Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
25 Cards in this Set
- Front
- Back
|
The principle of least privilege is effective in helping prevent security breaches. However, prevention works best when applied with what 2 things?
|
1. Response
2. Detection |
|
|
What is PCI-DSS?
|
Payment card Industry Data Security Standard
|
|
|
What is HIPAA?
|
Health Insurance Portability and Accountability Act
|
|
|
What is GLBA?
|
The Gramm–Leach–Bliley Act (GLB), also known as the Financial Services Modernization Act of 1999.
Under the GLB, financial institutions must provide their clients a privacy notice that explains what information the company gathers about the client, where this information is shared, and how the company safeguards that information. |
|
|
What is a Threat agent?
|
An entity that takes advantage of a vulnerability.
A Threat agent gives rise to a threat |
|
|
What 2 standard methods can an organization integrate to improve its security processes over a period of time?
|
1. Six Sigma
2. CMM or CMMI |
|
|
When properly installed, which type of card/badge reader is MOST tamper proof?
|
Proximity Reader
|
|
|
What is Polyinstantiation?
|
Allowing different versions of the same information item to exist at different classification levels.
|
|
|
The TCSEC defines 2 type of assurance. What are they?
|
1. Operational assurance
2. Life Cycle assurance |
|
|
Which is the following is considered the MOST secure for commercial business?
1. Confidential 2. Sensitive 3. Private |
1. Confidential
Confidential -> Private -> Sensitive -> Public |
|
|
Why are clipping level used?
|
To Reduce the amount of data to be evaluated.
|
|
|
What 3 things are required to successfully complete a crime?
|
1. Motive
2. Means 3. Opportunity |
|
|
What is the formula for "Total RISK"?
|
Threats x Vulnerability x Asset Value = Total RISK
|
|
|
What "security control" provides a method to insure that a transaction did or did not occur?
|
Nonrepudiation
|
|
|
Does "SYN Attack" use ICMP?
|
No.
Note: It is also called TCP SYN Attack. SYN Attack uses TCP. |
|
|
After a user logs on remotely (via telnet), OPIE will issue a challenge. What 2 elements will the challenge contain?
|
1. A seed number
2. A Sequence number |
|
|
Is "Prosecution" an element of BCP?
|
No
|
|
|
Penetration testing involves 3 steps. What are they?
|
1. Network reconnaissance
2. Network scanning 3. Network penetration |
|
|
What is SAM?
|
MS Security Accounts Manager
SAM is a database file in Windows XP, VISTA and WIndows7 that stores user's passwords. |
|
|
The ______ protocol converts IP addresses to MAC addresses.
|
ARP
|
|
|
Trin00 is an example of what attack?
|
DDOS
|
|
|
Can you use SSH with VPN?
|
YES
|
|
|
When compiling a risk Management report, what items should be included? Name 3 items.
|
1. Data sensitivity levels
2. Vulnerability levels 3. ALE calculations |
|
|
A user notices suspicious activity on a computer and suspects that it may have malware installed. What should be done first?
|
Update the Signatures
|
|
|
What is OCSP?
|
Online Certificate Status Protocol
The OCSP responder checks the SN and health of a certificate. |
