Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
297 Cards in this Set
- Front
- Back
|
What is a key difference in security between MAC and DAC?
|
In MAC, a user who can access a file cannot necessarily copy it
|
|
|
What DoD classification does MAC map to?
|
Level-B classification
|
|
|
What DoD classification does DAC map to?
|
Level-C classification
|
|
|
What does CHAP use for authentication?
|
hashing
|
|
|
What is AES?
|
Advanced Encryption Standard- algorithm used by US government for sensitive but unclassified information
|
|
|
What type of encryption is AES?
|
symmetric
|
|
|
What kind of algorithm is 3DES?
|
symmetric
|
|
|
What algorithm does AES use?
|
Rijndael
|
|
|
What two encryption standards is AES designed to replace?
|
DES and 3DES
|
|
|
What is the most effective way of enforcing security in a dialup network?
|
require callback
|
|
|
What port do DNS zone transfers use?
|
TCP port 53
|
|
|
What port do DNS lookups use?
|
UDP port 53
|
|
|
Why do routers help limit the damage done by sniffing and MITM attacks?
|
They send data to a specific subnet only
|
|
|
What are the two types of symmetric algorithms?
|
block and stream
|
|
|
What are the two advantages of block ciphers over stream ciphers?
|
they are faster and more secure
|
|
|
What is the main difference between S/MIME and PGP?
|
S/MIME relies upon a CA for public key distribution
|
|
|
What is the maximum throughput of 802.11a?
|
54 Mbps
|
|
|
What frequency does 802.11b operate at?
|
2.4 GHz
|
|
|
What is the maximum throughput of 802.11b?
|
11 Mbps
|
|
|
What frequency does 802.11g operate at?
|
2.4 GHz
|
|
|
What is the maximum throughput of 802.11g?
|
54 Mbps
|
|
|
Is 802.11g backwards-compatible with 802.11a and 802.11b?
|
backwards-compatible with 802.11b only at 11 Mbps
|
|
|
What type of media access control does 802.11 use?
|
collision avoidance
|
|
|
What sort of attack does TACACS+'s lack of integrity checking make it vulnerable to?
|
replay attacks
|
|
|
What two bit strengths is SSL available in?
|
40-bit and 128-bit
|
|
|
What two bit strengths is SSL available in?
|
40-bit and 128-bit
|
|
|
What is the maximum capacity of QIC?
|
20 GB
|
|
|
What is the maximum capacity of 4mm DAT?
|
40 Gb
|
|
|
What is the maximum capacity of 8mm tapes?
|
50 Gb
|
|
|
What is the maximum capacity of Travan?
|
40 Gb
|
|
|
What is the maximum capacity of DLT?
|
220 Gb
|
|
|
With biometric scanning, what is rejecting a valid user called?
|
Type I error
|
|
|
With biometric scanning, what is accepting a user who should be rejected called?
|
Type II error
|
|
|
In biometric scanning, what is the crossover rate?
|
error percentage when Type I and II errors are equal
|
|
|
What mathematical fact does a birthday attack rely on?
|
it is much easier to find two datasets that share a hash than to find a dataset that shares a hash with a given dataset
|
|
|
What is CRL?
|
Certificate Revokation list- list of subscribers to a PKI and their certificate status
|
|
|
What is OCSP?
|
Online Certificate Status Protocol- a replacement for CRL
|
|
|
What disadvantage does CRL have the OCSP addresses?
|
updates must be downloaded frequently to be accurate
|
|
|
What disadvantage does CRL have that OCSP addresses?
|
updates must be downloaded frequently to be accurate
|
|
|
Does TLS use the same ports for encrypted and unencrypted data?
|
no
|
|
|
What is the difference between S-HTTP and SSL?
|
S-HTTP is designed to send individual messages securely; SSL sets up a secure connection between two computers
|
|
|
What is the primary limitation of symmetric cryptography?
|
key distribution
|
|
|
What protocol is being pushed as an open standard for IM?
|
SIMPLE
|
|
|
In relation to AAA, what is CIA?
|
Confidentiality, Integrity, Availability
|
|
|
What are the three components of AAA?
|
Authentication, Authorization, Access Control
|
|
|
What is an open relay?
|
an SMTP relay that does not restrict access to authenticated users
|
|
|
What is an open relay?
|
an SMTP relay that does not restrict access to authenticated users
|
|
|
What encryption scheme does WEP use?
|
RC4
|
|
|
Who created RC2 and RC4?
|
Rivest
|
|
|
What are the two main types of firewalls?
|
application-level and network-level
|
|
|
How does an application-level firewall handle different protocols?
|
with a proxy program for each protocol
|
|
|
What happens if an application-level protocol doesn't have a proxy program for a given protocol?
|
the protocol can't pass through the firewall
|
|
|
What limitation do application-level firewalls create for proprietary software?
|
proprietary software often uses proprietary protocols, which often can't pass the firewall
|
|
|
Which is faster, application-level or network-level firewalls?
|
network-level firewalls
|
|
|
What are the two types of network-level firewalls?
|
packet filters and stateful packet inspection
|
|
|
What might be indicated by packets from an internal machine with an external source address in the header?
|
machine is being used in a DoS/DDoS attack
|
|
|
What might be indicated by packets from an internal machine with an external source address in the header?
|
machine is being used in a DoS/DDoS attack
|
|
|
What is the DSS?
|
Digital Signature Standard- provides for non-repudiation of messages
|
|
|
Does DSS use symmetric or asymmetric keys?
|
asymmetric
|
|
|
What is PEM?
|
Privacy Enhanced Mail- public-key encryption similar to S/MIME
|
|
|
What does PGP use in place of a CA?
|
a "web of trust"
|
|
|
What type of encryption is Kerberos?
|
symmetric
|
|
|
What is X.509 used for?
|
digital certificates
|
|
|
What are tokens also known as?
|
One-time passwords
|
|
|
What type of network is extremely vulnerable to Man in the Middle attacks?
|
wireless
|
|
|
What is smurfing?
|
broadcasting echo requests with a falsified source address, overwhelming the owner of the address
|
|
|
What port does the chargen exploit use?
|
TCP 19
|
|
|
What port does echo use?
|
port 7
|
|
|
What ports does FTP use?
|
ports 20 and 21
|
|
|
What port does FTP use for data?
|
port 20
|
|
|
What port does SSH use?
|
port 22
|
|
|
What port does Telnet use?
|
port 23
|
|
|
What port does SMTP use?
|
port 25
|
|
|
What port does TACACS use?
|
port 49
|
|
|
What ports does DNS use?
|
TCP and UDP 53
|
|
|
What port does POP3 use?
|
port 110
|
|
|
What port does SNMP use?
|
port 161
|
|
|
What port does HTTPS use?
|
TCP 443
|
|
|
What port does RADIUS use?
|
port 1812
|
|
|
What does 802.1x do?
|
provides an authentication framework for wired and wirelss networks
|
|
|
What is TACACS?
|
Terminal Access Controller Access Control System
|
|
|
What advantage does TACACS+ have over TACACS?
|
multi-factor authentication
|
|
|
What protocol is replacing PPTP?
|
L2TP
|
|
|
What two protocols were combined to form L2TP?
|
Microsoft's PPTP and Cisco's L2F
|
|
|
What are the two main components of L2TP?
|
L2TP Access Controller (LAC) and L2TP Network Server (LNS)
|
|
|
What three utilities comprise SSH?
|
SSH, Slogon, SCP
|
|
|
What type of encryption does SSH use?
|
RSA PKI
|
|
|
What two services are provided by IPSec?
|
Authentication Header (AH) and Encapsulating Security Payload (ESP)
|
|
|
What encryption does S/MIME use?
|
RSA
|
|
|
Who developed PGP?
|
Phillip R. Zimmerman
|
|
|
What is PGP primarily used for?
|
email encryption
|
|
|
What type of encryption does PGP use?
|
PKI
|
|
|
What type of encryption does PGP use?
|
PKI
|
|
|
What two algorithm options exist for PGP?
|
RSA and Diffie-Hellman
|
|
|
Are SSL sessions stateful or stateless?
|
stateful
|
|
|
What two strengths does SSL come in?
|
40-bit and 128-bit
|
|
|
What is TLS?
|
Transport-Layer Security- a successor to SSL
|
|
|
What type of encryption does SSL use?
|
RSA PKI
|
|
|
What two layers does TLS consist of?
|
TLS Record Protocol and TLS Handshake Protocol
|
|
|
Are SSL and TLS compatible?
|
no
|
|
|
What is HTTPS?
|
HTTP over SSL
|
|
|
What kind of encryption does HTTPS use?
|
40-bit RC4
|
|
|
What is Authenticode?
|
a method of signing ActiveX controls
|
|
|
What is Authenticode?
|
a method of signing ActiveX controls
|
|
|
What language is normally used to write CGI scripts?
|
Perl
|
|
|
What is DEN?
|
Directory-Enabled Networking- specification for how to store network information in a central location
|
|
|
What model is DEN based on?
|
Common Information Model (CIM)
|
|
|
What security problem does FTP have?
|
authentication sent in cleartext
|
|
|
What does S/FTP use for encryption?
|
SSL
|
|
|
What are the four WAP layers?
|
Wireless Application Environment (WAE); Wireless Session Layer (WSL); Wireless Transport Layer Security (WTLS); Wireless Transport Layer (WTL)
|
|
|
What is WML?
|
Wireless Markup Language- used to create pages for WAP
|
|
|
What is WML?
|
Wireless Markup Language- used to create pages for WAP
|
|
|
What OS do most PBX's use?
|
UNIX
|
|
|
What is hashing?
|
changing a character string into a shorter fixed-length value or key
|
|
|
What four trust models do PKI's fall into?
|
heirarchical; network/mesh; trust list; key ring
|
|
|
What is unique about the network/mesh model of PKI?
|
multiple parties must be present before access to the token is granted
|
|
|
Does PPTP require IP connectivity?
|
yes
|
|
|
Does L2TP require IP connectivity?
|
no
|
|
|
What does IPSec use for authentication and key exchange?
|
Diffie-Hellman
|
|
|
What does IPSec use for encryption?
|
40-bit DES algorithm
|
|
|
What three methods are used to determine VLAN membership on the local switch?
|
port-based; MAC-based; protocol-based
|
|
|
What two methods are used to determine VLAN membership on a remote switch?
|
implicit, based on MAC address; explicit, where the first switch adds a tag
|
|
|
Why is detecting statistical anomolies a good approach to intrusion detection?
|
don't have to understand the root cause of the anomolies
|
|
|
Why is detecting statistical anomolies a good approach to intrusion detection?
|
don't have to understand the root cause of the anomolies
|
|
|
What is the top priority in computer forensics?
|
document each step taken
|
|
|
What type of access control do most commercial OS's use?
|
DAC
|
|
|
How does CHAP work?
|
server sends random value to client; client uses MD5 to create hash with ID, random value, and shared secret; client sends hash to server; server performs same function and compares values
|
|
|
Is PPTP usually implemented through hardware or software?
|
software
|
|
|
Is L2TP usually implemented through hardware or software?
|
hardware
|
|
|
What is compulsory tunneling?
|
situation where VPN server chooses the endpoint of a communication
|
|
|
What advantage does compulsory tunneling provide?
|
allows VPN connections to be concentrated over fewer high-capacity lines
|
|
|
What port does L2TP use?
|
UDP 1701
|
|
|
What are the two encryption modes for IPSec?
|
Transport, where only the data is encrypted; and Tunneling, where the entire packet is encrypted
|
|
|
What protocol does IPSec use to exchange keys?
|
Internet Key Exchange (IKE)
|
|
|
What is key escrow?
|
administration of a private key by a trusted third party
|
|
|
What advantage does TACACS+ have over RADIUS?
|
better security
|
|
|
What advantage does RADIUS have over TACACS+?
|
better vendor support and implementation
|
|
|
What makes non-repudiation a stronger version of authentication?
|
non-repudiation comes from a third party
|
|
|
Non-repudiation has been compared to what real-world version of authentication?
|
using a public notary
|
|
|
What is a teardrop attack?
|
a type of DoS attack using a false fragmentation offset value
|
|
|
What is an AUP?
|
Acceptable Use Policy
|
|
|
From what does RSA derive its strength?
|
the difficulty of factoring large numbers
|
|
|
What three people were involved in the creation of RSA?
|
Rivest, Shamir, Adleman
|
|
|
Is RSA a public- or private-key system?
|
public-key
|
|
|
What is the standard key length for DES?
|
56 bits
|
|
|
What is the standard key length for IDEA?
|
128 bits
|
|
|
What is the standard key length for 3DES?
|
168 bits
|
|
|
How are RSA and DES used together?
|
RSA is used to encrypt the key for transmission; DES is used for message encryption
|
|
|
What kind of encryption does AES use?
|
private-key
|
|
|
What is IDEA?
|
International Data Encryption Algorithm- a 128-bit private-key encryption system
|
|
|
What are the two most popular hashing routines in use today?
|
MD5 and SHA-1
|
|
|
What size is an MD5 hash?
|
128 bits
|
|
|
What is MD5 designed for?
|
digital signatures
|
|
|
Observing the timer value in the TCP stack makes what possible?
|
determining the OS in use, useful in planning attacks
|
|
|
What are the three A's in computer forensics?
|
Acquire, Authenticate, Analyze
|
|
|
What is the first step in risk analysis?
|
identifying assets
|
|
|
What type of network is CHAP primarily used on?
|
PPP
|
|
|
What are the seven stages in a certificate life cycle?
|
certificate enrollment; distribution; validation; revocation; renewal; destruction; auditing
|
|
|
What security advantage do managed hubs provide over other hubs?
|
they can detect physical configuration changes and report them
|
|
|
What is port mirroring?
|
on switches, the ability to map the input and output of one or more ports to a single port
|
|
|
What does an attacker need to conduct ARP cache poisoning?
|
physical connectivity to a local segment
|
|
|
What security hole does RIPv1 pose?
|
RIPv1 does not allow router passwords
|
|
|
What are the five main services provided by firewalls?
|
packet filtering; application filtering; proxy server; circuit-level; stateful inspection
|
|
|
Which of the five router services do e-mail gateways provide?
|
application filtering
|
|
|
What OSI layer do stateful firewalls reside at?
|
network layer
|
|
|
What are the three types of NAT?
|
static NAT; dynamic NAT; overloading NAT
|
|
|
What security weakness does SPAP have?
|
does not protect against remote server impersonation
|
|
|
How do the RADIUS client and server avoid sending their shared secret across the network?
|
shared secret is hashed and hash is sent
|
|
|
In MAC, what is read-up?
|
the ability of users in lower security categories to read information in higher categories
|
|
|
In MAC, of read-up, read-down, write-up, and write-down, which two are legal? Which two are illegal?
|
"legal- read-down, write-up
|
|
|
Do hashing algorithms protect files from unauthorized viewing?
|
no, only verify files have not been changed
|
|
|
What is an SIV?
|
System Integrity Verifier- IDS that monitors critical system files for modification
|
|
|
Why are VLAN's considered broadcast domains?
|
all hosts on the VLAN can broadcast to all other hosts on the VLAN
|
|
|
What language are most new smart card applications written in?
|
Java
|
|
|
What is a bastion host?
|
a gateway in a DMZ used to secure an internal network
|
|
|
What type of IDS will likely detect a potential attack first? Why?
|
Network-based IDS: runs in real-time
|
|
|
What drawback do heuristic-based IDS's have?
|
higher rate of false positives
|
|
|
What are the four layers of the TCP/IP suite? How do they map to the OSI model?
|
"Application > Application-Session
|
|
|
What are the six steps to incident response?
|
Preparation; Identification; Containment; Eradication; Recovery; Follow-Up
|
|
|
What are most fire extinguishers loaded with?
|
FE-36
|
|
|
What is FE-13 used for?
|
explosion prevention
|
|
|
What is FE-13 used for?
|
explosion prevention
|
|
|
What is the maximum length of a valid IP datagram?
|
64K
|
|
|
What is the RFC-recommended size of an IP datagram?
|
576 bytes
|
|
|
What is IGMP used for?
|
multicasting
|
|
|
What is bytestream?
|
data from Application layer is segmented into datagrams that source and destination computers will support
|
|
|
What two pieces of information comprise a socket?
|
source IP address and source port
|
|
|
At the Network Interface layer, what is the packet of information placed on the wire known as?
|
a frame
|
|
|
What IP layer do man-in-the-middle attacks take place at?
|
internet layer
|
|
|
What IP layers do DoS attacks occur at?
|
any layer
|
|
|
What IP layer do SYN floods occur at?
|
transport layer
|
|
|
Which hashing algorithm is more secure, MD5 or SHA-1?
|
SHA-1
|
|
|
What is the key length for Blowfish?
|
variable length
|
|
|
How are digital signatures implemented?
|
a hash is created and encrypted with the creator's private key
|
|
|
How are asymmetric algorithms used for authentication?
|
authenticator sends a random number (nonce) to receiver, who encrypts it with their private key
|
|
|
In a bridge CA architecture, what is the CA that connects to a bridge CA called?
|
a principal CA
|
|
|
Who defines a certificate's life cycle?
|
the issuing CA
|
|
|
At what OSI layer (and above) must networked computers share a common protocol?
|
data link and above
|
|
|
What security hole does SPAP have?
|
remote server can be impersonated
|
|
|
What protocol does RADIUS use?
|
UDP
|
|
|
What protocol does TACACS+ use?
|
TCP
|
|
|
What sort of devices normally use TACACS?
|
network infrastructure devices
|
|
|
What limitation does IPSec have?
|
only supports unicast transmissions
|
|
|
What does IPSec require to be scaleable?
|
a PKI
|
|
|
What are the three major components of SSH?
|
Transport Layer protocol (SSH-TRANS); User authentication protocol (SSH-USERAUTH); connection protocol (SSH-CONN)
|
|
|
What do BSS and ESS stand for?
|
Basic Service Set and Extended Service Set
|
|
|
What does ESS offer that BSS does not?
|
the ability to roam between AP's
|
|
|
What are the two parts of a Key Distribution Center?
|
An authentication server (AS) and a ticket-granting server (TGS)
|
|
|
What are the three major classification levels with MAC?
|
Top Secret; Confidential; Unclassified
|
|
|
What does echo do?
|
responds to packets on UDP port 7
|
|
|
What does chargen do?
|
responds to packets on UDP port 19 with random characters
|
|
|
What is an FTP bounce?
|
running scans against other computers through a vulnerable FTP server
|
|
|
What version of BIND allows for mutual authentication?
|
BINDv9
|
|
|
What ports are commonly used for NetBIOS names and sessions?
|
TCP/UDP 137, 138, 139
|
|
|
What ports do DHCP and BOOTP use?
|
TCP/UDP ports 67 and 68
|
|
|
What port does NNTP use?
|
TCP/UDP 119
|
|
|
What port does LDAP use?
|
TCP/UDP port 389
|
|
|
What port does LDAPS use?
|
TCP/UDP port 636
|
|
|
Why can hand geometry only be used for verification, rather than identification?
|
hand geometry is not unique
|
|
|
What advantages do hand geometry scans have over fingerprint scans?
|
they are faster, cleaner, and less invasive
|
|
|
What are the advantages and disadvantages of retinal scanning?
|
most reliable but most invasive
|
|
|
What disadvantage does speech recognition have?
|
easier to spoof than other biometric techniques
|
|
|
What are QIC tapes primarily used for?
|
backing up standalone computers
|
|
|
What are DAT drives primarily used for?
|
basic network backups
|
|
|
What three tape types offer high capacity and rapid data transfer?
|
8mm, DLT, and LTO
|
|
|
How does a host respond to a TCP connect scann if the scanned port is open? Closed?
|
open: SYN-ACK; closed: RST
|
|
|
What can be done to reduce the effects of half-open attacks?
|
reduce the time a port waits for a response
|
|
|
How does a host respond to a FIN packet if the scanned port is open? Closed?
|
open: packet discarded; closed: RST
|
|
|
How does an XMAS scan work?
|
a variety of TCP packets are sent to elicit a response
|
|
|
What TCP sequence number does an XMAS scan use?
|
0
|
|
|
What are two characteristics of a null scan?
|
TCP sequence number set to 0; no TCP flags set
|
|
|
What is a TCP ACK scan used for?
|
determining if a port is filtered by a firewall
|
|
|
What is a window scan?
|
a scan that attempts to determine the OS in use by its default TCP window size
|
|
|
What are the two basic types of DoS attacks?
|
flaw exploitation attacks and flooding attacks
|
|
|
What three basic router/firewall measures will reduce the effects of a DoS attack?
|
egress filtering, ingress filtering, and disabling IP-directed broadcasting
|
|
|
What is source routing?
|
Sender defines hops a packet must travel through
|
|
|
How is source routing used by attackers?
|
used to route packets around security devices
|
|
|
How can source routing be defended against?
|
routers can be configured to discard source-routed packets
|
|
|
What two methods do IDS's use to detect and analyze attacks?
|
misuse detection and anomoly detection
|
|
|
What advantage does LEAP have over EAP?
|
LEAP allows for mutual authentication
|
|
|
What advantage does LEAP have over EAP?
|
LEAP allows for mutual authentication
|
|
|
What protocol does 802.1x use for authentication?
|
EAP
|
|
|
What protocol does 802.1x use for authentication?
|
EAP
|
|
|
How does an 802.1x authenticator handle authentication traffic?
|
Passes it to a RADIUS server for authentication
|
|
|
What is ECC?
|
Elliptical Curve Cryptography- public-key cryptographic method which generates smaller, faster, and more secure keys
|
|
|
What standard is LDAP based on?
|
X500
|
|
|
Who developed SSL?
|
Netscape
|
|
|
What three protocols are routinely layered over TLS?
|
IMAP, POP3, and SMTP
|
|
|
What two types of certificates does S/MIME use?
|
PKCS #7 certificates for message content and X.509v3 for source authentication
|
|
|
What is the "hidden node" problem?
|
When a wireless client cannot see the network due to interference.
|
|
|
What does WEP stand for?
|
Wired Equivalent Protection
|
|
|
In a 128-bit WEP key, how long is the actual secret key?
|
104 bits- the first 24 bits are used for the Initialization Vector (IV)
|
|
|
No Read Up, No Write Down describes what Security Model
|
Bell LaPadula
|
|
|
Biba, Clark Wilson, and Non-Interference models cover what aspect of security
|
Integrity
|
|
|
Execution and memory space assigned to each process is called a _______ _______
|
Protection Domain
|
|
|
The Boundary that separates the TCB from the rest of the system.
|
Security Perimeter
|
|
|
Programming technique used to encapsulate methods and data in an object
|
Information Hiding
|
|
|
System component that manages and enforces access controls on objects
|
Reference Monitor
|
|
|
Operates at the highest level of information classification where all users must have clearances for the highest level
|
System High mode
|
|
|
Lack of parameter checking leaves a system vulnerable to this type of attack
|
Buffer overflow
|
|
|
Also called a maintenance hook
|
Trap door
|
|
|
Attack that exploits difference in time when a security control is applied and a service is used
|
TOC/TOU attack
|
|
|
This recovery mode permits access by only privileged users from privileged terminals
|
Maintenance mode
|
|
|
Design where a component failure allows the system to continue to function
|
Fault-tolerant
|
|
|
Design where a failure causes termination of processes to protect the system from compromise
|
Fail-safe
|
|
|
Design where a failure causes non-critical processes to terminate, and system runs in a degraded state
|
Fail-soft or Resilient
|
|
|
Design where a failure causes the system to use backup spare components to compensate for failed ones
|
Fail-over
|
|
|
This standard includes levels of assurance, from D (Least secure) to A (Most secure)
|
TCSEC (Trusted Computer Security Evaluation Criteria)
|
|
|
TCSEC Minimal Protection (one class)
|
D (Minimal Protection)
|
|
|
TCSEC Discretionary Protection (two classes)
|
"C1 (User logon, Groups allowed)
|
|
|
TCSEC Mandatory Protection (three classes)
|
"B1 (MAC)
|
|
|
TCSEC Verified Protection (one class)
|
A1 (Mathematical model must be proven)
|
|
|
European counterpart to TCSEC
|
ITSEC (Information Technology Security Evaluation Criteria)
|
|
|
ITSEC separately evaluates ____ and _____
|
Functionality and Assurance
|
|
|
The ITSEC subject of an evaluation is called the ___ __ _____
|
Target of Evaluation (TOE)
|
|
|
Combination of ITSEC, TCSEC, and Canada's CTCPEC
|
Common Criteria
|
|
|
Unit of evaluations levels in the Common Criteria
|
"Evaluation Assurance Level
|
|
|
4 Phases of DITSCAP and NIACAP accreditation
|
"1. Definition
|
|
|
This Access Control model specifies the rights that a subject can transfer to an object, or that a subject can take from another subject.
|
Take-Grant model
|
|
|
TCSEC Level that addresses covert storage channels
|
B2
|
|
|
TCSEC level that addresses both covert storage and timing channels
|
B3, A1
|
|
|
Consolidation of power should not be allowed in a secure system, this is called
|
Separation (or segregation) of duties
|
|
|
Two operators are needed to perform a function. This is called
|
Dual Control
|
|
|
Two operators review and approve each other's work. This is called
|
Two-man control
|
|
|
Operators are given varying assignments for a time period, then their assignment changes. This is called
|
Rotation of duties
|
|
|
This type of recovery is required for only B3 and A1 TCSEC levels
|
Trusted Recovery
|
|
|
Operating system loaded without the front-end security enabled, is only done in this mode
|
Single-user mode
|
|
|
Required tracking of changes to a system under B2, B3, and A1 is called
|
Configuation Management
|
|
|
This refers to the data left on media after erasure
|
Data Remanence
|
|
|
Separation of duties, least privilege, personnel security, configuration control, Record retention, are examples of what type of controls?
|
Administrative Controls
|
|
|
Software controls, media controls, hardware controls, physical access controls are examples of what type of controls?
|
Operations Controls
|
|
|
A weakness in a system which might be exploited
|
Vulnerability
|
|
|
An event that can cause harm to a system and create a loss of C, I , A
|
Threat
|
|
|
EF
|
Exposure Factor
|
|
|
SLE
|
Single Loss Expectancy
|
|
|
ARO
|
Annualized Rate of Occurence
|
|
|
ALE
|
Annualized Loss Expectancy
|
