CISSP Set 1 (1-50) Security Management
Terms
undefined, object
copy deck
- What is confidentiality?
- The intentional or unintentional unauthorized disclosure of data
- What is integrity?
- Ensuring that data is not altered either by authorized or unauthorized means and that it is internally/externally consistent
- What are the three steps in trade-off analysis?
-
1. Determine the Objective
2. Identify Alternatives
3. Compare alternatives - What are the four basic types of security controls?
-
Deterrent
Preventative
Corrective
Detective - What is an example of a deterrent control?
- Fences, dogs, regulations or AUPs
- What is an example of a preventative control?
- Guards, fire suppression, passive firewalls/routers, authentication mechanisms
- What is an example of a corrective control?
- mantraps, IPS, account lockout, backups
- What is the formula for Single Loss Expectancy?
- Asset Value($) X Exposure Factor(EF) = SLE
- What is the formula for Annualized Loss Expectancy?
- SLE X Annualized Rate of Occurrence(ARO) = ALE
- What is Annualized Loss Expectancy?
- The annually expected financial loss to an organization from a specific threat
- What is the best formula for cost-benefit?
- (ALE before safeguard implementation)- (ALE after safeguard implementation) -(annual safeguard cost) = value of safeguard to the organization
- What is a threat?
- An event or activity that has the potential to cause harm to the information systems or networks
- What is a vulnerability?
- A weakness or lack of a safeguard that can be exploited by a threat, causing harm to the IS or network
- What is a risk?
- The potential for harm of loss to an IS or network. the probability that a threat will materialize.
- What are three types of Access controls?
- Administrative, logical/technical or physical
- When speaking of access control what is an example of an administrative control?
- background checks, work habit checks etc.
- When speaking of access control what is an example of a logical or technical control?
- encryption, smart cards, access control lists
- When speaking of access control what is an example of a physical control?
- guards and building security in general
- Rule based access control can also be considered ___________ because rules determine the access and not the identity of the subject.
- Mandatory access control
- What does an access control triple consist of?
- user, program and file with the corresponding access privileges noted for each user
- In a Ping of Death attack what is the packet size that would cause an overflow of system variables and lead to a system crash/
- >65 octets
- What is a SYN attack?
- A type of overflow attack that takes advantage of a systems small in-process queue by sending several connection requests (SYNs) without sending a response (ACK)
- What is a teardrop attack?
- A type of of access control attack that modifies the length and fragmentation offset fields in IP packets. The target system becomes confused and crashes after it receives contradictory instructions on how to fragment and offset packets
- What is a smurf attack?
- a type of access control attack where an attacker sends a packet with a spoofed IP to the broadcast node on a network. The broadcast node then replies to the spoofed IP and crashes the system
- What are four common Trojans?
- Trinoo, Back Orifice, NetBus, & SubSeven
- What is one major disadvantage of Single Sign On?
- Once a user gains access they are free to roam about the network without restrictions
- List some examples of technologies that allow SSO
- Kerberos, SESAME, KryptoKnight, NetSP
- What protocol does SESAME use?
- Needham-Schroeder
- What is one weakness is SESAME?
- It authenticates by using only the first block of a message and not the complete message.
- What is one difference between KryptoKnight and Kerberos?
- In KryptoKnight the KDC and the clients have a peer to peer relationship.
- What are the three parts of a database model?
- Data structures (called tables or relations), Integrity rule, Operators
- What do the rows of a relational database represent?
- records or tuples.
- What does the Join operation in a relational database do?
- selects the tuples that have equal numbers for some attributes
- How is a View defined?
- From the operations of Join, Project and Select
- What is a good way to prevent inference from an SQL query?
- Requiring a minimum size for a query set of >1
- What are the three steps towards data normalization?
-
1. Eliminate any repeating groups by putting them in separate tables.
2. Eliminating redundant data
3. Eliminating attributes in a table that are dependent on the primary key of that table. - What are two main disadvantages of Object-Oriented Databases?
- Steep learning curve and high hardware overhead.
- What is a major disadvantage of a NIDS?
- It will not detect an attack against a host made when an intruder is logged into that host.
- What is a disadvantage of HIDS?
- They are limited by the incompleteness of most host audit log capabilities
- What type of IDS acquires data and defines a normal usage profile for the network or host?
- Statistical anomaly
- What is the application layer of the OSI model responsible for?
- Identifying and establishing the availability of the intended communication partner and determining if enough resources exist to communicate
- What is the main function of the Presentation layer?
- A translator it performs tasks like data compression, decompression, encryption and decryption.
- What are some of the functions of the Session Layer?
- makes the initial contact with other computers and sets up the lines of communication
- What is the main function of the Transport Layer
- Defines how to address the physical locations or devices on the network.
- What does the network layer do?
- Defines how the small packets of data are routed and relayed between end systems.
- What does the Data Link layer do?
- Defines how machines must access the network think Ethernet or token Ring
- 1
- 2