CISSP ver 2.0 (2015-2016)_Part 1

klct555's version from 2017-03-26 02:57

Example of Security Models (Bell-LaPadula Confidentiality Model)

Question Answer
Simple security propertyNo read up (RU)
* propertyNo write down (WD)
Strong * propertyAll interactions at same level

Example of Security Models (Biba Integrity Model)

Question Answer
Simple security propertyNo read down (RD)
* integrity propertyNo write up (WU)
Invocation propertyNo service request to object at higher level

Example of Security Models (more)

Question Answer
Clark-Wilson Integrity ModelFocuses on integrity at transition level, addresses three goals of integrity, SOD, internal consistency
Lipner ModelCombines elements of BLP and Biba model ( First to separate objects into data and programs)
Brewer-Nash ModelChinese Wall, Focus is on preventing conflicts of interest among competitors when a subject have access to objects (access control rules change based on subject behavior)
Graham-Denning ModelDefines eight protection rights (create o/s, delete o/s, read access right, grant access right, delete access right, and transfer access right)
Harrison-Ruzzo-Ullman Model Composed of generic rights and finite commands

Event Log Retention Requirements

Question Answer
SOX7 years
PCI1 year
HIPAA7 years
GLBA6 years
NERC3 years
FISMA3 years
EU DR Directive 2 years
Basel II7 years


Question Answer
AtomicDivides transactions into units of work, all modifications take effect or none ( then a rollback)
ConsistentAll records follow integrity constraints (All or None)
IsolatedTransactions executed in isolation until completed
DurableNot reversible once committed


Question Answer
EEl Gamal
HashOne-way algorithm, no key
SSHA (3)
HHaval (v)
SymmetricEncryption, one key
AAES (128k, 10r, 192k, 12 r, 256k, 14r)
RRC 4, 5, 6
BBlowfish(AES) Variable block 32-448 bit keys
IIDEA(AES) 64 bit block, 128-bit key 8 rounds PGP
DDES 64 bit block 56 bit key 16 rounds

Common Ports

Question Answer

Quantitative Risk Analysis

Question Answer
Exposure Factor (EF)% of asset loss caused by identified threat
Single Loss Expectancy (SLE)Asset Value (AV) x Exposure Factor (EF) = SLE
Rate of Occurrence (ARO)Estimated frequency a threat will occur within a year
Annualized Loss Expectancy (ALE)SLE * ARO = ALE

Disaster Recovery Plan Test Types

Question Answer
Checklist TestCopies of the plan are distributed to management for review
Structured WalkThrough test business unit management meets to review the plan
Simulation TestAll support personnel meet in a practice room
Parallel testCritical systems are run at an alternate site
Full-InterruptionTest Normal production shut down, with real disaster recovery processes
Electronic vaultingTransfer of backup data to an offsite storage location via communication lines
Remote Journaling Parallel processing of transactions to an alternative site via communication lines
Database shadowingLive processing of remote journaling and creating duplicates the database sets to multiple servers


Question Answer
Boot sector infectorAttach or replace boot record (brain, stoned and Michelangelo)
System infectorAttached to system files or system structure (Lehigh, MTX, Magistr)
CompressionA appended to executables
Companion virusDoes not psychically touch the target file
Stealth virusHides modifications to files or boot records and itself
Multipart virusInfects both the boot sector and executable files; becomes resident first in memory and then infects the boot sector and finally the entire system
Self-garbling virusAttempts to hide by garbling its code; as it spreads, it changes the way its code is encoded
Polymorphic virusThis is also a self-garbling virus where the virus changes the "garble" pattern each time is spreads. As a result, it is also difficult to detect.
Macro virusUsually written in Word Basic, Visual Basic or VBScript and used with MS Office
Resident virusVirus that loads when a program loads in memory
Non-resident virusAttached to .exe


Question Answer
Wet pipeAlways contains water, fuse nozzle melts at 165F
Dry pipeWater in tank until clapper valve releases it
DelugeDouches, large amounts of water/foam The same as a dry pipe system except the sprinkler head is open.
Pre-actionCombine the use of wet and dry pipe system.


Question Answer
Class ACommon WATER, SODA ACID (C)
Class BLiquids----GAS/CO2, SODA ACID (L)
Class CElectrical-----GAS/CO2 (E)
Class DMetals----DRY POWDER (M)

Common Criteria (Apply to Product not System)

Question Answer
EAL 1Functionally Tested (lowest rating) (F)
EAL 2Structurally Tested (S)
EAL 3Methodically Tested and Checked (M)
EAL 4Methodically Designed, Tested, and Checked (medium rating) (M)
EAL 5Semi-formally Designed and Tested (S)
EAL 6Semi-formally Verified, Designed, and Tested (S)
EAL 7Formally verified, designed and tested (highest rating) (F)

Common Criteria (Apply to Product not System)

Question Answer
Target Of Evaluation (TOE)The product or system that is the subject of the evaluation.
Protection Profile (PP)Identifies security requirements for a class of security devices (relevant to that user for a particular purpose)
Security Target (ST)Identifies the security properties of the target of evaluation
Security Functional Requirements (SFRs)Specify individual security functions which may be provided by a product
Security Assurance Requirements (SARs)Descriptions of the measures taken to assure compliance
with the claimed security functionality

TCSEC (Orange book)

Question Answer
DMinimal protection, any systems that fails higher levels (M)
C1Discretionary protection (identification, authentication, resource protection). (D)
C2Controlled access protection (object reuse, protect audit trail). (C)
B1Mandatory protection (security labels) based on BellLaPadula security model. Labeled security (process isolation, devices labels). (M)
B2Structured protection (trusted path, covert channel analysis). Separate operator/admin roles. Configuration management (S)
B3Security domain (trusted recovery, Monitor event and notification). (S)
A1Verified design (V)
AVerified protection (V)

Max Tolerable Downtime:

Question Answer
Non-essential30 days
Normal7 days
Important72 hours
Urgent24 hours
CriticalMins to hours


Question Answer
T1DS-1 - 1.544 Mbps (Telephone)
T3DS-3 - 44.736 Mbps (Telephone, 28 T1's)
E12.048 Mbps
E334.368 Mbps (16 E1's)
802.5Token Ring IEEE
FDDIToken-passing dual token ring with fiber optic
ARCnetUses token –passing in a star technology on coax
10base2185 meters w/coax cables
10 base5coax up to 500 meters

IP Class

Question Answer
Class A - Large Network1 - 127
Class B - Medium Sized128 - 191
Class C - Small Sized192 - 223
Class D - Multicast224 - 239
Class E - Reserved240 - 255

DSL Speed xDSL Digital Subscriber Line

Question Answer
ADSL (Asymmetric)down 1.5 to 9 Mbps, up 16 to 640 Kbps
DSL (Symmetric)down/up 1.544 Mbps
HDSL (High Rate)down/up 1.544 Mbps
VDSL (Very High)down 13 to 52 Mbps, up 1.5 to 2.3 Mbps

Connection Feet

Question Answer
ADSL (Asymmetric)18,000 ft.
DSL (Symmetric)10,000 ft.
HDSL (High Rate)12,000 ft.
VDSL (Very High)1,000 to 4,500 ft.
Cable Modem1,000 to 4,500 ft.

UTP Cables

Question Answer
CAT1/2 Voice, low-speed data (4 Mbps) telephone
CAT 310 Mbps (10 Base T)
CAT 416 Mbps (Token Ring)
CAT 5100 Mbps to 1 Gbs
CAT 5e/61,000 Mbps
Cat 71 Gbps


Question Answer
Generation 1 (P)Packet Filtering ( router w/ ACLs) simple
Generation 2 (P)Proxy (Circuit and Application)
Generation 3 (S)Stateful (SYN, SYN-ACK, ACK)
Generation 4 (D)Dynamic Packet (Open/Close Dynamically)
Generation 5 (K)Kernel Proxies (Create Virtual Network)

Firewall Architecture

Question Answer
Packet FilteringRouter sits between trusted and un-trusted network, sometimes used as boundary router. (Uses ACL’s)
Screened-Host FirewallHas both a packet-filter router and a bastion host. Provides both network layer (package filtering) as application layer (proxy) server.
Dual Homed Host FirewallConsists of a host with 2 NIC’s. One connected to trusted, one to un-trusted. Can thus be used as translator between 2 network types like Ethernet/token ring.
Screened-Subnet FirewallsHas also defined a De-Militarized Zone (DMZ) - a small network between trusted an untrusted.
Socks FirewallEvery workstation gets some Socks software to reduce overhead

CMM (Capability Maturity Model)

Question Answer
Level 1Initial (ad hoc, chaotic, few defined processes, individual efforts/heroics)
Level 2Repeatable (Basic Project Management)
Level 3Defined (Documented, Standardized, Integrated into Process)
Level 4Managed (Detailed Measures of process and quality are collected, Quantitatetively understood)
Level 5Optimizing (Continuous process improvement)

System Development Life Cycle

Question Answer
Project initiationFeasibility, cost, risk analysis, Management approval, basic security objectives
Functional analysis and planningDefine need, requirements, review proposed security controls
System design specificationsDevelop detailed design specs, Review support documentation, Examine security controls
Software DevelopmentProgrammers develop code. Unit testing Check modules. Prototyping, Verification, Validation
Acceptance Testing and ImplementationSeparation of duties, security testing, data validation, bounds checking, certification, accreditation
Operations and MaintenanceRelease into production. Certification/accreditation
Revisions/ DisposalRemove. Sanitation and destruction of unneeded data


Question Answer
Level 0Striping (Improves Performance, NO Redundancy) (S)
Level 1Mirroring (Improved Redundancy) Expensive (M)
Level 2Code Parity (Goofy 39 Disks, 7 error recovery) (C)
Level 3Byte-Level Parity (three separate physical drives, byte-level striping, plus one additional physical drive for parity data) (B)
Level 4Block-Level Parity (if you loose two, you are screwed) (B)
Level 5Interleave Parity (Speed and Redundancy, stripes data and parity at block level) (I)
Level 6Second Independent Parity (Level 1 - Mirroring and Level 5 - Interleave Parity) (S)
Level 7Single Virtual Disk (continues to operate if any disk fails) (S)

Roles and Responsibilities

Question Answer
Senior ManagerUltimate responsibility
Information Security OfficerFunctional responsibility
Security AnalystStrategic, develops policies and guidelines
Security AdministratorManages Access
Help/Service Desk AdministratorConfigures Network, server hardware and OS
Business Continuity PlannerDevelops contingency plan for events negatively impacting oganization
Data/Info/Business OwnerResponsible for asset - Determine level of classification - Review and change classification - Can delegate responsibility to data custodian - Authorize user privileges
Data/Information Custodian/StewardRun regular backups/restores and validity of them - Insuring data integrity and security (CIA) - Maintaining records in accordance to classification - Applies user authorization
End-userUses information as their job - Follow instructions in policies and guidelines - Due care (prevent open view by e.g. Clean desk) - Use corporation resources for corporation use
AuditorExamines security controls

Network Layers OSI MODEL

Question Answer
Application – L7FTP, SMB, TELNET, TFTP, SMTP, HTTP, NNTP, CDP, GOPHER, SNMP, NDS, AFP, SAP, NCP, SET. Technology: Gateways. User data
Presentation – L6Translations like EBCDIC/ANSI; compression/decompression and encryption/decryption. Standards like JPEG, TIFF, MID. Technology: Gateway. Messages (CASE/SASE)
Session -L5Inter-host communication, simplex, half duplex, full duplex. Protocols as NetBIOS, PAP, RPC, SOCKS, SCP. Technology: Gateway
Transport – L4End-to-end data transfer services and reliability. Technology: Gateways. Datagrams Protocols: TCP, UDP, SSL, SSH-2, SPX, URG, ACK, PSH, SYN, FIN, RST
Network – L3Path selection and logical addressing. Technology: Virtual circuits (ATM), routers. Packets Message routing, error detection and control of node data are managed. IP, IPSEC, ICMP, BGP, OSPF, RIP, BOOTP, DHCP, ZIP, DDP, X.25 and IGMP
Data Link – L2This layer deals with addressing physical hardware. Translates data into bits and formats them into data frames with destination header and source address. Error detection via checksums. LLC: the Logical Link Control Sub layer. Flow control and error notification MAC: the Media Access Control layer. Physical addressing. Concerns frames, logical topologies and MAC-addresses Protocols: L2F, PPTP, L2TP, PPP, SLIP, ARP, RARP, SLARP, IARP, SNAP, BAP, CHAP, LCP, LZS, MLP, Frame Relay, Annex A, Annex D, HDLC, BPDU, LAPD, ISL, MAC, Ethernet, Token Ring, FDDI
Physical – L1Coverts bits into voltages or light impulses. Hardware and software drivers are on this level. It sends and receives bits. PT: BUS, MESH, STAR, TREE, RING

Network layers TCP/IP Model

Question Answer
Application – Layer 4(Application/Presentation/Session) Applications and processes that uses the network (TCP: Stream/UDP: Message)
Host-to-Host – Layer 3(Transport) End-to-end data delivery controls the communication flow between hosts. (TCP: Segment/ UDP: Packet)
Internet – Layer 2(Network layer) Defines the IP datagram and handles routing of data across networks Protocols: IP, ARP, RARP, ICMP (datagram)
Network access – Layer 1(Data link, Physical) Routines for accessing physical networks and the electrical connection (frame)

LAN Devices

Question Answer
RepeatersOperate at Physical layer, re-amplify signals (Physical)
HUBSOperate at Physical layer, retransmit signals (Physical)
BridgesOperate at Layer 2, filter traffic (Data link)
SwitchesOperate at Layer 2, forwards broadcasts and frames. (Data link)
RoutersForward packets between computer networks.
GatewaySoftware that acts as access point to another network or device that translates between different protocols (layer 4 up to layer 7)
LAN extendersRemote access, multi layer switch that connects LANs over a WAN
ModemConverts digital to analog/analog to digital signals

Recent badges