Study your flashcards anywhere!

Download the official Cram app for free >

  • Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off
Reading...
Front

How to study your flashcards.

Right/Left arrow keys: Navigate between flashcards.right arrow keyleft arrow key

Up/Down arrow keys: Flip the card between the front and back.down keyup key

H key: Show hint (3rd side).h key

A key: Read text to speech.a key

image

Play button

image

Play button

image

Progress

1/18

Click to flip

18 Cards in this Set

  • Front
  • Back
  • 3rd side (hint)
What are the two options of performing a risk assessment?
Qualitative and Quantitative
Page 58
Name 3 of the 6 risk assessment methodologies described.
1) NIST SP-800-30 and 800-66
2) OCTAVE
3) FRAP
4) CRAMM
5) Spanning Tree Analysis
6) Failure Modes and Effect Analysis
Pages 62-64
What is the difference between risk mitigation and risk transfer?
Risk transfer is the practice of passing the risk to some other entity (eg. Using car insurance )

Risk mitigation is the practice of eliminating or effectively eliminating via a drastic decrease in risk that is presented. ( Drivers education, firewalls)
Pages 64-65
Who coined the phrase "computer ethics"?

A) Joseph Weizenbaum
B) Donn B. Parker
C) Norbert Weiner
D) Walter Maner
Walter Maner coined the phrase.
Page 72
Name 3 of the 6 common computer ethics fallacies
1) The Computer Game Fallacy
2) The Law-Abiding Citizen Fallacy
3) The Shatterproof Fallacy
4) The Candy-from-a-Baby Fallacy
5) The Hacker's Fallacy
6) The Free Information Fallacy
Page 76-77
Access Controls provide to management the following capabilities except:

A) Specify what operations they can perform
B) Specify confidentiality to the user
C) Specify which users can access the system
D) Provide individual accountability
E) Specify what resources they can access
C) Specify confidentiality to the user is the correct answer
Page 95
_______ is the backbone of information security.
Access Control
Page 93
Access control policy is usually based on two standards of practice, what are they?
1) Separation of Duties
2) Least Privilege
Page 98
Name the 3 levels of data classification
1) Public
2) Internal use only
3) Confidential (also known as top secret, privileged, senstitive or highly confidential)
Page 106
Name the 6 categories of access control
1) Preventative
2) Deterrent
3) Detective
4) Corrective
5) Recovery
6) Compensating
Pages 108-112
Name the 3 types of access control
1) Administrative
2) Physical
3) Technical
Pages 112-130
A perimeter fence around a building acts as type ___________ and as a category _________ for access control.
Physical, Preventative
Page 113
Name as many threats to access controls as possible
1) DoS
2) Buffer Overflow
3) Mobile Code
4) Malicious Code
5) Password crackers
6) Spoofiing
7) Sniffers
8) Eavesdropping
9) Emanations
10) Shoulder surfing
11) Tapping
12) Object reuse
13) Data remnants
14) Unauthorized data mining
15) Dumpster diving
16) Backdoor/trapdoor
17) Theft
18) Intruders
19) Social engineering
Page 130
In 2003 Philippe Oeshslin developed a faster time-memory password cracking called _______ attack.
Rainbow table
Page 136
Name and describe the 3 types of authentications
1) Authentication by knowledge - what a person knows
2) Authentication by ownership - what a person has
3) Authentication by characteristic - What a person is or does
Page 149
Name some typical forms of identifications?
1) Username
2) user ID
3) account number
4) PIN
5) Tokens
6) Smart Cards
7) Biometric devices
8) Badges/Cards
Page 148
Name some typical forms of authentication?
1) Passwords
2) Passphrases
3) Smart Cards
4) Biometrics
Page 150
Cryptography is an example of what type of access control?

A) Administrative
B) Physical
C) Technical
Answer: C
Page 129