Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
24 Cards in this Set
- Front
- Back
|
Annualized Loss Expectancy(ALE):
|
The expected monetary loss that that can be expected for an asset due to a risk over a one-year period
|
|
|
Annualized Rate of Occurrence(ARO):
|
The probability that a risk will occur in a particular year.
|
|
|
architectural design:
|
The process of defining a collection of hardware and software components along with their interfaces in order to create the framework for software develpment
|
|
|
attack surface:
|
The code that can be executed by unauthorized users in a software program.
|
|
|
baseline reporting:
|
A comparison of the present state of a system compared to its baseline.
|
|
|
blackbox:
|
A test in which the tester has no prior knowledge of the network infrastructure that is being tested.
|
|
|
code review:
|
Presenting the code to multiple reviewers in order to reach agreement about its security.
|
|
|
design review:
|
an analysis of the design of a software program by key personnal from different levels of the project
|
|
|
Exposure Factor(EF):
|
The proportion of an assets value that is likely to be destroyed by a particular risk(expressed as a percentage)
|
|
|
fail-open:
|
A control that errs on the side of permissiveness in the event of failure.
|
|
|
fail-safe(fail-secure):
|
A control that errs on the side of security in the event of a failure.
|
|
|
gray box:
|
A test where some limited information has been provided to the tester.
|
|
|
hardening:
|
The process of eliminating as many security risk as possible and making the system more secure.
|
|
|
honeynet:
|
A network set up with intentional vulnerabilities
|
|
|
honeypot:
|
A computer typically located in an area with limited security and loaded with software and data files that appears to be authentic yet they are actually imitations of real data files, to trick attackers into revealing their attack techniques.
|
|
|
penetration testing:
|
A test by an outsider to actually exploit any weaknesses in systems that are vulnerable.
|
|
|
port scanner:
|
Software to search a system for any port vulnerabilities.
|
|
|
Protocol analyzer(sniffer):
|
Hardware or software that captures packets to decode and analyze the contents
|
|
|
Single Loss Expectancy(SLE):
|
The expected monetary loss everytime a rick occurs.
|
|
|
Vulnerability assessment:
|
A systematic and methodical evaluation of the exposure of assets to attackers, forces of nature, or any other entity, that is a potential harm.
|
|
|
Vulnerability scan:
|
An automated software search through a system for any known security weaknesses that then creates a report of those potential exposures.
|
|
|
Vulnerability scanner:
|
Generic term for a range of products that look for vulnerabilities in networks or systems.
|
|
|
white box:
|
A test where the tester has an in-depth knowledge of the network and systems being tested, including network diagrams, IP addresses, and even the source code of custom applications.
|
|
|
Xmas Tree port scan:
|
Sending a packet with every option set on for whatever protocol is in use to observe how a host responds.
|
