Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
37 Cards in this Set
- Front
- Back
what are the three primary goals involved in information security
|
Prevention Detection and recovery
|
|
the likelihood that a particular threat using a specific attack will exploit a vulnerability resulting in an undesirable consequence is
|
risk
|
|
insecure passwords bugs in software unprotected wireless router are examples of
|
vulnerablilities
|
|
3 most fundamental goals of computer security are
|
availability integrity confidentiality
|
|
What a support agent wants to add another employee as a support agent but is blocked is an example of
|
RBAC role based access control
|
|
a retinal scanner is an example of
|
biometric authentication
|
|
inserting a card into ATM and typing a 4 digit pin implements what type of authentication
|
token based
password multi factor authentication |
|
what is a two way encryption scheme in which encryption and decryption are performed by the same key
|
symmetric encryption
|
|
what are symmetric algorhythms
|
3des skipjack
|
|
what type of threat is presented when a employee removes the ups on a critical server and cuts power to the system causing downtime
|
internal threat
|
|
what is windows sidebar
|
a designated area of the desktop where users can add gadgets of their choice to provide information and access frequently used tools or programs
|
|
keylogging is an example of which type of threat or attack
|
hardware attack
|
|
THe file transfer protocal is an example of which layer of the TCP IP model
|
application
|
|
a sudden drop in connection occurs and when you check the logs it appears the connection is still active what type of attack could be occuring
|
DOS OR DDOS
|
|
excessive failed log in attempts when you are at a customer site is most likely what type of attack
|
password attack
|
|
virus trojan horse spyware and worms are all what kind of attack
|
malicious code attack
|
|
how is VOIP vulnerabe
|
it sends voice as data so all data vulnerabilities apply
|
|
what is a protocol that is connection less and based on best effort delivery
|
UDP
|
|
the intial probe to identify live sysatems to attack is
|
port scanning
|
|
a unkown computer leasing an IP address from a DHCP server is what type of attacks
|
Sniffing or eavesdropping attack
|
|
zombies and drones are associated with what type of attack
|
DDOS
|
|
what security device can actively scan and montior network activity and then block suspicious activity
|
NIPS
|
|
what is the purpose of a web security gateway
|
intentiaonlly block internal internet access to a predefined list of websites
|
|
SaaS Paas and Iaas are services of which technology
|
cloud computing
|
|
What technology is used to conceal your internal networks IP addressing scheme from the public internet
|
NAT
|
|
Which protocal is used to automatically assign IP addressing information to IP network computers
|
DHCP
|
|
The ping comand is part of what protocol
|
ICMP
|
|
the use of operational rules or restrictions to govern the security of an organizations infrastructure is known as
|
rule based management
|
|
this wireless specification increased sppeds dramatically with data throughput up to 600 MBPS in the 2.4 or 5 GHz ranges
|
802.11n
|
|
what security methods you can use to ensure that your wireless network is secure from unauthorized access
|
Disable remote administration enable WPA 2 encrypted instead of WEP
|
|
This security protocal was introduced to address some of the shortcomings in WEP
|
WPA 2
|
|
determining which services to leave running on a server while prohibiting other services including automatic updates is
|
hardened the server
|
|
what is the term for a hardware firmware and software component of a system that is responsible for ensuring that the security policy is implemented and the system is secure
|
trusted computing base TCB
|
|
what are examples of anti malware software that are necessary for a secure software practice
|
antivirus software host based firewall antispam software
|
|
what is a recomended croos site attack prevention method
|
encrpyt data communications between cleints and servers use input validation on all fields strings variables and cookies
|
|
sending additional commands to an application through a unckecked input field is exploiting what
|
command injection
|
|
what type of back up will clear the archive bit
|
full or incremental backup
|