The CISSP certification exam is challenging. As a result, Passing it successfully demands substantial knowledge of the basic information security concepts and an in-depth understanding of the fundamental information security concepts.
You must also allocate 40 to 70 hours to study for the exam preparation, pay for the CISSP certificate, and grasp all aspects of the CISSP study material before attempting it.
CISSP Practice Exam Quiz
CISSP Quiz
Question
Your answer:
Correct answer:
You got {{SCORE_CORRECT}} out of {{SCORE_TOTAL}}
Your Answers
CISSP Exam Questions And Answers
1. Which of the following best describes the relationship between COBIT and ITIL? A. COBIT is a model for IT governance, whereas ITIL is a model for corporate governance. B. COBIT provides a corporate governance roadmap, whereas ITIL is a customizable framework for IT service management. C. COBIT defines IT goals, whereas ITIL provides the process-level steps on how to achieve them. D. COBIT provides a framework for achieving business goals, whereas ITIL defines a framework for achieving IT service-level goals.
C. The Control Objectives for Information and related Technology (COBIT) is a framework developed by ISACA (formerly the Information Systems Audit and Control Association) and the IT Governance Institute (ITGI). It defines goals for the controls that should be used to properly manage IT and to ensure IT maps to business needs, not specifically just security needs. The Information Technology Infrastructure Library (ITIL) is the de facto standard of best practices for IT service management. A customizable framework, ITIL provides the goals, the general activities necessary to achieve these goals, and the input and output values for each process required to meet these determined goals. In essence, COBIT addresses “what is to be achieved,” and ITIL addresses “how to achieve it.”
2. Global organizations that transfer data across international boundaries must abide by guidelines and transborder information flow rules developed by an international organization that helps different governments come together and tackle the economic, social, and governance challenges of a globalized economy. What organization is this? A. Committee of Sponsoring Organizations of the Treadway Commission B. The Organisation for Economic Co-operation and Development C. COBIT D. International Organization for Standardization
B. Almost every country has its own rules pertaining to what constitutes private data and how it should be protected. As the digital and information age came upon us, these different laws started to negatively affect business and international trade. Thus, the Organisation for Economic Co-operation and Development (OECD) developed guidelines for various countries so that data is properly protected and everyone follows the same rules.
3. Steve, a department manager, has been asked to join a committee that is responsible for defining an acceptable level of risk for the organization, reviewing risk assessment and audit reports, and approving significant changes to security policies and programs. What committee is he joining? A. Security policy committee B. Audit committee C. Risk management committee D. Security steering committee
D. Steve is joining a security steering committee, which is responsible for making decisions on tactical and strategic security issues within the enterprise. The committee should consist of individuals from throughout the organization and meet at least quarterly. In addition to the responsibilities listed in the question, the security steering committee is responsible for establishing a clearly defined vision statement that works with and supports the organizational intent of the business. It should provide support for the goals of availability, integrity, and confidentiality as they pertain to the organization’s business objectives. This vision statement should, in turn, be supported by a mission statement that provides support and definition to the processes that will apply to the organization and allow it to reach its business goals.
4. Which of the following is not included in a risk assessment? A. Discontinuing activities that introduce risk B. Identifying assets C. Identifying threats D. Analyzing risk in order of cost or criticality
A. Discontinuing activities that introduce risk is a way of responding to risk through avoidance. For example, there are many risks surrounding the use of instant messaging (IM) in the enterprise. If a company decides not to allow IM activity because there is not enough business need for its use, then prohibiting this service is an example of risk avoidance. Risk assessment does not include the implementation of countermeasures such as this.
5. The integrity of data is not related to which of the following? A. Unauthorized manipulation or changes to data B. The modification of data without authorization C. The intentional or accidental substitution of data D. The extraction of data to share with unauthorized entities
D. The extraction of data to share with unauthorized entities is a confidentiality issue, not an integrity issue. Confidentiality ensures that the necessary level of secrecy is enforced at each junction of data processing and prevents unauthorized disclosure. This level of secrecy should prevail while data resides on systems and devices within the network, as it is transmitted, and once it reaches its destination. Integrity, on the other hand, is the principle that signifies the data has not been changed or manipulated in an unauthorized manner.
6. As his company’s CISO, George needs to demonstrate to the board of directors the necessity of a strong risk management program. Which of the following should George use to calculate the company’s residual risk? A. threats × vulnerability × asset value = residual risk B. SLE × frequency = ALE, which is equal to residual risk C. (threats × vulnerability × asset value) × controls gap = residual risk D. (total risk – asset value) × countermeasures = residual risk
C. Countermeasures are implemented to reduce overall risk to an acceptable level. However, no system or environment is 100 percent secure, and with every countermeasure some risk remains. The leftover risk after countermeasures are implemented is called residual risk. Residual risk differs from total risk, which is the risk companies face when they choose not to implement any countermeasures. While the total risk can be determined by calculating threats × vulnerability × asset value = total risk, residual risk can be determined by calculating (threats × vulnerability × asset value) × controls gap = residual risk. The controls gap is the amount of protection the control cannot provide.
7. Capability Maturity Model Integration (CMMI) came from the software engineering world and is used within organizations to help lay out a pathway of how incremental improvement can take place. This model is used by organizations in self-assessment and to develop structured steps that can be followed so an organization can evolve from one level to the next and constantly improve its processes. In the CMMI model graphic shown, what is the proper sequence of the levels?
D. Capability Maturity Model Integration (CMMI) is an organizational development model for process improvement developed by Carnegie Mellon. While organizations know that they need to constantly make their security programs better, it is not always easy to accomplish because “better” is a vague and nonquantifiable concept. The only way we can really improve is to know where we are starting from, where we need to go, and the steps we need to take in between. This is how the security industry uses the CMMI model. A security program starts at Level 1 and is chaotic in nature. Processes are not predictable, and the security team is reactive to issues that arise—not proactive. The model uses the following maturity levels: Initial, Repeatable, Defined, Managed, Optimizing.
*baseline
NIST SP 800-53 discusses security control baselines as a list of security controls. CIS releases security baselines, and a baseline is a useful part of a threat management strategy and may contain a list of acceptable configuration items.
*Content Distribution Network (CDN)
is designed to provide reliable, low-latency, geographically distributed content distribution. In this scenario, a CDN is an ideal solution. A P2P CDN like BitTorrent isn’t a typical choice for a commercial entity, whereas redundant servers or a hot site can provide high availability but won’t provide the remaining requirements.
Blocking read commands sent to the device
A forensic disk controller performs four functions. One of those, write blocking, intercepts write commands sent to the device and prevents them from modifying data on the device. The other three functions include returning data requested by a read operation, returning access-significant information from the device, and reporting errors from the device back to the forensic host. The controller should not prevent read commands from being sent to the device because those commands may return crucial information.
RAID 1
Disk mirroring, requires two physical disks that will contain copies of the same data.
TGS, or Ticket-Granting Service (which is usually on the same server as the KDC)
receives a TGT from the client. It validates the TGT and the user’s rights to access the service they are requesting to use. The TGS then issues a ticket and session keys to the client. The AS serves as the authentication server, which forwards the username to the KDC.
*Asynchronous
X communications rely on a a built-in stop and start flag or bit. This makes asynchronous communications less efficient than synchronous communications, but better suited to some types of communication.
*Wave pattern
X motion detectors transmit ultrasonic or microwave signals into the monitor area, watching for changes in the returned signals bouncing off objects.
A stateful packet inspection firewall
X, also known as dynamic packet filtering firewalls, track the state of a conversation, and can allow a response from a remote system based on an internal system being allowed to start the communication. Static packet filtering and circuit level gateways only filter based on source, destination, and ports, whereas application-level gateway firewalls proxy traffic for specific applications.
A captive portal
X can require those who want to connect to and use Wi-Fi to provide an email address to connect. This allows Ben to provide easy-to-use wireless while meeting his business purposes. WPA2 PSK is the preshared key mode of WPA and won’t provide information about users who are given a key. Sharing a password doesn’t allow for data gathering either. Port security is designed to protect wired network ports based on MAC addresses.
*Set up a separate SSID using WPA2.
Many modern wireless routers can provide multiple SSIDs. Ben can create a private, secure network for his business operations, but he will need to make sure that the customer and business networks are firewalled or otherwise logically separated from each other. Running WPA2 on the same SSID isn’t possible without creating another wireless network and would cause confusion for customers (SSIDs aren’t required to be unique). Running a network in Enterprise mode isn’t used for open networks, and WEP is outdated and incredibly vulnerable.
Open networks are unencrypted, making traffic easily sniffable.
Unencrypted open networks broadcast traffic in the clear. This means that unencrypted sessions to websites can be easily captured with a packet sniffer. Some tools like FireSheep have been specifically designed to capture sessions from popular websites. Fortunately, many now use TLS by default, but other sites still send user session information in the clear. Shared passwords are not the cause of the vulnerability, ARP spoofing isn’t an issue with wireless networks, and a Trojan is designed to look like safe software, not to compromise a router.
*AES
The DES modes of operation are Electronic Codebook (ECB), Cipher Block Chaining (CBC), Cipher Feedback (CFB), Output Feedback (OFB), and Counter (CTR). The Advanced Encryption Standard (AES) is a separate encryption algorithm.
Clipping
X is an analysis technique that only reports alerts after they exceed a set threshold. It is a specific form of sampling, which is a more general term that describes any attempt to excerpt records for review. Thresholding is not a commonly used term. Administrators may choose to configure automatic or manual account lockout after failed login attempts but that is not described in the scenario.
RADIUS
X is a common AAA technology used to provide services for dial-up, wireless networks, network devices, and a range of other systems. OAuth is an authentication protocol used to allow applications to act on a user’s behalf without sharing the password, and is used for many web applications. While both XTACACS and TACACS+ provide the functionality Sally is looking for, both are Cisco proprietary protocols.
Inference
In an X attack, the attacker uses several pieces of generic nonsensitive information to determine a specific sensitive value.
*Take rule
The X allows a subject to take the rights belonging to another object. If Alice has take rights on Bob, she can give herself the same permissions that Bob already possesses.
A brute-force attack
X attacks try every possible password. In this attack, the password is changing by one letter at each attempt, which indicates that it is a brute-force attack. A dictionary attack would use dictionary words for the attack, whereas a man-in-the-middle or pass-the-hash attack would most likely not be visible in an authentication log except as a successful login.
*Isolation
X requires that transactions operate separately from each other. Atomicity ensures that if any part of a database transaction fails, the entire transaction must be rolled back as if it never occurred. Consistency ensures that all transactions are consistent with the logical rules of the database, such as having a primary key. Durability requires that once a transaction is committed to the database it must be preserved.
*Worm
X have built-in propagation mechanisms that do not require user interaction, such as scanning for systems containing known vulnerabilities and then exploiting those vulnerabilities to gain access. Viruses and Trojan horses typically require user interaction to spread. Logic bombs do not spread from system to system but lie in wait until certain conditions are met, triggering the delivery of their payload.
*Teardrop
In a X attack, the attacker fragments traffic in such a way that the system is unable to reassemble them. Modern systems are not vulnerable to this attack if they run current operating systems, but the concept of this attack illustrates the danger of relying upon users following protocol specifications instead of performing proper exception handling.
SYN, SYN/ACK, ACK
The TCP three-way handshake consists of initial contact via a SYN, or synchronize flagged packet, which receives a response with a SYN/ACK, or synchronize and acknowledge flagged packet, which is acknowledged by the original sender with an ACK, or acknowledge packet. RST is used in TCP to reset a connection, PSH is used to send data immediately, and FIN is used to end a connection.
*Assuming control of a nonregistered BYOD mobile device
MDM products do not have the capability of assuming control of a device not currently managed by the organization. This would be equivalent to hacking into a device owned by someone else and might constitute a crime.
Identity as a Service
X provides an identity platform as a third-party service. This can provide benefits, including integration with cloud services and removing overhead for maintenance of traditional on-premise identity systems, but can also create risk due to third-party control of identity services and reliance on an offsite identity infrastructure.
*Advance and protect the profession
Gina’s actions harm the CISSP certification and information security community by undermining the integrity of the examination process. While Gina also is acting dishonestly, the harm to the profession is more of a direct violation of the code of ethics
ALE
The annualized loss expectancy is the amount of damage that the organization expects to occur each year as the result of a given risk.
Whitelisting
The X approach to application control allows users to install only those software packages specifically approved by administrators.. This would be an appropriate approach in a scenario where application installation needs to be tightly controlled.
Denial of service
This is a clear example of a X attack—denying legitimate users authorized access to the system through the use of overwhelming traffic. It goes beyond a reconnaissance attack because the attacker is affecting the system, but it is not a compromise because the attacker did not attempt to gain access to the system. There is no reason to believe that a malicious insider was involved.
Company ID
The X is likely unique for each row in the table, making it the best choice for a primary key. There may be multiple companies that share the same name or ZIP code. Similarly, a single sales representative likely serves more than one company, making those fields unsuitable for use as a unique identifier.
PII Personally Identifiable Information
X includes data that can be used to distinguish or trace that person’s identity, and also includes information like their medical, educational, financial, and employment information. PHI is personal health information, EDI is electronic data interchange, and proprietary data is used to maintain an organization’s competitive advantage.
129.53.44.124
129.53.44.124 is a valid public IP address and a legitimate destination for traffic leaving Bob’s network. 12.8.195.15 is a public address on Bob’s network and should not be a destination address on a packet leaving the network. 10.8.15.9 and 192.168.109.55 are both private IP addresses that should not be routed to the Internet.
*64
Binary keyspaces contain a number of keys equal to 2 raised to the power of the number of bits. Two to the sixth power is 64, so a 6-bit keyspace contains 64 possible keys. The number of viable keys is usually smaller in most algorithms due to the presence of parity bits and other algorithmic overhead or security issues that restrict the use of some key values.
*The built-in erase commands are not completely effective on some SSDs.
Research has shown that traditional methods of sanitizing files on SSDs were not reliable. SSDs remap data sectors as part of wear leveling, and erase commands are not consistently effective across multiple SSD brands. Zero fills can be performed on SSDs but may not be effective, much like erase commands. Degaussing doesn’t work on SSDs because they are flash media, rather than magnetic media. SSDs don’t have data remanence issues, but that doesn’t create the need to destroy them.
Encrypting the files
Encrypting the files reduces the probability that the data will be successfully stolen, so it is an example of risk mitigation. Deleting the files would be risk avoidance. Purchasing insurance would be risk transference. Taking no action would be risk acceptance.
Sampling should be conducted randomly.
X to avoid human bias. Choosing a timeframe may miss historic issues or only account for the current administrator’s processes. Sampling is an effective process if it is done on a truly random sample of sufficient size to provide effective coverage of the userbase.
*Notice, choice, onward transfer, security, data integrity, access, enforcement
The European Data Protection Directive’s seven primary tenets are
Notice
Choice
Onward transfer
Security
Data integrity
Access
Enforcement
White box
In a X test, the attacker has access to full implementation details of the system, including source code, prior to beginning the test. In gray-box testing, the attacker has partial knowledge. In black-box testing, the attacker has no knowledge of the system and tests it from a user perspective. Blue boxes are a phone hacking tool and are not used in software testing.
*Application log
The file clearly shows HTTP requests, as evidenced by the many GET commands. Therefore, this is an example of an application log from an HTTP server.
*A blue box
A blue box was used to generate the 2600 Hz tones that trunking systems required. White boxes included a dual-tone, multifrequency generator to control phone systems. Black boxes were designed to steal long-distance service by manipulating line voltages, and red boxes simulated the tones of coins being deposited into payphones.
Social engineering
X exploits humans to allow attacks to succeed. Since help desk employees are specifically tasked with being helpful, they may be targeted by attackers posing as legitimate employees. Trojans are a type of malware, whereas phishing is a targeted attack via electronic communication methods intended to capture passwords or other sensitive data. Whaling is a type of phishing aimed at high-profile or important targets.
*Out-of-band identity proofing
Identity proofing that relies on a type of verification outside of the initial environment that required the verification is out-of-band identity proofing. This type of verification relies on the owner of the phone or phone number having control of it but removes the ability for attackers to use only Internet-based resources to compromise an account. Knowledge-based authentication relies on answers to preselected information, whereas dynamic knowledge-based authentication builds questions using facts or data about the user. Risk-based identity proofing uses risk-based metrics to determine whether identities should be permitted or denied access. It is used to limit fraud in financial transactions, such as credit card purchases. This is a valid form of proofing but does not ne-cessairly use an out-of-band channel, such as SMS.
*MOD
The modulo function is the remainder value left over after an integer division operation takes place.
Hybrid
A X authentication service can provide authentication services in both the cloud and on-premise, ensuring that service outages due to interrupted links are minimized. An onsite service would continue to work during an Internet outage but would not allow the e-commerce website to authenticate. A cloud service would leave the corporate location offline. Outsourcing authentication does not indicate whether the solution is on or off-premise, and thus isn’t a useful answer.
Federation
X links identity information between multiple organizations. Federating with a business partner can allow identification and authorization to occur between them, making integration much easier. Single sign-on would reduce the number of times a user has to log in but will not facilitate the sharing of identity information. Multifactor can help secure authentication, but again, doesn’t help integrate with a third party. Finally, an Identity as a Service provider might provide federation but doesn’t guarantee it.
SAML Security Assertion Markup Language
X is frequently used to integrate cloud services and provides the ability to make authentication and authorization assertions. Active Directory integrations are possible but are less common for cloud service providers, and RADIUS is not typically used for integrations like this. Service Provisioning Markup Language (SPML) is used to provision users, resources, and services, not for authentication and authorization.
*Salting
Rainbow tables use precomputed password hashes to conduct cracking attacks against password files. They may be frustrated by the use of salting, which adds a specified value to the password prior to hashing, making it much more difficult to perform precomputation. Password expiration policies, password complexity policies, and user education may all contribute to password security, but they are not direct defenses against the use of rainbow tables.
Honeypot
A X is a decoy computer system used to bait intruders into attacking. A honeynet is a network of multiple honeypots that creates a more sophisticated environment for intruders to explore. A pseudoflaw is a false vulnerability in a system that may attract an attacker. A darknet is a segment of unused network address space that should have no network activity and, therefore, may be easily used to monitor for illicit activity.
CER
X is the point where both the false acceptance rate and the false rejection rate cross. CER and ERR, or equal error rate, mean the same thing and are used interchangeably.
Type 2
A X is something you have, like a smartcard or hardware token. A type 1 authentication factor is something you know. A type 3 authentication factor is something you are, like a biometric identifier. There is no such thing as a type 4 authentication factor.
Steganography
X is the art of using cryptographic techniques to embed secret messages within other content. Steganographic algorithms work by making invisible alterations to files, such as modifying the least significant bits of the many bits that make up image files. VPNs may be used to obscure secret communications, but they provide protection in transit and can’t be used to embed information in an image. Watermarking does embed information in an image but with the intent of protecting intellectual property. A still image would not be used for a covert timing channel because it is a fixed file.
JavaScript
X is an interpreted language so the code is not compiled prior to execution, allowing Roger to inspect the contents of the code. C, C++, and Java are all compiled languages—a compiler produces an executable file that is not human-readable.
x
When a system is configured to use shadowed passwords, the /etc/passwd file contains only the character x in the place of a password. It would not contain any passwords, in either plain-text, encrypted, or hashed form.
ICMP Internet Control Message Protocol
X is used for normal pings, as well as Pings of Death. Ping of Death describes attacks that were used to overflow poorly implemented ICMP handlers; smurf attacks, which spoof broadcast pings to create huge amounts of traffic on a network; and ping floods, which are a type of denial-of-service attack.
*Due diligence
The due care principle states that an individual should react in a situation using the same level of care that would be expected from any reasonable person. It is a very broad standard. The due diligence principle is a more specific component of due care that states an individual assigned a responsibility should exercise due care to complete it accurately and in a timely manner.
Broadband
ISDN, cable modems, DSL, and T1 and T3 lines are all examples of broadband technology that can support multiple simultaneous signals. They are analog, not digital, and are not broadcast technologies.
Social engineering 2
Social engineering is the best answer, as it can be useful to penetration testers who are asked to assess whether staff members are applying security training and have absorbed the awareness messages the organization uses. Port and vulnerability scanning find technical issues that may be related to awareness or training issues but that are less likely to be directly related. Discovery can involve port scanning or other data-gathering efforts, but is also less likely to be directly related to training and awareness.
Raid Level 5
X is also known as disk striping with parity. It uses three or more disks, with one disk containing parity information used to restore data to another disk in the event of failure. When used with three disks, RAID 5 is able to withstand the loss of a single disk.
Physical
The Physical layer deals with the electrical impulses or optical pulses that are sent as bits to convey data.
Maintaining the hypervisor
In an IaaS server environment, the customer retains responsibility for most server security operations under the shared responsibility model. This includes managing OS security settings, maintaining host firewalls, and configuring server access control. The vendor would be responsible for all security mechanisms at the hypervisor layer and below.
*Proactive
Proactive monitoring, aka synthetic monitoring, uses recorded or generated traffic to test systems and software. Passive monitoring uses a network span, tap, or other device to capture traffic to be analyzed. Reactive and replay are not industry terms for types of monitoring.
Process isolation
X ensures that the operating system allocates a separate area of memory for each process, preventing processes from seeing each other’s data. This is a requirement for multilevel security systems
Proximity card
The use of an eletcromagnetic coil inside the card indicates that this is a X.
Parallel test
During a X, the team actually activates the disaster recovery site for testing but the primary site remains operational. During a full interruption test, the team takes down the primary site and confirms that the disaster recovery site is capable of handling regular operations. The full interruption test is the most thorough test but also the most disruptive. The checklist review is the least disruptive type of disaster recovery test. During a checklist review, team members each review the contents of their disaster recovery checklists on their own and suggest any necessary changes. During a tabletop exercise, team members come together and walk through a scenario without making any changes to information systems.
Deliver working software infrequently, with an emphasis on creating accurate code over longer timelines.
The Agile approach to software development embraces 12 core principles, found in the Agile Manifesto. One of these principles is that the best architecture, requirements, and designs emerge from self-organizing teams. Another is that teams should welcome changing requirements at any step in the process. A third is that simplicity is essential. The Agile approach emphasizes delivering software frequently, not infrequently.
A second factor should be added because they are not a good way to reliably distinguish individuals.
Hand geometry scanners assess the physical dimensions of an individual’s hand, but do not verify other unique factors about the individual, or even verify if they are alive. This means that hand geometry scanners should not be implemented as the sole authentication factor for secure environments. Hand geometry scanners do not have an abnormally high FRR, and do not stand out as a particular issue from an accessibility standpoint compared to other biometric systems.
MTD maximum tolerable downtime
X is the amount of time that a business may be without a service before irreparable harm occurs. This measure is sometimes also called maximum tolerable outage (MTO).
TOC/TOU
Attacks that change a symlink between the time that rights are checked and the file is accessed, in order to access a file that the account does not have rights to, are time of check/time of use (TOC/TOU) attacks, a form of race condition. Unlinking removes names from a Linux filesystem, setuid allows a user to run an executable with the permissions of its owner, and tick/tock is not a type of attack or Linux command.
A smartcard
X are a Type II authentication factor, and include both a microprocessor and at least one certificate. Since they are something you have, they’re not a Type I or III authentication factor. Tokens do not necessarily contain certificates.
Masquerading
X (or impersonation) attacks use stolen or falsified credentials to bypass authentication mechanisms. Spoofing attacks rely on falsifying an identity like an IP address or hostname without credentials. Replay attacks are a more specific type of masquerading attack that relies on captured network traffic to reestablish authorized connections. Modification attacks occur when captured packets are modified and replayed to a system to attempt to perform an action.
1.544 Mbps
A T1 (DS1) line is rated at 1.544 Mbps. ISDN is often 64 or 128 Kbps, and T3 lines are 44.736 Mbps.
Separation of duties
This scenario describes separation of duties—not allowing the same person to hold two roles that, when combined, are sensitive. While two-person control is a similar concept, it does not apply in this case because the scenario does not say that either action requires the concurrence of two users.
Parol evidence rule
The X rule states that when an agreement between two parties is put into written form, it is assumed to be the entire agreement unless amended in writing. The best evidence rule says that a copy of a document is not admissible if the original document is available. Real evidence and testimonial evidence are evidence types, not rules of evidence.
NAT
Network Address Translation (NAT) translates an internal address to an external address. VLANs are used to logically divide networks, BGP is a routing protocol, and S/NAT is a made-up term.
SSAE-16
does not assert specific controls. Instead it reviews the use and application of controls in an audited organization. It is an attestation standard, used for external audits, and forms part of the underlying framework for SOC 1, 2, and 3 reports.
It limits what users can do or see based on privileges.
A constrained user interface restricts what users can see or do based on their privileges. This can result in grayed-out or missing menu items, or other interface changes. Activity-based controls are called context-dependent controls, whereas controls based on the content of an object are content-dependent controls. Preventing unauthorized users from logging in is a basic authentication function.
RTO recovery time objective
X is the amount of time expected to return an IT service or component to operation after a failure. The maximum tolerable downtime (MTD) is the longest amount of time that an IT service or component may be unavailable without causing serious damage to the organization. The recovery point objective (RPO) identifies the maximum amount of data, measured in time, that may be lost during a recovery effort. Service level agreements (SLAs) are written contracts that document service expectations
*Class variable
X exist only once and share their value across all instances of that object class. Instance variables have different values for each instance. Member variables are the combination of class and instance variables associated with a particular class. Global variables do not exist in an object-oriented programming language.
Class B
X fire extinguishers use carbon dioxide, halon, or soda acid as their suppression material and are useful against liquid-based fires. Water may not be used against liquid-based fires because it may cause the burning liquid to splash, and many burning liquids, such as oil, will float on water.
Directive
Notifications and procedures like the signs posted at the company Chris works for are examples of directive access controls. Detective controls are designed to operate after the fact. The doors and the locks on them are examples of physical controls. Preventive controls are designed to stop an event, and could also include the locks that are present on the doors.
Nonrepudiation
The seven principles that the International Safe Harbor Provisions spell out for handling personal information are notice, choice, onward transfer, access, security, data integrity, and enforcement.
Internet service providers DMCA Digital Millenium Copyright Act
The DMCA provides safe harbor protection for the operators of Internet service providers who only handle information as a common carrier for transitory purposes.
He should update the system security plan.
According to NIST SP 800-18, a system owner should update the system security plan when the system they are responsible for undergoes a significant change. Classification, selection of custodians, and designing ways to protect data confidentiality might occur if new data was added, but should have already been done otherwise.
Workflow-based account provisioning
Provisioning that occurs through an established workflow, such as through an HR process, is workflow-based account provisioning. If Alex had set up accounts for his new hire on the systems he manages, he would have been using discretionary account provisioning. If the provisioning system allowed the new hire to sign up for an account on their own, they would have used self-service account provisioning, and if there was a central, software-driven process, rather than HR forms, it would have been automated account provisioning.
*Privilege creep may be taking place.
As Alex has changed roles, he retained access to systems that he no longer administers. The provisioning system has provided rights to workstations and the application servers he manages, but he should not have access to the databases he no longer administers. Privilege levels are not specified, so we can’t determine if he has excessive rights. Logging may or may not be enabled, but it isn’t possible to tell from the diagram or problem.
He should be provisioned for only the rights that match his role.
When a user’s role changes, they should be provisioned based on their role and other access entitlements. De-provisioning and re-provisioning is time consuming and can lead to problems with changed IDs and how existing credentials work. Simply adding new rights leads to privilege creep, and matching another user’s rights can lead to excessive privileges due to privilege creep for that other user.
*EAL2
X assurance applies when the system has been structurally tested. It is the second-to-lowest level of assurance under the Common Criteria.
Clearance and need to know
Before granting any user access to information, Adam should verify that the user has an appropriate security clearance as well as a business need to know the information in question.
Preservation
During the preservation phase, the organization ensures that information related to the matter at hand is protected against intentional or unintentional alteration or deletion. The identification phase locates relevant information but does not preserve it. The collection phase occurs after preservation and gathers responsive information. The processing phase performs a rough cut of the collected information for relevance.
Vulnerability scanners
Nessus, OpenVAS, the Open Vulnerability Assessment scanner and manager, and SAINT are all vulnerability scanning tools. All provide port scanning capabilities as well but are more than simple port scanning tools.
Document
In the subject/object model, the object is the resource being requested by a subject. In this example, Harry would like access to the document, making the document the object of the request.
De-encapsulation
The process of removing a header (and possibly a footer) from the data received from a previous layer in the OSI model is known as de-encapsulation. Encapsulation occurs when the header and/or footer are added. Payloads are part of a virus or malware package that are delivered to a target, and packet unwrapping is a made-up term.
Metasploit
Metasploit is a tool used to exploit known vulnerabilities. Nikto is a web application and server vulnerability scanning tool, Ettercap is a man-in-the-middle attack tool, and THC Hydra is a password brute-force tool.
*Service Provisioning Markup Language (SPML)
X uses Requesting Authorities to issue SPML requests to a Provisioning Service Point. Provisioning Service Targets are often user accounts, and are required to be allowed unique identification of the data in its implementation. SAML is used for security assertions, SAMPL is an algebraic modeling language, and XACML is an access control markup language used to describe and process access control policies in an XML format.
Qualitative
The use of a probability/impact matrix is the hallmark of a X risk assessment It uses subjective measures of probability and impact, such as “high” and “low,” in place of quantitative measures.
*Bracketed NOT
Mandatory access control systems can be hierarchical, where each domain is ordered and related to other domains above and below it; compartmentalized, where there is no relationship between each domain; or hybrid, where both hierarchy and compartments are used. There is no concept of bracketing in mandatory access control design.
RAID 5
RAID level 5 is also known as disk striping with parity. RAID 0 is called disk striping. RAID 1 is called disk mirroring. RAID 10 is known as a stripe of mirrors.
Cat 5e and Cat 6
Category 5e and Category 6 UTP cable are both rated to 1000 Mbps. Cat 5 (not Cat 5e) is only rated to 100 Mbps, whereas Cat 7 is rated to 10 Gbps. There is no Cat 4e.
business continuity task
Developing a business impact assessment is an integral part of the business continuity planning effort. The selection of alternate facilities, activation of those facilities, and restoration of data from backup are all disaster recovery tasks.
Block inbound ICMP traffic.
Smurf attacks use a distributed attack approach to send ICMP echo replies at a targeted system from many different source addresses. The most effective way to block this attack would be to block inbound ICMP traffic. Blocking the source addresses is not feasible because the attacker would likely simply change the source addresses. Blocking destination addresses would likely disrupt normal activity. The Smurf attack does not use UDP so blocking that traffic would have no effect.
Packet filter
Static packet filtering firewalls are known as first-generation firewalls and do not track connection state. Stateful inspection, application proxying, and next-generation firewalls all add connection state tracking capability.
TKIP
TKIP is only used as a means to encrypt transmissions and is not used for data at rest. RSA, AES, and 3DES are all used on data at rest as well as data in transit.
*Generational
X fuzzing is also known as intelligent fuzzing because it relies on the development of data models using an understanding of how the data is used by the program. Zzuf is a fuzzing program. Mutation simply modifies the inputs each time, and code based is not a description used for a type of fuzzing.
*Jitter
Latency is a delay in the delivery of packets from their source to their destination. Jitter is a variation in the latency for different packets. Packet loss is the disappearance of packets in transit that requires retransmission. Interference is electrical noise or other disruptions that corrupt the contents of packets.
Software tokens
X are flexible, with delivery options including mobile applications, SMS, and phone delivery. They have a relatively low administrative overhead, as users can typically self-manage. Biometrics require significant effort to register users and to deploy and maintain infrastructure, and require hardware at each authentication location. Both types of hardware tokens can require additional overhead for distribution and maintenance, and token failure can cause support challenges.
Interface testing
Web applications communicate with web browsers via an interface, making interface testing the best answer here. Regression testing might be used as part of the interface test, but is too specific to be the best answer. Similarly, the test might be a white box, or full knowledge test, but interface testing better describes this specific example. Fuzzing is less likely as part of a browser compatibility test, as it tests unexpected inputs, rather than functionality.
Role-based access control
Role-based access control gives each user an array of permissions based on their position in the organization, such as the scheme shown here. Task-based access control is not a standard approach. Rule-based access controls use rules that apply to all subjects, which isn’t something we see in the list. Discretionary access control gives object owners rights to choose how the objects they own are accessed, which is not what this list shows.
Impact
Fire suppression systems do not stop a fire from occurring but do reduce the damage that fires cause. This is an example of reducing risk by lowering the impact of an event.
*Trade secret
Patents and trade secrets can both protect intellectual property in the form of a process. Patents require public disclosure and have expiration dates while trade secrets remain in force for as long as they remain secret. Therefore, trade secret protection most closely aligns with the company’s goals.
*SCAP Security Content Automation Protocol
X is a suite of specifications used to handle vulnerability and security configuration information. The National Vulnerability Database provided by NIST uses SCAP. XACML is the eXtensible Access Control Markup Language, an OASIS standard used for access control decisions, and neither VSML is SCML an industry term.
Change management
The three components of the DevOps model are software development, operations, and quality assurance.
Simple Security Property
X prevents an individual from reading information at a higher security level than his or her clearance allows. This is also known as the “no read up” rule. The Simple Integrity Property says that a user can’t write data to a higher integrity level than their own. The *-Security Property says that users can’t write data to a lower security level than their own. The Discretionary Security Property allows the use of a matrix to determine access permissions.
Work breakdown structure
The work breakdown structure (WBS) is an important project management tool that divides the work done for a large project into smaller components. It is not a project plan because it does not describe timing or resources. Test analyses are used during later phases of the development effort to report test results. Functional requirements may be included in a work breakdown structure, but they are not the full WBS.
*Network Access Control (NAC)
X systems can be used to authenticate users, and then validate their system’s compliance with a security standard before they are allowed to connect to the network. Enforcing security profiles can help reduce zero-day attacks, making NAC a useful solution. A firewall can’t enforce system security policies, whereas an IDS can only monitor for attacks and alarm when they happen. Thus neither a firewall nor an IDS meets Kolin’s needs. Finally, port security is a MAC address-based security feature that can only restrict which systems or devices can connect to a given port.
Least privilege
This scenario violates the least privilege principle because an application should never require full administrative rights to run. Gwen should update the service account to have only the privileges necessary to support the application.
*Trace
Trace coverage is not a type of structural coverage. Common types of structural coverage include statement, branch or decision coverage, loop coverage, path coverage, and data flow coverage.
*Whois
During the information gathering and discovery phase of a penetration test, testers will gather information about the target. Whois can provide information about an organization, including IP ranges, physical addresses, and staff contacts. Nessus would be useful during a vulnerability detection phase, and Metasploit would be useful during exploitation. zzuf is a fuzzing tool and is less likely to be used during a penetration test.
Test directories often contain scripts that can be misused.
Test directories often include scripts that may have poor protections or may have other data that can be misused. There is not a default test directory that allows administrative access to PHP. Test directories are not commonly used to store sensitive data, nor is the existence of a test directory a common indicator of compromise.
*It lists files in a directory.
Directory indexing may not initially seem like an issue during a penetration test, but simply knowing the name and location of files can provide an attacker with quite a bit of information about an organization, as well as a list of potentially accessible files. XDRF is not a type of attack, and indexing is not a denial-of-service attack vector. Directory indexing being turned on is typically either due to misconfiguration or design, or because the server was not properly configured at setup, rather than being a sign of attack.
*Steal a user’s cookie
Cross-site tracing (XST) leverages the HTTP TRACE or TRACK methods, and could be used to steal a user’s cookies via cross-site scripting (XSS). The other options are not industry terms for web application or web server attacks or vulnerabilities
*RAM
The contents of RAM are volatile, meaning that they are only available while power is applied to the memory chips. EPROM, EEPROM, and flash memory are all nonvolatile, meaning that they retain their contents even when powered off.
Endpoint DLP
X systems specialize in the identification of sensitive information. In this case, Ursula would like to identify the presence of this information on endpoint devices, so she should choose an endpoint DLP control. Network-based DLP would not detect stored information unless the user transmits it over the network. Intrusion prevention systems (IPSs) are designed to detect and block attacks in progress, not necessarily the presence of sensitive information.
Private cloud
In the private cloud computing model, the cloud computing environment is dedicated to a single organization and does not follow the shared tenancy model. The environment may be built by the company in its own datacenter or built by a vendor at a co-location site.
RAID
X is designed to allow a system to continue operating without data loss in the event of a hard drive failure. Load balancing is designed to spread work across multiple servers. Intrusion prevention systems (IPSs) monitor systems and/or networks for potential attacks. Dual-power supplies protect against power supplies becoming a single point of failure.
Integrity
Integrity ensures that unauthorized changes are not made to data while stored or in transit.
A star
A star toplogy uses a central connection device. Ethernet networks may look like a star, but they are actually a logical bus topology that is sometimes deployed in a physical star.
Limit check
Input validation ensures that the data provided to a program as input matches the expected parameters. Limit checks are a special form of input validation that ensure the value remains within an expected range, as is the case described in this scenario. Fail open and fail secure are options when planning for possible system failures. Buffer bounds are not a type of software control.
*System owner
NIST SP 800-18 describes system owner responsibilities that include helping to develop system security plans, maintaining the plan, ensuring training, and identifying, implementing, and assessing security controls. A data owner is more likely to delegate these tasks to the system owner. Custodians may be asked to enforce those controls, whereas a user will be directly affected by them.
Transport mode does not encrypt the header of the packet.
ESP’s Transport mode encrypts IP packet data but leaves the packet header unencrypted. Tunnel mode encrypts the entire packet and adds a new header to support transmission through the tunnel.
Software Quality Management
In level 2, the Repeatable level of the SW-CMM, an organization introduces basic life-cycle management processes. Reuse of code in an organized fashion begins and repeatable results are expected from similar projects. The key process areas for this level include Requirements Management, Software Project Planning, Software Project Tracking and Oversight, Software Subcontract Management, Software Quality Assurance and Software Configuration Management. Software Quality Management is a process that occurs during level 4, the Managed stage of the SW-CMM.
KRIs Key risk indicators
X are often used to monitor risk for organizations that establish an ongoing risk management program. Using automated data gathering and tools that allow data to be digested and summarized can provide predictive information about how organizational risks are changing. KPIs are key performance indicators, which are used to assess how an organization is performing. Quantitative risk assessments are good for point-in-time views with detailed valuation and measurement-based risk assessments, whereas a penetration test would provide details of how well an organization’s security controls are working.
SYN/ACK
The three-way handshake is SYN, SYN/ACK, ACK. System B should respond with “Synchronize and Acknowledge” to System A after it receives a SYN.
Which systems respond to ping, a rough network topology, and potentially the location of additional firewalls
Systems that respond to ping will show the time to live for packets that reach them. Since TTL is decremented at each hop, this can help build a rough network topology map. In addition, some firewalls respond differently to ping than a normal system, which means pinging a network can sometimes reveal the presence of firewalls that would otherwise be invisible. Hostnames are revealed by a DNS lookup, and ICMP types allowed through a firewall are not revealed by only performing a ping. ICMP can be used for router advertisements, but pinging won’t show them!
Authorization
X define what a subject can or can’t do. Identification occurs when a subject claims an identity, accountability is provided by the logs and audit trail that track what occurs on a system, and authorization occurs when that identity is validated.
Secret
The commercial classification scheme discussed by (ISC)2 includes four primary classification levels: confidential, private, sensitive and public. Secret is a part of the military classification scheme.
Objects
All of these are X. Although some of these items can be subjects, files, databases, and storage media can’t be. Processes and programs aren’t file stores, and of course none of these are users.
Use case testing
Testing for desired functionality is use case testing. Dynamic testing is used to determine how code handles variables that change over time. Misuse testing focuses on how code handles examples of mis-use, and fuzzing feeds unexpected data as an input to see how the code responds.
70 years from the death of the author
When the author of a work is known, copyright protects that work for 70 years after the death of the author. Works created by a corporate author are protected for 95 years from publication or 120 years from creation, whichever expires first.
Private IP addresses
These are examples of private IP addresses. RFC1918 defines a set of private IP addresses for use in internal networks. These private addresses including 10.0.0.0-10.255.255.255, 172.16.0.0-172.31.255.255, and 192.168.0.0-196.168.255.255 should never be routable on the public Internet.
cognitive password
A x authenticates users based on a series of facts or answers to questions that they know. Preset questions for cognitive passwords typically rely on common information about a user like their mother’s maiden name, or the name of their pet, and that information can frequently be found on the Internet. The best cognitive password systems let users make up their own questions.
TP transformation procedure
A transformation procedure (TP) is the only process authorized to modify constrained data items (CDIs) within the Clark-Wilson model.
*Blacklist
The blacklist approach to application control blocks certain prohibited packages but allows the installation of other software on systems. The whitelist approach uses the reverse philosophy and only allows approved software. Antivirus software would only detect the installation of malicious software after the fact. Heuristic detection is a variant of antivirus software.
PHI
Personal Health Information (PHI) is specifically defined by HIPAA to include information about an individual’s medical bills. PCI could refer to the payment card industry’s security standard but would only apply in relation to credit cards. PII is a broadly defined term for personally identifiable information, and personal billing data isn’t a broadly used industry term.
Directional
Yagis, panel antennas, cantennas, and parabolic antennas are all types of directional antenna. Omnidirectional antennas radiate in all directions, whereas these types of antennas are not necessarily signal boosting. Finally, rubber duck antennas are a type of omnidirectional pole antenna.
Code coverage measures
Function, statement, branch, and condition are all types of code coverage metrics. Penetration testing methodologies use phases like planning, discovery, scanning, exploit, and reporting. Fuzzing techniques focus on ways to provide unexpected inputs, whereas synthetic transactions are generated test data provided to validate applications and performance.
2
Organizations should train at least two individuals on every business continuity plan task. This provides a backup in the event the primary responder is not available.
2 Backups Files
In this scenario, all of the files on the server will be backed up on Monday evening during the full backup. Tuesday’s incremental backup will include all files changed since Monday’s full backup: files 1, 2, and 5. Wednesday’s incremental backup will then include all files modified since Tuesday’s incremental backup: files 3 and 6.
*Passive monitoring
Susan is performing passive monitoring, which uses a network tap or span port to capture traffic to analyze it without impacting the network or devices that it is used to monitor. Synthetic, or active, monitoring uses recorded or generated traffic to test for performance and other issues. Signature based technologies include IDS, IPS, and antimalware systems.
Permissions
While the differences between rights, permissions, and roles can be confusing, typically permissions include both the access and actions that you can take on an object. Rights usually refer to the ability to take action on an object, and don’t include the access to it. Privileges combine rights and permissions, and roles describe sets of privileges based on job tasks or other organizational artifacts.
Servers provisioned by customers on a vendor-managed virtualization platform
One of the core capabilities of Infrastructure as a Service is providing servers on a vendor-managed virtualization platform. Web-based payroll and email systems are examples of Software as a Service. An application platform managed by a vendor that runs customer code is an example of Platform as a Service.
37.5%
The exposure factor is the percentage of the facility that risk managers expect will be damaged if a risk materializes. It is calculated by dividing the amount of damage by the asset value. In this case, that is $750,000 in damage divided by the $2 million facility value, or 37.5%
The annualized rate of occurrence is the number of times each year that risk analysts expect a risk to happen. In this case, the analysts expect fires will occur once every 50 years, or 0.02 times per year.
0.02
$15,000
The annualized loss expectancy is calculated by multiplying the single loss expectancy (SLE) by the annualized rate of occurrence (ARO). In this case, the SLE is $750,000 and the ARO is 0.02. Multiplying these numbers together gives you the ALE of $15,000.
CWR and ECE NOT
Congestion Window Reduced (CWR) and ECE, ECN-Echo are used to manage transmission over congested links, and are rarely seen in modern TCP networks.
*Key Rotation
The Tower of Hanoi; Grandfather, Father, Son; and First In, First Out backup rotation strategies are all used to rotate backup tapes and other media. Key rotation is a cryptographic concept not related to disaster recovery media.
API
An application programming interface (API) allows external users to directly call routines within Fran’s code. They can embed API calls within scripts and other programs to automate interactions with Fran’s company. A web scraper or call center might facilitate the same tasks, but they do not do so in a direct integration. Data dictionaries might provide useful information but they also do not allow direct integration.
*Fault
A fault is a momentary loss of power. Blackouts are sustained complete losses of power. Sags and brownouts are not complete power disruptions but rather periods of low voltage conditions.
A credential management system
Lauren’s team would benefit from a credential management system. Credential management systems offer features like password management, multifactor authentication to retrieve passwords, logging, audit, and password rotation capabilities. A strong password policy would only make maintenance of passwords for many systems a more difficult task if done manually. Single sign-on would help if all of the systems had the same sensitivity levels, but different credentials are normally required for higher sensitivity systems.
The system has failed to get a DHCP address and has assigned itself an address.
Windows systems will assign themselves an APIPA address between 169.254.0.1 and 169.254.255.254 if they cannot contact a DHCP server.
Enrollment
X, or registration, is the initial creation of a user account in the provisioning process. Clearance verification and background checks are sometimes part of the process that ensures that the identity of the person being enrolled matches who they claim to be. Initialization is not used to describe the provisioning process.
Key performance indicator
Repeated audit findings indicate a performance issue, making this a key performance indicator for Susan’s organization. Audit findings may demonstrate risk, but are not guaranteed to do so. Safeguard metrics and audit tracking metrics are not common industry terms.
*Mission owner
The business or mission owner’s role is responsible for making sure systems provide value. When controls decrease the value that an organization gets, the business owner bears responsibility for championing the issue to those involved. There is not a business manager or information security analyst role in the list of NIST-defined data security roles. A data processor is defined but acts as a third-party data handler, and would not have to represent this issue in Olivia’s organization
*ECPA Electronic Communications Privacy Act
X makes it a crime to invade the electronic privacy of an individual. It prohibits the unauthorized monitoring of email and voicemail communications.
*Ring 3
The kernel lies within the central ring, Ring 0. Ring 1 contains other operating system components. Ring 2 is used for drivers and protocols. User-level programs and applications run at Ring 3. Rings 0-2 run in privileged mode whereas Ring 3 runs in user mode.
*CVSS Common Vulnerability Scoring System
X uses measures such as attack vector, complexity, exploit maturity, and how much user interaction is required as well as measures suited to local concerns. CVE is the Common Vulnerabilities and Exposures dictionary, CNA is the CVE Numbering Authority, and NVD is the National Vulnerability Database.
Sending an email at work
An individual does not have a reasonable expectation of privacy when any communication takes place using employer-owned communications equipment or accounts.
*Tabletop exercise
During a tabletop exercise, team members come together and walk through a scenario without making any changes to information systems. The checklist review is the least disruptive type of disaster recovery test. During a checklist review, team members each review the contents of their disaster recovery checklists on their own and suggest any necessary changes. During a parallel test, the team actually activates the disaster recovery site for testing but the primary site remains operational. During a full interruption test, the team takes down the primary site and confirms that the disaster recovery site is capable of handling regular operations. The full interruption test is the most thorough test but also the most disruptive.
OpenID
OpenID is a widely supported standard that allows a user to use a single account to log into multiple sites, and Google accounts are frequently used with OpenID.
Risk acceptance
Risk acceptance occurs when an organization determines that the costs involved in pursuing other risk management strategies are not justified and they choose not to pursue any action.
Fiber optic
Fred should choose a fiber-optic cable. Copper cable types like 10Base2, 5, and 10BaseT, as well as 100Base-T and 1000BaseT, fall far short of the distance required, whereas fiber-optic cable can run for miles.
Decentralized access control
X makes sense because it allows local control over access. When network connectivity to a central control point is a problem, or if rules and regulations may vary significantly from location to location, centralized control can be less desirable than decentralized control despite its challenges with consistency. Since the problem does not describe specific control needs, mandatory access control and rule-based access controls could fit the need but aren’t the best answer.
Secret 2
The U.S. government classifies data that could reasonably be expected to cause damage to national security if disclosed, and for which the damage can be identified or described, as X. The U.S. government does not use Classified in its formal four levels of classification. Top Secret data could cause exceptionally grave damage, whereas Confidential data could be expected to cause damage.
*Renee’s public key
The purpose of a digital certificate is to provide the general public with an authenticated copy of the certificate subject’s public key.
*CA’s private key
The last step of the certificate creation process is the digital signature. During this step, the certificate authority signs the certificate using its own private key.
*CA’s public key
When an individual receives a copy of a digital certificate, he or she verifies the authenticity of that certificate by using the CA’s public key to validate the digital signature contained on the certificate.
Renee’s public key
Mike uses the public key that he extracted from Renee’s digital certificate to encrypt the message that he would like to send to Renee.
Wireshark
X is a network monitoring tool that can capture and replay communications sent over a data network, including Voice over IP (VoIP) communications. Nmap, Nessus, and Nikto are all security tools that may identify security flaws in the network, but they do not directly undermine confidentiality because they do not have the ability to capture communications.
It helps decrease the likelihood users will write down their passwords.
Studies consistently show that users are more likely to write down passwords if they have more accounts. Central control of a single account is also easier to shut off if something does go wrong. Simply decreasing the number of accounts required for a subject doesn’t increase security by itself, and SSO does not guarantee individual system logging, although it should provide central logging of SSO activity. Since a SSO system was not specified, there is no way of determining whether a given SSO system provides better or worse encryption for authentication data.
RSA
Nonrepudiation is only possible with an asymmetric encryption algorithm. RSA is an asymmetric algorithm. AES, DES, and Blowfish are all symmetric encryption algorithms that do not provide nonrepudiation.
*STRIDE Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege
Repudiation and tampering
Routers
Routing Information Protocol (RIP), Open Shortest Path First (OSPF), and Border Gateway Protocol (BGP) are all routing protocols and are associated with routers.
TKIP Temporal Key Integrity Protocol
X was used with WPA on existing hardware to replace WEP. TKIP has been replaced by CCMP and 802.1x since 2012. PEAP and EAP are both authentication protocols. Transport Layer Security (TLS) is used to secure web transactions and other network communications.
Attribute-based access control
Each of the attributes linked to Ben’s access provides information for an attribute-based information control system. Attribute-based information controls like those described in NIST SP 800-162 can take many details about the user, actions, and objects into consideration before allowing access to occur. A role-based access control would simply consider Ben’s role, whereas both administrative and system discretionary access controls are not commonly used terms to describe access controls.
DDoS
LOIC is an example of a distributed denial-of-service attack. It uses many systems to attack targets, combining their bandwidth and making it difficult to shut down the attack because of the number and variety of attackers. Ionization and Zombie horde attacks are both made-up answers. Teardrop attacks are an older type of attack that sends fragmented packets as a denial-of-service attack.
The CA that issued the certificate
Certificates may only be added to a Certificate Revocation List by the certificate authority that created the digital certificate.
*Remote journaling
X transfers transaction logs to a remote site on a more frequent basis than electronic vaulting, typically hourly. Transaction logging is not a recovery technique alone; it is a process for generating the logs used in remote journaling. In an electronic vaulting approach, automated technology moves database backups from the primary database server to a remote site on a scheduled basis, typically daily. Remote mirroring maintains a live database server at the backup site and mirrors all transactions at the primary site on the server at the backup site.
*Waiting
The X state is used when a process is blocked waiting for an external event. The Running state is used when a process is executing on the CPU. The Ready state is used when a process is prepared to execute but the CPU is not available. The Stopped state is used when a process terminates.
*Operational investigation
X investigations are performed by internal teams to troubleshoot performance or other technical issues. They are not intended to produce evidence for use in court and, therefore, do not have the rigid collection standards of criminal, civil, or regulatory investigations.
To protect the confidentiality of their data
Nondisclosure agreements (NDAs) are designed to protect the confidentiality of an organization’s data, including trade secrets during and after the person’s employment. NDAs do not protect against deletion or availability isssues, and noncompete agreements would be required to stop competition.
Add a second factor.
X can ensure that users who might be incorrectly accepted are not given access due to a higher than desired false acceptance rate (FAR) from accessing a system. The CER is the crossover between the false acceptance and false rejection rate (FRR), and is used as a way to measure the accuracy of biometric systems. Changing the sensitivity to lower the FRR may actually increase the FAR, and replacing a biometric system can be time consuming and expensive in term of time and cost.
6 months
SOC 2 reports typically cover 6 months of operations. SOC 1 reports cover a point in time.
*IDE forcing
Over-the-shoulder reviews require the original developer to explain her code to a peer while walking through it. Email pass-around code reviews are done by sending code for review to peers. Pair programming requires two developers, only one of whom writes code while both collaborate. IDE forcing is not a type of code review; an IDE is an integrated development environment.
TOC/TOU 2
X attack exploits timing differences between when a system verifies authorization and software uses that authorization to perform an action. It is an example of a race condition attack. The other three attacks mentioned do not depend on precise timing.
Encapsulation
X is a process that adds a header and possibly a footer to data received at each layer before handoff to the next layer. TCP wrappers are a host-based network access control system, attribution is determining who or what performed an action or sent data, and data hiding is a term from object-oriented programming that is not relevant here.
Salting
Xadds random text to the password before hashing in an attempt to defeat automated password cracking attacks that use precomputed values. MD5 and SHA-1 are both common hashing algorithms, so using them does not add any security. Double-hashing would only be a minor inconvenience for an attacker and would not be as effective as the use of salting.
*Jim must comply with the information in this document.
Guidelines provide advice based on best practices developed throughout industry and organizations, but they are not compulsory. Compliance with guidelines is optional.
*Username
X are an identification tool. They are not secret, so they are not suitable for use as a password.
Regression testing
X testing ensures proper functionality of an application or system after it has been changed. Unit testing focuses on testing each module of a program instead of against its previous functional state. White- and black-box testing both describe the amount of knowledge about a system or application, rather than a specific type or intent for testing.
Risk transference
X involves shifting the impact of a potential risk from the organization incurring the risk to another organization. Insurance is a common example of risk transference.
Avoid conflicts of interest that may jeopardize impartiality.
The four canons of the (ISC)2 code of ethics are to protect society, the common good, necessary public trust and confidence, and the infrastructure; act honorably, honestly, justly, responsibly, and legally; provide diligent and competent service to principals; and advance and protect the profession.
*Set up a one-way nontransitive trust.
A trust that allows one forest to access another’s resources without the reverse being possible is an example of a one-way trust. Since Jim doesn’t want the trust path to flow as the domain tree is formed, this trust has to be nontransitive.
Static
Susan’s team is performing X analysis, which analyzes nonrunning code. Dynamic analysis uses running code, whereas gray-box assessments are a type of assessment done without full knowledge. Fuzzing feeds unexpected inputs to a program as part of dynamic analysis.
A public IP address
201.19.7.45 is a public IP address. RFC 1918 addresses are in the ranges 10.0.0.0-0.255.255.255, 172.16.0.0-172.31.255.255, and 192.168.0.0-192.168.255.255. APIPA addresses are assigned between 169.254.0.0 to 169.254.255.254, and 127.0.0.1 is a loopback address (although technically the entire 127.x.x.x network is reserved for loopback).
*Unpatched web application
Risks are the combination of a threat and a vulnerability. Threats are the external forces seeking to undermine security, such as the hacker in this case. Vulnerabilities are the internal weaknesses that might allow a threat to succeed. In this case the missing patch is the vulnerability. In this scenario, if the hacker attempts a SQL injection attack (threat) against the unpatched server (vulnerability), the result is website defacement.
Purge
The three categories of data destruction are clear (overwriting with nonsensitive data), X (removing all data), and destroy (physical destruction of the media). Degaussing is an example of a purging technique.
Hot site
Hot sites contain all of the hardware and data necessary to restore operations and may be activated very quickly.
514
Syslog uses UDP port 514. TCP-based implementations of syslog typically use port 6514. The other ports may look familiar because they are commonly used TCP ports: 443 is HTTPS, 515 is the LPD print service, and 445 is used for Windows SMB.
A TCP packet;PSH and URG used to clear the buffer and indicate that the data is urgent
PSH is a TCP flag used to clear the buffer, resulting in immediately sending data, and URG is the TCP urgent flag. These flags are not present in UDP headers.
Fagan inspection
Fagan inspection is a highly formalized review and testing process that uses planning, overview, preparation, inspection, rework, and follow-up steps. Static inspection looks at code without running it, dynamic inspection uses live programs, and interface testing tests where code modules interact.
The logs will only contain the most recent 20 MB of log data
The system is set to overwrite the logs and will replace the oldest log entries with new log entries when the file reaches 20 MB. The system is not purging archived logs because it is not archiving logs. Since there can only be 20 MB of logs, this system will not have stored too much log data, and the question does not provide enough information to know if there will be an issue with not having the information needed
Confidentiality and authentication
Encapsulating Security Payload (ESP) provides the ability to encrypt and thus provides confidentiality, as well as limited authentication capabilities. It does not provide availability, nonrepudiation, or integrity validation.
*Detection
Alejandro is in the first stage of the incident response process, X. During this stage, the intrusion detection system provides the initial alert and Alejandro performs preliminary triaging to determine if an intrusion is actually taking place and whether the scenario fits the criteria for activating further steps of the incident response process (which include response, mitigation, reporting, recovery, remediation, and lessons learned).
Activate the incident response team
After detection of a security incident, the next step in the process is response, which should follow the organization’s formal incident response procedure. The first step of this procedure is activating the appropriate teams, including the organization’s computer security incident response team (CSIRT).
Remediation
The root cause analysis examines the incident to determine what allowed it to happen and provides critical information for repairing systems so that the incident does not recur. This is a component of the remediation step of the incident response process because the root cause analysis output is necessary to fully remediate affected systems and processes.
Shared secret key
When using symmetric cryptography, the sender encrypts a message using a shared secret key and the recipient then decrypts the message with that same key. Only asymmetric cryptography uses the concept of public and private key pairs
*Business logic errors
Business logic errors are most likely to be missed by automated functional testing. If a complete coverage code test was conducted, runtime, input validation, and error handling issues are likely to have been discovered by automated testing. Any automated system is more likely to miss business logic errors, because human are typically necessary to understand business logic issues.
Lessons Learned
During the Lessons Learned phase, analysts close out an incident by conducting a review of the entire incident response process. This may include making recommendations for improvements to the process that will streamline the efficiency and effectiveness of future incident response efforts.
DMCA
The Digital Millennium Copyright Act (DMCA) prohibits attempts to circumvent copyright protection mechanisms placed on a protected work by the copyright holder.
Warm site
Linda should choose a warm site. This approach balances cost and recovery time. Cold sites take a very long time to activate, measured in weeks or months. Hot sites activate immediately but are quite expensive. Mutual assistance agreements depend on the support of another organization.
Half-duplex
X communications allow only one side to send at a time. Full-duplex communications allow both parties to send simultaneously, whereas simplex communications describe one-way communications. A suplex would be a bad idea for most communications—it is a wrestling move!
Gray box
X testing is a blend of crystal- (or white-) box testing that provides full information about a target, and black-box testing, which provides little or no knowledge about the target.
Number of use cases tested / total number of use cases
Test coverage is computed using the formula test coverage = number of use cases tested / total number of use cases. Code coverage is assessed by the other formulas, including function, conditional, and total code coverage.
Layer 4
TCP, UDP, and other transport layer protocols like SSL and TLS operate at the Transport layer.
Deterrence
Deterrence is the first functional goal of physical security mechanisms. If a physical security control presents a formidable challenge to a potential attacker, they may not attempt the attack in the first place.
Automated recovery
In an X, the system can recover itself against one or more failure types. In a manual recovery approach, the system does not fail into a secure state but requires an administrator to manually restore operations. In an automated recovery without undue loss, the system can recover itself against one or more failure types and also preserve data against loss. In function recovery, the system can restore functional processes automatically
SCP
Skip should use SCP – Secure Copy is a secure file transfer method. SSH is a secure command-line and login protocol, whereas HTTP is used for unencrypted web traffic. Telnet is an unencrypted command line and login protocol.
*Ben must have a conspicuously posted privacy policy on his site.
The California Online Privacy Protection Act requires that commercial websites that collect personal information from users in California conspicuously post a privacy policy. The Act does not require compliance with the EU DPD, nor does it use the DPD concepts of notice or choice, and it does not require encryption of all personal data.
*Reference monitor
The X is a component of the Trusted Computing Base (TCB) that validates access to resources.
Irises don’t change as much as other factors.
Iris scans have a longer useful life than many other types of biometric factors because they don’t change throughout a person’s lifespan (unless the eye itself is damaged). Iris scanners can be fooled in some cases by high-resolution images of an eye, and iris scanners are not significantly cheaper than other scanners.
NDA Nondisclosure agreements
Prohibit employees from sharing sensitive information without authorization, even after their employment ends. They may also apply to business partners, contractors, customers and others. Service level agreements (SLAs) and operating level agreements (OLAs) specify the parameters of service that a vendor provides to a customer. Data loss prevention (DLP) technology prevents data loss but is a technical, rather than a policy control
3 Crypto Keys
They need a key for every possible pair of users in the cryptosystem. The first key would allow communication between Matthew and Richard. The second key would allow communication between Richard and Christopher. The third key would allow communication between Christopher and Matthew.
Callback
X disconnects a remote user after their initial connection, and then calls them back at a preauthorized number. CallerID can help with this but can be spoofed, making callback a better solution. CHAP is an authentication protocol, and PPP is a dial-up protocol. Neither will verify a phone number.
*Gramm Leach Bliley Act
The X is an example of civil law. The Computer Fraud and Abuse Act, Electronic Communications Privacy Act, and Identity Theft and Assumption Deterrence Act are all examples of criminal law.
*Encrypt the email content
The SMTP protocol does not guarantee confidentiality between servers, making TLS or SSL between the client and server only a partial measure. Encrypting the email content can provide confidentiality; digital signatures can provide nonrepudiation.
SQL injection
The single quotation mark in the input field is a telltale sign that this is a SQL injection attack. The quotation mark is used to escape outside of the SQL code’s input field, and the text following is used to directly manipulate the SQL command sent from the web application to the database.
Record retention
Record retention policies describe how long the organization should retain data and may also specify how and when destruction should occur. Classification policies describe how and why classification should occur and who is responsibile, whereas availability and audit policies may be created for specific purposes.
RTO<MTD
The goal of the business continuity planning process is to ensure that your recovery time objectives are all less than your maximum tolerable downtimes.
*Remediation 2
The Remediation phase of incident handling focuses on conducting a root cause analysis to identify the factors contributing to an incident and implementing new security controls, as needed.
This is an encrypted email message.
The S/MIME secure email format uses the P7S format for encrypted email messages. If the recipient does not have a mail reader that supports S/MIME, the message will appear with an attachment named smime.p7s.
*Aggregation
Aggregation is a security issue that arises when a collection of facts has a higher classification than the classification of any of those facts standing alone. An inference problem occurs when an attacker can pull together pieces of less sensitive information from multiple sources and use them to derive information of greater sensitivity. In this case, only a single source was used. SQL injection is a web application exploit. Multilevel security is a system control that allows the simultaneous processing of information at different classification levels.
Polyinstantiation
X allows the storage of multiple different pieces of information in a database at different classification levels to prevent attackers from conducting aggregation or inference attacks. Kim could store incorrect location information in the database at lower classification levels to prevent the aggregation attack in this scenario. Input validation, server-side validation, and parameterization are all techniques used to prevent web application attacks and are not effective against inference attacks.
*Foreign key
The tail number is a database field because it is stored in the database. It is also a primary key because the question states that the database uniquely identifies aircraft using this field. Any primary key is, by definition, also a candidate key. There is no information provided that the tail number is a foreign key used to reference a different database table.
*Foreign key 2
X are used to create relationships between tables in a database. The database enforces referential integrity by ensuring that the foreign key used in a table has a corresponding record with that value as the primary key in the referenced table.
Waterfall
The X model uses an approach that develops software sequentially, spending quite a bit of time up front on the development and documentation of requirements and design. The spiral and agile models focus on iterative development and are appropriate when requirements are not well understood or iterative development is preferred. DevOps is an approach to integrating development and operations activities and is not an SDLC model.
Data owner
The X is a senior manager who bears ultimate responsibility for data protection tasks. The data owner typically delegates this responsibility to one or more data custodians.
*Unique salts should be stored for each user.
A X using a secure generation method and stored in that user’s record. Since attacks against hashes rely on building tables to compare the hashes against, unique salts for each user make building tables for an entire database essentially impossible—the work to recover a single user account may be feasible, but large scale recovery requires complete regeneration of the table each time. A single salt allows rainbow tables to be generated if the salt is stolen or can be guessed based on frequently used passwords. Creating a unique salt each time a user logs in does not allow a match against a known salted hashed password.
*Examine and test
NIST SP800-53 describes three processes:
Examination, which is reviewing or analyzing assessment objects like specifications, mechanisms, or activities Interviews, which are conducted with individuals or groups of individuals Testing, which involves evaluating activities or mechanisms for expected behavior when used or exercised Knowing the details of a given NIST document in depth can be challenging. To address a question like this, first eliminate responses that do not make sense; here, a mechanism cannot be interviewed, and test and assess both mean the same thing. This leaves only one correct answer.
Anomaly-based intrusion detection
X detection systems may identify a zero-day vulnerability because it deviates from normal patterns of activity. Signature-based detection methods would not be effective because there are no signatures for zero-day vulnerabilities. Strong patch management would not be helpful because, by definition, zero-day vulnerabilities do not have patches available. Full-disk encryption would not detect an attack because it is not a detective control.
Credential management
X systems provide features designed to make using and storing credentials in a secure and controllable way. AAA systems are authorization, authentication, and accounting systems. Two-factor authentication and Kerberos are examples of protocols.
*Secondary response procedures for first responders
The emergency response guidelines should include the immediate steps an organization should follow in response to an emergency situation. These include immediate response procedures, a list of individuals who should be notified of the emergency, and secondary response procedures for first responders. They do not include long-term actions such as activating business continuity protocols, ordering equipment, or activating disaster recovery sites.
A preventive access control; a mantrap
A mantrap uses two sets of doors, only one of which can open at a time. A mantrap is a type of preventive access control, although its implementation is a physical control.
Separation of duties 2
When following the separation-of-duties principle, organizations divide critical tasks into discrete components and ensure that no one individual has the ability to perform both actions. This prevents a single rogue individual from performing that task in an unauthorized manner and is also known as two-person control.
Administrative Controls
Procedures implemented to define the roles, responsibilities, policies, and administrative functions needed to manage the control environment.
Annualized Rate of Occurrence (ARO)
An estimate of how often a threat will be successful in exploiting a vulnerability over the period of a year.
Arms Export Control Act of 1976
Authorizes the President to designate those items that shall be considered as defense articles and defense services and control their import and the export.
Availability
The principle that ensures that information is available and accessible to users when needed.
Breach
An incident that results in the disclosure or potential exposure of data.
Compensating Controls
Controls that substitute for the loss of primary controls and mitigate risk down to an acceptable level.
Compliance
Actions that ensure behavior that complies with established rules.
Confidentiality
Supports the principle of “least privilege” by providing that only authorized individuals, processes, or systems should have access to information on a need-to-know basis.
Copyright
Covers the expression of ideas rather than the ideas themselves; it usually protects artistic property such as writing, recordings, databases, and computer programs.
Corrective: Controls
Controls implemented to remedy circumstance, mitigate damage, or restore controls.
Data Disclosure
A breach for which it was confirmed that data was actually disclosed (not just exposed) to an unauthorized party.
Detective Controls
Controls designed to signal a warning when a security control has been breached.
Deterrent Controls
Controls designed to discourage people from violating security directives.
Directive Controls
Controls designed to specify acceptable rules of behavior within an organization.
Due Care
The care a “reasonable person” would exercise under given circumstances.
Due Diligence
Is similar to due care with the exception that it is a pre-emptive measure made to avoid harm to other persons or their property.
Enterprise Risk Management
A process designed to identify potential events that may affect the entity, manage risk so it is within its risk appetite, and provide reasonable assurance regarding the achievement of entity objectives.
Export Administration Act of 1979
Authorized the President to regulate exports of civilian goods and technologies that have military applications.
Governance
Ensures the business focuses on core activities, clarifies who in the organization has the authority to make decisions, determines accountability for actions and responsibility for outcomes, and addresses how expected performance will be evaluated.
Incident
A security event that compromises the confidentiality, integrity, or availability of an information asset.
Integrity
Comes in two forms; making sure that information is processed correctly and not modified by unauthorized persons, and protecting information as it transits a network.
Information Security Officer
Accountable for ensuring the protection of all of the business information assets from intentional and unintentional loss, disclosure, alteration, destruction, and unavailability.
Least Privilege
Granting users only the accesses that are required to perform their job functions.
Logical (Technical) Controls
Electronic hardware and software solutions implemented to control access to information and information networks.
Patent
Protects novel, useful, and nonobvious inventions.
Physical Controls
Controls to protect the organization’s people and physical environment, such as locks, fire management, gates, and guards; physical controls may be called “operational controls” in some contexts.
Preventive Controls
Controls implemented to prevent a security incident or information breach.
Recovery Controls
Controls implemented to restore conditions to normal after a security incident.
Recovery Time Objective (RTO)
How quickly you need to have that application’s information available after downtime has occurred.
Recovery Point Objective (RPO)
The point in time to which data must be restored in order to successfully resume processing.
Risk
1. A combination of the probability of an event and its consequence (ISO 27000) 2. An expectation of loss expressed as the probability that a particular threat will exploit a particular vulnerability with a particular harmful result.(RFC 2828)
Risk Acceptance
The practice of accepting certain risk(s), typically based on a business decision that may also weigh the cost versus the benefit of dealing with the risk in another way.
Risk Avoidance
The practice of coming up with alternatives so that the risk in question is not realized.
Risk Mitigation
The practice of the elimination of or the significant decrease in the level of risk presented.
Risk Transfer
The practice of passing on the risk in question to another entity, such as an insurance company.
Risk Management
A systematic process for identifying, analyzing, evaluating, remedying, and monitoring risk.
Single Loss Expectancy (SLE)
Defined as the difference between the original value and the remaining value of an asset after a single exploit.
Single Points of Failure (SPOF)
Any single input to a process that, if missing, would cause the process or several processes to be unable to function.
Trademark
Any word, name, symbol, color, sound, product shape, device, or combination of these that is used to identify goods and distinguish them from those made or sold by others.
Trade Secret
Proprietary business or technical information, processes, designs, practices, etc., that are confidential and critical to the business.
Vulnerability Assessment
Determines the potential impact of disruptive events on the organization’s business processes.
Wassenaar Arrangement
Established to contribute to regional and international security and stability by promoting transparency and greater responsibility in transfers of conventional arms and dual-use goods and technologies, thus preventing destabilizing accumulations.
Categorization
The process of determining the impact of the loss of confidentiality, integrity, or availability of the information to an organization.
Clearing
The removal of sensitive data from storage devices in such a way that there is assurance that the data may not be reconstructed using normal system functions or software file/data recovery utilities.
Curie Temperature
The critical point where a material’s intrinsic magnetic alignment changes direction.
Data Classification
Entails analyzing the data that the organization retains, determining its importance and value, and then assigning it to a category.
Data Custodians
Ensure important datasets are developed, maintained, and accessible within their defined specifications.
Data Modeling
The methodology that identifies the path to meet user requirements.
Data Remanence
The residual physical representation of data that has been in some way erased.
Data Standards
Objects, features, or items that are collected, automated, or affected by activities or the functions of organizations.
Federal Information Processing Standards (FIPS)
The official series of publications relating to standards and guidelines adopted.
File Encryption Software
Allows greater flexibility in applying encryption to specific file(s).
Framework Core
A set of cybersecurity activities, desired outcomes, and applicable references that are common across critical infrastructure sectors.
Framework Implementation Tiers
Provide context on how an organization views cybersecurity risk and the processes in place to manage that risk.
Framework Profile
Represents the outcomes based on business needs that an organization has selected from the Framework Categories and Subcategories.
IT Asset Management (ITAM)
ITAM is a much broader discipline, adding several dimensions of management and involving a much broader base of stakeholders.
Media Encryption Software
Software that is used to encrypt otherwise unprotected storage media such as CDs, DVDs, USB drives, or laptop hard drives.
The National Checklist Program (NCP)
The U.S. Government repository of publicly available security checklists (or benchmarks) that provide detailed low-level guidance on setting the security configuration of operating systems and applications.
NIST Computer Security Division (CSD)
Focuses on providing measurements and standards to protect information systems against threats to the confidentiality of information, integrity of information and processes, and availability of information and services in order to build trust and confidence in Information Technology systems.
Purging
The removal of sensitive data from a system or storage device with the intent that the data cannot be reconstructed by any known technique.
Quality Assurance (QA)
An assessment of quality based on standards external to the process and involves reviewing of the activities and quality control processes to ensure final products meet predetermined standards of quality.
Quality Control (QC)
An assessment of quality based on internal standards, processes, and procedures established to control and monitor quality.
Self-Encrypting USB Drives
Portable USB drives that embed encryption algorithms within the hard drive, thus eliminating the need to install any encryption software.
Abstraction
Involves the removal of characteristics from an entity in order to easily represent its essential properties.
Access Control Matrix
A two-dimensional table that allows for individual subjects and objects to be related to each other.
Asymmetric Algorithms
One-way functions, that is, a process that is much simpler to go in one direction (forward) than to go in the other direction (backward or reverse engineering).
Address Space Layout Randomization (ASLR)
Involves randomly arranging the positions of key data areas of a program, including the base of the executable and the positions of the stack, heap, and libraries in a process’s memory address space.
Aggregation
Combining non-sensitive data from separate sources to create sensitive information.
Algorithm
A mathematical function that is used in the encryption and decryption processes.
Bell-La Padula Model
Explores the rules that would have to be in place if a subject is granted a certain level of clearance and a particular mode of access.
Brewer-Nash (The Chinese Wall) Model
This model focuses on preventing conflict of interest when a given subject has access to objects with sensitive information associated with two competing parties.
Cable Plant Management
The design, documentation, and management of the lowest layer of the OSI network model – the physical layer.
Certificate Authority (CA)
An entity trusted by one or more users as an authority in a network that issues, revokes, and manages digital certificates.
Ciphertext or Cryptogram
The altered form of a plaintext message, so as to be unreadable for anyone except the intended recipients.
Cloud Computing
A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g. networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management.
Common Criteria
Provides a structured methodology for documenting security requirements, documenting and validating security capabilities, and promoting international cooperation in the area of IT security.
Community Cloud Infrastructure
Provisioned for exclusive use by a specific community of consumers from organizations that have shared concerns.
Confusion
Provided by mixing (changing) the key values used during the repeated rounds of encryption. When the key is modified for each round, it provides added complexity that the attacker would encounter.
Control Objects for Information and Related Technology (COBIT)
Provides a set of generally accepted processes to assist in maximizing the benefits derived using information technology (IT) and developing appropriate IT governance.
Covert Channels
Communications mechanisms hidden from the access control and standard monitoring systems of an information system.
Cryptanalysis
The study of techniques for attempting to defeat cryptographic techniques and, more generally, information security services.
Cryptology
The science that deals with hidden, disguised, or encrypted communications. It embraces communications security and communications intelligence.
Cyber-Physical Systems (CPS)
Smart networked systems with embedded sensors, processors, and actuators that are designed to sense and interact with the physical world and support real-time, guaranteed performance in safety-critical applications.
Data Hiding
Maintains activities at different security levels to separate these levels from each other.
Data Warehouse
A repository for information collected from a variety of data sources.
Decoding
The reverse process from encoding – converting the encoded message back into its plaintext format.
Diffusion
Provided by mixing up the location of the plaintext throughout the ciphertext.
Digital Certificate
An electronic document that contains the name of an organization or individual, the business address, the digital signature of the certificate authority issuing the certificate, the certificate holder’s public key, a serial number, and the expiration date
Digital Rights Management (DRM)
A broad range of technologies that grant control and protection to content providers over their own digital media.
Digital Signatures
Provide authentication of a sender and integrity of a sender’s message.
Enterprise Security Architecture (ESA)
Focused on setting the long-term strategy for security services in the enterprise.
Firmware
The storage of programs or instructions in ROM.
“Generally Accepted Principles and Practices for Securing Information Technology Systems” (NIST SP 800-14)
Provides a foundation upon which organizations can establish and review information technology security programs.
Graham-Denning
Primarily concerned with how subjects and objects are created, how subjects are assigned rights or privileges, and how ownership of objects is managed.
Inference
The ability to deduce (infer) sensitive or restricted information from observing available information.
ISO/IEC 21827:2008, The Systems Security Engineering – Capability Maturity Model (SSE-CMM)
Describes the essential characteristics of an organization’s security engineering process that must exist to ensure good security engineering.
Hash Function
Accepts an input message of any length and generates, through a one-way operation, a fixed-length output.
Industrial Control Systems (ICS)
Used to control industrial processes such as manufacturing, product handling, production, and distribution.
IT Infrastructure Library (ITIL)
Defines the organizational structure and skill requirements of an IT organization as well as the set of operational procedures and practices that direct IT operations and infrastructure, including information security operations.
Embedded Systems
Used to provide computing services in a small form factor with limited processing power.
Encoding
The action of changing a message into another format through the use of a code.
Hybrid Cloud Infrastructure
A composition of two or more distinct cloud infrastructures (private, community, or public) that remain unique entities but are bound together by standardized or proprietary technology that enables data and application portability.
Initialization Vector (IV)
A non-secret binary vector used as the initializing input algorithm for the encryption of a plaintext block sequence to increase security by introducing additional cryptographic variance and to synchronize cryptographic equipment.
Key Clustering
When different encryption keys generate the same ciphertext from the same plaintext message.
Key Length
The size of a key, usually measured in bits or bytes, which a cryptographic algorithm used in ciphering or deciphering protected information.
Key Space
This represents the total number of possible values of keys in a cryptographic algorithm or other security measure, such as a password.
Message Authentication Code (MAC)
A small block of data that is generated using a secret key and then appended to the message.
Message Digest
A small representation of a larger message. Message digests are used to ensure the authentication and integrity of information, not the confidentiality.
Middleware
A connectivity software that enables multiple processes running on one or more machines to interact.
Multilevel Lattice Models
A security model describes strict layers of subjects and objects and defines clear rules that allow or disallow interactions between them based on the layers they are in.
Non-repudiation
A service that ensures the sender cannot deny a message was sent and the integrity of the message is intact.
OpenID Connect
An interoperable authentication protocol based on the OAuth 2.0 family of specifications.
OWASP
A nonprofit organization focused on improving the security of software.
Paging
Divides the memory address space into equal-sized blocks called pages.
Payment Card Industry Data Security Standard (PCI-DSS)
Provides the security architect with a framework of specifications to ensure the safe processing, storing, and transmission of cardholder information.
Plaintext
The message in its natural format.
Primary Storage
Stores data that has a high probability of being requested by the CPU.
Private Cloud
In this model, the cloud infrastructure is provisioned for exclusive use by a single organization comprising multiple consumers.
Protection Keying
Divides physical memory up into blocks of a particular size, each of which has an associated numerical value called a protection key.
Public Cloud Infrastructure
Provisioned for open use by the general public. It may be owned, managed, and operated by a business, academic, or government organization, or some combination of them. It exists on the premises of the cloud provider.
Registration Authority (RA)
This performs certificate registration services on behalf of a CA.
Secondary Storage
Holds data not currently being used by the CPU and is used when data must be stored for an extended period of time using high-capacity, nonvolatile storage.
Security Assertion Markup Language (SAML)
An XML-based standard used to exchange authentication and authorization information.
Security Zone of Control
An area or grouping within which a defined set of security policies and measures are applied to achieve a specific level of security.
Segmentation
Dividing a computer’s memory into segments.
Sherwood Applied Business Security Architecture (SABSA) Framework
Holistic life cycle for developing security architecture that begins with assessing business requirements and subsequently creating a “chain of traceability” through the phases of strategy, concept, design, implementation, and metrics.
State Attacks
Attempt to take advantage of how a system handles multiple requests.
State Machine Model
Describes the behavior of a system as it moves between one state and another, from one moment to another.
Stream-based Ciphers
When a cryptosystem performs its encryption on a bit-by-bit basis.
Symmetric Algorithms
Operate with a single cryptographic key that is used for both encryption and decryption of the message.
Substitution
The process of exchanging one letter or byte for another.
System Kernel
The core of an OS, and one of its main functions is to provide access to system resources, which includes the system’s hardware and processes.
The Open Group Architecture Framework (TOGAF)
An architecture content framework (ACF) to describe standard building blocks and components as well as numerous reference models.
Transposition
The process of reordering the plaintext to hide the message.
Work Factor
This represents the time and effort required to break a protective measure.
Zachman Framework
A logical structure for identifying and organizing the descriptive representations (models) that are important in the management of enterprises and to the development of the systems, both automated and manual, that comprise them.
Bastion hosts
Serve as a gateway between a trusted and untrusted network that gives limited, authorized access to untrusted hosts.
Bridges
Layer 2 devices that filter traffic between segments based on Media Access Control (MAC) addresses.
Common application service element (CASE)
Sublayer that provides services for the application layer and request services from the session layer
Concentrators
Multiplex connected devices into one signal to be transmitted on a network
Direct-Sequence Spread Spectrum (DSSS)
A wireless technology that spreads a transmission over a much larger frequency band, and with corresponding smaller amplitude
Decryption
The process of transforming encrypted data back into its original form, so it can be understood.
Fibre Channel over Ethernet (FCoE)
A lightweight encapsulation protocol and lacks the reliable data transport of the TCP layer
File Transfer Protocol (FTP)
A stateful protocol that requires two communication channels
Firewalls
Devices that enforce administrative security policies by filtering incoming traffic based on a set of rules
Frequency-Hopping Spread Spectrum (FHSS)
This wireless technology spreads its signal over rapidly changing frequencies
Internet Control Message Protocol (ICMP)
Provides a means to send error messages for non-transient error conditions and provides a way to probe the network in order to determine general characteristics about the network.
Layer 1
Physical Layer
Layer 2
Data-Link Layer
Layer 3
Network Layer
Layer 4
Transport Layer
Layer 5
Session Layer
Layer 6
Presentation Layer
Layer 7
Application Layer
Lightweight Directory Access Protocol (LDAP)
A client/server-based directory query protocol loosely based upon X.500, commonly used for managing user information
Modems
Allow users remote access to a network via analog phone lines
OSI reference model
Layering model structured into seven layers (physical layer, data-link layer, network layer, transport layer, session layer, presentation layer, application layer)
Ping scanning
A basic network mapping technique that helps narrow the scope of an attack
Public-key encryption
Involves a pair of keys-a public key and a private key-associated with an entity that needs to authenticate its identity electronically or to sign or encrypt data
Remote Authentication Dial-in User Service (RADIUS)
An authentication protocol used mainly in networked environments, such as ISPs, or for similar services requiring single sign-on for layer 3 network access, for scalable authentication combined with an acceptable degree of security.
Remote Procedure Calls (RPC)
Represent the ability to allow for the executing of objects across hosts
Screen Scraper
A program which can extract data from output on a display intended for a human
Security perimeter
The first line of protection between trusted and untrusted networks
Specific application service element (SASE)
Sublayer that provides application specific services (protocols)
Spread spectrum
A method commonly used to modulate information into manageable bits that are sent over the air wirelessly
TCP/IP or Department of Defense (DoD) model
Layering model structured into four layers (link layer, network layer, transport layer, application layer)
Traceroute
A diagnostic tool that displays the path a packet traverses between a source and destination host
Transmission Control Protocol (TCP)
Provides connection-oriented data management and reliable data transfer
User Datagram Protocol (UDP)
Provides a lightweight service for connectionless data transfer without error detection and correction
Virtual Private Network (VPN)
An encrypted tunnel between two hosts that allows them to securely communicate over an untrusted network
Voice over Internet Protocol (VoIP)
A technology that allows you to make voice calls using a broadband Internet connection instead of a regular (or analog) phone line
Wireless local area network (WLAN)
Links two or more devices over a short distance using a wireless distribution method, usually providing a connection through an access point for Internet access.
Wireless mesh network
A wireless network made up of radio nodes organized in a mesh topology
Wireless metropolitan area networks
A type of wireless network that connects several wireless LANs
Wireless personal area networks (WPANs)
Interconnect devices within a relatively small area that is generally within a person’s reach
Access badges
Used to enter secured areas of a facility and are used in conjunction with a badge reader to read information stored on the badge
Access Control Systems
Physical or electronic systems designed to control who, or what, has access to a network
Account management systems
Systems that attempt to streamline the administration of user identity across multiple systems
Authentication
The process of verifying the identity of the user
Authorization
The process of defining the specific resources a user needs and determining the type of access to those resources the user may have
Cryptographic Device
A hardware device that contains non-programmable logic and non-volatile storage dedicated to all cryptographic operations and protection of private keys.
Electronic authentication (e-authentication)
The process of establishing confidence in user identities electronically presented to an information system
Facility access control
Protects enterprise assets and provides a history of who gained access and when the access was granted
Identity as a Service (IDaaS)
Cloud-based services that broker identity and access management functions to target systems on customers’ premises and/or in the cloud
Identity proofing
The process of collecting and verifying information about a person for the purpose of proving that a person who has requested an account, a credential, or other special privilege is indeed who he or she claims to be, and establishing a reliable relationsh
Kerberos
Developing standard for authenticating network users. Kerberos offers two key benefits: it functions in a multi-vendor network, and it does not transmit passwords over the network.
Logical access controls
Protection mechanisms that limit users’ access to information and restrict their forms of access on the system to only what is appropriate for them
MAC address
A 48-bit number (typically represented in hexadecimal format) that is supposed to be globally unique
Mandatory Access Controls (MACs)
Access control that requires the system itself to manage access controls in accordance with the organization’s security policies
Multi-factor Authentication
Ensures that a user is who they claim to be. The more factors used to determine a person’s identity, the greater the trust of authenticity.
Password Management System
A system that manages passwords consistently across the enterprise
Physical Access Control Systems (PACS)
Allows authorized security personnel to simultaneously manage and monitor multiple entry points from a single, centralized location
Radio Frequency Identification (RFID)
A non-contact, automatic identification technology that uses radio signals to identify, track, sort and detect a variety of objects including people, vehicles, goods and assets without the need for direct contact
Role-Based Access Control (RBAC)
An access control model that bases the access control authorizations on the roles (or functions) that the user is assigned within an organization
Rule-Based Access Control
An access control model that based on a list of predefined rules that determine what accesses should be granted
Security Assertion Markup Language 2.0 (SAML 2.0)
A version of the SAML OASIS standard for exchanging authentication and authorization data between security domains
Single factor authentication
Involves the use of simply one of the three available factors solely in order to carry out the authentication process being requested
Single Sign-On (SSO)
A unified login experience (from the viewpoint of the end user) when accessing one or more systems
Trusted Platform Modules (TPM)
A local hardware encryption engine and secured storage for encryption keys
User ID
Provides the system with a way of uniquely identifying a particular user amongst all the users of that system
2011 CWE/SANS Top 25 Most Dangerous Software Errors
A list of the most widespread and critical errors that can lead to serious vulnerabilities in software.
Audit Records
Contain security event information such as successful and failed authentication attempts, file accesses, security policy changes, account changes, and use of privileges.
Architecture Security Reviews
A manual review of the product architecture to ensure that it fulfills the necessary security requirements.
Automated Vulnerability Scanners
Tests an application for the use of system components or configurations that are known to be insecure.
Condition Coverage
This criteria requires sufficient test cases for each condition in a program decision to take on all possible outcomes at least once. It differs from branch coverage only when multiple conditions must be evaluated to reach a decision.
Data Flow Coverage
This criteria requires sufficient test cases for each feasible data flow to be executed at least once.
Decision (Branch) Coverage
Considered to be a minimum level of coverage for most software products, but decision coverage alone is insufficient for high-integrity applications.
Information Security Continuous Monitoring (ISCM)
Maintaining ongoing awareness of information security, vulnerabilities, and threats to support organizational risk management decisions.
Intrusion Detection Systems (IDS)
Real-time monitoring of events as they happen in a computer system or network, using audit trail records and network traffic and analyzing events to detect potential intrusion attempts.
Intrusion Prevention Systems (IPS)
Any hardware or software mechanism that has the ability to detect and stop attacks in progress.
Loop Coverage
This criteria requires sufficient test cases for all program loops to be executed for zero, one, two, and many iterations covering initialization, typical running, and termination (boundary) conditions.
Misuse Case
A Use Case from the point of view of an Actor hostile to the system under design.
Multi-Condition Coverage
This criteria requires sufficient test cases to exercise all possible combinations of conditions in a program decision.
Negative Testing
Ensures the application can gracefully handle invalid input or unexpected user behavior.
Path Coverage
This criteria requires sufficient test cases for each feasible path, basis path, etc., from start to exit of a defined program segment, to be executed at least once.
Positive Testing
Determines that your application works as expected.
Real User Monitoring (RUM)
An approach to web monitoring that aims to capture and analyze every transaction of every user of a website or application.
Regression Analysis
The determination of the impact of a change based on review of the relevant documentation.
Security Log Management
The process for generating, transmitting, storing, analyzing, and disposing of computer security log data.
Statement Coverage
This criteria requires sufficient test cases for each program statement to be executed at least once; however, its achievement is insufficient to provide confidence in a software product’s behavior.
Static Source Code Analysis (SAST)
Analysis of the application source code for finding vulnerabilities without actually executing the application.
Synthetic Performance Monitoring
Involves having external agents run scripted transactions against a web application.
System Events
Operational actions performed by OS components, such as shutting down the system or starting a service.
Threat Modeling
A process by which developers can understand security threats to a system, determine risks from those threats, and establish appropriate mitigations.
Use Cases
Abstract episodes of interaction between a system and its environment.
Validation
The determination of the correctness, with respect to the user needs and requirements, of the final program or software produced from a development project.
Verification
The authentication process by which the biometric system matches a captured biometric against the person’s stored template.
Vulnerability Management Software
Log the patch installation history and vulnerability status of each host, which includes known vulnerabilities and missing software updates.
Web Proxies
Intermediate hosts through which websites are accessed.
White-box Testing
A design that allows one to peek inside the “box” and focuses specifically on using internal knowledge of the software to guide the selection of test data.
Acoustic Sensors
Device that uses passive listening devices
Administrator accounts
Accounts that are assigned only to named individuals that require administrative access to the system to perform maintenance activities, and should be different and separate from a user’s normal account.
Balanced Magnetic Switch (BMS)
Devices that use a magnetic field or mechanical contact to determine if an alarm signal is initiated
Chain of custody
The who, what, when, where, and how the evidence was handled—from its identification through its entire life cycle, which ends with destruction, permanent archiving, or returning ot owner.
Cipher Lock
A lock controlled by touch screen, typically 5 to 10 digits that when pushed in the right combination the lock will releases and allows entry
Configuration management (CM)
A discipline for evaluating, coordinating, approving or disapproving, and implementing changes in artifacts that are used to construct and maintain software systems
Data Leak Prevention (DLP)
A suite of technologies aimed at stemming the loss of sensitive information that occurs in the enterprise.
Egress filtering
The practice of monitoring and potentially restricting the flow of information outbound from one network to another
Infrared Linear Beam Sensors
A focused infrared (IR) light beam is projected from an emitter and bounced off of a reflector that is placed at the other side of the detection area
Instant Keys
Provide a quick way to disable a key by permitting one turn of the master key to change a lock
Intrusion Detection System (IDS)
A technology that alerts organizations to adverse or unwanted activity
Indemnification
The party to party litigation costs resulting from its breach of warranties
Intrusion Prevention System (IPS)
A technology that monitors activity like an IDS but will automatically take proactive preventative action if it detects unacceptable activity.
Honeypot
Decoy servers or systems setup to gather information regarding an attacker or intruder into your system
Honeyfarm
A centralized collection of honeypots and analysis tools
Honeynet
Two or more honeypots on a network
Live evidence
Data that are dynamic and exist in running processes or other volatile locations (e.g., system/device RAM) that disappear in a relatively short time once the system is powered down
Locard’s exchange principle
States that when a crime is committed, the perpetrators leave something behind and take something with them, hence the exchange
Magnetic Stripe (mag stripe) cards
Consist of a magnetically sensitive strip fused onto the surface of a PVC material, like a credit card
Mortise Lock
A lock or latch that is recessed into the edge of a door, rather than being mounted to its surface.
Power users
Accounts granted greater privileges than normal user accounts when it is necessary for the user to have greater control over the system, but where administrative access is not required
Protocol Anomaly-Based IDS
Identifies any unacceptable deviation from expected behavior based on known network protocols
Proximity Card (prox cards)
Use embedded antenna wires connected to a chip within the card through RF.
Records and Information Management (RIM)
Essential activities to protect business information and can be established in compliance with laws, regulations, or corporate governance
Remanence
The measure of the existing magnetic field on the media after degaussing
Rim Lock
A lock or latch typically mounted on the surface of a door, typically associated with a dead bolt type of lock
Sandboxing
A form of software virtualization that lets programs and processes run in their own isolated virtual environment
Security Informatn and Event Management (SIEM)
A group of technologies which aggregate information about access controls and selected system activity to store for analysis and correlation
Service accounts
Accounts used to provide privileged access used by system services and core applications
Smart Cards
Credential cards with one or more microchip processing that accepts or processes infomraiton and can be contact or contact less.
Statistical Anomaly-based IDS
Analyzes event data by comparing it to typical, known, or predicted traffic profiles in an effort to find potential security breaches
Steganography
The science of hiding information
Traffic anomaly-based IDS
Identifies any unacceptable deviation from expected behavior based on actual traffic structure
Time domain Reflectometry (TDR)
Send induced radio frequency (RF) signals down a cable that is attached to the fence fabric
ActiveX Data Objects (ADO)
A Microsoft high-level interface for all kinds of data.
Capability Maturity Model for Software (CMM or SW-CMM)
Maturity model focused on quality management processes and has five maturity levels that contain several key practices within each maturity level.
Common Object Request Broker Architecture (CORBA)
A set of standards that addresses the need for interoperability between hardware and software products.
Computer Virus
A program written with functions and intent to copy and disperse itself without the knowledge and cooperation of the owner or user of the computer.
Configuration Mangement (CM)
Monitoring and managing changes to a program or documentation.
Covert Channel
An information flow that is not controlled by a security control.
Encryption
The conversion of electronic data into another form, called ciphertext, which cannot be easily understood by anyone except authorized parties.
Data Mining
The practice of examining large databases in order to generate new information.
Database Management System (DBMS)
A suite of application programs that typically manages large, structured sets of persistent data.
Database Model
Describes the relationship between the data elements and provides a framework for organizing the data.
DevOps
An approach based on lean and agile principles in which business owners and the development, operations, and quality assurance departments collaborate.
Log
A record of the events occurring within an organization’s systems and networks.
Integrated Product and Process Development (IPPD)
A management technique that simultaneously integrates all essential acquisition activities through the use of multidisciplinary teams to optimize the design, manufacturing, and supportability processes.
Iterative Models
Development models that allow for successive refinements of requirements, design, and coding.
Knowledge Discovery in Databases (KDD)
A mathematical, statistical, and visualization method of identifying valid and useful patterns in data.
Metadata
Information about the data.
Rapid Application Development (RAD)
A form of rapid prototyping that requires strict time limits on each phase and relies on tools that enable quick development.
Software Assurance (SwA)
The level of confidence that software is free from vulnerabilities, either intentionally designed into the software or accidentally inserted at any time during its life cycle, and that it functions in the intended manner.
Time Multiplexing
Allows the operating system to provide well-defined and structured access to processes that need to use resources according to a controlled and tightly managed schedule.
Time of Check/Time of Use (TOC/TOU) Attacks
Takes advantage of the dependency on the timing of events that takes place in a multitasking operating system.
Trusted Computing Bases (TCB)
The collection of all of the hardware, software, and firmware within a computer system that contains all elements of the system responsible for supporting the security policy and the isolation of objects.
Waterfall Development Model
A development model in which each phase contains a list of activities that must be performed and documented before the next phase begins.
What is the default size of an IP (IPv4) header (in bytes)?
20
What byte in the IP header contains the protocol being transmitted?
9
What field in the IP header does a router use to determine the route a packer will take?
Destination IP Address
What RFC defines private IP addressing?
1918
What type of DNS query do you perform when you have the FQDN and need the IP address?
gethostbyname – also called a forward lookup
What type of DNS query do you perform when you have the address and need the name?
gethostbyaddress – also called a reverse lookup
How many bytes is an IPv4 address?
4
How many bits is an IPv4 address?
32
How many bytes is an IPv6 address?
16
How many bits is an IPv6 address?
128
Support for IPv6 over IPv4 is called what?
tunneling
Support for IPv4 over IPv6 is called what?
translation
What is the default size of an IP (IPv6) header (in bytes)?
40
Is IPv4 or IPv6 more efficient?
IPv6
What is the default size of an UDP header (bytes)?
8
What is the default size of a TCP header (bytes)?
20
The TCP flag of “U” means what?
urgent
The TCP flag of “P” means what?
push
What layer of the OSI model does ICMP work?
3
An open SCADA protocol that allows communication between multiple vendor systems.
DNP3 – Distributed Network Protocol
VoIP uses what media protocol to transmit voice traffic?
RTP
802.11b supports up to how many Mbps?
11
802.11a supports up to how many Mbps?
54
802.11g supports up to how many Mbps?
54
802.11n supports up to how many Mbps?
144
802.11b uses which frequency?
2.4
802.11a uses which frequency?
5.0
802.11g uses which frequency?
2.4
802.11n uses which frequency?
2.4 and 5.0
What is radio frequency hopping spread spectrum?
Todo
What is radio frequency direct sequence spread spectrum?
Todo
What does WEP stand for?
Wired equivalent privacy
What serial line protocol controls data flow and provides error correction?
HDLC
What serial line protocol uses a polling media-access method?
SDLC
What type of DSL has a higher download rate than upload and low?
ADSL
What type of DSL has symmetrical download and upload rates?
SDSL
What type of DSL uses copper twisted pair and is often the “last-mile” for a T1 circuit?
HDSL
What type of DSL has a higher download rate than upload and high bandwidth?
VDSL
What OSI layer do packet filter firewalls work?
3
What OSI layer do stateful firewalls work?
3
What OSI layer do proxy firewalls work?
7
What OSI layer do Next Generation Firewalls work?
7
A firewall without a ruleset is considered what?
router
Category 1 twisted-pair is used for what?
standard telephone wiring
Category 2 twisted-pair supports speeds up to how many Mbps?
4
Category 3 twisted-pair supports speeds up to how many Mbps?
10
Category 4 twisted-pair supports speeds up to how many Mbps?
16
Category 5 twisted-pair supports speeds up to how many Mbps?
100
Category 6 twisted-pair supports speeds up to how many Mbps?
1000
What protocol is used to determine the MAC address for a known IP address?
ARP
What protocol is used to determine the IP address for a known MAC address?
RARP
RIP protocol is what type of routing protocol?
distance vector
OSPF protocol is what type of routing protocol?
link state
Link state routing uses what algorithm to determine routes?
shortest path first (SPF)
What separates a router’s control plane from the data plane to enable remote routing decisions.
software defined networking (SDN)
What mode is a client-to-site VPN?
transport
What mode is a site-to-site VPN?
tunnel
IPsec Authentication Header (AH) does not address what?
Serve as a gateway between a trusted and untrusted network that gives limited, authorized access to untrusted hosts.
Bastion hosts
Layer 2 devices that filter traffic between segments based on Media Access Control (MAC) addresses.
Bridges
Sublayer that provides services for the application layer and request services from the session layer
Common application service element (CASE)
Multiplex connected devices into one signal to be transmitted on a network
Concentrators
A wireless technology that spreads a transmission over a much larger frequency band, and with corresponding smaller amplitude
Direct-Sequence Spread Spectrum (DSSS)
The process of transforming encrypted data back into its original form, so it can be understood.
Decryption
A lightweight encapsulation protocol and lacks the reliable data transport of the TCP layer
Fibre Channel over Ethernet (FCoE)
A stateful protocol that requires two communication channels
File Transfer Protocol (FTP)
Devices that enforce administrative security policies by filtering incoming traffic based on a set of rules
Firewalls
This wireless technology spreads its signal over rapidly changing frequencies
Frequency-Hopping Spread Spectrum (FHSS)
Provides a means to send error messages for non-transient error conditions and provides a way to probe the network in order to determine general characteristics about the network.
Internet Control Message Protocol (ICMP)
Physical Layer
Layer 1
Data-Link Layer
Layer 2
Network Layer
Layer 3
Transport Layer
Layer 4
Session Layer
Layer 5
Presentation Layer
Layer 6
Application Layer
Layer 7
A client/server-based directory query protocol loosely based upon X.500, commonly used for managing user information
Lightweight Directory Access Protocol (LDAP)
Allow users remote access to a network via analog phone lines
Modems
Layering model structured into seven layers (physical layer, data-link layer, network layer, transport layer, session layer, presentation layer, application layer)
OSI reference model
A basic network mapping technique that helps narrow the scope of an attack
Ping scanning
Involves a pair of keys-a public key and a private key-associated with an entity that needs to authenticate its identity electronically or to sign or encrypt data
Public-key encryption
An authentication protocol used mainly in networked environments, such as ISPs, or for similar services requiring single sign-on for layer 3 network access, for scalable authentication combined with an acceptable degree of security.
Remote Authentication Dial-in User Service (RADIUS)
Represent the ability to allow for the executing of objects across hosts
Remote Procedure Calls (RPC)
A program which can extract data from output on a display intended for a human
Screen Scraper
The first line of protection between trusted and untrusted networks
Security perimeter
Sublayer that provides application specific services (protocols)
Specific application service element (SASE)
A method commonly used to modulate information into manageable bits that are sent over the air wirelessly
Spread spectrum
Layering model structured into four layers (link layer, network layer, transport layer, application layer)
TCP/IP or Department of Defense (DoD) model
A diagnostic tool that displays the path a packet traverses between a source and destination host
Traceroute
Provides connection-oriented data management and reliable data transfer
Transmission Control Protocol (TCP)
Provides a lightweight service for connectionless data transfer without error detection and correction
User Datagram Protocol (UDP)
An encrypted tunnel between two hosts that allows them to securely communicate over an untrusted network
Virtual Private Network (VPN)
A technology that allows you to make voice calls using a broadband Internet connection instead of a regular (or analog) phone line
Voice over Internet Protocol (VoIP)
Links two or more devices over a short distance using a wireless distribution method, usually providing a connection through an access point for Internet access.
Wireless local area network (WLAN)
A wireless network made up of radio nodes organized in a mesh topology
Wireless mesh network
A type of wireless network that connects several wireless LANs
Wireless metropolitan area networks
Interconnect devices within a relatively small area that is generally within a person’s reach
Wireless personal area networks (WPANs)
Was this helpful?
Let us know if this was helpful. That’s the only way we can improve.
The Quizzma Team is a collective of experienced educators, subject matter experts, and content developers dedicated to providing accurate and high-quality educational resources. With a diverse range of expertise across various subjects, the team collaboratively reviews, creates, and publishes content to aid in learning and self-assessment.
Each piece of content undergoes a rigorous review process to ensure accuracy, relevance, and clarity. The Quizzma Team is committed to fostering a conducive learning environment for individuals and continually strives to provide reliable and valuable educational resources on a wide array of topics. Through collaborative effort and a shared passion for education, the Quizzma Team aims to contribute positively to the broader learning community.