Appendix A
Memory Tables
Chapter 1
As part of determining how critical an asset is, you need to understand the following terms:
Maximum tolerable downtime (MTD): The ______________ amount of time that an organization can tolerate a single resource or function being down. This is also referred to as ___________________________________________________.
Mean time to repair (MTTR): The _________________ required to ______________ a single failed component or device when a disaster or disruption occurs.
Mean time between failure (MTBF): The __________________________________ a device will operate before a _______________ occurs. This amount is calculated by the ___________________. System reliability is increased by a _______________ MTBF and ______________ MTTR.
Recovery time objective (RTO): The _______________ after a disaster or disruptive event within which a resource or function must be _______________ to avoid unacceptable consequences. RTO assumes that an acceptable period of downtime exists. RTO should be smaller than ____________.
Work recovery time (WRT): The _________________ that is needed to verify _____________ and/or _______________.
Recovery point objective (RPO): The _______________ targeted period in which data might be ______ from an IT service due to a major incident.
Table 1-3 Administrative (Management) Controls
Administrative (Management) Controls |
Compensative |
Corrective |
Detective |
Deterrent |
Directive |
Preventive |
Recovery |
|---|---|---|---|---|---|---|---|
Personnel procedures |
|
|
|
|
|
|
|
Security policies |
|
|
|
|
|
|
|
Monitoring |
|
|
|
|
|
|
|
Separation of duties |
|
|
|
|
|
|
|
Job rotation |
|
|
|
|
|
|
|
Information classification |
|
|
|
|
|
|
|
Security awareness training |
|
|
|
|
|
|
|
Investigations |
|
|
|
|
|
|
|
Disaster recovery plan |
|
|
|
|
|
|
|
Security reviews |
|
|
|
|
|
|
|
Background checks |
|
|
|
|
|
|
|
Termination |
|
|
|
|
|
|
|
Supervision |
|
|
|
|
|
|
|
Table 1-4 Logical (Technical) Controls
Logical (Technical) Controls |
Compensative |
Corrective |
Detective |
Deterrent |
Directive |
Preventive |
Recovery |
|---|---|---|---|---|---|---|---|
Password |
|
|
|
|
|
|
|
Biometrics |
|
|
|
|
|
|
|
Smart cards |
|
|
|
|
|
|
|
Encryption |
|
|
|
|
|
|
|
Protocols |
|
|
|
|
|
|
|
Firewalls |
|
|
|
|
|
|
|
IDS |
|
|
|
|
|
|
|
IPS |
|
|
|
|
|
|
|
Access control lists |
|
|
|
|
|
|
|
Routers |
|
|
|
|
|
|
|
Auditing |
|
|
|
|
|
|
|
Monitoring |
|
|
|
|
|
|
|
Data backups |
|
|
|
|
|
|
|
Antivirus software |
|
|
|
|
|
|
|
Configuration standards |
|
|
|
|
|
|
|
Warning banners |
|
|
|
|
|
|
|
Connection isolation and termination |
|
|
|
|
|
|
|
Table 1-5 Physical Controls
Physical (Technical) Controls |
Compensative |
Corrective |
Detective |
Deterrent |
Directive |
Preventive |
Recovery |
|---|---|---|---|---|---|---|---|
Fencing |
|
|
|
|
|
|
|
Locks |
|
|
|
|
|
|
|
Guards |
|
|
|
|
|
|
|
Fire extinguisher |
|
|
|
|
|
|
|
Badges |
|
|
|
|
|
|
|
Swipe cards |
|
|
|
|
|
|
|
Dogs |
|
|
|
|
|
|
|
Man traps |
|
|
|
|
|
|
|
Biometrics |
|
|
|
|
|
|
|
Lighting |
|
|
|
|
|
|
|
Motion detectors |
|
|
|
|
|
|
|
CCTV |
|
|
|
|
|
|
|
Data backups |
|
|
|
|
|
|
|
Antivirus software |
|
|
|
|
|
|
|
Configuration standards |
|
|
|
|
|
|
|
Warning banner |
|
|
|
|
|
|
|
Hot, warm, and cold sites |
|
|
|
|
|
|
|
Chapter 2
Determining the impact from a loss of confidentiality of PII should take into account relevant factors including
_________________: How easily PII can be used to identify specific individuals
______________of PII: How many individuals are identified in the information
___________________: The sensitivity of each individual PII data field, as well as the sensitivity of the PII data fields together
___________________: The purpose for which PII is collected, stored, used, processed, disclosed, or disseminated
________________________________: The laws, regulations, standards, and operating practices that dictate an organization’s responsibility for protecting PII
________________________________: The nature of authorized access to PII
When working with relational database management systems (RDBMSs), you should understand the following terms:
____________: A fundamental entity in a relational database in the form of a table.
Tuple: A ____________ in a table.
Attribute: A ___________________ in a table.
Schema: ___________________ of a relational database.
___________________: A collection of related data items.
Base relation: In SQL, a relation that is actually ________________in the database.
View: The set of data ___________________ to a given _______________. ___________________ is enforced through the use of views.
Degree: The ___________________ of ___________________ in a table.
Cardinality: The ___________________ of ___________________ in a relation.
Domain: The set of allowable ___________________ that an attribute can take.
Primary key: Columns that make each row ___________________.
Foreign key: An ___________________ in one relation that has values matching the ___________________ key in another relation. Matches between the foreign key and the primary key are important because they represent references from one relation to another and establish the connection among these relations.
Candidate key: An ___________________ in one relation that has values matching the ___________________ key in another relation.
Referential integrity: Requires that for any foreign key attribute, the referenced relation must have a ___________________ with the ___________________ value for its ___________________ key.
Chapter 3
Table 3-13 Symmetric Algorithm Strengths and Weaknesses
Strengths |
Weaknesses |
|---|---|
1,000 to 10,000 times ____________ than asymmetric algorithms |
Number of ____________ keys needed can cause key ____________ issues |
____________ break |
____________ key distribution critical |
____________ to implement than asymmetric |
Key ____________ occurs if one party is ____________, thereby allowing ____________ |
Table 3-14 Asymmetric Algorithm Strengths and Weaknesses
Strengths |
Weaknesses |
|---|---|
Key distribution is ____________ and more ____________ than with symmetric algorithms. |
More ____________ to implement than symmetric algorithms. |
Key management is ____________ because the same ____________ key is used by all parties. |
1,000 to 10,000 times ____________ than symmetric algorithms. |
Table 3-15 Symmetric Algorithms Key Facts
Algorithm Name |
Block or Stream Cipher? |
Key Size |
Number of Rounds |
Block Size |
|---|---|---|---|---|
DES |
|
|
|
|
3DES |
|
|
|
|
AES |
|
|
|
|
IDEA |
|
|
|
|
Skipjack |
|
|
|
|
Blowfish |
|
|
|
|
Twofish |
|
|
|
|
RC4 |
|
|
|
|
RC5 |
|
|
|
|
RC6 |
|
|
|
|
RC7 |
|
|
|
|
Table 3-16 Protection Requirements for Cryptographic Keys
Key Type |
Security Service |
Security Protection |
Period of Protection |
|---|---|---|---|
Private signature key |
Source authentication Integrity authentication Support nonrepudiation |
Integrity Confidentiality |
From generation until the end of the cryptoperiod |
Public signature verification key
|
|
|
|
Symmetric authentication key
|
|
|
|
Private authentication key
|
|
|
|
Public authentication key
|
|
|
|
Symmetric data encryption/decryption key
|
|
|
|
Symmetric key-wrapping key
|
|
|
|
Symmetric RBG key
|
|
|
|
Symmetric master key
|
|
|
|
Private key-transport key
|
|
|
|
Public key-transport key
|
|
|
|
Symmetric key-agreement key
|
|
|
|
Private static key-agreement key
|
|
|
|
Public static key-agreement key
|
|
|
|
Private ephemeral key-agreement key
|
|
|
|
Public ephemeral key-agreement key
|
|
|
|
Symmetric authorization key
|
|
|
|
Private authorization key
|
|
|
|
Public authorization key
|
|
|
|
Chapter 4
Table 4-1 Common TCP/UDP Port Numbers
Application Protocol |
Transport Protocol |
Port Number |
|---|---|---|
Telnet |
|
|
SMTP |
|
|
HTTP |
|
|
SNMP |
|
|
FTP |
|
|
FTPS |
|
|
SFTP |
|
|
TFTP |
|
|
POP3 |
|
|
DNS |
|
|
DHCP |
|
|
SSH |
|
|
LDAP |
|
|
NetBIOS |
|
|
CIFS/SMB |
|
|
NFSv4 |
|
|
SIP |
|
|
XMPP |
|
|
IRC |
|
|
RADIUS |
|
|
rlogin |
|
|
rsh and RCP |
|
|
IMAP |
|
|
HTTPS |
|
|
RDP |
|
|
AFP over TCP |
|
|
Table 4-2 Classful IP Addressing
Class |
Range |
Mask |
Initial Bit Pattern of First Octet |
Network/Host Division |
|---|---|---|---|---|
Class A |
|
|
01 |
net.host.host.host |
Class B |
|
|
10 |
net.net.host.host |
Class C |
|
|
11 |
net.net.net.host |
Class D |
|
Used for _____________ |
|
|
Class E |
|
Reserved for ___________ |
|
|
Table 4-3 Private IP Address Ranges
Class |
Range |
|---|---|
Class A |
|
Class B |
|
Class C |
|
Table 4-4 Differences Between IPv4 and IPv6 (Adapted from NIST SP 800-119)
Property |
IPv4 |
IPv6 |
|---|---|---|
Address size and network size |
________ bits, network size 8–30 bits |
________ bits, network size 64 bits |
Packet header size |
________ bytes |
________ bytes |
Header-level extension |
________ number of small IP options |
________ number of IPv6 ________ headers |
Fragmentation |
________ or any intermediate ________ allowed to fragment |
Only ________ may fragment |
Control protocols |
________ of non-IP (ARP), ICMP, and other protocols |
All control protocols based on ________ |
Minimum allowed MTU |
________ bytes |
________ bytes |
Path MTU discovery |
________, not widely used |
Strongly _________________ |
Address assignment |
Usually ________ address per host |
Usually ________ addresses per interface |
Address types |
Use of ________, ________, and ________ address types |
____________ addressing no longer used; use of ____________, ____________, and ____________ address types |
Address configuration |
Devices configured ________ or with __________________ protocols like DHCP |
Devices configure themselves independently using _____________________________________ (SLAAC) or use ____________ |
Table 4-6 WPA and WPA2
Variant |
Access Control |
Encryption |
Integrity |
|---|---|---|---|
WPA Personal |
|
|
|
WPA Enterprise |
|
|
|
WPA2 Personal |
|
|
|
WPA2 Enterprise |
|
|
|
Table 4-7 EAP Type Comparison
802.1X EAP Types Feature/Benefit |
MD5 |
TLS |
TTLS |
FAST |
LEAP |
PEAP |
|---|---|---|---|---|---|---|
Client-side certificate required |
|
|
|
|
|
|
Server-side certificate required |
|
|
|
|
|
|
WEP key management |
|
|
|
|
|
|
Rogue AP detection |
|
|
|
|
|
|
Provider |
|
|
|
|
|
|
Authentication attributes |
|
|
|
|
|
|
Deployment difficulty
|
|
|
|
|
|
|
Wi-Fi security
|
|
|
|
|
|
|
Chapter 5
When considering biometric technologies, security professionals should understand the following terms:
Enrollment time: The process of ____________ the ____________ that is used by the biometric system. This process requires actions that must be repeated several times.
Feature extraction: The approach to ____________ biometric information from a collected ____________ of a user’s ____________ or ____________ characteristics.
Accuracy: The most important characteristic of biometric systems. It is how ____________ the overall readings will be.
Throughput rate: The rate at which the biometric system will be able to ____________ characteristics and ____________ the analysis to permit or deny ____________. The acceptable rate is 6–10 subjects per minute. A single user should be able to complete the process in 5–10 seconds.
Acceptability: Describes the ____________ that users will accept and follow the system.
False rejection rate (FRR): A measurement of ____________ users that will be ____________________ by the system. This is called a ____________ error.
False acceptance rate (FAR): A measurement of the percentage of ___________________ that will be _________________________ by the system. This is called a ____________ error. Type II errors are more ____________ than Type I errors.
______________________________: The point at which FRR equals FAR. Expressed as a percentage, this is the most important metric.
Chapter 6
Vulnerability assessments usually fall into one of three categories:
_________________________: Reviews standard practices and procedures that users follow.
_________________________: Reviews facility and perimeter protections.
_________________________: Reviews systems, devices, and network topology.
Network discovery tools can perform the following types of scans:
_________________________: Sends a packet to each scanned port with the SYN flag set. If a response is received with the SYN and ACK flags set, the port is open.
_________________________: Sends a packet to each port with the ACK flag set. If no response is received, then the port is marked as filtered. If an RST response is received, then the port is marked as unfiltered.
_________________________: Sends a packet with the FIN, PSH, and URG flags set. If the port is open, there is no response. If the port is closed, the target responds with an RST/ACK packet.
Table 6-1 Server-Based vs. Agent-Based Scanning
Type |
Technology |
Characteristics |
|---|---|---|
Agent-based |
__________ technology |
Can get information from ________________ machines or machines in the __________ Ideal for __________ locations that have __________ bandwidth Less dependent on ______________________ Based on policies defined in the ________________________ |
Server-based |
__________ technology |
Good for networks with __________ bandwidth Dependent on __________________________ _____________________ does all the scanning and deployment |
Chapter 7
The following types of media analysis can be used:
Disk imaging: Creates an _________________ of the _________________ of the hard drive.
Slack space analysis: Analyzes the _________________ (marked as _________________ or _________________) space on the drive to see whether any __________ (marked for ______________) data can be _________________.
Content analysis: Analyzes the contents of the drive and gives a report detailing the ___________ of _____________ by percentage.
Steganography analysis: Analyzes the ____________ on a drive to see whether the ____________ have been _________________ or to discover the _________________ used on the file.
Software analysis techniques include the following:
Content analysis: Analyzes the _________________ of software, particularly _________________, to determine for which _________________ the software was created.
Reverse engineering: Retrieves the _________________ of a program to study how the program _________________ certain operations.
__________________________: Attempts to determine the software’s author.
Context analysis: Analyzes the _________________ the software was found in to discover clues to determining _________________.
Network analysis techniques include the following:
_____________________________: Analyzes communication over a network by capturing all or part of the communication and searching for particular types of activity.
_________________: Analyzes network traffic logs.
_________________: Traces the path of a particular traffic packet or traffic type to discover the route used by the attacker.
Table 7-1 RAID Levels
RAID Level |
Min. Number of Drives |
Description |
Strengths |
Weaknesses |
|---|---|---|---|---|
RAID 0 |
|
Data _________________ without _________________ |
Highest _________________ |
No data _________________; one drive fails, all data is _________________ |
RAID 1 |
|
Disk _________________ |
Very high _________________; very high data _________________; very _________________ penalty on write performance |
High _________________overhead; because all data is _________________, _________________ the storage capacity is required |
RAID 3 |
|
Byte-level data _________________ with dedicated _________________ |
Excellent performance for _________________, _________________ data _________________ |
Not well suited for _________________ network applications; single parity _________________ does not support multiple, simultaneous read and write _________________ |
RAID 5 |
|
Block-level data _________________ with _________________ parity |
Best _________________ for transaction-oriented networks; very high _________________, very high data _________________; supports _________________ simultaneous reads and writes; can also be optimized for large, sequential requests |
Write performance is _________________ than RAID 0 or RAID 1 |
RAID 10 |
|
Disk _________________ with _________________ |
Same _________________ as RAID 1; same _________________ as with mirroring; provides high I/O _________________; can sustain multiple simultaneous drive _________________ |
Very _________________; all drives must move in _________________ to properly track, which reduces sustained performance; very limited _________________ at a very high _________________ |