Help
Options
Didn't know it?
click below
click below
Knew it?
click below
click below
Don't Know
Remaining cards (0)
Know
retry
shuffle
restart
0:00
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
CISSP Roberts way
| Question | Answer |
|---|---|
| At which layer of the OSI model does a router operate. | THE NETWORK LAYER ALSO KNOW HAS LAYER 3 |
| Which type of firewall automatically adjusts its filtering rules based on the content of the traffic of existing session? | DYNAMIC PACKET-FILTERING FIREWALLS ENABLE THE REAL-TIME MODIFICATION OF THE FILITERING RULES BASED ON TRAFFIC. |
| In what phase of the Capability Maturity Model for Software (SW-CMM) are quantitative measures utilized to gain a detailed understanding of the software development process? | THE MANAGED PHASE OF THE CAPABILITY MATURITY MODEL INVOLVES THE USE OF QUANTITATIVE DEVELOPMENT METRICS. THE SOFTWARE ENGINEERING INSTITUTE DEFINES THE KEY PROCESS AREAS FOR THIS LEVEL AS QUANTITATIVE PROCESS MANAGEMENT AND SOFTWARE QUALITY MANAGEMENT. |
| Which of the following is a layer of the ring protection scheme that is not normally implemented in practice? | LAYERS 1 AND 2 CONTAIN DEVICES DRIVERS BUT ARE NOT NORMALLY IMPLEMENTED IN PRACTICE. LAYER 0 ALWAYS CONTAINS THE SECURITY KERNAL. LAYER 3 CONTAINS THE APPLICATION. LAYER 4 DOES NOT EXIST. |
| Which of the following is not a composition theory related to security models? | ITERATIVE IS NOT ONE OF THE COMPOSITION THEORIES RELATED TO SECURITY MODELS. CASCADING, FEEDBACK AND HOOKUP ARE THE THREE COMPOSITION THEORIES. |
| System architecture, system integrity, covert channel analysis, trusted facility management, and trusted recovery are elements of what security criteria? | ASSURANCE IS THE DEGREE OF CONFIDENCE YOU CAN PLACE IN THE SATISFACTION OF SECURITY NEEDS OF A COMPUTER, NETWORK, SOLUTION, AND SO ON. OPERATIONAL ASSURANCE FOCUSES ON THE BASIC FEATURES AND ARCHITECTURE OF A SYSTEM THAT LEND THEMSELVES TO SUPPORTING SECU |
| Microsoft developed a threat categorization scheme known as | STRIDE |
| What does STRIDE stand for? | STRIDE- Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of privileges |
| Used for data that is of a private or personal nature and intended for internal use only. | Private |
| is used to collect similar elements into groups, classes, or roles that are assigned security controls, restriction, or permission as a collective. | Abstraction |
| The only way to maintain security in the face of change is to..... | Systematically manage change |
| Is the security process where potential threats are identified, categorized, and analyzed. | Threat Modeling |
| What are the four main steps in a BCP? | Project scope and planning, Business Impact and Assessment, Continuity Planning, and Approval and implementation. |
| attempts to prevent an employee with special knowledge of secrets from one organization from working in a competing organization in order to prevent that second organization from the worker's special knowledge of secrets. | NCA - Non compete agreement |
| Is the collection of practices related to supporting, defining, and directing the security efforts of an organization. | Security Governance |
| Is the system of oversight that may be mandated by law, regulation, industry standards, contractual obligation, or licensing requirements. | Third Party Governance |
| is the process of reading the exchanged material and verifying them against standards and expectations. | Documentation review |
| The primary goal of risk management is to | Reduce Risk to an acceptable level. |
| The process by which the goal of risk management is achieved is known as | Risk Analysis |
| does define the amount of acceptable data lost a company can tolerate. | The Recovery Point Objective (RPO) |
| Deals only with confidentiality. No read up. No Write down. | Bell-LaPadula Model |
| Model prevents the leaking or transfer of classified information to less secure levels. | Bell-LaPadula Model |
| The correct order for a common change management process is as follows: | Request – Review – Approve/Reject – Schedule & Implement – Document Explanation |
| An exposure is a combination of an attack and which of the following? | Vulnerability |
| is the weakness in operating system through which the unauthorized users can gain access to the system without proper authentication. | Vulnerability |
| Which step of the risk analysis involves risk control? | Selecting appropriate safeguards |
| The weakness in an asset or the absence or the weakness of a safeguard or countermeasure is a.... | Vulnerability |
| Quantitative risk analysis uses ___ , while qualitative risk analysis assigns __ to risks? | numeric values, ratings |
| What's a risk? | A risk is the likelihood of loss |
| What should a service catalogue contain? | Details of operational services |
| In which domain of ISO 27001:2013 is event logging defined: | Operations security |
| After the failure, the system is restarted with no user processes in progress. This is considered a(n) _? | Emergency system restart |
| The key aspects of operational security include all of the following, | Change control, Resource protection, Separation of duties |
| PGP, SSL, IKE are all examples of which type of cryptography? | Public Key |
| Which of these require fewer clock cycles to complete? | Reduced Instruction Set |
| is a way to hide unnecessary details from users. It's a way to manage complexity for the sake of security. | Abstraction |
| The Basic Input/output System (BIOS) provides the basic instructions for a computer to load the operating system. What is the most common chip used for BIOS storage and why? | Electronically erasable programmable read only memory (EEPROM) used to facilitate version updates more easily. |
| concept is an abstract machine, it mediates access from subjects to objects. | reference monitor |
| is hybrid Key distribution protocol and similar to SSL, except that it establishes a long-term key once, and then requires no prior communication in order to establish or exchange keys on a session-by-session basis. | Simple Key Management for Internet Protocols (SKIP) |
| Address Resolution Protocol (ARP) is a protocol at the data link layer of the OSI model. Its function is to map | IP addresses to MAC addresses |
| What kind of attack also known as resource -exhaustion attack causes memory utilization to explode with excessive requests? | SYN Flood attack |
| defines a standardized packet format to deliver audio and video over IP networks | RTP |
| is used by hosts and adjacent routers on IP networks to establish multicast group membership. | IGMP |
| Which of the following is a standard for exchanging authentication and authorization information between security domains? | SAML (Security Assertion Markup Language) |
| Sensitivity labels are one of the fundamental components used in which type of access control systems? | Mandatory Access Control |
| Iris scan is a less intrusive biometric control than retina scan. | True |
| What type of password generator utilizes a challenge-response mechanism? | Asynchronous |
| If the sensitivity is increased on a biometric system, which of the following will be MOST likely affected. | Type 1 errors will increase causing decreased usability |
| Which is the central management point in Kerberos? | key distribution center |
| Which of the following is the main component of a Kerberos server? | Authentication server |
| Which single-sign on technology addresses issues in Kerberos and is based on public key cryptography? | SESAME |
| uses both symmetric and asymmetric encryption keys. | SESAME |
| How does signature dynamics based biometric authentication work? | Physical motions performed while signing (speed, pressure, etc.) are transformed into electrical signals that are used for authentication |
| When there's a mistake pertaining to the False Accept Rate biometric accuracy metric, which class of error is it? | Type II error |
| In Kerberos, each TGT is encrypted with the key of the _. | KDC |
| Of the following, what is an implementation of MAC (mandatory access control)? | Lattice-Based Access control |
| Which of the following languages is used for provisioning purposes? | Service Provisioning Markup Language SPML |
| Which of the following biometric authentication methods recognizes the physical dimensions of the hand? | Hand geometry |
| are policies and procedures, security awareness training, background checks, and mandatory vacations. | administrative controls |
| Provides for authorized access to systems without sharing credentials. Commonly used as a way for internet user to log into third party websites | OAuth |
| Which form of access control is mostly concerned with the data stored by a field? | Content-dependent |
| Which type of access control is based on a subject's clearance and object labels | MAC |
| What is known as spam over VoIP networks? | SPIT (Spam over Internet Telephony) |
| What tool can be used to verify that a remote web server is not blocked by firewall? | Port scanner |
| When fragmenting the packets, a second fragment is contained in the first fragment which makes difficult for reassembly process and thus causing hosts to crash. What type of attack is described? | Teardrop attack |
| Which type of network provides a single path for transmission? | Circuit-switched |
| is used for exchanging routing information between gateways which can be hosts with routers within an autonomous network . | IGP |
| Which communication protocol allows transmission of data in many forms, like audio, binary or video in email messages? | MIME |
| are machines that lie within the DMZ and offer web, DNS, mails services to the public networks. | Bastion hosts |
| Which of the following best describes an extranet? | A connection between intranets |
| How can you set options like TFTP server addresses, DNS search lists, and broadcast addresses on network clients and workstations? | DHCP server |
| allows systems to support multicasting transmission of data to use multiple recipients. | Internet group management protocol |
| What is Multiprotocol Label Switching(MPLS)? | a scalable, protocol-independent transport |
| are standardized protocols that transfer multiple digital bit streams synchronously over optical fiber using lasers or highly coherent light from light-emitting diodes (LEDs). | Synchronous Optical Networking (SONET) and Synchronous Digital Hierarchy (SDH |
| What is the purpose of the Address resolution protocol (ARP)? | For an IP address - finds out the MAC address to match with. |
| Glass insulator in fiber optic cabling is known as __? | Cladding |
| Which network device that operates at the data link layer is a repeater used to connect two or more network segments? | A bridge |
| Which packet-switched standard protocol has no error correction and uses data link connection identifiers? | Frame-relay |
| Which of the following protocol classes requires that a router calculates and maintains a routing table of the entire network? | A link state protocol (class) |
| There are three mechanisms used to prevent routing loops. Which one involves a protocol or mechanism which prevents a router from sending out information about a route back out to the same interface from which the original route was learned? | Split horizon |
| Which of these descriptions would most closely describe the actions of the dynamic host configuration protocol DHCP? | Uses port 67 and 68 to enable centralized control of network addressing |
| technology uses narrowband signals that change frequency in a predictable pattern. Which technology is being referred to here? | Frequency-Hopping Spread-Spectrum (FHSS) |
| Which of the following rules is the only one that will prevent TACACS+ protocol from passing through a firewall? | Deny TCP any server eq 49 |
| are composed of the header, data, and checksum. | Frames |
| Using the Open Systems Interconnect (OSI) Reference Model, which layer provides end-host-to-end-host data transfer and defines the abstract address structure for hosts? | Layer 3 The Network Layer |
| Which of these correctly describes terms used to classify the devices at the user end of a network interface? | Data terminal equipment |
| Short durations of line noise disturbances refer to: | Transient |
| Which layer of OSI model defines network topologies and connector types? | Physical |
| Which of the following best defends against requests on port 80 from automatically accepting? | Stateful inspection |
| In a VoIP network what is responsible for converting data between a packet switched & circuit switched network? | Media gateway |
| Data at the transport layer is known as a | segment |
| What is at layer 4,3,2 | Segment is at layer 4 or transport layer Packet is data at layer 3 Frame is at Layer 2 |
| Which attack uses ICMP spoofing and broadcasting to send PING requests to hosts on the network? | Smurf attack |
| Which of the following types of cables is MOST resistant to electromagnetic interference (EMI)? | Coaxial cable |
| is a mechanism used to prevent routing loops in which the router is prevented from sending information back on a route to the original interface which the route was originally learned. | Split horizon |
| In a Kerberos environment TGS (Ticket Granting Service) generates two components, identify the correct option. | Client/TGS session key, Ticket Granting Ticket (TGT) |
| What is the other name of Crossover error rate(CER)? | Equal error rate(EER) |
Created by:
StanleyYalnats