A

Question 1

Access

Answer 1

A subject’s ability to view, modify, or communicate with an object. Access enables the flow of information between the subject and the object.

Question 2

Access Control

Answer 2

Mechanisms, controls, and methods of limiting access to resources to authorized subjects only.

Question 3

Access Control List (ACL)

Answer 3

A list of subjects that are authorized to access a particular object. Typically, the types of access are read, write, execute, append, modify, delete, and create.

Question 4

Access Control Mechanism

Answer 4

Administrative, physical, or technical control that is designed to detect and prevent unauthorized access to a resource or environment.

Question 5

Accountability

Answer 5

A security principle indicating that individuals must be held responsible for their actions.

Question 6

Accredited

Answer 6

A computer system or network that has received official authorization and approval to process sensitive data in a specific operational environment. There must be a security evaluation of the system’s hardware, software, configurations, and controls by technical personnel.

Question 7

Add-on security

Answer 7

Security protection mechanisms that are hardware or software retrofitted to a system to increase that system’s protection level.

Question 8

Administrative controls

Answer 8

Security mechanisms that are management’s responsibility and referred to as “soft” controls. These controls include the development and publication of policies, standards, procedures, and guidelines; the screening of personnel; security-awareness training; the monitoring of system activity; and change control procedures.

Question 9

Aggregation

Answer 9

The act of combining information from separate sources of a lower classification level that results in the creation of information of a higher classification level, which the subject does not have the necessary rights to access.

Question 10

AIC/ CIA triad

Answer 10

The three security principles: availability, integrity, and confidentiality.

Question 11

Annualized loss expectancy (ALE)

Answer 11

A dollar amount that estimates the loss potential from a risk in a span of a year. ~~~~~ Single Loss Expectancy (SLE) x Annualized rate of occurrence (ARO) = ALE

Question 12

Antimalware

Answer 12

Software whose principal functions include the identification and mitigation of malware; also known as antivirus, although this term could be specific to only one type of malware.

Question 13

Annualized rate of occurrence (ARO)

Answer 13

The value that represents the estimated possibility of a specific threat taking place within a one-year timeframe.

Question 14

Assurance

Answer 14

A measurement of confidence in the level of protection that a specific security control delivers and the degree to which it enforces the security policy.

Question 15

Attack

Answer 15

An attempt to bypass security controls in a system with the mission of using that system or compromising it. An attack is usually accomplished by exploiting a current vulnerability.

Question 16

Audit trail

Answer 16

A chronological set of logs and records used to provide evidence of a system’s performance or activity that took place on the system. These logs and records can be used to attempt to reconstruct past events and track the activities that took place, and possibly detect and identify intruders.

Question 17

Authenticate

Answer 17

To verify the identity of a subject requesting the use of a system and/or access to network resources. The steps to giving a subject access to an object should be identification, authentication, and authorization.

Question 18

Authorization

Answer 18

Granting access to an object after the subject has been properly identified and authorized.

Question 19

Availability

Answer 19

The reliability and accessibility of data and resources to authorized individuals in a timely manner.