CISSP - Review Items.txt
Card Set Information
CISSP - Review Items.txt
CISSP Review Items Only
Cards for extended review
Statement that outlines how entities acess each other, what they can carry out, what level of protection is required, and what actions should be taken if those requiremetns aren't met.
When the CPU sends data to a resource and polls for acceptance of more data is called ___________.
When the CPU sends data to an I/O device and the device returns an ackowledgement it is complete is called ___________.
When a controller is used to send memory maping data directly to the I/O device for use without CPU consent is called ___________.
I/O using Direct Memory Access (DMA)
When the CPU trusts the I/O to physically read memory via DMA is called ___________.
When the CPU acts as a broker, sending logical memory addresses to I/O resources is called ___________.
Multi-level security policy providing confidentiality only
1. Simple Security rule
2. *-property rule
3. Strong Star Property rule
Security model addressing integrity only
Security model based on based on using well formed transactions and separation of duties
Access decisions are made based on an objects Access Control List and subjects capability table
Access Control Matrix
Model states that commands and activities of one level should not impact or affect subjects or objects at a different level.
Model allows for dynamically changing access controls that protect against confilcts of interest. AKA Chinese Wall
Brewer Nash Model
This model identifies the way subjects and objects should be created and deleted and how to assign specific access rights.
A security mode that can handle a single classification and requires all users have a clearance and a formal need to know about ALL data within a system.
Dedicated Security Mode
This mode requires all data within a system be of a single classification but all users do not have a need to know about all the data within a system.
System-High Security Mode
This mode requires ALL users to have a clearance level equal to or higher thatn the highest classification of data contained within the system.
Comparmented Security Mode
This mode permits two or more classification levels of information to be processed at the same time.
Multi-Level Security Mode
Orange Book Level providing discretionary access control only
Orange Book Level providing auditing and a higher level of access control procedures (commercial applications)
Orange Book Level based on Bella-LaPadula enforced through the use of labels
Orange Book Level requiring each object must contain a classification label, each subject must possess a clearance label
Orange Book Level requiring no covert channels, trusted path during log on and authenticaiton
Orange Book Level requiring system protection from startup to intiation through secure states
Orange Book Level requiring formal methods used for design
7 Evaluation Assurance Levels
1. Functionaly Tested
2. Structurally Tested
3. Methodically Tested and checked
4. Methodically Designed, tested and reviewed
5. Semi-formally design and tested
6. Semi-formally verified design and tested
7. Formally verified design and tested
Security model addressing all three integrity goals
Used to restrict access to one network from another
What generation is a Packet Filtering firewall
What generation is a Proxy Level Firewall
Proxy Firewall required for every service
Proxy firewall that creates a circuit between application and clients
What generation is a Stateful Firewall
What generation is a Dymnamic Port Filtering
What generation is a Kernel Proxy
A fifth generation
A type of routing that discovers routes and builds routing tables
A type of routing that requires an administrator to manually configure the route statements
A type of routing that makes decision on routes based on distance and direction
Distance Vector Routing
A type of routing that builds topology of networks to factor routes
A type of routing protocol that is based on distance vector that calculates the shortest distance between two points
Routing Information Protocol (RIP)
A type of routing protocol that is based on Link-State allows hierachial routing
Open Shortest Path First (OSPF)
A type of Distance Vectoring routing protocol that is based on RIP on steroids and created by CISCO
Interior Gateway routing protocol (IGRP)
A combination of Distance Vectoring and Link State types of routing protocol
Border Gateway Protocol (BGP)
Wireless LAN authentication that requires you proves you know the the key
Open System Authentication (OSA)
Wireless LAN authenticaiton that uses a challenge response mechanism to prove you know the key
Shared Key Authentication (SKA)
Wireless authentication provides a way to prove to the AP the key is known and provides encryption too
Wired Equivalency Privacy (WEP)
A quality of service level offering no guarantee on throughput, delay or delivery (internet)
A quality of service level offering more bandwidth, shorter delays and fewer dropped frames
A quality of service level offering a specific throughput at a certain speed (voice)
Capacity that allows a protocol to distinguish between classes of messages and establish priority
Quality of Service (QoS)
Type of Proxy firewall that has provides more intricate control but requires more processing per packet and is slower
Application Level Proxy
A type of proxy firewall that provides security for a wider range of protocols but not detailed access control
Cicuit Level Proxy
Firewall that maintains a high degree of security without the performance hit and is scalable and transparent to users by storing and updating the state and context of data within the packets.
Stateful Inspection firewalls
Term used to describe a momentary loss of power
Term used to describe a momentary drop in voltage
A term used to describe a prolonged drop in voltage
A term used to describe a momentary rush of power
A term used to describe a prolonged rush of power
A type of smart card that transmits an interrogating signal causing the card to transmit an access code
A type of card that contains no battery but uses electromagnetic fields transmitted by the reader to transmit access information.
A device that contain active electronics, an RF transmitter and apower supply
A type of alarm that is sounded on the local premises only
A type of alarm that is monitored and operated by a commercial entity connected to the protected site directly
Central Station System
A type of alarm that is monitored and operated on the local premises only
A type of alarm that is sounded on the local premises and require a dedciated cicuit to transmit an alarm to the appropriate agency
Auxillary Station Systems
A type of alarm that makes a call to the local agency switchbox replaying a certain recording for a certain event
Remote Station Systems
Ping of Death
Oversized ICMP packets
Malformed packets that can't be re-assembled
Provider charges without consent
Billed for services not requested
Writing data inside the ICMP packet
Post Office Protocol (POP)
Internet mail server protocol where all mail is sent at check in then deleted.
Term used to describe an action used to protect a symol, name, color or image used to identify a company from its competitors
Term used to protect the expression of ideas instead of the ideas themselves
Term used to grant ownership to a company or individual that enables the owner to exclude others from use
A type of law that covers standards of perfromance for companies, industries and officials
Administrative or Regulatory Law
Type of law that protects an individual or company. Breaking this type of law results in injuries or damages which result in financial restitution for punishment.
A type of law deals with an individual's conduct made to protect the public
Type of law derived from religious beliefs addressing an individuals religious responsibilities.
A legal system where two or more law systems are used
Mixed Law System
Type of law system that addresses personal conduct and uses religious traditions and customs as the foundation of laws. Customary Law System
Law system developed in England made of criminal, civil and adminstrative laws based on interpretations of laws using a judge, jury and lawyers
Common Law System
A law system that uses pre-written rules that are not based on precedent, lower courts are not compelled to follow higher decisions. This type is the most comon type in use today.
Civil Law System
Internet Messaging Access Protocol (IMAP)
Mail function where the user is able to choose what to read/delete at will
The ISO standard that identifies the security controls of best practices in INFOSEC and provides step by step guidance on how to setup and maintain a security program.
The ISO standard for information security management measurements
ISO standard that illustrates how to protect personal health information
Standards that defines the goals for the controls that should be used to manage IT and ensure it maps to business needs
Open Standards for Control Objectives for Information and related Technology (COBIT)
The ISO standard that establishes, implements and controls the information security management system
Determines liability in court with regards to acting responsibly reducing the potetnial of negligence and reducing risks.
The act of investigating and understanding the risks a company faces.
An email security program that provides integrity, encryption, authentication and key management that is compatible with PKCS
Privacy Enhanced Mail (PEM)
An email standard that indicates how multimedia and email are to be transferred and attachments are to be handled.
Multipurpose Internet Mail Extension (MIME)
Provides mail encryption through the use of PKI
Secure MIME (S/MIME)
An encryption that is decrypted at each hop, routing information read, and re-encrypted prior to transfer
A type of encrptyion that has the message payload encrypted but not the header information.
A function that applies a secret key to a hash routine to prevent tampering
Message Authentication Code (MAC)
A MAC that has the secret key concatonated to the mesage prior to hashing
A type of MAC that provides data origin and integrity by sending the plaintext message in addition to the output of the final block
A MAC which is derived from a variation of the CBC-MAC which is more secure using 3DES and AES
Cipher-based Message Authentication Code (CMAC)
Block Cipher that contains a parameterized block, key and round size
Stream cipher used in SSL and WEP with a variable key size
Block cipher with a 64 bit block ize, 32-448 bit key length and 16 rounds of computations
Patented block cipher operating on a 64 bit block size that is broken down into 16 smaller blocks with 8 rounds of computation and a 128 bit key
International Data Encryption Algorithm (IDEA)
A symmetric block cipher using the Rijndael Algorithm with the key and block sizes being the same, however, the rounds increase as key length goes up
Advanced Encryption Standard (AES)
A symmetric block cipher using a 64 bit block and key with 16 rounds of computation
Data Encryption Standard (DES)
DES mode that is the fastest and easiest encrypting all blocks with the same key and using only small amounts of data
Electronic Code Book (ECB)
DES Mode using the output of one block in the next block using an XOR with plaintext of next block prior to encrypting
Cipher Block Chaining (CBC) Mode
DES Mode using a combination of the block with an Initialization Vector and the key to produce a key stream
Cipher Feedback Mode (CFB)
Uses 16 bit block and key length but uses 48 rounds of encryption and is a perfromance hog
Triple DES (3DES)
DES Mode that reduces the errors in CFB
Output Feedback Mode (OFB)
DES Mode that increments the IV and can encypt blocks of data in parallel
Counter Mode (CTR)
A hashing algorithm producing a 160 bit message digest used in Digital Signature Architecture (DSA)
Secure hashing Algorithm (SHA)
Hashing algorithm that produces a variable length message digest based on MD5
Hashing algorithm that produces a 128 bit message digest but very slow
Hashing algorithm that produces a 128 bit message digest used for high speed encryption
Newer version of the MD4 hashing algorithm but is suceptible to B-days attacks
The act of performing a back up of ALL files and setting the Archive Bit to 0
Backs up changed files since last full backup and does not change the backup bit
Backup that sets the archive bit to 0 to back up files that have changed since performing a full backup.
Distance for Alternate Sites
5, 15 and 50
An attack using User Datagram Protocol (UDP) to spoof user requests
Continuous SYN with spoofed packets
An attack that sends packets sithout them having any chance of being re-assembled
Type of antivirus protection that is fingerprint based and slow to respond.
Type of antivirus protection that is proactive through structure, code, data and packet analysis
Type of antivirus protection that is based on actions and behaviors of known attacks
Behavior Based Antivirus
Capability Maturity Model Levels
1. Initial - development is adhoc
2. Repeatable - formal managaement, change control and quality assurance
3. Defined - quantitaive process improvement
4. Managed - fromal process to collect data and analyze the results
5. Optimizing - budgeted for continual improvement
Tasks assigned to assure the product meets specifications
Tasks assisgned that ensure the software meets the real world problem
Database ACID Test
1. Atomicity - divides tranasctions into units of work where all commit or none commit
2. Consistency - integrity is followed, data is consistent across databases
3. Isolation - transactions execute in isolation w/out impacting other transactions
4. Durability - once verified as accurate, commit is issued
Listing of the three access control models
Discretionary - data owners dictate access
Mandatory - uses security labels
Non-discretionary - role-based