Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
16 Cards in this Set
- Front
- Back
Regarding auditing (NIST standards), what is the process of exercising one or more assessment objects under specified conditions to compare actual and expected behaviors? |
Testing
|
|
Regarding auditing (NIST standards), what is the process of checking, inspecting, reviewing, observing, studying or analyzing one or more assessment objects to facilitate understanding, achieve clarification, or obtain evidence?
|
Examination
|
|
Regarding auditing (NIST standards), what is the process of conducting discussions with individuals o groups within an organization to facilitate understanding, achieve clarification, or identify the location of evidence. |
Interviewing |
|
What is the difference between a vulnerability assessment and penetration testing? |
VA - Done by admins PT - Done by hired hackers |
|
For Penetration testing, what are white, grey, and black box? |
White: have full knowledge of network Grey: limited knowledge (costs less than black box) Black: no knowledge (hacker approach) |
|
What are the 3 types of pentesting? |
1. Physical Security
2. Operational Security 3. Electronic Security |
|
What is NIST's 800-137 that includes: Define Establish Implement Analyze/Report Respond Review/Update |
CM - Continuous Monitoring |
|
Define: Emergency Reboot Cold Start |
System Reboot: System shuts itself down safely and restarts.
Emergency Reboot: System can't recover and basically restarts in "special or safe mode" Cold Start: User intervention (manual reboot) |
|
What is superzapping? |
A utility to bypass access controls of an operating system. Administrators can use these for quick changes. Nothing is logged, so attackers can use them for malicious purposes. |
|
What is it called when a packet is modified to have the same destination and origin address? |
Denial Of Service |
|
What is another name for a Browsing Attack? |
Shoulder surfing |
|
Juggernaut and Hunt are tools used for what kind of attack? |
Session Hijacking |
|
What is Kerckhoff's principle and why is it relevant? |
The only secret portion to a cryptosystem should be the key so that the algorithms can be stronger |
|
What is required for a secure Vernam cipher? |
The pad must be used just one time |
|
What are the RMF Steps? |
Cat Sat On it's Assets All Morning... CSOAAM |
|
How are Type 1 and Type 2 Hypervisors different? What is the industry standard? |
Type 1 - standard, installed from scratch Type 2: installed over Windows |