Study your flashcards anywhere!

Download the official Cram app for free >

  • Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off

How to study your flashcards.

Right/Left arrow keys: Navigate between flashcards.right arrow keyleft arrow key

Up/Down arrow keys: Flip the card between the front and back.down keyup key

H key: Show hint (3rd side).h key

A key: Read text to speech.a key


Play button


Play button




Click to flip

16 Cards in this Set

  • Front
  • Back

Regarding auditing (NIST standards), what is the process of exercising one or more assessment objects under specified conditions to compare actual and expected behaviors?


Regarding auditing (NIST standards), what is the process of checking, inspecting, reviewing, observing, studying or analyzing one or more assessment objects to facilitate understanding, achieve clarification, or obtain evidence?


Regarding auditing (NIST standards), what is the process of conducting discussions with individuals o groups within an organization to facilitate understanding, achieve clarification, or identify the location of evidence.


What is the difference between a vulnerability assessment and penetration testing?

VA - Done by admins

PT - Done by hired hackers

For Penetration testing, what are white, grey, and black box?

White: have full knowledge of network

Grey: limited knowledge (costs less than black box)

Black: no knowledge (hacker approach)

What are the 3 types of pentesting?

1. Physical Security
2. Operational Security
3. Electronic Security

What is NIST's 800-137 that includes:







CM - Continuous Monitoring

System Reboot

Emergency Reboot

Cold Start

System Reboot: System shuts itself down safely and restarts.
Emergency Reboot: System can't recover and basically restarts in "special or safe mode"
Cold Start: User intervention (manual reboot)

What is superzapping?

A utility to bypass access controls of an operating system. Administrators can use these for quick changes. Nothing is logged, so attackers can use them for malicious purposes.

What is it called when a packet is modified to have the same destination and origin address?

Denial Of Service

What is another name for a Browsing Attack?

Shoulder surfing

Juggernaut and Hunt are tools used for what kind of attack?

Session Hijacking

What is Kerckhoff's principle and why is it relevant?

The only secret portion to a cryptosystem should be the key so that the algorithms can be stronger

What is required for a secure Vernam cipher?

The pad must be used just one time

What are the RMF Steps?

Cat Sat On it's Assets All Morning...


How are Type 1 and Type 2 Hypervisors different? What is the industry standard?

Type 1 - standard, installed from scratch

Type 2: installed over Windows