Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
324 Cards in this Set
- Front
- Back
|
What does request for Comment (RFC) 2138 discuss?
Access control |
RADIUS
|
|
|
when setting up a new computer, what should you assign as the default level of access for all users?
Access control |
No Access
|
|
|
which access control method authenticates the user based on physical characteristics?
Access control |
Biometrics
|
|
|
What is the purpose of password complexity rules?
Access control |
to ensure that users do not use passwords that are easy to guess using dictionary attacks
|
|
|
using role-based access control (RBAC), which entities are assigned roles?
Access control |
users or subjects
|
|
|
what does a DSV biometric device check?
Access control |
A users signature
|
|
|
which function do preventative technical controls perform?
Access control |
They deter or prevent technical access control violations.
|
|
|
what is another name for security class in the lattice-based access control model?
Access control |
security label
|
|
|
What is the purpose of password age rules?
Application security Access control |
To ensure that users changer their passwords on a regular basis
|
|
|
Which function does the RADIUS provide?
Access control |
centralized authentication, authorization, and accounting
for remote dial-in users. |
|
|
which operating system implements LOMAC?
Access control |
Linux
s a Mandatory Access Control model which protects the integrity of system objects and subjects by means of an information flow policy coupled with the subject demotion via floating labels. |
|
|
why should you change all passwords if a linux systems root password has been compromised?
Access control |
The root account has access to the entire system, including the password file.
|
|
|
Which principle ensures that users are given the most restrictive users rights to complete their authorized job duties.
Access control |
The principle of least privilege
|
|
|
What does the lattice-based access control model protect against?
Access control |
illegal information flow among the entities.
lattice-based access control (LBAC) a lattice is used to define the levels of security that an object may have and that a subject may have access to. The subject is only allowed to access an object if the security level of the subject is greater than or equal to that of the object. |
|
|
what is required in a mandatory access control environment?
Access control |
labeling
|
|
|
what is the purpose of an account lockout policy?
Access control |
to ensure that an account can no longer be used after a certain number of unsuccessful longing attempts
|
|
|
what should you identify about a user before implementing the principle of least privilege?
Access control |
the users job
|
|
|
what does the star (*) integrity axiom in the BIBA model indicate?
Access control |
no write up
The BIBA model is designed so that subjects may not corrupt objects in a level ranked higher than the subject, or be corrupted by objects from a lower level than the subject. |
|
|
what are the three categories of access controls?
Access control |
physical, administrative, and technical
|
|
|
which function do the corrective technical controls perform?
Access control |
They restore the system to the state it was in before the technical access control violations.
|
|
|
Which authentication factor type is a smart card?
Access control |
a type 2 authentication factor or something you have.
|
|
|
what is the clearance in a mandatory access control environment?
Access control |
a privilege
|
|
|
what does the acronym SSO denote?
Access control |
Single Sing-On
|
|
|
what are the six types of access controls?
Access control |
preventive, detective , corrective, deterrent, recovery and compensative.
|
|
|
what does the Clark-Wilson model emphasize?
Access control |
data integrity
|
|
|
how is LOMAC implemented?
Access control |
as a loadable kernel module.
|
|
|
which access control model has the lowest cost?
Access control |
role-based access control (RBAC)
|
|
|
against which password attack does an account lockout policy protect?
Access control |
brute force attack.
|
|
|
Why is password disclosure in a single sign-on network such a security issue?
Access control |
it could possibly compromise the entire system because authentication grants access to ANY systems on the network to which the actual user may have permissions.
|
|
|
what is a composition password?
Access control |
the use of two unrelated words as a password. EX burger*sofa
|
|
|
what does the ball-LaPadula model emphasize?
Access control |
data confidentiality
|
|
|
what is false acceptance rater (FAR) as it relates to biometrics access control?
Access control |
A type II error in which invalid users are falsely granted access.
|
|
|
what does the acronym DSV denote?
Access control |
digital signature verification.
|
|
|
what does the acronym RFC denote?
Access control |
Request for comment
|
|
|
what is an access control matrix?
Access control Access control |
a table of users and resources indicating which actions individual users can take upon individual resources.
|
|
|
why is the /etc/shadow file the preferred method for strong Linux passwords?
Access control |
it encrypts the passwords, thereby providing maximum security.
|
|
|
what is flask?
Access control |
a flexible operating system security architecture.
|
|
|
which access control is implemented when a lattice-based model is used?
Access control |
non-discretionary access control
|
|
|
what does request for comment (RFC 2828 discuss?
Access control |
rule-based security policy
|
|
|
which password type is most secure?
Access control |
one-time password
|
|
|
which types of rules are used in the Clark-Wilson model?
Access control |
certification rues and enforcement rules.
|
|
|
using the clark-Wilson model, what must be used to access objects?
Access control |
programs or applications
|
|
|
what is a good password complexity policy?
Access control |
a mixture of numbers, uppercase and lowercase letters, and special characters.
|
|
|
what is the opposite of confidentiality?
Access control |
disclosure
|
|
|
what is the purpose of authentication?
Access control |
validating a users using a unique identity.
|
|
|
what is the purpose of the password history settings?
Access control |
to ensure that users do not keep reusing the same passwords.
|
|
|
who has the responsibility for configuring access rights in discretionary access control (DAC)?
Access control |
The data owner or data custodian.
|
|
|
what is another name for the star property in the bell-Lapadula model?
Access control |
confinement property
|
|
|
what is two-factor authentication?
Access control |
when a system requires tow of three factors, such as a smart card and a personal identification number (PIN), during the authentication process.
|
|
|
what is the purpose of accountability?
Access control |
to ensure that any important action can be traced back to a particular user.
|
|
|
what determines the level of access granted in a non-discretionary access control environment?
Access control |
the security policy
|
|
|
who can change a resource category in a mandatory access control environment?
Access control |
administrators only.
|
|
|
which functions does a Single Sign On (SSO ) system provide?
Access control |
allows a users to present authentication credentials once and gain access to all computers within the SSO system/
|
|
|
what is a file in mandatory access control environment?
Access control |
an object
|
|
|
which security mode uses access control triples?
Access control |
Clark-Wilson model
|
|
|
what is a container of information called in the lattice-based access control model?
Access control |
an object.
|
|
|
which function do deterrent technical controls perform?
Access control |
they discourage technical access controls violations.
|
|
|
what is meant by the term hardening?
Access control |
tightening control using security policies to increase systems security
|
|
|
what are the two most well know access control models?
Access control |
BIBA and Bell-LApadula
|
|
|
which function do detective technical controls perform?
Access control |
They detect and warn the appropriate administrator of technical access control intrusions.
|
|
|
which function does the zephyr chart perform for biometric devices?
Access control |
it is used to compare the strengths and weaknesses of the different biometric devices.
|
|
|
which biometric method uses eigenfunctions?
Access control |
facial identification
Access control |
|
|
which CISCO implementation is similar to Remote Authentication Dial In User Service (RADIUS) implementation?
Access control |
Terminal Access Controller Access-Control System (TACACS)
|
|
|
What is a capability table?
Access control |
a list of all the rights a subject has for every object.
|
|
|
what is meant by dwell time in keystroke dynamics?
Access control |
the amount of time you hold down a specific key.
|
|
|
what are the two possible password files in a Linux system?
Access control |
/etc/password and /etc/shadow.
|
|
|
what is the main emphasis of the lattice-based access control model?
Access control |
data confidentiality
|
|
|
what is the purpose of access control?
Access control |
to allow or deny access to objects.
|
|
|
Which technique is used to prevent the repetitive information from appearing in a data base?
Application security |
normalization
|
|
|
what is the primary function of data definition (DDL) in a structured query language (SQL) ?
Application security Application security Application security |
to define the schema of the database
|
|
|
which process should be employed to prevent disclosure of residual data on a storage device?
Application security |
object reuse
|
|
|
what are the two elements of assurance procedures?
Application security |
verification and validation.
|
|
|
of which access control mechanism are database views examples?
Application security |
content-dependent access control
|
|
|
which type of software testing examines the software internal logical structure?
Application security |
white-box testing
|
|
|
which programs translate programming language into instructions that can be executed by computers?
Application security |
compilers and interpreters.
|
|
|
what are the seven phases of the system development life cycle?
Application security |
project initiation, analysis and planning, system design specification, software development, installation and implementation, operation and maintenance, and disposal.
|
|
|
which control step in data warehousing ensures that the data is timely and valid?
Application security |
monitoring the data purging plan.
|
|
|
which variable is used to enhance the database performance by allowing a single statement to execute multiple variables?
Application security |
a bind variable
|
|
|
which type of software program maintains and provides controlled access to data components stored in rows and columns on a table?
Application security |
database management system. (DBMS)
|
|
|
what is the purpose of middle computer -aided software engineering (case) tool?
Application security |
to develop detailed designs
|
|
|
what are two examples of input validation errors?
Application security |
buffer overflow and boundary conditions errors.
|
|
|
which attack requres that the hacker compromises as many computer as possible to initiate the attack?
Application security |
a distributed denial of servers (DDOS) attack.
|
|
|
what are tuples?
Application security |
rows or records in a relational database.
|
|
|
what is used by a payroll application program to gesture integrity while recording translations for an accounting period?
Application Security |
time and date stamps
|
|
|
which database component is responsible for creating and deleting table relationships?
application security |
Data definition language (DDL)
|
|
|
which attack uses clients, handles, agents, and targets?
application security |
a distributed denial of service attack.
|
|
|
which communication mechanism allows direct communication between two applications using inter-process communication (IPC)?
application security |
dynamic data exchange (DDE)
|
|
|
what is a trusted front-end as it relates to a database?
application security |
a front-end client software that provides security to the database by incorporating security features.
|
|
|
when comparing complied code and interpreted code, in which code can malicious code be more difficult to detect?
application security |
in compiled code.
|
|
|
in which two modes does an expert system operate?
application security |
forward-changing and backward-chaining
|
|
|
what must a router examine to protect against a mail bomb or span attack?
application security |
the data portion of the packet.
|
|
|
which error occurs when the length of the input data is more than the length that a processor buffers scan handle?
application security |
buffer overflow.
|
|
|
which virus creates many variants by modifying its code to device antivirus
scanners? application security |
a polymorphic virus.
|
|
|
what is unit testing?
application security |
the debugging performed by the programmer while coding instructions.
|
|
|
which file could be used to violate user privacy by creating a map of where the user has been on the internet?
application security |
cookies.
|
|
|
which process in the system development life cycle (SDLC) can improve development time and save money by providing a proof of concept?
|
prototyping.
|
|
|
what is the primary purpose of trinoo and tribal flood network (TFN)?
application security |
to launch a distributed (DD0S) denial of service attack.
|
|
|
in which attack does the attacker send spoofed IP packets with the SYN flag set to the target machine on any established open port?
application security |
a land attack
|
|
|
which activity is considered an integral part of all the phases of the system development life cycle?
application secruity |
security
|
|
|
which type of attack enables an intruder to capture an modify data traffic by rerouting the traffic from a network device to the intruders computer?
application security |
network address hijacking
|
|
|
in which step of a change control process is the change reported to the management?
application secruity |
in the last step
|
|
|
what type of attack enables an intruder to capture and modify data traffic by rerouting the traffic from a network device to and intruders computer?
Application security |
Network address hijacking
|
|
|
in which step of a change control process is the change reported to the management?
Application security |
in the last step
|
|
|
which malicious software infects the system without relying upon other applications for its execution?
Application security |
a worm
|
|
|
which three SQL commands are used to implement access control on database objects?
Application security |
The Grand, Deny and Revoke commands.
|
|
|
what is a smurf attack?
Application security |
a type of denial-of-service (DOS) attack that uses spoofed broadcast ping messages to flood a target system.
|
|
|
which functionality does backward changing mode provide in an expert system?
Application security Application security |
it backtracks to determine if a given hypothesis is valid.
|
|
|
which viruses are written in a macro language and typically infect operating systems?
Application security |
macro viruses
|
|
|
what is a piece of software code embedded intentionally in the software to trap intruders?
|
a pseudo flaw. also called a trapdoor.
|
|
|
what is a Trojan horse?
Application security |
a malware that is disguised as a useful utility, but is embedded wit a malicious code to infect computer systems.
|
|
|
which computer-aided software engineering (case) tool spans the complete life cycle of a software product?
Application security |
integrated computer-aided software engineering (I-CASE)
|
|
|
which application must remain operation for the organization to survive?
Application security |
a critical application
|
|
|
what does verification provide during the software development life cycle (SDLC)?
Application security |
It determines if the software meet it design specifications.
|
|
|
which attack is an extension of the denial-of service (Dos) attack and uses multiple computers?
Application security |
a distributed denial-of-service (DDoS) attack.
|
|
|
which method is used to prevent users with a lower level of access from inferring information of a higher level from the databases?
Application security |
poly instantiation
|
|
|
in which phase of the software development cycle is a blueprint of the software product developed on the basis of customer requirements?
|
prototyping
|
|
|
what error condition arises because data is not check before import to ensure that it has an appropriate length?
Application security |
buffer overflows errors
|
|
|
what should you do to ensure the stability of the test environment?
Application security |
separate the test and development environments.
|
|
|
of what are the Delphi technique, expert judgment, and function points examples?
Application security |
cost-estimating techniques that are used during the project planning stage.
|
|
|
in which type of attack is a user connected to a different web server?
Application security |
hyperlink spoofing attack.
|
|
|
what is the process of removing flaws from software programs during its development process?
Application security |
debugging.
|
|
|
which database is designed to handle images , audio, documents, and video?
Application security |
an object-oriented database (OODB)
|
|
|
which model describes the principles, procedures, and practices that should be followed by an organization in a software development life cycle and defines five mature levels?
Application security |
capability maturity model (CMM)
|
|
|
what is a spoofing attack?
Application security |
an attack in which the source IP address in a IP data-gram is modified to imitate the IP address of a packet originating from an authorized source.
|
|
|
what dose validation provide during the software development life cycle (SDLC)?
Application security |
it determines if the software meets the needs for which it was crated.
|
|
|
who should perform unit testing?
Application security |
development staff
|
|
|
what is the ability to combat threats to design reliability and to provide continuous availability?
Application security |
fault tolerance
|
|
|
which functionality does forward chaining mode provide in an expert system?
Application security |
it acquires data and comes to a conclusion based on that data.
|
|
|
which control ensures that valid transitions are processed accurately and only once?
Application security |
an application control
|
|
|
what is a foreign key in a relational database?
Application security |
a value that exist in a table that matches the value of the primary key on anothter table.
|
|
|
which property of online transaction processing (OLTP) ensures that the entire transaction is canceled if one part of the transaction fails?
Application security |
atomicity
|
|
|
which text file contains information regarding the previous HTTP connections and is stored by the web server on the clients computer hard disk?
Application security |
cookies
|
|
|
what is data warehousing?
Application security |
a data warehouse is the process of combining multiple databases together to from a single, large database. (for the purpose of
|
|
|
which SQL command is used to retrieve data from a database table?
Application security |
the select command
|
|
|
what is a hostile applet?
Application security |
an active content module used to exploit system resources.
|
|
|
which component of dynamic data exchange (DDE) enables two application to share data?
Application security |
inter process communications (IPC)
|
|
|
which team is responsible fore restoring critical business functions at an alternate site in the event?
business continuity and DRP |
the recovery team
|
|
|
how is annualized loss expectancy (ALE) calculated?
business continuity and DRP |
ALE = single loss expectancy (SLE) x annualized rate of occurrence (ARO)
|
|
|
which event causes most unplanned downtime for organizations?
business continuity and DRP |
hardware failure
|
|
|
what is the advantage of hierarchical storage management (HSM)?
business continuity and DRP |
it provides a continuous, online data backup.
|
|
|
which backup method backs up every file on the server each time it is run?
business continuity and DRP |
a full backup.
|
|
|
which type of control is a business continuity plan?
Business continuity and DRP |
Corrective control
|
|
|
what is the purpose of a software escrow?
Business continuity and DRP |
to reduce the impact when a sofware vendor goes out of business
|
|
|
which type of server uses a failure resistant disk system (FRDS)?
Business continuity and DRP |
a file server
|
|
|
which business continuity planning factor includes vulnerability analysis?
Business continuity and DRP |
business impact assessment
|
|
|
whaich alternate computing facility is the least expensive to maintain before a disaster occurs?
Business continuity and DRP |
a cold site
|
|
|
why should a contingency plan be periodically reviewed?
Business continuity and DRP |
to ensure accuracy and completeness
|
|
|
what is provided by dual backbones?
Business continuity and DRP |
network redundancy
|
|
|
which alternate computing facility is the least expensive to maintain before a disaster occurs?
Business continuity and DRP |
a cold site
|
|
|
why should a contingency plan be periodically reviewed?
Business continuity and DRP |
to ensure accuracy and completeness
|
|
|
what is the primary goal of business continuity planning?
Business continuity and DRP |
maintain the organization.
|
|
|
what is the maximum tolerable downtime (MTD)?
Business continuity and DRP |
the maximum amount of time a business can tolerate a system to remain non-functional.
|
|
|
which disaster recovery test involves examining the plan in detail?
Business continuity and DRP |
a structured walk-through test
|
|
|
what usually causes failure of a contingency plan?
|
management failure
|
|
|
what is the first step in a contingency plan?
|
data backup
|
|
|
what is a warm site?
Business continuity and DRP |
an alternate computing facility with telecommunications equipment but no computers.
|
|
|
in which type of alternate backup facility are contracts and agreements unenforceable?
Business continuity and DRP |
reciprocal agreement
|
|
|
why is the location of an alternate site important?
Business continuity and DRP |
you do not want it to be affected by the same disaster as your primary facility.
|
|
|
which plan concentrates on maintaining business functions during and after a disruption?
Business continuity and DRP |
business continuity plan
|
|
|
what is a cold site?
Business continuity and DRP |
an alternate computing facility with no telecommunications equipment or computers.
|
|
|
what is an example of server clustering?
Business continuity and DRP |
a server farm
|
|
|
who is responsible for prioritizing system recover for the business continuity plan?
business continuity and DRP |
business unit managers
|
|
|
which backup method backup every file modified on the server since the last full backup, and rest the archive bit?
business continuity and DRP |
incremental backup.
|
|
|
which alternate computer facility takes the least amount of time to become operational.
business continuity and DRP |
a hot site
|
|
|
what does hot swappable mean?
business continuity and DRP |
a disk can be replaced while the computer is still operational.
|
|
|
why should you periodically test an alternate site?
business continuity and DRP |
to ensure continued compatibility and recoverabilty
|
|
|
where are quarter inch cartridge (qic) mostly used?
business continuity and DRP |
in home or small office implementations
|
|
|
regarding mean time for failure (MTBF) and mean time repair (MTTR) as they relate to system reliability, which measurements are desirable?
business continuity and DRP |
a high MTBF and a low MTTR.
|
|
|
upon which report does the business continuity plan depend most?
business continuity and DRP |
business impact analysis (BIA)
|
|
|
which plan should address residual risk?
business continuity and DRP |
a contingency plan
|
|
|
who should be responsible for directing immediate recovery procedures following a disaster?
business continuity and DRP |
disaster recovery manager
|
|
|
what is a hot site?
business continuity and DRP business continuity and DRP |
an alternate computing facility whit telecommunications equipment and computers.
|
|
|
Which key in a cryptographic key distribution systems is used to exchange session keys?
Crypto |
the master key
|
|
|
what must message authentication be combined with to protect against revers engineering, content modification, factoring attacks, and submission notification?
|
unique session values
|
|
|
what is the key size, in bits, used by the clipper chip?
Crypto |
80
|
|
|
which type of cipher embeds the real message within another message and has to be obtained using every x words?
|
concealment cipher
|
|
|
with what is the x.509 standard concerned?
Crypto |
digital certificates
|
|
|
what is the size, in bits, of a message digest version 5 (MD5) Hash?
Crypto |
128
|
|
|
on what does the pretty good privacy (PGP) mail standard rely?
Crypto |
a web of trust
|
|
|
what are the four modes of triple DES (3DES)?
Crypto |
DES-EEE3. DES-EDE3, DES-EEE2 and DES-EDE2
|
|
|
which algorithms are asymmetric key algorithms?
Crypto |
rivest, shamir, and adleman (RSA), elliptic curve cryptosystem (ECC), diffie-hellman, el gamal, digital signature algorithm (DSA), and knapsack.
|
|
|
to which type of attack is the diffie-hellman algorithm susceptible?
|
man-in-the-middle attack
|
|
|
Winch component of performs peer authentication and key exchange within the internet protocol security (IPSec) protocol?
Crypto |
the Internet Key exchange (IKE)
|
|
|
which security standard sets security standards for hardware and software cryptographic modules?
Crypto |
FIPS-140
|
|
|
which key should you use to ensure confidentiality of an e-mail message?
Crypto |
the receivers public key
|
|
|
what is stenography?
Crypto |
a cryptography method in which data is hidden in another media type.
|
|
|
which function with the internet protocol security (IPSEC) protocol is provided by the internet security association key management protocol.?
Crypto |
definition of the authentication and key exchange architecture
|
|
|
which attack is defended by increasing the length of the key?
Crypto |
exhaustive attack
|
|
|
which algorithms are symmetric key algorithms?
Crypto |
Data encryption standard (DES), Triple DES (3DES), blow-fish, IDEA, RC4. RC5, RC6. and advanced Encryption Standard
|
|
|
how does the secure multipurpose internet mail extension (S/MIME) standard extend the MIME standards?
Crypto |
it encrypts the e-mail and its attachments.
|
|
|
what is the purpose of a files MD5 hash value?
Crypto |
to verify the file integrity
|
|
|
what is the purpose of a files MD5 hash value?
Crypto |
to verify the file integrity
|
|
|
what is the hash value length, in bits , that is provided by the secure hash algorithm (SHA)?
|
160
|
|
|
what is the purpose of embedding a time-stamp within cipher text?
|
it will decrease the chance of the message being replayed.
|
|
|
of which type of cipher is a Caesar cipher an example?
|
substitution cipher
|
|
|
which encryption method is more scalable?
|
asymmetric encryption
|
|
|
which key establishment protocol was replaced by IKE?
|
OAKLEY
|
|
|
what are two basic security protocols used by internet protocol security (IPSec)?
|
authentication header (AH) and encapsulating security payload (ESP)
|
|
|
How many keys and digital certificates are required by secure electronic Transaction (SET)?
|
two pairs of asymmetric key and two digital certificates
|
|
|
what is the hash value length, in bits, that is provided by the Message Digest 2, (MD2), MD4, and MD5 algorithms?
|
128
|
|
|
which type of cipher is used by cipher block chaining (CBC)?
|
a block cipher
|
|
|
what is cross-certification in a public key infrastructure (PKI)?
|
the ability to validate credential even when entities are certified in different certification hierarchies
|
|
|
what does a digital signature provide?
Crypto |
non-repudiation in e-mail
|
|
|
which encryption method is faster?
|
symmetric encryption.
|
|
|
where is information on canceled certificates retained?
|
in the certificate revocation list (CRL)
|
|
|
what is the key length used by a on-time pad?
Crypto |
It is the same length as the message that is to be encrypted. the message length determines the key length.
|
|
|
what is the key size, in bits, of the data encryption standard (DES)?
Crypto |
56
|
|
|
what is the primary function of the secure electronic transaction (SET) protocol?
Crypto |
transmission of encrypted credit card information for purchases.
|
|
|
what does the acronym HIDS denote?
|
Hose-base intrusion detection
|
|
|
what does the acronym ACID denote when referring to and ACID test?
|
atomicity, consistency, isolation, and durability.
|
|
|
what does the acronym EAP denote?
|
Extensible authentication protocol
|
|
|
what does the acronym DSA denote?
|
Digital signature algorithm.
|
|
|
what does the acronym RPC denote?
|
remote procedure call
|
|
|
what does the acronym CSMA\CA denote?
|
carrier sense multiple access with collision avoidance
|
|
|
what does the acronym DDL denote?
|
data definition language
|
|
|
what does the acronym SHA denote?
|
secure hash algorithm.
|
|
|
what does the acronym UDP denote?
|
user data-gram protocol
|
|
|
what does the acronym ISAKMP denote?
|
Internet security association and key management protocol.
|
|
|
what does the acronym NIDS denote?
|
network-based intrusion detection system
|
|
|
what does the acronym CRL denote?
|
certificate revocation list
|
|
|
what does the acronym RFI denote?
|
Radio Frequency interference.
|
|
|
what does the acronym DAC denote?
|
discretionary access control
|
|
|
what does the acronym TCB denote?
|
trusted computing base
|
|
|
what does the acronym SLE denote?
|
single loss expectancy
|
|
|
what does the acronym EDI denote?
|
electronic date interchange
|
|
|
what does the acronym SLIP denote?
|
serial line internet protocol
|
|
|
what does the acronym ITSEC denote
|
Information Technology Security Evaluation Criteria
|
|
|
what does the acronym CRT denote?
|
cathode ray tube
|
|
|
what does the acronym FAR denote?
|
false acceptance rate?
|
|
|
what does the acronym CMM denote?
|
capability maturity model
|
|
|
what does the acronym LDAP denote?
|
Lightweight Directory Access Protocol
|
|
|
what does the acronym VPN denote?
|
Virtual private network
|
|
|
what does the acroym DSS denote?
|
digital signature standard.
|
|
|
what does the acronym CASE denote?
|
computer aided software engineering
|
|
|
what does the acronym POP denote?
|
Post office protocol
|
|
|
what does the acronym MAC denote?
|
mandatory access control
|
|
|
what does the acronym GUID denote?
|
Globally unique identifier
|
|
|
what does the acronym BCP denote?
|
business continuity plan
|
|
|
what does the acronym ESP denote?
|
encapsulating security payload
|
|
|
what does the acronym BIOS denote?
|
basic input output system.
|
|
|
what does the acronym set denote?
|
secure electronic transaction
|
|
|
what does the acronym DSL denote?
|
Digital subscriber Line
|
|
|
what does the acronym IPC denote?
|
Inter process communication
|
|
|
what does the acronym PBX denote?
|
Private Branch Exchange
|
|
|
what does the acronym L2F denote?
|
Layer 2 Tunneling protocol
|
|
|
what does the acronym MOM denote?
|
Motive, importunity, and Means
|
|
|
what does the acronym CHAP denote?
|
Challenge handshake authentication protocol
|
|
|
What does the acronym HIPPA denote?
|
Health Insurance Portability and accountable ACT
|
|
|
what dose the acronym SPA denote?
|
Software Protection Association
|
|
|
what dose the acronym SKIP denote?
|
Simple Key management protocol for IP
|
|
|
what does the acronym IDEA denote?
|
International Data Encryption Algorithm
|
|
|
what does the acronym PEM denote?
|
Privacy-Enhanced mail
|
|
|
what does the acronym MAU denote?
|
multi-station access unit
|
|
|
what does the acronym MTD denote?
|
maximum tolerable downtime
|
|
|
what does the acronym RBAC denote?
|
Role-based access control
|
|
|
what does the acronym DML denote?
|
data manipulation language
|
|
|
what does the acronym CER demote?
|
Crossover error rate
|
|
|
what does the acronym UUID denote?
|
universally unique identifier
|
|
|
what does the acronym BIA denote?
|
Business Impact Analysis
|
|
|
what does the acronym DMZ denote?
|
Demilitarized Zone
|
|
|
what does the acronym ARO denote?
|
Annualized rate of occurrence
|
|
|
what does the the acronym FRR denote?
|
False Rejection Rate
|
|
|
what does the acronym XML denote?
|
Extensible Markup Language
|
|
|
what does the acronym EMI denote?
|
Electromagnetic interference
|
|
|
what does the acronym MIME denote?
|
multipurpose internet mail extension
|
|
|
what does the acronym LOMAC denote.
|
Low water-mark mandatory access control.
|
|
|
what does the acronym I/O demote?
|
input / output
|
|
|
what does the acronym CSMA/CD denote?
|
carrier sense multiple access with collision detection
|
|
|
what does the acronym CSU/DSU denote?
|
channel service unit/Data Service Unit
|
|
|
what does the acronym OLTP denote?
|
online transaction processing
|
|
|
what does the acronym OOP denote?
|
object-oriented programming.
|
|
|
what does the acronym EA denote?
|
evaluation assurance level
|
|
|
what does the acronym XML denote?
|
Extensible Markup Language
|
|
|
what does the acronym EMI denote?
|
Electromagnetic interference
|
|
|
what does the acronym MIME denote?
|
multipurpose internet mail extension
|
|
|
what does the acronym LOMAC denote.
|
Low water-mark mandatory access control.
|
|
|
what does the acronym I/O demote?
|
input / output
|
|
|
what does the acronym CSMA/CD denote?
|
carrier sense multiple access with collision detection
|
|
|
what does the acronym CSU/DSU denote?
|
channel service unit/Data Service Unit
|
|
|
what does the acronym OLTP denote?
|
online transaction processing
|
|
|
what does the acronym OOP denote?
|
object-oriented programming.
|
|
|
what does the acronym EA denote?
|
evaluation assurance level
|
|
|
what does the acronym ole DB denote?
|
object Linking and embedding database
|
|
|
what does the acronym SMTP denote?
|
Simple Mail Transfer protocol
|
|
|
what does the acronym OOD denote?
|
Object oriented design
|
|
|
what does the acronym DCOM denote?
|
Distributed Component Object Model
|
|
|
what does the acronym EAC denote?
|
electronic access control
|
|
|
what does the acronym EF denote?
|
exposure factor
|
|
|
what does the acronym CA denote?
|
certificate authority
|
|
|
what does the acronym COM denote?
|
component object model
|
|
|
what does the acronym EC denote?
|
elliptic curve crypto-system
|
|
|
what does the acronym TCSEC denote?
|
trusted computer system evaluation criteria
|
|
|
what does the acronym RSA denote?
|
Rivest, shamir, adleman
|
|
|
what does the acronym BSA denote?
|
business software alliance
|
|
|
what does the acronym IAB denote?
|
Internet architecture board
|
|
|
what does the acronym TACACS denote?
|
Terminal Access Controller Access Control System
|
|
|
what does the acronym QC denote?
|
Quality control
|
|
|
What does the acronym IRTF denote?
|
Internet research Task Force
|
|
|
what does CBC denote?
|
cipher block chaining
|
|
|
what does the acronym ALE denote?
|
annualized loss expectancy
|
|
|
what does HSM denote?
|
Hierarchical storage management
|
|
|
what does KDC denote?
|
Key distribution center
|
|
|
what does the acronym sesame denote?
|
secure European system for applications in a mufti-vendor environment
|
|
|
what is a flaw, loophole, ore weakness in the system, software, or hardware.
Information security and Risk management. |
a vulnerability
|
|
|
who is primarily responsible for accepting ownership of organization security?
|
senior management
|
|
|
what are the three fundamental components of a regulatory security policy?
|
what is to be done , when it is to be done, and why it is to be done
|
|
|
why is the security process considered a continuous process?
|
it changes constantly
|
|
|
which three activities should be employed during the employee termination process?
|
disabling the employees user accounts, surrendering identification cards and company supplies used by the employee, and escorting employees of the premises
|
|
|
what are three types of security policies?
|
advisory regulatory, and informative.
|
|
|
what is the purpose of a preventative control?
|
to prevent security incidents before they occur
|
|
|
who is primarily responsible for accepting ownership of organization security?
|
to prevent security incidents before they occur
|
|
|
who is primarily responsible for accepting ownership of organization security?
|
senior management
|
|
|
what are the three fundamental l components of a regulatory security policy?
Information security and risk management |
what is to be done, when it is to be done, and why it is to be done.
|
|
|
why is the security process considered a continuous process?
Information security and risk management |
it changes constantly
|
|
|
which three activities should be employed during the employee termination process?
Information security and risk management |
disabling the employees users account, surrendering identification cards and company supplies used by the employee, and escorting employees off the premises
|
|
|
what are the three types of security policies?
Information security and risk management |
advisory, regulatory, and informative.
|
|
|
what is the purpose of a preventative control?
Information security and risk management |
to prevent security incidents before they occur
|
|
|
who is primarily responsible for accepting ownership of organization security?
Information security and risk management |
senior management
|
|
|
which term refers to the processes and procedures that are flowed to minimize the problems affecting the information systems?
Information security and risk management |
problem management
|
|
|
which security measure prevents fraud by reducing the chances of collusion?
Information security and risk management |
separation of duties
|
|
|
who is responsible for ensuring the computer security in an organization?
Information security and risk management |
all the employees of the organization
|
|
|
of which control is enforcing mandatory vacation an example of?
Information security and risk management |
an administrative control
|
|
|
what are five classification levels defined for the military category of data classification?
|
top secret, secret, confidential, sensitive but unclassified, and unclassified
|
|
|
what is the first step of development that is crucial to any information security policy?
|
management approval
|
