EE? |
Java's version of COM and COBRA - integrates multiple programming languages
|
