CISSP - Practice
Home > Preview
The flashcards below were created by user
on FreezingBlue Flashcards.
Triple DES key bit
168 (3 x 56 key bit of DES)
access control administration
hybrid, centralized, decentralized
baseline of normal activit
# of layers in Ip/TCP model
The columns of an access control matrix are known as
"Access control Lists"
used to communicate items that require immediate attention.
Types of decision systems -
Expert system - capabilities of a human
Strength of a cryptosystem is dependant on ..
- 1) Secrecy of the key
- 2) initialization vector
- 3) algorithm
- 4) length of key
Boundary protection and security mechanism - firewall
database model - networked
Heirarchical data model
distrubuted data model
relational data model
networked - all types of data models connected
Heirarchical data model - one to many relationships
distrubuted data model - many many relationships
relational data model - one to one relatiohsips
Jurisdiction of computer crimes
- FBI and Secret Service
Referential integrity mechanism
Semantic Integrity Rules
- Referential integrity mechanism - every tuple has a primary
- key and that every primary key is related to an existing record
- Semantic Integrity Rules - all structural and semantics
- rules of database are not violated
- Transaction Management - concurrent transactions can be
- processed without encountering problems
- Concurrency - database information is always correct and
- uses the lock feature to protect cells during editing
Common backup tape management systems
- six-cartridge weekly backup principle
- Tower of Hanoi
- Grandfather, father son
STATE of CPU
- STATE of CPU
- – Problem, Supervisor, User
Which RAID level provides data mirroring?
Most effective implementation of encryption in hardware
a product that will utilize an algorithm such as AES which would be the strongest
mode to select for default product operation?
- the best mode to select for a product would be CTR. Failure to randomize the nonce, and
- preventing nonce reuse will decrease the security of CTR mode.
– EAL 7 –
The Common Criteria (ISO 15408)
indicates that a system has been formally verified, designed and tested
- The Common Criteria (ISO 15408) - Establishing a common evaluation basis to be used
- internationally to measure overall product security
Data hiding is a required TCSEC criterion of module development for systems beginning at what criterion level?
The most common forms of asymmetric key cryptography include -
designed and optimized for use with a 32 bit microprocessor
A security association - uniquely identified by a triple consisting of a
- 1) Security Parameter Index (SPI),
- 2) IP Destination Address
- 3) security protocol (AH or ESP) identifier.
- access control
- connectionless integrity
- data origin authentication
- session hi-jacking analysis
- and limited traffic flow confidentiality
To Prove Negligence:
- A failure to perform a legally recognized obligation
- An injury (financial or otherwise) must have occurred
- Proximate causation must exist
CHAP - Challenge Handshake Authentication Protocol (CHAP)
protects a password from eavesdroppers and supports the encryption of communication
Which of the following defines a disk drive
system with 39 disks: 32
disks of user storage and seven disks of error recovery coding?
- hide data from unauthorized users by allowing a
- relation in a database to contain multiple tuples with the same primary
- keys with each instance distinguished by a security level?
Bell-LaPadula - Does not include data integrity
Categories of Access Control:
Deterrent, Preventative, detective, corrective, compensating, and recovery
Three types of Access Control:
Administrtive, Physical, Technical
Fundamental disadvantage of biometrics:
Disaster is not over until ...
Critical business systems are recovered at the recovery site
First step of BIA
Understand your business
Fiber optics are immune to wiretaps
Home > Flashcards > Print Preview