ITSY 1300 EXAM 2 – Flashcards with Answers
Unlock all answers in this set
Unlock answersquestion
What name is given to a method of developing software that is based on small project iterations, or sprints, instead of long project schedules?
answer
Agile development
question
What is meant by authorizing official (AO)?
answer
A senior manager who reviews a certification report and makes the decision to approve the system for implementation.
question
What term is used to describe a benchmark used to make sure that a system provides a minimum level of security across multiple applications and across different products?
answer
Baseline
question
What is meant by certification?
answer
The technical evaluation of a system to provide assurance that you have implemented the system correctly.
question
What or who is the individual or team responsible for performing the security test and evaluation for the system and for preparing the report for the AO on the risk of operating the system?
answer
Certifier
question
________ is the process of managing changes to computer/device configuration or application software.
answer
Change control
question
________ states that users must never leave sensitive information in plain view on an unattended desk or workstation.
answer
Clean desk/clear screen policy.
question
The process of managing the baseline settings of a system device is called _______.
answer
Configuration control
question
The name given to a group that is responsible for protecting sensitive data in the event of a natural disaster or equipment failure, among other potential emergencies, is _)_____.
answer
Emergency operations group
question
which of the following is the definition of guideline?
answer
A recommendation to purchase or how to use a product or system.
question
Which of the following is the definition of anomaly-based IDS?
answer
An intrusion detection system that compares current activity with stored profiles of normal (expected) activity.
question
Audits also often look at the current configuration of a system as a snapshot in time to verify that it complies with ______.
answer
Standards
question
As your organization evolves and as threats mature, it is important to make sure your _______ still meet(s) the risks you face today.
answer
Controls
question
One of the best ways to avoid wasting your organizations's resources is to ensure that you follow the ______ a review cycle.
answer
Security
question
It's essential to match your organization's required ______ with its security structure.
answer
Permission level
question
Security audits help ensure that your rules and ______ are up to date, documented, and subject to change control procedures.
answer
Configurations
question
______ gives you the opportunity to review your risk-management program and to confirm that the program has correctly identified and reduced ( or otherwise addressed) the risks to your organization.
answer
An audit
question
Audits are necessary because of _______.
answer
potential liability negligence mandatory regulatory compliance
question
_______ was developed for organizations such as insurance and medical claims processors, telecommunication service providers, managed services providers, and credit card transaction processing companies.
answer
SAS 70
question
The _______ framework defines the scope and contents of three levels of audit reports
answer
Service Organization Control (SOC)
question
How your organization responds to risk reflects the value it puts on its _______.
answer
Assets
question
A countermeasure, without a corresponding _______, is a solution seeking a problem; you can never justify the cost.
answer
Risk
question
It is necessary to create and/or maintain a plan that makes sure your company continues to operate in the face of disaster. This is known as a ________.
answer
Business continuity plan
question
_______ is the likelihood that a particular threat exposes a vulnerability that could damage your organization.
answer
Risk
question
A _______ is a flaw or weakness in a system's security procedures, design, implementation or internal controls.
answer
Vulnerability
question
_______ refers to the amount of harm a threat can cause by exploiting a vulnerability.
answer
Impact
question
An attacker or event that might exploit a vulnerability is a(n) _______.
answer
Threat source
question
A(n) _______ is an intent and method to exploit a vulnerability.
answer
Threat source
question
A threat source can be a situation or method that might accidentally trigger a(n) _______.
answer
Vulnerability
question
A(n) _______ is a measurable occurrence that has an impact on the business.
answer
Event
question
Cryptography accomplishes four security goals: confidentiality, integrity, authentication and _______.
answer
Nonrepudiation
question
Cryptography accomplishes four security goals: nonrepudiation, integrity, authentication and _______.
answer
Confidentiality
question
What term is used to describe a type of cryptography that uses a cipher with two separate keys, one for encryption and one for decryption, so that correspondents do not first have to exchange secret information to communicate securely?
answer
Asymmetric key cryptography
question
The number of possible keys to a cipher is a _______.
answer
Keyspace
question
Without any knowledge of the key, an attacker with access to an encrypted message and the decryption cipher could try every possible key to decode the message. This is referred to as ________.
answer
Brute-force attack
question
The most scrutinized cipher in history is the _______.
answer
Data Encryption Standard (DES)
question
_______ is a one-way calculation of information that yields a result usually much smaller than the original message.
answer
Checksum
question
A _______ is one of the simplest substitution ciphers. It shifts each letter in the English alphabet a fixed number of positions, with Z wrapping back to A.
answer
Caesar cipher
question
_______ enables you to prevent a party from denying a previous statement or action.
answer
Nonrepudiation
question
Certain security objectives add value to information systems. _______ provides an exact time when a producer creates or sends information.
answer
Timestamping
question
Which OSI Reference Model layer includes all programs on a computer that interact with the network?
answer
Application Layer
question
Which OSI Reference Model layer is responsible for the coding of data?
answer
Presentation Layer
question
Which OSI Reference Model layer is responsible for transmitting information on computers connected to the same local area network (LAN)?
answer
Data Link Layer
question
Which OSI Reference Model layer creates, maintains and disconnects communications that take place between processes over the network?
answer
Session Layer
question
Which OSI Reference Model layer uses Media Access Control (MAC) addresses? Device manufacturers assign each hardware device a unique MAC address.
answer
Data Link Layer
question
Which OSI Reference Model layer must translate the binary ones and zeros of computer language into the language of the transport medium?
answer
Physical Layer
question
Which of the following is the definition of hub?
answer
A network device that connects network segments, echoing all receive traffic to all other ports.
question
_______ is a suite of protocols designed to connect sites securely using IP networks.
answer
Internet Protocol Security (IPSec)
question
_______ allows the computer to get its configuration information from the network instead of the network administrator providing the configuration information to the computer. It provides a computer with an IP address, subnet mask and other essential communication information, simplifying the network administrator's job.
answer
Dynamic Host Configuration Protocol (DHCP)
question
Network _______ is gathering information about a network for use in a future attack.
answer
Reconnaissance
