brannewdon's version from 2017-06-08 02:41


Question Answer
F1-F5Mirror Funct of Orange Book
F6High Integrity Reqs (Databases)
F7High Availability
F8High Integrity for Communication
F9High Confidentiality
F10High Confidentiality and Integrity for Data Networks


Question Answer
E0Inadequate assurance
E1General Description
E2Configuration and Process Control
E3Source Code Analysis
E4Formal Model of Security Policy
E5Vuln Analysis
E6Formal Specs

Common Criteria (Apply to Product not System): the numerical rating describing the depth and rigor of an evaluation

Question Answer
EAL 1Functionally Tested
EAL 2Structurally Tested
EAL 3Methodically Tested and Checked
EAL 4Methodically Designed, Tested, and Checked
EAL 5Semi-formally Designed and Tested
EAL 6Semi-formally Verified, Designed, and Tested

Common Criteria (Apply to Product not System): the numerical rating describing the depth and rigor of an evaluation

Question Answer
Target Of Evaluation (TOE)the product or system that is the subject of the evaluation.
Protection Profile (PP) identifies security requirements for a class of security devices (relevant to that user for a particular purpose)
Security Target (ST)dentifies the security properties of the target of evaluation
Security Functional Requirements (SFRs)specify individual security functions which may be provided by a product
Security Assurance Requirements (SARs)descriptions of the measures taken to assure compliance with the claimed security functionality

Max Tolerable Downtime:

Question Answer
Non-essential30 days
Normal7 days
Important72 hours
Urgent24 hours
Criticalmin to hours

802.11 Wireless

Question Answer
802.11b11 Mbps at 2.4 Ghz
802.11a54 Mbps at 5 Ghz
802.11g54 Mbps at 2.4 Ghz
802.11n144 Mbps at both 2.4 Ghz and 5 Ghz
802.11iWifi Protected Access 2 (WPA2) - AES
802.15Wireless Personal Area Networks
802.16Wireless MAN


Question Answer
T1DS-1 - 1.544 Mbps (Telephone)
T3DS-3 - 44.736 Mbps (Telephone, 28 T1's)
E12.048 Mbps
E334.368 Mbps (16 E1's)

DSL Speed

Question Answer
ADSLdown 1.5 to 9 Mbps, up 16 to 640 Kbps
DSLdown/up 1.544 Mbps
HDSLdown/up 1.544 Mbps
VDSLdown 13 to 52 Mbps, up 1.5 to 2.3 Mbps

Connection Feet

Question Answer
ADSL18,000 ft.
DSL10,000 ft.
HDSL12,000 ft.
VDSL1,000 to 4,500 ft.
Cable Modem1,000 to 4,500 ft.

UTP Cables

Question Answer
CAT 1/2Voice, low-speed data (4 Mbps)
CAT 310 Mbps
CAT 416 Mbps
CAT 5100 Mbps to 1 Gbs
CAT 5e/61,000 Mbps


Question Answer
Generation 1Packet Filtering ( router w/ ACLs)
Generation 2Proxy (Circuit and Application)
Generation 3Stateful (SYN, SYN-ACK, ACK)
Generation 4Dynamic Packet (Open/Close Dynamically)
Generation 5Kernel Proxies (Create Virtual Network)

CMM (Capability Maturity Model)

Question Answer
Level 1Initial (ad hoc, chaotic, few defined processes, individual efforts/heroics)
Level 2Repeatable (Basic Project Management)
Level 3Defined (Documented, Standardized, Integrated into Process)
Level 4Managed (Detailed Measures of process and quality are collected, Quantitatetively understood)
Level 5Optimizing (Continuous process improvement)


Question Answer
Level 0Striping (Improves Performance, NO Redundancy)
Level 1Mirroring (Improved Redundancy)
Level 2Code Parity (Goofy 39 Disks, 7 error recovery)
Level 3Byte-Level Parity (if you loose two, you are screwed)
Level 4Block-Level Parity (if you loose two, you are screwed)
Level 5Interleave Parity (Speed and Redundancy, does not address controller)
Level 6Second Independent Parity (Level 1 - Mirroring and Level 5 - Interleave Parity)
Level 7Single Virtual Disk (continues to operate if any disk fails)

Power Anomalies

Question Answer
BlackoutProlonged loss of power
BrownoutPower degradatioin that is low and less than normal
SagMomentary low voltage
FaultMomentary loss of power
SpikeMomentary high voltage
SurgeProlonged high voltage
NoiseInterference superimposed onto the power line
TransientNoise disturbances of a short duration
InrushInitial surge of power at startup

Fire-suppression methods

Question Answer
Class Acombustibles, paper or wood (water or soda acid)
Class Bgasoline or oil (CO2, soda acid, halon)
Class Celectronic or computer fire (CO2, FM200, halon)
Class Dcombustible metals (dry powder, special techniques)

Quantitative analysis

Question Answer
EF (exposure factor)% of an asset loss caused by an identified threat
SLE (single loss expectancy)Asset value x Exposure factor
ARO (annualized rate of occurrence)Estimated frequency a threat will occue within a year
ALE (annualized loss expectancy)Single loss expectancy x annualized rate of occurrence

Ways to address risk

Question Answer
Risk acceptanceDeal with risk by accepting potential cost and loss
Risk transferencePurchases insurance to transfer risk to third party
Risk mitigationImplements a countermeasure to alter or reduce the risk

Security document types

Question Answer
PoliciesGeneral statement produced by senior management
StandardsTactical documents that are more specific than policies
GuidelinesPoint to a statement in a policy or procedure by which to determine a course of action
ProceduresThe lowest level in the policy that provides step-by-step instructions to achieve certain task

Protection rings

Question Answer
Ring 0Operating System
Ring 1Remaining parts of the Operating System
Ring 2Utilities and I/O
Ring 3Applications and programs


Question Answer
DMinimal Protection
C1Discretionary Protection
C2Controlled Access Protection
B1Labeled Security
B2Structured Protection
B3Security Domains
A1Verified Protection

CIA Triad

Question Answer
ConfidentialityHigh level of assurance that data, objects, or resources are restricted from unauthorized subjects
IntegrityHigh level of assurance that the data, objects, and resources are unaltered from the original protected state
AvailabilityHigh level of assurance that the data, objects, and resources are accessible to authorized subjects

Elements of AAA

Question Answer
IdentificationSubject professes an identity and accountability is initiated
AuthenticationVerify or test that the claimed identity is valid and authenticated
AuthorizationEnsures requested activity or access to an object is possible given the rights and privileges assigned to the authenticated identity
AuditingTracking the subjects actions for the purpose of holding the subject accountable for their actions
AccountabilitySubject held responsible for their actions
NonrepudiationEnsure subject of an activity or event cannot deny that the event occurred

Security Roles

Question Answer
Data OwnerUltimately responsible for data classification
Data CustodianResponsible for Implementing the prescribed protection defined by policy.

Threat Types

Question Answer
SpoofingFalsified identity
TamperingUnauthorized changes or manipulation of data
RepudiationDenial of having performed an act or activity
Information DisclosureRevelation or distribution of private, confidential, or controlled information to unauthorized entities
Denial of Service (DoS)Prevent authorized use of a resource
Privilege EscalationLimited user account is tranformed into an account with greater privileges, powers, and access

Risk Terminology

Question Answer
AssetAnything that should be protected
Asset Valuation Dollar value assigned to an asset
ThreatAny potential occurrence that may cause unwanted outcome
VulnerabilityWeakness in an asset or absence or the weakness of a safeguard or countermeasure
ExposureBeing susceptible to asset loss because of a threat
RiskPossibility or likelyhood a threat will exploit a vulnerability to cause harm to an asset
SafeguardsReduces or removes a vulnerability of protects against threats
AttackExploitation of a vulnerability by a threat agent
BreachOccurrence of a security mechanism being bypassed of thwarted by a threat agent

Control Types

Question Answer
DeterrentUsed to discourage violation of security policies
PreventiveUsed to thwart or stop unwanted or unauthorized activity from occurring
DetectiveUsed to discover of detect unwanted or unauthorized activity
CompensatingProvides options to existing controls to aid in enforcement of security policy
CorrectiveModifies the environment to return systems to their normal state
RecoveryExtension of corrective controls
DirectiveDeployed to direct, confine, or control the actions of subjects

Destroying Data

Question Answer
ErasingDelete operation against a file
ClearingProcess of preparing data for reuse and assuring cleared data cannot be recovered using traditional recovery tools
PurgingProvides level of assurance that the original data is not recoverable using any known methods
DeclassificationAny process that purges media or a system in preparation for reuse in an unclassified environment
SanitizationCombination of processes that removes data from a system or from media
DegaussingMagnetic field utilized to erase data of media
DestructionMedia cannot be reused or repaired