WCC CIS 215 Midterm Review

How'd it get burned!!!

Totally Possible Mission

I store my Password on a post-it note under my keyboard.

Go with the flow, or object, or some other structure...man

Really complicated Legos

100

This statement defines an organization's overall purpose and values.

Mission Statement

100

Statement of an organizations purpose that is published. Helps influence us on how we will go about protecting the organizations assets.

Mission statement

100

This additional security method should be applied to hashed passwords to help resist rainbow table attacks.

Salting

100

Process, memory, and hardware resource management is all handled by this part of the OS.

Kernel

100

A Caesar cipher is an example of this method of encryption.

Substitution.

200

The maximum time that each business process can be inoperative before significant damage or long-term viability is threatened.

MTD or Maximum Tolerable Downtime

200

Specific accomplishments that will help the organization meet it's objectives. These are measurable, and observable.

Goals

200

What are the four steps that "should" happen when information systems authenticate users?

1. Hash password 2. Retrieve stored userid and hashed password 3. Compare hashes 4. If equal, authenticate user

200

Standalone programs that are part of a larger application.

Agents (daemons)

200

This method of encryption is the most resistant to cryptoanalysis.

One-time Pad

300

If I wanted an RPO of roughly 4 to 7 days list what I would need and how I would recover data.

Cold systems, data recovery from backups.

300

Expected monetary loss every time a risk occurs.

Single Loss Expectancy (SLE)

300

The Diameter authentication protocol was created to replace this.

RADIUS

300

Linear and sequential languages that use "if-then-else" statements as well as "go to". An example would be PHP.

Control Flow Languages

300

This block cipher mode is the simplest and also the least secure.

Electronic Codebook

400

List two of the four key recovery targets.

Recovery time objective (RTO) Recovery point objective (RPO) Recovery consistency objective (RCO) Recovery capacity objective (RCapO)

400

These two variables are multiplied together to calculate the ALE.

ALE = SLE x ARO

400

Why should we implement a data remanence policy and list one countermeasure that we would implement.

Data still remains on drives even after being "deleted". Thermite, Hammer, DBAN

400

Neural networks and expert systems are examples of these types of systems.

Knowledge-Based Systems

400

This method of a block cipher XOR's the block of plaintext with each previous ciphertext block before encrypting.

Cipher-Block Chaining (CBC)

500

List the five steps that are involved with testing a BCP and DRP.

Document review Walkthrough Simulation Parallel test Cutover test

500

Who created the "Risk Management Guide for Information Technology Systems" documentation?

NIST, specifically referencing NIST 800-30.

500

What is the electromagnetic radiation that comes from computer equipment called and list one countermeasure.

Emanations, twisted shielded pair.

500

This is the first stage of the SDLC.

conceptual stage.

500

This method of a Block Cipher creates a self-synchronizing stream cipher. What is it and why do we care?

Cipher Feedback, if part of the ciphertext is lost, only part of the message will be lost.