NT2580 – Flashcard
60 test answers
Unlock all answers in this set
Unlock answers 60question
Payment card industry data security standard
answer
standard that handles transactions involving payment cards, and requires to build and maintain security,implement strong access controls, and test + monitor networks.
Unlock the answer
question
Family educational rights and privacy act (FERPA)
answer
Protect the private information of students and their records.
Unlock the answer
question
confidentiality
answer
means guarding information from everyone except those with rights.Protecting private data is the process of ensuring data confidentiality.
Unlock the answer
question
Data classification standards
answer
To provide a consistent and detailed definition for how an organization should handle different types of data,software, and hardware.
Unlock the answer
question
U.S federal data classification
answer
Top secret, secret, and confidential.
Unlock the answer
question
Security gap
answer
The difference between the security controls you have in place and all the controls you need to address all the vulnerabilities is called a security gap.
Unlock the answer
question
Gap analysis
answer
identify the applicable elements of the security policy,assembling policy,standard,procedure, and guideline documents.
Unlock the answer
question
Black-hat attacker
answer
Tries to break IT security for the challenge and to prove technical prowess.
Unlock the answer
question
White-hat hacker
answer
is an information security or network professional who uses various penetration tools to uncover vulnerabilities so that can be fixed.
Unlock the answer
question
Gray-hat attacker
answer
Is a hacker with average abilities who may one day become a black-hat or white-hat attacker.
Unlock the answer
question
Access control
answer
Are methods used to restrict and allow access to certain computers,etc...
Unlock the answer
question
The four parts of access controls
answer
Authorization,identification,authentication, and accountability.
Unlock the answer
question
Authorization
answer
who is approved for access and what,exactly can they use.
Unlock the answer
question
Identification
answer
Who is the user,workstation, and services identified.
Unlock the answer
question
Authentication
answer
How to verify identities,something you know,have, and something unique.
Unlock the answer
question
Accountability
answer
Process of associating actions with users for latter reporting and research.
Unlock the answer
question
Physical access control
answer
Access to buildings,parking lots, and protected areas.
Unlock the answer
question
Logical access controls
answer
Access to a computer system or a network. Username,password,token,smart card, etc...
Unlock the answer
question
Discretionary Access controls (DAC) (Unix/Linux)
answer
the owner of the resource decides who gets in, and changes permission as needed. The owner can give that owner can give that job to others.
Unlock the answer
question
Mandatory Access controls (MAC) (SELinux)
answer
Permissions to enter a system is kept by the owner. It cannot be given to someone else.(makes MAC tronger than DAC)
Unlock the answer
question
Non-discretionary access control
answer
closely monitored by the security administrator , not the system admin.
Unlock the answer
question
Ruled-based access control
answer
A list of rules, maintained by the data owner, determines which users have access to objects.
Unlock the answer
question
Bell-La Padula model (access control model)
answer
Focuses on the confidentiality of the data and the control of access to classified information.
Unlock the answer
question
Bilba integrity model
answer
fixes a weakness in the Bell-la padula model, which addresses only the confidentiality of the data.
Unlock the answer
question
Clark & Wilson integrity model
answer
Focuses on what happens when users allowed into a system try to do things they are not allowed to do.
Unlock the answer
question
Brewer & Nash integrity model
answer
Based on mathematical theory published in 1989 to ensure competition. It is used to apply dynamically changing access permissions.
Unlock the answer
question
Security program addresses these directives
answer
Standards, procedures,baselines, and guidelines.
Unlock the answer
question
Limiting access
answer
the idea that users should be granted only the levels of permissions they need in order to perform their duties.
Unlock the answer
question
configuration control
answer
Is the management of baseline settings for a system device.
Unlock the answer
question
Change control
answer
is the management of changes to configuration. it ensures that any changes to a production system are tested,documented, and approved.
Unlock the answer
question
SLC (system life cycle) and SDLC (system development life cycle
answer
describe the entire change and maintenance process for applications and system hardware.
Unlock the answer
question
tools and techniques for security monitoring
answer
baselines,alarms,closed circuitTV,andsystems that spot irregular behavior.
Unlock the answer
question
Black-box testing
answer
Uses test methods that aren't based directly on knowledge of a programs design.
Unlock the answer
question
White-box testing
answer
is based on the knowledge of the applications design and source code.
Unlock the answer
question
gray-box testing
answer
lies somewhere between black and white box testing.
Unlock the answer
question
Risk mitigation
answer
uses various controls to mitigate or reduce risk. (anti-virus software)
Unlock the answer
question
Risk assignment
answer
allows the organization to transfer risk to another entity. (insurance)
Unlock the answer
question
Risk acceptance
answer
the organization has decided to accept the risk. ( the cost of reducing it is higher than the loss)
Unlock the answer
question
Asset value (AV)
answer
Value of the asset
Unlock the answer
question
Exposure factor (EF)
answer
percentage of asset value that will be lost
Unlock the answer
question
annualized rate of occurance (ARO)
answer
How many times the is is expected to occur
Unlock the answer
question
annualized loss expectancy (ALE)
answer
This is calculated by ,multiplying SLE by the ARO.
Unlock the answer
question
Business continuity plan BCP
answer
Helps keep critical business processes running in a disaster.
Unlock the answer
question
Disaster recovery plan
answer
helps recover the infrastructure necessary for normal business operations.
Unlock the answer
question
Risk avoidance
answer
deciding not to take the risk
Unlock the answer
question
Business impact analysis (BIA)
answer
determines the extent of the impact that a particular incident would have on business operations over time.
Unlock the answer
question
Cryptography
answer
encoding data so that it can only be decoded by specific individuals.
Unlock the answer
question
Cipher algorithm
answer
Shifts each letter in the english alphabet
Unlock the answer
question
Symmetric key cipher
answer
the key is send out of band letters
Unlock the answer
question
Asymmetric key cipher
answer
use private and public keys.
Unlock the answer
question
border firewall
answer
they separate the protected network from the internet
Unlock the answer
question
screened subnets or DMZ firewall
answer
the dmz is a semiprivate network used to hosts services that the public can access.
Unlock the answer
question
worms
answer
they propagate through the network service
Unlock the answer
question
Trojan horses
answer
know as the backdoor
Unlock the answer
question
logic bombs
answer
executes a malicious function of some kind when it detects certwin conditions.
Unlock the answer
question
choke points
answer
firewalls,routers,IDSs,IPSs
Unlock the answer
