Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
194 Cards in this Set
- Front
- Back
|
Name the three Threat Modelling Techniques? |
Attackers, Software and Assets |
|
|
Name the US government agency who is responsible for administering the terms of privacy shield agreements between the EU and US under the EU GDPR |
Department of Commerce |
|
|
GLBA Gramm-Leach-Bailey Act contains |
Provisions regulating to privacy of customers financial information. It applies specifically to Financial institutions |
|
|
NIST SP800-53 Security Controls |
Baseline |
|
|
CDN (Content Distributed Network) |
Designed to provide reliable, low-latency, geographically distributed content |
|
|
Forensic Disk Controller |
Performs four functions, write blocking, returning data requested by a read operation, access-significant information from the device, reporting errors from the device back to the forensic host |
|
|
Which Kerberos service generates a new ticket and session keys |
TGS (Ticket-Granting Service) usually on the same server as the KDC |
|
|
Asynchronous rely on |
Built-in stop and start flag or bit which makes asynchronous communication less efficient than synchronous |
|
|
Why type of motion detector uses microwave frequency signal |
Wave Pattern motion detectors transmit ultrasonic or microwave signals into the monitor area |
|
|
Stateful Packet inspection firewall |
Know as dynamic packet filtering firewalls, track the state of a conversation and can allow a response from a remote system |
|
|
Static packet filtering and circuit level gateways only |
Filter based on source, destination and ports |
|
|
Application-level gateways firewalls |
Proxy traffic for specific applications |
|
|
Clipping is |
An analysis technique that only reports alerts after they exceed a set threshold |
|
|
Sampling is |
Is a more general term that describes any attempt to excerpt records for review |
|
|
Inference attack |
The attacker uses several pieces of general nonsensitive information to determine a specific value |
|
|
Isolation requires |
That transactions operate separately from each other |
|
|
Atomicity ensures |
That if any part of a database transaction fails, the entire transaction must be rolled back as if it never occurred. |
|
|
Durability requires |
That once a transaction is committed to the database it must be preserved |
|
|
Worms have |
Built-in propagation mechanisms that do not require user interaction |
|
|
Viruses and Trojan horses typically require |
User interaction to spread |
|
|
Logic bombs do not |
Spread from system to system but lie in wait until certain conditions are met |
|
|
How many possible keys uses 6-bit encryption keys |
2x2x2x2x2x2=64 |
|
|
The US trusted foundry program helps to |
Protect the supply chain for components and devices by ensuring that the companies that produce and supply them are secure |
|
|
TEMPEST is |
The name for a program aimed at capturing data from electronic emissions |
|
|
MITRE conducts |
Research and development for the US government |
|
|
Knowledge-based authentication relies |
On answers to preselected information |
|
|
Dynamic knowledge-based authentication |
Builds questions using facts or data about the user. |
|
|
Risk-based identity proofing |
Uses risk-based metrics to determine whether identities should be permitted or denied access |
|
|
A honeypot is a |
Decoy computer system used to bait intruders into attacking |
|
|
A honeynet is a |
Network of multiple honeypots that creates a more sophisticated environment for intruders to explore |
|
|
A pseudoflaw is a |
False vulnerability in a system that may attract an hacker |
|
|
A darknet is a |
Segment of unused network address space that should have no network activity, therefore, maybe easily used to monitor for illicit activity |
|
|
C, C++ and Java are all |
Compiled languages - a compiler produces an executable girl that is not human readable |
|
|
JavaScript is an |
Interpreted language so code in not compiled prior to execution and is readable by humans |
|
|
Shadowed passwords contain |
Only character x in /etc/passwd |
|
|
SYN floods rely on |
TCP implementation on machines and network devices to cause denial of service |
|
|
Due care principe states |
That an individual should react in a situation using the same level of care that would be expected from any reasonable person |
|
|
Due diligence principle is |
A specific component of due care that states an individual assigned a responsibility should exercise due care to complete it accurately and in a timely manner |
|
|
Synthetic monitoring is |
proactive monitoring and uses recoded or generated traffic to test systems and software |
|
|
Proximity card uses |
Electromagnetic coil inside the card |
|
|
Parallel test the |
Team actually activates the disaster recovery site for testing but the primary remains operational |
|
|
Parallel test the |
Team actually activates the disaster recovery site for testing but the primary remains operational |
|
|
Full interruption test the |
Team takes down the primary site and confirms that the disaster recovery site is capable of handling regular operation |
|
|
The checklist review is the |
Least disruptive type of disaster recovery test. During a checklist review, team members each review the contents of their recovery checklist on their own and suggest any necessary changes. |
|
|
The checklist review is the |
Least disruptive type of disaster recovery test. During a checklist review, team members each review the contents of their recovery checklist on their own and suggest any necessary changes. |
|
|
Tabletop exercise |
Team members come together and walk through a scenario without making any changes to information systems |
|
|
MTD ( Maximum tolerable downtime) is |
The amount of time that a business maybe without a service before irreparable harm occurs. This measure is sometimes also called maximum tolerable outage (MTO) |
|
|
TOC/TOU (time of check/time of use) attack’s |
that change a symlink between the time that rights are checked and the file is accessed |
|
|
Smart cards are |
Type 2 Authenticator and include both a microprocessor and at least one certificate |
|
|
Masquerading or impersonation attack’s use |
Stolen or falsified credentials to bypass authentication mechanisms |
|
|
OpenID connect is an |
Authentication layer that works with OAuth 2.0 as its authorisation framework |
|
|
Separation of duties |
Not allowing the same person to hold two roles that when combined are sensitive |
|
|
Parol evidence rule states |
When an agreement between two parties is put into written form, it is assumed to be the entire agreement unless amended in writing. |
|
|
Best evidence rule says |
That a copy of a document is not admissible if the original document is available |
|
|
RTO ( Recovery time objective) is |
The amount of time expected to return an IT service or component to operation after failure |
|
|
RTO ( Recovery time objective) is |
The amount of time expected to return an IT service or component to operation after failure |
|
|
RPO (Recovery point objective) identifies |
The maximum amount of data, measured in time that maybe lost during recovery effort |
|
|
RTO ( Recovery time objective) is |
The amount of time expected to return an IT service or component to operation after failure |
|
|
RPO (Recovery point objective) identifies |
The maximum amount of data, measured in time that maybe lost during recovery effort |
|
|
SLA ( Service level agreement) are |
Written contracts that document service expectations |
|
|
Class b extinguishers use |
Carbon dioxide or soda acid as their fire suppression material and are useful against liquid based fires. |
|
|
The seven principles that the EU US privacy shield are |
choice, accountability, security, data integrity, access, recourse, enforcement and liability |
|
|
DMCA ( Digital Millennium Copyright Act) provides |
Safe harbour protection for the operators of internet service providers who only handle information as a common carrier for transitory purposes |
|
|
NIST SP 800-18 what action should be taken when significant change occurs in the system |
According to NIST SP 800-18 a system owner should update the system security |
|
|
Before granting any user access to information you should |
Verify that the user has an appropriate security clearance as well as a business need to know the information |
|
|
De-encapsulation is the |
Process of removing a header and possibly a footer from data received |
|
|
De-encapsulation is the |
Process of removing a header and possibly a footer from data received |
|
|
Encapsulation occurs |
When the header and or footer are added |
|
|
Metasploit |
Tool used to exploit known vulnerabilities |
|
|
Nikto is a |
Web application and server vulnerability scanning tool |
|
|
Ettercap is a |
Man in the middle attack tool |
|
|
THC Hydra is a |
Password brute force tool |
|
|
SPML ( Service provisioning Markup language) uses |
Requesting authorities to issue requests to provisioning service point. |
|
|
SPML ( Service provisioning Markup language) uses |
Requesting authorities to issue requests to provisioning service point. |
|
|
SAMPL is an |
Algebraic modelling language |
|
|
SPML ( Service provisioning Markup language) uses |
Requesting authorities to issue requests to provisioning service point. |
|
|
SAMPL is an |
Algebraic modelling language |
|
|
XACML is an |
Access control markup language used to describe and process access control polices in an XML format |
|
|
MAC ( Mandatory access control) systems can be |
Hierarchical, compartmentalised, hybrid |
|
|
Smurf attack’s use |
A distributed attack approach to send ICMP echo replies at a targeted system from many different source addresses |
|
|
Static packet filtering firewalls are known as |
First generation firewalls and do not track connection states. |
|
|
TKIP is only used |
As a means to encrypt transmission and is not used for data at rest |
|
|
RSA, AES and 3DES are all used on data |
At rest as well as data in transit |
|
|
Generational fuzzing is |
Known as intelligent fuzzing because it relies on the development of data models using an understanding of how the data is used by the program |
|
|
Latency is a |
Delay in the delivery of packets |
|
|
Jitter is a |
Variation in the latency for different packets |
|
|
Jitter is a |
Variation in the latency for different packets |
|
|
Interference is |
Electrical noise or other disruption that corrupts the contents of packets |
|
|
SCAP (Security Content Automation Protocol) is a |
Suite of specifications used to handle vulnerability and security configuration information. The national vulnerability database provided by NIST uses SCAP |
|
|
The three components of DevOps are |
Software development, operations and quality assurance |
|
|
Common types of structural coverage include |
Statement, branch or decision coverage, loop coverage, path coverage and data flow coverage |
|
|
RAM is |
Volatile RAM meaning that they are only available while power is applied to the memory chips |
|
|
EPROM, EEPROM and flash memory are all |
Nonvolatile meaning that they retain their contents even when powered off |
|
|
Limit Checks are |
Special form of input validation that ensure the value remains within an expected range |
|
|
SNMP is a |
UDP based service, UDP has no way of sending back errors so the system will switch protocols and use ICMP to send back information, of errors occur it will be a ICMP type 3 error |
|
|
Trike is a |
Threat modelling methodology that focuses on risk based approach |
|
|
VAST is a |
Threat modelling concept based on agile project management |
|
|
Polymorphic viruses actually |
Modify their own code as they travel from system to system. The virus’s propagation and destruction techniques remain the same but the signature of the virus is somewhat different each time it infects a new system.. |
|
|
Agile Manifesto says |
You should build projects around motivated individuals |
|
|
Request control process |
Provides an organised framework within which users can request modifications, managers can conduct cost/benefit analysis and developers can prioritise tasks |
|
|
Remote mirroring |
Maintains mirrored images of servers at both the primary and alternate sites |
|
|
A user entitlement audit can |
Identify whether users have excessive privileges |
|
|
A user entitlement audit can |
Identify whether users have excessive privileges |
|
|
Knowledge based or signature based IDS is |
Effective only against know attack methods |
|
|
A user entitlement audit can |
Identify whether users have excessive privileges |
|
|
Knowledge based or signature based IDS is |
Effective only against know attack methods |
|
|
A behaviour based IDS |
Starts by creating a baseline of activity to identify normal behaviour and then measures system performance against the baseline to detect abnormal behaviour, allowing it to detect previously unknown attack methods |
|
|
TCP ACK scan sends |
An ACK packet simulating a packet from the middle of an already established connection |
|
|
NAC (Network Access Control) operates in a |
Pre-admission philosophy meaning it must meet all current security requirements before it is allowed to communicate with the network |
|
|
Screen scraping is a technology that can allow |
An automated tool to interact with a human interface |
|
|
User mode is the |
Basic mode used by the CPU when executing user applications. |
|
|
Three common means of ranking or rating threats are |
DREAD, Probability * Damage Potential and high/Med/Low |
|
|
Defense in depth is also know as |
Layering |
|
|
What phase of business impact assessment calculates the SLE |
Impact assessment |
|
|
FISMA (Federal Information Security Management Act) |
Passed in 2002 requires that federal agencies implement an information security program that covers the agency’s operation |
|
|
Owners have ultimate responsibility for |
The data and ensuring that it is classified properly |
|
|
Owners have ultimate responsibility for |
The data and ensuring that it is classified properly |
|
|
Administrators |
Assign permissions based on the principle of least privilege and need to know.. |
|
|
Custodian |
Perform day to day security task ( backups etc) protects integrity and security of data |
|
|
Deterrent access control is |
Deployed to discourage violations of security policies |
|
|
Diffie Hellman algorithm allows |
The exchange of symmetric encryption keys between two parties over an insecure channel |
|
|
Simulation test |
Are similar to the structured walk-throughs. In simulation tests, disaster recovery team members are presented with a scenario and asked to develop an appropriate response |
|
|
Input validation protects against |
XSS Cross site scripting |
|
|
Trust |
Comes first, trust is built into a system by crafting the components of security |
|
|
Differential backups store |
All files that have been modified since the time of the most recent full backup.. |
|
|
BCP is the |
Preventive practice of establishing and planning for threats to business flow including natural and unnatural risk and threats to daily operations |
|
|
DBMS supports |
One to many relationships often expressed in a tree structure (Hierarchical) |
|
|
Spiral model allows |
Developers to repeat iterations of another life cycle model such as the waterfall model |
|
|
An intrusion detection system IDS |
Is a product that automates the inspection of audit logs and real time event information to detect intrusion attempts |
|
|
The operation security triple is |
The relationship between assets, vulnerabilities and threats |
|
|
Trade mark R symbol is reserved |
For trademarks that have received official registration status by the US patent and trade mark office |
|
|
NIST (National Institute of Standard and Technology) is |
Responsible for developing standards and guidelines for federal computer systems |
|
|
How many times may an owner of a trademark renew the trade make |
Unlimited on the number of 10 year renewals |
|
|
Name a natural disaster with no warming |
Earthquake |
|
|
To be admissible evidence must be |
Relevant, material and competent |
|
|
Indicative |
Serving as a sign or indication of something |
|
|
Industrial espionage is |
Usually considered a business attack |
|
|
In an agile software development process how often should business users be involved ? |
Agile development process requires that business users interact with developers on a daily basis |
|
|
The cardinality of a table refers to |
The number of rows in the table |
|
|
Degree of a table is the |
Number of columns |
|
|
Which type of alarm system broadcasts a range of 400 feet |
Local alarm systems, are locally controlled broadcasts systems that emit audible signals (A fire alarm is an example of a local alarm system) |
|
|
Which type of alarm system signals a monitoring station |
Centralised alarm systems remotely monitor sensors spread around a business facility or campus and trigger on some specified event |
|
|
Database views |
Use SQL statements to limit the amount of information that a user can view from a table |
|
|
A momentary loss of power is a |
Fault |
|
|
Companion viruses |
Self contained exe files with file names similar to those of systems or programs |
|
|
Concentric circle security model represents |
The best practice known as defense in depth |
|
|
Technical physical security controls include |
Access controls, intrusion detection, alarms, closed circuit television, monitoring, heating, ventilating, and HVAC, power supplies, fire detection and suppression |
|
|
An electronic access control lock comprises three elements |
An electromagnet to keep the door closed, a credential reader to authenticate the subject and to disable the electromagnet, and a door closed sensor to reenable the electromagnet |
|
|
Content-dependent control |
Is focused on the internal data of each field |
|
|
Low Orbit Lon Cannon (LOIC) |
A tool used to for DDOS |
|
|
Hijack attack |
An off shoot of a man in the middle attack a malicious user positioned between a client and server and then interrupts the session and takes it over.. |
|
|
Man in the middle attack |
Doesn’t interrupt the session and take it over |
|
|
Formula used to compute the ALE |
ALE = AV * EF * ARO the shorter version is ALE = SLE * ARO |
|
|
First step of the business impact assessment process |
Identification of priorities |
|
|
Sampling or data extraction |
Is the process of extracting specific elements from large collections of data or larger body of data to construct a meaningful representation or summary of the whole. In other words, sampling is a form of data reduction. |
|
|
ALE expectancy of 1% of 125000000 |
125000000 * 1% = |
|
|
Impact assessment |
Loss expectancies are a measure of impact and are calculated. |
|
|
USGS (US Geological Survey) provides |
Detailed earthquake risk data |
|
|
Manual review systems |
Observer or auditor of manual review systems is directly responsible for recognising the failure of a system |
|
|
Manual review systems |
Observer or auditor of manual review systems is directly responsible for recognising the failure of a system |
|
|
What is the goal of BCP |
To ensure RTO are shorter than MTDs |
|
|
Heuristic detection techniques |
Develop models of normal activity and then identify deviations from baseline |
|
|
Omissions and errors |
Are difficult aspects to protect against, particularly as they deal with human or circumstantial origins |
|
|
Traffic analysis and Trend analysis |
Are forms of monitoring that examine the flow of packets rather than the actual contents |
|
|
Auxiliary alarm systems |
Facilitate local, remote and centralised alarm systems by notifying external sources, (police, fire medical) |
|
|
Evidence collection |
Takes place during the response phase of the incident |
|
|
Electronic vaulting |
Uses bulk transfer to copy database contents to a remote site on a periodic basis |
|
|
Parallel test |
Involves relocating personnel to alternate site and implementing site activation procedures |
|
|
Multistate processing systems |
Can handle multiple security levels simultaneously |
|
|
Trademarks are used to protect |
Words, slogans that represent a company and its products or services |
|
|
Are all compliance obligations dictated by state, federal or international law |
No, some are such as PCI DSS |
|
|
Code of Federal Regulations (CFR) is an |
Example of administrative law |
|
|
What federation formalises the Prudent man rule |
Federal Sentencing Guidelines |
|
|
Trademarks are |
Issued every 10 years and be renewed for unlimited successive.. |
|
|
Fourth Amendment protects individuals |
against wiretapping and other invasions of privacy |
|
|
Substitution Cipher |
Changes the value of individual characters in a message |
|
|
The principle of Security |
Requires proper mechanisms to protect data against loss, misuse and authorised disclosure |
|
|
FERPA (Family Educational Rights and Privacy Act) protects |
The rights of students |
|
|
User Mode |
Used by the CPU when executing user instructions. Used to protect users from accidentally damaging the system through poorly designed code |
|
|
10 system is |
A code used in radio communications for brevity and clarity |
|
|
MD5 algorithms produces |
128-bit hashes regardless of size |
|
|
Duration of trade secret protection under federal law |
No limit (unlimited) |
|
|
Clark Wilson model is used for |
Commercial applications it focus is on data integrity |
|
|
Bell-LaPadula is used most often for |
Military applications |
|
|
Bell-LaPadula is used most often for |
Military applications |
|
|
Nash Model applies to |
Datasets usually within database management systems |
|
|
What is the purpose of a military and intelligence attack |
To acquire classified information |
|
|
Candidate key |
Can be used to uniquely identify any record in a table |
|
|
Failing to perform periodic security audits can result in |
The perception that due care is not being maintained.. |
|
|
User entitlement audit can |
Detect when employees have excessive privileges |
|
|
User entitlement audit can |
Detect when employees have excessive privileges |
|
|
Asset valuation |
Identifies that value of an asset |
|
|
Threat modelling identifies |
Threats to valuable assets |
|
|
Primary benefit of a patch management system |
Prevents outages from known attacks |
