• Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off
Reading...
Front

How to study your flashcards.

Right/Left arrow keys: Navigate between flashcards.right arrow keyleft arrow key

Up/Down arrow keys: Flip the card between the front and back.down keyup key

H key: Show hint (3rd side).h key

A key: Read text to speech.a key

image

Play button

image

Play button

image

Progress

1/70

Click to flip

70 Cards in this Set

  • Front
  • Back
What is a Initial Program Load?
Booting a system
What is used in problem reporting?
Trouble tickets
What is defense in depth?
It is a layering tactic, conceived by the NSA, that addresses security vulnerabilites in personnel, technology, and operations.
What is system hardening?
Secure configuration based on approved baselines
What are the three active defense implementations?
Defense in Depth, System Hardening, and Intrusion Detection/Prevention Systems (IDS/IPS)
What is job sensitivity?
It requires more robust safeguards for staff in security sensitive positions
What is job rotation?
It reduces the risk of collusion between individuals..
What is dual control?
Ensuring that more than one individual has to be involved in completing a task
What is a Service Level Agreement?
Stipulates all expectastions regarding the behavior of the department or organization that is responsible for providing services and the quality of these services. (ITIL)
What is source code escrow?
An agreement between the software developer and client that arranges that if the software company goes out of business, that the client can receive the code for future development.
What is a Non-Disclosure Agreement?
confidentiality Agreement
What is a log review?
Should be conducted very frequently on major servers and firewalls
What is a clipping level?
Ensures that only necessary log event records are captured for monitoring.
What is change control?
Operations staff should be involved with dicisions pertaining to changes of the environment to control any modifications
How should changes be managed?
It should be documented, approved, and tested before being implemented.
What is a configuration item?
component whose state is to be recorded against which changes are to be progressed.
What is a version?
Recorded state of the configuration item
What is a configuration?
A collection of component configuration items that comprise a configuration item in some stage of evolution.
What is a building?
Process of assembling a version of a configuration item from versions of its component configuration items
What is a build list?
Set of the versions of the component configuration items that is used to build a version of a configuration item
What is a software library?
Controlled area that is accessible only to approved users who are restricted to the use of approved procedures.
What are the configuration management procedures?
1. Configuration Identification 2. Configuration Control 3. Configuration Status Accounting 4. Configuration Audit
What is configuration identification?
Identify and document the finctional and physical characterisitics of each configuration item.
What is a configuration control?
Control changes to the configuration items and issue versions of configuration items from the software library
what is a configuration status accounting?
Record the processing and approval of changes.
What is a production library?
Holds software used in production environments. (Executables)
What is a development (programmer) libraries?
Holds work in progress
What is a source code library?
Holds source code and should be escrowed
What is a media library?
Hardware centrally controlled
What does a librarian control?
Controls access and logs who takes materials in or out. They also make sure everything is properly labled and sanitized when necessary
What are hot spares?
SLA, Mean time Between Failure (MTBF), and Mean Time to Repair (MTTR)
What is a mean time between failure (MTBF)?
Expected lifetime of component, calculate risk of utility failyre, and used as a metric to compare device.
What is a mean time to repair (MTTR)?
Amount of time to get device back into production
What is RAID?
Redundant Array of Independent Disks. Provide fault tolerance.
What is Striping?
Improves performance by writing across multiple drives, so more than one disk is reading and writing simultaneously.
What is mirroring?
100% duplication of the data on two drives
What is parity?
A mathematical equation that allows data to be checked for integrity.
What is hamming code?
An algorithm that can be used to determine if an error exists in a data stream and sometimes correct that error.
What is RAID level 0?
Striping. Data striped over several drives. No redundancy or parity.
What is RAID level 1?
Mirroring. Data is written to two drives at one time. Highest reliability but highes cose. Widely used.
What is RAID level 2?
Hamming Code Parity. Data striped over all drives at bit level. Parity data created with hamming code (single bit striping unit). Rarely used.
What is RAID level 3?
Byte-level Parity. Data striping over all drives and data parity held on one drive. Used to achieve highest data transfer. Widely used.
What is RAID level 4?
Block-level parity. Same as level 3, except data is striped at the block label.
What is RAID level 5?
Interleave parity. Data is written in disk sector units to all drives. Parity is written to all drives. Most widely used.
What is RAID level 6?
Second (Double) Parity. Similar to level 5, but with added fault tolerance. Second set of parity data written to all drives.
What is RAID level 7?
Single Virtual Disk. Variation of RAID 5. Functions as a single virtual disk in the hardware or software. Provides parity protection.
What is RAID level 10, 1 +0?
Multiple RAID 1 mirrors are created, and a RAID 0 stripe is created over these.
What is RAID level 0/1, 0+1?
Two RAID 0 stripes are created, and a RAID 1 mirror is created over them.
What does RAID not protect you from?
Multiple disk failures
What is an incremental backup?
Backs up files that have been modified since last backup
What is a differential backup?
Backs up files that have been modified since the last full backup
What is data mirroring?
Writing data to multiple hard drives
What is Electronic Vaulting?
Batch backup of systems over a network.
what is Electronic Journaling?
Real-time transaction backup over a networking (network mirroring)
What is Database Shadowing?
Live backup of primary database. Updates database records in multiple locations or copying an entire database on to a remote location. Not accessed by clients.
What is the deploy file integrity checkers?
Computes and stores a checksum and should be recomputed regularly.
What is a fax machine security issue?
Can be used to transfer sensitive data. Papers sit in the bin for all to see.
What is a fax server?
It can route faxes to email boxes instead of printing. Can you PKI for secure transfer of material
What kind of incidents can happen on a fax machine?
Compromise of integrity, denial of service, misuse, theft, fraud, damage, and intrusions
What are the steps in the incident response management model?
1. Preparation 2. Detection 3. Analysis 4. Tracking 5. Repair and Recovery 6. Prevention
What is done in the preparation step of the incident response management model?
Notification and identification
What is done in the detection step of the incident response management model?
Containment
What is done in the analysis step of the incident response management model?
Who, what, when, where
What is done in the repair and recovery step of the incident response management model?
Mitigate damage, remove source of damage
What is done in the prevention step of the incident response management model?
Metrics, trend analysis, lessons learned, process imporvement
What is downstream liability?
When someone upstream of you is using a zombie and you become an unwilling accomplice.
Why would a company choose not to report computer crime?
Reputation and cost of litigation
Who is responsible for investigating computer crimes?
FBI and Secret Service
what are two ways to reduce fraud?
Mandatory Vacations and Job rotation
What backup do you use before you make a major upgrade?
Differential