Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
145 Cards in this Set
- Front
- Back
What does EAL Stand For?
|
Evaluation Assurance Level
|
|
How Many EAL Levels are there? Name Them?
|
• EAL 1 Functionally tested
• EAL 2 Structurally tested • EAL 3 Methodically tested and checked • EAL 4 Methodically designed, tested, and reviewed • EAL 5 Semiformally designed and tested • EAL 6 Semiformally verified design and tested • EAL 7 Formally verified design and tested |
|
Name the different types of Access Control And What they Do?
|
• Recovery Access Control - focuses on restoring resources.
• Preventive Access Control – to avoid occurrence • Detective Access Control – In order to detect or identify occurrences • Deterrent Access Control – In order to discourage occurrences • Corrective Access Control – In order to correct or restore control |
|
The Trusted Computer Security Evaluation Criteria (TCSEC) provides:
|
o A basis for assessing the effectiveness of security controls built into automatic data processing system products.
o Provides guidelines to be used with evaluating a security product. o Allows evaluators to measure and rate the functionality of a system and how trustworthy it is. |
|
Orange Book:
The Operational Assurance Requirements are: |
System Architecture
System Integrity Covert channel Analysis Trusted Facility Management Trusted Recovery |
|
Orange Book:
The Life-Cycle Assurance Requirements: |
Security Testing
Design Specification and Testing Configuration Management Trusted Distribution |
|
Trusted Computing Base (TCB) is:
|
o It originates from the Orange Book
o It includes Hardware, Firmware, and software o A higher TCB rating will require that details of their testing procedures and documentation be reviewed with more granularity |
|
What is an Overt Channel?
|
a channel within a computer system or network that is designed for the authorized transfer of information. Processes should be communicating through overt channels not covert channels.
|
|
What is an Covert Timing Channel?
|
Allows one process to signal information to another by modulating its own use of system resources.
|
|
Penetration tests to provide all of the following:
|
Identification of security flaws
A method to correct the security flaws. Verification of the levels of existing infiltration resistance |
|
What is an Encapsulated Security Payload (ESP)?
|
Is a header that when its added to an IP datagram, protects the confidentiality, integrity, and authenticity of the data.
|
|
What is Annualized Loss Expectancy (ALE)?
|
ALE when done properly portray risk accurately. ALE calculations provide a meaningful cost benefit analysis. ALE calculations are used to: Identify risks Plan budgets for information risk management Calculate loss expectancy in annualized terms. SLE x ARO = ALE single loss expectancy x annualized rate of occurrence
|
|
What do Circuit Based Firewalls do?
|
They look only at IP addresses and ports
|
|
What do Application based Firewalls do?
|
They dig deeper into the packet and this makes them more secure.
|
|
What is Keystrokes dynamics mean by Dwell Time?
|
The amount of time you hold down a specific key
|
|
What is Role Based Access Control (RBAC)?
|
It is an alternative to traditional discretionary (DAC) and mandatory (MAC) access control.
|
|
What is a RADIUS Protocol?
|
Protocol is used for carrying authentication, authorization, and configuration information between a network access server, which desires to authenticate its link and a Shared Authentication Server
|
|
What is Encrypted Authentication?
|
A form of authentication would most likely apply a digital signature algorithm to every bit of data that is sent from the claimant to the verified.
|
|
What is Kerberos?
|
Relies upon symmetric key cryptography, specifically Data Encryption Standard (DES) and provides end-to-end security for authentication traffic between the client and the Key Distribution Center (KDC)
|
|
How does Kerberos Work?
|
o It depends on symmetric ciphers
o It depends on Private Key cryptography o provide end-to-end security o Most work with cryptography keys and shared secret keys (private keys) instead of passwords |
|
SSO stands for?
|
Single Sign-on
|
|
What Operating modes can implement SSO?
|
o Kerberos
o SESAME o KryptoKnight o NetSP o Scripts Directory services o Thin Clients o Scripted access |
|
Name the Symmetric Key Cryptography Protocols?
|
Kerberos
|
|
Biometrics -In terms of order of acceptance the list the methods in order of most to least accepted?
|
o Voice Pattern
o Keystroke Pattern o Signature o Hand Geometry o Hand Print o Finger Print o Iris o Retina Pattern – more intrusive than IRIS scan |
|
What does Recovery Access Control focus on?
|
focuses on restoring resources
|
|
What does Preventive Access Control focus on?
|
to avoid occurrence
|
|
What does Detective Access Control focus on?
|
In order to detect or identify occurrences
|
|
What does Deterrent Access Control focus on?
|
In order to discourage occurrences
|
|
What does Corrective Access Control focus on?
|
In order to correct or restore control
|
|
What is Keystroke Dynamics?
|
Can measure one’s keyboards input up to 1000 times per second. Specifically, measures 2 distinct variables:
o Dwell Time – The amount of time you hold down a specific key o Flight time – The amount of time it takes a person to switch between keys. |
|
In terms of order of effectiveness list the Biometric Order:
|
Iris Scan
Retina Scan Fingerprint Hand Geometry Voice Pattern Keystroke Pattern Signature |
|
What is the act of requiring two of the three factors to be used in the authentication process?
|
Two-Factor Authentication
1.e PIN Number + Smart Card or Token |
|
"Integrity and Security of Data" is a KEY responsibility for?
|
Custodian of Data
|
|
List the elements included in a Public Key Infrastructure (PKI)?
|
a. Timestamping
b. Light Weight Directory Access Protocol (LDAP) c. Certificate Revocation |
|
List two valid categories for Hand Geometry Reading?
|
1. Mechanical
2. Image-Edge Detection |
|
A proxy based firewall has which of the following advantages over a firewall employing stateful packet inspection?
|
It has greater "Network Isolation"
|
|
Who developed the Trusted Computer Security Evaluation Criteria?
|
The National Computer Security Center (NCSC)
|
|
Under DAC, a subjects rights must be _____ when it leaves an organization.
|
Terminated
|
|
A Gap Analysis for Security refers to:
|
The practice of identifying the security policies and practices currently in place your organization designed to protect all your data from unauthorized access, altercation or inadvertent disclosures.
|
|
List the items that are identified by a Business Impact Analysis (BIA):
|
1. Analyizing the threats associated with each functional area.
2. Determining the risk associated with each threat. 3. Identifying the major functional areas of information. |
|
List three types of One Time Password Generators (tokens):
|
1. Tranaction Synchronous
2. Synchronous/PIN Synchronous 3. ASynchronous/PIN Synchronous |
|
Frame-Relays uses a public Switched Network to provide?
|
Wide Area Network Connectivity
|
|
Individual Accountability Includes?
|
Unique Identifiers
Access Rules Audit Trails |
|
What is being referred to when the work product is satifying the real-world requirements and concepts?
|
Validation
|
|
What are the characteristics of Object-Oriented Data Bases (OODB)?
|
1. Ease of reusing Code & Analysis
2. Reduced Maintenance |
|
What is the Primary advantage of using separate authetication server?
|
Audit and Access information are not kept on the access server
|
|
What is a common limitation of information classification systems inability to?
|
The ability to declassify information when appropriate
|
|
What is the proper term to refer to a single unit of TCP data at the transport layer?
|
TCP Segment
|
|
A weak key of an encryption algorithm has the following property?
|
It facilitates attacks against the algorithm
|
|
TCSEC provides a means to evaluate?
|
The trustworthiness of an information system
|
|
The Orange book does not conver?
|
Networks and communications
Database management systems |
|
What is INDIRECT ADDRESSING?
|
Type of memory addressing where the address location that specified in the program instruction contains the address of the final desired location
|
|
How does CSMA/CD computers communicate?
|
It uses the media access method used in ethernet.
|
|
List the Administrative Controls:
|
1. Separation of duties
2. Job Rotation 3. Least Priviledge and Need-to-know 4. Manadatory Vacations 5. Clipping Levels |
|
Open Box testing, in the Flaw Hypothesis Method of Penetration Testing applies to the analysis of?
|
General Purpose Operating Systems
|
|
Who developed one of the first mathematical models of a multilevel-security computer system?
|
Bell and LaPadula
|
|
During the testing of the business continuity plan BCP, which method of result analysis provides the BEST assurance that the plan is workable?
|
Quantitatively measuring the results of the test
|
|
Zip/Jaz drives are frequently used for the individual backups of small data sets of?
|
Specific Application Data
|
|
What would best describe secondary evidence?
|
A copy of a peice of evidence
|
|
According to the principal of accountability, what action should be traceble to a specific user?
|
Significant - any significant action should be traceable to a specific user
|
|
What is true with pre-shared key authentication within IKE/IPsec Protocol?
|
Pre-shared key authentication is normally based on simple passwords.
Only one preshared key for all VPN connections is needed. Costly key management on large user groups. |
|
What is the main responsibility of the Information Owner?
|
Determining what level of classification the information requires.
|
|
A system uses a numeric with 1-4 digits. How many passwords need to be tried before it is cracked?
|
10000 - The largest 4 digit number is 9999 so 10,000 is the closest answer.
|
|
Virtual Private Network software does not encrypt?
|
Data link Messaging
|
|
What is the Primary feature of a Proxy Server?
|
Client Hiding
|
|
Computer crime is generally made possible by?
|
Victim Carelessness
|
|
A firewall can be classified as a _____________ access Control?
|
Rule-based access control
|
|
Which department managers would be best suited to oversee the development of an information security policy?
|
Business Operations
|
|
What are Decision Support Systems (DSS)?
|
DSS emphasizes flexibility in the decision making approach of users.
|
|
Which Levels MUST be protected against both covert storage and covert timing channels?
|
B3 and A1
|
|
What is the purpose of undertaking a parallel run of a new system?
|
Verify that the system provides required business functionality
|
|
What best ensures accountability of users for actions taken within a system or domain?
|
Identification - Identification is the process by which a subject professes an identity and accountability.
|
|
An instruction that the amount of the gross pay for any one employee cannot exceed 2500, is an example of a control that is referred to as a?
|
Limit Check
|
|
What is an advantage of deploying Role-based access control in large networked applications?
|
Lower Cost
|
|
When continuosly availability is required, what is a good alternative to tape backups?
|
Hierarchical Storage Managment (HSM) - provides continuous on-line backup by using optical or tape "jukeboxes" similar to "WORMs"
|
|
A periodic review of user account managment should not determine?
|
The strength of user-chosen passwords.
|
|
Which access control method gives "UPDATE" privilege on Structured Query Language (SQL) database objects to specific users or groups?
|
Mandatory
|
|
Describe Kerchoff's Assumption on cryptographic attack?
|
The Key is secret the Algorithm is known.
|
|
what evaluates the product against the "Specification"?
|
Verification - this term is used when making a comparison of a product against specification.
|
|
Evidence corroboration is acheived by?
|
Maintaining all evidence under the control of an independent source
|
|
Dual-Gateway Host
|
Is not considered a firewall technology
|
|
Which RFC talks about Rule Based Security Policy?
|
2828
|
|
In the OSI/ISO Model, at what level is SET (Secure Electronic Transaction Protocol) provided?
|
Application Layer
|
|
What is a Zephyr Chart?
|
Typically used to illustrate the comparative strengths and weaknesses of each biometric technology.
|
|
At what TCSEC or ITSEC security level are database elements first required to have security lables?
|
B1/E3
|
|
What cannot be undertaken in conjunction with computer incident handling?
|
System Development Activity
|
|
Which OSI layer provides TCP/IP end-to-end security?
|
Presentation & Session - The primary technology for layer 5 is a gateway. The following protocols operate within the session layer:
SSL, NFS, SQL, RPC The presentation layer is responsible for transforming data received from the application layer into a format that any system following the OSI model can understand. |
|
Which aspect of security was the Bell-LaPadula access control model designed to protect?
|
Confidentiality
|
|
Buffer overflow and boundary condition errors are subsets of?
|
Input validation errors
|
|
List some valid reasons to use external penetration service firms rather than corporate resources?
|
They are more cost-effective
They offer a lack of corporate bias They ensure more complete reporting |
|
What is a characteristic of a penetration testing project?
|
The project task are to break into a targeted system
|
|
Whast is true about data encryption as a method of protecting data?
|
It requires careful key management
|
|
what is called the verification that a user's claimed identity is valid and is usually implemented through a user password at log-on time?
|
Authentication
|
|
What is not a known type of Message Authentication Code(MAC)?
|
Signature-based MAC
|
|
The RSA Algorithm uses which mathematical concept as the basis of its encryption?
|
Large Prime Numbers
|
|
What is type 2 authentication factor?
|
Something you Have
|
|
Under MAC, who may grant a right of access that is explicitly forbidden in the access control policy?
|
No one may grant a right of access that is explicitly forbidden in the access control policy
|
|
An example of an individual point of verification in a computerized application is?
|
A check digit
|
|
A SYD Attack?
|
Takes advantage of the way a TCP session is established
|
|
Which back-up method is most appropriate for off-site archiving?
|
Full backup method
|
|
What can be defined as the set of allowable values that an attribute can take?
|
Domain of a Relation
|
|
What is commonly used for retrofitting multilevel security to a database management system?
|
Trusted Front-End
|
|
According to the Orange Book, Trusted Facility Management is not required for which security level?
|
B1 - does not provide trusted facility management, the next highest level that does is B2
|
|
The underlying reason for creating a disaster planning recovery strategy is to?
|
Mitigate Risk associated with the disaster
|
|
What security risk does a Covert Channel Create?
|
It bypasses the Reference Monitor
|
|
What is an important fact affecting the time requited to perpetrate a manual trial and error attack to gain access to a target computer system?
|
Kespace for the password - Keyspace (or length of password) is the main detterent.
|
|
The alternative processing strategy in a business continuity plan can provide for required back-up computing capacity through a hot site, a cold site, or?
|
An online backup program.
|
|
_____________is the first step of access control
|
Identification - the 1st step in the access control process is identifying who the subject is
|
|
To ensure that integrity is attained through the Clark and Wilson model, certain rules are needed. These rules are?
|
Certification rules and Enforcement rules - Integrity-monitoring rules are called certification rules, and integrity-preserving rules are called enforcement rules
|
|
The recording of events with a closed-circuit TV camera is considered a ?
|
Detective Control
|
|
When parties do not have a shared secret and large quantities of sensitive information must be passed, the most effiecient means of transferring information is to use a hybrid encryption technique. what does this mean?
|
Use a public key to secure a a secret key, and message encrytion using the secret key
|
|
What enables users to validate each others certificate when they are certified under different certification hierarchies?
|
Cross-Certification
|
|
List three examples of protocls used in creating VPN's?
|
PPTP- works at the data link layer. Designed for individual client server connections, only a single point to point connection per session. PPTP uses native Point-to-Point authentication and encrytion services.
L2TP - L2TP is a combination of PPTP and earlier Layer 2 Forwarding Protocol (L2F) that works at the data link layer. It has become an accepted tunneling standard for VPN's. L2TP supports TACACS+ and RADIUS but PPTP does not. Does not encrypt like PPTP. IPSec - operates at the network layer and enables multiple and simultaneous tunnels. IPSec has the funtionality to encrypt and authenticate IP data. It is built on the new IPv6 standard, and is used as an add-on to the current IPv4. L2F |
|
Failure of a contigency plan is usually?
|
A management failure
|
|
One of the diferences between Kerberos and Kyptoknight is that there is?
|
A peer-to-peer relationship amoung the parties and the KDC
|
|
File Integrity Routines and Audit Trail are examples of what?
|
Security Controls that would be found in a "trusted" application system
|
|
_________is the fraudulent use of telephone systems.
|
Phreaking
|
|
What is not an authentication method within IKE and IPSec?
|
CHAP
|
|
What is the purpose of certification path validation?
|
Check the legitamacy of the certificate in the certification path
|
|
What is defined as a key establishment protocol based on the Diffie-Hillman Algorithm proposed for IPSec but superceded by IKE?
|
Oakley
|
|
What is a trait of a macro virus that allows it to spread more effectively than other types?
|
They can be transported between differnet operating systems
|
|
What kind of evidence would printed business records, manuals, and printouts classify as?
|
Real Evidence
|
|
Access controls allow you to exercise directing influence over which aspects of a system?
|
Behavior
Use Content |
|
What is the main differnece between memory cards and smart cards?
|
Memory cards have no processing power
|
|
What correctly descibes Role based access?
|
It allows you to specify and enforce enterprise specific security policies in a way that maps to your organizational structure
|
|
How do Information Labels of Compartmented Mode workstation (CMW) differ from Sensitivity Levels of B3 evaluated systems?
|
Information labels contain more Sensitivity Labels, but are not used by the reference Monitor to determine access permissions
|
|
What is an effective communications error-control technique usually implemented in software?
|
Packet Checksum
|
|
PGP uses ______________ to encrypt data?
|
A symmetric Scheme
|
|
What can best be descibed as an abstract machine which must mediate all access to subjects to objects?
|
The Reference Monitor
|
|
What type of discretionary access control is based on an individuals identity?
|
Identity Based Access Control
|
|
In regards to computer crime what does MOM stand for?
|
Motivation
Opportunity Means |
|
RC5 is?
|
A symmetric encryption Algorithm
|
|
Which level of "least Privilege" enables operators the right to modify data directly in it's original location, in addition to data copied from the original location?
|
Access Change
|
|
Configuration Management controls?
|
Auditing and controlling any changes to the Trusted Computer Base.
|
|
What is the PRIMARY reason for designing the security kernel to be as small as possible?
|
Due to it's compactness, the kernel is easier to formally verify.
|
|
What is Polyinstantiation?
|
an environment characterized by information stored in more than one location in a database. Used in database information security to hide information
|
|
Configuration Management is a rquirement for what levels?
|
B2, B3, and A1
|
|
Regarding Packet Filtering:
|
It is based on ACL's
It is not application dependent It operates at the network layer |
|
Configuration Management controls?
|
Auditing and controlling any changes to the Trusted Computer Base.
|
|
Which level of "least Privilege" enables operators the right to modify data directly in it's original location, in addition to data copied from the original location?
|
Access Change
|
|
Configuration Management controls?
|
Auditing and controlling any changes to the Trusted Computer Base.
|
|
What is the PRIMARY reason for designing the security kernel to be as small as possible?
|
Due to it's compactness, the kernel is easier to formally verify.
|
|
What is Polyinstantiation?
|
an environment characterized by information stored in more than one location in a database. Used in database information security to hide information
|
|
Configuration Management is a rquirement for what levels?
|
B2, B3, and A1
|
|
Regarding Packet Filtering:
|
It is based on ACL's
It is not application dependent It operates at the network layer |