Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
45 Cards in this Set
- Front
- Back
|
Atomic refers to what in a database management system?
What TCP/IP model corresponds with the OSI Network Layer? |
Every row/column position is always exactly 1 data value.
Internet Layer. |
|
|
Is Coaxial or UTP more resistant to EMI?
TCP and UDP port numbers are how many bits |
Coaxial.
16 bit. |
|
|
Why is RAID level 1 more costly then the other RAID levels?
Should the DMZ be placed in front of or behind the first Internet Firewal? |
Because it requires a one for one disk ratio.
Behind the first internet firewall. |
|
|
A Token ring uses what type of wireing?
Discribe a Differential Backup? |
CAT 4 UDP
A Differential Backup builds up changes as it writes to the full backup. |
|
|
A hardware RAID is ussually what?
What layer of the TCP/IP Protocol model offers error free dilivery and packet sequencing? |
Platform - interdependant.
Transport Layer. |
|
|
What remote access authenticatin system is the most robust?
What layer of the OSI does IPSEC operate on? |
TACACS+.
Network Layer. |
|
|
Name the four network classes?
|
0-127 = Class A
128-191 = Class B 192-223 = Class C 224-239 = Class D |
|
|
Link the folling ISO standards?
802.2 802.3 802.5 802.11 |
802.2 = Locigal link
802.3 = Ethernet CSMA/CC 802.5 = Token Ring 802.11 = Wireless |
|
|
Buffer Overflow and Bountry condition errors are subsets of what?
Why is Inferred considered more secure? |
Input Validation errors.
Requires direct line of site. |
|
|
What is the purpose of a message digest in within a digital signature?
What is the preferred way to put out a electrical fire? |
Detect message changes.
CO2.. |
|
|
What Security Model intruduces the idea of mutual exlcusivity?
The Brewer and Nash model is designed to prevent what? The Brewer and Nash model uses what type of security policy? |
Brewer and Nash.
Conflicts of interest. Chinese Wall Security Policy. |
|
|
What Security Model looks like a spread sheet?
The Information Flow Model is a veriation of what security Model? The Access Control Model address's what two areas on the CISSP? |
Information Flow Model.
The Access Control Model. Confidentiality and Integrity. |
|
|
What three integrity issues does the Clark Wilson security Model address?
|
Unauthorized Modifications.
Authorized people making unauthorized changes. Internal & External Consistancy. Seperation of Duties. |
|
|
Clark Wilson Model is known for what?
Clark Wilson Model is also known as the Commercial Integraty model? T OR F |
Well Formed Transactions.
True.. |
|
|
Microsoft uses what type of Security Model?
What Security Model combines all three integrity goals? |
A combination of the Biba and Bell Lapadula model called the Lipner security model.
Clark Wilson Security Model.. |
|
|
The Biba Security Model uses what mathmatical dual for confidentiality?
The Biba Security model allows a person to read and write in what way? |
Access Tuples: Object and Subjects.
Read Up and Write Down. |
|
|
The Biba Security model is based upon what?
Biba Security Model address's what leg of the CISSP triadd? |
Hierarchiacal Lattice.
Integrity. |
|
|
What does the sample security property in the Bell Lapadula address?
What Access Control model uses a directed graph to specify rights that can be transfered from subject to object? |
No Read up No Write down.
The Take Grant Model. |
|
|
What the Orange book based of off?
What Security Model is known for Read Down Write UP |
The Bell Lapadula Security Model.
The Bell Lapadula Security Model. |
|
|
What leg of the CISSP does the Bell Lapadula address?
What Orange Book Security Rating is concerned with Covert Channels? |
Confidenciality.
B-2 |
|
|
Which TCSEC defines manditory Protections?
Copy Write laws protect what? |
B..
Expression of Ideas and licenses. |
|
|
What constitutional ammendment governs expression of ideas?
|
1st amendment
|
|
|
What US Code covers mulicous mischief?
What US Code Covers Wire-tape, Sniffing and looking for passwords? |
US Code 18, Section 1362
US Code 18 2510-2521 |
|
|
The Tear Drop Attack does what?
What is the Length of MD5? |
Modifies the packet length and fragmentation.
128 bits. |
|
|
IPv6 is composed of how many bits?
What service runs on port 25? |
128 bits.
SMTP. |
|
|
what layer of the OSI do Routing protocols work on?
Name two Routing Protocols |
Layer three - network layer
RIP and VRRP |
|
|
What service rely's on UDP?
What services rely on TCP? |
DNS.
FTP, Telnet, SMTP |
|
|
How is Standby lighting activated?
|
Suspicous Activity.
|
|
|
Name three Stratiges that CPTED relys on?
What is CPTED |
1. Territorality
2. Servalance 3. Access Control Crime Prevention Thru Environmental Design. |
|
|
Name three components of Good Security Architechture?
|
1. Holistic.
2. Strategic. 3. Allows for multiple implimentations. |
|
|
How many Common Criteria evaluation levels are there?
How many TCSEC evaluations levels are there and what are they? |
One thru Seven.
Seven |
|
|
What are the Seven TCSEC evaluation levels?
|
D = fails evaluation.
C1 = Discretionary Security Profile. C2 = Discretionary Access Profile. B1 = Manditory Labeled Security Profile. B2 = Manditory Structured Profile. B3 = Manditory Security Domains. A = Verified Design. |
|
|
What evaluation methods do the Europeans use?
What is the rating levels |
ITSEC.
E-0 thur E-6 |
|
|
What US organizations helped creat the Common Critera?
TCSEC Covers what part of the CISSP triadd? |
NIST and NSA.
Confidentiality. |
|
|
What does TNI mean?
What part of the CISSP triadd does TNI address? |
Trusted Network Interrelation.
Confidentiality, Integraty, Availability. |
|
|
What does ITSEC stand for?
What nations uses ITSEC? |
Information Technology Security Evaluation Criteria.
European Nations |
|
|
What ISO governs the Common Criteria?
What does TCSEC stand for? What eval system does the Orange book use? |
ISO 25408.
Trusted Computer System Evaluation Criteria. TCSEC. |
|
|
When a system is running in the supervised state can a program run a nonpriviledged instruction?
Does the supervised state require a username and password? |
Yes.
Yes. |
|
|
What is BESAL - 2 used for and who uses it?
What type of Enterprise Architechture provides a Holistic model of the Enterprise? |
BESAL -2 is a financial risk assessment tool used by the Group of 8.
Zachmann |
|
|
What does ISO 17799, and 27001 govern?
|
Best practices for a security program.
|
|
|
Name five types of drills?
|
Checklist = distributing plan to managers for Comments.
Structured Walk Thru = All managers gather and discuss final plans. Simulation test = all parties gather for a practice exercise. Parrel test = testing of alternet sites. Full Interruption test = most intrusive. |
|
|
What systems should be brought back on line first?
When should the Disaster Recovery Plan be activiated? |
Least Critical.
After a Damage Assessment has been completed. |
|
|
What is a HOT site?
What is a Warm site? |
Complete replica of your site.
Partially configured, best for companies that have unusual hardware requirements. |
|
|
What is a Cold site?
What is a Redundant Site? |
Only provides the most basic requirements - electric, coms, AC, Wireing.
A complete duplicate of the orginal site. |
|
|
What determines the type of backup facility a site requires?
What is another word for disk Mirroring? |
Business Impact Anlysis.
Disk Shadowing. |
