Study your flashcards anywhere!

Download the official Cram app for free >

  • Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off
Reading...
Front

How to study your flashcards.

Right/Left arrow keys: Navigate between flashcards.right arrow keyleft arrow key

Up/Down arrow keys: Flip the card between the front and back.down keyup key

H key: Show hint (3rd side).h key

A key: Read text to speech.a key

image

Play button

image

Play button

image

Progress

1/38

Click to flip

38 Cards in this Set

  • Front
  • Back
  • 3rd side (hint)
Question
Answer
Hint
Confidentiality"
Prevents uauthorized dsclosure of sensitive data
Lesson_1_Controlling_access_to_information_systems Card Number : 1
Integrity"
Guarantees that data and resources are accurate and reliable.
Lesson_1_Controlling_access_to_information_systems Card Number : 2
Availability"
Timely and reliable access to data and resources by authorized users
Lesson_1_Controlling_access_to_information_systems Card Number : 3
Separation of duties"
Dividing tasks between different people to complete business process or work function.
Lesson_1_Controlling_access_to_information_systems Card Number : 4
Mandatory Access Control (MAC)"
A model that bases access decisions on rules and security labels. Used in highly classified environments
Lesson_1_Controlling_access_to_information_systems Card Number : 5
Rule-based model"
An access control model in which rules determine an individual or group's ability to access data and systems.
Lesson_1_Controlling_access_to_information_systems Card Number : 6
Discretionary Access Control(DAC)"
A model that bases access decisions on who owns that data.
Lesson_1_Controlling_access_to_information_systems Card Number : 7
Access Control Matrix"
Displays access held by users to an object. Displayed in columns or rows.
Lesson_1_Controlling_access_to_information_systems Card Number : 8
Non-discretionary Access Control"
A model that bases access decisions on a user's position and job function. A/K/A - Role-Based Access Control (RBAC)
Lesson_1_Controlling_access_to_information_systems Card Number : 9
Role-Based Model"
An access control model in which job roles determine an individual or group's ability to access data.
Lesson_1_Controlling_access_to_information_systems Card Number : 10
What are the 4 password types?"
"One-Time(dynamic) - highest level of security
Lesson_1_Controlling_access_to_information_systems Card Number : 11
6 Types of Biometric Devices"
"Voice Recognition
Lesson_1_Controlling_access_to_information_systems Card Number : 12
Biometric Error Types"
"Type I - False Rejection Rate(FRR) when authorized individual is falsely rejected.
Lesson_1_Controlling_access_to_information_systems Card Number : 13
Crossover Error Rate(CER)"
To measure the accuracy of a biometric system's sensitivity. Where the FRR and FAR equal each other.
Lesson_1_Controlling_access_to_information_systems Card Number : 14
3 Single Sign-On Methods"
"Kerberos - protects confidentiality, uses KDC and TGS
Lesson_1_Controlling_access_to_information_systems Card Number : 15
Steps to Access Control Process"
Identification, Authentication, then Authorization
Lesson_1_Controlling_access_to_information_systems Card Number : 16
3 Different Domains"
"Centralized - single point of control, bottleneck
Lesson_1_Controlling_access_to_information_systems Card Number : 17
RADIUS"
Remote Authentication Dial-In User Service - used to authenticate and authorize dial-in users. Provides centralized access control administration
Lesson_1_Controlling_access_to_information_systems Card Number : 18
TACACS"
Terminal Access Controller Access Control System A/K/A EAP. Cisco proprietary authentication equivalent to RADIUS
Lesson_1_Controlling_access_to_information_systems Card Number : 19
Diameter"
Authentication protocol allowing for a variety of connection types, including wireless. equivalent to RADIUS and TACACS with more options
Lesson_1_Controlling_access_to_information_systems Card Number : 20
Brute Force Attack"
trial and error process, slow process
Lesson_1_Controlling_access_to_information_systems Card Number : 21
Dictionary Attack"
A variation of brute force attack that relies a standrad dictionary to match user's passwords
Lesson_1_Controlling_access_to_information_systems Card Number : 22
Denial of Service (DoS)"
Intention to cripple the victim's resources by overwhelming system resources and force a shutdown.
Lesson_1_Controlling_access_to_information_systems Card Number : 23
Smurfing"
A form of a DoS attack. Causes severe congestoin with ICMP ping responses.
Lesson_1_Controlling_access_to_information_systems Card Number : 24
Spoofing"
To masquerade as a trusted user, network resource, or file.
Lesson_1_Controlling_access_to_information_systems Card Number : 25
Intrusion Detection System (IDS)"
A method of montoring networks that attempts to detect an attack. Focuses on detection not prevention.
Lesson_1_Controlling_access_to_information_systems Card Number : 26
Host-based Intrusion Detection Systems (HIDS)"
Reside on a single computer and monitor audit logs to determine an intrusion.
Lesson_1_Controlling_access_to_information_systems Card Number : 27
Network-based Intrusion Detection Systems (NIDS)"
Monitor real-time activity of the network. Looks for patterns and detects DoS attacks
Lesson_1_Controlling_access_to_information_systems Card Number : 28
Signature-based Intrusion Dectection Systems"
Used to detect attacks based on the signature of a previously known attack method.
Lesson_1_Controlling_access_to_information_systems Card Number : 29
Anomaly-based Intrusion Detection Systems"
Used to detect variations from expected patterns of behavior on the network.
Lesson_1_Controlling_access_to_information_systems Card Number : 30
Passive or reactive Intrusion Detection Systems"
"Passive - monitors network activity.
Lesson_1_Controlling_access_to_information_systems Card Number : 31
What are the 5 steps to Penetration Testing"
"1. Discovery - gather information about the target system.
Lesson_1_Controlling_access_to_information_systems Card Number : 32
What are the 3 levels of knowledge that a Penetration Test may be?"
"1. Zero knowledge (Black box) - team has no knowledge of target system.
Lesson_1_Controlling_access_to_information_systems Card Number : 32
Question
Answer
Confidentiality"
"Prevents uauthorized dsclosure of sensitive data
Confidentiality"
Prevents uauthorized dsclosure of sensitive data card number:1
Confidentiality"
Prevents uauthorized dsclosure of sensitive data

card number:1
None