• Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off
Reading...
Front

Card Range To Study

through

image

Play button

image

Play button

image

Progress

1/145

Click to flip

Use LEFT and RIGHT arrow keys to navigate between flashcards;

Use UP and DOWN arrow keys to flip the card;

H to show hint;

A reads text to speech;

145 Cards in this Set

  • Front
  • Back
What does EAL Stand For?
Evaluation Assurance Level
How Many EAL Levels are there? Name Them?
• EAL 1 Functionally tested
• EAL 2 Structurally tested
• EAL 3 Methodically tested and checked
• EAL 4 Methodically designed, tested, and reviewed
• EAL 5 Semiformally designed and tested
• EAL 6 Semiformally verified design and tested
• EAL 7 Formally verified design and tested
Name the different types of Access Control And What they Do?
• Recovery Access Control - focuses on restoring resources.
• Preventive Access Control – to avoid occurrence
• Detective Access Control – In order to detect or identify occurrences
• Deterrent Access Control – In order to discourage occurrences
• Corrective Access Control – In order to correct or restore control
The Trusted Computer Security Evaluation Criteria (TCSEC) provides:
o A basis for assessing the effectiveness of security controls built into automatic data processing system products.
o Provides guidelines to be used with evaluating a security product.
o Allows evaluators to measure and rate the functionality of a system and how trustworthy it is.
Orange Book:
The Operational Assurance Requirements are:
 System Architecture
 System Integrity
 Covert channel Analysis
 Trusted Facility Management
 Trusted Recovery
Orange Book:
The Life-Cycle Assurance Requirements:
 Security Testing
 Design Specification and Testing
 Configuration Management
 Trusted Distribution
Trusted Computing Base (TCB) is:
o It originates from the Orange Book
o It includes Hardware, Firmware, and software
o A higher TCB rating will require that details of their testing procedures and documentation be reviewed with more granularity
What is an Overt Channel?
a channel within a computer system or network that is designed for the authorized transfer of information. Processes should be communicating through overt channels not covert channels.
What is an Covert Timing Channel?
Allows one process to signal information to another by modulating its own use of system resources.
Penetration tests to provide all of the following:
 Identification of security flaws
 A method to correct the security flaws.
 Verification of the levels of existing infiltration resistance
What is an Encapsulated Security Payload (ESP)?
Is a header that when its added to an IP datagram, protects the confidentiality, integrity, and authenticity of the data.
What is Annualized Loss Expectancy (ALE)?
ALE when done properly portray risk accurately. ALE calculations provide a meaningful cost benefit analysis. ALE calculations are used to: Identify risks Plan budgets for information risk management Calculate loss expectancy in annualized terms. SLE x ARO = ALE single loss expectancy x annualized rate of occurrence
What do Circuit Based Firewalls do?
They look only at IP addresses and ports
What do Application based Firewalls do?
They dig deeper into the packet and this makes them more secure.
What is Keystrokes dynamics mean by Dwell Time?
The amount of time you hold down a specific key
What is Role Based Access Control (RBAC)?
It is an alternative to traditional discretionary (DAC) and mandatory (MAC) access control.
What is a RADIUS Protocol?
Protocol is used for carrying authentication, authorization, and configuration information between a network access server, which desires to authenticate its link and a Shared Authentication Server
What is Encrypted Authentication?
A form of authentication would most likely apply a digital signature algorithm to every bit of data that is sent from the claimant to the verified.
What is Kerberos?
Relies upon symmetric key cryptography, specifically Data Encryption Standard (DES) and provides end-to-end security for authentication traffic between the client and the Key Distribution Center (KDC)
How does Kerberos Work?
o It depends on symmetric ciphers
o It depends on Private Key cryptography
o provide end-to-end security
o Most work with cryptography keys and shared secret keys (private keys) instead of passwords
SSO stands for?
Single Sign-on
What Operating modes can implement SSO?
o Kerberos
o SESAME
o KryptoKnight
o NetSP
o Scripts Directory services
o Thin Clients
o Scripted access
Name the Symmetric Key Cryptography Protocols?
Kerberos
Biometrics -In terms of order of acceptance the list the methods in order of most to least accepted?
o Voice Pattern
o Keystroke Pattern
o Signature
o Hand Geometry
o Hand Print
o Finger Print
o Iris
o Retina Pattern – more intrusive than IRIS scan
What does Recovery Access Control focus on?
focuses on restoring resources
What does Preventive Access Control focus on?
to avoid occurrence
What does Detective Access Control focus on?
In order to detect or identify occurrences
What does Deterrent Access Control focus on?
In order to discourage occurrences
What does Corrective Access Control focus on?
In order to correct or restore control
What is Keystroke Dynamics?
Can measure one’s keyboards input up to 1000 times per second. Specifically, measures 2 distinct variables:
o Dwell Time – The amount of time you hold down a specific key
o Flight time – The amount of time it takes a person to switch between keys.
In terms of order of effectiveness list the Biometric Order:
Iris Scan
Retina Scan
Fingerprint
Hand Geometry
Voice Pattern
Keystroke Pattern
Signature
What is the act of requiring two of the three factors to be used in the authentication process?
Two-Factor Authentication
1.e PIN Number + Smart Card or Token
"Integrity and Security of Data" is a KEY responsibility for?
Custodian of Data
List the elements included in a Public Key Infrastructure (PKI)?
a. Timestamping
b. Light Weight Directory Access Protocol (LDAP)
c. Certificate Revocation
List two valid categories for Hand Geometry Reading?
1. Mechanical
2. Image-Edge Detection
A proxy based firewall has which of the following advantages over a firewall employing stateful packet inspection?
It has greater "Network Isolation"
Who developed the Trusted Computer Security Evaluation Criteria?
The National Computer Security Center (NCSC)
Under DAC, a subjects rights must be _____ when it leaves an organization.
Terminated
A Gap Analysis for Security refers to:
The practice of identifying the security policies and practices currently in place your organization designed to protect all your data from unauthorized access, altercation or inadvertent disclosures.
List the items that are identified by a Business Impact Analysis (BIA):
1. Analyizing the threats associated with each functional area.
2. Determining the risk associated with each threat.
3. Identifying the major functional areas of information.
List three types of One Time Password Generators (tokens):
1. Tranaction Synchronous
2. Synchronous/PIN Synchronous
3. ASynchronous/PIN Synchronous
Frame-Relays uses a public Switched Network to provide?
Wide Area Network Connectivity
Individual Accountability Includes?
Unique Identifiers
Access Rules
Audit Trails
What is being referred to when the work product is satifying the real-world requirements and concepts?
Validation
What are the characteristics of Object-Oriented Data Bases (OODB)?
1. Ease of reusing Code & Analysis
2. Reduced Maintenance
What is the Primary advantage of using separate authetication server?
Audit and Access information are not kept on the access server
What is a common limitation of information classification systems inability to?
The ability to declassify information when appropriate
What is the proper term to refer to a single unit of TCP data at the transport layer?
TCP Segment
A weak key of an encryption algorithm has the following property?
It facilitates attacks against the algorithm
TCSEC provides a means to evaluate?
The trustworthiness of an information system
The Orange book does not conver?
Networks and communications
Database management systems
What is INDIRECT ADDRESSING?
Type of memory addressing where the address location that specified in the program instruction contains the address of the final desired location
How does CSMA/CD computers communicate?
It uses the media access method used in ethernet.
List the Administrative Controls:
1. Separation of duties
2. Job Rotation
3. Least Priviledge and Need-to-know
4. Manadatory Vacations
5. Clipping Levels
Open Box testing, in the Flaw Hypothesis Method of Penetration Testing applies to the analysis of?
General Purpose Operating Systems
Who developed one of the first mathematical models of a multilevel-security computer system?
Bell and LaPadula
During the testing of the business continuity plan BCP, which method of result analysis provides the BEST assurance that the plan is workable?
Quantitatively measuring the results of the test
Zip/Jaz drives are frequently used for the individual backups of small data sets of?
Specific Application Data
What would best describe secondary evidence?
A copy of a peice of evidence
According to the principal of accountability, what action should be traceble to a specific user?
Significant - any significant action should be traceable to a specific user
What is true with pre-shared key authentication within IKE/IPsec Protocol?
Pre-shared key authentication is normally based on simple passwords.
Only one preshared key for all VPN connections is needed.
Costly key management on large user groups.
What is the main responsibility of the Information Owner?
Determining what level of classification the information requires.
A system uses a numeric with 1-4 digits. How many passwords need to be tried before it is cracked?
10000 - The largest 4 digit number is 9999 so 10,000 is the closest answer.
Virtual Private Network software does not encrypt?
Data link Messaging
What is the Primary feature of a Proxy Server?
Client Hiding
Computer crime is generally made possible by?
Victim Carelessness
A firewall can be classified as a _____________ access Control?
Rule-based access control
Which department managers would be best suited to oversee the development of an information security policy?
Business Operations
What are Decision Support Systems (DSS)?
DSS emphasizes flexibility in the decision making approach of users.
Which Levels MUST be protected against both covert storage and covert timing channels?
B3 and A1
What is the purpose of undertaking a parallel run of a new system?
Verify that the system provides required business functionality
What best ensures accountability of users for actions taken within a system or domain?
Identification - Identification is the process by which a subject professes an identity and accountability.
An instruction that the amount of the gross pay for any one employee cannot exceed 2500, is an example of a control that is referred to as a?
Limit Check
What is an advantage of deploying Role-based access control in large networked applications?
Lower Cost
When continuosly availability is required, what is a good alternative to tape backups?
Hierarchical Storage Managment (HSM) - provides continuous on-line backup by using optical or tape "jukeboxes" similar to "WORMs"
A periodic review of user account managment should not determine?
The strength of user-chosen passwords.
Which access control method gives "UPDATE" privilege on Structured Query Language (SQL) database objects to specific users or groups?
Mandatory
Describe Kerchoff's Assumption on cryptographic attack?
The Key is secret the Algorithm is known.
what evaluates the product against the "Specification"?
Verification - this term is used when making a comparison of a product against specification.
Evidence corroboration is acheived by?
Maintaining all evidence under the control of an independent source
Dual-Gateway Host
Is not considered a firewall technology
Which RFC talks about Rule Based Security Policy?
2828
In the OSI/ISO Model, at what level is SET (Secure Electronic Transaction Protocol) provided?
Application Layer
What is a Zephyr Chart?
Typically used to illustrate the comparative strengths and weaknesses of each biometric technology.
At what TCSEC or ITSEC security level are database elements first required to have security lables?
B1/E3
What cannot be undertaken in conjunction with computer incident handling?
System Development Activity
Which OSI layer provides TCP/IP end-to-end security?
Presentation & Session - The primary technology for layer 5 is a gateway. The following protocols operate within the session layer:
SSL, NFS, SQL, RPC
The presentation layer is responsible for transforming data received from the application layer into a format that any system following the OSI model can understand.
Which aspect of security was the Bell-LaPadula access control model designed to protect?
Confidentiality
Buffer overflow and boundary condition errors are subsets of?
Input validation errors
List some valid reasons to use external penetration service firms rather than corporate resources?
They are more cost-effective
They offer a lack of corporate bias
They ensure more complete reporting
What is a characteristic of a penetration testing project?
The project task are to break into a targeted system
Whast is true about data encryption as a method of protecting data?
It requires careful key management
what is called the verification that a user's claimed identity is valid and is usually implemented through a user password at log-on time?
Authentication
What is not a known type of Message Authentication Code(MAC)?
Signature-based MAC
The RSA Algorithm uses which mathematical concept as the basis of its encryption?
Large Prime Numbers
What is type 2 authentication factor?
Something you Have
Under MAC, who may grant a right of access that is explicitly forbidden in the access control policy?
No one may grant a right of access that is explicitly forbidden in the access control policy
An example of an individual point of verification in a computerized application is?
A check digit
A SYD Attack?
Takes advantage of the way a TCP session is established
Which back-up method is most appropriate for off-site archiving?
Full backup method
What can be defined as the set of allowable values that an attribute can take?
Domain of a Relation
What is commonly used for retrofitting multilevel security to a database management system?
Trusted Front-End
According to the Orange Book, Trusted Facility Management is not required for which security level?
B1 - does not provide trusted facility management, the next highest level that does is B2
The underlying reason for creating a disaster planning recovery strategy is to?
Mitigate Risk associated with the disaster
What security risk does a Covert Channel Create?
It bypasses the Reference Monitor
What is an important fact affecting the time requited to perpetrate a manual trial and error attack to gain access to a target computer system?
Kespace for the password - Keyspace (or length of password) is the main detterent.
The alternative processing strategy in a business continuity plan can provide for required back-up computing capacity through a hot site, a cold site, or?
An online backup program.
_____________is the first step of access control
Identification - the 1st step in the access control process is identifying who the subject is
To ensure that integrity is attained through the Clark and Wilson model, certain rules are needed. These rules are?
Certification rules and Enforcement rules - Integrity-monitoring rules are called certification rules, and integrity-preserving rules are called enforcement rules
The recording of events with a closed-circuit TV camera is considered a ?
Detective Control
When parties do not have a shared secret and large quantities of sensitive information must be passed, the most effiecient means of transferring information is to use a hybrid encryption technique. what does this mean?
Use a public key to secure a a secret key, and message encrytion using the secret key
What enables users to validate each others certificate when they are certified under different certification hierarchies?
Cross-Certification
List three examples of protocls used in creating VPN's?
PPTP- works at the data link layer. Designed for individual client server connections, only a single point to point connection per session. PPTP uses native Point-to-Point authentication and encrytion services.
L2TP - L2TP is a combination of PPTP and earlier Layer 2 Forwarding Protocol (L2F) that works at the data link layer. It has become an accepted tunneling standard for VPN's. L2TP supports TACACS+ and RADIUS but PPTP does not. Does not encrypt like PPTP.
IPSec - operates at the network layer and enables multiple and simultaneous tunnels. IPSec has the funtionality to encrypt and authenticate IP data. It is built on the new IPv6 standard, and is used as an add-on to the current IPv4.
L2F
Failure of a contigency plan is usually?
A management failure
One of the diferences between Kerberos and Kyptoknight is that there is?
A peer-to-peer relationship amoung the parties and the KDC
File Integrity Routines and Audit Trail are examples of what?
Security Controls that would be found in a "trusted" application system
_________is the fraudulent use of telephone systems.
Phreaking
What is not an authentication method within IKE and IPSec?
CHAP
What is the purpose of certification path validation?
Check the legitamacy of the certificate in the certification path
What is defined as a key establishment protocol based on the Diffie-Hillman Algorithm proposed for IPSec but superceded by IKE?
Oakley
What is a trait of a macro virus that allows it to spread more effectively than other types?
They can be transported between differnet operating systems
What kind of evidence would printed business records, manuals, and printouts classify as?
Real Evidence
Access controls allow you to exercise directing influence over which aspects of a system?
Behavior
Use
Content
What is the main differnece between memory cards and smart cards?
Memory cards have no processing power
What correctly descibes Role based access?
It allows you to specify and enforce enterprise specific security policies in a way that maps to your organizational structure
How do Information Labels of Compartmented Mode workstation (CMW) differ from Sensitivity Levels of B3 evaluated systems?
Information labels contain more Sensitivity Labels, but are not used by the reference Monitor to determine access permissions
What is an effective communications error-control technique usually implemented in software?
Packet Checksum
PGP uses ______________ to encrypt data?
A symmetric Scheme
What can best be descibed as an abstract machine which must mediate all access to subjects to objects?
The Reference Monitor
What type of discretionary access control is based on an individuals identity?
Identity Based Access Control
In regards to computer crime what does MOM stand for?
Motivation
Opportunity
Means
RC5 is?
A symmetric encryption Algorithm
Which level of "least Privilege" enables operators the right to modify data directly in it's original location, in addition to data copied from the original location?
Access Change
Configuration Management controls?
Auditing and controlling any changes to the Trusted Computer Base.
What is the PRIMARY reason for designing the security kernel to be as small as possible?
Due to it's compactness, the kernel is easier to formally verify.
What is Polyinstantiation?
an environment characterized by information stored in more than one location in a database. Used in database information security to hide information
Configuration Management is a rquirement for what levels?
B2, B3, and A1
Regarding Packet Filtering:
It is based on ACL's
It is not application dependent
It operates at the network layer
Configuration Management controls?
Auditing and controlling any changes to the Trusted Computer Base.
Which level of "least Privilege" enables operators the right to modify data directly in it's original location, in addition to data copied from the original location?
Access Change
Configuration Management controls?
Auditing and controlling any changes to the Trusted Computer Base.
What is the PRIMARY reason for designing the security kernel to be as small as possible?
Due to it's compactness, the kernel is easier to formally verify.
What is Polyinstantiation?
an environment characterized by information stored in more than one location in a database. Used in database information security to hide information
Configuration Management is a rquirement for what levels?
B2, B3, and A1
Regarding Packet Filtering:
It is based on ACL's
It is not application dependent
It operates at the network layer