Give us your feedback!
Question:
How many levels are there in the latest (June 2013) OSI model?
Response:
8
6
10
5
7
Which of the following is primarily focused on reducing risk?
Detective
Preventative
Corrective
Deterrent
Recovery
Work factor is defined as:
the amount of effort/time required by an administrator to establish a reasonable system security plan
the amount of effort/time required to maintain an established security plan once it has been implemented
the amount of effort/time required by an attacker to overcome a protective measure
the amount of effort/time required by an algorithm to fully encrypt or decrypt a message
Match the following terms to definitions
Training, configuration management of documentation, risk management
Administrative controls
Firewalls, IDS, encryption
Technical controls
Lighting, Fencing, guard patrols
Physical Controls
In MAC the access policy is set by:
the GPO
the system
the owner
network ACL
the role
Match the following cryptology tools and technologies
One-time pads
Manual
Still in use in some instances. Recall, one-time pads are the most secure approach
Enigma machine
Electro-mechanical
Electrical lights, mechanical crank/spinwheel
AES, RSA Algorithms
Electronic
I know, you wanted to think "digital" but technically, electronic works as well
Cipherdisks
Mechanical
Think ceasar's spin wheel here
Single photon emissions
Quantum cryptography
used to provide secure key negotiation. After the test, go google "einstein spooky action" to see what will keep future CISSP's from sleeping at night
Biometric authentication is most often hampered by:
Initial Registration
Cost to implement
Rings/Weight change
User acceptance
Match the following examples to their definitions
Unpatched servers
Vulnerability
A virus that relies on unpatched code or OS levels
Threat
The likelihood a threat will be realized, the frequency of natural disasters
Risk
$1M dollars per day downtime
Exposure
A proxy server
Countermeasure
Which classification of fuel type is a computer given?
A
D
C
B
Falsely rejecting an authorized user is:
CER or Type III error
FRR or Type I error
FRA or Type IV error
FAR or Type II error
Which of the following is the highest in the OSI model:
Transport
Network
Presentation
Physical
Data Link
Which of the following is the lowest in the OSI model:
Session
Bell-La Padula focuses primarily on:
Data Integrity
Accessibility
Authentication
Availability
Confidentialty
Which access control includes motion detectors?
Administrative
Technical
Organizational
Which of the following would be the least useful in attempting to crack a password?
brute force/dictionary attack
John the Ripper
LophtCrack
MAC the Knife
Packet sniffing
