Appendix A. Memory Tables

Chapter 2

Authentication methods are divided into three broad categories:

Knowledge factor authentication: ________________

Ownership factor authentication: ________________

Characteristic factor authentication: _____________

The types of passwords that you should be familiar with include:

• __________ or simple passwords: As the name implies, these passwords consist of single words that often include a mixture of upper- and lowercase letters. The advantage of this password type is that it is easy to remember. A disadvantage of this password type is that it is easy for attackers to crack or break, resulting in a compromised account.

• __________ passwords: This password type uses a mix of dictionary words, usually two unrelated words. These are also referred to as __________ passwords. Like standard word passwords, they can include upper- and lowercase letters and numbers. An advantage of this password is that it is harder to break than simple passwords. A disadvantage is that it can be hard to remember.

Static passwords: This password type is the __________ for each login. It provides a minimum level of security because the password __________ changes. It is most often seen in peer-to-peer networks.

• __________ passwords: This password type forces a user to include a mixture of upper- and lowercase __________, numbers, and __________. For many organizations today, this type of password is enforced as part of the organization’s password policy. An advantage of this password type is that it is very hard to crack. A disadvantage is that it is harder to remember and can often be much harder to enter correctly than standard or combination passwords.

• __________ passwords: This password type requires that a long phrase be used. Because of the password’s length, it is easier to remember but much harder to attack, both of which are definite advantages. Incorporating upper- and lowercase letters, numbers, and special characters in this type of password can significantly increase authentication security.

• ________ passwords: This password type is a piece of information that can be used to verify an individual’s identity. This information is provided to the system by answering a series of questions based on the user’s life, such as favorite color, pet’s name, mother’s maiden name, and so on. An advantage to this type is that users can usually easily remember this information. The disadvantage is that someone who has intimate knowledge of the person’s life (spouse, child, sibling, and so on) might be able to provide this information as well.

One-time passwords: Also called a __________ password, this type of password is only used __________ to log in to the access control system. This password type provides the highest level of security because passwords are __________ when they are used.

• __________ passwords: Also called CAPTCHA passwords, this type of password uses __________ as part of the authentication mechanism. One popular implementation requires a user to enter a series of characters in the graphic displayed. This implementation ensures that a human is entering the password, not a robot. Another popular implementation requires the user to select the appropriate graphic for his account from a list of graphics given.

• __________ passwords: This type of password includes only numbers. Keep in mind that the choices of a password are limited by the number of digits allowed. For example, if all passwords are 4 digits, then the maximum number of password possibilities is 10,000, from 0000 through 9999. After an attacker realized that only numbers are used, cracking user passwords would be much easier because the possibilities would be known.

Password management considerations include, but might not be limited to

Password life: How __________ the password will be valid. For most organization, passwords are valid for 60 to 90 days.

Password history: How long before a password can be __________. Password policies usually remember a certain number of previously used passwords.

Authentication period: How long a user can __________. If a user remains logged in for the period without activity, the user will be automatically logged out.

Password complexity: How the password will be __________. Most organizations require upper- and lowercase letters, numbers, and special characters.

Password length: How __________ the password must be. Most organization require 8–12 characters.

When considering biometric technologies, security professionals should understand the following terms:

• __________ time: The process of obtaining the __________ that is used by the biometric system. This process requires actions that must be repeated several times.

Feature __________: The approach to __________ biometric information from a collected sample of a user’s physiological or behavioral characteristics.

• __________: The most important characteristic of biometric systems. It is how correct the overall readings will be.

• __________ rate: The rate at which the biometric system will be able to scan characteristics and complete the analysis to __________. The acceptable rate is 6–10 subjects per minute. A single user should be able to complete the process in 5–10 seconds.

• __________: Describes the likelihood that users will accept and follow the system

• __________: A measurement of valid users that will be falsely rejected by the system. This is called a __________ error.

• __________: A measurement of the percentage of invalid users that will be falsely accepted by the system. This is called a __________ error. Type __________ errors are more dangerous than Type __________ errors.

• __________: The point at which __________ equals __________. Expressed as a percentage, this is the most important metric.

Table 2-1. Administrative (Management) Controls

Image

Table 2-2. Logical (Technical) Controls

Image
Image

Table 2-3. Physical Controls

Image

IDS implementations are furthered divided into the following categories:

________-based: This type of IDS analyzes traffic and compares it to attack or state ________, called ________ that reside within the IDS database. It is also referred to as a misuse-detection system. Although this type of IDS is very popular, it can only recognize attacks as compared with its database and is only as effective as the signatures provided. Frequent updates are necessary. The two main types of signature-based IDSs are

________-matching: The IDS compares traffic to a ________ of attack ________. The IDS carries out specific steps when it detects traffic that matches an attack pattern.

________-matching: The IDS records the initial operating system ________. Any changes to the system state that specifically violate the defined rules result in an alert or notification being sent.

________-based: This type of IDS analyzes traffic and compares it to normal traffic to determine whether said traffic is a ________. It is also referred to as a ________-based or ________-based system. The problem with this type of system is that any traffic outside of expected ________ is reported, resulting in more ________ positives than signature-based systems. The three main types of anomaly-based IDSs are:

The IDS samples the live environment to record activities. The longer the IDS is in operation, the more accurate a profile that will be built. However, developing a profile that will not have a large number of false positives can be difficult and time consuming. ________ for activity deviations are important in this IDS. Too low a threshold results in false ________, whereas too high a threshold results in false ________.

________ anomaly-based: The IDS has knowledge of the protocols that it will monitor. A ________ of normal usage is built and compared to activity.

________ anomaly-based: The IDS tracks traffic pattern changes. All future traffic patterns are compared to the sample. Changing the threshold will reduce the number of ________ positives or negatives. This type of filter is excellent for detecting unknown attacks, but user activity might not be static enough to effectively implement this system.

________- or ________-based: This type of IDS is an expert system that uses a knowledge base, ________ engine, and rule-based programming. The knowledge is configured as rules. The data and traffic is analyzed, and the rules are applied to the analyzed traffic. The ________ engine uses its intelligent software to “learn.” If characteristics of an attack are met, alerts or notifications trigger. This is often referred to as an IF/THEN or ________ system.

The following are the four classes of malware you should understand:

________: Any malware that attaches itself to another application to replicate or distribute itself.

________: Any malware that replicates itself, meaning that it does not need another application or human interaction to propagate.

• Trojan horse: Any malware that disguises itself as a ________ while carrying out ________.

________: Any malware that collects private user data, including browsing history or keyboard input.

Chapter 4

Table 4-1. Zachman Framework Matrix with Examples

Image

Table 4-2. SABSA Framework Matrix

Image

Table 4-3. NIST SP 800-53 Control Families

Image

Chapter 5

When working with relational database management systems, you should understand the following terms:

_______: Fundamental entity in a relational database in the form of a table.

Tuple: A _______ in a table.

Attribute: A _______ in a table.

Schema: _______ of a relational database.

_______: Collection of related data items.

Base relation: In SQL, a relation that is actually existent in the database.

_______: The set of data available to a given user. Security is enforced through the use of these.

Degree: The number of _______ in a table.

Cardinality: The number of _______ in a relation.

_______: The set of allowable values that an attribute can take.

_______ key: Columns that make each row unique.

_______ key: An attribute in one relation that has values matching the primary key in another relation. Matches between the foreign key to the primary key are important because they represent references from one relation to another and establish the connection among these relations.

Candidate key: An attribute in one relation that has values matching the _______ key in another relation.

_______ integrity: Requires that for any foreign key attribute, the referenced relation must have a tuple with the same value for its primary key.

The following list shows virus types along with a brief description of each.

_______ sector: These infect the _______ sector of a computer and either overwrite files or install code into the sector so the virus initiates at startup.

_______: This virus attaches itself to a file, usually an executable file, and then delivers the payload when the program is used.

_______: This virus hides the modifications that it is making to the system to help avoid detection.

_______: This virus makes copies of itself, and then makes changes to those copies. It does this in hopes of avoiding detection from antivirus software.

_______: These infect programs written in Word, Basic, Visual Basic, or VBScript that are used to automate functions. These viruses infect Microsoft office files. They are easy to create because the underlying language is simple and intuitive to apply. They are especially dangerous in that they infect the operating system itself. They also can be transported between different operating systems because the languages are platform independent.

_______: These viruses can infect both program files and boot sectors.

Chapter 6

Encryption: The process of converting data from _______ to _______. Also referred to as _______.

Decryption: The process of converting data from _______ to _______. Also referred to as _______.

_______: A parameter that controls the _______ of plaintext into ciphertext or vice versa. Determining the original plaintext data without the _______ is impossible. Keys may be both public and private. Also referred to as a _______.

Synchronous: When encryption or decryption occurs _______.

Asynchronous: When encryption or decryption _______ are processed from a _______. This method utilizes _______ and multiple _______ in the process.

_______: An encryption method whereby a _______ private key both encrypts and decrypts the data. Also referred to as _______ or _______ key encryption.

_______: An encryption method whereby a key pair, one _______ key and one _______ key, performs encryption and decryption. One key performs the encryption, whereas the other key performs the decryption. Also referred to as _______ key encryption.

Digital signature: A method of providing sender _______ and message _______. The message acts an input to a _______, and the sender’s private key encrypts the _______. The receiver can perform a hash computation on the received message to determine the _______ of the message.

_______: A _______ function that reduces a message to a hash value. A comparison of the sender’s hash value to the receiver’s hash value determines _______. If the resultant hash values are different, then the message has been _______ in some way, provided that both the sender and receiver used the _______ hash function.

Digital certificate: An electronic _______ that identifies the _______.

Plaintext: A message in its _______ format. Also referred to as _______.

_______: An altered form of a message that is _______ without knowing the key and the encryption system used. Also referred to as a _______.

_______: The entire cryptographic process, including the algorithm, key, and key management functions. The security of a cryptosystem is measured by the size of the keyspace and available computational power.

_______: The science of decrypting ciphertext without prior knowledge of the key or cryptosystem used. The purpose of cryptanalysis is to forge coded signals or messages that will be accepted as authentic signals or messages.

_______: Occurs when different encryption keys generate the same ciphertext from the same plaintext message.

_______: All the _______ key values when using a particular algorithm or other security measure. A 40-bit key would have _______ possible values, whereas a 128-bit key would have 2128 possible values.

Collision: An event that occurs when a _______ produces the same _______ on different _______.

_______: A mathematical function that encrypts and decrypts data. Also referred to as a _______.

_______: The science that studies encrypted communication and data.

_______: The process of changing data into another form using code.

_______: The process of changing an encoded message back into its original format.

Transposition: The process of _______ the plaintext to hide the original message. Also referred to as _______. For example, AEEGMSS is a transposed version of MESSAGE.

Substitution: The process of _______ one byte in a message for another. For example, ABCCDEB is a substituted version of MESSAGE.

_______: The process of changing a key value during each round of encryption. Confusion is often carried out by substitution. Confusion conceals a statistical connection between the plaintext and ciphertext. Claude Shannon first discussed confusion.

_______: The process of changing the location of the plaintext within the ciphertext. Diffusion is often carried out using transposition. Claude Shannon first introduced diffusion.

_______: The condition where any change in the key or plaintext, no matter how minor, will significantly change the ciphertext. Horst Feistel first introduced avalanche effect.

_______: The amount of time and resources that would be needed to break the encryption.

• Trapdoor: A secret mechanism that allows the implementation of the _______ in a one-way function.

_______: A mathematical function that can be more easily performed in one direction than in the other.

Table 6-1. Symmetric Algorithm Strengths and Weaknesses

Image

Table 6-2. Asymmetric Algorithm Strengths and Weaknesses

Image

3DES comes in the following four modes:

3DES-EEE3: Each block of data is encrypted _______ times, each time with a _______ key.

3DES-EDE3: Each block of data is _______ with the first key, _______ with the second key, and _______ with the third key.

3DES-EEE2: Each block of data is _______ with the first key, _______ with the second key, and finally _______ again with the _______ key.

3DES-EDE2: Each block of data is _______ with the first key, _______ with the second key, and finally _______ again with the _______ key.

Table 6-3. Symmetric Algorithms Key Facts

Image

Chapter 7

Table 7-2. Security Model Summary

Image

Chapter 8

Table 8-1. RAID

Image

Chapter 9

The four main steps of the BIA are as follows:

1. Identify _______ processes and resources.

2. Identify _______, and estimate _______.

3. Identify resource _______.

4. Identify recovery _______.

As part of determining how critical an asset is, you need to understand the following terms:

Maximum tolerable downtime (MTD): The _______ that an organization can tolerate a single resource or function being down. This is also referred to as _______.

Mean time to repair (MTTR): The _______ required to _______ a single resource or function when a disaster or disruption occurs.

Mean time between failure (MTBF): The _______ a device will operate before a _______ occurs. This amount is calculated by the _______. System reliability is increased by a _______ MTBF and _______ MTTR.

Recovery time objective (RTO): The _______ after a disaster or disruptive event within which a resource or function must be _______ to avoid unacceptable consequences. RTO assumes that an acceptable period of downtime exists. RTO should be smaller than _______.

Work recovery time (WRT): The _______ between RTO and MTD, which is the remaining time that is left over after the RTO before reaching the maximum tolerable.

Recovery point objective (RPO): The _______ to which the disrupted resource or function must be _______.

For the CISSP exam, you should be familiar with the following electronic backup terms and solutions:

Electronic vaulting: Copies files as _______. This method occurs in _______.

Remote journaling: Copies the journal or transaction log offsite on a _______. This method occurs in _______.

_______: Creates backups over a direct communication line on a backup system at an offsite facility.

Hierarchical storage management (HSM): Stores frequently accessed data on _______ media and less frequently accessed data on _______ media.

_______: Stores data on optical disks and uses robotics to load and unload the optical disks as needed. This method is ideal when 24/7 availability is required.

Replication: Copies data from one storage location to another. _______ replication uses constant data updates to ensure that the locations are close to the same, whereas _______ replication delays updates to a predefined schedule.

High-availability terms and techniques that you must understand include the following:

_______: A hard drive technology in which data is written across multiple disks in such a way that a disk can fail and the data can be quickly made available from remaking disks in the array without restoring a backup tape.

_______: High-capacity storage devices that are connected by a high-speed private network using storage-specific switches.

_______: The capacity of a system to switch over to a backup system if a failure in the primary system occurs.

_______: The capability of a system to terminate non-critical processes when a failure occurs.

_______: Refers to a software product that provides load-balancing services. With clustering, one instance of an application server acts as a master controller and distributes requests to multiple instances using round-robin, weighted round-robin or least-connections algorithms.

_______: Refers to a hardware product that provides load-balancing services. Application delivery controllers (ADCs) support the same algorithms, but also use complex number-crunching processes, such as per-server CPU and memory utilization, fastest response times, and so on, to adjust the balance of the load. Load-balancing solutions are also referred to as _______ or _______.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.221.241.116