Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
50 Cards in this Set
- Front
- Back
What is the Take-Grant Model?
|
uses a directed graph to specify the rights that a subject can transfer to an object or that a subject can take from another object.
|
|
What is the Bell-LaPadula model?
|
developed to formalize the US DoD multi-level security policy. Deals only with the confidentially of classified material and does no address integrity or availability.
|
|
The basic tenets of Bell-LaPadula model can be summed up in which way?
|
no read up, no write-down
|
|
What is meant by the property Strong* Property
|
that reading or writing is permitted at a certain sensitivity level but not at either higher or lower sensitivity.
|
|
What is the Biba model
|
The first formal integrity model it is lattice based and uses the less than or equal to relation
|
|
The basic tenets of the Biba model can be summed up in which way?
|
no read-down, no write-up
|
|
What does the Clark Wilson model require to function?
|
Integrity models
|
|
What constitutes a triple in the Operational Security domain?
|
Threat, vulnerability and assets
|
|
What is the difference between a threat and a vulnerability?
|
A vulnerability is a weakness in a system whereas a threat is any potential event that could affect how the system functions
|
|
What are the major categories of operations security controls
|
preventative, detective and corrective
|
|
Give an example of a preventative control
|
High walls or dogs
|
|
Give an example of a detective control
|
Audit trails or access control lists
|
|
Give an example of a corrective control?
|
backup tapes, redundancy arrays or continuing operations facilities
|
|
What are administrative controls and what separates them from operational controls?
|
they are installed and manged by administrative personnel to help reduce the threat or impact of violations in a computer system. They are separated because they have more to do with human personnel.
|
|
What are the three basic levels of privilege?
|
Read, Read/Write, Change
|
|
What are some things that can destroy data media?
|
temperature liquids, magnetism, smoke and dust
|
|
What is the difference between auditing and monitoring?
|
auditing occurs at a fixed moment in time whereas monitoring is ongoing
|
|
What is a clipping level?
|
a baseline of user activity that is considered a routine level of user errors.
|
|
What is the goal of problem management?
|
reduce the failures to manageable level, prevent occurrence or reoccurrence of a problem, mitigate the negative impact of problems
|
|
What are three was to thwart traffic analysis attacks?
|
message padding, sending noise, cover channel anaylsis
|
|
What are two types of data scavenging attacks?
|
keyboard attacks, laboratory attacks
|
|
What are the phases of system development life cycle?
|
initiation, development/acquisition, implementation, operation/maintenance/disposal
|
|
What is the waterfall model?
|
a sequential model where inputs from previous phases are incorporated into the next phase
|
|
What is the spiral model
|
operates under the assumption that the same steps are taken at each phase of the product development lifecycle
|
|
In the spiral model what does the lower-left quadrant focus on?
|
developing plans that will be reviewed in the upper quadrants of the diagram prior to finalization of the plans.
|
|
In the detailed COCOMO Model what is the software development effort measured by?
|
external input types, external output types, logical internal file types, external interface file types, external inquiry types
|
|
Describe the following equation
MM= 2.4 (KDSI)^1.05 |
Man months = 2.4 times the number of thousands of delivered source instructions raised to the 1.05 power
|
|
Describe the following equation:
TDEV =2.5(MM)^.38 |
Development Schedule in months = 2.5 * man months raised to the power of .38
|
|
What are the five levels of the Software Capability Maturity Model
|
Initiation, Repeatable, Defined, Managed, Optimizing
|
|
What is the IDEAL model/
|
the SEI process Improvement model it is an organizational improvement model
|
|
In OOP what is a message?
|
the communication to an object to carryout some operation
|
|
In OOP what is a method?
|
the code that defines the actions an object performs i response to a message.
|
|
In OOP what is a behavior?
|
refers to the results exhibited by tan object upon receipt of a message
|
|
What is the common object model?
|
supports the exchange of objects between programs
|
|
What is an expert system?
|
a system that exhibits reasoning similar to that of a human expert to solve a problem.
|
|
What are four types of databases?
|
hierarchical, mesh, object-oriented, relational
|
|
What is ODBC
|
A M$ developed standard for supporting access to databases through different applications.
|
|
What is included in the Business Continuity Plan process
|
Scope and plan initiation, business impact assessment, business continuity plan development
|
|
What is included in the Disaster Recovery Plan process?
|
DRP processes, Testing the disaster recovery plan, disaster recovery procedures
|
|
What must always be the first element of a disaster recovery plan?
|
personnel evacuation and safety
|
|
In the BCP process who approves expenditures, liabilities, and service impacts?
|
policy group
|
|
In the BCP process who identifies and prioritizes time-critical systems
|
Senior Business Unit Management
|
|
What are the three goals of a business impact assessment?
|
Criticality prioritization, downtime estimation, resource requirements
|
|
What are the four steps of a business impact assessment?
|
Gather information, Perform vulnerability assessment, analyze the information, document
|
|
What is a disaster recovery plan?
|
a comprehensive statement of consistent actions to be taken before, during and after a disruptive event.
|
|
When speaking of recovery time frame requirements what does a category AAA asset mean?
|
Immediate
|
|
When speaking of recovery time frame requirements what does a category AA asset mean?
|
Full functional recovery require w/i four hours
|
|
When speaking of recovery time frame requirements what does a category A asset mean?
|
same day business recovery
|
|
When speaking of recovery time frame requirements what does a category B asset mean?
|
Max 24 hours downtime
|
|
When speaking of recovery time frame requirements what does a category C asset mean?
|
24 -72 hours downtime
|