Ch.4 Flashcards
a paper or electronic record of individuals who have permission to enter a secure area, the time that they entered, and the time they left the area
access list
subtypes of security controls, classified as deterrent, preventive, detective, compensation, or corrective
activity phase controls
process for developing and ensuring that policies and procedures are carried out, specifying actions that users may do, must do, or cannot do
administrative control
an audible sound to warn a guard of an intruder
alarm
software that helps prevent computers from becoming infected by different types of spyware
antispyware
software that can examine a computer for any infections as well as monitor computer activity and scan new documents that might contain a virus
antivirus (AV)
a structure designed to block the passage of traffic
barricade
spam filtering software that analyzes every word in an email and determines how frequently a word occurs in order to determine if it is spam
Bayesian filtering
a collection of data sets so large and complex that it becomes difficult to process using on-hand database management tools or traditional data processing applications
big data
permitting everything unless it appears on the list; a list of nonapproved senders
blacklist
a device that can be inserted into the security slot of a portable device and rotated so that the cable lock is secured to the device to prevent it from being stolen
cable lock
having the client web browser perform all validations and error recovery procedures
client-side validation
video cameras and receivers used for surveillance in areas that require security monitoring
closed circuit television (CCTV)
control that provides an alternative to normal controls that for some reason cannot be used
compensating control
control that is intended to mitigate or lessen the damage caused by an incident
corrective control
an attack that uses the user’s web browser settings to impersonate the user
cross-site request forgery (XSRF)
data that is stored on electronic media
data at-rest
data that is in transit across a network, such as an email sent across the internet
data in-transit
a stat of data in which actions upon it are being performed by “endpoint devices” such as printers
data in-use
a system that can identify critical data, monitor how it is being accessed, and protect it from unauthorized users
data loss prevention (DLP)
a door lock that extends a solid metal bar into the door frame for extra security
deadbolt lock
detective control
a control that is designed to identify any threat that has reached the system
deterrent control
a control that attempts to discourage security violations before they occur
embedded system
a computer system with a dedicated function within a larger electrical or mechanical system
errors
faults in program that occur while the application is running. also called EXCEPTIONS
exceptions
faults in program that occur while application is running. also called ERRORS
fencing
securing a restricted area by erecting a barrier
firewall
hardware or software that is designed to prevent malicious packets from entering or leaving computers. also called PACKET FILTER
fuzz testing (fuzzing)
a software testing technique that deliberately provides invalid, unexpected, or random data as inputs to a computer program
guard
a human who is an active security element
host-based application firewall
a firewall that runs as a program on local system
hotfix
software that addresses a specific customer situation and often may not be distributed outside that customer’s organization
input validation
verifying a user’s input to an application
lighting
lights that illuminate an area so that it can be viewed after dark
locking cabinet
a ruggedized steel box with a lock
mainframe
a very large computing system that has significant processing capabilities
mantrap
a device that monitors and controls two interlocking doors to a small room (a vestibule), designed to separate secure and nonsecure areas
motion detection
determining an object’s change in position in relation to its surroundings
NoSQL
a nonrelational database that is better tuned for accessing large data sets
NoSQL databases vs. SQL databases
an argument regarding which database technology is superior. also called SQL vs. NoSQL
OS hardening
tightening security during the design and coding of the OS
packet filter
hardware or softwAre that is designed to prevent malicious packets from entering or leaving computers. Also called FIREWALL
patch
a general software security update intended to cover vulnerabilities that have been discovered
popup blocker
either a program or a feature incorporated within a browser that stops popup advertisements from appearing
preventive controls
a control that attempts to prevent the threat from coming in and reaching contact with the vulnerability
protected distribution system (PDS)
a system of cable conduits that is used to protect classified information being transmitted between two secure areas
a device that detects an emitted signal in order to identify the owner
proximity reader
a ruggedized steel box with a lock
safe
large-scale, industrial-control systems
Can be found in military installations, oil pipeline control systems, manufacturing environments, and nuclear power plants
SCADA (supervisory control and data acquisition)
any device or process that is used to reduce risk
security control
a document or series of documents that clearly defines the defense mechanisms an organization will employ to keep information secure
security policy
having the server perform all validations and error recovery precedures
server-side validation
software that is a cumulative package of all security updates plus additional features
service pack
a written placard that explains a warning, such as notice that an area is restricted
sign
a cell phone with an operating system that allows it to run third-party applications (apps)
smartphone
an argument regarding which database technology is better. also called NoSQL DATABASES vs. SQL DATABASES
SQL vs NoSQL
devices in which additional hardware cannot easily be added or attached
static environment
security controls that are carried out or managed by devices
technical controls
an operating system that has been designed through OS hardening
trusted OS
monitoring activity that is captured by a video camera
video surveillance
permitting nothing unless it appears on the list
whitelist
a substitute for a regular function that is used in testing
wrapper function
What type of controls are the processes for developing and ensuring that policies and procedures are carried out?
a. technical controls
b. active controls
c. administrative controls
d. policy controls
c
Which of the following is NOT an activity phase control?
a. compensating control
b. detective control
c. resource control
d. deterrent control
c
Which of the following is NOT designed to prevent individuals from entering sensitive areas but instead is instead is intended to direct traffic flow?
a. barricade
b. fencing
c. roller barrier
d. type V controls
a
Which of the following is NOT a motion detection method?
a. radio frequency
b. moisture
c. magnetism
d. infrared
b
The residential lock most often used for keeping out intruders is the _______.
a. encrypted key lock
b. privacy lock
c. passage lock
d. keyed entry lock
d
A lock that extends a solid metal bar into the door frame for extra security is the ______.
a. triple bar lock
b. deadman’s lock
c. full bar lock
d. deadbolt lock
d
Which statement about a mantrap is true?
a. it is illegal in the U.S.
b. it monitors and controls two interlocking doors to a room
c. it is a special keyed lock
d. it requires the use of a cipher lock
b
Which of the following cannot be used along with fencing as a security perimeter?
a. vapor barrier
b. rotating spikes
c. roller barrier
d. anticlimb paint
a
A ______ can be used to secure a mobile device.
a. mobile connector
b. cable lock
c. mobile chain
d. security tab
b
Which of the following is NOT a characteristic of an alarmed carrier PDS?
a. periodic visual inspections
b. continuous monitoring
c. carrier can be hidden below a floor
d. eliminates the need to seal connections
a
Which is the first step in securing an operating system?
a. develop the security policy
b. implement patch management
c. configure operating system security and settings
d. perform host software baselining
a
Atypical configuration baseline would include each of the following EXCEPT _______.
a. changing any default settings that are insecure
b. eliminating any unnecessary software
c. enabling operating system security features
d. performing a security risk assessment
d
Which of the following is NOT a Microsoft Windows settings that can be configured through a security template?
a. account policies
b. user rights
c. keyboard mapping
d. system services
c
______ allows for a single configuration to be set and then deployed to many or all users.
a. active directory
b. group policy
c. snap-in replication (SIR)
d. command configuration
b
A ____ addresses a specific customer situation and often may not be distributed outside that customer’s organization.
a. rollup
b. service pack
c. patch
d. hotfix
d
Which of the following is NOT an advantage to an automated patch update service?
a. Administrators can approve or decline updates for client systems, force updates to install by a specific date, and obtain reports on what updates each computer needs.
b. Downloading patches from a local server instead of using the vendor’s online update service can save bandwidth and time because each computer does not have to connect to an external server
c. Users can disable or circumvent updates just as they can if their computer is configured to use the vendor’s online update service
d. Specific types of updates that the organization does not test, such as hotfixes, can be automatically installed whenever they become available
c
Which of these is NOT a state of data that DLP examines?
a. data in-use
b. data in -process
c. data in-transit
d. data at-rest
b
How does heuristic detection detect a virus?
a. a virtualized environment is created and the code is executed in it
b. a string of bytes from the virus is compared against the suspected file
c. the bytes of a virus are placed in different “piles” and then used to create a profile
d. the virus signature file is placed in a suspended chamber before streaming to the CPU
a
Which of these is a list of approved email senders?
a. blacklist
b. whitelist
c. greylist
d. greenlist
b
Which statement about data loss prevention (DLP) is NOT true?
a. it can only protect data while it is on the user’s personal computer
b. it can scan data on a DVD
c. it can read inside compressed files
d. a policy violation can generate a report or block he data
a
