400 Flashcards

1
Q

Anything that occurs after the fact - such as an audit or review

A

postmortem

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Controls intended to prevent attacks or intrusions

A

preventive controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

A state of security in which information isn’t seen by unauthorized parties without the express permission of the party involved

A

privacy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Screens that restrict viewing of monitors to only those sitting in front of them

A

privacy filters

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

A cloud delivery model owned and managed internally

A

private cloud

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

An asymmetric encryption technology in which both the sender and the receiver have different keys

A

private key

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

The result when a user obtains access to a resource they wouldn’t

A

privilege escalation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

The likelihood of something occurring

A

probability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

A mode wherein a network interface card (NIC) intercepts all traffic crossing the network wire and not just the traffic intended for it

A

promiscuous mode

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

A network in which physical network security has been substituted for encryption security

A

protected distribution system (PDS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

An authentication protocol that replaces LEAP and for which there is native support in Windows

A

Protected Extensible Authentication Protocol (PEAP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

A software and hardware troubleshooting tool that is used to decode protocol information to try to determine the source of a network problem and to establish baselines

A

protocol analyzer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Cards that can be read by being near a reader

A

proximity cards

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Readers capable of working with proximity cards

A

proximity readers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

A type of system that prevents direct communication between a client and a host by acting as an intermediarty

A

proxy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

A proxy server that also acts as a firewall - blocking network access from external networks

A

proxy firewall

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

A type of server that makes a single Internet connection and services requests on behalf of many users

A

proxy server

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Cameras that can pan - tilt - and zoom

A

PTZ

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

A cloud delivery model available to others

A

public cloud

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

A technology that facilitates encryption using two keys—a public key and a private key- to facilitate communication

A

public key

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

A set of voluntary standards created by RSA security and industry leaders

A

Public-Key Cryptography Standards (PKCS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

A two-key encryption system wherein messages are encrypted with a private key and decrypted with a public key

A

public-key infrastructure (PKI)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

The Internet Engineering Task Force (IETF) working group developing standards and models for the Public Key Infrastructure (PKI) environment

A

Public-Key Infrastructure X.509 (PKIX)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

A collection of technologies that provide the ability to balance network traffic and prioritize workloads

A

QoS (quality of service)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Used in risk management - it involves measuring the quality of something (as opposed to the quantity)

A

qualitative

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Numerically measuring the quantity of something (as opposed to the quality)

A

quantitative

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Cryptography based on changing the polarity of a photon

A

quantum cryptography

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

The byproduct of electrical processes - similar to electromagnetic interference

A

radio frequency interference (RFI

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

A table of hashed phrases/words that can be used in a password attack

A

rainbow table

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Software that demands payment before restoring the data or system infected

A

ransomware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Within business continuity planning - this is the point of maximum tolerable loss for a system due to a major incident

A

recovery point objective (RPO)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

The maximum amount of time that a process or service is allowed to be down and the consequences still to be considered acceptable

A

recovery time objective (RTO)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

A configuration of multiple hard disks used to provide fault tolerance should a disk fail

A

Redundant Array of Independent Disks (RAID)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

An organization that offloads some of the work from a certificate authority (CA)

A

registration authority (RA)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

A database technology that allows data to be viewed in dynamic way based on the users or administrators needs

A

relational database

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

A computer that has one or more connections installed to enable remote connections to the network

A

Remote Access Services (RAS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

A networking protocol that allows authentication of dial-in and other network connections

A

Remote Authentication Dial-In User Service (RADIUS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

A protocol used to allow remote desktop connections

A

Remote Desktop Protocol (RDP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

A programming interface that allows a remote computer to run programs on a local machine

A

Remote Procedure Call (RPC)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

The process of sending a command to remotely clear data

A

remote wipe

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

An attack that captures portions of a session to play back later to convince a host that it is still talking to the original connection

A

replay attack

42
Q

A database or database server where the certificates are stored

A

repository

43
Q

A document-creation process and a set of practices that originated in 1969 and is used for proposed changes to internet standards

A

Request for Comments (RFC)

44
Q

Information that isn’t made available to all and to which access is granted based on some criteria

A

restricted information

45
Q

A virus that attacks or bypasses the antivirus software installed on a computer

A

retrovirus

46
Q

A strategy of dealing with risk in which it is decided the best approach is simply to accept that the risk exists

A

risk acceptance

47
Q

An evaluation of each risk that can be identified

A

risk analysis

48
Q

An evaluation of how much risk you and your organization are willing to take

A

risk assessment

49
Q

A strategy of dealing with risk in which it is decided that the best approach is to avoid the risk

A

risk avoidance

50
Q

The process of calculating the risks that exist

A

risk calculation

51
Q

A strategy of dealing with risk in which it is decided that the best approach is to discourage potential attackers from engaging in the behavior that leads to the risk

A

risk deterrence

52
Q

A strategy of dealing with risk in which it is decided that the best approach is too lessen the risk

A

risk mitigation

53
Q

A strategy of dealing with risk in which it is decided that the best approach is to offload some of the risk

A

risk transference

54
Q

An unauthorized wireless access point on a network

A

rogue access points

55
Q

A form of malware that tries to convince the user to pay for a fake threat

A

rogueware

56
Q

A type of control wherein the levels of security closely follow the structure of an organization

A

Role-Based Access Control (RBAC)

57
Q

Software program that has the ability to obtain root-level access and hide certain things from the operating system

A

rootkit

58
Q

A device that connects two or more networks and allows packets to be transmitted and received between them

A

router

59
Q

The current Microsoft server service for Windows-based clients that offers the ability to connect to remote systems

A

Routing and Remote Access Services (RRAS)

60
Q

One of the providers of cryptography systems to industry and government

A

RSA

61
Q

Access control method that uses the settings in preconfigured security policies to make all decisions

A

Rule-Based Access Control (RBAC)

62
Q

A separate network set up to appear as a server to the main organizational network

A

SAN (storage area network)

63
Q

Isolating applications to keep users of them from venturing to other data

A

sandboxing

64
Q

Software that tries to convince unsuspecting users that a threat exists

A

scareware

65
Q

The section of a guideline that provides an overview and statement of the guidelines intent

A

scope and purpose

66
Q

The portion of the policy outlining what it intends to accomplish and which documents - laws - and practices the policy addresses

A

scope statement

67
Q

A replacement for FTP that allows secure copying of files from one host to another

A

Secure Copy (SCP)

68
Q

A protocol developed by Visa and MasterCard for secure credit card transactions

A

Secure Electronic Transaction (SET)

69
Q

A one-way hash algorithm designed to ensure the integrity of a message

A

Secure Hash Algorithm (SHA)

70
Q

A protocol used for secure communications between a web server and a web browser

A

Secure Hypertext Transport Protocol (S-HTTP)

71
Q

A protocol used for secure communications between email servers

A

Secure Multipurpose Internet Mail Extensions (S/MIME)

72
Q

A replacement for rlogin in Unix/Linux that includes security

A

Secure Shell (SSH)

73
Q

A protocol that secures messages by operating between the Application layer(HTTP) and the Transport layer

A

Secure Sockets Layer (SSL)

74
Q

Looking for weaknesses through interviews - examinations - and testing of systems

A

security control testing (SCT)

75
Q

Policies related to security

A

security policies

76
Q

A piece of data that contains the rights and access privileges of the token bearer as part of the token

A

security token

77
Q

A method of isolating a system from other systems or networks

A

security zone

78
Q

The IDS component that collects data from the data source and passes it to the analyzer for analysis

A

sensor

79
Q

Operating system updates from Microsoft

A

service pack

80
Q

An agreement that specifies performance requirements for a vendor

A

service-level agreement (SLA)

81
Q

Protective coating around wiring often intended to protect it from interference

A

shielding

82
Q

Watching someone when they enter their username - password - or sensitive data

A

shoulder surfing

83
Q

The process of ignoring an attack

A

shunning

84
Q

A system that acts based on the digital signature it sees

A

signature-based system

85
Q

A protocol for sending email between SMTP servers

A

Simple Mail Transfer Protocol (SMTP)

86
Q

The management protocol created for sending information about the health of the network-to-network management consoles

A

Simple Network Management Protocol (SNMP)

87
Q

The cost of a single loss when it occurs

A

single loss expectancy (SLE)

88
Q

A weakness that brings a system down

A

single point of failure (SPOF)

89
Q

A relationship between the client and the network wherein the client is allowed to log on one time - and all resource access is based on that logon (as opposed to needing to log on to each individual server to access the resources there)

A

single sign-on (SSO)

90
Q

Authentication based on a single factor (a password - for example)

A

single-factor authentication (SFA)

91
Q

A database model in which the database and the application exist on a single system

A

single-tier environment

92
Q

A generic site survey involves listening in on an existing wireless network using commercially available technologies

A

site survey

93
Q

A physical card used for access control and security purposes

A

smart card

94
Q

An attack in which large volumes of ICMP echo requests (pings) are broadcast to all other machines on the network and in which the source address of the broadcast system has been spoofed to appear as though it came from the target computer

A

smurf attack

95
Q

Image of a virtual machine at a moment in time

A

snapshot

96
Q

A physical device that listens in (sniffs) on network traffic and looks for items it can make sense of

A

sniffer

97
Q

Analyzing data to look for passwords and anything else of value

A

sniffing

98
Q

An attack that uses others by deceiving them

A

social engineering

99
Q

A model of cloud computing in which the consumer can use the provider’s applications but they do not manage or control any of the underlying cloud infrastructure

A

Software as a Service (SaaS)

100
Q

Unwanted - unsolicited email sent in bulk

A

spam