Study your flashcards anywhere!

Download the official Cram app for free >

  • Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off

How to study your flashcards.

Right/Left arrow keys: Navigate between flashcards.right arrow keyleft arrow key

Up/Down arrow keys: Flip the card between the front and back.down keyup key

H key: Show hint (3rd side).h key

A key: Read text to speech.a key


Play button


Play button




Click to flip

46 Cards in this Set

  • Front
  • Back
What is confidentiality?
The intentional or unintentional unauthorized disclosure of data
What is integrity?
Ensuring that data is not altered either by authorized or unauthorized means and that it is internally/externally consistent
What are the three steps in trade-off analysis?
1. Determine the Objective
2. Identify Alternatives
3. Compare alternatives
What are the four basic types of security controls?
What is an example of a deterrent control?
Fences, dogs, regulations or AUPs
What is an example of a preventative control?
Guards, fire suppression, passive firewalls/routers, authentication mechanisms
What is an example of a corrective control?
mantraps, IPS, account lockout, backups
What is the formula for Single Loss Expectancy?
Asset Value($) X Exposure Factor(EF) = SLE
What is the formula for Annualized Loss Expectancy?
SLE X Annualized Rate of Occurrence(ARO) = ALE
What is Annualized Loss Expectancy?
The annually expected financial loss to an organization from a specific threat
What is the best formula for cost-benefit?
(ALE before safeguard implementation)- (ALE after safeguard implementation) -(annual safeguard cost) = value of safeguard to the organization
What is a threat?
An event or activity that has the potential to cause harm to the information systems or networks
What is a vulnerability?
A weakness or lack of a safeguard that can be exploited by a threat, causing harm to the IS or network
What is a risk?
The potential for harm of loss to an IS or network. the probability that a threat will materialize.
What are three types of Access controls?
Administrative, logical/technical or physical
When speaking of access control what is an example of an administrative control?
background checks, work habit checks etc.
When speaking of access control what is an example of a logical or technical control?
encryption, smart cards, access control lists
When speaking of access control what is an example of a physical control?
guards and building security in general
Rule based access control can also be considered ___________ because rules determine the access and not the identity of the subject.
Mandatory access control
What does an access control triple consist of?
user, program and file with the corresponding access privileges noted for each user
In a Ping of Death attack what is the packet size that would cause an overflow of system variables and lead to a system crash/
>65 octets
What is a SYN attack?
A type of overflow attack that takes advantage of a systems small in-process queue by sending several connection requests (SYNs) without sending a response (ACK)
What is a teardrop attack?
A type of of access control attack that modifies the length and fragmentation offset fields in IP packets. The target system becomes confused and crashes after it receives contradictory instructions on how to fragment and offset packets
What is a smurf attack?
a type of access control attack where an attacker sends a packet with a spoofed IP to the broadcast node on a network. The broadcast node then replies to the spoofed IP and crashes the system
What are four common Trojans?
Trinoo, Back Orifice, NetBus, & SubSeven
What is one major disadvantage of Single Sign On?
Once a user gains access they are free to roam about the network without restrictions
List some examples of technologies that allow SSO
Kerberos, SESAME, KryptoKnight, NetSP
What protocol does SESAME use?
What is one weakness is SESAME?
It authenticates by using only the first block of a message and not the complete message.
What is one difference between KryptoKnight and Kerberos?
In KryptoKnight the KDC and the clients have a peer to peer relationship.
What are the three parts of a database model?
Data structures (called tables or relations), Integrity rule, Operators
What do the rows of a relational database represent?
records or tuples.
What does the Join operation in a relational database do?
selects the tuples that have equal numbers for some attributes
How is a View defined?
From the operations of Join, Project and Select
What is a good way to prevent inference from an SQL query?
Requiring a minimum size for a query set of >1
What are the three steps towards data normalization?
1. Eliminate any repeating groups by putting them in separate tables.
2. Eliminating redundant data
3. Eliminating attributes in a table that are dependent on the primary key of that table.
What are two main disadvantages of Object-Oriented Databases?
Steep learning curve and high hardware overhead.
What is a major disadvantage of a NIDS?
It will not detect an attack against a host made when an intruder is logged into that host.
What is a disadvantage of HIDS?
They are limited by the incompleteness of most host audit log capabilities
What type of IDS acquires data and defines a normal usage profile for the network or host?
Statistical anomaly
What is the application layer of the OSI model responsible for?
Identifying and establishing the availability of the intended communication partner and determining if enough resources exist to communicate
What is the main function of the Presentation layer?
A translator it performs tasks like data compression, decompression, encryption and decryption.
What are some of the functions of the Session Layer?
makes the initial contact with other computers and sets up the lines of communication
What is the main function of the Transport Layer
Defines how to address the physical locations or devices on the network.
What does the network layer do?
Defines how the small packets of data are routed and relayed between end systems.
What does the Data Link layer do?
Defines how machines must access the network think Ethernet or token Ring