Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
118 Cards in this Set
- Front
- Back
Which division of the Orange Book deals with discretionary protection (need-to-know)?
|
C
|
|
If an operating system permits executable objects to be used simultaneously by multiple users without a refresh of the objects, which security problem is most likely to exist?
|
Disclosure of residual data
|
|
What is the lowest TCSEC class wherein systems must support separate operator and system administrator roles?
|
B2
|
|
What is a straightforward approach that provides access rights to subjects for objects?
|
Access Matrix model
|
|
What is defined as a communication channel that allows transfer of information in a manner that violates the system's security policy?
|
a covert channel
|
|
Which Orange Book evaluation level is described as "Verified Design"?
|
A1
|
|
What is another name for the Orange Book?
|
The Trusted Computer System Evaluation Criteria (TCSEC)
|
|
What is an architecture where there are more than two execution domains or privilege levels?
|
Ring Architecture
|
|
Data that is always traced to individuals responsible for observing and recording data is known as?
|
attributable
|
|
What is described as programs operating in inner rings usually referred to as existing in privileged mode with strict boundaries and definitions on what the processes that work within each ring can access?
|
Protection rings
|
|
What is the main focus of the Bell-LaPadula security model?
|
Confidentiality
|
|
Which Orange book security rating introduces security labels?
|
B1
|
|
According to the Orange Book, trusted facility management is not required for which security level?
|
B1
|
|
For competitive reasons, the customers of a large shipping company called the "Integrated International Secure Shipping Containers Corporation" (IISSCC) like to keep private the various cargos that they ship. IISSCC uses a secure database system based on the Bell-LaPadula access control model to keep this information private. Different information in this database is classified at different levels. For example, the time and date a ship departs is labeled Unclassified, so customers can estimate when their cargos will arrive, but the contents of all shipping containers on the ship are labeled Top Secret to keep different shippers from viewing each other's cargos.
An unscrupulous fruit shipper, the "Association of Private Fruit Exporters, Limited" (APFEL) wants to learn whether or not a competitor, the "Fruit Is Good Corporation" (FIGCO), is shipping pineapples on the ship "S.S. Cruise Pacific" (S.S. CP). APFEL can't simply read the top-secret contents in the IISSCC database because of the access model. A smart APFEL worker, however, attempts to insert a false, unclassified record in the database that says that FIGCO is shipping pineapples on the S.S. CP, reasoning that if there is already a FIGCO-pineapple-SSCP record then the insertion attempt will fail. But the attempt does not fail, so APFEL can't be sure whether or not FIGCO is shipping pineapples on the S.S. CP.
What is the name of the access control model property that prevented APFEL from reading FIGCO's cargo information? What is a secure database technique that could explain why, when the insertion attempt succeeded, APFEL was still unsure whether or not FIGCO was shipping pineapples?
|
Simple security property and polyinstantiation
|
|
True or False.
Storage and timing can be used as covert channels? |
True
|
|
Which access control model uses a directed graph to specify rights that can be transferred from a subject to an object?
|
The Take-Grant model
|
|
What does the * (star) property mean in the Bell-LaPadula model?
|
No write down
|
|
During a business impact analysis it is concluded that a system has maximum tolerable downtime of 2 hours. What would this system be classified as?
|
Critical
|
|
What did NCSC develop?
|
TCSEC
|
|
What is a system that is capable of detecting that a fault has occurred and has the ability to correct the fault or operate around it?
|
a fault-tolerant system
|
|
Which access control model does NOT include data integrity?
|
Bell-LaPadula model
|
|
Which access control model was proposed for enforcing access control in government and military applications?
|
Bell-LaPadula model
|
|
Which access control model is based on the military classification of data and people with clearances?
|
Bell-LaPadula model
|
|
Memory management in TCSEC levels B3 and A1 operating systems may utilize "data hiding". What does this mean?
|
System functions are layered and none of the functions in a given layer can access data outside that layer
|
|
What is defined as the hardware, firmware, and software elements of a TCB that implement the reference monitor concept?
|
a security kernel
|
|
What can be described as an imaginary line that separates the trusted components of the TCB from those elements that are NOT trusted?
|
the security perimeter
|
|
Which TCSEC security rating introduces the object reuse protection?
|
C2
|
|
Which TCSEC security rating is reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions?
|
D
|
|
What are the components of the Trusted Computing Base (TCB) from the TCSEC (Orange Book)?
|
trusted hardware, software, and firmware
|
|
Which integrity model defines a constrained data item, an integrity verification procedure, and a transformation procedure?
|
the Clark-Wilson model
|
|
Which mechanism does a system use to compare the security labels of a subject and an object?
|
Reference Monitor
|
|
Mandatory access requires sensitivity labels be attached to all objects. What are objects as designated on a MAC system?
|
Files, directories, and devices
|
|
Which class in the TCSEC is defined as mandatory protection?
|
B
|
|
What is best defined as a mode of system termination that automatically leaves system processes and components in a secure state when a failure occurs or is detected in the system?
|
Fail Safe
|
|
Which Orange Book evaluation level is described as "Labeled Security Protection"?
|
B1
|
|
Which Orange Book security rating is the first to be concerned with covert channels?
|
B2
|
|
What is the biggest difference between System High Security Mode and Dedicated Security Mode?
|
Need-to-know
|
|
What can best be defined as the sum of protection mechanisms inside the computer, including hardware, firmware, and software?
|
Trusted computing base
|
|
Which TCSEC evaluation level is described as "Controlled Access Protection"?
|
C2
|
|
When RAM and Secondary storage are used together it's referred to as?
|
Virtual storage
|
|
Which TCSEC class is defined as discretionary protection?
|
C
|
|
What are the necessary components of a Multi-level Security Policy?
|
Security clearances for subjects and security labels for objects and Mandatory Access Control
|
|
Maintaining internal and external consistency, preventing authorized users from making improper modifications, and preventing unauthorized users from making modifications are all goals of __________?
|
integrity
|
|
What is the Biba security model concerned with?
|
Integrity
|
|
Describe the Bell-LaPadula security model"
|
Concerned with confidentiality
Cannot read up Cannot write down |
|
What are the logical flow steps of an access control model?
|
identification, authentication, authorization
|
|
Who developed one of the first mathematical models of a multilevel security computer system?
|
Bell and LaPadula
|
|
What can best be described as an abstract machine that must mediate all access to subjects to objects?
|
the Reference Monitor
|
|
What is the name of the first mathematical model of a multilevel security policy used to define the concept of a secure state, the modes of access, and rules for granting access?
|
Bell-LaPadula model
|
|
Contracts and agreements are unenforceable in what type of alternate backup facility?
|
Reciprocal agreement
|
|
What is the window of time for RECOVERY of information processing capabilities based on?
|
Criticality of the operations affected
|
|
Who should direct short-term recovery actions immediately following a disaster?
|
Disaster Recovery Manager
|
|
What is the main purpose for periodically testing off-site hardware backup facilities?
|
to ensure the continued compatibility of the contingency facilities
|
|
Name three outcomes of a vulnerability analysis.
|
Defining critical support areas
Quantitative loss assessment Qualitative loss assessment |
|
A business impact assessment is one element in a business continuity planning. What are the three primary goals of a BIA?
|
Criticality prioritization, downtime estimation, and resource requirements
|
|
What is the main advantage of using a hot site?
|
Hot sites can be made ready for operation within a short period of time
|
|
How often should tests and disaster recovery drills be performed?
|
At least once a year
|
|
What is the Maximum Tolerable Downtime (MTD)?
|
it is the maximum delay businesses can tolerate and still remain viable
|
|
Which type of plan focuses on sustaining an organization's business functions during and after a disruption?
|
Business continuity plan
|
|
Transmission of copies of the entries in the journal of transactions to an alternate site best describes?
|
remote journaling
|
|
What is the most critical piece to disaster recovery and continuity planning?
|
Management suppport
|
|
What type of tool is used to help business units understand the impact of a disruptive event?
|
a business impact assessment
|
|
True or False.
A disaster recovery plan may not be operational within the timeframe the business needs to recover if critical recovery priority levels are clearly defined. |
False
|
|
What tool is used to assess potential loss that could be caused by a disaster?
|
the Business Impact Analysis (BIA)
|
|
What type of recovery site is only partially equipped with processing equipment?
|
Warm site
|
|
What would be the appropriate action to take after discovering that an organization's business continuity plan provides for an alternate processing site which will accommodate fifty percent of the primary processing facility's processing capability?
|
Ensure that critical applications have been identified and the alternate site can process all critical applications
|
|
What is the most important factor to consider when locating an alternate computing facility during the development of a disaster recovery plan?
|
Ensure it is unlikely to be affected by the same contingency
|
|
What is the most important action to take prior to a live disaster test?
|
Conduct a successful structured walk-through
|
|
What is the least expensive alternative that would provide processing facilities in case a disaster should strike?
|
reciprocal agreement
|
|
What is the most important factor of a hot site?
|
that it is available immediately or within maximum tolerable downtime
|
|
What is the most critical piece to consider during a disaster recovery?
|
Data
|
|
During the salvage of the LAN and Servers, what step should be performed first?
|
assess damage
|
|
A transfer of bulk information to a remote central backup facility is known as?
|
electronic vaulting
|
|
True or False.
When returning to a primary site, the most critical applications should be brought back up first |
False
|
|
All risks should be ________.
|
identified
|
|
A site with pre-installed computers, raised flooring, air conditioning, telecommunications, networking equipment, and UPS describes what type of facility?
|
hot-site
|
|
What type of backup site is the most effective for disaster recovery?
|
hot-site
|
|
During a test of a disaster recovery plan, some IT systems are moved and set up at an alternate site. The results are compared to the results of regular processing at the original site. What kind of testing is taking place?
|
parallel
|
|
What is defined as a batch process of dumping backup data through communication lines to a server at an alternate location?
|
electronic vaulting
|
|
What is defined as business units or functions that must be present to sustain continuity of business, maintain life, safety, and avoid public embarrassment?
|
critical support areas
|
|
What is the most complete disaster recovery plan test type after completing the parallel test?
|
full interruption test
|
|
Valuable paper insurance coverage does not cover damage to what?
|
money and securities
|
|
What recovery plan test results would be most useful to management?
|
list of successful and unsuccessful activities
|
|
Notifying the appropriate parties to take action in order to determine the extent of the severity of an incident and to re-mediate the incident's effects is part of?
|
incident response
|
|
After a company is out of an emergency state, what should be moved back to the original site first?
|
least critical work
|
|
What team(s) should not be included in an organization's contingency plan?
|
tiger team
|
|
How often should a business continuity plan should be tested?
|
at least once a year
|
|
If your property insurance has an actual cash valuation (ACV) clause, your damaged property will be compensated based on?
|
value of the item on the date of loss
|
|
What is the main concern when reviewing a reciprocal disaster recovery agreement between two companies?
|
hardware and software compatibility
|
|
Name some EPA-approved replacements for Halon.
|
NAF-S-III, Argon, Water, Argonite, etc
|
|
What suppresses combustion through a chemical reaction that kills the fire?
|
Halon
|
|
Behavioral-based systems are also know as?
|
Profile-based systems
|
|
What physical characteristic does a retina scan biometric device measure?
|
the pattern of blood vessels at the back of the eye
|
|
What type of protection device is used for spot protection within a few inches of an object, rather than for overall room security monitoring?
|
capacitance detectors
|
|
What is currently the most recommended water system for a computer room?
|
Preaction
|
|
Which floor of a 6-story building would be most appropriate to locate information processing facilities?
|
third floor
|
|
Facility construction materials, lighting, and fences are all types of ________ controls for physical security.
|
physical
|
|
What types of devices are used to supply power when the commercial utility power system fails?
|
UPS or Generators
|
|
A passive device, a field-powered device, and a transponder are all examples of what?
|
system-sensing wireless proximity cards
|
|
What is the last line of defense in a physical security sense?
|
people
|
|
What type of lighting should be used for critical areas?
|
eight feet high and two feet out
|
|
What is the most prevalent cause of computer center fires?
|
electrical distribution systems
|
|
What is defined as a prolonged high voltage?
|
surge
|
|
Name some precautions you can take to reduce static electricity.
|
maintain proper humidity levels
anti-static flooring and mats power line conditioning |
|
Guards are appropriate whenever the function required by the security program involves what?
|
the use of discriminating judgement
|
|
Guards and general steps to maintain building security, securing server rooms or laptops, the protection of cables, and the backup of files are examples of what type of controls?
|
physical controls
|
|
A momentary low voltage, from 1 cycle to a few seconds is called?
|
sag
|
|
Physical security is accomplished through proper facility construction, fire and water protection, anti-theft mechanisms, intrusion detection systems, and security procedures that are adhered to and enforced. What type of control mechanisms are used to achieve this type of security?
|
technical, physical, and administrative controls
|
|
What category of water sprinkler system is currently the most recommended water system for a computer room?
|
Preaction sprinkler system
|
|
The environment that must be protected includes all personnel, equipment, data, communication devices, power supply and wiring. The necessary level of protection depends on the value of the data, the computer systems, and the company assets within the facility. What type of analysis can determine the value of these items?
|
critical-path analysis
|
|
Under what conditions would the use of a "Class C" hand-held fire extinguisher be preferable to the use of a "Class A" hand-held fire extinguisher?
|
when the fire involves electrical equipment
|
|
Under what conditions would the use of a Class C fire extinguisher be preferable to a Class A extinguisher?
|
when the fire involves electrical equipment
|
|
What are the main risks that physical security components combat?
|
availability, theft, and physical damage
|
|
A prolonged power supply that is below normal voltage is a?
|
brownout
|
|
A prolonged complete loss of electrical power is a?
|
blackout
|
|
The ideal operating humidity range is defined as 40 to 60 percent. Low humidity (less than 40 percent) can produce what type of problem on computer parts?
|
static-electricity
|
|
What type of proximity identification device does not require action by the user and works by responding with an access code to signals transmitted by a reader?
|
a transponder
|
|
A momentary power outage is a?
|
fault
|