800 Flashcards

1
Q

Layer 1 of the OSI Model

A

Application

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Layer 2 of the OSI Model

A

Presentation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Layer 3 of the OSI Model

A

Session

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Layer 4 of the OSI Model

A

Transport

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Layer 5 of the OSI Model

A

Network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Layer 6 of the OSI Model

A

Data Link

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Layer 7 of the OSI Model

A

Physical

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

A network database that contains a listing of all network resources - such as users - printers - groups - and so on.

A

directory

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

A network service that provides access to a central database of information - which contains detailed information about the resources available on a network.

A

directory service

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

A method of communication between wireless receivers.

A

direct-sequence (DS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

A communications technology that is used to communicate in the 802.11 standard. It accomplishes communication by adding the data that is to be transmitted to a higher-speed transmission

A

direct-sequence spread spectrum (DSSS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

The act of recovering data following a disaster that has destroyed the data.

A

disaster recovery

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

The procedure by which data is recovered after a disaster.

A

disaster recovery plan

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

A means of restricting access to objects based on the identity of subjects and/or groups to which they belong.

A

Discretionary Access Control (DAC)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Technology that keeps identical copies of data on two disks to prevent the loss of data if one disk faults.

A

disk mirroring

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Technology that enables writing data to multiple disks simultaneously in small portions called stripes.

A

disk striping

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

A fault-tolerance solution of writing data across a number of disks and recording the parity on another. In the event any one disk fails - the data on it can be recreated by looking at the remaining data and computing parity to figure out the missing data.

A

disk striping with parity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

A derivative of a DoS attack in which multiple hosts in multiple locations all focus on one target.

A

Distributed Denial of Service (DDoS) attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Any server that performs host name-to-IP address resolution.

A

DNS server

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

An area in the DNS hierarchy that is managed as a single unit.

A

DNS zone

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Within the Internet - this is a group of computers with shared traits and a common IP address set.

A

domain

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

The network service used in TCP/IP networks that translates host names to IP addresses.

A

Domain Name Service (DNS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

A host that resides on more than one network and posses more than one physical network card.

A

dual-homed host

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

A keyboard and monitor that send keystrokes to a central processing computer (typically a mainframe or minicomputer) that returns screen displays to the monitor. The unit has no processing power of its own.

A

dumb terminal

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Looking through trash for clues–often in the form of paper scraps–to users’ passwords and other pertinent information.

A

dumpster diving

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Two hard drives to which identical information is written simultaneously. A dedicated controller card controls each drive. Used for fault tolerance.

A

duplexed hard drives

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Two servers that are identical - for use in clustering.

A

duplicate servers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

A protocol used on a TCP/IP network to send client configuration data - including TCP/IP address - default gateway - subnet mask - and DNS configuration - to clients.

A

Dynamic Host Configuration Protocol (DHCP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

A type of firewall used to accept or reject packets based on their contents.

A

dynamic packet filtering

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

The use of route-discovery protocols to talk to other routers and find out what networks they are attached to. Routers that use dynamic routing send out special packets to request updates from the other routers on the network as well as to send their own updates.

A

dynamic routing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

A TCP/IP port used by an application when needed. The port isn’t constantly used.

A

dynamically allocated port

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

Any type of passive attack that intercepts data in an unauthorized manner–usually in order to find passwords.

A

eavesdropping

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

The interference that can occur during transmissions over copper cable because of electromagnetic energy outside the cable. The result is degradation of the signal.

A

electromagnetic interference (EMI)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

A type of public key cryptosystem that requires a shorter key length than many other cryptosystems (including the de facto industry standard - RSA).

A

Elliptic Curve Cryptosystem (ECC)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

A header used to provide a mix of security services in IPv4 and IPv6. ESP can be used alone or in combination with the IP Authentication Header (AH).

A

Encapsulating Security Payload (ESP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

The process of translating data into signals that can be transmitted on a transmission medium.

A

encoding

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

The process of converting data into a form that makes it less likely to be usable to anyone intercepting it if they can’t decrypt it.

A

encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

A string of alphanumeric characters used to decrypt encrypted data.

A

encryption key

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

The process of luring someone.

A

enticement

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

The process of encouraging an attacker to perform an act - even if they don’t want to do it.

A

entrapment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

An attempt to gain information about a network by specifically targeting network resources - users and groups - and applications running on the system.

A

enumeration

42
Q

The act of moving something up in priority. Often - when an incident is escalated - it’s brought to the attention of the next highest supervisor.

A

escalation

43
Q

A shared-media network architecture. It operates at the Physical and Data Link layers of the OSI model.

A

Ethernet

44
Q

A level of assurance - expressed as a numeric value - based on standards set by the CCRA (Common Criteria Recognition Agreement).

A

Evaluation Assurance Level (EAL)

45
Q

Any noticeable action or occurrence.

A

event

46
Q

A calculation of how much data (or other assets) could be lost from a single occurrence. If all the data on the network could be jeopardized by a single attack - the exposure factor is 100 percent.

A

exposure factor

47
Q

A threat that originates from outside the company.

A

external threat

48
Q

Web (or similar) services set up in a private network to be accessed internally and by select external entities - such as vendors and suppliers.

A

extranet

49
Q

Examining data leaving the network for signs of malicious traffic.

A

extrusion

50
Q

Programs that provide additional functionality to Web browsers.

A

Add-ons

51
Q

Part of the TCP/IP protocol for determining the MAC address based on the ip address.

A

Address Resolution Protocol (ARP)

52
Q

An attack that corrupts the ARP cache.

A

ARP poisoning

53
Q

Files that are coupled to e-mail messages.

A

Attachments

54
Q

An attack that occurs when a process attempts to store data in RAM beyond the boundaries of a fixed-length storage buffer.

A

Buffer Overflow

55
Q

An attack that targets vulnerabilities in client applications that interact with a compromised server or process malicious data.

A

Client-side Attack

56
Q

A file on a local computer in which a server stores user-specific information.

A

Cookie

57
Q

Injecting and executing commands to execute on a server.

A

Command Injection

58
Q

An attack that injects scripts into a Web application server to direct attacks at clients.

A

Cross-site Scripting (XSS)

59
Q

An attack that attempts to prevent a system from performing its normal functions.

A

Denial of Service (DoS)

60
Q

An attack that takes advantage of a vulnerability in the Web application program or the Web server software so that a user can move from the root directory to other restricted directories.

A

Directory Traversal

61
Q

An attack that uses multiple zombie computers (even hundreds or thousands) in a botnet to flood a device with requests.

A

Distributed Denial of Service (DDoS)

62
Q

An attack that substitututes DNS addresses so that the computer is automatically redirected to another device.

A

DNS Poisoning

63
Q

A hierarchical name system for matching computer names and numbers.

A

Domain Name System (DNS)

64
Q

A cookie that is created from the Web site that currently is being viewed.

A

First-party Cookie

65
Q

A cookie named after the Adobe Flash player.

A

Flash Cookie

66
Q

A list of the mappings of names to computer numbers.

A

Host Table

67
Q

Part of HTTP that is composed of fields that contain the different characteristics of the data that is being transmitted.

A

HTTP Header

68
Q

Modifying HTTP headers to create an attack.

A

HTTP header manipulaatioon

69
Q

An attack that intercepts legitimate communication and forges a fictitious response to the sender.

A

Man-in-the-Middle

70
Q

A cookie that is recorded on the hard drive of the computer and does not expire when the browser closes.

A

Persistent Cookie (tracking cookie)

71
Q

A utility that sends an ICMP (Internet Control Message Protocol) echo request message to a host.

A

Ping

72
Q

An attack that uses the Internet Control Message Protocol (ICMP) to flood a victim with packets.

A

Ping Flood

73
Q

An attack that exploits a vulnerability in software to gain access to resources that the user would normally be restricted from obtaining.

A

Privilege Escalation

74
Q

An attack that makes a copy of the transmission before sending it to the recipient.

A

Replay

75
Q

A cookie that is only used when a browser is visiting a server using a secure connection.

A

Secure Cookie

76
Q

A cookie that is stored in Random Access Memory (RAM) - instead of on the hard drive - and only lasts for the duration of visiting a Web site.

A

Session Cookie

77
Q

An attack in which an attacker attempts to impersonate the user by using his session token.

A

Session Hijacking

78
Q

A form of verification used when accessing a secure Web application.

A

Session Token

79
Q

An attack that broadcasts a ping request to all computers on the network yet changes the address from which the quest came to that of the target.

A

Smurf Attack

80
Q

Impersonating another computer or device.

A

Spoofing

81
Q

An attack that targets SQL servers by injecting commands to be manipulated by the database.

A

SQL Injection

82
Q

An attack that takes advantage of the procedures for initiating a TCP session.

A

SYN Flood Attack

83
Q

A cookie that was created by a third party that is different from the primary Web site.

A

Third-Party Cookies

84
Q

An attack involving using a third party to gain access rights.

A

Transitive Access

85
Q

A markup language that is designed to carry data instead of indicating how to display it.

A

XML (Extensible Markup Language)

86
Q

An attack that injects XML tags and data into a database.

A

XML Injection

87
Q

Attacks that exploit previously unknown vulnerabilities

A

Zero Day Attacks

88
Q

What are the three vulnerability control types?

A

Technical - Management and Operational

89
Q

What are the three primary functions of controls?

A

Preventative - detective and corrective

90
Q

The National Institue of Standards and Technology

A

NIST

91
Q

Information Technology Laboratory

A

ITL

92
Q

Uses technology to reduce vulnerabilities.

A

Technical Control

93
Q

Specifies that individuals or processes are granted only rights and permissions needed to perform their assigned tasks or functions - but no more

A

Least Privelege

94
Q

Provides protection against infection from malicious software and viruses

A

Antivirus software

95
Q

Monitors a network or host for intrusions and provides ongoing protection against various threats

A

Intrusion Detection Systems (IDSs)

96
Q

Restricts network traffic going in and out of a network

A

Firewall

97
Q

Use planning and assessment methods to provide an ongoing review of the organization’s ability to reduce and manage risk.

A

Management Controls

98
Q

Helps quantify and qualify risks within an organization so that they can focus on serious risks.

A

Risk assessments

99
Q

Attempts to discover current vulnerabilities

A

Vulnerability assessments

100
Q

Helps ensure that day-to-day operations of an organization comply with their overall security plan

A

Operational Controls