Security – Flashcard
50 test answers
Unlock all answers in this set
Unlock answers 50question
are common types of data classification standards
answer
private, confidential, internal use only, top secret, secret
Unlock the answer
question
what does a lapse in a security control or policy create
answer
gap
Unlock the answer
question
is a weakness in a system that makes it possible for a threat to cause it harm
answer
vulnerabilities and threats
Unlock the answer
question
terms refers to the likelihood of exposure to danger
answer
risk
Unlock the answer
question
which type of hacker intends to be helpful
answer
white hat
Unlock the answer
question
which domain is primarily affected by weak endpoint security on a vpn client
answer
remote access domain
Unlock the answer
question
identify two phases of the access control process
answer
authorization, authentification
Unlock the answer
question
you log onto a network and are asked to present a combination of elements, such as user name, password, token, smart card, or biometrics. this is an example of which of the following
answer
authentication
Unlock the answer
question
What are the types of authentication
answer
knowledge, ownership, characteristics
Unlock the answer
question
identify an example of an access control formal model
answer
discretionary access control (DAC), mandatory access control (MAC), non-discretionary access control
Unlock the answer
question
which acess control model is based on a mathematical theory published in 1989 to ensure fair competion
answer
brewer and nash integrity model
Unlock the answer
question
are primary categories of rules that most organizations must comply with
answer
regulatory and organizational compliance
Unlock the answer
question
are a part of an ordinary it security policy framework
answer
standards, procedures, policies, and guidelines
Unlock the answer
question
helps you determine the appropriate access to classified data
answer
data classification standards
Unlock the answer
question
refers to the management of baseline settings for a system device
answer
configuration controls
Unlock the answer
question
identify a primary step of the SDLC
answer
project initiation and planning, functional requirements definition, system-design specification, build document, acceptance testing, implementation
Unlock the answer
question
is a process to verify policy compliance
answer
security auditing
Unlock the answer
question
when monitoring a system for anomalies, the system is measured against
answer
baseline
Unlock the answer
question
is not a type of penetration test
answer
black-box testing
Unlock the answer
question
identify a darwback of log monitoring
answer
cost effective, takes a large amount of disk space
Unlock the answer
question
are types of monitoring devices
answer
intrusion detection systems (IDS), intrusion prevention systems (IPS) and firewalls
Unlock the answer
question
identify a primary component of risk management
answer
reduction, avoidance, mitigation
Unlock the answer
question
is not a part of a quantitive risk assessment?
answer
BCP
Unlock the answer
question
what are the primary components of business continuity management (BCM)
answer
BCP and DRP
Unlock the answer
question
determins the extent of the impact that a particular incident would have on business operations over time
answer
business impact alalysis (BIA)
Unlock the answer
question
what does risk management directly affect
answer
security controls
Unlock the answer
question
is a cipher that shifts each letter in the english alphabet a fixed number of positions with z wrapping back to a
answer
caesar cipher
Unlock the answer
question
identify a security objective that adds value to a business
answer
authorization
Unlock the answer
question
is a asymmetric encryption algorithm
answer
rivest shamir adelman (RSA)
Unlock the answer
question
identify a security principle that can be satisfied with an asymmetric digital signature and not by a symmetric signature
answer
nonrepudiation
Unlock the answer
question
is a mechanism for accomplishing confidentiality, integrity, authentication and nonrepudiation
answer
cryptography
Unlock the answer
question
in which osi layer do you find FTP, HTTP, andoter programs that end users interact with
answer
application layer
Unlock the answer
question
identify the configuration that is best for networks with varying security levels, such as general users, a group of users working on a secret research project, and a group of executives
answer
multilayered firewalls
Unlock the answer
question
would you not expect to find on a large network
answer
hub
Unlock the answer
question
is a weakness of WLANs
answer
SSID beaconing
Unlock the answer
question
identify an advantage of IPv6 vs 4
answer
larger address space
Unlock the answer
question
identify one of the first computer viruses to appear in the world
answer
lehigh virus
Unlock the answer
question
are primary types of computer attacks
answer
unstructured, structured, direct and indirect
Unlock the answer
question
how do worms propagate to other systems
answer
by using the network communication protocol
Unlock the answer
question
type of program is also commonly referred to as a trojan horse
answer
backdoor
Unlock the answer
question
which defense in depth layer involves the use of chokepoints
answer
network
Unlock the answer
question
how does a standard differ ffrom a compliance law
answer
a law can require a standard to be met
Unlock the answer
question
is not a principle of the PCI DSS
answer
maintain a change management program
Unlock the answer
question
identify the compliance law that requres adherence to the minimum necessary rule
answer
HIPPA
Unlock the answer
question
identify the compliance law whose primary goal is to protect investors from financial fraud
answer
SOX act
Unlock the answer
question
U.S organizations must comply with
answer
federal laws and laws of the states where they are loaced
Unlock the answer
