Security – Flashcard

Unlock all answers in this set

Unlock answers
question
is an action that could damage an asset
answer
threat
question
which law requires all types of financial institutions to protect customers private financial information
answer
gramm-leach billey act (glba)
question
an AUP is part of a layered approach to security, and it supports confidentiality. what else supports confidentiality?
answer
cryptography and encryption
question
is a detailed written definition of how software and hardware are to be used?
answer
standard
question
are common types of data classification standards
answer
private, confidential, internal use only, top secret, secret
question
what does a lapse in a security control or policy create
answer
gap
question
is a weakness in a system that makes it possible for a threat to cause it harm
answer
vulnerabilities and threats
question
terms refers to the likelihood of exposure to danger
answer
risk
question
which type of hacker intends to be helpful
answer
white hat
question
which domain is primarily affected by weak endpoint security on a vpn client
answer
remote access domain
question
identify two phases of the access control process
answer
authorization, authentification
question
you log onto a network and are asked to present a combination of elements, such as user name, password, token, smart card, or biometrics. this is an example of which of the following
answer
authentication
question
What are the types of authentication
answer
knowledge, ownership, characteristics
question
identify an example of an access control formal model
answer
discretionary access control (DAC), mandatory access control (MAC), non-discretionary access control
question
which acess control model is based on a mathematical theory published in 1989 to ensure fair competion
answer
brewer and nash integrity model
question
are primary categories of rules that most organizations must comply with
answer
regulatory and organizational compliance
question
are a part of an ordinary it security policy framework
answer
standards, procedures, policies, and guidelines
question
helps you determine the appropriate access to classified data
answer
data classification standards
question
refers to the management of baseline settings for a system device
answer
configuration controls
question
identify a primary step of the SDLC
answer
project initiation and planning, functional requirements definition, system-design specification, build document, acceptance testing, implementation
question
is a process to verify policy compliance
answer
security auditing
question
when monitoring a system for anomalies, the system is measured against
answer
baseline
question
is not a type of penetration test
answer
black-box testing
question
identify a darwback of log monitoring
answer
cost effective, takes a large amount of disk space
question
are types of monitoring devices
answer
intrusion detection systems (IDS), intrusion prevention systems (IPS) and firewalls
question
identify a primary component of risk management
answer
reduction, avoidance, mitigation
question
is not a part of a quantitive risk assessment?
answer
BCP
question
what are the primary components of business continuity management (BCM)
answer
BCP and DRP
question
determins the extent of the impact that a particular incident would have on business operations over time
answer
business impact alalysis (BIA)
question
what does risk management directly affect
answer
security controls
question
is a cipher that shifts each letter in the english alphabet a fixed number of positions with z wrapping back to a
answer
caesar cipher
question
identify a security objective that adds value to a business
answer
authorization
question
is a asymmetric encryption algorithm
answer
rivest shamir adelman (RSA)
question
identify a security principle that can be satisfied with an asymmetric digital signature and not by a symmetric signature
answer
nonrepudiation
question
is a mechanism for accomplishing confidentiality, integrity, authentication and nonrepudiation
answer
cryptography
question
in which osi layer do you find FTP, HTTP, andoter programs that end users interact with
answer
application layer
question
identify the configuration that is best for networks with varying security levels, such as general users, a group of users working on a secret research project, and a group of executives
answer
multilayered firewalls
question
would you not expect to find on a large network
answer
hub
question
is a weakness of WLANs
answer
SSID beaconing
question
identify an advantage of IPv6 vs 4
answer
larger address space
question
identify one of the first computer viruses to appear in the world
answer
lehigh virus
question
are primary types of computer attacks
answer
unstructured, structured, direct and indirect
question
how do worms propagate to other systems
answer
by using the network communication protocol
question
type of program is also commonly referred to as a trojan horse
answer
backdoor
question
which defense in depth layer involves the use of chokepoints
answer
network
question
how does a standard differ ffrom a compliance law
answer
a law can require a standard to be met
question
is not a principle of the PCI DSS
answer
maintain a change management program
question
identify the compliance law that requres adherence to the minimum necessary rule
answer
HIPPA
question
identify the compliance law whose primary goal is to protect investors from financial fraud
answer
SOX act
question
U.S organizations must comply with
answer
federal laws and laws of the states where they are loaced
Get an explanation on any task
Get unstuck with the help of our AI assistant in seconds
New