Chapter 1 Vocabulary

Question 1

Integrity

Answer 1

Consistency, accuracy, and validity of data or information.

Question 2

Availability

Answer 2

A resource being accessible to a user, application, or computer system when required (Accidental, Natural Disasters, Deliberate, etc.)

Question 3

Risk Management

Answer 3

Process of identifying, assessing, and prioritizing threats and risk.

Question 4

Risk

Answer 4

Probability that an event will occur.

Question 5

Threat

Answer 5

Action or occurrence that could result in breach, outage, or corruption of a system by exploiting known or unknown vulnerabilities.

Question 6

Risk Assessment

Answer 6

Used to identify risks that may impact an environment.

Question 7

Risk Avoidance

Answer 7

The process of eliminating a risk by choosing not to engage in an action or activity.

Question 8

Risk Acceptance

Answer 8

The act of identifying and then making an informed decision to accept the likelihood and impact of a specific risk.

Question 9

Risk Mitigation

Answer 9

Taking steps to reduce likelihood or impact of risk.

Question 10

Risk Transfer

Answer 10

Taking steps to move responsibility for a risk to a third party through insurance or outsourcing.

Question 11

Principle of Least Privilege

Answer 11

Security discipline that requires that a particular user, system, or application be given no more privilege than necessary to perform a function or job.

Question 12

Attack Surface

Answer 12

Consists of the set of methods and avenues an attacker can use to enter a system and potentially cause damage.

Question 13

Social engineering

Answer 13

Methods used to gain access to data systems, or networks, primarily through misrepresentation.

Question 14

Access Control

Answer 14

Restricting access to a resource to only permitted users, applications, or computer systems.

Question 15

Defense in Depth

Answer 15

Using multiple one layers of security to defend one’s assets.

Question 16

Mobile Devices

Answer 16

Laptops, PDAs, and smartphones are used to process information; send and receive mail, store enormous amounts of data, surf the Internet, and interact remotely with interns, networks and systems.

Question 17

Removable Devices

Answer 17

Storage device that is designed to be taken out if a computer without turning the computer off.

Question 18

Flash Drive

Answer 18

Small drive based on a flash memory.

Question 19

Keylogger

Answer 19

Physical or logical device used to capture keystrokes.

Question 20

Confidentiality

Answer 20

Characteristic of a resource ensuring access is restricted to only permitted users, applications, or computer systems (Public, Confidential, Strictly Confidential / Privileged, Unclassified, Restricted, etc.)