Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
104 Cards in this Set
- Front
- Back
What is not a common Integrity Goal?
|
Present Path that could lead to inappropriate disclosure
|
|
List tools that can be used to assess your networks vulnerability?
|
ISS
SATAN Ballista |
|
What focuses on sustaining an organizations business functions during and after a disruption?
|
Business Continuity Planning
|
|
What elements should not be retained in an E-mail directory?
|
Permanent Records
|
|
Both TCP and UDP port numbers are?
|
16 Bits
|
|
According to Common Criteria, what can be described as an intermediate combination of security requirement components?
|
Package
|
|
IPSec provides security service within the IP by doing?
|
Providing traffice analysis protection
Determining the algorithm to use for IPSec services. Putting in place any cryptographic keys required to provide the requested services |
|
What is the PRIMARY advantage of secret key encryption systems as compared to public key systems?
|
Faster Speed Encryption
|
|
What ensures that attributes in a table depend only on the primary key?
|
Data Normalization
|
|
What is the difference between White-box testing and Black-box testing?
|
White-Box testing examines the program internal logical structure
|
|
At which phase of software development life cicle are security and access controls normally designed?
|
Detailed Design
|
|
what is the function of a Bridge?
|
A brige is a network device that connects two dissimilar networks. The primary funtion of the brige is to keep traffic separated on both sites of the bridge.
|
|
_________ refers to the number od columns in a table.
|
Degree
|
|
Detection capabilities of Host-based ID systems are limited by the incompleteness of their?
|
Auditing capabilities
|
|
______________ is the final stage of the development life cycle?
|
Maintenance
|
|
What correctly identifies the components of a Distributed Denial of Service Attack?
|
Client, Handler, agent, Target
|
|
What is most relavent to determining the maximum effective cost of access control?
|
The value of the information that is protected
|
|
What is used to create and delete views and relations within tables?
|
SQL Data Definition Language
|
|
What is the proper term to refer to a single unit of IP data?
|
Datagram
|
|
To ensure least privilege requires that_____________is identified
|
What the users job is
|
|
What ensures that control mechanisms correctly implement the security policy for the entire life cycle of an information system?
|
Assurance Procedure
|
|
What is a true statement about the bottom 3 layers of the OSI Reference Monitor?
|
They support components necesarry to transmit network messages
|
|
Which type of attack is MOST effrctive against an IPSec based VPN?
|
Man-in-the-Middle Attack
|
|
What is the advantage of usinghigh-level programming language?
|
It decreases the total amount of code writers.
|
|
What is the Software Capability Maturity Model?
|
This model is based on the premise that the quality of a software product is a direct function ofthe quality of it's associated software development and maintenance processes, introduces five levels with which that maturity of an organization involved in the software process is evaluated.
|
|
What CANNOY be prevented by the Secure Shell (SSH) program?
|
Comprimise of the secure/destination host
|
|
What falls under the category of Configuration Management?
|
Operating System Configuration
Software Configuration Hardware Configuration |
|
For what reason would a network administrator leverage promisous mode?
|
To monitor the network to gain a complete statistical picture of activity
|
|
A server Farm is an example of?
|
Server Clustering
|
|
According to ISC2, what should be the fire rating for the walls of an information processing facility?
|
All Wall must have a minimum 2 hour rating
|
|
Why would a database be denormalized?
|
To increase processing effiency
|
|
What is Message Authentication Code?
|
It was developed in order to protect against fraud in electronic fund transfers (EFT)
|
|
Network based IDS's?
|
Monitor network traffice in real time
|
|
What is the most excepted way to dispose of data held on a floppy disk
|
Degaussing
|
|
A momentary power outage is called?
|
A Fault
|
|
If your property has has an Actula Cost Evaluation claues your damaged property will be compensated?
|
Based on the value of the item on the date of loss + 10%
|
|
Lattice Based Access Conrtol model is also called?
|
Security Label
|
|
In which way does SSL server prevent a man-in-the-middle attack?
|
It uses signed certificates to authenticate the server's public key
|
|
What surpresses the fuel supply of the fire?
|
Soda Acid
|
|
List the 3 main performance issues in Biometrics?
|
FRR - type 1 Error
FAR - Type 2 Error CER - the percentage in which the FRR equals the False Acceptance Rate |
|
Sattellite transmissions are easily intercepted because?
|
A satellite Footprint is very large
|
|
The initial phase of the developemtn life cycle would normally include?
|
Executive project approval
|
|
RBAC, roles are based on?
|
Hierarchy
|
|
Controlled Security Mode is also known as?
|
Multilevel Security Mode
|
|
What type of an attack does an attacker try, from several encrypted messages, to figure out the key using the encryption process?
|
Ciphertext Only Attack
|
|
What superceded the use of 8mm tape format used in Helical Scan Tape Drives?
|
Digital Linear Tape (DLT)
|
|
Fault tolerance countermeasures are designed to combat threats to?
|
Design Reliability
|
|
PGP provides?
|
Confidentiality
Integrity Autenticity |
|
Public key cryptography provides integrity verification through the use of public key signature and?
|
Private Key Signature
|
|
Which Server continguency solution offers the highest availablity?
|
Load Balancing and disk Replication
|
|
Which set of Principles task constitue Configuration Management?
|
It involves identifying, controlling, and auditing all changes made to the system.
|
|
Secure Hash Algorithm (SHA) is specified in?
|
Digital Encryption Standard
|
|
Title II of HIPPA includes a section, Administration Simplification, not requiring:
|
Protection of availablility of health data through setting and enforcing standards
|
|
Within the OSI Reference model, authentication addresses the need f5or a network entity to verify both?
|
The Identity of a remote communicating entity and the authenticity of the source of the data that are received
|
|
What is not a weakness of symmetric cryptography?
|
Speed
|
|
The most prevalent cause of computer center fires is?
|
Electrical Distrbution systems
|
|
What is the most effective means of determining how controls are functioning within an operating system?
|
Review of software control features and or parameters
|
|
What level of assurance for digital certificates verifies a users name, address, SSI#, against a credit bureau database?
|
Level 2
|
|
What physical characteristics does a retinal scan deive measure?
|
The pattern of blood vessels in the back of the eye
|
|
With regards to databases, which of the following characteristics of ease of reusing code and analysis and reduced maintenance?
|
Object Oreinted Data Base
|
|
In RADIUS Architecture, which of the following acts as a client?
|
Network Access Server- the client is responsible for passing user information to the designated RADIUS servers, and then acting on the response, which is returned.
|
|
Packet Filtering Firewalls are?
|
First generation
|
|
What is a test cgi attack?
|
attacks will pass through a network layer intrusion detection system undetected
|
|
A BIA assessment usually takes the form of these four steps?
|
1. Gathering the needed assessment materials
2. Performing the vulnearbility assessment 3. Analyzing the information compiled 4. Documenting the results and presenting reccommendations |
|
What is a Protected Subsystem?
|
an application program that operates outside the operating system and carries out functions for a group[ of users, maintains some common data for all users in the group, and protects the data from improper access by users in the group.
|
|
_________ sends out a message to all other computers indicating its going to send out data
|
CSMA/CA
|
|
What can be defined as a momentary low voltage?
|
Sag
|
|
The ISC2 Code of Ethics does not include_________ behaviors for a CISSP
|
Control
|
|
What should a company do first when disposing of personal computers that once were used to store confidential data?
|
Demagnatize the Hard Drive
|
|
What are some characteristics of concerning Application Control?
|
Is non-transparent to the endpoint applications so changes are needed to the application involved
|
|
Telnet and rlogin use which Protocol?
|
TCP
|
|
What used protection profiles and security targets?
|
The Common Criteria - the official name is IS 15408
|
|
Attacks on Smart Cards can be?
|
Physical attacks
Trojan Horse attacks Logical Attacks and Social engineering Attacks |
|
What type of packets should not be dropped at a firewall protecting an organizations internal network?
|
Outbound packets with an external destination IP address.
|
|
A security policy would include?
|
Background
Audit Requirements Enforcement |
|
A Business Continuity Plan is an example of a?
|
Corrective Control
|
|
What describes the elements that create reliability and swtability in networks and which assures that connectivity is accessible when needed?
|
Availability
|
|
Which security ,measure is the BEST provides non-repudiation in electronic mail?
|
Digital Signature
|
|
What does Multipurpose Internet Mail Extensions (S/MIME) offer?
|
Authentication and privacy email through secure attachments
|
|
Why are packet filtering routers NOT effective against mail bomb attacks?
|
Filters do not examine the data portion of the packet
|
|
What are the methods and techniques for cost estimation?
|
Expert's Evaluation
Delphi Bottom-up approaches Empirical Models COCOMO Function Points Combining Methods |
|
Software generated passwords have what drawback?
|
They are not easy to remember
|
|
What does ESP provide?
|
It provides integrity and confidentiality for IP transmissions
|
|
What mechanism support IDS Systems?
|
Configuring built-in alerts
|
|
What best describes ISDN BRI?
|
2 B Channels
1 D Channel |
|
What is not a basic security service defined by the OSI?
|
Routing Control
|
|
What is an indirect way to transmit information with no explicit reading of confidential information?
|
Covert Channels
|
|
What is the effective key size of DES?
|
56 Bits
|
|
What are necessary components of a Multi-Level Security Policy?
|
Sensitivty Labels and mandatory access
|
|
What focuses on the basic features and architecture of a system?
|
Operational Assurance
|
|
Separation of duty can be?
|
Static or Dynamic
|
|
Pertaining to disaster Recovery, when returning to the primary site?
|
The most critical applications should NOT be brought back first
|
|
How do Preventive Technical Controls protest system integrity and availability?
|
By limiting the number of users and/or processes?
|
|
What two factors should a backup program track to ensure the serviceability of backup tape media?
|
The Physical characteristics and the rotation cycle of the media
|
|
Fault Tolerance Counter Measures are used designed to combat threats to?
|
Design Reliability
|
|
The intent of least privilege is to enforce the most restrictive user rights required?
|
To execute authorized task
|
|
Applicastion based IDS normally utilize information from?
|
Application transaction log files
|
|
Access to the _________accont on a Unix server must be limited to only the system administrators that must absolutely have this level of access.
|
Superuser or root
|
|
How does SOCKS protocol secure Internet Protocol (IP) connections?
|
By acting as a connection proxy
|
|
what division of the Orange book deals with discretionary protection?
|
C
|
|
what is called the standard format that was established to set up and manage Security Associations on the Internet in IPSec?
|
Internet Security Association and Key Management Protocol
|
|
Identification established?
|
Accountability
|
|
Which phase of a system development life-cycle is most concerned with authenticating users and processes to ensure appropiate access control decisions?
|
Operations/Maintenance
|
|
what best defines the "WAP GAP" security issue?
|
The fact that WTLS transmissions have to be decrypted at the carrier's WAP gateway to be re-encrypted with SSL for use over wired networks
|