| security final |
 vainvern |
|
| Front | Back | |
. ____ is the presentation of credentials or identification, typically performed when logging on to a system.
|
Identification
| |
is the verification of the credentials to ensure that they are genuine and not fabricated.
|
authentication
| |
____ is granting permission for admittance.
|
authorization
| |
____ is the right to use specific resources.
|
access
| |
There are several types of OTPs. The most common type is a ____ OTP.
|
time-synchronized
| |
A ____ fingerprint scanner requires the user to place the entire thumb or finger on a small oval window on the scanner.
|
static
| |
A ____ fingerprint scanner has a small slit or opening. Instead of placing the entire finger on the scanner the finger is swiped across the opening.
|
dynamic
| |
____ time is the time it takes for a key to be pressed and then released.
|
dwell
| |
. ____, such as using an OTP (what a person has) and a password (what a person knows), enhances security, particularly if different types of authentication methods are used. |
two factor authentication
| |
____ requires that a user present three different types of authentication credentials.
|
three factor authentication
| |
____ is a feature of Windows that is intended to provide users with control of their digital identities while helping them to manage privacy.
|
windows cardspace
| |
____ is a decentralized open source FIM that does not require specific software to be installed on the desktop.
|
openid
| |
____ is an authentication system developed by the Massachusetts Institute of Technology (MIT) and used to verify the identity of networked users.
|
keberos
| |
____ is an industry standard protocol specification that forwards username and password information to a centralized server.
|
tacacs+
| |
The International Organization for Standardization (ISO) created a standard for directory services known as ____.
|
x.500
| |
The ____, sometimes called X.500 Lite, is a simpler subset of DAP.
|
Ldap
| |
The management protocol of IEEE 802.1x that governs the interaction between the system, authenticator, and RADIUS server is known as the ____.
|
eap
| |
____ is a very basic authentication protocol that was used to authenticate a user to a remote access server or to an Internet service provider (ISP).
|
pap
| |
____ refers to any combination of hardware and software that enables access to remote users to a local internal network.
|
ras
| |
. A(n) ____ uses an unsecured public network, such as the Internet, as if it were a secure private network.
|
vpn
| |
A(n) ____ is the end of the tunnel between VPN devices.
|
endpoint
| |
In information security, a ____ is the likelihood that a threat agent will exploit a vulnerability.
|
risk
| |
____ generally denotes a potential negative impact to an asset.
|
risk
| |
The goal of ____ is to better understand who the attackers are, why they attack, and what types of attacks might occur.
|
threat modeling
| |
Known as ____, this in effect takes a snapshot of the security of the organization as it now stands.
|
vulnerability apprasial
| |
The ____ is the expected monetary loss every time a risk occurs.
|
single loss expentancuy (SLE)
| |
The ____ is the expected monetary loss that can be expected for an asset due to a risk over a one-year period.
|
Annualized Loss Expectancy (ALE)
| |
In a ____, the risk is spread over all of the members of the pool.
|
risk retention pool
| |
Identifying vulnerabilities through a(n) ____ determines the current security weaknesses that could expose assets to threats.
|
Velnerability appraisal
| |
Most communication in TCP/IP involves the exchange of information between a program running on one device (known as a ____) and the same or a corresponding process running on another device.
|
process
| |
TCP/IP uses a numeric value as an identifier to applications and services on the systems. These are known as the ____.
|
port number
| |
____ are typically used to determine the state of a port to know what applications are running and could be exploited.
|
Port scanners
| |
A(n) ____ port means that the application or service assigned to that port is listening.
|
open
| |
A(n) ____ port indicates that no process is listening at this port.
|
closed
| |
A(n) ____ port means that the host system does not reply to any inquiries to this port number.
|
blocked
| |
____ are software tools that can identify all the systems connected to a network.
|
network mappers
| |
____ provides support to IP in the form of ICMP messages that allow different types of communication to occur between IP devices.
|
icmp
| |
The key feature of a protocol analyzer is that it places the computer's network interface card (NIC) adapter into ____, meaning that NIC does not ignore packets intended for other systems and shows all network traffic.
|
promiscuous mode
| |
____ is a generic term that refers to a range of products that look for vulnerabilities in networks or systems.
|
vulnerability scanner
| |
____ is a “common language” for the exchange of information regarding security vulnerabilities.
|
oval
| |
____ programs use the file of hashed passwords and then attempts to break the hashed passwords offline.
|
password cracker
| |
____ is a method of evaluating the security of a computer system or network by simulating a malicious attack instead of just scanning for vulnerabilities.
|
penetration testing
| |
____ is the process of assigning and revoking privileges to objects; that is, it covers the procedures of managing object authorizations.
|
privilege managment
| |
The ____ is typically defined as the person responsible for the information, who determines the level of security needed for the data, and delegates security duties as required
|
owner
| |
The ____ is the individual to whom day-to-day actions have been assigned by the owner and who periodically reviews security settings and maintains records of access by end users.
|
custodian
| |
The Windows file and folder ____ permission allows files or folders to be opened as read-only and to be copied.
|
read
| |
The Windows file and folder ____ permission allows the creation of files and folders, and allows data to be added to or removed from files.
|
write
| |
The Microsoft ____ infrastructure is a mechanism to centrally configure and secure a common set of computer and user configurations and security settings to Windows servers, desktops, and users in an AD.
|
group policy
| |
____ is part of the pre-trial phase of a lawsuit in which each party through the law of civil procedure can request documents and other evidence from other parties or can compel the production of evidence by using a subpoena.
|
discovery
| |
ILM strategies are typically recorded in ____ policies.
|
storage and retention
| |
____ assigns a level of business importance, availability, sensitivity, security and regulation requirements to data.
|
data classification
| |
____ means permissions given to a higher level “parent” will also be inherited by a lower level “child.”
|
inheritance
| |
____ is the process for generating, transmitting, storing, analyzing, and disposing of computer security log data.
|
log managment
| |
____ servers are intermediate hosts through which Web sites are accessed.
|
proxy
| |
____ logs can be used to determine whether new IP addresses are attempting to probe the network and if stronger firewall rules are necessary to block them.
|
firewall
| |
A(n) ____ is an occurrence within a software system that is communicated to users or other programs outside the operating system.
|
event
| |
____ are operational actions that are performed by the operating system, such as shutting down the system or starting a service.
|
system events
| |
Logs based on ____ are the second common type of security-related operating system logs.
|
audit records
| |
____ refers to a methodology for making changes and keeping track of those changes, often manually.
|
change managment
| |
. ____ monitoring is designed for detecting statistical anomalies.
|
anomaly based
| |
____ monitoring compares activities against a predefined signature.
|
signature-based
| |
A ____ baseline is a reference set of data established to create the “norm” of performance for a system or systems.
|
performance baseline
| |
A ____ monitor is typically a low-level system program that uses a notification engine designed to monitor and track down hidden activity on a desktop system, server, or even personal digital assistant (PDA) or cell phone.
|
system
| |
Changing the original text to a secret message using cryptography is known as ____.
|
encryption
| |
Data that is in an unencrypted form is called ____ data.
|
cleartext
| |
____, also called a one-way hash, is a process for creating a unique “signature” for a set of data.
|
hashing
| |
____ is a relatively recent cryptographic hash function that has received international recognition and adoption by standards organizations.
|
whirlpool
| |
Symmetric encryption is also called ____ key cryptography.
|
private
| |
The simplest type of stream cipher is a ____ cipher. It simply substitutes one letter or character for another.
|
permutation
| |
A ____ substitution cipher maps a single plaintext character to multiple ciphertext characters.
|
homoaplhabetic
| |
A ____ cipher rearranges letters without changing them.
|
transposition
| |
A ____ cipher manipulates an entire block of plaintext at one time.
|
block
| |
____ was approved by the NIST in late 2000 as a replacement for DES.
|
aes
| |
____ is a block cipher that processes blocks of 64 bits.
|
rc2
| |
The ____ algorithm dates back to the early 1990s and is used in European nations.
|
idea
| |
____ encryption uses two keys instead of one. These keys are mathematically related and are known as the public key and the private key.
|
asymmetric
| |
The asymmetric algorithm ____ was published in 1977 and patented by MIT in 1983.
|
rsa
| |
The strength of the ____ algorithm is that it allows two users to share a secret key securely over a public network.
|
diffie-hellman
| |
A similar program known as ____ is a PGP open-source product.
|
gpg
| |
Microsoft's ____ is a cryptography system for Windows operating systems that use the Windows NTFS file system.
|
efs
| |
Cryptography can also be applied to entire disks. This is known as ____ encryption.
|
whole disk
| |
To protect data stored on a hard drive, Microsoft Windows Vista includes ____ drive encryption.
|
bitlocker
| |
____ is a hardware-enabled data encryption feature.
|
bitlocker
| |
____ is essentially a chip on the motherboard of the computer that provides cryptographic services.
|
tpm
| |
Some organizations set up a subordinate entity, called a ____, to handle some CA tasks such as processing certificate requests and authenticating users.
|
registration authority
| |
____ digital certificates are issued by a CA or RA directly to individuals.
|
personal
| |
____ digital certificates are often issued from a Web server to a client, although they can be distributed by any type of server, such as a mail server.
|
server
| |
When Bob sends one digital certificate to Alice along with his message, that is known as a ____ certificate.
|
single sided
| |
In one type of trust model, ____ trust, a relationship exists between two individuals because one person knows the other person.
|
direct
| |
A(n) ____ trust refers to a situation in which two individuals trust each other because each trusts a third party.
|
third party
| |
The ____ trust model assigns a single hierarchy with one master CA called the root.
|
hierarchical
| |
The ____ trust model has multiple CAs that sign digital certificates.
|
distributed
| |
The ____ trust model is the basis for digital certificates issued by Internet users.
|
distributed
| |
With the ____ trust model, there is one CA that acts as a “facilitator” to interconnect all other CAs.
|
bridge
| |
The ____ provides recommended baseline security requirements for the use and operation of CA, RA, and other PKI components.
|
certificate policy
| |
A ____ describes in detail how the CA uses and manages certificates.
|
certificat practice statement
| |
____ refers to a situation in which keys are managed by a third party, such as a trusted CA.
|
key escrow
| |
____ is used to connect to an FTP server, much in the same way that HTTP links to a Web server.
|
ftp
| |
____ is a protocol that guarantees privacy and data integrity between applications communicating over the Internet.
|
tls
| |
The TLS ____ Protocol allows authentication between the server and the client and the negotiation of an encryption algorithm and cryptographic keys before any actual data is transmitted.
|
handshake
| |
The TLS ____ Protocol is used to encapsulate higher-level protocols.
|
record
| |
____ is actually a suite of three utilities--slogin, scp, and ssh--that are secure versions of the unsecure UNIX counterpart utilities rlogin, rcp, and rsh.
|
ssh
| |
____ is the most widely deployed tunneling protocol.
|
pptp
| |
One variation of PPP that is used by broadband Internet providers with DSL or cable modem connections is ____.
|
PPPoE
| |
One of the most common e-mail transport protocols is ____.
|
s/mine
| |
A Class ____ fire includes common combustibles.
|
A
| |
____ systems spray the fire area with pressurized water.
|
water sprinkler
| |
____ systems disperse a fine, dry powder over the fire.
|
dry chemical
| |
____ fire suppression systems do not harm people, documents, or electrical equipment in the room.
|
clean agent
| |
In a(n) ____ server cluster, a standby server exists only to take over for another server in the event of its failure.
|
asymmetric
| |
In a(n) ____ server cluster, every server in the cluster performs useful work. If one server fails, the remaining servers continue to perform their normal work as well as that of the failed server.
|
symmetric
| |
A system of hard drives based on redundancy can be achieved through using a technology known as ____, which uses multiple hard disk drives for increased reliability and performance.
|
raid
| |
____ partitions the storage space of each hard drive into smaller sections, which can be as small as 512 bytes or as large as several megabytes.
|
striping
| |
Disk ____ involves connecting multiple drives in the server to the same disk controller card.
|
mirroring
| |
Instead of having a single disk controller card that is attached to all hard drives, disk ____ has separate cards for each disk.
|
duplexing
| |
RAID Level 5 distributes ____ data (a type of error checking) across all drives instead of using a separate drive to hold the parity error checking information.
|
parity
| |
A(n) ____ UPS is always running off its battery while the main power runs the battery charger.
|
online
| |
A ____ site is generally run by a commercial disaster recovery service that allows a business to continue computer and network operations to maintain business continuity
|
hot
| |
A ____ site provides office space but the customer must provide and install all the equipment needed to continue operations.
|
cold
| |
A ____ site has all of the equipment installed but does not have active Internet or telecommunications facilities, and does not have current backups of data.
|
warm
| |
Backup software can internally designate which files have already been backed up by setting a(n) ____ in the properties of the file.
|
archive bit
| |
The ____ is defined as the maximum length of time that an organization can tolerate between backups.
|
rpo
| |
The ____ is simply the length of time it will take to recover the data that has been backed up.
|
rto
| |
An alternative to using magnetic tape is to back up to magnetic disk, such as a large hard drive or RAID configuration. This is known as ____.
|
D2D
| |
A solution that combines the best of magnetic tape and magnetic disk is ____. This technology uses the magnetic disk as a temporary storage area.
|
d2d2t
| |
. ____ is the application of science to questions that are of interest to the legal profession.
|
forensics
| |
At its core, a(n) ____ policy is a document that outlines the protections that should be enacted to ensure that the organization's assets face minimal risks.
|
security
| |
A ____ is a collection of requirements specific to the system or procedure that must be met by everyone.
|
standard
| |
A ____ is a collection of suggestions that should be implemented.
|
guideline
| |
A ____ is a document that outlines specific requirements or rules that must be met.
|
policy
| |
____ determines the items that have a positive economic value and may include data, hardware, personnel, physical assets, and software.
|
asset identification
| |
____ takes a snapshot of the security of the organization as it now stands.
|
vulnerability apprasial
| |
____ involves determining the damage that would result from an attack and the likelihood that the vulnerability is a risk to the organization.
|
risk assesment
| |
A(n) ____ policy establishes guidelines for effectively reducing the threat of computer viruses on the organization's network and computers.
|
anti-virus
| |
A(n) ____ policy outlines the requirements and provides the authority for an information security team to conduct audits and risk assessments, investigate incidents, to ensure conformance to security policies, or to monitor user activity.
|
audit vulnerability scanning
| |
A(n) ____ policy defines requirements for storing and retrieving database usernames and passwords.
|
database credential coding
| |
A(n) ____ policy helps employees determine what information sent or received by e-mail should be retained and for how long.
|
email retention
| |
A(n) ____ policy establishes requirements for Remote Access IPSec or L2TP Virtual Private Network (VPN) connections to the organization's network.
|
vpn security
| |
Many organizations have a ____ policy that outlines how the organization uses personal information it collects.
|
personally identifiable information
| |
Most organizations have a ____ policy that addresses the disposal of resources that are considered confidential.
|
disposal and destruction
| |
A ____ policy is designed to produce a standardized framework for classifying information assets.
|
classification of information
| |
____ refers to a methodology for making changes and keeping track of those changes, often manually.
|
change managment
| |
____ are a person's fundamental beliefs and principles used to define what is good, right, and just.
|
values
| |
____ are values that are attributed to a system of beliefs that help the individual distinguish right from wrong.
|
morals
| |
____ can be defined as the study of what a group of people understand to be good and right behavior and how people make those judgments.
|
ethics
| |
____ relies on tricking and deceiving someone to provide secure information.
|
social engineering
| |
One of the most common forms of social engineering is ____, or sending an e-mail or displaying a Web announcement that falsely claims to be from a legitimate enterprise in an attempt to trick the user into surrendering private information.
|
phishing
| |
|
No comments:
Post a Comment