1

CISSP Study Exercises, Just some good will to help my peers with their studies

Embed Size (px)

Citation preview

this must match previsely; the C++ code looks for this pattern
connectdata.dat
CISSP Concept review SDLC Phases Match the development lifecycle characteristic to the stage Document outlines project objectives, scope, strategies, estimate of cost and schedule. Management approval based on plan. Security is considered, with activities done in parallel with initiation activities and throughout project. Comprehensive analysis of current/ future functional requirements ensure that new system will meet end user needs, revisions to project documents, formalized security requirements Designing the system and software, system architecture, system outputs and interfaces, data input, data flow, output requirements, security features based on the overall security architecture for the company. Source code generated, test scenarios and test cases developed, unit and integration testing conducted, program and system documented for maintenance and turnover acceptance, code is analyzed to eliminate vulnerabilities Controls used when editing the data within the program, logging, versioning, tests and integrity checks program application, operating instructions, utilities, privileged functions, job and system documentation…(RunBook), parameter ranges, valid & legal address reference… Data validation, bounds checking, sanitized test data, used to achieve acceptance; strives to uncover design and implementation flaws. Certification evaluates security stance against predetermined standard or policies. Management authorizes software. Provisional where some or full accreditation – where no changes are required. New system is transitioned to live production, security accreditation, training new users, implementing system, installation and data conversion, parallel operations Security planning, procedures to avoid future problems, periodic application audits, documenting system failures, justifying system enhancements. Project Initiation and planning Functional requirements definition System design specification Development and implementation Documentation and common program controls Testing and evaluation control certification and accreditation Transition to production (implementation) Operations and maintenance support, AND, Revisions and system replacement Match DES Modes and IV requirement Match IV DES Modes and their Use Initialization Vector (IV) Electronic Code Book (ECB) Cypher Block Chaining (CBC) Cipher Feedback (CFB) Output Feedback (OFB) Counter (CTR) Seed, ECB, DBC, DFB, OFB, CTR, Allows block ciphers to provide better confidentiality. Each block is encrypted independently - for non repeats >64 bits, DES key Ciphertext from the previous block of data is XORed with the block of ciphertext preceding before encrypting with DES algorithm – XORed (not same) Real time, a stream cipher uses memory buffers of the same block size, buffer becomes full, it isencrypted and then sent to the recipient(s). Then the system waits for the next buffer to be filled as the new data is generated before it is in turn encrypted and then transmitted. Other than the change from preexisting data to real-time data, CFB operates in the same fashion as CBC. It uses an IV and it uses chaining. Keystream is generated independently - DES XORs the plain text with a seed value; there is no chaining function and transmission errors do not propagate to affect the decryption of future blocks Formula Encrypt (Base+N) keystream generator where base <64 and N is incrementing function. DES that is run in Counter (CTR) mode uses a stream cipher similar to that used in CFB and OFB modes. However, instead of creating the seed value for each encryption/decryption operation from the results of the previous seed values, it uses a simple counter that increments for each operation. As with OFB mode, errors do not propagate in CTR mode. Match protocols and standards to OSI layer Match protocols and standards to OSI layer Physical Data Link Network Transport Session Presentation Application 802.11 Wi-Fi standards, Repeaters, Hubs, Co-Ax; transmitting raw bits, Circuit switching, Multiplexing, Modulation, repeaters, hubs Radius \ TACACS, NFS, remote procedure calls (RPCs), full duplex or half-duplex, Secure Sockets Layer (SSL) and Transport Layer Security (TLS) ICMP, IPSec, NAT, RIP, IP, IGRP, packet forwarding including routing through intermediate routers, Distance Vector Multicast Routing Protocol, Shortest Path Bridging Syntax, data translator for the network, Encryption, Compression, JPEG, GIF, conversion of an EBCDIC-coded text computer file to an ASCII-coded file Host-to-host communication services for applications, UDP, TCP, SSL, TLS, SSH-2, RDP, connection-oriented data stream; Multiplexing: Ports provide multiple endpoints on single node PPP, FDDI, ARP, CHAP, ISDN, LAPD, 802.1x NAC, EAP, EAPOL, is responsible for media access control, flow control and error checking HTTP, Telenet, TFTP, POP3, SET, SMTP Order the steps in a Penetration test Order the steps in a Penetration test Gather Business Processes, Scope, Rules etc. Reconnaissance Scanning - Vulnerability Assessment Exploitation Post Exploitation 1st 2nd 3rd 4th Final What is the order of steps for Servicer-side Exploitabtion Order Steps in Server Side Exploitation Process Perform reconnaissance Network enumeration Port scanning Determine version of OS and services Determine vulnerable service versions Exploit vulnerable services 1st 2nd 3rd 4th 5th Last Firewall type and requirement Match benefit and requirement to firewall type Quick packet inspection yes or no - layer 3, 1st gen Puts result in state table, allows session to persist -layer 4, 3rd gen Two TCP connections allow traversing layer 3 to 7, integrates into OS core to provide multiple levels of session evaluation Examines all seven layers via proxy but is slow Virtual connection between host and destination, sits in session layer "socks" Looks at layer 7 header to verify that port 80 is actually http traffic Static Packet Filtering - no knowledge other than ACL, cannot trend, first generation, Stateful Inspection (SI) - layer 4 firewall, third generation, relationship between current and previous packet Kernel Proxy Firewall - client to proxy, server to proxy - decreases performance, fifth generation Circuit level gateway firewall examines at layer 5, used to manage communication sessions Application level Proxy - operates layer 7- hides origin of packet, second generation (web application firewall) NGFW replacing Stateful, allows any IP out on port 80, unified threat management – packet AND stateful, filters malware using signature, whitelists, blacklists, IDS/ IPS Path or Distance Vector Match Routing protocol with classification RIPv1 (legacy) IGRP (legacy) RIPv2 EIGRP OSPF IS-IS BGP IGP, distance vector, classful protocol IGP, distance vector, classful protocol developed by CISCO IGP, distance vector, classless protocol IGP, distance vector, classless protocol developed by Cisco IGP, link-state, classless protocol IGP, link-state, classless protocol EGP, path-vector, classless protocol NIST or FIPS to Identifier Match NIST or FIPS reference ID to corresponding title FIPS 199 FIPS 200 SP 800-18 SP 800-30 SP 800-37 SP 800-53 SP 800-53A SP 800-55 Standard for Security Categorization of Federal Information and Information Systems Minimum Security Requirements for Federal Information and Information Systems Guide for Developing Security Plans for Federal Information and Information Systems Risk Management Guide for Information Technology Systems Guide for the Security Certification and Accreditation of Federal Information Systems Recommended Security Controls for Federal Information Systems Guide for Assessing the Security Controls for Federal Information Systems Security Metrics Guide for Information Technology Systems Incident handling order Order the phases and match details in incident response Preparation Identification (Detect/Respond) Containment (Mitigation) Eradication (Mitigation & Reporting) Recovery (Recovery & Remediation) Lessons Learned Continuous Preparation updates Post Mortem Review Policy, Management Support, Team Selection, Identify department - legal - law enforcement contacts (pre and post incident.) emergency communication plans, password escrow, training, jump bags. Criteria for incident, notification, tracking, primary handler, initial clean backup of system – ISC2 starts at “detect incident” Don't make things worse, secure area, multiple backups, system pulled off network, change passwords - Respond and Containment Fix problem, root cause determined, defenses improved, vulnerability analysis - Mitigate Validate system to new authorized configuration, do not restore compromised code, monitor to make sure attacker cannot does not come back Report, post mortem, meetings, recommendations to management (what we learned), follow ups Continuous updates to DR Plan update, team management, development of checklists Incident response plan, information dissemination policy, incident reporting policy, audit trail policy, warning banner, need for additional personnel security controls Raid Summary Match Raid Level to attributes Striped set, no redundancy Mirrored set, fully redundant Obsolete, bit interleaved, hamming code Dedicated parity, byte-level striping Dedicated parity, block-level striping Distributed Parity, block-level striping Double Distributed Parity, block level striping Raid Level 0 two or more disks and improves the disk subsystemperformance, but it does not provide fault tolerance Raid Level 1 two disks same data, one can recover for other Raid Level 2 – bit level 32 -39 – 7 drives, not used Raid Level 3 – byte level Raid Level 4 – block level Raid Level 5 – data and parity interleaved same drive, but not the same data and parity of same source - striping with parity Raid Level 6 –data and parity is written on two drives instead of one, so loosing multiple drives is still safe SEI CMMI Maturity Rating Match properties of maturity to CMM level Initial Repeatable Defined Managed Optimized Disorganized, no defined software development process Basic life cycle processes. Code reuse and repeatable results. Requirements management, software project planning, project tracking and oversight, subcontract management, quality assurance and configuration management exist. developers operate according to a set of formal documented software development processes. Dev takes place within constraints of standardized management model. Organization is process focused, training programs, integrated software management, PEER REVIEWS Quantitative measures utilized to gain detailed understanding. Quantitative Process management and Quality Management Continuous improvement, sophisticated dev process with feedback, defect prevention, technology change and process change management. Order Military Data Classifications Match Government classification to properties Top Secret Class 3 Secret Class 2 Confidential Class 1 Unclassified Class 0 Exceptionally grave damage to national security Serious damage to national security Damage to national security that can be identified and described No damage Select Symmetric Ciphers Select Symmetric Ciphers AES RSA ECC DES IDEA, RC4, RC5 ElGamal Blowfish and twofish Preventive v Detective technologies Select all DETECTIVE technologies Anomaly Detection - an alarm for strange system behavior Antivirus Application Whitelisting IDS SIEM NGFW Signature Matching Protocol Behavior Detective v. Preventive Select all PREVENTIVE technologies Antivirus Application whitelisting IPS NGFW Packet Filter Stateful inspection Web proxy SEIM Select Assymmetric ciphers Select: Asymmetric cryptography or public-key cryptography (cryptography in which a pair of keys are used to encrypt and decrypt a message so that it arrives securely) MD4 or MD5 RSA - factoring large numbers into their prime El Gamal ECC Blowfish AES RC4 Diffie-Hellman Weak cryptographic or hash algorithms Select ciphers or hash algorithms that should not be used today MD5 Sha-1 DES ECC SHA-256 RSA key size less than 2048 bits Match Exploit name to expoited protocol Match Exploit name to exploited protocol Bash Bug ShellShock WinShock Heartbleed POODLE (Padding Oracle On Downgraded Legacy Encryption) Freak Crime Beast Bar Mitzvah RC4 - does not require MITM, passive sniffing or eavesdropping, also vulnerable to MITM SSL 3.0 enables MITM - must be disabled, was already replaced by TLS 1.0, only works while victim is online and attacker is near OpenSSL - missing bound check during TLS heartbeat, eavesdrop web, email, IM, VPN, reads system memory to get secret keys used to encrypt traffic, names, passwords, content. *NIX OS, exploited via CGI, attacker can tack-on malicious code to the environment variable Factoring Attack on RSA-EXPORT - weak cipher suite SSLv3 TLS 1.0 browser reveals session id;java script compares block cipher msg hash and deduces IV out of CBC-steal first block before XOR TLS 1.0 and SPDY Compression Ratio Info-Leak Mass Exploitation Schannel - remote code execution vulnerability The TCP header flag field values Order TCP header flag field values following CWR Congestion Window Reduced, and ECE ECN-Echo (Explicit Congestion Notification) which are no longer widely used URG Urgent ACK Acknowledgement PSH Push RST Reset SYN Synchronization FIN Finish 6 (0x06) Indicates urgent data Acknowledges synchronization or Indicates need to push data Causes immediate disconnect of Requests synchronization with Requests graceful shutdown of IP header protocol field value for TCP IP classes’ default subnet masks Assign class and CIDR Equivalent 255.0.0.0 (0.0.0.0 to 127.255.255.255) 255.255.0.0 (128.0.0.0 to 191.255.255.255) 255.255.255.0 (192.0.0.0 to 223.255.255.255) Loopback Address 224.0.0.0 to 239.0.0.0 240.0.0.0 to 255.0.0.0 Class B /16 first octet 128–191 Class A /8 first octet 1-126 Class C /24 first octet is 192-223 Class A 127.0.0.0 Used for multicast addresses Reserved for research Attack types and their properties Match behaviors to attack type Smurf Replay Attacks Modification Attacks Address Resolution Protocol Spoofing DNS Poisoning, Spoofing, and Hijacking ICMP packets with forged source and target address sending to local broadcast pointing to victim as source IP. All devices on the broadcast network respond to the spoofed ICMP ping packet which floods the target. DoS. offshoot of impersonation eavesdropping on network traffic, attempt reestablish session by replaying captured traffic against a system. Prevented by using one-time authentication mechanisms and sequenced session identification. captured packets altered then bypass authentication and session sequencing mechanisms, prevented by and session sequencing is a sub protocol of the TCP/IP protocol suite, layer 3, discovers the MAC address, functions by broadcasting a request packet with the target IP address - Spoofing provides false MAC addresses for requested IP resolution attacks occur when attacker alters the domain-name-to-IP-address mappings in a DNS systemto redirect traffic to a rogue system or to simply perform a denial-of-service against a system. Spoofing occurs when an attacker sends false replies to a requesting system, beating the real reply from the valid DNS server Matching Unshielded Twisted Pair (UTP) cable to CAT level and attributes Match Unshielded Twisted Pair (UTP) cable attributes to UTP Category ≤ 1 Mbps, any length, old telephone cable; ISDN and PSTN services. ≤ 4 Mbps, any length, token ring networks ≤ 10 Mbps, 100meters, Token Ring & 10Base-T Ethernet ≤ 16 Mbps, 100m, Token Ring Networks ≤ 100 Mbps, 100m, Ethernet, fastEhternet, Token Ring ≤ 1 Gbps, 100m, Ethernet, fastEhternet, Gigbit Ethernet ≤ 10 Gbps, 100m, Gigabit Ethernet, 10G Ethernet 55meters ≤ 10 Gbps, 100m, Gigabit Ethernet, 10G Ethernet 100meters CAT1 CAT2 CAT3 CAT4 CAT5 CAT5e CAT6 or 6a CAT7 IEEE 802.11 standard methods for wireless clients Match wireless properties to named protocol, standard or technology Wired Equivalent Privacy WEP Wi-Fi Protected Access WPA 802.11i WPA2 IEEE 802.11, provides same level of security and encryption on wireless as wired. Prevent packet sniffing and eavesdropping. (RC4), weak Prior to 802.11i,based on the LEAP and TKIP cryptosystems, single static passphrase is downfall Counter Mode Cipher Block Chaining Message Authentication Code Protocol, strong Evidence Lifecycle Order the Evidence Lifecycle Collection and identification Analysis Storage and preservation Presentation Return to victim 1 2 3 4 5 TSEC Levels of Assurance for secure computer operations Match levels of assurance with definitions from Trusted Computer System Evaluation Criteria (TCSEC) or Information Technology Security Evaluation and Criteria (ITSEC) D C1 C2 B1 B2 B3 A1 Minimal Protection - Reserved for systems that have been evaluated but do not meet requirements to belong to any other category. Discretionary Protection (Discretionary 1) Controlled Access Protection (Discretionary 2) Labeled Security (Mandatory 1) Structured Protection (Mandatory 2) Security Domains (Mandatory 3) Verified Protection The highest level of security. TSEC Categories Match the Category in TSEC to its description and levels Category A Category B Category C Category D Verified protection, phases in development formally controlled, documented, evaluated, EXTREME security consciousness Mandatory, more granularity, Bell-LaPadula, security based on labels, system grants access based on subject object compared to permissions, no covert channels, operator admin functions are separated Discretionary, some security controls, lacking formality & sophistication, weak protection, media cleansing, strict logon procedures must be enforced Minimal protection - reserved for systems that have been evaluated but do not meet requirements to belong to any other category US government security modes for systems that process classificed information Match attributes to the correct US government security mode has clearance that permits access to all info, access approval for all info, valid need to know for all info processed by the system has clearance that permits access to all info, access approval for all info, valid need to know for some, but not necessarily all info processed by the system valid security clearance that permits access to all informationprocessed by the system, access approval and valid need to know for any information they will have access to onthe system. (granted by subject) Some users do not have a valid security clearance for all information processed by the system - access is controlled by whether the subject’s clearance level dominates the object’s sensitivity label. Dedicated Mode System High Mode Compartmented mode Multilevel Mode Port Number Match Service to Port FTP SSH Secure Shell Telnet SMTP Simple Mail Transfer Protocol DNS HTTP POP3 NTP 21 22 23 25 53 80 110 123 Ports, more Match service to port HTTPS Microsoft SQL Server Oracle H.323 call signaling, multimedia transport PPTP Point-to-Point Tunneling Protocol RDP Remote Desktop Protocol 443 1433 1521 1720 1723 3389 Match roles attributes to role classification Match responsibilities and behaviors with organization roles Business Owner Data Owner Data Controller Data Processor System Owners Data Custodians Senior Manager Auditor are responsible for ensuring systems provide value to the organization assign a security label to a resource; typically a high-level manager who is ultimately responsible for data protection. the entity that controls processing of the data and directs the data processor; EU Data Protection law, data processor is not a computing system or network. a natural or legal person which processes personal data solely on behalf of the data controller responsible for ensuring data processed on the system remains secure, identifying highest level of data that the system processes, ensures that the system is labeled accurately and that appropriate security user who is responsible for all activities necessary to provide adequate protection. the person ultimately responsible for security maintained by organization, most concerned about protection of assets, signs off on all policy issues. In fact, all activities must be approved by and signed off on by the responsible for reviewing and verifying that the security policy is enforced Match Access Control types to their attributes Match Access Control types to their attributes Compensating Corrective Recovery Directive Deterrent various options to other existing controls to aid in enforcement and support of security policies. They can be any controls used in addition to, or in place of, another control. For example, an organizational policy may dictate that all PII must be encrypted. modifies the environment to return systems to normal after an unwanted or unauthorized activity has occurred. It attempts to correct any problems that occurred as a result of a security incident. Corrective controls can be simple, such as terminating an extension of corrective controls but have more advanced or complex abilities. Examples of include backups and restores, fault tolerant drive systems, system imaging, server clustering, antivirus software, and database or virtual machine shadowing. access control is deployed to confine or control the actions of subjects to force or encourage compliance with security policies. Examples include security policy requirements or criteria, posted notifications, escape route exit signs, monitoring, supervision is deployed to discourage violation of security policies, similar to and preventive controls are similar, but deterrent controls often depend on individuals deciding not to take an unwanted action. In contrast, a preventive control actually blocks the action. Matching logical operators Pair the math to the concept formula to establish number of needed symmetric keys formula for needed asymmetric keys X ⊕ Y XOR function; exclusive OR AND ^ OR v NOT ~ modulo function % n*(n-1)/2 n*2 Are they different: 0+1 is 1; 1+1 is 0 on + on is on; on + off is not on, two on or nothing checks to see whether at least one of the represented by the ∼ or ! symbol) simply reverses the value of an input Used in substitution cipher; C = (P + 3) mod 26, where 26 is offset for running past z or the number of characters beyond the unit of division
Study Exercises - CISSP Security Engineering Study Security Engineering Study Concepts that need to be ordered for correct answerGlossary reinforcementPeer Group contribution from Robin Basham, Managing Partner, EnterpriseGRC Solutions Data Sources Data Sources All slides are a summary of information directly located in the study sources for the CISSP or CISCO, Windows certified online technet training; The majority is directly summarized CISSP® (ISC)2® Certified Information Systems Security Professional Official Study Guide Seventh Edition CISSP Certified Information Systems Security Professional Study Guide, 7th Edition has completely been updated for the latest 2015 CISSP Body of Knowledge. This Sybex Study Guide covers 100% of all exam objectives. You'll prepare for the exam smarter and faster with Sybex thanks to expert content, real-world examples, advice on passing each section of the exam, access to the Sybex online interactive learning environment, and much more. Reinforce what you've learned with key topic exam essentials and chapter review questions. Coverage of all of the exam topics in the book means you'll be ready for Access Control, Application Development Security, Business Continuity and Disaster Recovery Planning, Cryptography, Information Security Governance and Risk Management, Legal, Regulations, Investigations and Compliance, Operations Security, Physical (Environmental) Security, Security Architecture and Design, and Telecommunications and Network Security. MGT414: SANS Training Program for CISSP Certification (A04_3877) MGT414: SANS Training Program for CISSP Certification (A04_3877) The SANS Institute was established in 1989 as a cooperative research and education organization. Its programs now reach more than 165,000 security professionals around the world. A range of individuals from auditors and network administrators, to chief information security officers are sharing the lessons they learn and are jointly finding solutions to the challenges they face. At the heart of SANS are the many security practitioners in varied global organizations from corporations to universities working together to help the entire information security community.SANS is the most trusted and by far the largest source for information security training and security certification in the world. It also develops, maintains, and makes available at no cost, the largest collection of research documents about various aspects of information security, and it operates the Internet's early warning system - the Internet Storm Center. Match the development lifecycle characteristic to the stage Match the development lifecycle characteristic to the stage Characteristics of processes Development lifecycle A.Project Initiation and planning B.Functional requirements definition C.System design specification D.Development and implementation E.Documentation and common program controls ADocument outlines project objectives, scope, strategies, estimate of cost and schedule. Management approval based on plan. Security is considered, with activities done in parallel with initiation activities and throughout project. BComprehensive analysis of current/ future functional requirements ensure that new system will meet end user needs, revisions to project documents, formalized security requirements CDesigning the system and software, system architecture, system outputs and interfaces, data input, data flow, output requirements, security features based on the overall security architecture for the company. DSource code generated, test scenarios and test cases developed, unit and integration testing conducted, program and system documented for maintenance and turnover acceptance, code is analyzed to eliminate vulnerabilities EControls used when editing the data within the program, logging, versioning, tests and integrity checks program application, operating instructions, utilities, privileged functions, job and system documentation…(RunBook), parameter ranges, valid & legal address reference… Correct - Click anywhere to continue Incorrect - Click anywhere to continue You answered this correctly! Your answer: The correct answer is: You did not answer this question completely You must answer the question before continuing Submit Clear F.Testing and evaluation control certification and accreditation G.Transition to production (implementation) H.Operations and maintenance support, AND, Revisions and system replacement FData validation, bounds checking, sanitized test data, used to achieve acceptance; strives to uncover design and implementation flaws. Certification evaluates security stance against predetermined standard or policies. Management authorizes software. Provisional where some or full accreditation – where no changes are required. GNew system is transitioned to live production, security accreditation, training new users, implementing system, installation and data conversion, parallel operations HSecurity planning, procedures to avoid future problems, periodic application audits, documenting system failures, justifying system enhancements. <br> Match IV DES Modes and their Use Match IV DES Modes and their Use Term Description A.Seed, ECB, DBC, DFB, OFB, CTR, Allows block ciphers to provide better confidentiality. B.Each block is encrypted independently - for non repeats >64 bits, DES key C.Ciphertext from the previous block of data is XORed with the block of ciphertext preceding before encrypting with DES algorithm – XORed (not same) D.Real time, a stream cipher uses memory buffers of the same block size, buffer becomes full, it isencrypted and then sent to the recipient(s). Then the system waits for the next buffer to be filled as the new data is generated before it is in turn encrypted and then transmitted. Other than the change from preexisting data to real-time data, CFB operates in the same fashion as CBC. It uses an IV and it uses chaining. E.Keystream is generated independently - DES XORs the plain text with a seed value; there is no chaining function and transmission errors do not propagate to affect the decryption of future blocks F.Formula Encrypt (Base+N) keystream generator where base <64 and N is incrementing function. DES that is run in Counter (CTR) mode uses a stream cipher similar to that used in CFB and OFB modes. However, instead of creating the seed value for each encryption/decryption operation from the results of the previous seed values, it uses a simple counter that increments for each operation. As with OFB mode, errors do not propagate in CTR mode. AInitialization Vector (IV) BElectronic Code Book (ECB) CCypher Block Chaining (CBC) DCipher Feedback (CFB) EOutput Feedback (OFB) FCounter (CTR) Correct - Click anywhere to continue Incorrect - Click anywhere to continue You answered this correctly! Your answer: The correct answer is: You did not answer this question completely You must answer the question before continuing Submit Clear <br> Match protocols and standards to OSI layer Match protocols and standards to OSI layer Layer Protocol or Device A.802.11 Wi-Fi standards, Repeaters, Hubs, Co-Ax; transmitting raw bits, Circuit switching, Multiplexing, Modulation, repeaters, hubs B.Radius \ TACACS, NFS, remote procedure calls (RPCs), full duplex or half-duplex, Secure Sockets Layer (SSL) and Transport Layer Security (TLS) C.ICMP, IPSec, NAT, RIP, IP, IGRP, packet forwarding including routing through intermediate routers, Distance Vector Multicast Routing Protocol, Shortest Path Bridging D.Syntax, data translator for the network, Encryption, Compression, JPEG, GIF, conversion of an EBCDIC-coded text computer file to an ASCII-coded file E.Host-to-host communication services for applications, UDP, TCP, SSL, TLS, SSH-2, RDP, connection-oriented data stream; Multiplexing: Ports provide multiple endpoints on single node F.PPP, FDDI, ARP, CHAP, ISDN, LAPD, 802.1x NAC, EAP, EAPOL, is responsible for media access control, flow control and error checking APhysical FData Link CNetwork ETransport BSession DPresentation GApplication Correct - Click anywhere to continue Incorrect - Click anywhere to continue You answered this correctly! Your answer: The correct answer is: You did not answer this question completely You must answer the question before continuing Submit Clear G.HTTP, Telenet, TFTP, POP3, SET, SMTP Order the steps in a Penetration test Order the steps in a Penetration test Steps in Process Order A.1st B.2nd C.3rd D.4th E.Final AGather Business Processes, Scope, Rules etc. BReconnaissance CScanning - Vulnerability Assessment DExploitation EPost Exploitation Correct - Click anywhere to continue Incorrect - Click anywhere to continue You answered this correctly! Your answer: The correct answer is: You did not answer this question completely You must answer the question before continuing Submit Clear Order Steps in Server Side Exploitation Process Order Steps in Server Side Exploitation Process Step Order A.1st B.2nd C.3rd D.4th E.5th F.Last APerform reconnaissance BNetwork enumeration CPort scanning DDetermine version of OS and services EDetermine vulnerable service versions FExploit vulnerable services Correct - Click anywhere to continue Incorrect - Click anywhere to continue You answered this correctly! Your answer: The correct answer is: You did not answer this question completely You must answer the question before continuing Submit Clear Match benefit and requirement to firewall type Match benefit and requirement to firewall type Benefit or Requirement Firewall Type A.Static Packet Filtering - no knowledge other than ACL, cannot trend, first generation, B.Stateful Inspection (SI) - layer 4 firewall, third generation, relationship between current and previous packet C.Kernel Proxy Firewall - client to proxy, server to proxy - decreases performance, fifth generation D.Circuit level gateway firewall examines at layer 5, used to manage communication sessions E.Application level Proxy - operates layer 7- hides origin of packet, second generation (web application firewall) F.NGFW replacing Stateful, allows any IP out on port 80, unified threat management – packet AND stateful, filters malware using signature, whitelists, blacklists, IDS/ IPS AQuick packet inspection yes or no - layer 3, 1st gen BPuts result in state table, allows session to persist -layer 4, 3rd gen CTwo TCP connections allow traversing layer 3 to 7, integrates into OS core to provide multiple levels of session evaluation EExamines all seven layers via proxy but is slow DVirtual connection between host and destination, sits in session layer "socks" FLooks at layer 7 header to verify that port 80 is actually http traffic Correct - Click anywhere to continue Incorrect - Click anywhere to continue You answered this correctly! Your answer: The correct answer is: You did not answer this question completely You must answer the question before continuing Submit Clear Match Routing protocol with classification Match Routing protocol with classification Routing Protocol Protocol Classification-Interior or External Gateway Protocol A.IGP, distance vector, classful protocol B.IGP, distance vector, classful protocol developed by CISCO C.IGP, distance vector, classless protocol D.IGP, distance vector, classless protocol developed by Cisco E.IGP, link-state, classless protocol F.IGP, link-state, classless protocol G.EGP, path-vector, classless protocol ARIPv1 (legacy) BIGRP (legacy) CRIPv2 DEIGRP EOSPF FIS-IS GBGP Correct - Click anywhere to continue Incorrect - Click anywhere to continue You answered this correctly! Your answer: The correct answer is: You did not answer this question completely You must answer the question before continuing Submit Clear Match NIST or FIPS reference ID to corresponding title Match NIST or FIPS reference ID to corresponding title Classification/ Identifier Title A.Standard for Security Categorization of Federal Information and Information Systems B.Minimum Security Requirements for Federal Information and Information Systems C.Guide for Developing Security Plans for Federal Information and Information Systems D.Risk Management Guide for Information Technology Systems E.Guide for the Security Certification and Accreditation of Federal Information Systems F.Recommended Security Controls for Federal Information Systems G.Guide for Assessing the Security Controls for Federal Information Systems H.Security Metrics Guide for Information Technology Systems AFIPS 199 BFIPS 200 CSP 800-18 DSP 800-30 ESP 800-37 FSP 800-53 GSP 800-53A HSP 800-55 Correct - Click anywhere to continue Incorrect - Click anywhere to continue You answered this correctly! Your answer: The correct answer is: You did not answer this question completely You must answer the question before continuing Submit Clear Order the phases and match details in incident response Order the phases and match details in incident response Phase Details A.Policy, Management Support, Team Selection, Identify department - legal - law enforcement contacts (pre and post incident.) emergency communication plans, password escrow, training, jump bags. B.Criteria for incident, notification, tracking, primary handler, initial clean backup of system – ISC2 starts at “detect incident” C.Don't make things worse, secure area, multiple backups, system pulled off network, change passwords - Respond and Containment D.Fix problem, root cause determined, defenses improved, vulnerability analysis - Mitigate E.Validate system to new authorized configuration, do not restore compromised code, monitor to make sure attacker cannot does not come back F.Report, post mortem, meetings, recommendations to management (what we learned), follow ups G.Continuous updates to DR Plan update, team management, development of checklists H.Incident response plan, information dissemination policy, incident reporting policy, audit trail policy, warning banner, need for additional personnel security controls APreparation BIdentification (Detect/Respond) CContainment (Mitigation) DEradication (Mitigation & Reporting) ERecovery (Recovery & Remediation) FLessons Learned GContinuous Preparation updates HPost Mortem Review Correct - Click anywhere to continue Incorrect - Click anywhere to continue You answered this correctly! Your answer: The correct answer is: You did not answer this question completely You must answer the question before continuing Submit Clear Detect, b, cRespond, cMitigate, dReport, eRecover, eRemediate, eLessons Learned, f Match Raid Level to attributes Match Raid Level to attributes Attributes Raid Level A.Raid Level 0 two or more disks and improves the disk subsystemperformance, but it does not provide fault tolerance B.Raid Level 1 two disks same data, one can recover for other C.Raid Level 2 – bit level 32 -39 – 7 drives, not used D.Raid Level 3 – byte level E.Raid Level 4 – block level F.Raid Level 5 – data and parity interleaved same drive, but not the same data and parity of same source - striping with parity G.Raid Level 6 –data and parity is written on two drives instead of one, so loosing multiple drives is still safe AStriped set, no redundancy BMirrored set, fully redundant CObsolete, bit interleaved, hamming code DDedicated parity, byte-level striping EDedicated parity, block-level striping FDistributed Parity, block-level striping GDouble Distributed Parity, block level striping Correct - Click anywhere to continue Incorrect - Click anywhere to continue You answered this correctly! Your answer: The correct answer is: You did not answer this question completely You must answer the question before continuing Submit Clear 0-Stripping1-Mirroring2-Hamming code parity3-Byte level parity4-Block level parity5-Interleave parity7-Single virtual disk10-Striping and mirroring combined Match properties of maturity to CMM level Match properties of maturity to CMM level CMMI Level Attributes of maturity level A.Disorganized, no defined software development process B.Basic life cycle processes. Code reuse and repeatable results. Requirements management, software project planning, project tracking and oversight, subcontract management, quality assurance and configuration management exist. C.developers operate according to a set of formal documented software development processes. Dev takes place within constraints of standardized management model. Organization is process focused, training programs, integrated software management, PEER REVIEWS D.Quantitative measures utilized to gain detailed understanding. Quantitative Process management and Quality Management E.Continuous improvement, sophisticated dev process with feedback, defect prevention, technology change and process change management. AInitial BRepeatable CDefined DManaged EOptimized Correct - Click anywhere to continue Incorrect - Click anywhere to continue You answered this correctly! Your answer: The correct answer is: You did not answer this question completely You must answer the question before continuing Submit Clear Match Government classification to properties Match Government classification to properties Classification Properties A.Exceptionally grave damage to national security B.Serious damage to national security C.Damage to national security that can be identified and described D.No damage ATop Secret Class 3 BSecret Class 2 CConfidential Class 1 DUnclassified Class 0 Correct - Click anywhere to continue Incorrect - Click anywhere to continue You answered this correctly! Your answer: The correct answer is: You did not answer this question completely You must answer the question before continuing Submit Clear Select Symmetric Ciphers Select Symmetric Ciphers Correct - Click anywhere to continue Incorrect - Click anywhere to continue You answered this correctly! Your answer: The correct answer is: You did not answer this question completely You must answer the question before continuing Submit Clear A) AES B) RSA C) ECC D) DES E) IDEA, RC4, RC5 F) ElGamal G) Blowfish and twofish Select all DETECTIVE technologies Select all DETECTIVE technologies Correct - Click anywhere to continue Incorrect - Click anywhere to continue You answered this correctly! Your answer: The correct answer is: You did not answer this question completely You must answer the question before continuing Submit Clear A detective access control is deployed to discover unwanted or unauthorized activity. Often detective controls are after-the-fact controls rather than real-time controls. Examples of detective access controls include security guards, guard dogs, motion detectors, recording and reviewing of events seen by security cameras or CCTV, job rotation, mandatory vacations, audit trails, intrusion detection systems, violation reports, honey pots, supervision and reviews of users, incident investigations, and intrusion detection systems. A) Anomaly Detection - an alarm for strange system behavior B) Antivirus C) Application Whitelisting D) IDS E) SIEM F) NGFW G) Signature Matching H) Protocol Behavior Select all PREVENTIVE technologies Select all PREVENTIVE technologies Correct - Click anywhere to continue Incorrect - Click anywhere to continue You answered this correctly! Your answer: The correct answer is: You did not answer this question completely You must answer the question before continuing Submit Clear A preventative access control is deployed to stop unwanted or unauthorized activity from occurring. Examples of preventative access controls include fences, locks, biometrics, mantraps, lighting, alarm systems, separation of duties, job rotation, data classification, penetration testing, access control methods, encryption, auditing, presence of security cameras or closed circuit television (CCTV), smart cards, callback, security policies, security awareness training, and antivirus software. A) Antivirus B) Application whitelisting C) IPS D) NGFW E) Packet Filter F) Stateful inspection G) Web proxy H) SEIM Select: Asymmetric cryptography or public-key cryptography (cryptography in which a pair of keys are used to encrypt and decrypt a message so that it arrives securely) Select: Asymmetric cryptography or public-key cryptography (cryptography in which a pair of keys are used to encrypt and decrypt a message so that it arrives securely) Correct - Click anywhere to continue Incorrect - Click anywhere to continue You answered this correctly! Your answer: The correct answer is: You did not answer this question completely You must answer the question before continuing Submit Clear A) MD4 or MD5 B) RSA - factoring large numbers into their prime C) El Gamal D) ECC E) Blowfish F) AES G) RC4 H) Diffie-Hellman Select ciphers or hash algorithms that should not be used today Select ciphers or hash algorithms that should not be used today Correct - Click anywhere to continue Incorrect - Click anywhere to continue You answered this correctly! Your answer: The correct answer is: You did not answer this question completely You must answer the question before continuing Submit Clear A) MD5 B) Sha-1 C) DES D) ECC E) SHA-256 F) RSA key size less than 2048 bits Match Exploit name to exploited protocol Match Exploit name to exploited protocol Exploit Vulnerability A.RC4 - does not require MITM, passive sniffing or eavesdropping, also vulnerable to MITM B.SSL 3.0 enables MITM - must be disabled, was already replaced by TLS 1.0, only works while victim is online and attacker is near C.OpenSSL - missing bound check during TLS heartbeat, eavesdrop web, email, IM, VPN, reads system memory to get secret keys used to encrypt traffic, names, passwords, content. D.*NIX OS, exploited via CGI, attacker can tack-on malicious code to the environment variable E.Factoring Attack on RSA-EXPORT - weak cipher suite SSLv3 F.TLS 1.0 browser reveals session id;java script compares block cipher msg hash and deduces IV out of CBC-steal first block before XOR G.TLS 1.0 and SPDY Compression Ratio Info-Leak Mass Exploitation H.Schannel - remote code execution vulnerability DBash Bug ShellShock HWinShock CHeartbleed BPOODLE (Padding Oracle On Downgraded Legacy Encryption) EFreak GCrime FBeast ABar Mitzvah Correct - Click anywhere to continue Incorrect - Click anywhere to continue You answered this correctly! Your answer: The correct answer is: You did not answer this question completely You must answer the question before continuing Submit Clear <b>OCSP stapling vulnerability</b><br>When creating a handshake, the client could send an incorrectly formatted ClientHello message, leading to OpenSSL parsing more than the end of the message. Titled CVE-2011-0014, this affected all OpenSSL versions 0.9.8h to 0.9.8q and OpenSSL 1.0.0 to 1.0.0c. Since the parsing could lead to a read on an incorrect memory address, it was possible for the attacker to cause a DDOS. It was also possible that some applications expose the contents of parsed OCSP extensions, leading to an attacker being able to read the contents of memory that came after the ClientHello<br><br><b>SSL, TLS and DTLS Plaintext Recovery Attack</b><br>In handling CBC cipher-suites in SSL, TLS, and DTLS, OpenSSL was found to be vulnerable to a timing attack which arises during the MAC processing. This was found by Nadhem Alfardan and Kenny Paterson, who published their findings on February 5, 2013, given the name CVE-2013-0169. All versions of OpenSSL were affected, and it was only partially mitigated by the use of the OpenSSL FIPS Object Module and the FIPS mode of operation is enabled<br><br><b>Heartbleed</b><br><i>Main article: </i><i>Heartbleed</i><i></i><br>A logo representing the Heartbleed bug<br>OpenSSL versions 1.0.1 through 1.0.1f had a severe memory handling bug in their implementation of the TLS Heartbeat Extension that could be used to reveal up to 64 KB of the application's memory with every heartbeat.[24][25] By reading the memory of the web server, attackers could access sensitive data, including the server's private key.[26] This could allow attackers to decode earlier eavesdropped communications if the encryption protocol used does not ensure Perfect Forward Secrecy. Knowledge of the private key could also allow an attacker to mount a man-in-the-middle attack against any future communications.[27] The vulnerability might also reveal unencrypted parts of other users' sensitive requests and responses, including session cookies and passwords, which might allow attackers to hijack the identity of another user of the service.[28]<br>At its disclosure on April 7, 2014, around 17% or half a million of the Internet's secure web servers certified by trusted authorities were believed to have been vulnerable to the attack.[29] However, Heartbleed can affect both the server and client.<br><br><b>CCS Injection Vulnerability</b><br><b></b><br><br><br> Order TCP header flag field values following CWR Congestion Window Reduced, and ECE ECN-Echo (Explicit Congestion Notification) which are no longer widely used Order TCP header flag field values following CWR Congestion Window Reduced, and ECE ECN-Echo (Explicit Congestion Notification) which are no longer widely used Flag and Name Description and Order A.Indicates urgent data B.Acknowledges synchronization or C.Indicates need to push data D.Causes immediate disconnect of E.Requests synchronization with F.Requests graceful shutdown of G.IP header protocol field value for TCP AURG Urgent BACK Acknowledgement CPSH Push DRST Reset ESYN Synchronization FFIN Finish G6 (0x06) Correct - Click anywhere to continue Incorrect - Click anywhere to continue You answered this correctly! Your answer: The correct answer is: You did not answer this question completely You must answer the question before continuing Submit Clear Assign class and CIDR Equivalent Assign class and CIDR Equivalent Subnet Mask or IP range Class CIDR Equivalent & Decimal range first octet A.Class B /16 first octet 128–191 B.Class A /8 first octet 1-126 C.Class C /24 first octet is 192-223 D.Class A 127.0.0.0 B255.0.0.0 (0.0.0.0 to 127.255.255.255) A255.255.0.0 (128.0.0.0 to 191.255.255.255) C255.255.255.0 (192.0.0.0 to 223.255.255.255) DLoopback Address Correct - Click anywhere to continue Incorrect - Click anywhere to continue You answered this correctly! Your answer: The correct answer is: You did not answer this question completely You must answer the question before continuing Submit Clear The following lists current private IP address ranges:• 10.0.0.0–10.255.255.255 Class A network• 172.16.0.0–172.31.255.255 Class B networks• 192.168.0.0–192.168.255.255 Class C networks E.Used for multicast addresses F.Reserved for research E224.0.0.0 to 239.0.0.0 F240.0.0.0 to 255.0.0.0 Match behaviors to attack type Match behaviors to attack type Attack type Attack Properties A.ICMP packets with forged source and target address sending to local broadcast pointing to victim as source IP. All devices on the broadcast network respond to the spoofed ICMP ping packet which floods the target. DoS. B.offshoot of impersonation eavesdropping on network traffic, attempt reestablish session by replaying captured traffic against a system. Prevented by using one-time authentication mechanisms and sequenced session identification. C.captured packets altered then bypass authentication and session sequencing mechanisms, prevented by and session sequencing D.is a sub protocol of the TCP/IP protocol suite, layer 3, discovers the MAC address, functions by broadcasting a request packet with the target IP address - Spoofing provides false MAC addresses for requested IP E.resolution attacks occur when attacker alters the domain-name-to-IP-address mappings in a DNS systemto redirect traffic to a rogue system or to simply perform a denial-of-service against a system. Spoofing occurs when an attacker sends false replies to a requesting system, beating the real reply from the valid DNS server ASmurf BReplay Attacks CModification Attacks DAddress Resolution Protocol Spoofing EDNS Poisoning, Spoofing, and Hijacking Correct - Click anywhere to continue Incorrect - Click anywhere to continue You answered this correctly! Your answer: The correct answer is: You did not answer this question completely You must answer the question before continuing Submit Clear Match Unshielded Twisted Pair (UTP) cable attributes to UTP Category Match Unshielded Twisted Pair (UTP) cable attributes to UTP Category Unshielded Twisted Pair (UTP) cable Twist Pair UTP Categories - Copper Cable A.CAT1 B.CAT2 C.CAT3 D.CAT4 E.CAT5 F.CAT5e G.CAT6 or 6a H.CAT7 A≤ 1 Mbps, any length, old telephone cable; ISDN and PSTN services. B≤ 4 Mbps, any length, token ring networks C≤ 10 Mbps, 100meters, Token Ring & 10Base-T Ethernet D≤ 16 Mbps, 100m, Token Ring Networks E≤ 100 Mbps, 100m, Ethernet, fastEhternet, Token Ring F≤ 1 Gbps, 100m, Ethernet, fastEhternet, Gigbit Ethernet G≤ 10 Gbps, 100m, Gigabit Ethernet, 10G Ethernet 55meters H≤ 10 Gbps, 100m, Gigabit Ethernet, 10G Ethernet 100meters Correct - Click anywhere to continue Incorrect - Click anywhere to continue You answered this correctly! Your answer: The correct answer is: You did not answer this question completely You must answer the question before continuing Submit Clear Match wireless properties to named protocol, standard or technology Match wireless properties to named protocol, standard or technology Properties Protocol, Standard or Technology A.IEEE 802.11, provides same level of security and encryption on wireless as wired. Prevent packet sniffing and eavesdropping. (RC4), weak B.Prior to 802.11i,based on the LEAP and TKIP cryptosystems, single static passphrase is downfall C.Counter Mode Cipher Block Chaining Message Authentication Code Protocol, strong AWired Equivalent Privacy WEP BWi-Fi Protected Access WPA C802.11i WPA2 Correct - Click anywhere to continue Incorrect - Click anywhere to continue You answered this correctly! Your answer: The correct answer is: You did not answer this question completely You must answer the question before continuing Submit Clear Order the Evidence Lifecycle Order the Evidence Lifecycle Evidence lifecycle step Order A.1 B.2 C.3 D.4 E.5 ACollection and identification BAnalysis CStorage and preservation DPresentation EReturn to victim Correct - Click anywhere to continue Incorrect - Click anywhere to continue You answered this correctly! Your answer: The correct answer is: You did not answer this question completely You must answer the question before continuing Submit Clear Match levels of assurance with definitions from Trusted Computer System Evaluation Criteria (TCSEC) or Information Technology Security Evaluation and Criteria (ITSEC) Operational Assurance:System architecture, System integrity,Covert channel analysis, Trusted facility management,Trusted recovery Match levels of assurance with definitions from Trusted Computer System Evaluation Criteria (TCSEC) or Information Technology Security Evaluation and Criteria (ITSEC) Level Label Requirement A.Minimal Protection - Reserved for systems that have been evaluated but do not meet requirements to belong to any other category. B.Discretionary Protection (Discretionary 1) C.Controlled Access Protection (Discretionary 2) D.Labeled Security (Mandatory 1) E.Structured Protection (Mandatory 2) F.Security Domains (Mandatory 3) G.Verified Protection The highest level of security. AD BC1 CC2 DB1 EB2 FB3 GA1 Correct - Click anywhere to continue Incorrect - Click anywhere to continue You answered this correctly! Your answer: The correct answer is: You did not answer this question completely You must answer the question before continuing Submit Clear <b>Discretionary Protection (Categories C1, C2) </b>Discretionary protection systems provide basic access control. Systems in this category do provide some security controls but are lacking in more sophisticated and stringent controls that address specific needs for secure systems. C1 and C2 systems provide basic controls and complete documentation for system installation and configuration.<br><b>Discretionary Security Protection (C1) </b>A discretionary security protection system controls access by user IDs and/or groups. Although there are some controls in place that limit object access, systems in this category provide only weak protection.<br><b>Controlled Access Protection (C2) </b>Controlled access protection systems are stronger than C1 systems. Users must be identified individually to gain access to objects. C2 systems must also enforce media cleansing. With media cleansing, any media that are reused by another user must first be thoroughly cleansed so that no remnant of the previous data remains available for inspection or use. Additionally, strict logon procedures must be enforced that restrict access for invalid or unauthorized users.<br><b>Mandatory Protection (Categories B1, B2, B3) </b>Mandatory protection systems provide more security controls than category C or D systems. More granularity of control is man-<br>dated, so security administrators can apply specific controls that allow only very limited sets of subject/object access. This category of systems is based on the Bell-LaPadula model.<br>Mandatory access is based on security labels.<br><br><b>Labeled Security (B1) </b>In a labeled security system, each subject and each object has a security label. A B1 system grants access by matching up the subject and object labels and comparing their permission compatibility. B1 systems support sufficient security to house classified data.<br><b>Structured Protection (B2) </b>In addition to the requirement for security labels (as in B1 systems), B2 systems must ensure that no covert channels exist. Operator and administrator functions are separated, and process isolation is maintained. B2 systems are sufficient for classified data that requires more security functionality than a B1 system can deliver.<br><b>Security Domains (B3) </b>Security domain systems provide more secure functionality by further increasing the separation and isolation of unrelated processes. Administration functions are clearly defined and separate from functions available to other users. The focus of B3 systems shifts to simplicity to reduce any exposure to vulnerabilities in unused or extra code. The secure state of B3 systems must also be addressed during the initial boot process. B3 systems are difficult to attack successfully and provide sufficient secure controls for very sensitive or secret data.<br><b>Verified Protection (Category A1) </b>Verified protection systems are similar to B3 systems in the structure and controls they employ. The difference is in the development cycle. Each phase of the development cycle is controlled using formal methods. Each phase of the design is documented, evaluated, and verified before the next step is taken. This forces extreme security consciousness during all steps of development and deployment and is the only way to formally guarantee strong system security.<br><br><br> Match the Category in TSEC to its description and levels Match the Category in TSEC to its description and levels Category Category Description and associated levels A.Verified protection, phases in development formally controlled, documented, evaluated, EXTREME security consciousness B.Mandatory, more granularity, Bell-LaPadula, security based on labels, system grants access based on subject object compared to permissions, no covert channels, operator admin functions are separated C.Discretionary, some security controls, lacking formality & sophistication, weak protection, media cleansing, strict logon procedures must be enforced D.Minimal protection - reserved for systems that have been evaluated but do not meet requirements to belong to any other category ACategory A BCategory B CCategory C DCategory D Correct - Click anywhere to continue Incorrect - Click anywhere to continue You answered this correctly! Your answer: The correct answer is: You did not answer this question completely You must answer the question before continuing Submit Clear Match attributes to the correct US government security mode Match attributes to the correct US government security mode User attributes Mode A.Dedicated Mode B.System High Mode C.Compartmented mode D.Multilevel Mode Ahas clearance that permits access to all info, access approval for all info, valid need to know for all info processed by the system Bhas clearance that permits access to all info, access approval for all info, valid need to know for some, but not necessarily all info processed by the system Cvalid security clearance that permits access to all informationprocessed by the system, access approval and valid need to know for any information they will have access to onthe system. (granted by subject) DSome users do not have a valid security clearance for all information processed by the system - access is controlled by whether the subject’s clearance level dominates the object’s sensitivity label. Correct - Click anywhere to continue Incorrect - Click anywhere to continue You answered this correctly! Your answer: The correct answer is: You did not answer this question completely You must answer the question before continuing Submit Clear four security modes according to security clearances required, need to know, and the ability to process data from multiple clearance levels (abbreviated PDMCL) Match Service to Port Match Service to Port Service Port A.21 B.22 C.23 D.25 E.53 F.80 G.110 H.123 AFTP BSSH Secure Shell CTelnet DSMTP Simple Mail Transfer Protocol EDNS FHTTP GPOP3 HNTP Correct - Click anywhere to continue Incorrect - Click anywhere to continue You answered this correctly! Your answer: The correct answer is: You did not answer this question completely You must answer the question before continuing Submit Clear Match service to port Match service to port Service Port A.443 B.1433 C.1521 D.1720 E.1723 F.3389 AHTTPS BMicrosoft SQL Server COracle DH.323 call signaling, multimedia transport EPPTP Point-to-Point Tunneling Protocol FRDP Remote Desktop Protocol Correct - Click anywhere to continue Incorrect - Click anywhere to continue You answered this correctly! Your answer: The correct answer is: You did not answer this question completely You must answer the question before continuing Submit Clear IPSec ESP/AH 50 and 51 well known ports 0 to 1023 Match responsibilities and behaviors with organization roles Match responsibilities and behaviors with organization roles Role type or classification Responsibilities and behaviors A.are responsible for ensuring systems provide value to the organization B.assign a security label to a resource; typically a high-level manager who is ultimately responsible for data protection. C.the entity that controls processing of the data and directs the data processor; EU Data Protection law, data processor is not a computing system or network. D.a natural or legal person which processes personal data solely on behalf of the data controller E.responsible for ensuring data processed on the system remains secure, identifying highest level of data that the system processes, ensures that the system is labeled accurately and that appropriate security F.user who is responsible for all activities necessary to provide adequate protection. G.the person ultimately responsible for security maintained by organization, most concerned about protection of assets, signs off on all policy issues. In fact, all activities must be approved by and signed off on by the H.responsible for reviewing and verifying that the security policy is enforced ABusiness Owner BData Owner CData Controller DData Processor ESystem Owners FData Custodians GSenior Manager HAuditor Correct - Click anywhere to continue Incorrect - Click anywhere to continue You answered this correctly! Your answer: The correct answer is: You did not answer this question completely You must answer the question before continuing Submit Clear Match Access Control types to their attributes Match Access Control types to their attributes Access Control Type Access control properties A.various options to other existing controls to aid in enforcement and support of security policies. They can be any controls used in addition to, or in place of, another control. For example, an organizational policy may dictate that all PII must be encrypted. B.modifies the environment to return systems to normal after an unwanted or unauthorized activity has occurred. It attempts to correct any problems that occurred as a result of a security incident. Corrective controls can be simple, such as terminating C.an extension of corrective controls but have more advanced or complex abilities. Examples of include backups and restores, fault tolerant drive systems, system imaging, server clustering, antivirus software, and database or virtual machine shadowing. D.access control is deployed to confine or control the actions of subjects to force or encourage compliance with security policies. Examples include security policy requirements or criteria, posted notifications, escape route exit signs, monitoring, supervision E.is deployed to discourage violation of security policies, similar to and preventive controls are similar, but deterrent controls often depend on individuals deciding not to take an unwanted action. In contrast, a preventive control actually blocks the action. ACompensating BCorrective CRecovery DDirective EDeterrent Correct - Click anywhere to continue Incorrect - Click anywhere to continue You answered this correctly! Your answer: The correct answer is: You did not answer this question completely You must answer the question before continuing Submit Clear Pair the math to the concept Pair the math to the concept Formula Steps or description A.n*(n-1)/2 B.n*2 C.Are they different: 0+1 is 1; 1+1 is 0 D.on + on is on; on + off is not on, two on or nothing E.checks to see whether at least one of the F.represented by the ∼ or ! symbol) simply reverses the value of an input G.Used in substitution cipher; C = (P + 3) mod 26, where 26 is offset for running past z or the number of characters beyond the unit of division Aformula to establish number of needed symmetric keys Bformula for needed asymmetric keys CX ⊕ Y XOR function; exclusive OR DAND ^ EOR v FNOT ~ Gmodulo function % Correct - Click anywhere to continue Incorrect - Click anywhere to continue You answered this correctly! Your answer: The correct answer is: You did not answer this question completely You must answer the question before continuing Submit Clear CISSP Concept review CISSP Concept review Your ScoreMax ScoreNumber of Quiz Attempts Question Feedback/Review Information Will Appear Here Review Quiz Continue
Study Exercises - CISSP Robin Basham Founder, EnterpriseGRC Solutions spk10110.jpg [email protected] Professional Summary A creative thought leader with exceptionally diversified skills spanning network, enterprise and cloud applications, business, data, and regulatory, with proven ability to drive security strategy and enterprise management through continuous integrated audit, secure configuration and business technology optimization. Enterprise ICT GRC and compliance expert and early adopter in both certifying and offering certification programs for Cloud and Virtualization, with industry experience including SaaS (IaaS and PaaS), Finance, Healthcare, Banking, and High Tech, is a “hands on executive” known for surprising depth across the entire technical and regulatory landscape. Ellie Mae, Inc. Pleasanton, CA May 2012 – October 2015 Director Enterprise Compliance (Reporting CIO & CSO) 2013 to 2015 GRC Consultant – EnterpriseGRC Solutions, May 2012 to May 2013 ?Implemented robust enterprise GRC at zero software cost ?Lead Integrated Audit and reduced consulting overhead in excess of 75% ?Built successful Enterprise Security & Compliance Program ?Delivered Security Program Information security management system (ISMS) and supporting Security Policy ?Collaborated with Internal Audit, CSO, CIO and CTO to set and achieve high business-driven security standards – examples PCI and ISO27001 Readiness Assessments, Continuous Controls Monitoring and Risk Reporting ?Produced Quarterly Executive Enterprise Risk Management reporting, monthly SaaS / Cloud Operations GRC Metrics, Internal Control Assessment supporting SOX, SOC2, FFIEC, ISO27001, FedRamp, NIST RFM, and continuous customer Due Diligence Requests, ?Implemented enterprise Information Asset Management program EnterpriseGRC Solutions, Inc., Launched October 2011 Managing Partner, Founder http://enterprisegrc.com EnterpriseGRC Solutions achieved partnership with ITpreneurs, Ryma Technologies, named a channel partner to EMC, and named to the Cloud Credential Council. Prepared East Bay SaaS company for PCI and ISO27001 review, accomplished support to public sale of startup through SOC2 and Third Party Information Security Assessment process. Customers served NetSuite, Ellie Mae, and Walmart by way of Inkiru purchase. SOAProjects, Inc., July 2008 to September 2011 Senior Director, Enterprise Technology and GRC ?Launched practices for Cloud Security, Green Audit, BCP DR, Web Footprint Analysis, Automated Work Papers via SharePoint, Archer GRC and integrated Microsoft tools; Facilitated corporate recognition in raising to ninth largest Accounting firm in Bay Area; Implemented Hosted Exchange and Security for all information and communication; ?BCP/ DR guidance – Multiple SaaS and telecoms US & Canada ?Datacenter Information Security regulatory compliance review multiple major telecoms US & Canada ?Director, Process Transformation, Brocade Communications, resulting in successful integration and migration of Foundry systems and process for unified CRM and Technology Support Operations, 2010 ?McKesson Enterprise GRC product development and implementation, Archer Platform and modules Control Solutions International, 2005 to 2008 Director IT Regulatory and Compliance Some Clients Served: Citistreet, CA, Adselas, Assurant, Haemonetics, Informa, Options Clearing Corporation, Sharp ?SOX ITGCC PM utilizing team of 10 consultants to achieve legally mandated remediation; Design and Implementation ERM Application for Health Services and Publishing Services; SOC TYPE II Preparation, Exposure Analysis Review (Major Bank), Determination of law suit for poor performance by vendor in due care examination of systems ?Security Policy Program Implementation, Risk Program Management, Options Clearing Corporation Phoenix Business & Systems Process, Inc., Needham, MA, 2002—2005 Managing Partner, Founder, Controls Assurance and IT Risk Management for Telecom, SaaS and Finance Some clients served: Siemens Corporation, Raytheon, Financial Times Interactive Data, Journal Communications, Options Clearing Corporation, and Pershing; Annual Revenue 1 Million by years 2 and 3. Established Strategy, tools, program, process architecture and audit evidence for more than a dozen fortune five hundred companies, 100% big four success rate ?Facilitated Compliance framework mapping PCI, CobiT, ISO/IEC 17799 and SAS 70 Type II requirements to all areas in Documentation of key financial reporting processes ?Produced strategies for evaluation of security and internal control processes, recommendation for enhanced policy implemented globally by Raytheon and Siemens, cost savings of 11 Million in audit fees per client Develop and implement compliance monitoring, tracking and reporting tools and incorporate new regulatory requirements into threat management and risk modelling CTC Communications Corporation, Waltham, MA 1998 to 2002 Manager Process Engineering, Manager Change Management, (Hired as INS: Network Services Engineer – Converted) ?Network Operations Center Management, Provisioning Management, Security Management, POP/LAN Build Out and Operations Procedures ?Data Migration and Systems Integration, Network Management Architecture Team, OSS implementations, CIC integration automated trouble ticketing Remedy - Reconcile Customer Network Services to Order and Revenue Collections ?Developer and implementation engineer for Integrated Access Device Configuration Management System, and Enterprise Change Management System, Process Development and Tracking System – three full applications delivered in Remedy and hybrid Unix Apache environment State Street Bank, FMG, Boston, MA 1997 to 1998 Systems Officer, Technology Operations Controls Program Owner for Y2K and FFIEC Audit Readiness, Support Operations ?SLA’s across multiple trading floors, CMDB and DR plan for Financial Markets Group, Remedy Implementation ?IT Standardization Corporate Trust, Project Manager, Staff Profiles, Service Level Agreement Program Coordination, ?Restructuring support organizations, reducing vendor dependency and cost Select Instructor Experience ?Cloud Ready Professional (CRP) and Virtualization Ready Profession (VRP) Certification and Trainer Certification ?CISA, CRISC, CGEIT, Volunteer Instructor ISACA Multiple Regions(continuous) ?ISACA LA Keynote Governance in the Cloud ?IMA Palo Alto Speaker, The Next Great Outage – Business Recovery – Not so Virtual ?McKesson End User Security On Line Training, Content Implementation Education ?Master of Information Technology – 2003 AIU, Chicago, IL GPA 4.0 (inclusive CCNA, CCDA, Network+ Certification) ?Masters Education, Lesley College, Cambridge - 1989 ?Bachelors Multicultural Education, University Massachusetts, Amherst 1984 (inclusive 4 teaching licenses) ?Bachelors Science – Special Programs BDIC, University Massachusetts, Amherst 1983 Select Professional Certifications ?CRP Cloud Ready Professional ?VRP Virtualization Ready Professional Master Trainer 2012 ?HISP Holistic Information Security Practitioner 2012 ?CRISC Certified in Risk and Information Systems Control 2011 ?ACC Archer Certified Consultant 2010 ?CGEIT Certification – 2008 ?CISA Certification – 2005 ?ITIL Foundations Certificate– 2004 ? (Multiple Platforms Oracle, SAP, Remedy, MetaSolv etc.) Select Publications and Conference Speaking ?Interconnecting the Building Blocks of a Cyber Secure Ecosystem: Speaker “Does Audit Make Us Secure? NIST Cybersecurity Framework to GRC”– ISACA SV Spring 2015 ?Workday Rising, presenting “Identity Access Controls Automation using Workday, RemedyForce and Active Directory” – earned highest rated and attended session for Workday 2014 ?OASIS International TC Open Architecture and IT Compliance 2005 http://www.oasis-open.org ?Co-creator Holistic Information Security Practitioner Certification Training Guide Board of Directors ?Conference Director, ISACA SV ?Education Director, HISPI Holistic Information Security Practitioner Institute 2011 to 2014 ?President & Education Director, ACGTA Association for Certified Green Technology Auditors, Director Control Objectives for Sustainable Business 2009 – 2011 ?President, AWC Associations Women in Computing 1997 – 2003 ?CSA Cloud Security Alliance, Editor for CSA GRC Cloud Stack ?OMG Object Management Group, Advisory Board ?OASIS Open Architecture Standard Information Systems – Configuration Compliance TC founding member ?OCEG as technology council liaison to ISACA, Open Compliance Ethics Group Graduate and Public Education (Full resume avail.) ?1985 – 1997 High School Teacher, Malden Public Schools, Lesley College, Professor, Master Program lgo10110.swf Security Engineering Study Data Sources Match the development lifecycle characteristic to the stage <br> Match IV DES Modes and their Use <br> Match protocols and standards to OSI layer Order the steps in a Penetration test Order Steps in Server Side Exploitation Process Match benefit and requirement to firewall type Match Routing protocol with classification Match NIST or FIPS reference ID to corresponding title Order the phases and match details in incident response Match Raid Level to attributes Match properties of maturity to CMM level Match Government classification to properties Select Symmetric Ciphers Select all DETECTIVE technologies Select all PREVENTIVE technologies Select: Asymmetric cryptography or public-key cryptography (cryptography in which a pair of keys are used to encrypt and decrypt a message so that it arrives securely) Select ciphers or hash algorithms that should not be used today Match Exploit name to exploited protocol <b>OCSP stapling vulnerability</b><br>When creating a handshake, the client could send an incorrectly formatted ClientHello message, leading to OpenSSL parsing more than the end of the message. Titled CVE-2011-0014, this affected all OpenSSL versions 0.9.8h to 0.9.8q and OpenSSL 1.0.0 to 1.0.0c. Since the parsing could lead to a read on an incorrect memory address, it was possible for the attacker to cause a DDOS. It was also possible that some applications expose the contents of parsed OCSP extensions, leading to an attacker being able to read the contents of memory that came after the ClientHello<br><br><b>SSL, TLS and DTLS Plaintext Recovery Attack</b><br>In handling CBC cipher-suites in SSL, TLS, and DTLS, OpenSSL was found to be vulnerable to a timing attack which arises during the MAC processing. This was found by Nadhem Alfardan and Kenny Paterson, who published their findings on February 5, 2013, given the name CVE-2013-0169. All versions of OpenSSL were affected, and it was only partially mitigated by the use of the OpenSSL FIPS Object Module and the FIPS mode of operation is enabled<br><br><b>Heartbleed</b><br><i>Main article: </i><i>Heartbleed</i><i></i><br>A logo representing the Heartbleed bug<br>OpenSSL versions 1.0.1 through 1.0.1f had a severe memory handling bug in their implementation of the TLS Heartbeat Extension that could be used to reveal up to 64 KB of the application's memory with every heartbeat.[24][25] By reading the memory of the web server, attackers could access sensitive data, including the server's private key.[26] This could allow attackers to decode earlier eavesdropped communications if the encryption protocol used does not ensure Perfect Forward Secrecy. Knowledge of the private key could also allow an attacker to mount a man-in-the-middle attack against any future communications.[27] The vulnerability might also reveal unencrypted parts of other users' sensitive requests and responses, including session cookies and passwords, which might allow attackers to hijack the identity of another user of the service.[28]<br>At its disclosure on April 7, 2014, around 17% or half a million of the Internet's secure web servers certified by trusted authorities were believed to have been vulnerable to the attack.[29] However, Heartbleed can affect both the server and client.<br><br><b>CCS Injection Vulnerability</b><br><b></b><br><br><br> Order TCP header flag field values following CWR Congestion Window Reduced, and ECE ECN-Echo (Explicit Congestion Notification) which are no longer widely used Assign class and CIDR Equivalent Match behaviors to attack type Match Unshielded Twisted Pair (UTP) cable attributes to UTP Category Match wireless properties to named protocol, standard or technology Order the Evidence Lifecycle Match levels of assurance with definitions from Trusted Computer System Evaluation Criteria (TCSEC) or Information Technology Security Evaluation and Criteria (ITSEC) <b>Discretionary Protection (Categories C1, C2) </b>Discretionary protection systems provide basic access control. Systems in this category do provide some security controls but are lacking in more sophisticated and stringent controls that address specific needs for secure systems. C1 and C2 systems provide basic controls and complete documentation for system installation and configuration.<br><b>Discretionary Security Protection (C1) </b>A discretionary security protection system controls access by user IDs and/or groups. Although there are some controls in place that limit object access, systems in this category provide only weak protection.<br><b>Controlled Access Protection (C2) </b>Controlled access protection systems are stronger than C1 systems. Users must be identified individually to gain access to objects. C2 systems must also enforce media cleansing. With media cleansing, any media that are reused by another user must first be thoroughly cleansed so that no remnant of the previous data remains available for inspection or use. Additionally, strict logon procedures must be enforced that restrict access for invalid or unauthorized users.<br><b>Mandatory Protection (Categories B1, B2, B3) </b>Mandatory protection systems provide more security controls than category C or D systems. More granularity of control is man-<br>dated, so security administrators can apply specific controls that allow only very limited sets of subject/object access. This category of systems is based on the Bell-LaPadula model.<br>Mandatory access is based on security labels.<br><br><b>Labeled Security (B1) </b>In a labeled security system, each subject and each object has a security label. A B1 system grants access by matching up the subject and object labels and comparing their permission compatibility. B1 systems support sufficient security to house classified data.<br><b>Structured Protection (B2) </b>In addition to the requirement for security labels (as in B1 systems), B2 systems must ensure that no covert channels exist. Operator and administrator functions are separated, and process isolation is maintained. B2 systems are sufficient for classified data that requires more security functionality than a B1 system can deliver.<br><b>Security Domains (B3) </b>Security domain systems provide more secure functionality by further increasing the separation and isolation of unrelated processes. Administration functions are clearly defined and separate from functions available to other users. The focus of B3 systems shifts to simplicity to reduce any exposure to vulnerabilities in unused or extra code. The secure state of B3 systems must also be addressed during the initial boot process. B3 systems are difficult to attack successfully and provide sufficient secure controls for very sensitive or secret data.<br><b>Verified Protection (Category A1) </b>Verified protection systems are similar to B3 systems in the structure and controls they employ. The difference is in the development cycle. Each phase of the development cycle is controlled using formal methods. Each phase of the design is documented, evaluated, and verified before the next step is taken. This forces extreme security consciousness during all steps of development and deployment and is the only way to formally guarantee strong system security.<br><br><br> Match the Category in TSEC to its description and levels Match attributes to the correct US government security mode Match Service to Port Match service to port Match responsibilities and behaviors with organization roles Match Access Control types to their attributes Pair the math to the concept CISSP Concept review
DRAFT XSD for IMS Content Packaging version 1.1 DRAFT Copyright (c) 2001 IMS GLC, Inc. 2000-04-21, Adjustments by T.D. Wason from CP 1.0. 2001-02-22, T.D.Wason: Modify for 2000-10-24 XML-Schema version. Modified to support extension. 2001-03-12, T.D.Wason: Change filename, target and meta-data namespaces and meta-data fielname. Add meta-data to itemType, fileType and organizationType. Do not define namespaces for xml in XML instances generated from this xsd. Imports IMS meta-data xsd, lower case element names. This XSD provides a reference to the IMS meta-data root element as imsmd:record If the IMS meta-data is to be used in the XML instance then the instance must define an IMS meta-data prefix with a namespace. The meta-data targetNamespace should be used. 2001-03-20, Thor Anderson: Remove manifestref, change resourceref back to identifierref, change manifest back to contained by manifest. --Tom Wason: manifest may contain _none_ or more manifests. 2001-04-13 Tom Wason: corrected attirbute name structure. Was misnamed type. 2001-05-14 Schawn Thropp: Made all complexType extensible with the group.any Added the anyAttribute to all complexTypes. Changed the href attribute on the fileType and resourceType to xsd:string Changed the maxLength of the href, identifierref, parameters, structure attributes to match the Information model. 2001-07-25 Schawn Thropp: Changed the namespace for the Schema of Schemas to the 5/2/2001 W3C XML Schema Recommendation. attributeGroup attr.imsmd deleted, was not used anywhere. Any attribute declarations that have use = "default" changed to use="optional" - attr.structure.req. Any attribute declarations that have value="somevalue" changed to default="somevalue", attr.structure.req (hierarchical). Removed references to IMS MD Version 1.1. Modified attribute group "attr.resourcetype.req" to change use from optional to required to match the information model. As a result the default value also needed to be removed Name change for XSD. Changed to match version of CP Spec Inclusions and Imports Attribute Declarations element groups Any namespaced element from any namespace may be included within an "any" element. The namespace for the imported element must be defined in the instance, and the schema must be imported.
ADL SCORM 1.2 Adobe Presenter Course Adobe_Presenter_Quiz_ID 1.0 LOMv1.0 Final ADL SCORM 1.2 text/html . LOMv1.10 no LOMv1.10 no LOMv1.0 Idea Adobe Presenter Adobe_Presenter Adobe_Presenter_Quiz
2001-04-26 T.D.Wason. IMS meta-data 1.2 XML-Schema. 2001-06-07 S.E.Thropp. Changed the multiplicity on all elements to match the Final 1.2 Binding Specification. Changed all elements that use the langstringType to a multiplicy of 1 or more Changed centity in the contribute element to have a multiplicity of 0 or more. Changed the requirement element to have a multiplicity of 0 or more. 2001-07-25 Schawn Thropp. Updates to bring the XSD up to speed with the W3C XML Schema Recommendation. The following changes were made: Change the namespace to reference the 5/2/2001 W3C XML Schema Recommendation,the base type for the durtimeType, simpleType, was changed from timeDuration to duration. Any attribute declarations that have use="default" had to change to use="optional" - attr.type. Any attribute declarations that have value ="somevalue" had to change to default = "somevalue" - attr.type (URI) 2001-09-04 Schawn Thropp Changed the targetNamespace and namespace of schema to reflect version change Any namespaced element from any namespace may be used for an "any" element. The namespace for the imported element must be defined in the instance, and the schema must be imported.
function sanitizeForbiddenHTMLTextChars(in_s) { var out_s = in_s.toString();//We are sometimes called to sanitize non-strings...like document.location out_s = out_s.split("<").join("<"); out_s = out_s.split(">").join(">"); out_s = out_s.split("'").join("&apos;"); out_s = out_s.split('"').join("""); return out_s; } function removeExtraURLParams(in_s) { var inp = in_s.toString(); var indexOfAmp = in_s.indexOf("&"); var outp = inp; if(indexOfAmp!=-1) outp = inp.substring(0, indexOfAmp); return outp; } function showFlash(swf, w, h, loop) { var isMSIE = navigator.appName.indexOf("Microsoft") != -1; var s = ''; var protocol = 'http';//safe default var url = document.location.toString(); indexOfColon = url.indexOf(":"); if(indexOfColon>0) protocol = url.substring(0, indexOfColon); if(protocol!='http' || protocol!='https') protocol='https'; var location = document.location; location = (location==unescape(location))?escape(location):location; s += '<object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="' + protocol + '://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,65,0" width="'+w+'" height="'+h+'" id="SlideContent" align="" VIEWASTEXT>' s += '<param name="movie" value="'+sanitizeForbiddenHTMLTextChars(swf)+'" />' s += '<param name="menu" value="false" />' s += '<param name="quality" value="best" />' s += '<param name="loop" value="'+loop+'" />' s += '<param name="FlashVars" value="initialURL='+ removeExtraURLParams(sanitizeForbiddenHTMLTextChars(location))+ '&isMSIE='+isMSIE+'&useBSM=false" />' s += '<param name="allowScriptAccess" value="sameDomain"/>' s += '<embed src="'+sanitizeForbiddenHTMLTextChars(swf)+'" FlashVars="initialURL='+ removeExtraURLParams(sanitizeForbiddenHTMLTextChars(location))+ '&isMSIE='+isMSIE+'&useBSM=false" menu="false" quality="best" width="'+w+'" height="'+h+'" loop="'+loop+'" name="SlideContent" align="" type="application/x-shockwave-flash" pluginspage="' + protocol + '://www.macromedia.com/go/getflashplayer" swLiveConnect="true" allowScriptAccess="sameDomain"></embed>' s += '</object>' // in theory, we should always embed in a table, but in practice, IE6 malfunctions // when width