click below
click below
Normal Size Small Size show me how
CISSPY Wiley FC 2
Question | Answer |
---|---|
Which organization developed the Bell-LaPadula security model? | The U.S Department of Defense |
What are some of the terms used to describe the CPU mode that gives access to teh full range of supported instructions? | System mode, Privileged mode, Supervisory mode, and Kernel mode |
Which accesss control scheme requires administrative rules to be defined along with the various conditions under which they apply as well as applicable object permissions? | Rule-Based Access Control |
What occurs when a change in the plaintext results in multiple changes spread throughout the cipher text? | Diffusion |
Define the aspect of confiidentiaility known as secrecy | Secrecey is the activity of keeping something a secret or preventing the disclosure of information |
In relation to storage mediea, what is purging? | Purging is a more intense form of clearing that prepares media for reuse in less secure environments. It provides a level of assurance that the original data is not recoverable using any known methods. Repeats the clearning process multiple times and comb |
Define the Goguen-Meseguer model | The Goguen-Meseguer model is an integrity model based on perderterming the set or domain of objects that a subject can access. This model is based on automation theory and domain separation |
What are protection rings? | Security standpoint. Protection rings organize code and components in an OS into concentric rings. The deeper inside the circle you go, the higher the privilege level associated with the code that occupies a specific ring. |
How should an organization prepare for managing water leakage and flooding? | Should be addressed in your environmental and safety policy and procedures. Water and electricity don't mix |
What are the typical steps in incident response? | Detection, Response, Mitigation, Reporting, Recovery, Remediation, and Lessons Learned |
What form of password attack consists first of a dictiionary attack and then a brute-force attack based on the dictionary list? | Hybrid Attack. aka One-Upped password attack |
What is DNS pharming? | Malicious redirection of a valid website's URL or IP address to a fake website that hosts a false version of the original valid site. Part of a phising attack |
Data Owner | Responsible for classifying, labeling, and protecting data. |
System Owner | Responsible for SYSTEMS that process data |
Business and Mission owners | Ensure that systems provide value to the organization. $$ |
Data controllers | Decide what data to process and how |
Data Processors | Often third party entities. Process data |
Administrators | Grant access to data based on rules from data owners |
Users/subjects | Access data while performing work tasks. |
Custodian | Has day to day duty of protecting and storing data |
Developers | Write code in different programming languages which is then either compiled into maching language or executed through an interpret |
Software librarires | Create shared and reusable code and code repositories provide a management platform for the software development process |
Senior Management should be included in the BCP process from the beginning? True or False | True |
What database security feature can be used to subvert aggregation, inferencing, and contamination vulnerabilities? | Database partitioning |
Define the Harrison-Ruzzo-Ullman (HRU) model | Model focuses on the assignment of object access rights to subjects as well as the integrity (or resilience ) of those assigned rights. |
When evaluating access control attacks, what are three primary elements that must be identfied? | Assets, Threats and Vulnerabilities |
What does Bell-Lapdaula protect? | Confidentiality |
What does Biba and Clark-Wilson protect? | Integrity |
What two forms of authentication are supported by 802.11? | Ospen System Authentication (OSA) and Shared Key Authentication (SKA) |