wexamaxi's version from 2017-04-25 03:49


Question Answer
F1-F5Mirror Funct of Orange Book
F6High Integrity Reqs (Databases)
F7High Availability
F8High Integrity for Communication
F9High Confidentiality
F10High Confidentiality and Integrity for Data Networks


Access Control: Centralized-(RADIUS/TACACS), Decentralized
Question Answer
IdentificationClaim Accountability
AuthenticationVerifying Identity - Type 1 - Something You Know, Type 2 - Something You Have, Type 3 - Something You Are
AccountabilityAudits Compare Authen/Author - Proof
AuthorizationGiven Rights & Privileges
Preventive: Job Rotation, Data Classification, Encryption, Biometrics, Auditing, Smart Cards, Call Back, Security Policies
Deterrent: Locks, Fences, Security- Badges, Guards, Mantraps, Separation of Duties, Work Task Procedures
Detective: CCTV, Motion detectors, Audit trails, honeypots, IDS, Violation reports
Corrective: IDS, Antivirus solutions, alarms, BCP, Security policies
Recovery: Backups and Restores, Fault-tolerant, server clustering, database or virtual machine shadowing
Compensation: Aid in enforcement, additional-monitoring, personnel supervision, security policy requirements
Directive: Security policy requirements, posted notifications, escape route exit signs, monitoring, awareness training
Administrative: Policies and Procedures - Hiring practices, background checks, data classification, security training, vacation history
Logical/Technical: Encryption, Protocols, Passwords, Biometrics, ACL's, Constrained Interfaces, Firewalls, Routers, IDS, Clipping levels
Physical: Guards, Fences, Locked doors, Sealed windows, Lights, Cable protections, Mantraps, Alarms
SSO: Kerberos, SESAME, KryproKnight, NetSP, thin clients, directory services, scripted access (Logon scripts)
MAC: Lattice Models - Military Clearance Levels, Hierarchical, Compartmentalized, Hybrid Environments, Security Models, Prohibitive
DAC: Owner's Discretion, Each ACL, Scalable, Least Privilege
RBAC: Job Role, TaskBased, Volatile, best frequent personnel changes
RuBAC: NonDiscretionary, Rules, Restrictions


Question Answer
E0Inadequate assurance
E1General Description
E2Configuration and Process Control
E3Source Code Analysis
E4Formal Model of Security Policy
E5Vuln Analysis
E6Formal Specs

Common Criteria (Apply to Product not System): the numerical rating describing the depth and rigor of an evaluation

Question Answer
EAL 1Functionally Tested
EAL 2Structurally Tested
EAL 3Methodically Tested and Checked
EAL 4Methodically Designed, Tested, and Checked
EAL 5Semi-formally Designed and Tested
EAL 6Semi-formally Verified, Designed, and Tested

Common Criteria (Apply to Product not System): the numerical rating describing the depth and rigor of an evaluation

Question Answer
Target Of Evaluation (TOE)the product or system that is the subject of the evaluation.
Protection Profile (PP) identifies security requirements for a class of security devices (relevant to that user for a particular purpose)
Security Target (ST)dentifies the security properties of the target of evaluation
Security Functional Requirements (SFRs)specify individual security functions which may be provided by a product
Security Assurance Requirements (SARs)descriptions of the measures taken to assure compliance with the claimed security functionality

Max Tolerable Downtime:

Question Answer
Non-essential30 days
Normal7 days
Important72 hours
Urgent24 hours
Criticalmin to hours

802.11 Wireless

Question Answer
802.11b11 Mbps at 2.4 Ghz
802.11a54 Mbps at 5 Ghz
802.11g54 Mbps at 2.4 Ghz
802.11n144 Mbps at both 2.4 Ghz and 5 Ghz
802.11iWifi Protected Access 2 (WPA2) - AES
802.15Wireless Personal Area Networks
802.16Wireless MAN


Question Answer
T1DS-1 - 1.544 Mbps (Telephone)
T3DS-3 - 44.736 Mbps (Telephone, 28 T1's)
E12.048 Mbps
E334.368 Mbps (16 E1's)

DSL Speed

Question Answer
ADSLdown 1.5 to 9 Mbps, up 16 to 640 Kbps
DSLdown/up 1.544 Mbps
HDSLdown/up 1.544 Mbps
VDSLdown 13 to 52 Mbps, up 1.5 to 2.3 Mbps

Connection Feet

Question Answer
ADSL18,000 ft.
DSL10,000 ft.
HDSL12,000 ft.
VDSL1,000 to 4,500 ft.
Cable Modem1,000 to 4,500 ft.

UTP Cables

Question Answer
CAT 1/2Voice, low-speed data (4 Mbps)
CAT 310 Mbps
CAT 416 Mbps
CAT 5100 Mbps to 1 Gbs
CAT 5e/61,000 Mbps


Question Answer
Generation 1Packet Filtering ( router w/ ACLs)
Generation 2Proxy (Circuit and Application)
Generation 3Stateful (SYN, SYN-ACK, ACK)
Generation 4Dynamic Packet (Open/Close Dynamically)
Generation 5Kernel Proxies (Create Virtual Network)

CMM (Capability Maturity Model)

Question Answer
Level 1Initial (ad hoc, chaotic, few defined processes, individual efforts/heroics)
Level 2Repeatable (Basic Project Management)
Level 3Defined (Documented, Standardized, Integrated into Process)
Level 4Managed (Detailed Measures of process and quality are collected, Quantitatetively understood)
Level 5Optimizing (Continuous process improvement)


Question Answer
Level 0Striping (Improves Performance, NO Redundancy)
Level 1Mirroring (Improved Redundancy)
Level 2Code Parity (Goofy 39 Disks, 7 error recovery)
Level 3Byte-Level Parity (if you loose two, you are screwed)
Level 4Block-Level Parity (if you loose two, you are screwed)
Level 5Interleave Parity (Speed and Redundancy, does not address controller)
Level 6Second Independent Parity (Level 1 - Mirroring and Level 5 - Interleave Parity)
Level 7Single Virtual Disk (continues to operate if any disk fails)