Card #1 - 50 Flashcards
Grayware
not classified as viruses but can harm the performance of computers on your network
Cisco PIX
helps network security administrators and IT managers for bandwidth monitoring, and Firewall internet security events monitoring efficiently
Spamtrap
a DNS technique used by botnets to hide phising and malware delivery sites behind an ever-changing network of compromised hots acting as proxies
Non-repudiation
provides definitive proof of a sender’s identity and can be used to prevent a party from denying that they took a specific action
Authentication
proving the person is who they say they are
Data Recovery
salvaging data from damaged, failed, corrupted, or inaccessible secondary storage media the not CANNOT be accessed normally
Timing
process of verifying a user’s identity
Networking
science of writing in secret code and is an ancient art
Secret Key Cryptography (SKC)
use for privacy and confidentiality. One key for encryption and another for decryption
Botnets
number of hijacked Internet-connected devices, each of which runs one or more bots, remotely controlled by hackers
3 Factors of Authentication
- Something you know (username/password)
- Something you have (smart cards)
- Something you are (fingerprint, biometrics)
Data Warehouse
a duplicate of some or all of the main database’s data stored on a separate computer from the main database
Cold Site
least expensive type of backup site for an organization to operate
Risk mitigation controls to ensure employee safety
Emergency lighting, drills, escape plans
A denial service attack has occurred. Which questions should be answered during the incident identification phase?
What servers have been compromised?
AND
What is the impact to the business?
Public Key Cryptography
a pair of keys to encrypt and decrypt data to protect it against unauthorized access or use
Surge
a prolong increase in the voltage level
sandbox
a security mechanism for separating running programs
Authorization
a security system validates whether or not a user has permission to complete an action
Exception Handling
implements into application to respond more appropriately to errors and generate an error message when they occur.
Algorithm
a set of instructions normally implemented on a computer system as a procedure to manipulate data
Spim
spam sent over instant message
AAA
Authentication, Authorization, and Accounting
Access control
a security measure that defines who can access a computer, device, or network, when they can access it, and what actions they can take while accessing it
Access Creep
slow accumulation of unnecessary permissions, access rights, and outright privileges by individual users
Internal Employee
What causes most information security breaches
Active Response IDS
Automatically taking action in response to a detected intrusion
ActiveX
A Microsoft technology that allows reusable software components to interact with each other in networks. Popular with viruses, Trojan Horses, spyware, and other malicious code due to lack of security.
ActiveX controls
used to add Windows functionality and interactivity to web pages.
Address Resolution Protocol (ARP)
A protocol form the TCP/IP suite that is used to discover the MAC address of a destination IP address
Adware
Any software application that displays advertisement banners while the program’s running
Software that automatically displays or downloads advertising material (often unwanted) when a user is online
Alert
notification that a specific attack has been directed at the information system of an organization
Full Disk Encryption
Type of data encryption most often uses keys generated from the TPM
Public Key Infrastructure (PKI)
combination of software, encryption technologies, and services that enables entities to protect the security of their communications and business transactions on networks
TOTP (Time-based One-time Password Algorithm)
provides one-time password in an application that needs a two-factor authentication
Fingerprint
unique to all individuals
Integrity
implemented to verity that data has not been modified, tampered, or corrupted
What does the recipient need to decrypt the message?
the recipient’s private key
Anonymous access
user will be able to login without providing a password, or by using any email address as the password
Antivirus software
a class of programs that searches your hard drive and floppy disks for any known or potential viruses
Application and device control
protects the system’s resources form applications and manages the peripheral devices that can attach to computers
Application backdoor
hidden access that provides some level of control of the program
Application layer firewalls
Inspects traffic all the way up to layer 7 of the OSI model.
Armored Viruses
designed to be difficult to detect and remove
ARP spoofing
forging a MAC address in ARP messages
Asset identification
first step towards a secure organization. identifying what you need to protect
Asymmetric Key
algorithms are used to create a mathematically related key pair (a secret private key and a published public key
Attack
intentional act of attempting to bypass one or more computer security controls
Attributable data should be :
always traced to individuals responsible for observing and recovering the data
Audit Trail
a record showing who has accessed a computer system and what operations he or she has performed during a given period of time (for maintaining security and for recovering lost transactions)
