Study your flashcards anywhere!

Download the official Cram app for free >

  • Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off
Reading...
Front

How to study your flashcards.

Right/Left arrow keys: Navigate between flashcards.right arrow keyleft arrow key

Up/Down arrow keys: Flip the card between the front and back.down keyup key

H key: Show hint (3rd side).h key

A key: Read text to speech.a key

image

Play button

image

Play button

image

Progress

1/32

Click to flip

32 Cards in this Set

  • Front
  • Back
What are the seven phases of the system development life cycle?
determine requirements; systems analysis; system design; programming; testing; production & maintenence; and disposal & reuse
What is certification & accreditation (C&A)?
a standard set of steps used to prove that a system meets the design goals
Who usually performs certification of a system?
a 3rd party, either a certifier or a Certification Authority (CA)
Who usually performs accreditation?
management or a Designated Approving Authority (DAA)
What is the Department of Defense Information Technology Security Certification and Accreditation Process (DITSCAP)?
the certification & accreditation process used by the DoD where security is a priority
What is the National Information Assurance Certification and Accreditation Process (NIACAP)?
the certification & accreditation process for non-Defense government organizations
What are the two types of security-related policies?
employee policies and security policies
What is the security mode of operation?
the outline of processes by which information is access & processed
What are the four security modes of operation?
dedicated mode; system high mode; compartmented/partitioned mode; and multilevel mode
What is the dedicated security mode of operation?
a system intended solely for one type or classification of information
What do users need to access a dedicated-mode system?
clearance for all classified information, an NDA, and need-to-know
What do users need to access a system high-mode system?
clearance for all classified information and an NDA
What do users need to access a compartmented system?
clearance for the most classified information, an NDA, and need-to-know
What do users need to access a partitioned-mode system?
clearance for the most classified information
What do users need to access a multilevel-mode system?
clearance for data they have access to and need-to-know
What is a roadmap?
a blueprint designed to meet the specific security needs of a company
What are the three types of NAT?
static, dynamic, and overloading
What is static NAT?
a NAT where each host always receives the same external IP address unique to them
What is dynamic NAT?
a NAT where a host receives an IP address from a pool of available addresses
What is an overloading NAT?
a NAT which assigns the same external IP address to multiple internal hosts at the same time
What five types of filtering can be performed by firewalls?
packet filtering; stateful inspection; application gateway; circuit-level gateway; and proxy server
What two disadvantages do packet-filtering firewalls have?
they are vulnerable to spoofing and difficult to configure
What disadvantage does an application gateway have?
it is extremely processor-intensive
What does a circuit-level gateway do?
applies security when a TCP or UDP connection is established
What is a bastion host?
a host that sits outside of a DMZ
What is a back-to-back network?
a DMZ protected by firewalls from both internal and external attack
What are the three parts of a service leg DMZ?
the external DMZ network; the internal network; and the protected service leg DMZ
What is the primary disadvantage to a service leg DMZ?
it is more vulnerable to a DoS attack, since all traffic must go through a firewall
What is configuration management (CM)?
the process of identifying, monitoring, and maintaining control of the hardware and software of a system
Who authorizes all changes when configuration management is in effect?
a Configuration Control Board (CCB)
When assigning value to an asset, what two factors should be considered?
the criticality amount and its sensitivity level
What is a criticality amount?
the importance of an asset to an organization